diff --git a/kube/clusters/biohazard/flux/kustomization.yaml b/kube/clusters/biohazard/flux/kustomization.yaml index 75d025e3..8f6a0880 100644 --- a/kube/clusters/biohazard/flux/kustomization.yaml +++ b/kube/clusters/biohazard/flux/kustomization.yaml @@ -78,7 +78,7 @@ resources: - ../../../deploy/apps/gokapi/ - ../../../deploy/apps/minecraft/ - ../../../deploy/apps/minecraft2/ - - ../../../deploy/apps/sandstorm/ + - ../../../deploy/apps/insurgency-sandstorm/ - ../../../deploy/apps/jellyfin/ - ../../../deploy/apps/media/_deps/ - ../../../deploy/apps/media/kavita/ diff --git a/kube/deploy/apps/sandstorm/app/config/Engine.ini b/kube/deploy/apps/insurgency-sandstorm/app/config/Engine.ini similarity index 100% rename from kube/deploy/apps/sandstorm/app/config/Engine.ini rename to kube/deploy/apps/insurgency-sandstorm/app/config/Engine.ini diff --git a/kube/deploy/apps/sandstorm/app/config/Game.ini b/kube/deploy/apps/insurgency-sandstorm/app/config/Game.ini similarity index 100% rename from kube/deploy/apps/sandstorm/app/config/Game.ini rename to kube/deploy/apps/insurgency-sandstorm/app/config/Game.ini diff --git a/kube/deploy/apps/sandstorm/app/config/MapCycle.txt b/kube/deploy/apps/insurgency-sandstorm/app/config/MapCycle.txt similarity index 100% rename from kube/deploy/apps/sandstorm/app/config/MapCycle.txt rename to kube/deploy/apps/insurgency-sandstorm/app/config/MapCycle.txt diff --git a/kube/deploy/apps/sandstorm/app/config/Mods.txt b/kube/deploy/apps/insurgency-sandstorm/app/config/Mods.txt similarity index 91% rename from kube/deploy/apps/sandstorm/app/config/Mods.txt rename to kube/deploy/apps/insurgency-sandstorm/app/config/Mods.txt index a1b56068..bad5afa3 100755 --- a/kube/deploy/apps/sandstorm/app/config/Mods.txt +++ b/kube/deploy/apps/insurgency-sandstorm/app/config/Mods.txt @@ -11,4 +11,4 @@ 1161703; No Smoke 164061; COOP-Mayhem 156146; Round Progress -125754; Allahu Akbar +125754;they go loud bang diff --git a/kube/deploy/apps/insurgency-sandstorm/app/config/kustomization.yaml b/kube/deploy/apps/insurgency-sandstorm/app/config/kustomization.yaml new file mode 100644 index 00000000..1a5f0129 --- /dev/null +++ b/kube/deploy/apps/insurgency-sandstorm/app/config/kustomization.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +configMapGenerator: + - name: insurgency-sandstorm-config + files: + - ./Game.ini + - ./Engine.ini + - ./MapCycle.txt + - ./Mods.txt +generatorOptions: + disableNameSuffixHash: true diff --git a/kube/deploy/apps/insurgency-sandstorm/app/es.yaml b/kube/deploy/apps/insurgency-sandstorm/app/es.yaml new file mode 100644 index 00000000..68f3b41c --- /dev/null +++ b/kube/deploy/apps/insurgency-sandstorm/app/es.yaml @@ -0,0 +1,32 @@ +--- +# yaml-language-server: $schema=https://crds.jank.ing/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: &name insurgency-sandstorm-secrets + namespace: insurgency-sandstorm +spec: + refreshInterval: 1m + secretStoreRef: + kind: ClusterSecretStore + name: 1p + dataFrom: + - extract: + key: "Insurgency Sandstorm - ${CLUSTER_NAME}" + target: + creationPolicy: Owner + deletionPolicy: Retain + name: *name + template: + type: Opaque + data: + SECRET_SANDSTORM_PASSWORD: '{{ .SECRET_SANDSTORM_PASSWORD }}' + Admins.txt: | + {{ .Admins.txt }} + GameUserSettings.ini: | + [/Script/ModKit.ModIOClient] + bHasUserAcceptedTerms=True + AccessToken={{ .SECRET_SANDSTORM_MODIO_TOKEN }} + AccessExpiryTime=-1 + bCachedUserDetails=True + CachedUser=(Id=,NameId="",Username="",DateOnline=0,Avatar=(Thumb_50x50="",Thumb_100x100="",Filename="",Original=""),Timezone="",Language="",ProfileUrl="") diff --git a/kube/deploy/apps/insurgency-sandstorm/app/hr.yaml b/kube/deploy/apps/insurgency-sandstorm/app/hr.yaml new file mode 100644 index 00000000..d25cc7d9 --- /dev/null +++ b/kube/deploy/apps/insurgency-sandstorm/app/hr.yaml @@ -0,0 +1,159 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/app-template-3.6.1/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: &app insurgency-sandstorm + namespace: *app +spec: + interval: 5m + chart: + spec: + chart: app-template + version: 3.6.1 + sourceRef: + name: bjw-s + kind: HelmRepository + namespace: flux-system + values: + controllers: + insurgency-sandstorm: + type: deployment + replicas: 1 + pod: + labels: + ingress.home.arpa/world: allow + containers: + main: + image: &img + repository: ghcr.io/andrewmhub/insurgency-sandstorm + tag: lite@sha256:4f9bcc482e742fb61576fe7c806d3ce65d1baf54bfb1eea898bd6e287675ed27 + command: ["/home/steam/steamcmd/sandstorm/Insurgency/Binaries/Linux/InsurgencyServer-Linux-Shipping"] + args: ['-hostname="${CONFIG_SANDSTORM_NAME}"', "-Log", "-Port=$(PORT)", "-QueryPort=$(QUERYPORT)", "-MapCycle=MapCycle", "-NoEAC", "-EnableCheats", "-Mods", '-CmdModList="${CONFIG_SANDSTORM_MODS}"', "-mutators=${CONFIG_SANDSTORM_MUTATORS}", "-ModDownloadTravelTo=${CONFIG_SANDSTORM_INIT_MAP}?Scenario=Scenario_${CONFIG_SANDSTORM_INIT_MAP}_${CONFIG_SANDSTORM_INIT_SCENARIO}?Password=$(PASSWORD)"] + env: &env + TZ: "${CONFIG_TZ}" + PORT: &port 27102 + QUERYPORT: &query 27131 + PASSWORD: + valueFrom: + secretKeyRef: + name: insurgency-sandstorm-secrets + key: SECRET_SANDSTORM_PASSWORD + securityContext: &sc + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + resources: + requests: + cpu: "10m" + limits: + cpu: "2" + memory: "2Gi" + # probes: # TODO + # liveness: + # enabled: true + # readiness: + # enabled: true + download: + type: cronjob + cronjob: + schedule: "@daily" + concurrencyPolicy: "Replace" + pod: + labels: + egress.home.arpa/internet: allow + containers: + main: + image: *img + # command: ["/home/steam/steamcmd/steamcmd.sh"] # script contains a ulimit command that won't run on Talos 1.9+ + command: ["/bin/sh", "-c", "LD_LIBRARY_PATH=/home/steam/steamcmd/linux32:$(LD_LIBRARY_PATH) /home/steam/steamcmd/linux32/steamcmd"] + args: ["+force_install_dir", "/home/steam/steamcmd/sandstorm/", "+login", "anonymous", "+app_update", "581330", "validate", "+quit"] + securityContext: *sc + resources: + requests: + cpu: "10m" + limits: + cpu: "1" + memory: "1Gi" + service: + insurgency-sandstorm: + controller: insurgency-sandstorm + type: LoadBalancer + annotations: + coredns.io/hostname: "${APP_DNS_INSURGENCY_SANDSTORM:=insurgency-sandstorm}" + "io.cilium/lb-ipam-ips": "${APP_IP_INSURGENCY_SANDSTORM:=127.0.0.1}" + ports: + game: + port: *port + protocol: UDP + query: + port: *query + protocol: UDP + persistence: + misc: + existingClaim: insurgency-sandstorm-misc + globalMounts: + - subPath: data + path: /home/steam/steamcmd/sandstorm + config: + type: configMap + name: insurgency-sandstorm-config + globalMounts: + - subPath: Game.ini + path: /home/steam/steamcmd/sandstorm/Insurgency/Saved/Config/LinuxServer/Game.ini + - subPath: Engine.ini + path: /home/steam/steamcmd/sandstorm/Insurgency/Saved/Config/LinuxServer/Engine.ini + - subPath: MapCycle.txt + path: /home/steam/steamcmd/sandstorm/Insurgency/Config/Server/MapCycle.txt + - subPath: Mods.txt + path: /home/steam/steamcmd/sandstorm/Insurgency/Config/Server/Mods.txt + secrets: + type: secret + name: insurgency-sandstorm-secrets + globalMounts: + - subPath: GameUserSettings.ini + path: /home/steam/steamcmd/sandstorm/Insurgency/Saved/Config/LinuxServer/GameUserSettings.ini + - subPath: Admins.txt + path: /home/steam/steamcmd/sandstorm/Insurgency/Config/Server/Admins.txt + defaultPodOptions: + automountServiceAccountToken: false + enableServiceLinks: false + dnsConfig: + options: + - name: ndots + value: "1" + hostUsers: false + securityContext: + runAsNonRoot: true + runAsUser: &uid 1000 + runAsGroup: *uid + fsGroup: *uid + fsGroupChangePolicy: Always + seccompProfile: { type: "RuntimeDefault" } + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: fuckoff.home.arpa/insurgency-sandstorm + operator: DoesNotExist + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 20 + preference: + matchExpressions: + - key: "kubernetes.io/hostname" + operator: In + values: ["thunderscreech"] # R730xd VM, because it can't run VMs so let others run VMs + - weight: 15 + preference: + matchExpressions: + - key: "kubernetes.io/hostname" + operator: In + values: ["ange", "charlotte"] # i5-8500T + - weight: 10 + preference: + matchExpressions: + - key: "kubernetes.io/hostname" + operator: In + values: ["chise"] # i3-8100 diff --git a/kube/deploy/apps/insurgency-sandstorm/app/pvc.yaml b/kube/deploy/apps/insurgency-sandstorm/app/pvc.yaml new file mode 100644 index 00000000..1094f091 --- /dev/null +++ b/kube/deploy/apps/insurgency-sandstorm/app/pvc.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: "insurgency-sandstorm-misc" + namespace: &app "insurgency-sandstorm" + annotations: + description: "PVC for game server files that can be redownloaded." + labels: + app.kubernetes.io/name: *app +spec: + storageClassName: "file-ec-2-1" + accessModes: ["ReadWriteMany"] + resources: + requests: + storage: "20Gi" diff --git a/kube/deploy/apps/insurgency-sandstorm/ks.yaml b/kube/deploy/apps/insurgency-sandstorm/ks.yaml new file mode 100644 index 00000000..8482f9ba --- /dev/null +++ b/kube/deploy/apps/insurgency-sandstorm/ks.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: insurgency-sandstorm-app + namespace: flux-system + labels: &l + app.kubernetes.io/name: "insurgency-sandstorm" +spec: + commonMetadata: + labels: *l + path: ./kube/deploy/apps/insurgency-sandstorm/app + targetNamespace: "insurgency-sandstorm" + dependsOn: [] diff --git a/kube/deploy/apps/sandstorm/kustomization.yaml b/kube/deploy/apps/insurgency-sandstorm/kustomization.yaml similarity index 88% rename from kube/deploy/apps/sandstorm/kustomization.yaml rename to kube/deploy/apps/insurgency-sandstorm/kustomization.yaml index b439d858..5eeb2657 100644 --- a/kube/deploy/apps/sandstorm/kustomization.yaml +++ b/kube/deploy/apps/insurgency-sandstorm/kustomization.yaml @@ -3,4 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ns.yaml - - ks.yaml \ No newline at end of file + - ks.yaml diff --git a/kube/deploy/apps/insurgency-sandstorm/ns.yaml b/kube/deploy/apps/insurgency-sandstorm/ns.yaml new file mode 100644 index 00000000..a5327a9e --- /dev/null +++ b/kube/deploy/apps/insurgency-sandstorm/ns.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: insurgency-sandstorm + labels: + kustomize.toolkit.fluxcd.io/prune: disabled + pod-security.kubernetes.io/enforce: &ps restricted + pod-security.kubernetes.io/audit: *ps + pod-security.kubernetes.io/warn: *ps diff --git a/kube/deploy/apps/sandstorm/app/config/secrets.yaml b/kube/deploy/apps/sandstorm/app/config/secrets.yaml deleted file mode 100644 index dd78b2fc..00000000 --- a/kube/deploy/apps/sandstorm/app/config/secrets.yaml +++ /dev/null @@ -1,79 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: insurgency-sandstorm-adminstxt - namespace: sandstorm -data: - Admins.txt: ENC[AES256_GCM,data:uWHsWK9CDIBbsVq/2Vted3G7qTSoC58sLen20U6qkqWXeFCoQl51RrW+HgRRCpAdK/Eg3Q5R9sXEDBL8lCiEPWWN0TO9HJq8gCWmM+jYayPcrp4l9RZ70He4EufFj+Qo,iv:LhxGRsGGjVEbL11pogKc+UNOlKTRdp4qXshEF5KqVzk=,tag:AG1dTrjir5BtKU6PZTbsuA==,type:str] -stringData: - Admins.txt: ENC[AES256_GCM,data:ele7KkoR6TasStJSKoxP6rQpO8EwA3WWj7lFQQkQtMqqQfaNRXiWms2VQ9ph+NR3nIPM9PemGVB3+fsbinmStgEiY5mzuiRB,iv:whqHTv+sGOx1SkI24SlXVCkcUOnrxHJjR3wJ0MPSTuo=,tag:UHZY7hIr7Gv5Pb3dEhxVmQ==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvQW9QWWh2eDNKQWxtUG9D - SFowaGx3OTBJdXZvalJSdEMxWlFxak5EQTNjClpPRjdUTW4rM05SV2pPM3VidGlG - cHdnM1BRcUNSSVZRWFh1L2xzVy9jZEkKLS0tIFdLbUJISmh0QmlWL0wzdmFDM3Fr - ZEptbEJ4TmltMHA5OXlNQzkveExtU28KhPZlMTutOgR3fT6ezRJWAsAAFy/imy0T - 9qhDB1ACi6LuGfsYN3wLfyqovK019D1Ar8bNts9Mp/MtBB7J/vZRJg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-27T19:11:54Z" - mac: ENC[AES256_GCM,data:gttuFsDvrKb8ZbD5OpfRudNTr3MBfCGUdyeO3LJ3zyT2KVORpjr2XHttl9nVAjiYDfyVVHMg8ykDJyZRDyup2OTY2fK1F/Ts2Tvz7o3QO7jMTKIt6dKc7Xa/awJ2L3T6ohgmtd3U57Cqi8n+rmwgT9+A5isoecGBvswFgIl+LJo=,iv:JUyhtZZFfNTUtHUa17oWqsNf7iyD+cdaaYejv4DAJrY=,tag:OvEQ/7TLeY/MEIAQ6sW3lA==,type:str] - pgp: - - created_at: "2023-02-24T08:22:12Z" - enc: | - -----BEGIN PGP MESSAGE----- - - hF4DAAAAAAAAAAASAQdABXbRHudKz8q+QOkRPJ2eeU/0veOU9KrQa/2wyRnSaSsw - 72MFRADdhDYCOcV7g83fvzTBhJYSoSIJTmlfMO3F61ADl5oUnzv0tvAGQ//oyZuG - 0l4BgolRPcbIyAMt1LsO43qtsl0gmcq+YFeAqJ9/SrB6NuCpmtaN/mCossM/uMwK - kfxGlin/uhM4nhwMgIo/El0i+yug9yPtpSpmUOwcwfcNQMSQLxmpKzuNl3G3E0Pu - =D/9e - -----END PGP MESSAGE----- - fp: 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 - encrypted_regex: ^(NETBIRD_AUTH_AUDIENCE|NETBIRD_AUTH_CLIENT_ID|NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID|NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT|NETBIRD_DOMAIN|NETBIRD_MGMT_DNS_DOMAIN|WHOOGLE_CONFIG_URL|ZT_ALLOW_MANAGEMENT_FROM|ZU_CONTROLLER_ENDPOINT|ZU_DEFAULT_PASSWORD|ZU_DEFAULT_USERNAME|addresses|clusterDomain|commonName|config.yaml|data|dnsNames|dnsZones|domain|email|externalIPs|host|hosts|ip|ipv4NativeRoutingCIDR|k8sServiceHost|loadBalancerIP|my-asn|nameservers|peer-address|peer-asn|secretName|stringData|whitelist-source-range)$ - version: 3.7.3 ---- -apiVersion: v1 -kind: Secret -metadata: - name: insurgency-sandstorm-gameusersettingsini - namespace: sandstorm -stringData: - GameUserSettings.ini: ENC[AES256_GCM,data:wOlJGH1KCzY3p7u4ARyrcKy6lPXTVgDwWzR3/QN2rrG68cgt88BZ4E9cjPfdLF7GZp9CNb5if9NslAtlJ7aKr22M7CQcH45Ljp//FcDw4gMss1i++L7L/W2FgrNoQCXS8iXrSnqJ76gGORgCPtLYkFuu4Gp8EjBbTA1gHJ75uPo9MytQ+pPuybPQ7vsaHb79WMCTKrl0MHyeduaJkm0g9VBTu9qQSOnbMhO1U9/vhUrOC744FtRqWrQd5wwM+p22wLipncw+4uxZtQQNMuLLtf+ZtONlRUa/kqTCS3jnocQTMnvM78rPG6KGrqfD6Zev8nqVUIUXhFd5gH+C8WOiWOUxyPs7k6kY7wlaWtFlryAhZxA/7DG47BSzPNRMFEaFCQncoO9mxZq5VaYs3Q1q05dQQLnPHRhFe2jhfZqLXepEOuTCTSix0QLUa4Dk/APWu4/0BCuSMhdFUjHDSysAHhItfTgOIYs9r9fJwQzt7F8tReas+wwl8pzBl4/devD1PJdmUN4YhAVAtLE+5gbHfZ9zs5S8X8Om9LacGeLHN0+vj3DgbW5s9VNzXlWSWXDc7zJ8+6BaMLHg/3fg224OAHgIWRu++Rm9mmOjGGT+PpUphz8hgGiw4zR6gozfpp3Oo2YEOye9OoCgfjaJC3MkjlMIqvJPBUYSdyU/3fuZrc2iACPQD0SOBm/cFPMxyBlOMAqlpSosAs8xiJXgf4gY9qcU8a7XPvyM17k+j5jljnsM0CC9ldf8sW7EdUlzziWm8YiXPVGULJ1Ev4Qj/UxQsspRR35/oh6TflYItMhczsk5TlYLfKFXp91IMfAOZxnLA7JkzJcjwkY+SxynZekDb30hZRp9+pih+3C7fCL08tkVn2ORBICxUR+aVkVQGfD2wPaYoFo/NTlAp3A6blxyqYM51qgLzOR0VT683lrPNvTrXXy5CEJCEJwyipb9nw/LcrZUzqksZ7OJSD8P53t423ZWzAplu4QXiS7jnH3hk3T43rAfONP5xQK3jfb9+b6HLQFjSmjhnVel0SvRok86B+IC161lFWiHs2n77qTINkOrKPpVvXwYY4JvRgN5e+xnYiMmJeK+90F2dHeqU8GeJJ6+50x6xLeQl7fIW0VuBVPlXR0KW5AHzR2iBXq8JwfkHau4Vc9wrnVzJUT6qi3H+yUOIploUvUvhUShxrujqbtWc9ujomVHQRIIlgUP8XEXf1lsTHlVGSXBCfP3mHcnWL1fQ2uKtyXE3Tsli9HKnwtoRJC0psM26F1tU4xDb6dnMit9pCK8f0fx1Otz0mhGTZ1+HzkOiouobtJpSevexIraBaZIxf0cQYIU9BzwYCCABgUaEeBxPO2iJ23QXl+M5Av1hwc2UZHati0sHyqc7kuxadiO2cX71om5PaYJ1PMGTP3anL5Pg1FfgUdPqWQvyNDCoT5dky96c6ClISIEUwTAbsk/hhWQG7AYCfb2/SJkJzvaJOjMYY02lTuJ+/uiMdp7y1iEK1hys9dGUnRYB3glHSTQDjXtfCR2Wma5MyDFCr/VfzMsMgVwysxfNLony/bytGn6lB4Lwaz8P2E4ACanuH+BX8CYd6ze/2y7BJQZSyhL0lXtH+m3ys7AB5URweMCkckwJgkQPHOSo+J3aIzkp6rVuYn0WuKkPmmAI43FEyp7n4HBXiMmLxU9o1l5+eE0kvLShPnnAihcu5dMM+k8aTh1IbCWrlb3SdqB+vEV3ZpdD6C4UCLJwpIjU8JRvEEQC4G7srQ/JeKEopDJeNUvoTd8uiVtFlfqn7iZEq7YQuv0pet89YGj64s3vulOXWp6ILQIB5OOSc9MFpeCaE4H7W+3nhKb59dH2Y7Mc+xGeyW+0/FIOUDnB/uDuwMxEWFm2cc95y1CiyjjHuqrjFg0vn+PECWPLB6cjciaXvAVBFUx6a0i6SLHAGIto1UW5I65aHi4zQEq67Mqtz2pFmKrCubWWqBWvfnEmHCOJUuVmfCCpugsGrxhxYxTEeK4SEdFpyqS2dXMArdaOPMhJYR+Cktt8mFW6WWXjVMX2jXk/BpHSaklRgDLk/KW+qSxLrFxmxtp4hOI4ltoVeUVDSE5xqp4zInfcC+fjKgD/ZTUgiaXSU/J7yCL0C0rTI9odKKICYg/Ea3tkchElWoYxi1+xiBFtGz2lyo5iRc0zypbqkChWSKw9RuaHEYDrDt5pqotYJb2XEZ+IPy94n9rD/1UBeNL2u5FpRfxohPbYhaB1OG/0YWwPDat1pbevLQkMCIJpqw58gsIybAdpXEL2kJnVq6LRbeycT6x8CdfuurCZTNkKUWoa8nGSba+h8OMVxcFXPE901pKx5uABu2V8dfZ1Cku8uXUZgNfIlN0Ve3XnyIO9RITvD9sk7hzsFfZjhGJJbQzom3DMWBqHYzMAP0Gr63pQ24Db5tGrDtjFTtF5bP2kzM/BWPXHuk64sFI,iv:N9w6t3NxmW/MAg6CiZhu8nYeRx8hCkhOZ+4krZB/Smk=,tag:c0Ofab+auhVrhyQnRbPOxg==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvQW9QWWh2eDNKQWxtUG9D - SFowaGx3OTBJdXZvalJSdEMxWlFxak5EQTNjClpPRjdUTW4rM05SV2pPM3VidGlG - cHdnM1BRcUNSSVZRWFh1L2xzVy9jZEkKLS0tIFdLbUJISmh0QmlWL0wzdmFDM3Fr - ZEptbEJ4TmltMHA5OXlNQzkveExtU28KhPZlMTutOgR3fT6ezRJWAsAAFy/imy0T - 9qhDB1ACi6LuGfsYN3wLfyqovK019D1Ar8bNts9Mp/MtBB7J/vZRJg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-27T19:11:54Z" - mac: ENC[AES256_GCM,data:gttuFsDvrKb8ZbD5OpfRudNTr3MBfCGUdyeO3LJ3zyT2KVORpjr2XHttl9nVAjiYDfyVVHMg8ykDJyZRDyup2OTY2fK1F/Ts2Tvz7o3QO7jMTKIt6dKc7Xa/awJ2L3T6ohgmtd3U57Cqi8n+rmwgT9+A5isoecGBvswFgIl+LJo=,iv:JUyhtZZFfNTUtHUa17oWqsNf7iyD+cdaaYejv4DAJrY=,tag:OvEQ/7TLeY/MEIAQ6sW3lA==,type:str] - pgp: - - created_at: "2023-02-24T08:22:12Z" - enc: | - -----BEGIN PGP MESSAGE----- - - hF4DAAAAAAAAAAASAQdABXbRHudKz8q+QOkRPJ2eeU/0veOU9KrQa/2wyRnSaSsw - 72MFRADdhDYCOcV7g83fvzTBhJYSoSIJTmlfMO3F61ADl5oUnzv0tvAGQ//oyZuG - 0l4BgolRPcbIyAMt1LsO43qtsl0gmcq+YFeAqJ9/SrB6NuCpmtaN/mCossM/uMwK - kfxGlin/uhM4nhwMgIo/El0i+yug9yPtpSpmUOwcwfcNQMSQLxmpKzuNl3G3E0Pu - =D/9e - -----END PGP MESSAGE----- - fp: 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 - encrypted_regex: ^(NETBIRD_AUTH_AUDIENCE|NETBIRD_AUTH_CLIENT_ID|NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID|NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT|NETBIRD_DOMAIN|NETBIRD_MGMT_DNS_DOMAIN|WHOOGLE_CONFIG_URL|ZT_ALLOW_MANAGEMENT_FROM|ZU_CONTROLLER_ENDPOINT|ZU_DEFAULT_PASSWORD|ZU_DEFAULT_USERNAME|addresses|clusterDomain|commonName|config.yaml|data|dnsNames|dnsZones|domain|email|externalIPs|host|hosts|ip|ipv4NativeRoutingCIDR|k8sServiceHost|loadBalancerIP|my-asn|nameservers|peer-address|peer-asn|secretName|stringData|whitelist-source-range)$ - version: 3.7.3 diff --git a/kube/deploy/apps/sandstorm/app/hr.yaml b/kube/deploy/apps/sandstorm/app/hr.yaml deleted file mode 100644 index 17f05177..00000000 --- a/kube/deploy/apps/sandstorm/app/hr.yaml +++ /dev/null @@ -1,144 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta2 -kind: HelmRelease -metadata: - name: insurgency-sandstorm - namespace: sandstorm -spec: - chart: - spec: - chart: app-template - version: 1.5.1 - sourceRef: - name: bjw-s - kind: HelmRepository - namespace: flux-system - values: - podLabels: - egress.home.arpa/internet: allow - controller: - strategy: Recreate - type: deployment - replicas: 1 - fullNameOverride: insurgency-sandstorm - image: - repository: "docker.io/andrewmhub/insurgency-sandstorm" - tag: lite # I wish this wasn't how it's tagged, but alas - args: ["-hostname=\"${CONFIG_SANDSTORM_NAME}\"", "-Log", "-Port=${CONFIG_SANDSTORM_PORT}", "-QueryPort=${CONFIG_SANDSTORM_QUERYPORT}", "-MapCycle=MapCycle", "-NoEAC", "-EnableCheats", "-Mods", "-CmdModList=\"${CONFIG_SANDSTORM_MODS}\"", "-mutators=${CONFIG_SANDSTORM_MUTATORS}", "-ModDownloadTravelTo=${CONFIG_SANDSTORM_INIT_MAP}?Scenario=Scenario_${CONFIG_SANDSTORM_INIT_MAP}_${CONFIG_SANDSTORM_INIT_SCENARIO}"] - env: - HOSTNAME: "${CONFIG_SANDSTORM_NAME}" - PORT: &port "27102" - QUERYPORT: &query "27131" - LAUNCH_SERVER_ENV: "-hostname=\"${CONFIG_SANDSTORM_NAME}\" -Log -Port=${CONFIG_SANDSTORM_PORT} -QueryPort=${CONFIG_SANDSTORM_QUERYPORT} -MapCycle=MapCycle -NoEAC -EnableCheats -Mods -mutators=${CONFIG_SANDSTORM_MUTATORS} -ModDownloadTravelTo=${CONFIG_SANDSTORM_INIT_MAP}?Scenario=Scenario_${CONFIG_SANDSTORM_INIT_MAP}_${CONFIG_SANDSTORM_INIT_SCENARIO}" - probes: - liveness: - enabled: false - readiness: - enabled: false - startup: - enabled: false - service: - main: - enabled: true - # type: ClusterIP - type: LoadBalancer - externalTrafficPolicy: Cluster - annotations: - "io.cilium/lb-ipam-ips": "${APP_IP_SANDSTORM}" - ports: - http: - enabled: false - primary: false - gameudp: - enabled: true - port: *port - protocol: UDP - queryudp: - enabled: true - port: *query - protocol: UDP - podSecurityContext: - runAsUser: &uid 1000 - runAsGroup: *uid - fsGroup: *uid - fsGroupChangePolicy: "Always" - persistence: - game: - enabled: true - type: pvc - mountPath: /home/steam/steamcmd/sandstorm - accessMode: ReadWriteOnce - storageClass: block - size: 100Gi - retain: true - readOnly: false - gameini: - enabled: true - type: configMap - name: insurgency-sandstorm-gameini - subPath: Game.ini - mountPath: /home/steam/steamcmd/sandstorm/Insurgency/Saved/Config/LinuxServer/Game.ini - defaultMode: 0777 - readOnly: true - engineini: - enabled: true - type: configMap - name: insurgency-sandstorm-engineini - subPath: Engine.ini - mountPath: /home/steam/steamcmd/sandstorm/Insurgency/Saved/Config/LinuxServer/Engine.ini - defaultMode: 0777 - readOnly: true - gameusersettingsini: - enabled: true - type: secret - name: insurgency-sandstorm-gameusersettingsini - subPath: GameUserSettings.ini - mountPath: /home/steam/steamcmd/sandstorm/Insurgency/Saved/Config/LinuxServer/GameUserSettings.ini - defaultMode: 0777 - readOnly: true - adminstxt: - enabled: true - type: secret - name: insurgency-sandstorm-adminstxt - subPath: Admins.txt - mountPath: /home/steam/steamcmd/sandstorm/Insurgency/Config/Server/Admins.txt - defaultMode: 0777 - readOnly: true - mapcycletxt: - enabled: true - type: configMap - name: insurgency-sandstorm-mapcycletxt - subPath: MapCycle.txt - mountPath: /home/steam/steamcmd/sandstorm/Insurgency/Config/Server/MapCycle.txt - defaultMode: 0777 - readOnly: true - modstxt: - enabled: true - type: configMap - name: insurgency-sandstorm-modstxt - subPath: Mods.txt - mountPath: /home/steam/steamcmd/sandstorm/Insurgency/Config/Server/Mods.txt - defaultMode: 0777 - readOnly: true - resources: - requests: - cpu: "1000m" - memory: "2048Mi" - limits: - cpu: "3000m" # 3 cores - memory: "6000Mi" - affinity: - nodeAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 15 - preference: - matchExpressions: - - key: "kubernetes.io/hostname" - operator: In - values: ["ange", "charlotte"] # i5-8500T - - weight: 10 - preference: - matchExpressions: - - key: "kubernetes.io/hostname" - operator: In - values: ["chise"] # i3-8100 diff --git a/kube/deploy/apps/sandstorm/app/kustomization.yaml b/kube/deploy/apps/sandstorm/app/kustomization.yaml deleted file mode 100644 index 891e223e..00000000 --- a/kube/deploy/apps/sandstorm/app/kustomization.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - config/secrets.yaml - - hr.yaml - - netpol.yaml -configMapGenerator: - - name: insurgency-sandstorm-gameini - namespace: sandstorm - files: - - ./config/Game.ini - - name: insurgency-sandstorm-engineini - namespace: sandstorm - files: - - ./config/Engine.ini - - name: insurgency-sandstorm-mapcycletxt - namespace: sandstorm - files: - - ./config/MapCycle.txt - - name: insurgency-sandstorm-modstxt - namespace: sandstorm - files: - - ./config/Mods.txt -generatorOptions: - disableNameSuffixHash: true - annotations: - kustomize.toolkit.fluxcd.io/substitute: disabled -labels: - - pairs: - app.kubernetes.io/name: insurgency-sandstorm - app.kubernetes.io/instance: insurgency-sandstorm diff --git a/kube/deploy/apps/sandstorm/app/netpol.yaml b/kube/deploy/apps/sandstorm/app/netpol.yaml deleted file mode 100644 index 21ace4c9..00000000 --- a/kube/deploy/apps/sandstorm/app/netpol.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/cilium.io/ciliumnetworkpolicy_v2.json -apiVersion: cilium.io/v2 -kind: CiliumNetworkPolicy -metadata: - name: &app sandstorm - namespace: *app -spec: - endpointSelector: {} - ingress: - # players - - fromCIDRSet: - - cidr: "${IP_ROUTER_LAN_CIDR}" - - cidr: "${IP_WG_USER_1_V4}" - - cidr: "${IP_WG_GUEST_V4}" - toPorts: - - ports: - - port: "27102" - - port: "27131" diff --git a/kube/deploy/apps/sandstorm/ks.yaml b/kube/deploy/apps/sandstorm/ks.yaml deleted file mode 100644 index e12a3f44..00000000 --- a/kube/deploy/apps/sandstorm/ks.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: sandstorm-app - namespace: flux-system -spec: - path: ./kube/deploy/apps/sandstorm/app - dependsOn: - - name: 1-core-storage-rook-ceph-cluster \ No newline at end of file diff --git a/kube/deploy/apps/sandstorm/ns.yaml b/kube/deploy/apps/sandstorm/ns.yaml deleted file mode 100644 index b71a989c..00000000 --- a/kube/deploy/apps/sandstorm/ns.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: sandstorm - labels: - pod-security.kubernetes.io/enforce: privileged - pod-security.kubernetes.io/enforce-version: v1.26 - pod-security.kubernetes.io/audit: privileged - pod-security.kubernetes.io/audit-version: v1.26 - pod-security.kubernetes.io/warn: privileged - pod-security.kubernetes.io/warn-version: v1.26