diff options
104 files changed, 3159 insertions, 56 deletions
diff --git a/data.d/etc-portage/.gitignore b/data.d/etc-portage/.gitignore index 72e8ffc..baec047 100644 --- a/data.d/etc-portage/.gitignore +++ b/data.d/etc-portage/.gitignore @@ -1 +1,3 @@ -* +99-* +make.profile +savedconfig diff --git a/data.d/etc-portage/binrepos.conf/gentoobinhost.conf b/data.d/etc-portage/binrepos.conf/gentoobinhost.conf new file mode 100644 index 0000000..28343d2 --- /dev/null +++ b/data.d/etc-portage/binrepos.conf/gentoobinhost.conf @@ -0,0 +1,3 @@ +[binhost] +priority = 9999 +sync-uri = https://distfiles.gentoo.org/releases/amd64/binpackages/23.0/x86-64/ diff --git a/data.d/etc-portage/binrepos.conf/tyilnet.conf b/data.d/etc-portage/binrepos.conf/tyilnet.conf new file mode 100644 index 0000000..28adec7 --- /dev/null +++ b/data.d/etc-portage/binrepos.conf/tyilnet.conf @@ -0,0 +1,3 @@ +[binhost] +priority = 1337 +sync-uri = https://dist.tyil.nl/gentoo/packages diff --git a/data.d/etc-portage/make.conf/10-global.conf b/data.d/etc-portage/make.conf/10-global.conf index deff7d8..7d11afb 100644 --- a/data.d/etc-portage/make.conf/10-global.conf +++ b/data.d/etc-portage/make.conf/10-global.conf @@ -1,54 +1,56 @@ USE=" - bash-completion - introspection - vim-syntax - zsh-completion + bash-completion + introspection + vim-syntax + zsh-completion " FEATURES=" - $FEATURES - buildpkg - network-sandbox - parallel-fetch - parallel-install - sandbox - sign - userfetch - userpriv - usersandbox - usersync + $FEATURES + buildpkg + getbinpkg + network-sandbox + parallel-fetch + parallel-install + sandbox + sign + userfetch + userpriv + usersandbox + usersync " EMERGE_DEFAULT_OPTS=" - $EMERGE_DEFAULT_OPTS - --alert - --ask - --binpkg-changed-deps=y - --binpkg-respect-use=y - --buildpkg-exclude */*-bin - --buildpkg-exclude acct-*/* - --buildpkg-exclude sys-kernel/*-sources - --buildpkg-exclude virtual/* - --keep-going - --tree - --usepkg-exclude */*-bin - --usepkg-exclude acct-*/* - --usepkg-exclude sys-kernel/*-sources - --usepkg-exclude virtual/* - --verbose + $EMERGE_DEFAULT_OPTS + --alert + --ask + --binpkg-changed-deps=y + --binpkg-respect-use=y + --buildpkg-exclude */*-bin + --buildpkg-exclude acct-*/* + --buildpkg-exclude sys-fs/zfs-kmod + --buildpkg-exclude sys-kernel/*-sources + --buildpkg-exclude virtual/* + --keep-going + --tree + --usepkg-exclude */*-bin + --usepkg-exclude acct-*/* + --usepkg-exclude sys-kernel/*-sources + --usepkg-exclude virtual/* + --verbose " PKGDIR="/var/portage/packages" DISTDIR="/var/portage/distfiles" ACCEPT_LICENSE=" - -* - @FREE + -* + @FREE " LC_MESSAGES=C.UTF8 L10N=" - en - nl + en + nl " diff --git a/data.d/etc-portage/package.use/10-kernel.use b/data.d/etc-portage/package.use/10-kernel.use new file mode 100644 index 0000000..782dae3 --- /dev/null +++ b/data.d/etc-portage/package.use/10-kernel.use @@ -0,0 +1,3 @@ +sys-kernel/installkernel dracut +sys-fs/zfs dist-kernel +sys-fs/zfs-kmod dist-kernel diff --git a/data.d/etc-portage/sets/mintlab b/data.d/etc-portage/sets/mintlab new file mode 100644 index 0000000..ca247c7 --- /dev/null +++ b/data.d/etc-portage/sets/mintlab @@ -0,0 +1,22 @@ +# DevOps utilities +app-admin/awscli +app-admin/helm +app-admin/terraform +app-containers/docker +app-containers/docker-compose +dev-db/postgresql +dev-vcs/git +net-misc/rclone +sys-cluster/kubectl + +# Development tools +dev-python/flake8 +dev-python/pip +dev-python/virtualenv +dev-vcs/mr + +# General required software +app-admin/lastpass-cli + +# Browser +www-client/chromium diff --git a/data.d/etc-portage/sets/tyil b/data.d/etc-portage/sets/tyil new file mode 100644 index 0000000..bf99911 --- /dev/null +++ b/data.d/etc-portage/sets/tyil @@ -0,0 +1,47 @@ +# System services +app-admin/syslog-ng +app-admin/logrotate +net-misc/ntp + +# Maintainance tools +app-admin/sudo +app-backup/borgbackup +app-backup/borgmatic +app-portage/eix +app-portage/gentoolkit +sys-boot/grub +sys-fs/cryptsetup +sys-kernel/genkernel + +# Debugging tools +net-analyzer/nmap +net-analyzer/traceroute +net-dns/bind-tools +net-misc/telnet-bsd +net-misc/whois +sys-process/lsof + +# VPN +net-vpn/tinc + +# Filesystems +net-fs/cifs-utils +net-fs/nfs-utils +sys-fs/dmraid +sys-fs/lvm2 +sys-fs/mhddfs +sys-fs/reiserfsprogs +sys-fs/xfsprogs + +# Email client +mail-client/neomutt +net-mail/notmuch + +# User tools +app-crypt/gnupg +app-editors/vim +app-misc/tmux +dev-vcs/git +net-analyzer/openbsd-netcat +net-misc/mosh +sys-apps/the_silver_searcher diff --git a/data.d/etc-portage/sets/tyil-gaming b/data.d/etc-portage/sets/tyil-gaming new file mode 100644 index 0000000..f9f81af --- /dev/null +++ b/data.d/etc-portage/sets/tyil-gaming @@ -0,0 +1,2 @@ +app-emulation/dxvk-bin +dev-util/vulkan-tools diff --git a/data.d/etc-portage/sets/tyil-gui b/data.d/etc-portage/sets/tyil-gui new file mode 100644 index 0000000..071c634 --- /dev/null +++ b/data.d/etc-portage/sets/tyil-gui @@ -0,0 +1,53 @@ +@tyil + +x11-base/xorg-server + +# Login manager +sys-auth/elogind + +# Window managers +x11-wm/awesome +x11-wm/openbox + +# Desktop "services" +app-misc/physlock +x11-misc/dmenu +x11-misc/dunst +x11-misc/redshift +x11-misc/sxhkd +x11-misc/xcompmgr +x11-misc/xprintidle + +# Applets +net-misc/nextcloud-client + +# Browsers +www-client/elinks +www-client/librewolf-bin + +# Theming +media-fonts/freefont +media-fonts/inconsolata +media-fonts/noto-cjk +media-fonts/noto-emoji +media-fonts/open-sans + +# Misc applications +app-admin/pass +app-text/zathura +app-text/zathura-cb +app-text/zathura-pdf-mupdf +media-gfx/feh +media-gfx/scrot +media-sound/pavucontrol +media-video/mpv +net-misc/yt-dlp +x11-apps/xkill +x11-misc/pcmanfm +x11-misc/xclip +x11-misc/xdotool +x11-terms/alacritty + +# Rice +#x11-apps/glava +x11-themes/arc-theme diff --git a/data.d/etc-portage/sets/tyil-laptop b/data.d/etc-portage/sets/tyil-laptop new file mode 100644 index 0000000..2f3c2de --- /dev/null +++ b/data.d/etc-portage/sets/tyil-laptop @@ -0,0 +1,7 @@ +@tyil-gui + +# System services +gnome-extra/nm-applet + +# System utilities +sys-power/acpi diff --git a/data.d/etc-portage/sets/tyil-workstation b/data.d/etc-portage/sets/tyil-workstation new file mode 100644 index 0000000..f2017c1 --- /dev/null +++ b/data.d/etc-portage/sets/tyil-workstation @@ -0,0 +1,16 @@ +app-admin/apache-tools +app-containers/docker +app-misc/jq +app-shells/dash +app-text/dos2unix +dev-db/pgbadger +dev-db/postgresql +dev-texlive/texlive-latex +dev-texlive/texlive-latexextra +dev-texlive/texlive-latexrecommended +dev-util/shellcheck-bin +dev-vcs/tig +media-gfx/plantuml +net-analyzer/testssl +net-fs/sshfs +net-wireless/wpa_supplicant diff --git a/data.d/etc-portage/sets/yubikey b/data.d/etc-portage/sets/yubikey new file mode 100644 index 0000000..fe69e44 --- /dev/null +++ b/data.d/etc-portage/sets/yubikey @@ -0,0 +1,2 @@ +app-crypt/libu2f-host +sys-apps/pcsc-lite diff --git a/data.d/k3s-master/manifests.d/_/namespaces.yaml b/data.d/k3s-master/manifests.d/_/namespaces.yaml new file mode 100644 index 0000000..21cd009 --- /dev/null +++ b/data.d/k3s-master/manifests.d/_/namespaces.yaml @@ -0,0 +1,60 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: auth-system +... +--- +apiVersion: v1 +kind: Namespace +metadata: + name: automation +... +--- +apiVersion: v1 +kind: Namespace +metadata: + name: base-system +... +--- +apiVersion: v1 +kind: Namespace +metadata: + name: fediverse +... +--- +apiVersion: v1 +kind: Namespace +metadata: + name: monitoring +... +--- +apiVersion: v1 +kind: Namespace +metadata: + name: personal-services +... +--- +apiVersion: v1 +kind: Namespace +metadata: + name: public-services +... +--- +apiVersion: v1 +kind: Namespace +metadata: + name: registry +... +--- +apiVersion: v1 +kind: Namespace +metadata: + name: servarr +... +--- +apiVersion: v1 +kind: Namespace +metadata: + name: websites +... diff --git a/data.d/k3s-master/manifests.d/_/pv/dist.yaml b/data.d/k3s-master/manifests.d/_/pv/dist.yaml new file mode 100644 index 0000000..2490f9f --- /dev/null +++ b/data.d/k3s-master/manifests.d/_/pv/dist.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: dist +spec: + storageClassName: seaweedfs + accessModes: + - ReadWriteMany + capacity: + storage: 100Gi + persistentVolumeReclaimPolicy: Retain + volumeMode: Filesystem + csi: + driver: seaweedfs-csi-driver + volumeHandle: dist + volumeAttributes: + collection: "dist" + replication: "001" + path: "/buckets/dist" +... diff --git a/data.d/k3s-master/manifests.d/_/pv/etc-lldap.yaml b/data.d/k3s-master/manifests.d/_/pv/etc-lldap.yaml new file mode 100644 index 0000000..5a4a85b --- /dev/null +++ b/data.d/k3s-master/manifests.d/_/pv/etc-lldap.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: etc-lldap +spec: + storageClassName: seaweedfs + accessModes: + - ReadWriteMany + capacity: + storage: 1Gi + persistentVolumeReclaimPolicy: Retain + volumeMode: Filesystem + csi: + driver: seaweedfs-csi-driver + volumeHandle: etc-lldap + volumeAttributes: + collection: "etc" + replication: "001" + path: /buckets/etc/lldap +... diff --git a/data.d/k3s-master/manifests.d/auth-system/lldap/deployment.yaml b/data.d/k3s-master/manifests.d/auth-system/lldap/deployment.yaml new file mode 100644 index 0000000..6eeccc0 --- /dev/null +++ b/data.d/k3s-master/manifests.d/auth-system/lldap/deployment.yaml @@ -0,0 +1,65 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: lldap + namespace: auth-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system + spec: + containers: + - env: + - name: GID + value: "1001" + - name: TZ + value: Europe/Amsterdam + - name: UID + value: "1001" + image: nitnelave/lldap:latest + name: lldap + ports: + - name: ldap + containerPort: 3890 + - name: ldaps + containerPort: 6360 + - name: http + containerPort: 8080 + volumeMounts: + - mountPath: /data + name: data + - mountPath: /etc/tls + name: tls + resources: + requests: + memory: 32Mi + limits: + memory: 128Mi + restartPolicy: Always + volumes: + - name: data + persistentVolumeClaim: + claimName: lldap + - name: tls + secret: + secretName: tls-nl.tyil.lldap +... diff --git a/data.d/k3s-master/manifests.d/auth-system/lldap/ingress.yaml b/data.d/k3s-master/manifests.d/auth-system/lldap/ingress.yaml new file mode 100644 index 0000000..95b63bb --- /dev/null +++ b/data.d/k3s-master/manifests.d/auth-system/lldap/ingress.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: lldap + namespace: auth-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system + annotations: + cert-manager.io/cluster-issuer: "letsencrypt" +spec: + ingressClassName: nginx + tls: + - hosts: + - lldap.tyil.nl + secretName: tls-nl.tyil.lldap + rules: + - host: lldap.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: lldap + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/auth-system/lldap/pvc.yaml b/data.d/k3s-master/manifests.d/auth-system/lldap/pvc.yaml new file mode 100644 index 0000000..666a465 --- /dev/null +++ b/data.d/k3s-master/manifests.d/auth-system/lldap/pvc.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: lldap + namespace: auth-system +spec: + storageClassName: seaweedfs + volumeName: etc-lldap + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi +... diff --git a/data.d/k3s-master/manifests.d/auth-system/lldap/service.yaml b/data.d/k3s-master/manifests.d/auth-system/lldap/service.yaml new file mode 100644 index 0000000..6539352 --- /dev/null +++ b/data.d/k3s-master/manifests.d/auth-system/lldap/service.yaml @@ -0,0 +1,52 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: lldap + namespace: auth-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system +spec: + ipFamilyPolicy: PreferDualStack + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system + ports: + - name: http + port: 80 + targetPort: 8080 +... +--- +apiVersion: v1 +kind: Service +metadata: + # This port may _not_ be named "lldap_ldap", as the application itself wants + # to use LLDAP_LDAP_PORT, which Kubernetes will override with a value the + # application can't handle. + name: ldap + namespace: auth-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system +spec: + ipFamilyPolicy: PreferDualStack + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system + ports: + - name: ldap + port: 389 + targetPort: 3890 + - name: ldaps + port: 636 + targetPort: 6360 +... diff --git a/data.d/k3s-master/manifests.d/base-system/amdgpu-device-plugin.yaml b/data.d/k3s-master/manifests.d/base-system/amdgpu-device-plugin.yaml new file mode 100644 index 0000000..6051e18 --- /dev/null +++ b/data.d/k3s-master/manifests.d/base-system/amdgpu-device-plugin.yaml @@ -0,0 +1,42 @@ +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: amdgpu-device-plugin-daemonset + namespace: kube-system +spec: + selector: + matchLabels: + name: amdgpu-dp-ds + template: + metadata: + labels: + name: amdgpu-dp-ds + spec: + nodeSelector: + kubernetes.io/arch: amd64 + amdgpu: "true" + priorityClassName: system-node-critical + tolerations: + - key: CriticalAddonsOnly + operator: Exists + containers: + - image: rocm/k8s-device-plugin + name: amdgpu-dp-cntr + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + volumeMounts: + - name: dp + mountPath: /var/lib/kubelet/device-plugins + - name: sys + mountPath: /sys + volumes: + - name: dp + hostPath: + path: /var/lib/kubelet/device-plugins + - name: sys + hostPath: + path: /sys +... diff --git a/data.d/k3s-master/manifests.d/base-system/cert-manager.yaml b/data.d/k3s-master/manifests.d/base-system/cert-manager.yaml new file mode 100644 index 0000000..6f0c1a5 --- /dev/null +++ b/data.d/k3s-master/manifests.d/base-system/cert-manager.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: cert-manager + namespace: base-system +spec: + repo: https://charts.jetstack.io + chart: cert-manager + valuesContent: | + installCRDs: true +... +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt +spec: + acme: + email: root@tyil.net + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: clusterissuer-letsencrypt + solvers: + - http01: + ingress: + class: nginx +... diff --git a/data.d/k3s-master/manifests.d/base-system/fuse-device-plugin.yaml b/data.d/k3s-master/manifests.d/base-system/fuse-device-plugin.yaml new file mode 100644 index 0000000..90ffad7 --- /dev/null +++ b/data.d/k3s-master/manifests.d/base-system/fuse-device-plugin.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: fuse-device-plugin-daemonset + namespace: base-system +spec: + selector: + matchLabels: + name: fuse-device-plugin-ds + template: + metadata: + labels: + name: fuse-device-plugin-ds + spec: + hostNetwork: true + containers: + - image: flavio/fuse-device-plugin + name: fuse-device-plugin-ctr + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + volumeMounts: + - name: device-plugin + mountPath: /var/lib/kubelet/device-plugins + volumes: + - name: device-plugin + hostPath: + path: /var/lib/kubelet/device-plugins + #imagePullSecrets: + # - name: registry-secret + tolerations: + - key: tyil.net/role + operator: Exists +... diff --git a/data.d/k3s-master/manifests.d/base-system/ingress-nginx.yaml b/data.d/k3s-master/manifests.d/base-system/ingress-nginx.yaml new file mode 100644 index 0000000..7d9fc38 --- /dev/null +++ b/data.d/k3s-master/manifests.d/base-system/ingress-nginx.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: ingress-nginx + namespace: base-system +spec: + repo: https://kubernetes.github.io/ingress-nginx + chart: ingress-nginx + valuesContent: |- + controller: + kind: DaemonSet + allowSnippetAnnotations: true + service: + ipFamilyPolicy: PreferDualStack + nodeSelector: + svccontroller.k3s.cattle.io/enablelb: "true" +... diff --git a/data.d/k3s-master/manifests.d/base-system/sealed-secrets.yaml b/data.d/k3s-master/manifests.d/base-system/sealed-secrets.yaml new file mode 100644 index 0000000..d8a38d8 --- /dev/null +++ b/data.d/k3s-master/manifests.d/base-system/sealed-secrets.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: sealed-secrets + namespace: base-system +spec: + repo: https://bitnami-labs.github.io/sealed-secrets + chart: sealed-secrets + valuesContent: |- + keyrenewperiod: "672h" + #resources: + # limits: ... + # requests: ... + #metrics: + # serviceMonitor: + # enabled: false +... diff --git a/data.d/k3s-master/manifests.d/base-system/seaweedfs-csi-driver.yaml b/data.d/k3s-master/manifests.d/base-system/seaweedfs-csi-driver.yaml new file mode 100644 index 0000000..f5c1edf --- /dev/null +++ b/data.d/k3s-master/manifests.d/base-system/seaweedfs-csi-driver.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: seaweedfs-csi-driver + namespace: base-system +spec: + repo: https://seaweedfs.github.io/seaweedfs-csi-driver/helm + chart: seaweedfs-csi-driver + valuesContent: |- + seaweedfsFiler: "10.57.3.1:8888" + storageClassName: seaweedfs + isDefaultStorageClass: true +... diff --git a/data.d/k3s-master/manifests.d/base-system/vertical-pod-autoscaler.yaml b/data.d/k3s-master/manifests.d/base-system/vertical-pod-autoscaler.yaml new file mode 100644 index 0000000..3b12d49 --- /dev/null +++ b/data.d/k3s-master/manifests.d/base-system/vertical-pod-autoscaler.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: vertical-pod-autoscaler + namespace: base-system +spec: + chart: oci://ghcr.io/stevehipwell/helm-charts/vertical-pod-autoscaler + version: 1.5.0 + valuesContent: |- + recommenderOnly: false + #serviceMonitor: + # enabled: true +... diff --git a/data.d/k3s-master/manifests.d/personal-services/biboumi/deployment.yaml b/data.d/k3s-master/manifests.d/personal-services/biboumi/deployment.yaml new file mode 100644 index 0000000..ee8a4d3 --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/biboumi/deployment.yaml @@ -0,0 +1,55 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: biboumi + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: biboumi + app.kubernetes.io/part-of: personal-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: biboumi + app.kubernetes.io/part-of: personal-services + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: biboumi + app.kubernetes.io/part-of: personal-services + spec: + containers: + - image: louiz/biboumi:9.0 + name: biboumi + ports: + - containerPort: 5437 + env: + - name: BIBOUMI_ADMIN + value: tyil@chat.tyil.nl + - name: BIBOUMI_DB_NAME + valueFrom: + secretKeyRef: + name: biboumi-config + key: db-name + - name: BIBOUMI_HOSTNAME + value: biboumi.chat.tyil.nl + - name: BIBOUMI_PASSWORD + valueFrom: + secretKeyRef: + name: biboumi-config + key: password + - name: BIBOUMI_XMPP_SERVER_IP + value: prosody + - name: BIBOUMI_PERSISTENT_BY_DEFAULT + value: "true" + restartPolicy: Always +... diff --git a/data.d/k3s-master/manifests.d/personal-services/biboumi/secret-config.yaml b/data.d/k3s-master/manifests.d/personal-services/biboumi/secret-config.yaml new file mode 100644 index 0000000..0e1ed9b --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/biboumi/secret-config.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: biboumi-config + namespace: personal-services +spec: + encryptedData: + db-name: AgBTyqCQE9tlteDjO0q2hdXTUb0arZnY+mfni9D7Yq23w0bmjxa4P3YZUZ4aIaYnxIsLek1YQ6W2EgVJtWu+uWn3qwuogkQJ6zhRFjB4Gewu+EtPgCCqCFkrSb92Y7M/E/znna78q3az7dkLD0sH3NAozmZd5jeNrAzS+kIxIS2hfmIMojEJYJz/ESaAj/6J93117UUxizxoysYcFaMxoyEdeJV4+mCFENZpMsp6tqxKpTVCoPOKa62I7yVzxkHDFxJGaI7un1swt297vgB7dCM2wwtr5NA/Y1ccmYz0FgTt4oz0oiwN2HkiC7PLEAV1ru3r+3OZ9HFpgcrps6CfQBGvvgmcRgumOAl7ZGyI2Oxx3OrymojSqSxofks22IGYXmqhqhhRzGEfGK6tybIBdxB0PJ1yg6ziWNogxvvh9sNRB6rinaOZ+M9UQ7/qWo/SmP70DYkC9vbyl1AdolSEgpbENZBSPQmWhdzUktTJUhagZVmhaahsna+85zq+0wh1M3+12iIghfB8vjHCRxicQLlKBgqAiN96ZnYHhRyMgFi7zCpzNFeMXx1Kn5h29QuhcloIRTMV+S3L/ilQTDk3+1xK/ODslhNPPdoqe5YkGpu/0fTNYcb2slILO2t4mOCvo188bK4LzLfRmkRCfIJOf8vrv1uVfD3GhHH2l9diq0hadSz5kzWZydyugvpk5DNTTNj4TiCU5lmP7m7SlGgUChY2iAtP9Lz+tu3UthSvTW1Ct7dO/n68jJ9t/IvIoEZBuhlapF2jFDupkarJz/mruj+2jAt/bvlqtjA0CgZnwj/8KJjv6+9tMN+s5rJKkO8CfVDZlHF+BODmrg== + password: AgAXpJTkQIqKTPpube8O4AcRpAEPnbWvDnQg83DiCHejImXMrTKGr8mjaylqSnCz0AzZofF235ic/22yQrBwl0Ymk4/5KWaNfQD7sEbZwBMUnR1zvCGVtY4rQwge+FCxoGfUFKF+S6eeneIhQxlMfG1fRDvHcJuqrattn13Rv7L5QGW4kMujs+Dz6ZPwoQV3Vd4Jy400wYAElKEckVsNlPmmHz1zOW+p0ZkRRosGZHlMslNcHMAhXJwvj9Eedod/Xk61d7G/MDozCHtYtFTUvoU/QrgNzoVFOVy3sM4oVan4B+uywxQDMbhZbqGzNP/Xp/cmKHe9QTbw2jiXYgXWDdW6tRSlc9b1ic2T3Lflv1qBmzIzwvixEGJSZi14me+O6vUftattwxiH7C4nihfCwohC9GfRUGK+kHLsX7t0InN4KFClFA9bysldqHVKU9xKQc6oya/HAN5qZnBD3HyEBd4GL2lpiTgo/vyzGA7oHX1c57hl891JTnGm7fklC5fANvjDDcYbQHBAMsG91kdBYR2AXSxDJWK4eoph00uBChHA5iUYpeRWND14hDXrWcjoWRWpi2bRQJ06cp0nJ+897dfDHAj7iC7ciMhcoKW601UpxirOHbncMsSxgInW6/Q6raaEI0ezfqYRhamjPH+6uZTDZZFLfIg4/9hkSi/0ZnwEv30B1DJd9phTISUzWT1uBgW0QHzx9X/GWcx/efUk2/cZbmmUIPHZskw+C/R/e/5THuGiRteIxagFHuZ8jGcXlCt7wzd9YHePNn0mY0Y= + template: + metadata: + creationTimestamp: null + name: biboumi-config + namespace: personal-services + type: Opaque diff --git a/data.d/k3s-master/manifests.d/personal-services/cgit/configmap.yaml b/data.d/k3s-master/manifests.d/personal-services/cgit/configmap.yaml new file mode 100644 index 0000000..bdbc8b2 --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/cgit/configmap.yaml @@ -0,0 +1,68 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: cgit + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: cgit + app.kubernetes.io/part-of: personal-services +data: + cgitrc: | + root-desc=All public repos from tyil + + source-filter=/usr/lib/cgit/filters/syntax-highlighting.sh + about-filter=/usr/lib/cgit/filters/about-formatting.sh + + readme=:INSTALL + readme=:INSTALL.htm + readme=:INSTALL.html + readme=:INSTALL.md + readme=:INSTALL.mkd + readme=:INSTALL.rst + readme=:INSTALL.txt + readme=:README + readme=:README.htm + readme=:README.html + readme=:README.md + readme=:README.mkd + readme=:README.pod6 + readme=:README.rakudoc + readme=:README.rst + readme=:README.txt + readme=:install + readme=:install.htm + readme=:install.html + readme=:install.md + readme=:install.mkd + readme=:install.rst + readme=:install.txt + readme=:readme + readme=:readme.htm + readme=:readme.html + readme=:readme.md + readme=:readme.mkd + readme=:readme.rst + readme=:readme.txt + + css=/cgit-css/cgit.css + logo=/cgit-css/cgit.png + + #cache-root=/var/cache/cgit + #cache-size=1000 + + clone-prefix=https://git.tyil.nl + enable-git-config=1 + enable-index-links=1 + enable-index-owner=0 + enable-log-filecount=1 + enable-log-linecount=1 + remove-suffix=1 + robots=index, follow + scan-path=/srv/git/ + section-from-path=1 + snapshots=tar.gz tar.bz2 + virtual-root=/ +... diff --git a/data.d/k3s-master/manifests.d/personal-services/cgit/deployment.yaml b/data.d/k3s-master/manifests.d/personal-services/cgit/deployment.yaml new file mode 100644 index 0000000..715a3f6 --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/cgit/deployment.yaml @@ -0,0 +1,51 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cgit + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: cgit + app.kubernetes.io/part-of: personal-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: cgit + app.kubernetes.io/part-of: personal-services + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: cgit + app.kubernetes.io/part-of: personal-services + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: emarcs/nginx-cgit + name: cgit + ports: + - containerPort: 80 + volumeMounts: + - mountPath: /srv/git + name: data + - mountPath: /etc/cgitrc + subPath: cgitrc + name: config + restartPolicy: Always + volumes: + - name: data + hostPath: + path: /mnt/pool/git + type: DirectoryOrCreate + - name: config + configMap: + name: cgit +... diff --git a/data.d/k3s-master/manifests.d/personal-services/cgit/ingress.yaml b/data.d/k3s-master/manifests.d/personal-services/cgit/ingress.yaml new file mode 100644 index 0000000..4de2546 --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/cgit/ingress.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: cgit + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: cgit + app.kubernetes.io/part-of: personal-services + annotations: + cert-manager.io/cluster-issuer: "letsencrypt" +spec: + ingressClassName: nginx + tls: + - hosts: + - git.tyil.nl + secretName: tls-nl.tyil.git + rules: + - host: git.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: cgit + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/personal-services/cgit/service.yaml b/data.d/k3s-master/manifests.d/personal-services/cgit/service.yaml new file mode 100644 index 0000000..7a6a5a2 --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/cgit/service.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: cgit + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: cgit + app.kubernetes.io/part-of: personal-services +spec: + ipFamilyPolicy: PreferDualStack + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: cgit + app.kubernetes.io/part-of: personal-services + ports: + - name: http + port: 80 + targetPort: 80 +... diff --git a/data.d/k3s-master/manifests.d/personal-services/dist/deployment.yaml b/data.d/k3s-master/manifests.d/personal-services/dist/deployment.yaml new file mode 100644 index 0000000..5a85a00 --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/dist/deployment.yaml @@ -0,0 +1,47 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: dist + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: dist + app.kubernetes.io/part-of: personal-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: dist + app.kubernetes.io/part-of: personal-services + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: dist + app.kubernetes.io/part-of: personal-services + spec: + containers: + - image: docker.io/svenstaro/miniserve:latest + args: + - --qrcode + - /var/www + name: miniserve + ports: + - containerPort: 8080 + volumeMounts: + - mountPath: /var/www + name: bucket + readOnly: true + restartPolicy: Always + volumes: + - name: bucket + persistentVolumeClaim: + claimName: dist +... diff --git a/data.d/k3s-master/manifests.d/personal-services/dist/ingress.yaml b/data.d/k3s-master/manifests.d/personal-services/dist/ingress.yaml new file mode 100644 index 0000000..5c67478 --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/dist/ingress.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: dist + namespace: personal-services + annotations: + cert-manager.io/cluster-issuer: "letsencrypt" + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: dist + app.kubernetes.io/part-of: personal-services +spec: + ingressClassName: nginx + tls: + - hosts: + - dist.tyil.nl + secretName: tls-nl.tyil.dist + rules: + - host: dist.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: dist + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/personal-services/dist/pvc.yaml b/data.d/k3s-master/manifests.d/personal-services/dist/pvc.yaml new file mode 100644 index 0000000..de9111f --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/dist/pvc.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: dist + namespace: personal-services +spec: + storageClassName: seaweedfs + volumeName: dist + accessModes: + - ReadWriteMany + resources: + requests: + storage: 20Gi +... diff --git a/data.d/k3s-master/manifests.d/personal-services/dist/service.yaml b/data.d/k3s-master/manifests.d/personal-services/dist/service.yaml new file mode 100644 index 0000000..999025f --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/dist/service.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: dist + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: dist + app.kubernetes.io/part-of: personal-services +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: dist + app.kubernetes.io/part-of: personal-services + ports: + - name: http + port: 80 + targetPort: 8080 +... diff --git a/data.d/k3s-master/manifests.d/personal-services/nextcloud/cron.yaml b/data.d/k3s-master/manifests.d/personal-services/nextcloud/cron.yaml new file mode 100644 index 0000000..79a1f15 --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/nextcloud/cron.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + name: nextcloud + namespace: personal-services +spec: + schedule: "*/5 * * * *" + successfulJobsHistoryLimit: 0 + failedJobsHistoryLimit: 2 + jobTemplate: + spec: + template: + spec: + securityContext: + runAsUser: 33 + runAsGroup: 33 + nodeName: "mieshu.tyil.net" + containers: + - name: nextcloud + image: nextcloud:27 + command: + - php + args: + - -f + - /var/www/html/cron.php + volumeMounts: + - mountPath: /var/www/html + name: data + restartPolicy: OnFailure + volumes: + - name: data + hostPath: + path: /mnt/pool/nextcloud + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/personal-services/nextcloud/deployment.yaml b/data.d/k3s-master/manifests.d/personal-services/nextcloud/deployment.yaml new file mode 100644 index 0000000..250f670 --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/nextcloud/deployment.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nextcloud + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: nextcloud + app.kubernetes.io/part-of: personal-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: nextcloud + app.kubernetes.io/part-of: personal-services + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: nextcloud + app.kubernetes.io/part-of: personal-services + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: nextcloud:27 + name: nextcloud + ports: + - containerPort: 80 + volumeMounts: + - mountPath: /var/www/html + name: data + restartPolicy: Always + volumes: + - name: data + hostPath: + path: /mnt/pool/nextcloud + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/personal-services/nextcloud/ingress.yaml b/data.d/k3s-master/manifests.d/personal-services/nextcloud/ingress.yaml new file mode 100644 index 0000000..33060ab --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/nextcloud/ingress.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nextcloud + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: nextcloud + app.kubernetes.io/part-of: personal-services + annotations: + cert-manager.io/cluster-issuer: "letsencrypt" + nginx.ingress.kubernetes.io/proxy-body-size: 512m +# nginx.ingress.kubernetes.io/configuration-snippet: | +# client_max_body_size 512M; +# fastcgi_buffers 64 4K; +spec: + ingressClassName: nginx + tls: + - hosts: + - cloud.tyil.nl + secretName: tls-nl.tyil.cloud + rules: + - host: cloud.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: nextcloud + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/personal-services/nextcloud/service.yaml b/data.d/k3s-master/manifests.d/personal-services/nextcloud/service.yaml new file mode 100644 index 0000000..7e03fe2 --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/nextcloud/service.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: nextcloud + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: nextcloud + app.kubernetes.io/part-of: personal-services +spec: + ipFamilyPolicy: PreferDualStack + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: nextcloud + app.kubernetes.io/part-of: personal-services + ports: + - name: http + port: 80 + targetPort: 80 +... diff --git a/data.d/k3s-master/manifests.d/personal-services/prosody/configmap.yaml b/data.d/k3s-master/manifests.d/personal-services/prosody/configmap.yaml new file mode 100644 index 0000000..2785249 --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/prosody/configmap.yaml @@ -0,0 +1,160 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: prosody-config + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: personal-services +data: + prosody.cfg.lua: | + -- Information on configuring Prosody can be found on our + -- website at https://prosody.im/doc/configure + + daemonize = false; + + ---------- Server-wide settings ---------- + admins = { + "tyil@chat.tyil.nl", + } + + log = { + { levels = { min = "debug" }, to = "console" }; + } + + plugin_paths = { "/usr/local/lib/prosody/modules" } + installer_plugin_path = "/var/lib/prosody/custom_plugins" + + modules_enabled = { + -- Generally required + "disco"; -- Service discovery + "roster"; -- Allow users to have a roster. Recommended ;) + "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. + "tls"; -- Add support for secure TLS on c2s/s2s connections + + -- Not essential, but recommended + "adhoc"; -- XEP-0050 + "blocklist"; -- Allow users to block communications with other users + --"bookmarks"; -- Synchronise the list of open rooms between clients + "carbons"; -- Keep multiple online clients in sync + "dialback"; -- Support for verifying remote servers using DNS + "limits"; -- Enable bandwidth limiting for XMPP connections + "pep"; -- Allow users to store public and private data in their account + "private"; -- Legacy account storage mechanism (XEP-0049) + --"smacks"; -- Stream management and resumption (XEP-0198) + "vcard4"; -- User profiles (stored in PEP) + "vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard + + -- Nice to have + "csi_simple"; -- Simple but effective traffic optimizations for mobile devices + --"invites"; -- Create and manage invites + --"invites_adhoc"; -- Allow admins/users to create invitations via their client + --"invites_register"; -- Allows invited users to create accounts + "ping"; -- Replies to XMPP pings with pongs + "register"; -- Allow users to register on this server using a client and change passwords + "time"; -- Let others know the time here on this server + "uptime"; -- Report how long server has been running + "version"; -- Replies to server version requests + "mam"; -- Store recent messages to allow multi-device synchronization + --"turn_external"; -- Provide external STUN/TURN service for e.g. audio/video calls + + -- Admin interfaces + "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands + --"admin_shell"; -- Allow secure administration via 'prosodyctl shell' + + -- HTTP modules + --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" + --"http_openmetrics"; -- for exposing metrics to stats collectors + --"websocket"; -- XMPP over WebSockets + + -- Other specific functionality + "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. + --"announce"; -- Send announcement to all online users + --"groups"; -- Shared roster support + --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. + --"mimicking"; -- Prevent address spoofing + --"motd"; -- Send a message to users when they log in + --"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use + --"s2s_bidi"; -- Bi-directional server-to-server (XEP-0288) + --"server_contact_info"; -- Publish contact information for this service + --"tombstones"; -- Prevent registration of deleted accounts + --"watchregistrations"; -- Alert admins of registrations + --"welcome"; -- Welcome users who register accounts + } + + modules_disabled = { + -- "offline"; -- Store offline messages + -- "c2s"; -- Handle client connections + -- "s2s"; -- Handle server-to-server connections + } + + s2s_secure_auth = true + + limits = { + c2s = { + rate = "10kb/s"; + }; + s2sin = { + rate = "30kb/s"; + }; + } + + authentication = "internal_hashed" + archive_expires_after = "1w" -- Remove archived messages after 1 week + + -- Audio/video call relay (STUN/TURN) + -- To ensure clients connected to the server can establish connections for + -- low-latency media streaming (such as audio and video calls), it is + -- recommended to run a STUN/TURN server for clients to use. If you do this, + -- specify the details here so clients can discover it. + -- Find more information at https://prosody.im/doc/turn + + -- Specify the address of the TURN service (you may use the same domain as XMPP) + --turn_external_host = "turn.example.com" + + -- This secret must be set to the same value in both Prosody and the TURN server + --turn_external_secret = "your-secret-turn-access-token" + statistics = "internal" + + -- Load configuration from secrets + Include "secrets.d/*" + + -- Configure components + component_ports = { + 5347, + } + component_interfaces = { + "*", + "::", + } + + Include "components.d/*" + + -- Load configuration for additional hosts + Include "hosts.d/*" +... +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: prosody-vhosts + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: personal-services +data: + chat.tyil.nl: | + VirtualHost "chat.tyil.nl" + ssl = { + certificate = "certs.d/chat.tyil.nl/tls.crt"; + key = "certs.d/chat.tyil.nl/tls.key"; + } + + Component "muc.chat.tyil.nl" "muc" + name = "Tyil's Chatrooms" +... diff --git a/data.d/k3s-master/manifests.d/personal-services/prosody/deployment.yaml b/data.d/k3s-master/manifests.d/personal-services/prosody/deployment.yaml new file mode 100644 index 0000000..6e2e995 --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/prosody/deployment.yaml @@ -0,0 +1,66 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: prosody + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: personal-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: personal-services + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: personal-services + spec: + containers: + - image: prosody/prosody:0.11 + name: prosody + ports: + - containerPort: 5222 + - containerPort: 5269 + - containerPort: 5347 + volumeMounts: + - mountPath: /etc/prosody + name: config + - mountPath: /etc/prosody/secrets.d + name: config-secret + - mountPath: /etc/prosody/components.d + name: config-components + - mountPath: /etc/prosody/hosts.d + name: config-hosts + - mountPath: /etc/prosody/certs.d/chat.tyil.nl + name: cert-nl-tyil-chat + readOnly: true + restartPolicy: Always + volumes: + - name: config + configMap: + name: prosody-config + - name: config-secret + secret: + secretName: prosody-config + - name: config-components + secret: + secretName: prosody-components + - name: config-hosts + configMap: + name: prosody-vhosts + - name: cert-nl-tyil-chat + secret: + secretName: tls-nl.tyil.chat +... diff --git a/data.d/k3s-master/manifests.d/personal-services/prosody/ingress.yaml b/data.d/k3s-master/manifests.d/personal-services/prosody/ingress.yaml new file mode 100644 index 0000000..dfb78cd --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/prosody/ingress.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: prosody + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: personal-services + annotations: + cert-manager.io/cluster-issuer: "letsencrypt" +spec: + ingressClassName: nginx + tls: + - hosts: + - chat.tyil.nl + - muc.chat.tyil.nl + - share.chat.tyil.nl + secretName: tls-nl.tyil.chat + rules: + - host: chat.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: prosody + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/personal-services/prosody/secret-components.yaml b/data.d/k3s-master/manifests.d/personal-services/prosody/secret-components.yaml new file mode 100644 index 0000000..27857a1 --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/prosody/secret-components.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: prosody-components + namespace: personal-services +spec: + encryptedData: + biboumi.conf: AgAOjX2cxWU2bj7GDIJ5l6GlFGqnko1/o8w3VeDcTRK8lw0gGWXEQe4fn8MAwKpaauMYU9ItSWASWF0oxG9BIlV73YXRZbeiWwCZImH9No2uaaYESOssnx+Yq3kDaYUybw2ycG74ixy7ZynoH00Pkv3QMTNrmOOvUwuJdnU8mChwVbyAh1XiG253Y7eALZ7t8r7exlQ5SqPLoWt+l/loCPXPo8/mlPZX4eOngCHbgX6UPznESynn+Kjk4Jo5mNzQngPZa9+LHAjFvRnn+fZpbX7bvv01Gj6enbdmrgN0hcOncrXmZ59t746Sqwfo91LKZjqlKbD2lqO9sXjAqh3SLH1L2XRxCRBZDJTm7EuNuTJ/0tWgWI+8o9NlH3eSTbCjafBfApdK8gl2KR7XrYpQoTXiE68osP068FNmrGldr4m3qWlZ35lzEuXD93Aey4vDl0K1mSBWJ67eAhbOFrlCwhdhMyxReacdlXLOAIytQ2vPtKiInlSLlcZklBWyrHHz4l6JTMrRSehGlwjT2jDnc8Zg5lpj8msb4vNcbTM9o8RJ8p3+s01tVZU5uZ4imaZ2OUEmVxnZb5lGbEGydbULkZKGXyQSJ2vYzveLiiXuijV3jlShVol8MN2C4OHkDkuxMJKUbMc1TD5HEZDeW45Gk9+bXL2DUC9i8H/seuZp7XFrhsPbnvYqwltPecRhyJJNFSFPlGch2yFNtWvXTFfRFw1wBMwYHbnlLdCkxaDShx6KpfqexpvMdLluKuN2LIBV/+EmWjK5zQ1UcYeMwCm6Zn43CuwNurk9Lv3+7y8vfIunkpOkYjMh5gWiigaaiPbEbiBvLtP3TOGK61y2iGmAA+beA4b6mAE= + sleamdge.conf: AgA2akX2XFsgBWl5FN1gRjQTnkhHejr1Puixw634sAfPoGVwP7/qdFQNE6hEtvuFJ2ocBguLZviJyxJZye8G0wLDR5NZ+yg+DIWYiZBYIPHHxc6gBW1PNsb/sW9j4rDj3KX/Gr63MNdOyuh/8+z6Tf8TfbGjGorGlGH18buHAACqraumEK8/uh0WCzTMPw+lmLdmtI2YAXiHWPHck0TcKtAoKaRzr3BKqOO50Lqw20Zr5EtDqj/xvK/zZI1yE1PDDaQpxnS/PRzspvx2owyTJHTAwukZLY1Jn0deRFnkoXgL6AUt3wz7uHqEVXTxfMuvanhqUE4/Ze8kFbc0FTF8fUZZoue2tIOBKlqCN68wn1Ow6HjUlhYZlF9CLHPj/hKL+OhEx/ejCUv79gWb1/GQijJcehXnWpFzXROiW85+CoRvVgb/aan5hEVpNOBZ6KfwSyYJHfOVSKlwxE/T8NjguQMN1WEqljYq3rmtwD0T/t+xZzlVJ1xh6hEiRmwlYOrI1mAxDdUKOnvNt/VxV1lSudsDWaXhLHqlj8pz4r4Y1y418kX4v8o7GOmKOWMrCj+g/aSM2m74UIi09dLoY9bCJK+4k6zXWfJ+aTmSz1m6NzmwV9H4Gg82S9v+T5TK9vqkw9/7HnPpEu3dWbWyH4mhl1tx2/XoJp/iTc8e+e/zIhs9SETrETQkwVYIXu5fpnKAIbzf/7FFQEUTMBrgCCc7QWWhrAFAqxN69fiyEi9aGDNDzzAp6ESg2kQo/0U3oAbqdRCJj3isApgllmcFj1QYsU+FYKbPsmXk2jfU4KqWKPlXbZ4srX1wqSKSqyB64ZBvI65RXOWCFmXS4fwBsya1t6evhgj5Sw4r + template: + metadata: + creationTimestamp: null + name: prosody-components + namespace: personal-services + type: Opaque diff --git a/data.d/k3s-master/manifests.d/personal-services/prosody/secret-config.yaml b/data.d/k3s-master/manifests.d/personal-services/prosody/secret-config.yaml new file mode 100644 index 0000000..64e1d2a --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/prosody/secret-config.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: prosody-config + namespace: personal-services +spec: + encryptedData: + storage: AgBIomSzF4Wzwl/+oRYsQLSVuiCj/7Jwr3ftXwDGiZ6GRqsOmm9KZp71+4AUGvYSp1tTkSafzwK67ZZ7k6xuiOFXFDURczN/KDw5eduCtuGVcwrJAdJmpF4S3KghKkHuFDPJyZP95uI8bkHxGr1/J2QmQ1sT0pH3sWMr5E3e7cN1j4V8dzr98I+bCOgCVghbd187gEDz0QrIRespyvjvD28kopx/eri3re+zRkTep6krbH2w1x8H/Xdgs/iqCM3IXUugT1YbBuKJBPYc2T48K/ul4ww0GqVDnpYnzP3ThL9PClhXVeKKLLyvkKPn6JW43eWy1XVZ1xNwnZZAzcr1quteZeqLDSZlK/rr3PJ8uJVvHFlNrhZn61cl3TjQ8XjLgLOapDxLIX9yLEe+uK15TJCCnnmjSBQ5mETCW/vaxeCbFOjD+qdQbU2O/GbZ06fQNWqSmu5/Z75LNWYuwn3CT09B+4lctjDjrGMuYOxhtvug6Bt0qKtqMoIYg4FTPAueLj5nJ3vWu320xBpd7RgTIt/x+f/um23OjsaGsilAoz95V1bUdHs6t8txTlsgtXDM6GpiZoY5j7NfUuxm6Px+GaHsYDj0RZRlpOVZVhyucvvJxCc975BrvYjCmyrgopAQGzFO8TSdb91N9UnJ3lxcZM9KChZC3LGjAiqEz6aZ13Yxcd5f02Q7Nfp3DXYUYqL+HnDpi4fRkysmYkYO6jqT7joc9c57I8Zw0YRIoVPm5rU04aEe9V4DsQjR70cKpyaqk3eHxzVr+kYb+zqt21q+iBTHpK4XOsiV522XPsd56aU4ukf+j2g/XduK2SSIBqV1DYntYrFEzZAmuSpDRlYMw/AIh647ksrmt04y+SHV+IoegKVu0bWfOQJbWOtQYiskMnXBNXIqk9asIPyo2nuNAbDRxH0veuY4akM6QUhJ3jjfm/uU8O/A/kaQP9P6M0Z2buL/KSlTCDnGSPx8NSkGUSe0V/izO7WuK558zg== + template: + metadata: + creationTimestamp: null + name: prosody-config + namespace: personal-services + type: Opaque diff --git a/data.d/k3s-master/manifests.d/personal-services/prosody/service.yaml b/data.d/k3s-master/manifests.d/personal-services/prosody/service.yaml new file mode 100644 index 0000000..22e9539 --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/prosody/service.yaml @@ -0,0 +1,56 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: xmpp + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: xmpp + app.kubernetes.io/part-of: personal-services +spec: + ipFamilyPolicy: PreferDualStack + type: LoadBalancer + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: personal-services + ports: + - name: xmpp-c2s + port: 5222 + targetPort: 5222 + - name: xmpp-s2s + port: 5269 + targetPort: 5269 +... +--- +apiVersion: v1 +kind: Service +metadata: + name: prosody + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: personal-services +spec: + ipFamilyPolicy: PreferDualStack + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: personal-services + ports: + - name: xmpp-c2s + port: 5222 + targetPort: 5222 + - name: xmpp-s2s + port: 5269 + targetPort: 5269 + - name: components + port: 5347 + targetPort: 5347 +... diff --git a/data.d/k3s-master/manifests.d/public-services/invidious/deployment.yaml b/data.d/k3s-master/manifests.d/public-services/invidious/deployment.yaml new file mode 100644 index 0000000..1277259 --- /dev/null +++ b/data.d/k3s-master/manifests.d/public-services/invidious/deployment.yaml @@ -0,0 +1,56 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: invidious + namespace: public-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: invidious + app.kubernetes.io/part-of: public-services +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: invidious + app.kubernetes.io/part-of: public-services + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: invidious + app.kubernetes.io/part-of: public-services + spec: + containers: + - name: invidious + image: quay.io/invidious/invidious:latest + ports: + - containerPort: 8080 + env: + - name: INVIDIOUS_CONFIG + valueFrom: + secretKeyRef: + name: invidious-config + key: config.yml + resources: + requests: + memory: 1Gi + limits: + memory: 1Gi + nodeSelector: + kubernetes.io/arch: amd64 + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - invidious + topologyKey: "kubernetes.io/hostname" +... diff --git a/data.d/k3s-master/manifests.d/public-services/invidious/ingress.yaml b/data.d/k3s-master/manifests.d/public-services/invidious/ingress.yaml new file mode 100644 index 0000000..b2542a7 --- /dev/null +++ b/data.d/k3s-master/manifests.d/public-services/invidious/ingress.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: invidious + namespace: public-services + annotations: + cert-manager.io/cluster-issuer: "letsencrypt" + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: invidious + app.kubernetes.io/part-of: public-services +spec: + ingressClassName: "nginx" + tls: + - hosts: + - youtube.alt.tyil.nl + secretName: tls-nl.tyil.alt.youtube + rules: + - host: youtube.alt.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: invidious-http + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/public-services/invidious/service.yaml b/data.d/k3s-master/manifests.d/public-services/invidious/service.yaml new file mode 100644 index 0000000..66c4ee3 --- /dev/null +++ b/data.d/k3s-master/manifests.d/public-services/invidious/service.yaml @@ -0,0 +1,25 @@ +--- +apiVersion: v1 +kind: Service +metadata: + # Funfact: if this name is set to "invidious", things will break! + # https://github.com/iv-org/invidious/issues/2970 + name: invidious-http + namespace: public-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: invidious + app.kubernetes.io/part-of: public-services +spec: + ipFamilyPolicy: PreferDualStack + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: invidious + app.kubernetes.io/part-of: public-services + ports: + - protocol: TCP + port: 80 + targetPort: 3000 +... diff --git a/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-blockdiag.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-blockdiag.yaml new file mode 100644 index 0000000..9def36e --- /dev/null +++ b/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-blockdiag.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kroki-blockdiag + namespace: public-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-blockdiag + app.kubernetes.io/part-of: public-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-blockdiag + app.kubernetes.io/part-of: public-services + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-blockdiag + app.kubernetes.io/part-of: public-services + spec: + containers: + - image: yuzutech/kroki-blockdiag + name: blockdiag + ports: + - containerPort: 8001 + restartPolicy: Always +... diff --git a/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-bpmn.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-bpmn.yaml new file mode 100644 index 0000000..3fc2091 --- /dev/null +++ b/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-bpmn.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kroki-bpmn + namespace: public-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-bpmn + app.kubernetes.io/part-of: public-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-bpmn + app.kubernetes.io/part-of: public-services + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-bpmn + app.kubernetes.io/part-of: public-services + spec: + containers: + - image: yuzutech/kroki-bpmn + name: bpmn + ports: + - containerPort: 8003 + restartPolicy: Always +... diff --git a/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-excalidraw.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-excalidraw.yaml new file mode 100644 index 0000000..57fb1fe --- /dev/null +++ b/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-excalidraw.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kroki-excalidraw + namespace: public-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-excalidraw + app.kubernetes.io/part-of: public-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-excalidraw + app.kubernetes.io/part-of: public-services + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-excalidraw + app.kubernetes.io/part-of: public-services + spec: + containers: + - image: yuzutech/kroki-excalidraw + name: excalidraw + ports: + - containerPort: 8004 + restartPolicy: Always +... diff --git a/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-mermaid.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-mermaid.yaml new file mode 100644 index 0000000..5cc3153 --- /dev/null +++ b/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-mermaid.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kroki-mermaid + namespace: public-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-mermaid + app.kubernetes.io/part-of: public-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-mermaid + app.kubernetes.io/part-of: public-services + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-mermaid + app.kubernetes.io/part-of: public-services + spec: + containers: + - image: yuzutech/kroki-mermaid + name: mermaid + ports: + - containerPort: 8002 + restartPolicy: Always diff --git a/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki.yaml new file mode 100644 index 0000000..78cf239 --- /dev/null +++ b/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki.yaml @@ -0,0 +1,53 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kroki + namespace: public-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki + app.kubernetes.io/part-of: public-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki + app.kubernetes.io/part-of: public-services + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki + app.kubernetes.io/part-of: public-services + spec: + containers: + - image: yuzutech/kroki + name: kroki + env: + - name: KROKI_BLOCKDIAG_HOST + value: kroki-blockdiag + - name: KROKI_BLOCKDIAG_PORT + value: "80" + - name: KROKI_BPMN_HOST + value: kroki-bpmn + - name: KROKI_BPMN_PORT + value: "80" + - name: KROKI_EXCALIDRAW_HOST + value: kroki-excalidraw + - name: KROKI_EXCALIDRAW_PORT + value: "80" + - name: KROKI_MERMAID_HOST + value: kroki-mermaid + - name: KROKI_MERMAID_PORT + value: "80" + - name: KROKI_MAX_URI_LENGTH + value: "4096" + ports: + - containerPort: 8000 + restartPolicy: Always +... diff --git a/data.d/k3s-master/manifests.d/public-services/kroki/ingress-kroki.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/ingress-kroki.yaml new file mode 100644 index 0000000..9dea80a --- /dev/null +++ b/data.d/k3s-master/manifests.d/public-services/kroki/ingress-kroki.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: kroki + namespace: public-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki + app.kubernetes.io/part-of: public-services + annotations: + cert-manager.io/cluster-issuer: "letsencrypt" +spec: + ingressClassName: nginx + tls: + - hosts: + - kroki.tyil.nl + secretName: tls-nl.tyil.kroki + rules: + - host: kroki.tyil.nl + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: kroki + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-blockdiag.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-blockdiag.yaml new file mode 100644 index 0000000..fcd20de --- /dev/null +++ b/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-blockdiag.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: kroki-blockdiag + namespace: public-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-blockdiag + app.kubernetes.io/part-of: public-services +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-blockdiag + app.kubernetes.io/part-of: public-services + ports: + - name: http + port: 80 + targetPort: 8001 +... diff --git a/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-bpmn.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-bpmn.yaml new file mode 100644 index 0000000..c2abec2 --- /dev/null +++ b/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-bpmn.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: kroki-bpmn + namespace: public-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-bpmn + app.kubernetes.io/part-of: public-services +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-bpmn + app.kubernetes.io/part-of: public-services + ports: + - name: http + port: 80 + targetPort: 8003 +... diff --git a/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-excalidraw.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-excalidraw.yaml new file mode 100644 index 0000000..84033ce --- /dev/null +++ b/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-excalidraw.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: kroki-excalidraw + namespace: public-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-excalidraw + app.kubernetes.io/part-of: public-services +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-excalidraw + app.kubernetes.io/part-of: public-services + ports: + - name: http + port: 80 + targetPort: 8004 +... diff --git a/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-mermaid.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-mermaid.yaml new file mode 100644 index 0000000..8d48a04 --- /dev/null +++ b/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-mermaid.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: kroki-mermaid + namespace: public-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-mermaid + app.kubernetes.io/part-of: public-services +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-mermaid + app.kubernetes.io/part-of: public-services + ports: + - name: http + port: 80 + targetPort: 8002 +... diff --git a/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki.yaml new file mode 100644 index 0000000..a28bfde --- /dev/null +++ b/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: kroki + namespace: public-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki + app.kubernetes.io/part-of: public-services +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki + app.kubernetes.io/part-of: public-services + ports: + - name: http + port: 80 + targetPort: 8000 +... diff --git a/data.d/k3s-master/manifests.d/servarr/bazarr/deployment.yaml b/data.d/k3s-master/manifests.d/servarr/bazarr/deployment.yaml new file mode 100644 index 0000000..e967412 --- /dev/null +++ b/data.d/k3s-master/manifests.d/servarr/bazarr/deployment.yaml @@ -0,0 +1,78 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: bazarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: bazarr + app.kubernetes.io/part-of: servarr +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: bazarr + app.kubernetes.io/part-of: servarr + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: bazarr + app.kubernetes.io/part-of: servarr + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: hotio/bazarr:testing + name: bazarr + env: + - name: TZ + value: "Europe/Amsterdam" + - name: UMASK + value: "002" + - name: GUID + value: "169" + - name: PUID + value: "169" + ports: + - containerPort: 6767 + volumeMounts: + - mountPath: /mnt/pool/media/anime-series/exported + name: anime-series + - mountPath: /mnt/pool/media/anime-movies/exported + name: anime-movies + - mountPath: /mnt/pool/media/series/exported + name: series + - mountPath: /mnt/pool/media/movies/exported + name: movies + - mountPath: /config + name: config + restartPolicy: Always + volumes: + - name: anime-series + hostPath: + path: /mnt/pool/media/anime-series/exported + type: Directory + - name: anime-movies + hostPath: + path: /mnt/pool/media/anime-movies/exported + type: Directory + - name: series + hostPath: + path: /mnt/pool/media/series/exported + type: Directory + - name: movies + hostPath: + path: /mnt/pool/media/movies/exported + type: Directory + - name: config + hostPath: + path: /etc/servarr/bazarr + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/servarr/bazarr/ingress.yaml b/data.d/k3s-master/manifests.d/servarr/bazarr/ingress.yaml new file mode 100644 index 0000000..ff20477 --- /dev/null +++ b/data.d/k3s-master/manifests.d/servarr/bazarr/ingress.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: bazarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: bazarr + app.kubernetes.io/part-of: servarr + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd +spec: + ingressClassName: traefik + tls: + - hosts: + - bazarr.arr.tyil.nl + secretName: tls-nl.tyil.arr.bazarr + rules: + - host: bazarr.arr.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: bazarr + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/servarr/bazarr/service.yaml b/data.d/k3s-master/manifests.d/servarr/bazarr/service.yaml new file mode 100644 index 0000000..1f3cc23 --- /dev/null +++ b/data.d/k3s-master/manifests.d/servarr/bazarr/service.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: bazarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: bazarr + app.kubernetes.io/part-of: servarr +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: bazarr + app.kubernetes.io/part-of: servarr + ports: + - name: http + port: 80 + targetPort: 6767 +... diff --git a/data.d/k3s-master/manifests.d/servarr/jellyfin/deployment.yaml b/data.d/k3s-master/manifests.d/servarr/jellyfin/deployment.yaml new file mode 100644 index 0000000..c2c38bf --- /dev/null +++ b/data.d/k3s-master/manifests.d/servarr/jellyfin/deployment.yaml @@ -0,0 +1,103 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: jellyfin + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: jellyfin + app.kubernetes.io/part-of: servarr +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: jellyfin + app.kubernetes.io/part-of: servarr + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: jellyfin + app.kubernetes.io/part-of: servarr + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: jellyfin/jellyfin + name: jellyfin + ports: + - containerPort: 8096 + volumeMounts: + - mountPath: /var/media/anime-movies + name: anime-movies + readOnly: true + - mountPath: /var/media/anime-series + name: anime-series + readOnly: true + - mountPath: /var/media/books + name: books + readOnly: true + - mountPath: /var/media/movies + name: movies + readOnly: true + - mountPath: /var/media/music + name: music + readOnly: true + - mountPath: /var/media/series + name: series + readOnly: true + - mountPath: /var/media/channels + name: channels + readOnly: true + - mountPath: /config + name: config + - mountPath: /cache + name: cache + resources: + limits: + amd.com/gpu: 1 + restartPolicy: Always + volumes: + - name: anime-movies + hostPath: + path: /mnt/pool/media/anime-movies/exported + type: Directory + - name: anime-series + hostPath: + path: /mnt/pool/media/anime-series/exported + type: Directory + - name: books + hostPath: + path: /mnt/pool/media/books/exported + type: Directory + - name: movies + hostPath: + path: /mnt/pool/media/movies/exported + type: Directory + - name: music + hostPath: + path: /mnt/pool/media/music/exported + type: Directory + - name: series + hostPath: + path: /mnt/pool/media/series/exported + type: Directory + - name: channels + hostPath: + path: /mnt/pool/media/channels/exported + type: Directory + - name: cache + hostPath: + path: /var/cache/jellyfin + type: Directory + - name: config + hostPath: + path: /etc/servarr/jellyfin + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/servarr/jellyfin/ingress.yaml b/data.d/k3s-master/manifests.d/servarr/jellyfin/ingress.yaml new file mode 100644 index 0000000..f4997d4 --- /dev/null +++ b/data.d/k3s-master/manifests.d/servarr/jellyfin/ingress.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: jellyfin + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: jellyfin + app.kubernetes.io/part-of: servarr + annotations: + cert-manager.io/cluster-issuer: "letsencrypt" +spec: + ingressClassName: nginx + tls: + - hosts: + - tv.tyil.nl + secretName: tls-nl.tyil.tv + rules: + - host: tv.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: jellyfin + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/servarr/jellyfin/service.yaml b/data.d/k3s-master/manifests.d/servarr/jellyfin/service.yaml new file mode 100644 index 0000000..8adc813 --- /dev/null +++ b/data.d/k3s-master/manifests.d/servarr/jellyfin/service.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: jellyfin + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: jellyfin + app.kubernetes.io/part-of: servarr +spec: + ipFamilyPolicy: PreferDualStack + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: jellyfin + app.kubernetes.io/part-of: servarr + ports: + - name: http + port: 80 + targetPort: 8096 +... diff --git a/data.d/k3s-master/manifests.d/servarr/jellyseerr/deployment.yaml b/data.d/k3s-master/manifests.d/servarr/jellyseerr/deployment.yaml new file mode 100644 index 0000000..217f949 --- /dev/null +++ b/data.d/k3s-master/manifests.d/servarr/jellyseerr/deployment.yaml @@ -0,0 +1,54 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: jellyseerr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: jellyseerr + app.kubernetes.io/part-of: servarr +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: jellyseerr + app.kubernetes.io/part-of: servarr + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: jellyseerr + app.kubernetes.io/part-of: servarr + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: fallenbagel/jellyseerr:latest + name: jellyseerr + env: + - name: TZ + value: "Europe/Amsterdam" + - name: UMASK + value: "002" + - name: GUID + value: "169" + - name: PUID + value: "169" + ports: + - containerPort: 5055 + volumeMounts: + - mountPath: /app/config + name: config + restartPolicy: Always + volumes: + - name: config + hostPath: + path: /etc/servarr/jellyseerr + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/servarr/jellyseerr/ingress.yaml b/data.d/k3s-master/manifests.d/servarr/jellyseerr/ingress.yaml new file mode 100644 index 0000000..690cab1 --- /dev/null +++ b/data.d/k3s-master/manifests.d/servarr/jellyseerr/ingress.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: jellyseerr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: jellyseerr + app.kubernetes.io/part-of: servarr + annotations: + cert-manager.io/cluster-issuer: "letsencrypt" +spec: + ingressClassName: nginx + tls: + - hosts: + - jellyseerr.arr.tyil.nl + secretName: tls-nl.tyil.arr.jellyseerr + rules: + - host: jellyseerr.arr.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: jellyseerr + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/servarr/jellyseerr/service.yaml b/data.d/k3s-master/manifests.d/servarr/jellyseerr/service.yaml new file mode 100644 index 0000000..a8f3b18 --- /dev/null +++ b/data.d/k3s-master/manifests.d/servarr/jellyseerr/service.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: jellyseerr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: jellyseerr + app.kubernetes.io/part-of: servarr +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: jellyseerr + app.kubernetes.io/part-of: servarr + ports: + - name: http + port: 80 + targetPort: 5055 +... diff --git a/data.d/k3s-master/manifests.d/servarr/lidarr/deployment.yaml b/data.d/k3s-master/manifests.d/servarr/lidarr/deployment.yaml new file mode 100644 index 0000000..baea1d9 --- /dev/null +++ b/data.d/k3s-master/manifests.d/servarr/lidarr/deployment.yaml @@ -0,0 +1,60 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: lidarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lidarr + app.kubernetes.io/part-of: servarr +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lidarr + app.kubernetes.io/part-of: servarr + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lidarr + app.kubernetes.io/part-of: servarr + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: hotio/lidarr:release + name: lidarr + env: + - name: TZ + value: "Europe/Amsterdam" + - name: UMASK + value: "002" + - name: GUID + value: "169" + - name: PUID + value: "169" + ports: + - containerPort: 8686 + volumeMounts: + - mountPath: /mnt/pool/media/music + name: music + - mountPath: /config + name: config + restartPolicy: Always + volumes: + - name: music + hostPath: + path: /mnt/pool/media/music + type: Directory + - name: config + hostPath: + path: /etc/servarr/lidarr + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/servarr/lidarr/ingress.yaml b/data.d/k3s-master/manifests.d/servarr/lidarr/ingress.yaml new file mode 100644 index 0000000..535af5c --- /dev/null +++ b/data.d/k3s-master/manifests.d/servarr/lidarr/ingress.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: lidarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lidarr + app.kubernetes.io/part-of: servarr + annotations: + cert-manager.io/cluster-issuer: "letsencrypt" +spec: + ingressClassName: nginx + tls: + - hosts: + - lidarr.arr.tyil.nl + secretName: tls-nl.tyil.arr.lidarr + rules: + - host: lidarr.arr.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: lidarr + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/servarr/lidarr/service.yaml b/data.d/k3s-master/manifests.d/servarr/lidarr/service.yaml new file mode 100644 index 0000000..1a22185 --- /dev/null +++ b/data.d/k3s-master/manifests.d/servarr/lidarr/service.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: lidarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lidarr + app.kubernetes.io/part-of: servarr +spec: + ipFamilyPolicy: PreferDualStack + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lidarr + app.kubernetes.io/part-of: servarr + ports: + - name: http + port: 80 + targetPort: 8686 +... diff --git a/data.d/k3s-master/manifests.d/servarr/prowlarr/deployment.yaml b/data.d/k3s-master/manifests.d/servarr/prowlarr/deployment.yaml new file mode 100644 index 0000000..d1a21e0 --- /dev/null +++ b/data.d/k3s-master/manifests.d/servarr/prowlarr/deployment.yaml @@ -0,0 +1,54 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: prowlarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prowlarr + app.kubernetes.io/part-of: servarr +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prowlarr + app.kubernetes.io/part-of: servarr + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prowlarr + app.kubernetes.io/part-of: servarr + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: ghcr.io/hotio/prowlarr:nightly + name: prowlarr + env: + - name: TZ + value: "Europe/Amsterdam" + - name: UMASK + value: "002" + - name: GUID + value: "169" + - name: PUID + value: "169" + ports: + - containerPort: 9696 + volumeMounts: + - mountPath: /config + name: config + restartPolicy: Always + volumes: + - name: config + hostPath: + path: /etc/servarr/prowlarr + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/servarr/prowlarr/ingress.yaml b/data.d/k3s-master/manifests.d/servarr/prowlarr/ingress.yaml new file mode 100644 index 0000000..6fc78f9 --- /dev/null +++ b/data.d/k3s-master/manifests.d/servarr/prowlarr/ingress.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: prowlarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prowlarr + app.kubernetes.io/part-of: servarr + annotations: + cert-manager.io/cluster-issuer: "letsencrypt" +spec: + ingressClassName: nginx + tls: + - hosts: + - prowlarr.arr.tyil.nl + secretName: tls-nl.tyil.arr.prowlarr + rules: + - host: prowlarr.arr.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: prowlarr + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/servarr/prowlarr/service.yaml b/data.d/k3s-master/manifests.d/servarr/prowlarr/service.yaml new file mode 100644 index 0000000..3351548 --- /dev/null +++ b/data.d/k3s-master/manifests.d/servarr/prowlarr/service.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: prowlarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prowlarr + app.kubernetes.io/part-of: servarr +spec: + ipFamilyPolicy: PreferDualStack + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prowlarr + app.kubernetes.io/part-of: servarr + ports: + - name: http + port: 80 + targetPort: 9696 +... diff --git a/data.d/k3s-master/manifests.d/servarr/radarr/deployment.yaml b/data.d/k3s-master/manifests.d/servarr/radarr/deployment.yaml new file mode 100644 index 0000000..c49ccb0 --- /dev/null +++ b/data.d/k3s-master/manifests.d/servarr/radarr/deployment.yaml @@ -0,0 +1,66 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: radarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: radarr + app.kubernetes.io/part-of: servarr +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: radarr + app.kubernetes.io/part-of: servarr + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: radarr + app.kubernetes.io/part-of: servarr + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: hotio/radarr:release + name: radarr + env: + - name: TZ + value: "Europe/Amsterdam" + - name: UMASK + value: "002" + - name: GUID + value: "169" + - name: PUID + value: "169" + ports: + - containerPort: 8787 + volumeMounts: + - mountPath: /mnt/pool/media/anime-movies + name: anime-movies + - mountPath: /mnt/pool/media/movies + name: movies + - mountPath: /config + name: config + restartPolicy: Always + volumes: + - name: anime-movies + hostPath: + path: /mnt/pool/media/anime-movies + type: Directory + - name: movies + hostPath: + path: /mnt/pool/media/movies + type: Directory + - name: config + hostPath: + path: /etc/servarr/radarr + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/servarr/radarr/ingress.yaml b/data.d/k3s-master/manifests.d/servarr/radarr/ingress.yaml new file mode 100644 index 0000000..0db9837 --- /dev/null +++ b/data.d/k3s-master/manifests.d/servarr/radarr/ingress.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: radarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: radarr + app.kubernetes.io/part-of: servarr + annotations: + cert-manager.io/cluster-issuer: "letsencrypt" +spec: + ingressClassName: nginx + tls: + - hosts: + - radarr.arr.tyil.nl + secretName: tls-nl.tyil.arr.radarr + rules: + - host: radarr.arr.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: radarr + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/servarr/radarr/service.yaml b/data.d/k3s-master/manifests.d/servarr/radarr/service.yaml new file mode 100644 index 0000000..729fe6b --- /dev/null +++ b/data.d/k3s-master/manifests.d/servarr/radarr/service.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: radarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: radarr + app.kubernetes.io/part-of: servarr +spec: + ipFamilyPolicy: PreferDualStack + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: radarr + app.kubernetes.io/part-of: servarr + ports: + - name: http + port: 80 + targetPort: 7878 +... diff --git a/data.d/k3s-master/manifests.d/servarr/readarr/deployment.yaml b/data.d/k3s-master/manifests.d/servarr/readarr/deployment.yaml new file mode 100644 index 0000000..a266b8d --- /dev/null +++ b/data.d/k3s-master/manifests.d/servarr/readarr/deployment.yaml @@ -0,0 +1,60 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: readarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: readarr + app.kubernetes.io/part-of: servarr +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: readarr + app.kubernetes.io/part-of: servarr + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: readarr + app.kubernetes.io/part-of: servarr + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: hotio/readarr:testing + name: readarr + env: + - name: TZ + value: "Europe/Amsterdam" + - name: UMASK + value: "002" + - name: GUID + value: "169" + - name: PUID + value: "169" + ports: + - containerPort: 8787 + volumeMounts: + - mountPath: /mnt/pool/media/books + name: books + - mountPath: /config + name: config + restartPolicy: Always + volumes: + - name: books + hostPath: + path: /mnt/pool/media/books + type: Directory + - name: config + hostPath: + path: /etc/servarr/readarr + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/servarr/readarr/ingress.yaml b/data.d/k3s-master/manifests.d/servarr/readarr/ingress.yaml new file mode 100644 index 0000000..20297a4 --- /dev/null +++ b/data.d/k3s-master/manifests.d/servarr/readarr/ingress.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: readarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: readarr + app.kubernetes.io/part-of: servarr + annotations: + cert-manager.io/cluster-issuer: "letsencrypt" +spec: + ingressClassName: nginx + tls: + - hosts: + - readarr.arr.tyil.nl + secretName: tls-nl.tyil.arr.readarr + rules: + - host: readarr.arr.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: readarr + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/servarr/readarr/service.yaml b/data.d/k3s-master/manifests.d/servarr/readarr/service.yaml new file mode 100644 index 0000000..3d6cdc7 --- /dev/null +++ b/data.d/k3s-master/manifests.d/servarr/readarr/service.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: readarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: readarr + app.kubernetes.io/part-of: servarr +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: readarr + app.kubernetes.io/part-of: servarr + ports: + - name: http + port: 80 + targetPort: 8787 +... diff --git a/data.d/k3s-master/manifests.d/servarr/sonarr/deployment.yaml b/data.d/k3s-master/manifests.d/servarr/sonarr/deployment.yaml new file mode 100644 index 0000000..126acfe --- /dev/null +++ b/data.d/k3s-master/manifests.d/servarr/sonarr/deployment.yaml @@ -0,0 +1,66 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: sonarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: sonarr + app.kubernetes.io/part-of: servarr +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: sonarr + app.kubernetes.io/part-of: servarr + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: sonarr + app.kubernetes.io/part-of: servarr + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: hotio/sonarr:release + name: sonarr + env: + - name: TZ + value: "Europe/Amsterdam" + - name: UMASK + value: "002" + - name: GUID + value: "169" + - name: PUID + value: "169" + ports: + - containerPort: 8787 + volumeMounts: + - mountPath: /mnt/pool/media/anime-series + name: anime-series + - mountPath: /mnt/pool/media/series + name: series + - mountPath: /config + name: config + restartPolicy: Always + volumes: + - name: anime-series + hostPath: + path: /mnt/pool/media/anime-series + type: Directory + - name: series + hostPath: + path: /mnt/pool/media/series + type: Directory + - name: config + hostPath: + path: /etc/servarr/sonarr + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/servarr/sonarr/ingress.yaml b/data.d/k3s-master/manifests.d/servarr/sonarr/ingress.yaml new file mode 100644 index 0000000..a8de1f9 --- /dev/null +++ b/data.d/k3s-master/manifests.d/servarr/sonarr/ingress.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: sonarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: sonarr + app.kubernetes.io/part-of: servarr + annotations: + cert-manager.io/cluster-issuer: "letsencrypt" +spec: + ingressClassName: nginx + tls: + - hosts: + - sonarr.arr.tyil.nl + secretName: tls-nl.tyil.arr.sonarr + rules: + - host: sonarr.arr.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: sonarr + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/servarr/sonarr/service.yaml b/data.d/k3s-master/manifests.d/servarr/sonarr/service.yaml new file mode 100644 index 0000000..dfd7ac3 --- /dev/null +++ b/data.d/k3s-master/manifests.d/servarr/sonarr/service.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: sonarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: sonarr + app.kubernetes.io/part-of: servarr +spec: + ipFamilyPolicy: PreferDualStack + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: sonarr + app.kubernetes.io/part-of: servarr + ports: + - name: http + port: 80 + targetPort: 8989 +... diff --git a/data.d/k3s-master/manifests.d/servarr/unpackerr/deployment.yaml b/data.d/k3s-master/manifests.d/servarr/unpackerr/deployment.yaml new file mode 100644 index 0000000..d54c478 --- /dev/null +++ b/data.d/k3s-master/manifests.d/servarr/unpackerr/deployment.yaml @@ -0,0 +1,88 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: unpackerr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: unpackerr + app.kubernetes.io/part-of: servarr +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: unpackerr + app.kubernetes.io/part-of: servarr + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: unpackerr + app.kubernetes.io/part-of: servarr + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: golift/unpackerr:latest + name: unpackerr + env: + - name: TZ + value: "Europe/Amsterdam" + - name: UMASK + value: "002" + - name: GUID + value: "169" + - name: PUID + value: "169" + volumeMounts: + - mountPath: /mnt/pool/media/anime-movies + name: anime-movies + - mountPath: /mnt/pool/media/anime-series + name: anime-series + - mountPath: /mnt/pool/media/books + name: books + - mountPath: /mnt/pool/media/movies + name: movies + - mountPath: /mnt/pool/media/music + name: music + - mountPath: /mnt/pool/media/series + name: series + - mountPath: /config + name: config + restartPolicy: Always + volumes: + - name: anime-series + hostPath: + path: /mnt/pool/media/anime-series + type: Directory + - name: anime-movies + hostPath: + path: /mnt/pool/media/anime-movies + type: Directory + - name: books + hostPath: + path: /mnt/pool/media/books + type: Directory + - name: movies + hostPath: + path: /mnt/pool/media/movies + type: Directory + - name: music + hostPath: + path: /mnt/pool/media/music + type: Directory + - name: series + hostPath: + path: /mnt/pool/media/series + type: Directory + - name: config + hostPath: + path: /etc/servarr/unpackerr + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/servarr/whisparr/deployment.yaml b/data.d/k3s-master/manifests.d/servarr/whisparr/deployment.yaml new file mode 100644 index 0000000..f650a60 --- /dev/null +++ b/data.d/k3s-master/manifests.d/servarr/whisparr/deployment.yaml @@ -0,0 +1,60 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: whisparr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: whisparr + app.kubernetes.io/part-of: servarr +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: whisparr + app.kubernetes.io/part-of: servarr + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: whisparr + app.kubernetes.io/part-of: servarr + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: cr.hotio.dev/hotio/whisparr:nightly + name: whisparr + env: + - name: TZ + value: "Europe/Amsterdam" + - name: UMASK + value: "002" + - name: GUID + value: "169" + - name: PUID + value: "169" + ports: + - containerPort: 6969 + volumeMounts: + - mountPath: /mnt/pool/media/porn + name: porn + - mountPath: /config + name: config + restartPolicy: Always + volumes: + - name: porn + hostPath: + path: /mnt/pool/media/porn + type: Directory + - name: config + hostPath: + path: /etc/servarr/whisparr + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/servarr/whisparr/ingress.yaml b/data.d/k3s-master/manifests.d/servarr/whisparr/ingress.yaml new file mode 100644 index 0000000..a71692c --- /dev/null +++ b/data.d/k3s-master/manifests.d/servarr/whisparr/ingress.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: whisparr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: whisparr + app.kubernetes.io/part-of: servarr + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd +spec: + ingressClassName: traefik + tls: + - hosts: + - whisparr.arr.tyil.nl + secretName: tls-nl.tyil.arr.whisparr + rules: + - host: whisparr.arr.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: whisparr + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/servarr/whisparr/service.yaml b/data.d/k3s-master/manifests.d/servarr/whisparr/service.yaml new file mode 100644 index 0000000..abafcaf --- /dev/null +++ b/data.d/k3s-master/manifests.d/servarr/whisparr/service.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: whisparr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: whisparr + app.kubernetes.io/part-of: servarr +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: whisparr + app.kubernetes.io/part-of: servarr + ports: + - name: http + port: 80 + targetPort: 6969 +... @@ -11,23 +11,22 @@ dns.upstream.4=2001:470:71:6dc::53 etc-nixos.path=/etc/nixos etc-portage.path=/etc/portage k3s-master.bind-address&=k3s-node.bind-address -k3s-master.cluster-cidr=172.28.0.0/16 +k3s-master.cluster-cidr=fd00:8::0/48,172.28.0.0/16 k3s-master.cluster-domain=k3s.tyil.nl k3s-master.external-ip&=k3s-node.internal-ip k3s-master.flannel-iface&=k3s-node.flannel-iface k3s-master.internal-ip&=k3s-node.internal-ip -k3s-master.service-cidr=172.25.0.0/16 +k3s-master.service-cidr=fd00:5::0/108,172.25.0.0/16 k3s-master.service-node-port-min=1025 -k3s-node.bind-address&=vpn-tinc.ipv4 +k3s-node.bind-address&=vpn-tinc.ipv6 k3s-node.cluster-cidr&=k3s-master.cluster-cidr k3s-node.cluster-domain&=k3s-master.cluster-domain k3s-node.cluster-domain=k3s.tyil.nl -k3s-node.entry.host=10.57.1.6 +k3s-node.entry.host=[fd68:1057:1992:3381:0:1:3317:1] k3s-node.flannel-iface&=vpn-tinc.name k3s-node.external-ip&=k3s-node.internal-ip k3s-node.role=agent k3s-node.service-cidr&=k3s-master.service-cidr -k3s-node.internal-ip&=vpn-tinc.ipv4 nftables.input.icmp.ipv4.policy=accept nftables.input.icmp.ipv4.rate=2/second nftables.input.icmp.ipv6.policy=accept @@ -51,9 +50,11 @@ nftables.input.rules.wireguard.proto=udp nftables.input.state.established.policy=accept nftables.input.state.invalid.policy=drop nftables.input.state.related.policy=accept -seaweedfs-filer.ip&=vpn-wireguard.ipv6 -seaweedfs-master.replication=100 -seaweedfs-volume.ip&=vpn-wireguard.ipv6 +seaweedfs-filer.db.type=postgres2 +seaweedfs-filer.db.host=10.57.2.1 +seaweedfs-filer.ip&=vpn-tinc.ipv4 +seaweedfs-master.replication=001 +seaweedfs-volume.ip&=vpn-tinc.ipv4 vpn-tinc.name=tyilnet1057 vpn-tinc.peers.caeghi=caeghi_tyil_net vpn-tinc.peers.faiwoo=faiwoo_tyil_net diff --git a/hosts.d/mieshu.tyil.net b/hosts.d/mieshu.tyil.net index 47b12ae..27e53e9 100644 --- a/hosts.d/mieshu.tyil.net +++ b/hosts.d/mieshu.tyil.net @@ -24,11 +24,13 @@ git.repos.raku/url.description=A Raku library to handle URLs git.repos.rakudo-star.description=User-friendly distribution of the Raku programming language git.repos.tyilnet.description=Configuration for machines in my personal network git.repos.vim/camelcasemotion.description=A plugin for vim to make motions stop at camelCase or snake_case boundaries +k3s-node.internal-ip=fd68:1057:1992:3381:0:3:3317:1,10.57.3.1 k3s-node.role=server meta.provider=self nfs-server.exports./mnt/exports/invidious.fsid=97d3493c-1397-479f-bb8a-5c71833b9e17 nfs-server.exports./mnt/exports/lldap.fsid=ee8ee25b-6f14-47f0-81b1-f6fe03a9761f nfs-server.exports./mnt/exports/prometheus.fsid=052f42b5-33c0-40b9-aa69-d05dc03a9fa1 +seaweedfs-master.ip&=vpn-tinc.ipv4 seaweedfs-volume.dc=schokkerstraat seaweedfs-volume.rack=main seaweedfs-volume.volumes.tyilstore0.port.grpc=17080 diff --git a/hosts.d/nouki.tyil.net b/hosts.d/nouki.tyil.net index cefffc2..bd0f098 100644 --- a/hosts.d/nouki.tyil.net +++ b/hosts.d/nouki.tyil.net @@ -1,3 +1,4 @@ +k3s-node.internal-ip=fd68:1057:1992:3381:0:2:3317:1,10.57.2.1 k3s-node.role=server meta.provider=self vpn-tinc.ipv4=10.57.2.1 diff --git a/hosts.d/oolah.tyil.net b/hosts.d/oolah.tyil.net index 17a3bc1..a70c3b0 100644 --- a/hosts.d/oolah.tyil.net +++ b/hosts.d/oolah.tyil.net @@ -1,4 +1,5 @@ k3s-node.role=server +k3s-node.internal-ip=fd68:1057:1992:3381:0:1:3317:1,10.57.1.1 meta.provider=self vpn-tinc.ipv4=10.57.1.1 vpn-tinc.ipv6=fd68:1057:1992:3381:0:1:3317:1 diff --git a/hosts.d/qohrei.tyil.net b/hosts.d/qohrei.tyil.net index 8a2f990..cbbf444 100644 --- a/hosts.d/qohrei.tyil.net +++ b/hosts.d/qohrei.tyil.net @@ -1,3 +1,4 @@ +k3s-node.internal-ip=fd68:1057:1992:3381:0:1:1:3,10.57.1.6 k3s-node.role=server meta.provider=hetzner nftables.input.interfaces.cilium*.policy=accept diff --git a/hosts.d/ricui.tyil.net b/hosts.d/ricui.tyil.net index fb1eb76..9c4c8b5 100644 --- a/hosts.d/ricui.tyil.net +++ b/hosts.d/ricui.tyil.net @@ -1,3 +1,4 @@ +k3s-node.internal-ip=fd68:1057:1992:3381:0:1:1:4,10.57.1.7 meta.provider=hetzner nftables.input.interfaces.cilium*.policy=accept nftables.input.interfaces.lxc*.policy=accept diff --git a/playbooks.d/k3s-master/playbook.bash b/playbooks.d/k3s-master/playbook.bash index f19fe8c..22f82b0 100644 --- a/playbooks.d/k3s-master/playbook.bash +++ b/playbooks.d/k3s-master/playbook.bash @@ -11,6 +11,7 @@ playbook_add() { node-ip: "$(config "$BASHTARD_PLAYBOOK.internal-ip" "127.0.0.1")" bind-address: "$(config "$BASHTARD_PLAYBOOK.bind-address" "0.0.0.0")" flannel-backend: wireguard-native + flannel-ipv6-masq: true cluster-cidr: "$(config "$BASHTARD_PLAYBOOK.cluster-cidr" "172.19.0.0/16")" cluster-domain: "$(config "$BASHTARD_PLAYBOOK.cluster-domain" "cluster.local")" service-cidr: "$(config "$BASHTARD_PLAYBOOK.service-cidr" "172.20.0.0/16")" @@ -38,7 +39,7 @@ playbook_add() { notice "$BASHTARD_PLAYBOOK/add" "Waiting for node to become available" { grep -q -m 1 "${BASHTARD_PLATFORM[fqdn]}[[:space:]]\+Ready"; kill $!; } < <(k3s kubectl get node -w) - #playbook_sync + playbook_sync } playbook_sync() { diff --git a/playbooks.d/k3s-node/playbook.bash b/playbooks.d/k3s-node/playbook.bash index e5eb2a6..0cf54c2 100644 --- a/playbooks.d/k3s-node/playbook.bash +++ b/playbooks.d/k3s-node/playbook.bash @@ -60,6 +60,7 @@ playbook_add() { cluster-cidr: "$(config "$BASHTARD_PLAYBOOK.cluster-cidr" "172.19.0.0/16")" cluster-domain: "$(config "$BASHTARD_PLAYBOOK.cluster-domain" "cluster.local")" flannel-backend: wireguard-native + flannel-ipv6-masq: true service-cidr: "$(config "$BASHTARD_PLAYBOOK.service-cidr" "172.20.0.0/16")" service-node-port-range: "$(config "$BASHTARD_PLAYBOOK.service-node-port-min" "30000")-$(config "$BASHTARD_PLAYBOOK.service-node-port-max" "32767")" disable: diff --git a/playbooks.d/seaweedfs-filer/playbook.bash b/playbooks.d/seaweedfs-filer/playbook.bash index 1a71f07..7ae23b2 100644 --- a/playbooks.d/seaweedfs-filer/playbook.bash +++ b/playbooks.d/seaweedfs-filer/playbook.bash @@ -66,8 +66,25 @@ playbook_sync() { s3_port="$(config "$BASHTARD_PLAYBOOK.s3.port" "8333")" \ > "$buffer" - file_template "filer.toml" \ - > "$(config "fs.etcdir")/seaweedfs/filer.toml" + case "$(config "$BASHTARD_PLAYBOOK.db.type" "leveldb3")" in + leveldb3) + file_template "filer-leveldb3.toml" \ + path="$(config "$BASHTARD_PLAYBOOK.db.path" "./filerldb3")" \ + > "$(config "fs.etcdir")/seaweedfs/filer.toml" + ;; + postgres2) + file_template "filer-postgres2.toml" \ + host="$(config "$BASHTARD_PLAYBOOK.db.host" "localhost")" \ + port="$(config "$BASHTARD_PLAYBOOK.db.port" "5432")" \ + name="$(config "$BASHTARD_PLAYBOOK.db.name" "seaweedfs")" \ + user="$(config "$BASHTARD_PLAYBOOK.db.user" "seaweedfs")" \ + pass="$(config "$BASHTARD_PLAYBOOK.db.password" "")" \ + > "$(config "fs.etcdir")/seaweedfs/filer.toml" + ;; + *) + alert "$BASHTARD_PLAYBOOK/sync" "No valid '$BASHTARD_PLAYBOOK.db.type' set" + return 1 + esac [[ "$(file_hash "$buffer")" == "$hash" ]] && return diff --git a/playbooks.d/seaweedfs-filer/share/filer.toml b/playbooks.d/seaweedfs-filer/share/filer-leveldb3.toml index 8d40cb9..da7324f 100644 --- a/playbooks.d/seaweedfs-filer/share/filer.toml +++ b/playbooks.d/seaweedfs-filer/share/filer-leveldb3.toml @@ -1,3 +1,3 @@ [leveldb3] enabled = true -dir = "./filerldb3" +dir = "${path}" diff --git a/playbooks.d/seaweedfs-filer/share/filer-postgres2.toml b/playbooks.d/seaweedfs-filer/share/filer-postgres2.toml new file mode 100644 index 0000000..d802703 --- /dev/null +++ b/playbooks.d/seaweedfs-filer/share/filer-postgres2.toml @@ -0,0 +1,24 @@ +[postgres2] +enabled = true +createTable = """ + CREATE TABLE IF NOT EXISTS "%s" ( + dirhash BIGINT, + name VARCHAR(65535), + directory VARCHAR(65535), + meta bytea, + PRIMARY KEY (dirhash, name) + ); +""" +hostname = "${host}" +port = ${port} +username = "${user}" +password = "${pass}" +database = "${name}" +schema = "" +sslmode = "disable" +connection_max_idle = 100 +connection_max_open = 100 +connection_max_lifetime_seconds = 0 +# if insert/upsert failing, you can disable upsert or update query syntax to match your RDBMS syntax: +enableUpsert = true +upsertQuery = """UPSERT INTO "%[1]s" (dirhash,name,directory,meta) VALUES($1,$2,$3,$4)""" diff --git a/playbooks.d/seaweedfs/playbook.bash b/playbooks.d/seaweedfs/playbook.bash index e6c0c4c..fabc958 100644 --- a/playbooks.d/seaweedfs/playbook.bash +++ b/playbooks.d/seaweedfs/playbook.bash @@ -14,7 +14,7 @@ playbook_add() { dl_baseurl="https://github.com/seaweedfs/seaweedfs/releases/download" dl_binary="$(printf "%s_%s.tar.gz" "${BASHTARD_PLATFORM[os]}" "$dl_arch")" - dl_version="$(config "$BASHTARD_PLAYBOOK.version" "3.63")" + dl_version="$(config "$BASHTARD_PLAYBOOK.version" "3.65")" buffer="$(tmpdir)" diff --git a/registry.d/edephas.tyil.net b/registry.d/edephas.tyil.net index 106a74a..8e376bf 100644 --- a/registry.d/edephas.tyil.net +++ b/registry.d/edephas.tyil.net @@ -1,6 +1,4 @@ backup-borg git-server ssh -user-tyil vpn-tinc -webserver-nginx diff --git a/registry.d/jaomox.tyil.net b/registry.d/jaomox.tyil.net index cec0024..7d1718a 100644 --- a/registry.d/jaomox.tyil.net +++ b/registry.d/jaomox.tyil.net @@ -1,8 +1,4 @@ nftables -seaweedfs -seaweedfs-filer -seaweedfs-master -seaweedfs-volume ssh user-tyil vpn-tinc diff --git a/registry.d/mieshu.tyil.net b/registry.d/mieshu.tyil.net index 8afac1f..7247785 100644 --- a/registry.d/mieshu.tyil.net +++ b/registry.d/mieshu.tyil.net @@ -4,6 +4,7 @@ k3s-node nfs-server seaweedfs seaweedfs-filer +seaweedfs-master seaweedfs-volume ssh user-tyil diff --git a/registry.d/oolah.tyil.net b/registry.d/oolah.tyil.net index 2466b88..8e43b30 100644 --- a/registry.d/oolah.tyil.net +++ b/registry.d/oolah.tyil.net @@ -1,6 +1,6 @@ k3s-master -k3s-node proxy-privoxy +seaweedfs ssh user-tyil vpn-tinc |