diff --git a/.github/renovate.json5 b/.github/renovate.json5 index e26c398764..39ec56935a 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -15,8 +15,8 @@ "github>buroa/k8s-gitops//.github/renovate/allowedVersions.json5", "github>buroa/k8s-gitops//.github/renovate/autoMerge.json5", "github>buroa/k8s-gitops//.github/renovate/commitMessage.json5", - "github>buroa/k8s-gitops//.github/renovate/customDatasources.json5", "github>buroa/k8s-gitops//.github/renovate/customManagers.json5", + "github>buroa/k8s-gitops//.github/renovate/grafanaDashboards.json5", "github>buroa/k8s-gitops//.github/renovate/groups.json5", "github>buroa/k8s-gitops//.github/renovate/labels.json5", "github>buroa/k8s-gitops//.github/renovate/packageRules.json5", @@ -30,19 +30,16 @@ "assigneesFromCodeOwners": true, "reviewersFromCodeOwners": true, "ignorePaths": [ + "**/*.sops.*", "**/configs/**" ], "flux": { "fileMatch": [ - "(^|/)\\.taskfiles/.+\\.ya?ml(\\.j2)?$", - "(^|/)talos/.+\\.ya?ml(\\.j2)?$", "(^|/)kubernetes/.+\\.ya?ml(\\.j2)?$" ] }, "helm-values": { "fileMatch": [ - "(^|/)\\.taskfiles/.+\\.ya?ml(\\.j2)?$", - "(^|/)talos/.+\\.ya?ml(\\.j2)?$", "(^|/)kubernetes/.+\\.ya?ml(\\.j2)?$" ] }, diff --git a/.github/renovate/autoMerge.json5 b/.github/renovate/autoMerge.json5 index 1728b7cc69..05a430b3e9 100644 --- a/.github/renovate/autoMerge.json5 +++ b/.github/renovate/autoMerge.json5 @@ -2,20 +2,18 @@ "$schema": "https://docs.renovatebot.com/renovate-schema.json", "packageRules": [ { - "description": "Auto merge container digests", + "description": "Auto-merge container digests updates for trusted containers", "matchDatasources": ["docker"], "automerge": true, - "ignoreTests": true, "automergeType": "branch", "matchUpdateTypes": ["digest"], "matchPackagePatterns": ["ghcr.io/bjw-s", "ghcr.io/onedr0p"] }, { - "description": "Auto merge GitHub Actions", + "description": "Auto-merge GitHub Actions for minor and patch", "matchManagers": ["github-actions"], "matchDatasources": ["github-tags"], "automerge": true, - "ignoreTests": true, "automergeType": "branch", "matchUpdateTypes": ["minor", "patch"] } diff --git a/.github/renovate/commitMessage.json5 b/.github/renovate/commitMessage.json5 index ec34fdb01e..3fea628721 100644 --- a/.github/renovate/commitMessage.json5 +++ b/.github/renovate/commitMessage.json5 @@ -11,11 +11,6 @@ { "matchDatasources": ["docker"], "commitMessageTopic": "image {{depName}}" - }, - { - "matchDatasources": ["custom.grafana-dashboards"], - "commitMessageTopic": "dashboard {{depName}}", - "commitMessageExtra": "to revision {{newVersion}}" } ] } diff --git a/.github/renovate/customDatasources.json5 b/.github/renovate/customDatasources.json5 deleted file mode 100644 index 0c15007fda..0000000000 --- a/.github/renovate/customDatasources.json5 +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "customDatasources": { - "grafana-dashboards": { - "defaultRegistryUrlTemplate": "https://grafana.com/api/dashboards/{{packageName}}", - "format": "json", - "transformTemplates": [ - "{\"releases\":[{\"version\": $string(revision)}]}" - ] - } - } -} diff --git a/.github/renovate/customManagers.json5 b/.github/renovate/customManagers.json5 index 2f6a658428..c9c6404e96 100644 --- a/.github/renovate/customManagers.json5 +++ b/.github/renovate/customManagers.json5 @@ -25,25 +25,11 @@ // `- https://github.com/argoproj/argo-cd/raw/v2.7.10/manifests/install.yaml` // `- https://github.com/argoproj/argo-cd/raw/v2.7.10/manifests/ha/install.yaml` // `- https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/21.1.1/kubernetes/kubernetes.yml` - "datasource=(?\\S+) depName=(?\\S+)( versioning=(?\\S+))?\n.*?-\\s(.*?)\/(?(v|\\d)[^/]+)\/\\S+\n", - // Example: apiVersion=helm.cattle.io/v1 kind=HelmChart - "datasource=(?\\S+)\n.*?repo: (?\\S+)\n.*?chart: (?\\S+)\n.*?version: (?\\S+)\n" + "datasource=(?\\S+) depName=(?\\S+)( versioning=(?\\S+))?\n.*?-\\s(.*?)\/(?(v|\\d)[^/]+)\/\\S+\n" ], "datasourceTemplate": "{{#if datasource}}{{{datasource}}}{{else}}github-releases{{/if}}", "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}" }, - { - "customType": "regex", - "description": "Process Grafana dashboards", - "fileMatch": [ - "(^|/)kubernetes/.+\\.ya?ml(\\.j2)?$" - ], - "matchStrings": [ - "depName=\"(?.*)\"\\n\\s+gnetId:\\s+(?.*?)\\n\\s+revision:\\s+(?.*)" - ], - "versioningTemplate": "regex:^(?\\d+)$", - "datasourceTemplate": "custom.grafana-dashboards" - }, { "customType": "regex", "description": "Process CloudnativePG Postgresql version", diff --git a/.github/renovate/grafanaDashboards.json5 b/.github/renovate/grafanaDashboards.json5 new file mode 100644 index 0000000000..b2112a66b0 --- /dev/null +++ b/.github/renovate/grafanaDashboards.json5 @@ -0,0 +1,37 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "customDatasources": { + "grafana-dashboards": { + "defaultRegistryUrlTemplate": "https://grafana.com/api/dashboards/{{packageName}}", + "format": "json", + "transformTemplates": [ + "{\"releases\":[{\"version\": $string(revision)}]}" + ] + } + }, + "customManagers": [ + { + "customType": "regex", + "description": "Process Grafana dashboards", + "fileMatch": [ + "(^|/)kubernetes/.+\\.ya?ml(\\.j2)?$" + ], + "matchStrings": [ + "depName=\"(?\\S+)\"\\n.*?gnetId: (?\\d+)\\n.*?revision: (?\\d+)" + ], + "datasourceTemplate": "custom.grafana-dashboards", + "versioningTemplate": "regex:^(?\\d+)$" + } + ], + "packageRules": [ + { + "addLabels": ["renovate/grafana-dashboard"], + "commitMessageExtra": "to revision {{newVersion}}", + "commitMessageTopic": "dashboard {{depName}}", + "matchDatasources": ["grafana-dashboards", "custom.grafana-dashboards"], + "matchUpdateTypes": ["major"], + "semanticCommitScope": "grafana-dashboards", + "semanticCommitType": "chore" + } + ] +} diff --git a/.github/renovate/labels.json5 b/.github/renovate/labels.json5 index 485b2529bf..7d2230da32 100644 --- a/.github/renovate/labels.json5 +++ b/.github/renovate/labels.json5 @@ -40,14 +40,6 @@ { "matchManagers": ["github-actions"], "addLabels": ["renovate/github-action"] - }, - { - "matchDatasources": ["pypi"], - "addLabels": ["renovate/pip"] - }, - { - "matchDatasources": ["grafana-dashboards", "custom.grafana-dashboards"], - "addLabels": ["renovate/grafana-dashboard"] } ] } diff --git a/.github/renovate/semanticCommits.json5 b/.github/renovate/semanticCommits.json5 index e58dbff95f..8f4521a054 100644 --- a/.github/renovate/semanticCommits.json5 +++ b/.github/renovate/semanticCommits.json5 @@ -4,118 +4,150 @@ { "matchDatasources": ["docker"], "matchUpdateTypes": ["major"], - "commitMessagePrefix": "feat(container)!: " + "commitMessagePrefix": "feat(container)!: ", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": " ({{currentVersion}} → {{newVersion}})" }, { "matchDatasources": ["docker"], "matchUpdateTypes": ["minor"], "semanticCommitType": "feat", - "semanticCommitScope": "container" + "semanticCommitScope": "container", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "({{currentVersion}} → {{newVersion}})" }, { "matchDatasources": ["docker"], "matchUpdateTypes": ["patch"], "semanticCommitType": "fix", - "semanticCommitScope": "container" + "semanticCommitScope": "container", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "({{currentVersion}} → {{newVersion}})" }, { "matchDatasources": ["docker"], "matchUpdateTypes": ["digest"], "semanticCommitType": "chore", - "semanticCommitScope": "container" + "semanticCommitScope": "container", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "({{currentVersion}} → {{newVersion}})" }, { "matchDatasources": ["helm"], "matchUpdateTypes": ["major"], - "commitMessagePrefix": "feat(helm)!: " + "commitMessagePrefix": "feat(helm)!: ", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "({{currentVersion}} → {{newVersion}})" }, { "matchDatasources": ["helm"], "matchUpdateTypes": ["minor"], "semanticCommitType": "feat", - "semanticCommitScope": "helm" + "semanticCommitScope": "helm", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "({{currentVersion}} → {{newVersion}})" }, { "matchDatasources": ["helm"], "matchUpdateTypes": ["patch"], "semanticCommitType": "fix", - "semanticCommitScope": "helm" + "semanticCommitScope": "helm", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "({{currentVersion}} → {{newVersion}})" }, { "matchDatasources": ["galaxy", "galaxy-collection"], "matchUpdateTypes": ["major"], - "commitMessagePrefix": "feat(ansible)!: " + "commitMessagePrefix": "feat(ansible)!: ", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "({{currentVersion}} → {{newVersion}})" }, { "matchDatasources": ["galaxy", "galaxy-collection"], "matchUpdateTypes": ["minor"], "semanticCommitType": "feat", - "semanticCommitScope": "ansible" + "semanticCommitScope": "ansible", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "({{currentVersion}} → {{newVersion}})" }, { "matchDatasources": ["galaxy", "galaxy-collection"], "matchUpdateTypes": ["patch"], "semanticCommitType": "fix", - "semanticCommitScope": "ansible" + "semanticCommitScope": "ansible", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "({{currentVersion}} → {{newVersion}})" }, { "matchDatasources": ["terraform-provider"], "matchUpdateTypes": ["major"], - "commitMessagePrefix": "feat(terraform)!: " + "commitMessagePrefix": "feat(terraform)!: ", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "({{currentVersion}} → {{newVersion}})" }, { "matchDatasources": ["terraform-provider"], "matchUpdateTypes": ["minor"], "semanticCommitType": "feat", - "semanticCommitScope": "terraform" + "semanticCommitScope": "terraform", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "({{currentVersion}} → {{newVersion}})" }, { "matchDatasources": ["terraform-provider"], "matchUpdateTypes": ["patch"], "semanticCommitType": "fix", - "semanticCommitScope": "terraform" + "semanticCommitScope": "terraform", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "({{currentVersion}} → {{newVersion}})" }, { "matchDatasources": ["github-releases", "github-tags"], "matchUpdateTypes": ["major"], - "commitMessagePrefix": "feat(github-release)!: " + "commitMessagePrefix": "feat(github-release)!: ", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "({{currentVersion}} → {{newVersion}})" }, { "matchDatasources": ["github-releases", "github-tags"], "matchUpdateTypes": ["minor"], "semanticCommitType": "feat", - "semanticCommitScope": "github-release" + "semanticCommitScope": "github-release", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "({{currentVersion}} → {{newVersion}})" }, { "matchDatasources": ["github-releases", "github-tags"], "matchUpdateTypes": ["patch"], "semanticCommitType": "fix", - "semanticCommitScope": "github-release" + "semanticCommitScope": "github-release", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "({{currentVersion}} → {{newVersion}})" }, { "matchManagers": ["github-actions"], "matchUpdateTypes": ["major"], - "commitMessagePrefix": "feat(github-action)!: " + "commitMessagePrefix": "feat(github-action)!: ", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "({{currentVersion}} → {{newVersion}})" }, { "matchManagers": ["github-actions"], "matchUpdateTypes": ["minor"], "semanticCommitType": "feat", - "semanticCommitScope": "github-action" + "semanticCommitScope": "github-action", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "({{currentVersion}} → {{newVersion}})" }, { "matchManagers": ["github-actions"], "matchUpdateTypes": ["patch"], "semanticCommitType": "fix", - "semanticCommitScope": "github-action" - }, - { - "matchDatasources": ["custom.grafana-dashboards"], - "matchUpdateTypes": ["major"], - "semanticCommitType": "chore", - "semanticCommitScope": "grafana-dashboard" + "semanticCommitScope": "github-action", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "({{currentVersion}} → {{newVersion}})" } ] } diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 7adeae5a3f..b92cd69d05 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -17,7 +17,7 @@ on: default: latest required: false schedule: - - cron: "*/30 * * * *" + - cron: "0 * * * *" push: branches: ["master"] paths: diff --git a/kubernetes/apps/media/kustomization.yaml b/kubernetes/apps/media/kustomization.yaml index 7356fc00c0..8dfbbbda38 100644 --- a/kubernetes/apps/media/kustomization.yaml +++ b/kubernetes/apps/media/kustomization.yaml @@ -16,4 +16,3 @@ resources: - ./sonarr/ks.yaml - ./tautulli/ks.yaml - ./unpackerr/ks.yaml - - ./wizarr/ks.yaml diff --git a/kubernetes/apps/media/wizarr/app/helmrelease.yaml b/kubernetes/apps/media/wizarr/app/helmrelease.yaml deleted file mode 100644 index 40ca614389..0000000000 --- a/kubernetes/apps/media/wizarr/app/helmrelease.yaml +++ /dev/null @@ -1,88 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta2 -kind: HelmRelease -metadata: - name: &app wizarr -spec: - interval: 30m - chart: - spec: - chart: app-template - version: 2.4.0 - sourceRef: - kind: HelmRepository - name: bjw-s-charts - namespace: flux-system - install: - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - controllers: - main: - containers: - main: - image: - repository: ghcr.io/wizarrrr/wizarr - tag: 3.5.1@sha256:660b309f8a8c298910cb8f0e1ba13b980d8b30df6d836e78c5e0f3d0713cc352 - env: - TZ: ${TIMEZONE} - probes: - liveness: &probes - enabled: true - custom: true - spec: - httpGet: - path: &path /api/health - port: &port 5690 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - readiness: *probes - startup: - enabled: false - resources: - requests: - cpu: 10m - memory: 250M - limits: - memory: 512M - ingress: - main: - enabled: true - className: external - annotations: - gatus.io/enabled: "true" - gatus.io/path: *path - hajimari.io/icon: mdi:invite - external-dns.alpha.kubernetes.io/target: external.${PUBLIC_DOMAIN} - hosts: - - host: &host "{{ .Release.Name }}.${PUBLIC_DOMAIN}" - paths: &paths - - path: / - service: - name: main - port: http - - host: &customHost invite.${PUBLIC_DOMAIN} - paths: *paths - tls: - - hosts: - - *host - - *customHost - persistence: - config: - enabled: true - existingClaim: *app - globalMounts: - - path: /data/database - service: - main: - ports: - http: - port: *port diff --git a/kubernetes/apps/media/wizarr/app/kustomization.yaml b/kubernetes/apps/media/wizarr/app/kustomization.yaml deleted file mode 100644 index a82a3e6b99..0000000000 --- a/kubernetes/apps/media/wizarr/app/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./volsync.yaml - - ./helmrelease.yaml diff --git a/kubernetes/apps/media/wizarr/app/volsync.yaml b/kubernetes/apps/media/wizarr/app/volsync.yaml deleted file mode 100644 index 346b2eae26..0000000000 --- a/kubernetes/apps/media/wizarr/app/volsync.yaml +++ /dev/null @@ -1,85 +0,0 @@ ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: wizarr-restic -spec: - secretStoreRef: - kind: ClusterSecretStore - name: onepassword-connect - target: - name: wizarr-restic-secret - creationPolicy: Owner - template: - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ .REPOSITORY_TEMPLATE }}/wizarr" - RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}" - AWS_ACCESS_KEY_ID: "{{ .AWS_ACCESS_KEY_ID }}" - AWS_SECRET_ACCESS_KEY: "{{ .AWS_SECRET_ACCESS_KEY }}" - dataFrom: - - extract: - key: volsync-restic-template ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: wizarr -spec: - accessModes: ["ReadWriteOnce"] - dataSourceRef: - kind: ReplicationDestination - apiGroup: volsync.backube - name: wizarr-rdst - resources: - requests: - storage: 2Gi - storageClassName: ${CLUSTER_STORAGE_BLOCK} ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationDestination -metadata: - name: wizarr-rdst -spec: - trigger: - manual: restore-once - restic: - repository: wizarr-restic-secret - copyMethod: Snapshot - accessModes: ["ReadWriteOnce"] - storageClassName: ${CLUSTER_STORAGE_BLOCK} - volumeSnapshotClassName: ${CLUSTER_SNAPSHOT_BLOCK} - cacheAccessModes: ["ReadWriteOnce"] - cacheCapacity: 8Gi - cacheStorageClassName: ${CLUSTER_STORAGE_HOSTPATH} - moverSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - capacity: 2Gi # must match the PersistentVolumeClaim `.resources.requests.storage` size above ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: wizarr-rsrc -spec: - sourcePVC: wizarr - trigger: - schedule: "15 */8 * * *" - restic: - pruneIntervalDays: 10 - repository: wizarr-restic-secret - copyMethod: Snapshot - accessModes: ["ReadWriteOnce"] - storageClassName: ${CLUSTER_STORAGE_BLOCK} - volumeSnapshotClassName: ${CLUSTER_SNAPSHOT_BLOCK} - cacheAccessModes: ["ReadWriteOnce"] - cacheCapacity: 8Gi - cacheStorageClassName: ${CLUSTER_STORAGE_HOSTPATH} - moverSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - retain: - daily: 10 - within: 3d diff --git a/kubernetes/apps/media/wizarr/ks.yaml b/kubernetes/apps/media/wizarr/ks.yaml deleted file mode 100644 index 76f9b0ab6e..0000000000 --- a/kubernetes/apps/media/wizarr/ks.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: cluster-apps-wizarr - namespace: flux-system -spec: - targetNamespace: media - dependsOn: - - name: cluster-apps-plex - - name: cluster-apps-volsync - - name: cluster-apps-rook-ceph-cluster - - name: cluster-apps-external-secrets-stores - path: ./kubernetes/apps/media/wizarr/app - prune: true - sourceRef: - kind: GitRepository - name: k8s-gitops - wait: true - interval: 30m - retryInterval: 1m - timeout: 5m diff --git a/kubernetes/apps/rook-ceph/rook-ceph/ks.yaml b/kubernetes/apps/rook-ceph/rook-ceph/ks.yaml index e1ed5eddab..d4e69843e2 100644 --- a/kubernetes/apps/rook-ceph/rook-ceph/ks.yaml +++ b/kubernetes/apps/rook-ceph/rook-ceph/ks.yaml @@ -6,6 +6,8 @@ metadata: namespace: flux-system spec: targetNamespace: rook-ceph + dependsOn: + - name: cluster-apps-external-secrets-stores path: ./kubernetes/apps/rook-ceph/rook-ceph/app prune: true sourceRef: diff --git a/talos/talconfig.yaml b/talos/talconfig.yaml index 3c756c3348..2861cd88e2 100644 --- a/talos/talconfig.yaml +++ b/talos/talconfig.yaml @@ -316,11 +316,10 @@ controlPlane: - &customTalosPatch |- machine: install: - image: ghcr.io/buroa/installer:v1.5.5 extraKernelArgs: - net.ifnames=0 - talos.logging.kernel=udp://vector.${domainName}:6001/ - legacyBIOSSupport: true # mac minis are legacy BIOS + legacyBIOSSupport: true # Enable logging - &loggingPatch |-