chore: Rebuild cluster
This commit is contained in:
parent
e11ec69113
commit
3a222fcc62
0
.beads/.jsonl.lock
Normal file
0
.beads/.jsonl.lock
Normal file
@ -1,10 +1,15 @@
|
||||
{"id":"homelab-3p8","title":"Watch cluster rollout","description":"Watch the rollout of the cluster to ensure all pods are starting correctly","acceptance_criteria":"- Command `kubectl get pods --all-namespaces --watch` is running\n- All pods are observed rolling out\n- Pods reach Running/Ready state","status":"open","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:32:25.122454196+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:32:25.122454196+01:00","labels":["bootstrap","verification"]}
|
||||
{"id":"homelab-4cn","title":"Configure GitHub webhook for Flux","description":"Configure GitHub webhook to send push events to Flux for automatic reconciliation on git push","acceptance_criteria":"- Command `kubectl -n flux-system get receiver github-webhook --output=jsonpath='{.status.webhookPath}'` returns webhook path\n- Full webhook URL is constructed with format: https://flux-webhook.${cloudflare_domain}/hook/{path}\n- Webhook is added to GitHub repository settings\n- Webhook payload URL is set correctly\n- Content type is set to application/json\n- Secret token from github-push-token.txt is configured\n- Events are set to \"Just the push event\"\n- Webhook is saved and active","status":"open","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:33:23.881275565+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:33:23.881275565+01:00","labels":["configuration","flux","github"]}
|
||||
{"id":"homelab-5wg","title":"Fix network configuration conflicts (etcd + routes)","description":"Multiple network configuration issues on the cluster nodes:\n\n**Issue 1: etcd Peer URL Conflict**\nNode esxi-2cu-8g-01 (10.0.0.146) has duplicate peer URLs in etcd (10.0.0.128 and 10.0.0.146), causing \"Peer URLs already exists\" error. Node is currently unreachable.\n\n**Issue 2: Network Route Conflict**\nNodes are showing route conflict errors:\n```\nerror adding route: netlink receive: file exists\ngateway: 10.0.0.129\n```\n\nThis is because nodes were previously configured with `/24` subnet and gateway `10.0.0.1`, but now configured with `/27` subnet and gateway `10.0.0.129`. Old routes persist.\n\n**Root Cause:**\nConfiguration changed from:\n- Old: 10.0.0.0/24, gateway 10.0.0.1\n- New: 10.0.0.128/27, gateway 10.0.0.129\n\n**Solution:**\n1. Reset ALL nodes to clear old network config\n2. Re-apply Talos configuration\n3. Bootstrap cluster fresh\n\nCommands:\n```bash\n# Reset each node\ntalosctl -n 10.0.0.145 reset --graceful=false --reboot\ntalosctl -n 10.0.0.146 reset --graceful=false --reboot \ntalosctl -n 10.0.0.147 reset --graceful=false --reboot\n\n# Wait for nodes to boot into maintenance mode, then:\ntask bootstrap:talos\n```","acceptance_criteria":"- Member ceeb52e03fde8032 is removed from etcd cluster\n- Node 10.0.0.146 is reset and reconfigured\n- Node rejoins etcd cluster with correct peer URL\n- `talosctl etcd members` shows only one peer URL per member\n- All three nodes are healthy in etcd cluster","notes":"**Recommended Fix: Full Cluster Reset (Option 1)**\n\nAll nodes are currently offline. Once nodes are back online, execute:\n\n```bash\n# Reset all nodes to maintenance mode\ntalosctl -n 10.0.0.145 reset --graceful=false --reboot --insecure\ntalosctl -n 10.0.0.146 reset --graceful=false --reboot --insecure\ntalosctl -n 10.0.0.147 reset --graceful=false --reboot --insecure\n\n# Wait for nodes to boot into maintenance mode (~2-3 min)\n# Verify with: nmap -Pn -n -p 50000 10.0.0.145-147 -vv\n\n# Re-bootstrap\ntask bootstrap:talos\ntask bootstrap:apps\n```\n\nThis is the cleanest approach to clear all lingering network config and etcd state issues. Estimated time: ~15 minutes total.","status":"closed","priority":1,"issue_type":"bug","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T01:10:22.498887798+01:00","created_by":"Laur IVAN","updated_at":"2026-02-10T22:59:48.077254996+01:00","closed_at":"2026-02-10T22:59:48.077254996+01:00","close_reason":"Fixed - etcd cluster healthy with 3 members, each with single peer URL. No route conflicts. All cluster health checks passed.","labels":["etcd","talos","urgent"]}
|
||||
{"id":"homelab-7k4","title":"Push talhelper encrypted secret to git","description":"After installing Talos, commit and push the talhelper encrypted secret to the repository","acceptance_criteria":"- Changes are staged with `git add -A`\n- Commit is created with message \"chore: add talhelper encrypted secret :lock:\"\n- Changes are pushed to remote repository","status":"closed","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:32:05.950780413+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:44:58.80046492+01:00","closed_at":"2026-02-07T00:44:58.80046492+01:00","close_reason":"Successfully staged, committed, and pushed talhelper encrypted secret to git repository","labels":["bootstrap","git"]}
|
||||
{"id":"homelab-82o","title":"Verify Flux status and resources","description":"Check the status of Flux and verify all Flux resources are up-to-date and in a ready state","acceptance_criteria":"- Command `flux check` passes all checks\n- Command `flux get sources git flux-system` shows ready state\n- Command `flux get ks -A` shows all kustomizations ready\n- Command `flux get hr -A` shows all helm releases ready","status":"open","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:32:43.666513198+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:32:43.666513198+01:00","labels":["flux","verification"]}
|
||||
{"id":"homelab-f7u","title":"Tidy up repository (remove templates)","description":"Clean up the repository by removing the templates directory and templating-related files to eliminate clutter and resolve Renovate warnings","acceptance_criteria":"- Command `task template:tidy` completes successfully\n- Templates directory is removed\n- Templating-related files are cleaned up\n- Changes are committed with message \"chore: tidy up :broom:\"\n- Changes are pushed to git","status":"open","priority":3,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:33:32.475687645+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:33:32.475687645+01:00","labels":["cleanup","git"]}
|
||||
{"id":"homelab-gqj","title":"Bootstrap cluster applications (cilium, coredns, spegel, flux)","description":"Install cilium, coredns, spegel, flux and sync the cluster to the repository state","acceptance_criteria":"- Command `task bootstrap:apps` completes successfully\n- Cilium is installed\n- CoreDNS is installed\n- Spegel is installed\n- Flux is installed\n- Cluster is synced to repository state","status":"open","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:32:15.371162045+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:32:15.371162045+01:00","labels":["apps","bootstrap"]}
|
||||
{"id":"homelab-gqj","title":"Bootstrap cluster applications (cilium, coredns, spegel, flux)","description":"Install cilium, coredns, spegel, flux and sync the cluster to the repository state","acceptance_criteria":"- Command `task bootstrap:apps` completes successfully\n- Cilium is installed\n- CoreDNS is installed\n- Spegel is installed\n- Flux is installed\n- Cluster is synced to repository state","status":"closed","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:32:15.371162045+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T15:50:03.091375279+01:00","closed_at":"2026-02-07T15:50:03.091375279+01:00","close_reason":"Successfully installed cilium, coredns, spegel, cert-manager, flux-operator. Flux-instance is reconciling (timeout is normal). All nodes are Ready.","labels":["apps","bootstrap"]}
|
||||
{"id":"homelab-hmc","title":"Finish monitoring system setup","description":"Uncomment the grafana and kube-prometheus-stack resources in kubernetes/apps/monitoring-system/kustomization.yaml to enable the full monitoring stack with Grafana dashboards and Prometheus metrics collection","status":"open","priority":2,"issue_type":"task","created_at":"2026-02-09T22:53:49.071709362+01:00","updated_at":"2026-02-09T22:53:49.071709362+01:00","labels":["grafana","monitoring","prometheus"]}
|
||||
{"id":"homelab-icy","title":"Publish Kubernetes schemas locally","description":"Set up CronJob to publish K8s schemas locally. Reference: https://github.com/bjw-s-labs/home-ops/tree/main/kubernetes/apps/jobs/publish-k8s-schemas","status":"open","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-10T22:57:34.155916454+01:00","created_by":"Laur IVAN","updated_at":"2026-02-10T22:57:34.155916454+01:00","labels":["cronjob","schemas","validation"]}
|
||||
{"id":"homelab-k3j","title":"Verify DNS resolution for echo subdomain","description":"Check that DNS resolution works for the echo subdomain and resolves to the Cloudflare gateway address","acceptance_criteria":"- Command `dig @${cluster_dns_gateway_addr} echo.${cloudflare_domain}` resolves successfully\n- DNS resolves to ${cloudflare_gateway_addr}\n- DNS resolution is working correctly","status":"open","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:33:02.539037288+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:33:02.539037288+01:00","labels":["dns","verification"]}
|
||||
{"id":"homelab-mbk","title":"Verify TCP connectivity to gateways","description":"Check TCP connectivity to both the internal and external gateways on port 443","acceptance_criteria":"- Command `nmap -Pn -n -p 443 ${cluster_gateway_addr} ${cloudflare_gateway_addr} -vv` succeeds\n- Port 443 is open on both internal and external gateways\n- TCP connectivity is confirmed","status":"open","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:32:54.223562688+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:32:54.223562688+01:00","labels":["network","verification"]}
|
||||
{"id":"homelab-n0h","title":"Verify Cilium status","description":"Verify that Cilium is installed and running correctly","acceptance_criteria":"- Command `cilium status` runs successfully\n- Cilium reports healthy status\n- All Cilium components are operational","status":"open","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:32:34.123646456+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:32:34.123646456+01:00","labels":["cilium","verification"]}
|
||||
{"id":"homelab-rzs","title":"Verify wildcard Certificate status","description":"Check the status of the wildcard Certificate in the network namespace","acceptance_criteria":"- Command `kubectl -n network describe certificates` runs successfully\n- Certificate status shows Ready condition\n- Certificate is valid and not expired","status":"open","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:33:12.166198226+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:33:12.166198226+01:00","labels":["certificates","verification"]}
|
||||
{"id":"homelab-u3p","title":"Install homepage dashboard","description":"Create the homepage application manifests (helmrelease, ocirepository, kustomization) in kubernetes/apps/default/homepage/app/ directory and configure the ks.yaml to deploy it","status":"open","priority":2,"issue_type":"task","created_at":"2026-02-09T22:53:44.511470131+01:00","updated_at":"2026-02-09T22:53:44.511470131+01:00","labels":["dashboard","deployment","homepage"]}
|
||||
{"id":"homelab-xpp","title":"Install home assistant for home automation","description":"Create home assistant application manifests (helmrelease, ocirepository, kustomization) in kubernetes/apps/default/home-assistant/app/ directory and configure deployment.\n\nNote: Ensure the application has network access to the IoT VLAN where most smart home devices are located. This may require configuring network policies or multus CNI for VLAN access.","status":"open","priority":2,"issue_type":"task","created_at":"2026-02-09T22:57:31.4810088+01:00","updated_at":"2026-02-09T22:57:31.4810088+01:00","labels":["automation","home-assistant","iot","networking"]}
|
||||
|
||||
1
.python-version
Normal file
1
.python-version
Normal file
@ -0,0 +1 @@
|
||||
3.14
|
||||
@ -4,20 +4,20 @@ metadata:
|
||||
name: sops-age
|
||||
namespace: flux-system
|
||||
stringData:
|
||||
age.agekey: ENC[AES256_GCM,data:R33wpDSdo3w/GAelWejBSrfqi65/Gjf4FBsBT7wg12e1j530ifz5132yFH86WHS8a9hS8ymjrU3MmiKhEO8AQ9H9b+I5vla9Row=,iv:yMBm+UAlPT4WMpBLs4HxE9ctLOFN/Tn1g4PZkC88+4k=,tag:3Jdv4tXSdlPRo/eo2yjiUA==,type:str]
|
||||
age.agekey: ENC[AES256_GCM,data:RDTcxxesko46dVxIB5MFK3323/A5oIIGQkeLL3yBPpLv7mMaYl13xLrXAlunaAOiwz7jSRp3GhJ+BBbqqwCze+rUtNo2H/C0A7k=,iv:CgWlLgMZQMMg/AVJ3mFQ2VFtEo3D+eNjszTjtRCxHaU=,tag:dhYIojkDNYvC2D2Efa8+mg==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1yzrqhl9dk8ljswpmzsqme3enad5kxxhsptdvecy3lwlq0ms80gaqxrctst
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1ZDNLa0ZHWS9SQlJMaUlE
|
||||
NC9FeUpnMjdDbUpSUUE2WXBDL2E2MUxMdGpJCkdMQUxnWHdMRlBCL29ScjVCcW1l
|
||||
djF1UkIyUlhLc0V6UHRab1dvSkYrNVEKLS0tIHd5ZEFDeFE1ZmE3NTZzVmVzV3lt
|
||||
VzcrS3ppNFRWQlFOS0RpbDZHbjdHeU0KCApPAIWP1Xccz4yGUT3djOXPsnUw4pxa
|
||||
fvSjviHiwQkVIGc2gHHR0cF4x3kIo6NkFB15sctmXrIuKJmzc47SPg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiL2hNZHh1MFQrODdRZWFQ
|
||||
ZDJYUGZybVBFSG41L2NRVGkxZ1pPazdWTmlFCmx4bzNDN1lkYnhMNHRjV0xJdnRk
|
||||
SFdLWHlub0gveWo1Vy81ODZvTzdTV28KLS0tIGJZWGIyWUR4UlkzUjRpRERUdzZy
|
||||
RTRZOGNDSkdyNll3bjdvQXFhNDhuMk0KrF4bSbJoNS47xynz/qCO4rjVwARqdR6z
|
||||
ZUNiKYj5oSI9U5PvIxD4OH8ue4/p0WBQgPmx5lAzk+Imy+9Gi6T4IA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2026-02-07T16:13:20Z"
|
||||
mac: ENC[AES256_GCM,data:D0Z2IzcxAsjQrSPFdJd0WheHUC5la4KoXPQoh3zSN5PEzudPYz8w7x2UIFlYUFJWNH9YDA0RVaHg+SVe3brRWh/mgrHuJCBJVPbyn2uG2Fb/UYCAcd5GKqFAUQ2i2FK+2yJE7Bh2+7txtIZIF1+kK7ojth6prRODD4N6im6wZEE=,iv:6UbcXVIIKUAY1mzySMlKouicCq26CUapBvzbYizwles=,tag:EdHd6/KaIEXIrjGkMWf1NQ==,type:str]
|
||||
lastmodified: "2026-02-10T19:13:05Z"
|
||||
mac: ENC[AES256_GCM,data:44yS9sJAphbo3/at/cF2cB4I+HbIjnBjeGfWf0l670rlzb29g2K1bXlQqZQoPFW+dZQIDsx+MzBg12UNpAqtaAElK5MModvqSI2VmQIBKUB9a+2bHaUL+XCk8MPxZtZN2Q8ud+Va+w3fF39IMb+Gh+F2jFrvVDozGIJTQ2MmXuQ=,iv:oBkO9kIRHBKVTSJAN9s0rj8gQnyWOsCzqUcAQ6ireEI=,tag:TWZ51dL/Fwu247jGCY/0dg==,type:str]
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
mac_only_encrypted: true
|
||||
version: 3.11.0
|
||||
|
||||
@ -3,20 +3,20 @@ kind: Secret
|
||||
metadata:
|
||||
name: github-webhook-token-secret
|
||||
stringData:
|
||||
token: ENC[AES256_GCM,data:P+zAT/mQX8C0jU/hGldhlKqVa2NnxUEgcWFuGLglNJhAI6JHmVl53A==,iv:GHDWYYE07KkozqiIrXF+HI++2OY2YVBmJLpdsTU2LSw=,tag:LQEkKJhirxclTuX25zfQbw==,type:str]
|
||||
token: ENC[AES256_GCM,data:8kPnMTKnqB5DVVAGUMvzfXhRG8mcB2oCHfBh582RbUfCegmoMHDd2g==,iv:QYeqn+lxMAFapk/lUDxwMrmuZQosANfeSJuxY3hQssI=,tag:oVTRIKea99Cidi5IGPQ9tg==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1yzrqhl9dk8ljswpmzsqme3enad5kxxhsptdvecy3lwlq0ms80gaqxrctst
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZSzI0cld6Wk5xUVNOTFA2
|
||||
dG1XS0VpQmp3L0QrLy9FWDE4OHozS1luR0dFClVJa01kaVZPdURaWkg1Q1VpK0w0
|
||||
MXRwR1d2Y0VNNDF4MWVaTkt2M2tGMzgKLS0tIElvVGh5SFNVUG53VmdGb1pYbUNF
|
||||
ZGpGMm1aV25zeC9RWi9iQVVGRDdIZDAKvFIHebgjop6cbtxwDW6ikzPF5qohWlvg
|
||||
zsojWBZdZzQt2C+g9y6zZ9ZCGa3ISbTQUhtsH8MUQjze9Vb1/zwMTg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbWZRUUVndGc1eXVLek0z
|
||||
Z296TERSbmFNNWkwWnFadmdQNThHUkpkS1UwCjVIODkrT1o4VkdpR0IwREdkeHdz
|
||||
L0VQQU5IampERkFUa0M4T05WYVQ1YkUKLS0tIGJ2RWR1aStqM0M1bHdFcWx2bW8r
|
||||
M2ZwTk1iVVh2dE1VeGFzb3pPeHNZbEkKVPjAXOwEAxmBTkE+NB4yfgCLxZyjqXXu
|
||||
n+wvczrZRbjAX2a/+PS5cTzXx3tiJu8JtvJgufGmGpeGnrwa83PkeQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2026-02-07T16:13:21Z"
|
||||
mac: ENC[AES256_GCM,data:JqrIUhchinSPIHgTr37AOk1F+kN9h6F7XyTFHRUYVuflmhksdlXP7NRvKE0snMoXBngIsmstLC1Ei/jz4u4dckgxkwWOPfjZpGHYF37z3xpgkWCSPNLlq1a0byxYtzd9jpV7zF4nMZsx5+wnvFs9yQtWcQqyjCqS5iUUul0R9mc=,iv:fylzT9VkNfNSSB1XQruoDNCCuJCYK5SFOYKhg51F7ao=,tag:IIWXnzD9DblDDwnC576R6A==,type:str]
|
||||
lastmodified: "2026-02-10T19:13:05Z"
|
||||
mac: ENC[AES256_GCM,data:pe4qDvYhEhNVI/MslkNhC60Tq2/YqmmEIxXGF0KlLcTuKYGQLeaYnI0fGrAKugL6x02ZSREID0s0Xi/SejDLMLC00RCz5GdNPjuDmQljnIAorUpI98s2T8fq60Nl+P+DeTFbO0BZ0exwEPA8lnWV7galhbdVWpBU4zZlAHhYnCk=,iv:C0vKzAR412Ql+RrZK034fnP3/ElwDychrpWNbh0bVSs=,tag:hrejmMUD6E0VU1wNXLKhjw==,type:str]
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
mac_only_encrypted: true
|
||||
version: 3.11.0
|
||||
|
||||
@ -1,22 +1,23 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: cloudflare-dns-secret
|
||||
name: cloudflare-dns-secret
|
||||
stringData:
|
||||
api-token: ENC[AES256_GCM,data:Wp95pxJL/RGvYqSxCwFMVxJn1ejaRIHi+Yf07hri3dqGgnoK3ECGTg==,iv:nVHpG63nOuu+LGFKUtvMdm60B7As0SVSlQUPP+nUadM=,tag:YpEp+KqEN1xj35Pj3pm7nQ==,type:str]
|
||||
api-token: ENC[AES256_GCM,data:K3/o8Lw9tW8wDKT9b5OqY3TSPvY2+fxBgfuZMNGO29aaSh2GGMhjfw==,iv:o7WZR5I/iUlbTIYHnweMQsE+5CO9rEGhpBIRCZ3RkM8=,tag:9frgLKVsMKNIBWBJ1D73iw==,type:str]
|
||||
account-id: ENC[AES256_GCM,data:K42H3z1YjydTsLyxlOYV+h+rk9q1rIwc0LYxnZmbUdg=,iv:uL1iK5Ee0/LOgvuEcm47d49BDRu0MjukUrVZtxIDw9k=,tag:UpeTscE5LOZjRnZazx/zNQ==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1yzrqhl9dk8ljswpmzsqme3enad5kxxhsptdvecy3lwlq0ms80gaqxrctst
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZVnF3Z09xemZIL05xUWZr
|
||||
QW0vb2VRMFpid3FubEx5VDhJM1p2SGw3UUhVCkxhZklJQlQzVitMek9WcjBQOHlx
|
||||
dGFHVXNaak4zL0owVWRoWlVGS21xencKLS0tIFlEc21pUC9jNWczM2paY0p6bDdQ
|
||||
NHVEQktzVFJHVnNPRFFTMVo1QTZHQkUKOPo1tejuoA1vEt1AYsGe9EEwPWHhwpmO
|
||||
ECCsjmTyzifmhkfDGu5dGVJmSHSujCet4Zj0aE8IDKN/eTFFReIUdQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2026-02-07T16:13:21Z"
|
||||
mac: ENC[AES256_GCM,data:vyqlIPoZAXw7cBqUo0LaWOhRinx8B684l3iH0o9YVL5N39MdmyoG+KRoSFlwpRX7YufJEu9GxQtV5AfJmMiY7z1bNVgYKmfsUyQ+2atkWgToljfukSdGw5btqwDe3z/5NVbayq4xWCE/rTgu/jlS5Jeu3emcMhCUU9MspxJ/HCM=,iv:vNl5j74YCKe0exLcjJIcuzV9ilpPVGoGWwxKKUaNOKA=,tag:hnOgMXSB1mh1xEu6dP2Whg==,type:str]
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
mac_only_encrypted: true
|
||||
version: 3.11.0
|
||||
age:
|
||||
- recipient: age1yzrqhl9dk8ljswpmzsqme3enad5kxxhsptdvecy3lwlq0ms80gaqxrctst
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDL2NaNEZnVlBBbzhGd1Bs
|
||||
VmtrOGZzUWRBMVp6QitmQkRLT1JnUVMweVcwCnNMWXRRcVNBWGxBaUNJd2dEbXE2
|
||||
cVk0RkJJT20vdHpXdko5c3FKTW5WeTQKLS0tIE4zUVgrWU5sNDBKdTdncTg0T01G
|
||||
b3loMlZ3SVV3bmpUMXVIOUVtNDZyNUEKE2TJXJobrURfDlyCWo6qYZFsgJYlvplt
|
||||
ArfG9AA9eyodiAMu2F51Yx+KcZqsuYYIdEQ/rqtlF2oOktKZEshe8g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2026-02-10T21:33:17Z"
|
||||
mac: ENC[AES256_GCM,data:0mpPXLdPLfVROiL0hfkDunaCYnid3i7sDid66tB2uVU69b+WJLsHzFEiC/yxR1BeFfGkGUi+OhfbokFHkvJ1TaZlitYLo4pgRBa+1YxhRmB5/oEUDCN/Ufcn65ggY+GLiV8jbwjeKgk6Auimv6LJzZRY+cJcx60S++07N6443y8=,iv:9ox1GvfEyC0vjw9I6D351e+7q0N2pUueY6KleOd+jGw=,tag:VfL5x/G66qnrz0c9aDR03g==,type:str]
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
mac_only_encrypted: true
|
||||
version: 3.11.0
|
||||
|
||||
@ -3,20 +3,20 @@ kind: Secret
|
||||
metadata:
|
||||
name: cloudflare-tunnel-secret
|
||||
stringData:
|
||||
TUNNEL_TOKEN: ENC[AES256_GCM,data:2KFqQ4rwAjvL7hWPwwI3lVqzEY67xnCMCI8MBaGzqT7uP6eBrEmp8M3f0Uow1Px/hSuTMLh2wTJ1BSH/Ypm2OfkbEUTO9LEQ3r9pfERji4y7h17PoSl73/Nf0lSXzqZc9ICT9mA5a9yVzIX68S/LKsFQ8Z43EihC2ae8Q/6FjwCnmLrdwGB8KGesrIqpsiA6M4QgtAYKiRLv28qXUltUSYv3h64WqjkmNwLKmteiaLGi7wqy,iv:8Smo/SBR1rDQqaCmAS27uNc0nVR2IIovzlacO838wX4=,tag:sSUqqkWUK2U65hgiRNNl6w==,type:str]
|
||||
TUNNEL_TOKEN: ENC[AES256_GCM,data:v4eVEbH5eQfjylAUgAeaFgoZkcKR70VqRuic3wZRphGiw1hjYn55K3iaeICnFkk/vc8lV1SPnE6tsc9Ankw9ufJoyPkIxHPTsLGpS5LufDYAFNuFdmc5f/pRGoH5Tt6OEK5nQfwUIzjgVq5x6pzSChuxYD9hMyKhXmc5GGdc0zBdQ2ggu+2LIatnwUotClUXGac8keLxI9QIjKIw1aL4oshQ9HtB020KdxstXugPVhjcrxYc,iv:+c10CxVCma+JbkJRW+eojx8PDqE2DaOJDl9nJAOBIzg=,tag:8lHp2g/QJhOA5yX2Jkf+jA==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1yzrqhl9dk8ljswpmzsqme3enad5kxxhsptdvecy3lwlq0ms80gaqxrctst
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5SFE3K1JySzc1RzNoNS9K
|
||||
alpaMjVFWFZCNXBYeWo1VGZTZDhJak5IZHlzClZvY0FNandjcTY1U1orclF2N3lh
|
||||
bzFFbSszTHlUdExoamZnWG1kTFZLTGcKLS0tIFJJRlZWR3d2eGY1N0NHNVhhSnVI
|
||||
M1dpRkNGL2FqV0U5dUcxOXI4Y21PUjgKD4+lFoaYR+zHNXuBvxyUW7quwP/gY/K/
|
||||
TaEKOSueUMnDrrvDAdgdCbIS+jPIKoEs3682sqnZVujxD5ixCgyPqw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGd1p0MFdvV2V1UVQvRUhQ
|
||||
YXhmTHBKaG51L1k0blUxaXFCQnRVVGZ0QXdjCmdwZHBXeE40VWh6MldFTThxaXZh
|
||||
RzJsc0prbVlWbWdBdWthZXAyaExMTUEKLS0tIG82TkdXWW91ZGh4L2pRUWs0ZE1Q
|
||||
VjYxUnJ4aU5JZ0ZJZW9QNlYvK2J2OEUKJiqjtnKRTvpI610vMVXAakQOEXXIPvsX
|
||||
o2G+h78hADmXrsmHutCAApX8Ld+Oj92BanJG4xujhwmlRqEyVD7aVw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2026-02-07T16:13:21Z"
|
||||
mac: ENC[AES256_GCM,data:SB9qOJoaGN6Hm4pNx4TxGvhJNbBRUYwmknXKkKY1SaVAyDuYes0c1dhlZdP/Zz4Atv9sQrZlUutq2NY1ZJy+UjiuPOICy2RdADFZu+vkFrHdOUzuDVcPSj5Vxccb/gdn4N7WilUA7zu/V5pA799fGOArzR85mSUMeUO/0XdiDRc=,iv:Ad/f8WHT3q2diU6YI/2+6cUKoDDqH4O9BMi4nHBHyNA=,tag:YCYGFyKtH78SUJJcsNjCYA==,type:str]
|
||||
lastmodified: "2026-02-10T19:13:05Z"
|
||||
mac: ENC[AES256_GCM,data:Q6ZJrHMe/31Tw9N16PUKrfFrVo6ESi06HPdYyFymQmSInA0VI5vE4KHcupXK16OD3FeC1TYXfB/MhsgJ1X3ZxBwMjCdAD0hApBr2ybrwaEGRb3sb7jZIWd6qgYkbVURJviDkErhQ58tIWBbVc4Pm9DKcv+hRyNX2Q0+4wReAYg0=,iv:CPl6uNtURHA/wPd96jaKOT/3F3Ku9I5aEQUSYeneFRs=,tag:/TVxFkk1qvHIpxnhk6UQHQ==,type:str]
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
mac_only_encrypted: true
|
||||
version: 3.11.0
|
||||
|
||||
@ -3,20 +3,20 @@ kind: Secret
|
||||
metadata:
|
||||
name: cluster-secrets
|
||||
stringData:
|
||||
SECRET_DOMAIN: ENC[AES256_GCM,data:khL1/g7yP8QmyQ4y,iv:fYCiVxr8D0XYPirwR5IfOEXUVMNr2ZhAhs5/fRcMVi4=,tag:lmUAxJjPPogizMYZrd0V0w==,type:str]
|
||||
SECRET_DOMAIN: ENC[AES256_GCM,data:erg4A+k0cpmZRV0g,iv:cADASJgAXHrmSUa0igY201JHWMIiQIi3NRrSqDUVAX4=,tag:/arIU4nNFZMv6/Efc7iFGw==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1yzrqhl9dk8ljswpmzsqme3enad5kxxhsptdvecy3lwlq0ms80gaqxrctst
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvK01xN2NVSHVuRDA1T2gz
|
||||
K2c2NTEzRHJqUDRiS0RWbHRuQXF0NmpEQkZFCjVQOFYrbkQ3SDErM3JzZGw4UEkv
|
||||
cWpraUw2Nms0VTRLYXZCRlFSbmRzR1EKLS0tIGZkK0VQYng5UC9pWkxYc1JaTnV1
|
||||
RWVIOUVUd1J4eVpzWXhEVG9GZ01wdkEKwO2dNlcMdP4Q4BbKQpwQ7hxh9wc4MSJ3
|
||||
+BscZHxqDJTUwSI3RUNPA1kZ1J9Wiw3Q8gkZ9vdtVlqDIoNKGnI8/A==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqRDRDT2JzZmF2RlcyREg5
|
||||
aEgyZ0QwNTJQK2JYbDBrNjRhT3BNSzdFZGlzCndQVloyK1RUU281S1Q2YnI4eXQv
|
||||
RVoxa0UxOFNEVkZwQzB3ZUhTNHBMTWcKLS0tIGZLMTZ3YUs3d2FHWVBtczJzdzhp
|
||||
dUtWdGJ0cjhjREI5YnVzVDk5VGJJS0kKpa+N5XC8a5/V/eUgqZoosxrio9CJMTYS
|
||||
TzhILOHxY59zNtl4Jw7QtIy27jWki4+318WnQ2XGHO5yPUitc1yPuA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2026-02-07T16:13:21Z"
|
||||
mac: ENC[AES256_GCM,data:SzH4m0t9NRPcdWjQb/RCz2tQsSpZCJwcMYGm0WMY8QjaOSletnGHSyaVn9iK1ZMZpFWoKrv2utqcf8DP5QpW7JSnQdV2kN76aGF0kOMDuq95XscuobevqussAQGHkGmfl8joBJoPf7cFKwflBhLoHwyjgqEWDq1JtQyqTPhvBJE=,iv:BqIY5ePbDSOu0hL2QJCd/Y166JCl8X2S/pi9W4mBc8E=,tag:nxsQB0c7Zmjd6JJqOKcoJg==,type:str]
|
||||
lastmodified: "2026-02-10T19:13:05Z"
|
||||
mac: ENC[AES256_GCM,data:5zxlZIgRyE0UaTWb1hoxk8vzSt9tTfmzgFLXlnGRaFZIN8HVrsP7JsGGmrAA1uUwAdTuIqNI8MgRU0DOyaiIQ3uueatLK5vNF+TBz3rYrP/dg5iMxciKmlymRG29CGKtTI1V8RzNNHkwAwpQSq4hoj+MM/m0UWGp4tLqpsNogMo=,iv:OrTY43heyb6N5aeW1727r1EDLlKSIwhNfWO+fOwFhEY=,tag:dYuOop+tWdr0eLmcqNv7nQ==,type:str]
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
mac_only_encrypted: true
|
||||
version: 3.11.0
|
||||
|
||||
6
main.py
Normal file
6
main.py
Normal file
@ -0,0 +1,6 @@
|
||||
def main():
|
||||
print("Hello from homelab!")
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
9
pyproject.toml
Normal file
9
pyproject.toml
Normal file
@ -0,0 +1,9 @@
|
||||
[project]
|
||||
name = "homelab"
|
||||
version = "0.1.0"
|
||||
description = "Add your description here"
|
||||
readme = "README.md"
|
||||
requires-python = ">=3.14"
|
||||
dependencies = [
|
||||
"beads-mcp>=0.49.6",
|
||||
]
|
||||
@ -23,7 +23,7 @@ nodes:
|
||||
installDisk: "/dev/sda"
|
||||
machineSpec:
|
||||
secureboot: false
|
||||
# grubUseUKICmdline: false
|
||||
## grubUseUKICmdline: false
|
||||
talosImageURL: factory.talos.dev/installer/43a1a6104d8dcd6547983f4ed13abb6f5e8a1b2fdad796c69e7db6e95d122884
|
||||
controlPlane: true
|
||||
networkInterfaces:
|
||||
@ -43,7 +43,7 @@ nodes:
|
||||
installDisk: "/dev/sda"
|
||||
machineSpec:
|
||||
secureboot: false
|
||||
# grubUseUKICmdline: false
|
||||
## grubUseUKICmdline: false
|
||||
talosImageURL: factory.talos.dev/installer/43a1a6104d8dcd6547983f4ed13abb6f5e8a1b2fdad796c69e7db6e95d122884
|
||||
controlPlane: true
|
||||
networkInterfaces:
|
||||
@ -63,7 +63,7 @@ nodes:
|
||||
installDisk: "/dev/sda"
|
||||
machineSpec:
|
||||
secureboot: false
|
||||
# grubUseUKICmdline: false
|
||||
## grubUseUKICmdline: false
|
||||
talosImageURL: factory.talos.dev/installer/43a1a6104d8dcd6547983f4ed13abb6f5e8a1b2fdad796c69e7db6e95d122884
|
||||
controlPlane: true
|
||||
networkInterfaces:
|
||||
|
||||
@ -32,7 +32,7 @@ nodes:
|
||||
#% endif %#
|
||||
machineSpec:
|
||||
secureboot: #{ (true if item.secureboot else false) | string | lower }#
|
||||
# grubUseUKICmdline: #{ (true if item.UseUKI else false) | string | lower }#
|
||||
## grubUseUKICmdline: #{ (true if item.UseUKI else false) | string | lower }#
|
||||
talosImageURL: factory.talos.dev/installer#{ "-secureboot" if item.secureboot | default(false, true) }#/#{ item.schematic_id }#
|
||||
controlPlane: #{ (item.controller) | string | lower }#
|
||||
networkInterfaces:
|
||||
|
||||
Loading…
Reference in New Issue
Block a user