feat: enable gitea

chore: stick to stable nixos
chore: bump authentik
2025-05-14 18:59:29 -04:00 · 2025-05-14 17:15:50 -04:00 · 2025-05-13 23:00:45 -04:00 · 2025-05-13 20:48:13 -04:00 · 2025-05-13 18:40:14 -04:00 · 2025-05-12 21:53:26 -04:00
13 changed files with 1926 additions and 51 deletions
--- a/Architecture.md
+++ b/Architecture.md
@@ -56,6 +56,6 @@ Yay! you now have an interface, and an IP address to broadcast on :D
 op connect server create cluster --vaults cluster
 op connect token create cluster --server <Server ID> --vault cluster
-kubectl create secret generic -n 1password-system 1password-credentials  --from-literal=password="$(op read 'op://cluster/1password-credentials/password')"
+kubectl create secret generic -n 1password-system 1password-credentials  --from-literal=password="$(op read 'op://cluster/1password-credentials/1password-credentials.json')"
 kubectl create secret generic -n 1password-system 1password-token  --from-literal password="$(op read 'op://cluster/1password-token/password')"
 ```
--- a/Readme.md
+++ b/Readme.md
@@ -47,7 +47,7 @@ Now that I have VMs booted into the ISO, I need to setup the VMs. This would fir
 ## Flux
 ```bash
-flux bootstrap gitea --owner=yadunut --repository=homelab --hostname=git.yadunut.dev --path flux
+flux bootstrap github --owner=yadunut --repository=homelab --path cluster/base --personal --components-extra image-reflector-controller,image-automation-controller
 ```
 ## Give Ups
--- a/apps/base/gitea.yaml
+++ b/apps/base/gitea.yaml
@@ -57,17 +57,11 @@ spec:
          metallb.universe.tf/allow-shared-ip: gitea
    ingress:
      enabled: true
      annotations:
        traefik.ingress.kubernetes.io/router.middlewares: gitea-old-to-new-redirect@kubernetescrd
      hosts:
        - host: git.yadunut.dev
          paths:
            - path: /
              pathType: ImplementationSpecific
        - host: gitea.ts.yadunut.com
          paths:
            - path: /
              pathType: ImplementationSpecific
      tls:
        - secretName: wildcard-cert-i.yadunut.dev-prod
          hosts:
@@ -145,14 +139,3 @@ spec:
      services:
        - name: gitea-ssh
          port: 2222
 ---
 apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: old-to-new-redirect
  namespace: gitea
 spec:
  redirectRegex:
    regex: ^http://gitea.ts.yadunut.com/(.*)
    replacement: https://git.yadunut.dev/${1}
    permanent: true
--- a/apps/prod/kustomization.yaml
+++ b/apps/prod/kustomization.yaml
@@ -2,7 +2,7 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  # - ../base/podinfo.yaml
+  - ../base/podinfo.yaml
  # - ../base/harbor.yaml
-  # - ../base/gitea.yaml
+  - ../base/gitea.yaml
  # - ../base/yadunut-dev.yaml
--- a/cluster/base/flux-system/gotk-components.yaml
+++ b/cluster/base/flux-system/gotk-components.yaml
--- a/cluster/base/flux-system/gotk-sync.yaml
+++ b/cluster/base/flux-system/gotk-sync.yaml
@@ -0,0 +1,27 @@
 # This manifest was generated by flux. DO NOT EDIT.
 ---
 apiVersion: source.toolkit.fluxcd.io/v1
 kind: GitRepository
 metadata:
  name: flux-system
  namespace: flux-system
 spec:
  interval: 1m0s
  ref:
    branch: main
  secretRef:
    name: flux-system
  url: ssh://git@github.com/yadunut/homelab
 ---
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
  name: flux-system
  namespace: flux-system
 spec:
  interval: 10m0s
  path: ./cluster/base
  prune: true
  sourceRef:
    kind: GitRepository
    name: flux-system
--- a/cluster/base/flux-system/kustomization.yaml
+++ b/cluster/base/flux-system/kustomization.yaml
@@ -0,0 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - gotk-components.yaml
 - gotk-sync.yaml
--- a/cluster/base/infra/longhorn.yaml
+++ b/cluster/base/infra/longhorn.yaml
@@ -1,16 +1,16 @@
-# ---
+---
-# apiVersion: kustomize.toolkit.fluxcd.io/v1
+apiVersion: kustomize.toolkit.fluxcd.io/v1
-# kind: Kustomization
+kind: Kustomization
-# metadata:
+metadata:
-#   name: infra-longhorn
+  name: infra-longhorn
-#   namespace: flux-system
+  namespace: flux-system
-# spec:
+spec:
-#   interval: 1h0m0s
+  interval: 1h0m0s
-#   path: ./infra/controllers/longhorn
+  path: ./infra/controllers/longhorn
-#   prune: true
+  prune: true
-#   retryInterval: 1m0s
+  retryInterval: 1m0s
-#   sourceRef:
+  sourceRef:
-#     kind: GitRepository
+    kind: GitRepository
-#     name: flux-system
+    name: flux-system
-#   timeout: 5m0s
+  timeout: 5m0s
-#   wait: true
+  wait: true
--- a/infra/controllers/1password/1password.yaml
+++ b/infra/controllers/1password/1password.yaml
@@ -21,7 +21,7 @@ spec:
      sourceRef:
        kind: HelmRepository
        name: 1password-repo
-      version: 1.16.x
+      version: 1.17.x
  interval: 1m0s
  values:
    connect:
--- a/infra/controllers/authentik/authentik.yaml
+++ b/infra/controllers/authentik/authentik.yaml
@@ -37,7 +37,7 @@ spec:
      sourceRef:
        kind: HelmRepository
        name: authentik-repo
-      version: 2024.10.1
+      version: 2025.4.0
  interval: 1m0s
  values:
    global:
@@ -61,4 +61,3 @@ spec:
        existingSecret: "authentik-postgresql-password"
    redis:
      enabled: true
--- a/infra/controllers/external-dns/external-dns.yaml
+++ b/infra/controllers/external-dns/external-dns.yaml
@@ -29,7 +29,7 @@ spec:
      sourceRef:
        kind: HelmRepository
        name: external-dns-repo
-      version: 1.15.0
+      version: 1.16.x
  interval: 1m
  timeout: 5m
  values:
@@ -41,4 +41,3 @@ spec:
          secretKeyRef:
            name: cloudflare-token
            key: password
--- a/nixos/flake.lock
+++ b/nixos/flake.lock
@@ -52,11 +52,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1746729224,
+        "lastModified": 1747226316,
-        "narHash": "sha256-9R4sOLAK1w3Bq54H3XOJogdc7a6C2bLLmatOQ+5pf5w=",
+        "narHash": "sha256-INBPqK9ogSvw5Q9HJ5H7KI83v6Jc3goAnXN3b2F+eMU=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "85555d27ded84604ad6657ecca255a03fd878607",
+        "rev": "490c0d6bd151e33caa5b2cf0ae37758234e947f6",
        "type": "github"
      },
      "original": {
@@ -142,16 +142,16 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1746576598,
+        "lastModified": 1747235650,
-        "narHash": "sha256-FshoQvr6Aor5SnORVvh/ZdJ1Sa2U4ZrIMwKBX5k2wu0=",
+        "narHash": "sha256-qiS7n66dq1BXRdv5EdchZwFaNd1Q+M1lq/ibg4Z/s58=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "b3582c75c7f21ce0b429898980eddbbf05c68e55",
+        "rev": "49e6e192a7c6eb961dd485410fa8983e0df21b50",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixpkgs-unstable",
+        "ref": "release-24.11",
        "repo": "nixpkgs",
        "type": "github"
      }
--- a/nixos/flake.nix
+++ b/nixos/flake.nix
@@ -1,6 +1,6 @@
 {
  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+    nixpkgs.url = "github:NixOS/nixpkgs/release-24.11";
    disko = {
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
Author	SHA1	Message	Date
Yadunand Prem	d4d3fa79be	feat: enable gitea	2025-05-14 18:59:29 -04:00
Yadunand Prem	857fedec9c	chore: stick to stable nixos	2025-05-14 17:15:50 -04:00
Yadunand Prem	c342951e1e	chore: bump authentik	2025-05-13 23:00:45 -04:00
Yadunand Prem	35b64225d8	fix: add longhorn	2025-05-13 20:48:13 -04:00
Yadunand Prem	6ae87cc744	feat: add gitea + podinfo	2025-05-13 18:40:14 -04:00
Yadunand Prem	63a8f29ae3	chore: bump external dns	2025-05-12 21:53:26 -04:00
Yadunand Prem	a4a5d58b79	chore: bump 1password	2025-05-12 21:46:36 -04:00
Yadunand Prem	0a00cfa550	fix: docs	2025-05-12 19:50:31 -04:00
Flux	64d15b406a	Add Flux v2.5.1 component manifests	2025-05-12 19:15:36 -04:00
Flux	333b9ba6d0	Add Flux sync manifests	2025-05-12 18:52:58 -04:00