Skip to content

schradert/dotfiles

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Dotfiles

Order

  1. cilium (crds have to go first in bootstrap)
  2. prometheus
  3. coredns
  4. kubelet-csr-approver
  5. spegel
  6. cert-manager (nginx must wait)
  7. external-dns
  8. cloudflared
  9. nginx-internal
  10. nginx-external
  11. snapshot-controller
  12. volsync
  13. reloader
  14. descheduler
  15. node-feature-discovery
  16. k8tz
  17. openebs
  18. grafana
  19. rook-ceph + rook-ceph-cluster
  20. loki
  21. external-secrets
  22. postgres
  23. postgres-ui
  24. keycloak
  25. gatus

TODOs

[ ] Why doesn't cilium agent run on axolotl?

[ ] persistence [ ] annotations [ ] resources [ ] securityContext [ ] separate default.yaml and kubernetes.yaml SOPS (track static vs dynamic) [ ] bootstrap images on k3s agents for traefik and forgejo [ ] VLANs [ ] instructions for setting up new nodes [ ] Create a repair command for nix after macOS update per this working solution

[ ] rke2 [ ] network bonding [ ] Pushover [ ] add tristanschrader.com redirect and email obfuscation deactivation to opentofu [ ] add keycloak client creation to opentofu [ ] add firefly multi-user configuration to terraform [ ] remove extra fields from external-secrets

[ ] fix rook-ceph OSDs to be correctly distributed

Bugs

[ ] Why does nix.mkIf create infinite recursion? [ ] Why does moduleWithSystem lib.mkIf create infinite recursion? [ ] Why does mkDomainOption give "deprecationMessage missing"

Tips

Apply these annotations to services that need the oauth2-proxy

annotations."nginx.ingress.kubernetes.io/auth-url" = "https://oauth2-proxy.${domain}/oauth2/auth?allowed_groups=/family";
annotations."nginx.ingress.kubernetes.io/auth-signin" = "https://oauth2-proxy.${domain}/oauth2/start?rd=$scheme://$host$request_uri";