davide/fleet-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
21 Commits 1 Branch 0 Tags
a5c1772e4ed8f1788072ec9e15222a1afd6ca0b5
Commit Graph

21 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Davide Piu
a5c1772e4e fix: mount users_database.yml in Authelia pod 
Mount the authelia-users Secret as volume at /config/users_database.yml
so Authelia can authenticate user davide.
 2026-02-19 23:10:57 +00:00
Davide Piu
0d0fd95991 feat: deploy Wave 2 - CrowdSec + Velero 
- CrowdSec: LAPI + Agent with containerd runtime, Traefik log acquisition
- Velero: with AWS plugin, placeholder BSL (needs S3 storage config later)
- Both with reduced resources for 4GB VPS
 2026-02-19 23:06:26 +00:00
Davide Piu
d59ac2a933 sec: disable Vaultwarden open signups, add admin token 
- signupsAllowed: false - prevents public registration
- invitationsAllowed: false - prevents invitation abuse
- adminToken from Secret for /admin panel access
 2026-02-19 22:58:29 +00:00
Davide Piu
b69cc16002 fix: remove Authelia default_redirection_url conflicting with authelia_url 2026-02-19 22:56:50 +00:00
Davide Piu
98e073ad82 fix: correct Authelia and Trivy Operator chart values 
- Authelia: remove invalid server.address, use chart auto-generated secrets
- Trivy: use clusterComplianceEnabled=false instead of empty cron
 2026-02-19 22:49:35 +00:00
Davide Piu
c2a803d28b feat: deploy Wave 1 - Vaultwarden, Uptime Kuma, Trivy Operator, Authelia 
GitOps manifests for security stack Wave 1:
- Vaultwarden (vault.davidepiu.xyz) - password manager
- Uptime Kuma (status.davidepiu.xyz) - uptime monitoring
- Trivy Operator - vulnerability scanning
- Authelia (auth.davidepiu.xyz) - SSO + 2FA

All with NetworkPolicies for Traefik ingress.
 2026-02-19 22:44:34 +00:00
davide
232957ac4a Fix podinfo manifest - correct resource names 2026-02-19 22:05:11 +00:00
davide
5f396f9b4f Fix podinfo service name in Ingress 2026-02-19 22:02:33 +00:00
davide
e37a076f12 Fix podinfo: create namespace before Ingress 2026-02-19 22:01:19 +00:00
davide
06999bc9c9 Replace Online Boutique with podinfo 2026-02-19 21:56:55 +00:00
davide
ecad6a561f Add HTTP to HTTPS redirect for all ingresses 2026-02-19 21:51:24 +00:00
Davide Piu
4d08d945a4 Add NetworkPolicy to allow Traefik ingress into flux-system namespace 
Without this policy, Flux default NetworkPolicies block traffic from kube-system
(where Traefik runs) to flux-system, causing 502 errors for both the weave-gitops
dashboard and cert-manager ACME HTTP-01 solver pods.
 2026-02-19 21:47:16 +00:00
davide
b2f825fcd6 Add password hash for Weave GitOps 2026-02-19 21:11:05 +00:00
davide
af2cd6d00d Add Weave GitOps dashboard + Online Boutique Ingress via GitOps 2026-02-19 21:08:20 +00:00
davide
3795c1a3f2 Fix camelCase keys for Online Boutique values 2026-02-19 20:57:36 +00:00
davide
74d6898af7 Reduce resource requests for 2-core VPS 2026-02-19 20:52:45 +00:00
davide
a0aa4ea137 Fix Online Boutique: use GitRepository source 2026-02-19 20:49:26 +00:00
davide
842b63b45a Add Online Boutique HelmRelease 2026-02-19 20:47:07 +00:00
Flux
b38b383ca6 Add Flux sync manifests 2026-02-19 20:46:12 +00:00
Flux
05f0b1f436 Add Flux v2.7.5 component manifests 2026-02-19 20:46:08 +00:00
davide
538f714e5c Initial commit 2026-02-19 20:45:46 +00:00