Initial commit

.config.sample.env

@@ -0,0 +1,92 @@
+#
+# Cluster related variables
+#
+
+# The repo you created from this template
+# e.g. https://github.com/k8s-at-home/home-cluster
+export BOOTSTRAP_GIT_REPOSITORY=""
+
+# Optional: Enable GitHub to send a webhook to update Flux, set the following to one of:
+# ignored - this feature will be disabled
+# generated - this will generate a token and print it in the logs
+# Set this to any other string and it will be used for the secret
+export BOOTSTRAP_FLUX_GITHUB_WEBHOOK_SECRET="ignored"
+
+# Choose one of your cloudflare domains
+# e.g. k8s-at-home.com
+export BOOTSTRAP_CLOUDFLARE_DOMAIN=""
+# The email you use to sign into Cloudflare with
+export BOOTSTRAP_CLOUDFLARE_EMAIL=""
+# Your global Cloudflare API Key
+export BOOTSTRAP_CLOUDFLARE_APIKEY=""
+
+# Pick a range of unused IPs that are on the same network as your nodes
+# You don't need many IPs, just choose 10 IPs to start with
+# e.g. 192.168.1.220-192.168.1.230
+export BOOTSTRAP_METALLB_LB_RANGE=""
+# The load balancer IP for k8s_gateway, choose from one of the available IPs above
+# e.g. 192.168.1.220
+export BOOTSTRAP_METALLB_K8S_GATEWAY_ADDR=""
+# The load balancer IP for traefik, choose from one of the available IPs above
+# that doesn't conflict with any other IP addresses here
+# e.g. 192.168.1.221
+export BOOTSTRAP_METALLB_TRAEFIK_ADDR=""
+
+# Age Public Key - string should start with age
+# e.g. age15uzrw396e67z9wdzsxzdk7ka0g2gr3l460e0slaea563zll3hdfqwqxdta
+export BOOTSTRAP_AGE_PUBLIC_KEY=""
+
+# The network interface on the host kube-vip should attach to
+# Look this up on your nodes to verify what NIC to use
+# This name should be the same across your nodes, see:
+# https://github.com/k8s-at-home/template-cluster-k3s/issues/310
+# e.g. eno1
+export BOOTSTRAP_KUBE_VIP_INTERFACE=""
+# The IP Address to use with KubeVIP
+# Pick a unused IP that is on the same network as your nodes
+# and outside the ${BOOTSTRAP_METALLB_LB_RANGE} range
+# and doesn't conflict with any other IP addresses here
+# e.g. 192.168.1.254
+export BOOTSTRAP_KUBE_VIP_ADDR=""
+
+#
+# Ansible related variables
+#
+
+#
+# Default prefixes for hostnames assigned by Ansible
+# These are unused on nodes where BOOTSTRAP_ANSIBLE_HOSTNAME_ is provided
+#
+
+export BOOTSTRAP_ANSIBLE_DEFAULT_CONTROL_NODE_HOSTNAME_PREFIX="k8s-"
+export BOOTSTRAP_ANSIBLE_DEFAULT_NODE_HOSTNAME_PREFIX="k8s-"
+
+#
+# Ansible hosts - repeat this block as many times as you need,
+# incrementing the last digit on the variable name for each node
+#
+
+# Host IP Address to the control plane node
+# That doesn't conflict with any other IP addresses here
+# e.g. 192.168.1.200
+export BOOTSTRAP_ANSIBLE_HOST_ADDR_0=""
+# User Ansible will log into the nodes
+export BOOTSTRAP_ANSIBLE_SSH_USERNAME_0=""
+# Password Ansible will use to escalate to sudo
+export BOOTSTRAP_ANSIBLE_SUDO_PASSWORD_0=""
+# Set this node as a control node (true/false)
+export BOOTSTRAP_ANSIBLE_CONTROL_NODE_0=""
+# Optional: Set the hostname of the node, if set this will override the *_HOSTNAME_PREFIX vars above
+export BOOTSTRAP_ANSIBLE_HOSTNAME_0=""
+
+# export BOOTSTRAP_ANSIBLE_HOST_ADDR_1=""
+# export BOOTSTRAP_ANSIBLE_SSH_USERNAME_1=""
+# export BOOTSTRAP_ANSIBLE_SUDO_PASSWORD_1=""
+# export BOOTSTRAP_ANSIBLE_CONTROL_NODE_1=""
+# export BOOTSTRAP_ANSIBLE_HOSTNAME_1=""
+
+# export BOOTSTRAP_ANSIBLE_HOST_ADDR_2=""
+# export BOOTSTRAP_ANSIBLE_SSH_USERNAME_2=""
+# export BOOTSTRAP_ANSIBLE_SUDO_PASSWORD_2=""
+# export BOOTSTRAP_ANSIBLE_CONTROL_NODE_2=""
+# export BOOTSTRAP_ANSIBLE_HOSTNAME_2=""

.envrc

@@ -0,0 +1,5 @@
+#shellcheck disable=SC2148,SC2155
+export KUBECONFIG=$(expand_path ./provision/kubeconfig)
+export ANSIBLE_CONFIG=$(expand_path ./ansible.cfg)
+export ANSIBLE_HOST_KEY_CHECKING="False"
+export SOPS_AGE_KEY_FILE=$(expand_path ~/.config/sops/age/keys.txt)

.gitattributes

@@ -0,0 +1 @@
+*.sops.* diff=sopsdiffer

.github/CODEOWNERS

@@ -0,0 +1,2 @@
+# https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
+* @onedr0p

.github/ISSUE_TEMPLATE/bug-report.md

@@ -0,0 +1,24 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: kind/bug
+assignees: ''
+
+---
+
+# Details
+
+**What steps did you take and what happened:**
+
+<!-- Note: This should be a clear and concise description of what the bug is. -->
+
+**What did you expect to happen:**
+
+**Anything else you would like to add:**
+
+<!-- Note: Miscellaneous information that will assist in solving the issue. -->
+
+**Additional Information:**
+
+<!-- Note: Anything to give further context to the bug report. -->

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,6 @@
+---
+blank_issues_enabled: false
+contact_links:
+  - name: Discuss on Discord
+    url: https://discord.com/invite/sTMX7Vh
+    about: Join our Discord community

.github/ISSUE_TEMPLATE/feature-request.md

@@ -0,0 +1,22 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: kind/enhancement
+assignees: ''
+
+---
+
+# Details
+
+**Describe the solution you'd like:**
+
+<!-- Note: A clear and concise description of what you want to happen. -->
+
+**Anything else you would like to add:**
+
+<!-- Note: Miscellaneous information that will assist in solving the issue. -->
+
+**Additional Information:**
+
+<!-- Note: Anything to give further context to the requested new feature. -->

.github/ISSUE_TEMPLATE/question.md

@@ -0,0 +1,19 @@
+---
+name: Question
+about: Ask a question to the maintainer
+title: ''
+labels: kind/question
+assignees: ''
+
+---
+
+# Details
+
+**Ask your question:**
+
+<!-- Note: A clear and concise query of what you want to ask. -->
+
+<!-- Besides asking here, you can also ask in the following Discussion board or Discord -->
+
+<!-- Discussion board: https://github.com/k8s-at-home/charts/discussions -->
+<!-- Discord: https://discord.gg/sTMX7Vh -->

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,20 @@
+**Description of the change**
+
+<!-- Describe the scope of your change - i.e. what the change does. -->
+
+**Benefits**
+
+<!-- What benefits will be realized by the code change? -->
+
+**Possible drawbacks**
+
+<!-- Describe any known limitations with your change -->
+
+**Applicable issues**
+
+<!-- Enter any applicable Issues here (You can reference an issue using #) -->
+- fixes #
+
+**Additional information**
+
+<!-- If there's anything else that's important and relevant to your pull request, mention that information here.-->

.github/linters/.ansible-lint

@@ -0,0 +1,3 @@
+# .ansible-lint
+warn_list:
+  - unnamed-task

.github/linters/.markdownlint.yaml

@@ -0,0 +1,23 @@
+---
+default: true
+
+# MD013/line-length - Line length
+MD013:
+  # Number of characters
+  line_length: 240
+  # Number of characters for headings
+  heading_line_length: 80
+  # Number of characters for code blocks
+  code_block_line_length: 80
+  # Include code blocks
+  code_blocks: true
+  # Include tables
+  tables: true
+  # Include headings
+  headings: true
+  # Include headings
+  headers: true
+  # Strict length checking
+  strict: false
+  # Stern length checking
+  stern: false

.github/linters/.prettierignore

@@ -0,0 +1,2 @@
+*.sops.*
+gotk-components.yaml

.github/linters/.prettierrc.yaml

@@ -0,0 +1,5 @@
+---
+trailingComma: "es5"
+tabWidth: 2
+semi: false
+singleQuote: false

.github/linters/.yamllint.yaml

@@ -0,0 +1,18 @@
+---
+ignore: |
+  *.sops.*
+  gotk-components.yaml
+extends: default
+rules:
+  truthy:
+    allowed-values: ["true", "false", "on"]
+  comments:
+    min-spaces-from-content: 1
+  line-length: disable
+  braces:
+    min-spaces-inside: 0
+    max-spaces-inside: 1
+  brackets:
+    min-spaces-inside: 0
+    max-spaces-inside: 0
+  indentation: enable

.github/renovate.json5

@@ -0,0 +1,122 @@
+{
+  "enabled": true,
+  "semanticCommits": "enabled",
+  "dependencyDashboard": true,
+  "dependencyDashboardTitle": "Renovate Dashboard",
+  "suppressNotifications": ["prIgnoreNotification"],
+  "rebaseWhen": "conflicted",
+  "schedule": [
+    "every weekend"
+  ],
+  // set up ignored deps
+  "ignoreDeps": [
+    "ghcr.io/fluxcd/helm-controller",
+    "ghcr.io/fluxcd/image-automation-controller",
+    "ghcr.io/fluxcd/image-reflector-controller",
+    "ghcr.io/fluxcd/kustomize-controller",
+    "ghcr.io/fluxcd/notification-controller",
+    "ghcr.io/fluxcd/source-controller"
+  ],
+  "pre-commit": {
+    "enabled": true
+  },
+  "flux": {
+    "fileMatch": [
+      "cluster/.+\\.ya?ml$"
+    ]
+  },
+  "helm-values": {
+    "fileMatch": [
+      "cluster/.+\\.ya?ml$"
+    ]
+  },
+  "kubernetes": {
+    "fileMatch": [
+      "cluster/.+\\.ya?ml$",
+      "provision/ansible/.+\\.ya?ml.j2$"
+    ]
+  },
+  "regexManagers": [
+    // Read and process GitHub Releases
+    {
+      "fileMatch": [
+        "cluster/.+\\.ya?ml$",
+        "provision/ansible/.+\\.ya?ml$"
+      ],
+      "matchStrings": [
+        "datasource=(?<datasource>.*?)( versioning=(?<versioning>.*?))?\n *url: https:\/\/github\\.com\/(?<depName>.*?)\\.git\n *ref:\n *tag: (?<currentValue>.*)\n",
+        "datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?\n.*?_version: \"(?<currentValue>.*)\"\n",
+        "datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?\n.*?_VERSION=\"(?<currentValue>.*)\"\n"
+      ],
+      "datasourceTemplate": "{{#if datasource}}{{{datasource}}}{{else}}github-releases{{/if}}",
+      "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}"
+    },
+    // regexManager to read and process cert-manager CRD's
+    {
+      "fileMatch": [
+        "cluster/crds/cert-manager/.+\\.ya?ml$"
+      ],
+      "matchStrings": [
+        "registryUrl=(?<registryUrl>.*?) chart=(?<depName>.*?)\n.*\\/(?<currentValue>.*?)\\/"
+      ],
+      "datasourceTemplate": "helm"
+    },
+    // regexManager to read and process Traefik CRD's
+    {
+      "fileMatch": [
+        "cluster/crds/traefik/.+\\.ya?ml$"
+      ],
+      "matchStrings": [
+        "registryUrl=(?<registryUrl>.*?) chart=(?<depName>.*?)\n *tag: v(?<currentValue>.*)\n"
+      ],
+      "datasourceTemplate": "helm"
+    }
+  ],
+  "packageRules": [
+    // setup datasources
+    {
+      "matchDatasources": ["helm"],
+      "separateMinorPatch": true,
+      "ignoreDeprecated": true
+    },
+    // global docker datasource settings
+    {
+      "matchDatasources": ["docker"],
+      "enabled": true,
+      "commitMessageTopic": "container image {{depName}}",
+      "commitMessageExtra": "to {{#if isSingleVersion}}v{{{newVersion}}}{{else}}{{{newValue}}}{{/if}}",
+      "matchUpdateTypes": ["major", "minor", "patch"]
+    },
+    // add labels according to package and update types
+    {
+      "matchDatasources": ["docker"],
+      "matchUpdateTypes": ["major"],
+      "labels": ["renovate/image", "dep/major"]
+    },
+    {
+      "matchDatasources": ["docker"],
+      "matchUpdateTypes": ["minor"],
+      "labels": ["renovate/image", "dep/minor"]
+    },
+    {
+      "matchDatasources": ["docker"],
+      "matchUpdateTypes": ["patch"],
+      "labels": ["renovate/image", "dep/patch"]
+    },
+    {
+      "matchDatasources": ["helm"],
+      "matchUpdateTypes": ["major"],
+      "labels": ["renovate/helm", "dep/major"]
+    },
+    {
+      "matchDatasources": ["helm"],
+      "matchUpdateTypes": ["minor"],
+      "labels": ["renovate/helm", "dep/minor"]
+    },
+    {
+      "matchDatasources": ["helm"],
+      "matchUpdateTypes": ["patch"],
+      "labels": ["renovate/helm", "dep/patch"]
+    }
+  ]
+}