durfy/homelab-gitops
1
0
Fork 0
mirror of https://gitlab.durp.info/durfy/homelab/gitops.git synced 2026-05-08 08:21:19 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

update

Browse source
This commit is contained in:
DeveloperDurp 2026-03-28 12:09:41 -05:00
parent c38262a51b
commit e47f51426a
20 changed files with 365 additions and 669 deletions
Download patch file Download diff file Expand all files Collapse all files

31
dmz/internalproxy/templates/duplicati.yaml
View file

@ -1,32 +1,3 @@
apiVersion: v1
kind: Service
metadata:
name: duplicati
spec:
ports:
- name: app
port: 8200
protocol: TCP
targetPort: 8200
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: duplicati
subsets:
- addresses:
- ip: 192.168.21.200
ports:
- name: app
port: 8200
protocol: TCP
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
@ -43,7 +14,7 @@ spec:
namespace: traefik
kind: Rule
services:
- name: duplicati
- name: unraid
port: 8200
tls:
secretName: duplicati-tls

132
dmz/internalproxy/templates/endpoints.yaml
View file

@ -60,6 +60,58 @@ spec:
port: 8267
protocol: TCP
targetPort: 8267
- name: duplicati
port: 8200
protocol: TCP
targetPort: 8200
- name: forgejo
port: 3000
protocol: TCP
targetPort: 3000
- name: freshrss
port: 8085
protocol: TCP
targetPort: 8085
- name: gitlab-ssh
port: 9022
protocol: TCP
targetPort: 9022
- name: gitlab
port: 9443
protocol: TCP
targetPort: 9443
- name: minio
port: 9769
protocol: TCP
targetPort: 9769
- name: nextcloud
port: 11000
protocol: TCP
targetPort: 11000
- name: nexus
port: 8081
protocol: TCP
targetPort: 8081
- name: openweb-ui
port: 8089
protocol: TCP
targetPort: 8089
- name: plex
port: 32400
protocol: TCP
targetPort: 32400
- name: registry
port: 5000
protocol: TCP
targetPort: 5000
- name: root-vault
port: 8201
protocol: TCP
targetPort: 8201
- name: s3
port: 9768
protocol: TCP
targetPort: 9768
---
@ -77,3 +129,83 @@ subsets:
- name: tdarr
port: 8267
protocol: TCP
- name: duplicati
port: 8200
protocol: TCP
- name: forgejo
port: 3000
protocol: TCP
- name: freshrss
port: 8085
protocol: TCP
- name: gitlab-ssh
port: 9022
protocol: TCP
- name: gitlab
port: 9443
protocol: TCP
- name: minio
port: 9769
protocol: TCP
- name: nextcloud
port: 11000
protocol: TCP
- name: nexus
port: 8081
protocol: TCP
- name: openweb-ui
port: 8089
protocol: TCP
- name: plex
port: 32400
protocol: TCP
- name: registry
port: 5000
protocol: TCP
- name: root-vault
port: 8201
protocol: TCP
- name: s3
port: 9768
protocol: TCP
---
apiVersion: v1
kind: Endpoints
metadata:
name: ubuntu
subsets:
- addresses:
- ip: 192.168.20.104
ports:
- name: https
port: 443
protocol: TCP
- name: litellm
port: 4000
protocol: TCP
- name: ollama
port: 11435
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
name: ubuntu
spec:
ports:
- name: https
port: 443
protocol: TCP
targetPort: 443
- name: litellm
port: 4000
protocol: TCP
targetPort: 4000
- name: ollama
port: 11435
protocol: TCP
targetPort: 11435

31
dmz/internalproxy/templates/forgejo.yaml
View file

@ -1,32 +1,3 @@
apiVersion: v1
kind: Service
metadata:
name: forgejo
spec:
ports:
- name: app
port: 3000
protocol: TCP
targetPort: 3000
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: forgejo
subsets:
- addresses:
- ip: 192.168.21.200
ports:
- name: app
port: 3000
protocol: TCP
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
@ -38,7 +9,7 @@ spec:
- match: Host(`forgejo.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: forgejo
- name: unraid
port: 3000
scheme: http
tls:

32
dmz/internalproxy/templates/freshrss.yaml
View file

@ -1,33 +1,3 @@
apiVersion: v1
kind: Service
metadata:
name: freshrss
spec:
ports:
- name: app
port: 8085
protocol: TCP
targetPort: 8085
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: freshrss
subsets:
- addresses:
- ip: 192.168.21.200
ports:
- name: app
port: 8085
protocol: TCP
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
@ -39,7 +9,7 @@ spec:
- match: Host(`freshrss.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: freshrss
- name: unraid
port: 8085
tls:
secretName: freshrss-tls

85
dmz/internalproxy/templates/gitlab.yaml
View file

@ -1,30 +1,30 @@
apiVersion: v1
kind: Service
metadata:
name: gitlab-ssh
spec:
ports:
- name: app
port: 9022
protocol: TCP
targetPort: 9022
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: gitlab-ssh
subsets:
- addresses:
- ip: 192.168.21.200
ports:
- name: app
port: 9022
protocol: TCP
---
#apiVersion: v1
#kind: Service
#metadata:
# name: gitlab-ssh
#spec:
# ports:
# - name: app
# port: 9022
# protocol: TCP
# targetPort: 9022
# clusterIP: None
# type: ClusterIP
#
#---
#apiVersion: v1
#kind: Endpoints
#metadata:
# name: gitlab-ssh
#subsets:
# - addresses:
# - ip: 192.168.21.200
# ports:
# - name: app
# port: 9022
# protocol: TCP
#
#---
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
@ -35,36 +35,9 @@ spec:
routes:
- match: HostSNI(`*`)
services:
- name: gitlab-ssh
- name: unraid
port: 9022
---
apiVersion: v1
kind: Service
metadata:
name: gitlab
spec:
ports:
- name: app
port: 9443
protocol: TCP
targetPort: 9443
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: gitlab
subsets:
- addresses:
- ip: 192.168.21.200
ports:
- name: app
port: 9443
protocol: TCP
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
@ -77,7 +50,7 @@ spec:
- match: Host(`gitlab.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: gitlab
- name: unraid
port: 9443
scheme: https
tls:

149
dmz/internalproxy/templates/invidious.yaml
View file

@ -1,74 +1,75 @@
apiVersion: v1
kind: Service
metadata:
name: invidious
spec:
ports:
- name: app
port: 3000
protocol: TCP
targetPort: 3000
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: invidious
subsets:
- addresses:
- ip: 192.168.20.104
ports:
- name: app
port: 3000
protocol: TCP
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: invidious-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`invidious.durp.info`) && PathPrefix(`/`)
middlewares:
- name: authentik-proxy-provider
namespace: traefik
kind: Rule
services:
- name: invidious
port: 3000
tls:
secretName: invidious-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: invidious-tls
spec:
secretName: invidious-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "invidious.durp.info"
dnsNames:
- "invidious.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: invidious-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: invidious.durp.info
spec:
type: ExternalName
externalName: durp.info
#apiVersion: v1
#kind: Service
#metadata:
# name: invidious
#spec:
# ports:
# - name: app
# port: 3000
# protocol: TCP
# targetPort: 3000
# clusterIP: None
# type: ClusterIP
#
#---
#
#apiVersion: v1
#kind: Endpoints
#metadata:
# name: invidious
#subsets:
#- addresses:
# - ip: 192.168.20.104
# ports:
# - name: app
# port: 3000
# protocol: TCP
#
#---
#
#apiVersion: traefik.io/v1alpha1
#kind: IngressRoute
#metadata:
# name: invidious-ingress
#spec:
# entryPoints:
# - websecure
# routes:
# - match: Host(`invidious.durp.info`) && PathPrefix(`/`)
# middlewares:
# - name: authentik-proxy-provider
# namespace: traefik
# kind: Rule
# services:
# - name: invidious
# port: 3000
# tls:
# secretName: invidious-tls
#
#---
#
#apiVersion: cert-manager.io/v1
#kind: Certificate
#metadata:
# name: invidious-tls
#spec:
# secretName: invidious-tls
# issuerRef:
# name: letsencrypt-production
# kind: ClusterIssuer
# commonName: "invidious.durp.info"
# dnsNames:
# - "invidious.durp.info"
#
#---
#
#kind: Service
#apiVersion: v1
#metadata:
# name: invidious-external-dns
# annotations:
# external-dns.alpha.kubernetes.io/hostname: invidious.durp.info
#spec:
# type: ExternalName
# externalName: durp.info
#

31
dmz/internalproxy/templates/kasm.yaml
View file

@ -1,32 +1,3 @@
apiVersion: v1
kind: Service
metadata:
name: kasm
spec:
ports:
- name: app
port: 443
protocol: TCP
targetPort: 443
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: kasm
subsets:
- addresses:
- ip: 192.168.20.104
ports:
- name: app
port: 443
protocol: TCP
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
@ -38,7 +9,7 @@ spec:
- match: Host(`kasm.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: kasm
- name: ubuntu
port: 443
scheme: https
tls:

91
dmz/internalproxy/templates/kuma.yaml
View file

@ -1,45 +1,46 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: kuma-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`kuma.durp.info`) && PathPrefix(`/`)
kind: Rule
middlewares:
- name: authentik-proxy-provider
namespace: traefik
services:
- name: master-cluster
port: 443
tls:
secretName: kuma-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: kuma-tls
spec:
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
secretName: kuma-tls
commonName: "kuma.durp.info"
dnsNames:
- "kuma.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: kuma-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: kuma.durp.info
spec:
type: ExternalName
externalName: durp.info
#apiVersion: traefik.io/v1alpha1
#kind: IngressRoute
#metadata:
# name: kuma-ingress
#spec:
# entryPoints:
# - websecure
# routes:
# - match: Host(`kuma.durp.info`) && PathPrefix(`/`)
# kind: Rule
# middlewares:
# - name: authentik-proxy-provider
# namespace: traefik
# services:
# - name: master-cluster
# port: 443
# tls:
# secretName: kuma-tls
#
#---
#
#apiVersion: cert-manager.io/v1
#kind: Certificate
#metadata:
# name: kuma-tls
#spec:
# issuerRef:
# name: letsencrypt-production
# kind: ClusterIssuer
# secretName: kuma-tls
# commonName: "kuma.durp.info"
# dnsNames:
# - "kuma.durp.info"
#
#---
#
#kind: Service
#apiVersion: v1
#metadata:
# name: kuma-external-dns
# annotations:
# external-dns.alpha.kubernetes.io/hostname: kuma.durp.info
#spec:
# type: ExternalName
# externalName: durp.info
#

31
dmz/internalproxy/templates/litellm.yaml
View file

@ -1,32 +1,3 @@
apiVersion: v1
kind: Service
metadata:
name: litellm
spec:
ports:
- name: app
port: 4000
protocol: TCP
targetPort: 4000
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: litellm
subsets:
- addresses:
- ip: 192.168.20.104
ports:
- name: app
port: 4000
protocol: TCP
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
@ -38,7 +9,7 @@ spec:
- match: Host(`litellm.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: litellm
- name: ubuntu
port: 4000
tls:
secretName: litellm-tls

31
dmz/internalproxy/templates/minio.yaml
View file

@ -1,32 +1,3 @@
apiVersion: v1
kind: Service
metadata:
name: minio
spec:
ports:
- name: app
port: 9769
protocol: TCP
targetPort: 9769
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: minio
subsets:
- addresses:
- ip: 192.168.21.200
ports:
- name: app
port: 9769
protocol: TCP
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
@ -41,7 +12,7 @@ spec:
namespace: traefik
kind: Rule
services:
- name: minio
- name: unraid
port: 9769
scheme: http
tls:

29
dmz/internalproxy/templates/nextcloud.yaml
View file

@ -1,30 +1,3 @@
apiVersion: v1
kind: Service
metadata:
name: nextcloud
spec:
ports:
- name: app
port: 11000
protocol: TCP
targetPort: 11000
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: nextcloud
subsets:
- addresses:
- ip: 192.168.21.200
ports:
- name: app
port: 11000
protocol: TCP
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
@ -38,7 +11,7 @@ spec:
middlewares:
- name: nextcloud-chain
services:
- name: nextcloud
- name: unraid
port: 11000
scheme: http
tls:

31
dmz/internalproxy/templates/nexus.yaml
View file

@ -1,32 +1,3 @@
apiVersion: v1
kind: Service
metadata:
name: nexus
spec:
ports:
- name: app
port: 8081
protocol: TCP
targetPort: 8081
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: nexus
subsets:
- addresses:
- ip: 192.168.21.200
ports:
- name: app
port: 8081
protocol: TCP
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
@ -38,7 +9,7 @@ spec:
- match: Host(`nexus.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: nexus
- name: unraid
port: 8081
tls:
secretName: nexus-tls

35
dmz/internalproxy/templates/ollama.yaml
View file

@ -15,7 +15,6 @@ spec:
property: users
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
@ -26,36 +25,6 @@ spec:
secret: ollama-secret
---
apiVersion: v1
kind: Service
metadata:
name: ollama
spec:
ports:
- name: app
port: 11435
protocol: TCP
targetPort: 11435
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: ollama
subsets:
- addresses:
- ip: 192.168.20.104
ports:
- name: app
port: 11435
protocol: TCP
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
@ -69,13 +38,12 @@ spec:
- name: ollama-basic-auth
kind: Rule
services:
- name: ollama
- name: unraid
port: 11435
tls:
secretName: ollama-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
@ -90,7 +58,6 @@ spec:
- "ollama.durp.info"
---
kind: Service
apiVersion: v1
metadata:

33
dmz/internalproxy/templates/open-webui.yaml
View file

@ -1,32 +1,3 @@
apiVersion: v1
kind: Service
metadata:
name: open-webui
spec:
ports:
- name: app
port: 8089
protocol: TCP
targetPort: 8089
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: open-webui
subsets:
- addresses:
- ip: 192.168.21.200
ports:
- name: app
port: 8089
protocol: TCP
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
@ -38,14 +9,13 @@ spec:
- match: Host(`open-webui.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: open-webui
- name: unraid
port: 8089
scheme: http
tls:
secretName: open-webui-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
@ -60,7 +30,6 @@ spec:
- "open-webui.durp.info"
---
kind: Service
apiVersion: v1
metadata:

33
dmz/internalproxy/templates/plex.yaml
View file

@ -1,32 +1,3 @@
apiVersion: v1
kind: Service
metadata:
name: plex
spec:
ports:
- name: app
port: 32400
protocol: TCP
targetPort: 32400
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: plex
subsets:
- addresses:
- ip: 192.168.21.200
ports:
- name: app
port: 32400
protocol: TCP
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
@ -38,14 +9,13 @@ spec:
- match: Host(`plex.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: plex
- name: unraid
port: 32400
scheme: https
tls:
secretName: plex-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
@ -60,7 +30,6 @@ spec:
- "plex.durp.info"
---
kind: Service
apiVersion: v1
metadata:

6
dmz/internalproxy/templates/portainer.yaml
View file

@ -7,9 +7,9 @@ spec:
- websecure
routes:
- match: Host(`portainer.internal.durp.info`) && PathPrefix(`/`)
#middlewares:
#- name: whitelist
# namespace: traefik
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: infra-cluster

29
dmz/internalproxy/templates/registry.yaml
View file

@ -1,30 +1,3 @@
apiVersion: v1
kind: Service
metadata:
name: registry
spec:
ports:
- name: app
port: 5000
protocol: TCP
targetPort: 5000
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: registry
subsets:
- addresses:
- ip: 192.168.21.200
ports:
- name: app
port: 5000
protocol: TCP
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
@ -39,7 +12,7 @@ spec:
- name: whitelist
namespace: traefik
services:
- name: registry
- name: unraid
port: 5000
tls:
secretName: registry-tls

32
dmz/internalproxy/templates/root-vault.yaml
View file

@ -1,32 +1,3 @@
apiVersion: v1
kind: Service
metadata:
name: root-vault
spec:
ports:
- name: app
port: 8201
protocol: TCP
targetPort: 8201
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: root-vault
subsets:
- addresses:
- ip: 192.168.21.200
ports:
- name: app
port: 8201
protocol: TCP
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
@ -41,14 +12,13 @@ spec:
namespace: traefik
kind: Rule
services:
- name: root-vault
- name: unraid
port: 8201
scheme: https
tls:
secretName: root-vault-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:

33
dmz/internalproxy/templates/s3.yaml
View file

@ -1,32 +1,3 @@
apiVersion: v1
kind: Service
metadata:
name: s3
spec:
ports:
- name: app
port: 9768
protocol: TCP
targetPort: 9768
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: s3
subsets:
- addresses:
- ip: 192.168.21.200
ports:
- name: app
port: 9768
protocol: TCP
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
@ -41,7 +12,7 @@ spec:
namespace: traefik
kind: Rule
services:
- name: s3
- name: unraid
port: 9768
scheme: http
tls:
@ -75,7 +46,7 @@ spec:
- match: Host(`s3.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: s3
- name: unraid
port: 9768
scheme: http
tls:

129
dmz/internalproxy/templates/semaphore.yaml
View file

@ -1,64 +1,65 @@
apiVersion: v1
kind: Service
metadata:
name: semaphore
spec:
ports:
- name: app
port: 3001
protocol: TCP
targetPort: 3001
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: semaphore
subsets:
- addresses:
- ip: 192.168.21.200
ports:
- name: app
port: 3001
protocol: TCP
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: semaphore-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`semaphore.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: semaphore
port: 3001
scheme: http
tls:
secretName: semaphore-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: semaphore-tls
spec:
secretName: semaphore-tls
issuerRef:
name: vault-issuer
kind: ClusterIssuer
commonName: "semaphore.internal.durp.info"
dnsNames:
- "semaphore.internal.durp.info"
#
#apiVersion: v1
#kind: Service
#metadata:
# name: semaphore
#spec:
# ports:
# - name: app
# port: 3001
# protocol: TCP
# targetPort: 3001
# clusterIP: None
# type: ClusterIP
#
#---
#
#apiVersion: v1
#kind: Endpoints
#metadata:
# name: semaphore
#subsets:
# - addresses:
# - ip: 192.168.21.200
# ports:
# - name: app
# port: 3001
# protocol: TCP
#
#---
#
#apiVersion: traefik.io/v1alpha1
#kind: IngressRoute
#metadata:
# name: semaphore-ingress
#spec:
# entryPoints:
# - websecure
# routes:
# - match: Host(`semaphore.internal.durp.info`) && PathPrefix(`/`)
# middlewares:
# - name: whitelist
# namespace: traefik
# kind: Rule
# services:
# - name: semaphore
# port: 3001
# scheme: http
# tls:
# secretName: semaphore-tls
#
#---
#
#apiVersion: cert-manager.io/v1
#kind: Certificate
#metadata:
# name: semaphore-tls
#spec:
# secretName: semaphore-tls
# issuerRef:
# name: vault-issuer
# kind: ClusterIssuer
# commonName: "semaphore.internal.durp.info"
# dnsNames:
# - "semaphore.internal.durp.info"
#