chore(varies): house keeping

.github/CODEOWNERS

@@ -1,2 +1,2 @@
-# https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
+# Ref: https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
 * @buroa

.github/workflows/publish-terraform.yaml

@@ -42,7 +42,7 @@ jobs:
           registry: ghcr.io
           username: "${{ github.actor }}"
           password: "${{ secrets.GITHUB_TOKEN }}"
-          # https://github.com/orgs/community/discussions/24636
+          # Ref: https://github.com/orgs/community/discussions/24636
           # username: "${{ secrets.BOT_APP_ID }}"
           # password: "${{ steps.app-token.outputs.token }}"
 

.taskfiles/VolSync/Taskfile.yaml

@@ -77,7 +77,7 @@ tasks:
         app: Application to snapshot (required)
     cmds:
       # # TODO: Only suspend when a arg is passed to the task
-      # # https://github.com/go-task/task/issues/608
+      # # Ref: https://github.com/go-task/task/issues/608
       # - task: .suspend
       #   vars: *env
       - kubectl -n {{.ns}} patch replicationsources/{{.rs}} --type merge -p '{"spec":{"trigger":{"manual":"{{.ts}}"}}}'

README.md

@@ -93,19 +93,30 @@ Below is a a high level look at the layout of how my directory structure with Fl
 
 ```mermaid
 graph TD;
-  id1>Kustomization: cluster] --> |Creates| id2>Kustomization: cluster-apps];
-  id2>Kustomization: cluster-apps] --> |Creates| id3>Kustomization: cluster-apps-cloudnative-pg];
-  id2>Kustomization: cluster-apps] --> |Creates| id6>Kustomization: cluster-apps-lldap]
-  id2>Kustomization: cluster-apps] --> |Creates| id8>Kustomization: cluster-apps-authelia]
-  id2>Kustomization: cluster-apps] --> |Creates| id5>Kustomization: cluster-apps-cloudnative-pg-cluster]
-  id3 --> |Creates| id4(HelmRelease: postgres);
-  id5 --> |Depends on| id3;
-  id5 --> |Creates| id10(Cluster: Postgres);
-  id6 --> |Creates| id7(HelmRelease: lldap);
-  id6 --> |Depends on| id5;
-  id8 --> |Creates| id9(HelmRelease: authelia);
-  id8 --> |Depends on| id5;
-  id8 --> |Depends on| id6;
+  id1[Kustomization: cluster];
+  id2[Kustomization: cluster-apps];
+  id3[Kustomization: cluster-apps-cloudnative-pg];
+  id4[HelmRelease: postgres];
+  id5[Kustomization: cluster-apps-cloudnative-pg-cluster];
+  id6[Kustomization: cluster-apps-lldap];
+  id7[HelmRelease: lldap];
+  id8[Kustomization: cluster-apps-authelia];
+  id9[HelmRelease: authelia];
+  id10[Cluster: postgres];
+
+  id1 -->|Creates| id2;
+  id2 -->|Creates| id3;
+  id2 -->|Creates| id6;
+  id2 -->|Creates| id8;
+  id2 -->|Creates| id5;
+  id3 -->|Creates| id4;
+  id5 -->|Depends| id3;
+  id5 -->|Creates| id10;
+  id6 -->|Creates| id7;
+  id6 -->|Depends| id5;
+  id8 -->|Creates| id9;
+  id8 -->|Depends| id5;
+  id8 -->|Depends| id6;
 ```
 
 ### Networking
@@ -127,24 +138,6 @@ graph TD;
 
 ## 🌐 DNS
 
-<details>
-  <summary>Click to see my high level network diagram</summary>
-
-```mermaid
-graph TD;
-  id1>Client] --> id2>UDM Pro];
-  id2 --> id3>blocky];
-  id2 --> |fallback| id4>1.1.1.1];
-  id3 --> |ktwo.io| id5>k8s-gateway];
-  id3 --> |cluster.local| id6>coredns];
-  id3 --> |else| id7>blocklists];
-  id7 --> id4;
-  id5 --> id8>/etc/hosts];
-  id5 --> id9>Ingress];
-  id5 --> |else| id4;
-```
-</details>
-
 ### Internal DNS
 
 The UDM Pro resolves DNS queries via [blocky](https://github.com/0xERR0R/blocky), which provides first-hop DNS resolution for my network. `Blocky` forwards requests targeted towards my public domain via [k8s-gateway](https://github.com/ori-edge/k8s_gateway). Last-hop DNS resolution resolves via [1.1.1.1](https://1.1.1.1/dns/), which is configured as my primary DNS upstream provider. If for any reason `blocky` becomes unavailable, the UDM Pro is configured to fallback to `1.1.1.1` until blocky becomes available again.

Taskfile.yaml

@@ -2,7 +2,7 @@
 version: "3"
 
 # TODO: Clean up `--context` usage
-# https://github.com/go-task/task/issues/1038
+# Ref: https://github.com/go-task/task/issues/1038
 
 vars:
   KUBERNETES_DIR: "{{.ROOT_DIR}}/kubernetes"

kubernetes/apps/default/kromgo/app/helmrelease.yaml

@@ -36,7 +36,7 @@ spec:
               tag: 0.2.4@sha256:2c1076986904babdcfed38ffcf848e7609f3e108ee350a46ce8ed201407a8b81
             env:
               PROMETHEUS_URL: http://thanos-query-frontend.monitoring.svc.cluster.local:9090
-              PORT: &port 80
+              PORT: &port 8080
             resources:
               requests:
                 cpu: 5m

kubernetes/apps/default/kromgo/app/kustomization.yaml

@@ -9,5 +9,3 @@ configMapGenerator:
       - ./configs/config.yaml
 generatorOptions:
   disableNameSuffixHash: true
-  annotations:
-    kustomize.toolkit.fluxcd.io/substitute: disabled

kubernetes/apps/home/atuin/app/helmrelease.yaml

@@ -44,11 +44,11 @@ spec:
               tag: v17.2.1@sha256:149ba8c5445c205f4ca7f88256eb409ef36820fc2a74fd462869a489721d03d3
             env:
               ATUIN_HOST: 0.0.0.0
-              ATUIN_PORT: &port 80
+              ATUIN_PORT: &port 8080
               ATUIN_OPEN_REGISTRATION: true
               ATUIN_METRICS__ENABLE: true
               ATUIN_METRICS__HOST: 0.0.0.0
-              ATUIN_METRICS__PORT: &metricsPort 8080
+              ATUIN_METRICS__PORT: &metricsPort 8081
             envFrom: *envFrom
             args:
               - server

kubernetes/apps/home/node-red/app/kustomization.yaml

@@ -11,5 +11,3 @@ configMapGenerator:
       - ./configs/settings.js
 generatorOptions:
   disableNameSuffixHash: true
-  annotations:
-    kustomize.toolkit.fluxcd.io/substitute: disabled

kubernetes/apps/home/zigbee2mqtt/app/helmrelease.yaml

@@ -49,7 +49,7 @@ spec:
               ZIGBEE2MQTT_CONFIG_DEVICE_OPTIONS_LEGACY: false
               ZIGBEE2MQTT_CONFIG_DEVICE_OPTIONS_RETAIN: true
               ZIGBEE2MQTT_CONFIG_EXPERIMENTAL_NEW_API: true
-              ZIGBEE2MQTT_CONFIG_FRONTEND_PORT: &port 80
+              ZIGBEE2MQTT_CONFIG_FRONTEND_PORT: &port 8080
               ZIGBEE2MQTT_CONFIG_FRONTEND_URL: https://zigbee.${PUBLIC_DOMAIN}
               ZIGBEE2MQTT_CONFIG_HOMEASSISTANT: true
               ZIGBEE2MQTT_CONFIG_MQTT_INCLUDE_DEVICE_INFORMATION: true

kubernetes/apps/kube-system/node-problem-detector/app/helmrelease.yaml

@@ -26,7 +26,7 @@ spec:
     image:
       repository: registry.k8s.io/node-problem-detector/node-problem-detector
     settings:
-      # https://github.com/kubernetes/node-problem-detector/tree/master/config
+      # Ref: https://github.com/kubernetes/node-problem-detector/tree/master/config
       log_monitors:
         - /config/kernel-monitor.json
       custom_plugin_monitors:

kubernetes/apps/media/qbittorrent/app/configs/config.js

@@ -9,22 +9,22 @@ module.exports = {
   qbittorrentUrl: "http://localhost:8080",
 
   torznab: [
-    `http://prowlarr.media.svc.cluster.local:9696/114/api?apikey=${process.env.PROWLARR_API_KEY}`, // atr
-    `http://prowlarr.media.svc.cluster.local:9696/80/api?apikey=${process.env.PROWLARR_API_KEY}`,  // ar
-    `http://prowlarr.media.svc.cluster.local:9696/77/api?apikey=${process.env.PROWLARR_API_KEY}`,  // ant
-    `http://prowlarr.media.svc.cluster.local:9696/16/api?apikey=${process.env.PROWLARR_API_KEY}`,  // blu
-    `http://prowlarr.media.svc.cluster.local:9696/11/api?apikey=${process.env.PROWLARR_API_KEY}`,  // fl
-    `http://prowlarr.media.svc.cluster.local:9696/43/api?apikey=${process.env.PROWLARR_API_KEY}`,  // hds
-    `http://prowlarr.media.svc.cluster.local:9696/5/api?apikey=${process.env.PROWLARR_API_KEY}`,   // hdt
-    `http://prowlarr.media.svc.cluster.local:9696/3/api?apikey=${process.env.PROWLARR_API_KEY}`,   // ipt
-    `http://prowlarr.media.svc.cluster.local:9696/7/api?apikey=${process.env.PROWLARR_API_KEY}`,   // mtv
-    `http://prowlarr.media.svc.cluster.local:9696/17/api?apikey=${process.env.PROWLARR_API_KEY}`,  // ptp
-    `http://prowlarr.media.svc.cluster.local:9696/44/api?apikey=${process.env.PROWLARR_API_KEY}`,  // phd
-    `http://prowlarr.media.svc.cluster.local:9696/15/api?apikey=${process.env.PROWLARR_API_KEY}`,  // st
-    `http://prowlarr.media.svc.cluster.local:9696/78/api?apikey=${process.env.PROWLARR_API_KEY}`,  // td
-    `http://prowlarr.media.svc.cluster.local:9696/6/api?apikey=${process.env.PROWLARR_API_KEY}`,   // ts
-    `http://prowlarr.media.svc.cluster.local:9696/4/api?apikey=${process.env.PROWLARR_API_KEY}`,   // tl
-    `http://prowlarr.media.svc.cluster.local:9696/8/api?apikey=${process.env.PROWLARR_API_KEY}`,   // uhdb
+    `http://prowlarr.media.svc.cluster.local:9696/114/api?apikey=$${process.env.PROWLARR_API_KEY}`, // atr
+    `http://prowlarr.media.svc.cluster.local:9696/80/api?apikey=$${process.env.PROWLARR_API_KEY}`,  // ar
+    `http://prowlarr.media.svc.cluster.local:9696/77/api?apikey=$${process.env.PROWLARR_API_KEY}`,  // ant
+    `http://prowlarr.media.svc.cluster.local:9696/16/api?apikey=$${process.env.PROWLARR_API_KEY}`,  // blu
+    `http://prowlarr.media.svc.cluster.local:9696/11/api?apikey=$${process.env.PROWLARR_API_KEY}`,  // fl
+    `http://prowlarr.media.svc.cluster.local:9696/43/api?apikey=$${process.env.PROWLARR_API_KEY}`,  // hds
+    `http://prowlarr.media.svc.cluster.local:9696/5/api?apikey=$${process.env.PROWLARR_API_KEY}`,   // hdt
+    `http://prowlarr.media.svc.cluster.local:9696/3/api?apikey=$${process.env.PROWLARR_API_KEY}`,   // ipt
+    `http://prowlarr.media.svc.cluster.local:9696/7/api?apikey=$${process.env.PROWLARR_API_KEY}`,   // mtv
+    `http://prowlarr.media.svc.cluster.local:9696/17/api?apikey=$${process.env.PROWLARR_API_KEY}`,  // ptp
+    `http://prowlarr.media.svc.cluster.local:9696/44/api?apikey=$${process.env.PROWLARR_API_KEY}`,  // phd
+    `http://prowlarr.media.svc.cluster.local:9696/15/api?apikey=$${process.env.PROWLARR_API_KEY}`,  // st
+    `http://prowlarr.media.svc.cluster.local:9696/78/api?apikey=$${process.env.PROWLARR_API_KEY}`,  // td
+    `http://prowlarr.media.svc.cluster.local:9696/6/api?apikey=$${process.env.PROWLARR_API_KEY}`,   // ts
+    `http://prowlarr.media.svc.cluster.local:9696/4/api?apikey=$${process.env.PROWLARR_API_KEY}`,   // tl
+    `http://prowlarr.media.svc.cluster.local:9696/8/api?apikey=$${process.env.PROWLARR_API_KEY}`,   // uhdb
   ],
 
   apiAuth: false,

kubernetes/apps/media/qbittorrent/app/helmrelease.yaml

@@ -26,7 +26,7 @@ spec:
     controllers:
       main:
         annotations:
-          secret.reloader.stakater.com/reload: cross-seed-secret
+          configmap.reloader.stakater.com/reload: &configMap cross-seed-configmap
         containers:
           main:
             image:
@@ -138,7 +138,7 @@ spec:
         existingClaim: media
       xseed:
         type: configMap
-        name: cross-seed-configmap
+        name: *configMap
         globalMounts:
           - path: /config/config.js
             subPath: config.js

kubernetes/apps/media/qbittorrent/app/kustomization.yaml

@@ -11,5 +11,3 @@ configMapGenerator:
       - ./configs/config.js
 generatorOptions:
   disableNameSuffixHash: true
-  annotations:
-    kustomize.toolkit.fluxcd.io/substitute: disabled

kubernetes/apps/monitoring/exporters/smartctl-exporter/app/prometheusrule.yaml

@@ -40,7 +40,7 @@ spec:
           labels:
             severity: critical
         #
-        # https://github.com/prometheus-community/helm-charts/blob/main/charts/prometheus-smartctl-exporter/rules/rules.txt
+        # Ref: https://github.com/prometheus-community/helm-charts/blob/main/charts/prometheus-smartctl-exporter/rules/rules.txt
         #
         - alert: SmartDeviceMediaErrors
           annotations:

kubernetes/apps/monitoring/gatus/app/configs/config.yaml

@@ -1,8 +1,8 @@
 ---
 alerting:
   pushover:
-    application-token: ${GATUS_PUSHOVER_APP_TOKEN}
-    user-key: ${GATUS_PUSHOVER_USER_KEY}
+    application-token: $${GATUS_PUSHOVER_APP_TOKEN}
+    user-key: $${GATUS_PUSHOVER_USER_KEY}
     default-alert:
       description: healthcheck failed
       send-on-resolved: true
@@ -18,12 +18,12 @@ metrics: true
 
 storage:
   type: postgres
-  path: postgres://${INIT_POSTGRES_USER}:${INIT_POSTGRES_PASS}@${INIT_POSTGRES_HOST}:5432/${INIT_POSTGRES_DBNAME}?sslmode=disable
+  path: postgres://$${INIT_POSTGRES_USER}:$${INIT_POSTGRES_PASS}@$${INIT_POSTGRES_HOST}:5432/$${INIT_POSTGRES_DBNAME}?sslmode=disable
   caching: true
 
 ui:
   title: Status | Gatus
   header: Status
 
 web:
-  port: ${CUSTOM_WEB_PORT}
+  port: $${CUSTOM_WEB_PORT}

kubernetes/apps/monitoring/gatus/app/kustomization.yaml

@@ -9,8 +9,5 @@ configMapGenerator:
   - name: gatus-configmap
     files:
       - ./configs/config.yaml
-    options:
-      annotations:
-        kustomize.toolkit.fluxcd.io/substitute: disabled
 generatorOptions:
   disableNameSuffixHash: true

kubernetes/apps/monitoring/grafana/app/helmrelease.yaml

@@ -53,7 +53,7 @@ spec:
         reporting_enabled: false
       auth:
         oauth_auto_login: true
-        oauth_allow_insecure_email_lookup: true # https://github.com/grafana/grafana/issues/70203
+        oauth_allow_insecure_email_lookup: true # Ref: https://github.com/grafana/grafana/issues/70203
         signout_redirect_url: https://auth.${PUBLIC_DOMAIN}/logout
       auth.basic:
         enabled: true