This commit is contained in:
parent
7ac99af974
commit
124b319b57
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -44,3 +44,5 @@ result
|
||||||
.env
|
.env
|
||||||
plan.out
|
plan.out
|
||||||
config.tf.json
|
config.tf.json
|
||||||
|
|
||||||
|
**/charts
|
||||||
|
|
|
@ -1,14 +1,21 @@
|
||||||
apiVersion: secrets.hashicorp.com/v1beta1
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
kind: VaultStaticSecret
|
kind: VaultDynamicSecret
|
||||||
metadata:
|
metadata:
|
||||||
name: postgres-atuin
|
name: postgres-atuin
|
||||||
namespace: atuin
|
namespace: atuin
|
||||||
spec:
|
spec:
|
||||||
|
allowStaticCreds: true
|
||||||
destination:
|
destination:
|
||||||
create: true
|
create: true
|
||||||
name: postgres-atuin
|
name: postgres-atuin
|
||||||
mount: kv
|
transformation:
|
||||||
path: atuin/postgres-atuin
|
templates:
|
||||||
|
ATUIN_DB_URI:
|
||||||
|
text: postgres://{{ .Secrets.username }}:{{ .Secrets.password }}@192.168.50.236/atuin
|
||||||
|
mount: database
|
||||||
|
path: static-creds/atuin
|
||||||
refreshAfter: 30s
|
refreshAfter: 30s
|
||||||
type: kv-v2
|
|
||||||
vaultAuthRef: vault
|
vaultAuthRef: vault
|
||||||
|
rolloutRestartTargets:
|
||||||
|
- name: atuin
|
||||||
|
kind: Deployment
|
||||||
|
|
|
@ -19,18 +19,17 @@ spec:
|
||||||
- server
|
- server
|
||||||
- start
|
- start
|
||||||
env:
|
env:
|
||||||
- name: ATUIN_DB_URI
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: postgres-atuin
|
|
||||||
key: uri
|
|
||||||
optional: false
|
|
||||||
- name: ATUIN_HOST
|
- name: ATUIN_HOST
|
||||||
value: 0.0.0.0
|
value: 0.0.0.0
|
||||||
- name: ATUIN_PORT
|
- name: ATUIN_PORT
|
||||||
value: "8888"
|
value: "8888"
|
||||||
- name: ATUIN_OPEN_REGISTRATION
|
- name: ATUIN_OPEN_REGISTRATION
|
||||||
value: "false"
|
value: "false"
|
||||||
|
- name: RUST_LOG
|
||||||
|
value: "info,atuin_server=debug"
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: postgres-atuin
|
||||||
image: ghcr.io/atuinsh/atuin:v18.2.0
|
image: ghcr.io/atuinsh/atuin:v18.2.0
|
||||||
name: atuin
|
name: atuin
|
||||||
ports:
|
ports:
|
||||||
|
|
|
@ -81,43 +81,3 @@ spec:
|
||||||
podMetricsEndpoints:
|
podMetricsEndpoints:
|
||||||
- port: metrics
|
- port: metrics
|
||||||
interval: 30s
|
interval: 30s
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: cloudflared
|
|
||||||
namespace: cloudflare
|
|
||||||
data:
|
|
||||||
config.yaml: |
|
|
||||||
tunnel: new-homelab
|
|
||||||
credentials-file: /etc/cloudflared/creds/credentials.json
|
|
||||||
metrics: 0.0.0.0:2000
|
|
||||||
no-autoupdate: true
|
|
||||||
warp-routing:
|
|
||||||
enabled: true
|
|
||||||
ingress:
|
|
||||||
- hostname: photos.gmem.ca
|
|
||||||
service: https://homelab.gmem.ca
|
|
||||||
- hostname: pw.gmem.ca
|
|
||||||
service: https://homelab.gmem.ca
|
|
||||||
- hostname: authentik.gmem.ca
|
|
||||||
service: https://homelab.gmem.ca
|
|
||||||
- hostname: nitter.gmem.ca
|
|
||||||
service: https://homelab.gmem.ca
|
|
||||||
- hostname: git.gmem.ca
|
|
||||||
service: https://homelab.gmem.ca
|
|
||||||
- hostname: proxmox.gmem.ca
|
|
||||||
service: https://homelab.gmem.ca
|
|
||||||
- hostname: tokyo.gmem.ca
|
|
||||||
service: https://homelab.gmem.ca
|
|
||||||
- hostname: ibiza.gmem.ca
|
|
||||||
service: https://homelab.gmem.ca
|
|
||||||
- hostname: chat.gmem.ca
|
|
||||||
service: https://homelab.gmem.ca
|
|
||||||
- hostname: paste.gmem.ca
|
|
||||||
service: https://homelab.gmem.ca
|
|
||||||
- hostname: e6.gmem.ca
|
|
||||||
service: https://homelab.gmem.ca
|
|
||||||
- hostname: minecraft-invites.gmem.ca
|
|
||||||
service: https://homelab.gmem.ca
|
|
||||||
- service: http_status:404
|
|
32
kubernetes/cloudflare/config.yaml
Normal file
32
kubernetes/cloudflare/config.yaml
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
tunnel: new-homelab
|
||||||
|
credentials-file: /etc/cloudflared/creds/credentials.json
|
||||||
|
metrics: 0.0.0.0:2000
|
||||||
|
no-autoupdate: true
|
||||||
|
warp-routing:
|
||||||
|
enabled: true
|
||||||
|
ingress:
|
||||||
|
- hostname: photos.gmem.ca
|
||||||
|
service: https://homelab.gmem.ca
|
||||||
|
- hostname: pw.gmem.ca
|
||||||
|
service: https://homelab.gmem.ca
|
||||||
|
- hostname: authentik.gmem.ca
|
||||||
|
service: https://homelab.gmem.ca
|
||||||
|
- hostname: nitter.gmem.ca
|
||||||
|
service: https://homelab.gmem.ca
|
||||||
|
- hostname: git.gmem.ca
|
||||||
|
service: https://homelab.gmem.ca
|
||||||
|
- hostname: proxmox.gmem.ca
|
||||||
|
service: https://homelab.gmem.ca
|
||||||
|
- hostname: tokyo.gmem.ca
|
||||||
|
service: https://homelab.gmem.ca
|
||||||
|
- hostname: ibiza.gmem.ca
|
||||||
|
service: https://homelab.gmem.ca
|
||||||
|
- hostname: chat.gmem.ca
|
||||||
|
service: https://homelab.gmem.ca
|
||||||
|
- hostname: paste.gmem.ca
|
||||||
|
service: https://homelab.gmem.ca
|
||||||
|
- hostname: e6.gmem.ca
|
||||||
|
service: https://homelab.gmem.ca
|
||||||
|
- hostname: minecraft-invites.gmem.ca
|
||||||
|
service: https://homelab.gmem.ca
|
||||||
|
- service: http_status:404
|
|
@ -1,4 +1,18 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
namespace: cloudflare
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- cloudflared.yaml
|
||||||
|
- VaultAuth.yaml
|
||||||
|
- VaultStaticSecret-tunnel-credentials.yaml
|
||||||
|
- VaultStaticSecret-cloudflare-exporter.yaml
|
||||||
|
|
||||||
|
configMapGenerator:
|
||||||
|
- name: cloudflared
|
||||||
|
files:
|
||||||
|
- config.yaml
|
||||||
|
|
||||||
helmCharts:
|
helmCharts:
|
||||||
- kubeVersion: '1.30'
|
- kubeVersion: '1.30'
|
||||||
name: cloudflare-exporter
|
name: cloudflare-exporter
|
||||||
|
@ -13,10 +27,3 @@ helmCharts:
|
||||||
labels:
|
labels:
|
||||||
release: prometheus
|
release: prometheus
|
||||||
version: 0.2.1
|
version: 0.2.1
|
||||||
kind: Kustomization
|
|
||||||
namespace: cloudflare
|
|
||||||
resources:
|
|
||||||
- cloudflared.yml
|
|
||||||
- VaultAuth.yaml
|
|
||||||
- VaultStaticSecret-tunnel-credentials.yaml
|
|
||||||
- VaultStaticSecret-cloudflare-exporter.yaml
|
|
||||||
|
|
|
@ -20,10 +20,7 @@ spec:
|
||||||
containers:
|
containers:
|
||||||
- env:
|
- env:
|
||||||
- name: PGDATABASE
|
- name: PGDATABASE
|
||||||
valueFrom:
|
value: soju
|
||||||
secretKeyRef:
|
|
||||||
key: dbname
|
|
||||||
name: postgres-soju
|
|
||||||
- name: PGHOST
|
- name: PGHOST
|
||||||
value: 192.168.50.236
|
value: 192.168.50.236
|
||||||
- name: PGPASSWORD
|
- name: PGPASSWORD
|
||||||
|
@ -34,7 +31,7 @@ spec:
|
||||||
- name: PGUSER
|
- name: PGUSER
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
key: user
|
key: username
|
||||||
name: postgres-soju
|
name: postgres-soju
|
||||||
image: git.gmem.ca/arch/soju:s3
|
image: git.gmem.ca/arch/soju:s3
|
||||||
imagePullPolicy: Always
|
imagePullPolicy: Always
|
||||||
|
|
|
@ -1,14 +1,18 @@
|
||||||
apiVersion: secrets.hashicorp.com/v1beta1
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
kind: VaultStaticSecret
|
kind: VaultDynamicSecret
|
||||||
metadata:
|
metadata:
|
||||||
name: postgres-soju
|
name: postgres-soju
|
||||||
namespace: irc
|
namespace: soju
|
||||||
spec:
|
spec:
|
||||||
|
allowStaticCreds: true
|
||||||
destination:
|
destination:
|
||||||
create: true
|
create: true
|
||||||
name: postgres-soju
|
name: postgres-soju
|
||||||
mount: kv
|
transformation:
|
||||||
path: irc/postgres-soju
|
mount: database
|
||||||
|
path: static-creds/soju
|
||||||
refreshAfter: 30s
|
refreshAfter: 30s
|
||||||
type: kv-v2
|
|
||||||
vaultAuthRef: vault
|
vaultAuthRef: vault
|
||||||
|
rolloutRestartTargets:
|
||||||
|
- name: soju
|
||||||
|
kind: Deployment
|
||||||
|
|
|
@ -6,3 +6,4 @@ resources:
|
||||||
- Ingress-jellyseerr.yaml
|
- Ingress-jellyseerr.yaml
|
||||||
- VaultAuth.yaml
|
- VaultAuth.yaml
|
||||||
- VaultStaticSecret-jellyseerr.yaml
|
- VaultStaticSecret-jellyseerr.yaml
|
||||||
|
- ConfigMap-jellyseerr.yaml
|
||||||
|
|
8
kubernetes/nitter/ConfigMap-nitter-bot.yaml
Normal file
8
kubernetes/nitter/ConfigMap-nitter-bot.yaml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
apiVersion: v1
|
||||||
|
data:
|
||||||
|
NITTER_EXTERNAL_URL: https://nitter.gmem.ca
|
||||||
|
NITTER_URL: http://nitter:8080
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: nitter-bot
|
||||||
|
namespace: nitter
|
103
kubernetes/nitter/ConfigMap-nitter.yaml
Normal file
103
kubernetes/nitter/ConfigMap-nitter.yaml
Normal file
|
@ -0,0 +1,103 @@
|
||||||
|
apiVersion: v1
|
||||||
|
data:
|
||||||
|
nitter-ro.conf: |
|
||||||
|
[Server]
|
||||||
|
hostname = "nitter.gmem.ca" # for generating links, change this to your own domain/ip
|
||||||
|
title = "nitter.gmem.ca"
|
||||||
|
address = "0.0.0.0"
|
||||||
|
port = 8081
|
||||||
|
https = false # disable to enable cookies when not using https
|
||||||
|
httpMaxConnections = 100
|
||||||
|
staticDir = "./public"
|
||||||
|
readOnly = true
|
||||||
|
|
||||||
|
[Cache]
|
||||||
|
listMinutes = 240 # how long to cache list info (not the tweets, so keep it high)
|
||||||
|
rssMinutes = 10 # how long to cache rss queries
|
||||||
|
redisHost = "nitter-redis-master" # Change to "nitter-redis" if using docker-compose
|
||||||
|
redisPort = 6379
|
||||||
|
redisPassword = ""
|
||||||
|
redisConnections = 20 # minimum open connections in pool
|
||||||
|
redisMaxConnections = 30
|
||||||
|
# new connections are opened when none are available, but if the pool size
|
||||||
|
# goes above this, they're closed when released. don't worry about this unless
|
||||||
|
# you receive tons of requests per second
|
||||||
|
|
||||||
|
[Config]
|
||||||
|
hmacKey = "66c3d14a0576c2c0fb723a2193f8f7a49f8f70a87c4e3b5b278cafa988cd3df25f92dc6d59fe2e44ca0316f850df4d42849833ebd3fbf2dba07479b20ebb543e" # random key for cryptographic signing of video urls
|
||||||
|
base64Media = false # use base64 encoding for proxied media urls
|
||||||
|
enableRSS = true # set this to false to disable RSS feeds
|
||||||
|
enableDebug = false # enable request logs and debug endpoints (/.tokens)
|
||||||
|
proxy = "" # http/https url, SOCKS proxies are not supported
|
||||||
|
proxyAuth = ""
|
||||||
|
tokenCount = 10
|
||||||
|
# minimum amount of usable tokens. tokens are used to authorize API requests,
|
||||||
|
# but they expire after ~1 hour, and have a limit of 500 requests per endpoint.
|
||||||
|
# the limits reset every 15 minutes, and the pool is filled up so there's
|
||||||
|
# always at least `tokenCount` usable tokens. only increase this if you receive
|
||||||
|
# major bursts all the time and don't have a rate limiting setup via e.g. nginx
|
||||||
|
|
||||||
|
# cookieHeader = "ct0=a5239634ecfbbdfe8c4826016062b7c1d3f5db7f5ccf45898d854739541810865323f2535c504bcd4f3907ee888379b02871a4fa78abace77c6f155c515740e99fb8add35bcd38ac534927e6c5744ba2; auth_token=cd6e00f611df987100a886885b019a3c6b575c97" # authentication cookie of a logged in account, required for the likes tab and NSFW content
|
||||||
|
# xCsrfToken = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" # required for the likes tab and NSFW content
|
||||||
|
|
||||||
|
# Change default preferences here, see src/prefs_impl.nim for a complete list
|
||||||
|
[Preferences]
|
||||||
|
theme = "Nitter"
|
||||||
|
replaceTwitter = "nitter.gmem.ca"
|
||||||
|
replaceYouTube = "piped.video"
|
||||||
|
replaceReddit = "teddit.net"
|
||||||
|
proxyVideos = false
|
||||||
|
hlsPlayback = true
|
||||||
|
infiniteScroll = true
|
||||||
|
nitter.conf: |
|
||||||
|
[Server]
|
||||||
|
hostname = "nitter.gmem.ca" # for generating links, change this to your own domain/ip
|
||||||
|
title = "nitter.gmem.ca"
|
||||||
|
address = "0.0.0.0"
|
||||||
|
port = 8080
|
||||||
|
https = false # disable to enable cookies when not using https
|
||||||
|
httpMaxConnections = 100
|
||||||
|
staticDir = "./public"
|
||||||
|
|
||||||
|
[Cache]
|
||||||
|
listMinutes = 240 # how long to cache list info (not the tweets, so keep it high)
|
||||||
|
rssMinutes = 10 # how long to cache rss queries
|
||||||
|
redisHost = "nitter-redis-master" # Change to "nitter-redis" if using docker-compose
|
||||||
|
redisPort = 6379
|
||||||
|
redisPassword = ""
|
||||||
|
redisConnections = 20 # minimum open connections in pool
|
||||||
|
redisMaxConnections = 30
|
||||||
|
# new connections are opened when none are available, but if the pool size
|
||||||
|
# goes above this, they're closed when released. don't worry about this unless
|
||||||
|
# you receive tons of requests per second
|
||||||
|
|
||||||
|
[Config]
|
||||||
|
hmacKey = "66c3d14a0576c2c0fb723a2193f8f7a49f8f70a87c4e3b5b278cafa988cd3df25f92dc6d59fe2e44ca0316f850df4d42849833ebd3fbf2dba07479b20ebb543e" # random key for cryptographic signing of video urls
|
||||||
|
base64Media = false # use base64 encoding for proxied media urls
|
||||||
|
enableRSS = true # set this to false to disable RSS feeds
|
||||||
|
enableDebug = false # enable request logs and debug endpoints (/.tokens)
|
||||||
|
proxy = "" # http/https url, SOCKS proxies are not supported
|
||||||
|
proxyAuth = ""
|
||||||
|
tokenCount = 10
|
||||||
|
# minimum amount of usable tokens. tokens are used to authorize API requests,
|
||||||
|
# but they expire after ~1 hour, and have a limit of 500 requests per endpoint.
|
||||||
|
# the limits reset every 15 minutes, and the pool is filled up so there's
|
||||||
|
# always at least `tokenCount` usable tokens. only increase this if you receive
|
||||||
|
# major bursts all the time and don't have a rate limiting setup via e.g. nginx
|
||||||
|
|
||||||
|
# cookieHeader = "ct0=a5239634ecfbbdfe8c4826016062b7c1d3f5db7f5ccf45898d854739541810865323f2535c504bcd4f3907ee888379b02871a4fa78abace77c6f155c515740e99fb8add35bcd38ac534927e6c5744ba2; auth_token=cd6e00f611df987100a886885b019a3c6b575c97" # authentication cookie of a logged in account, required for the likes tab and NSFW content
|
||||||
|
# xCsrfToken = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" # required for the likes tab and NSFW content
|
||||||
|
|
||||||
|
# Change default preferences here, see src/prefs_impl.nim for a complete list
|
||||||
|
[Preferences]
|
||||||
|
theme = "Nitter"
|
||||||
|
replaceTwitter = "nitter.gmem.ca"
|
||||||
|
replaceYouTube = "piped.gmem.ca"
|
||||||
|
replaceReddit = "red.gmem.ca"
|
||||||
|
proxyVideos = false
|
||||||
|
hlsPlayback = true
|
||||||
|
infiniteScroll = true
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: nitter
|
||||||
|
namespace: nitter
|
|
@ -11,6 +11,8 @@ resources:
|
||||||
- VaultAuth.yaml
|
- VaultAuth.yaml
|
||||||
- VaultStaticSecret-nitter-bot.yaml
|
- VaultStaticSecret-nitter-bot.yaml
|
||||||
- VaultStaticSecret-nitter.yaml
|
- VaultStaticSecret-nitter.yaml
|
||||||
|
- ConfigMap-nitter.yaml
|
||||||
|
- ConfigMap-nitter-bot.yaml
|
||||||
|
|
||||||
helmCharts:
|
helmCharts:
|
||||||
- name: redis
|
- name: redis
|
||||||
|
|
|
@ -1,29 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
data:
|
|
||||||
limiter.toml: '# This configuration file updates the default configuration file
|
|
||||||
|
|
||||||
# See https://github.com/searxng/searxng/blob/master/searx/botdetection/limiter.toml
|
|
||||||
|
|
||||||
|
|
||||||
[botdetection.ip_limit]
|
|
||||||
|
|
||||||
# activate link_token method in the ip_limit method
|
|
||||||
|
|
||||||
link_token = true
|
|
||||||
|
|
||||||
'
|
|
||||||
settings.yml: "use_default_settings: true\nserver:\n image_proxy: true\n http_protocol_version:\
|
|
||||||
\ \"1.1\"\n method: \"GET\"\nui:\n static_use_hash: true\nredis:\n url: redis://searxng-redis-master:6379/0\n\
|
|
||||||
general:\n instance_name: search.gmem.ca\nhostname_replace:\n '(.*\\.)?youtube\\\
|
|
||||||
.com$': 'piped.gmem.ca'\n '(.*\\.)?youtu\\.be$': 'piped.gmem.ca'\n '(.*\\.)?youtube-noocookie\\\
|
|
||||||
.com$': 'piped.gmem.ca'\n '(www\\.)?twitter\\.com$': 'nitter.gmem.ca'\n '(www\\\
|
|
||||||
.)?x\\.com$': 'nitter.gmem.ca'\n '(.*\\.)?reddit\\.com$': 'red.gmem.ca'\n"
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
annotations:
|
|
||||||
kubenix/k8s-version: '1.30'
|
|
||||||
kubenix/project-name: kubenix
|
|
||||||
labels:
|
|
||||||
kubenix/hash: e672eb08bf0db5ef675b3b6036ca047f43b4614f
|
|
||||||
name: searxng-3e1ca337d7
|
|
||||||
namespace: searxng
|
|
|
@ -42,5 +42,5 @@ spec:
|
||||||
subPath: limiter.toml
|
subPath: limiter.toml
|
||||||
volumes:
|
volumes:
|
||||||
- configMap:
|
- configMap:
|
||||||
name: searxng-3e1ca337d7
|
name: searxng
|
||||||
name: config
|
name: config
|
||||||
|
|
|
@ -1,4 +1,8 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
namespace: searxng
|
||||||
|
|
||||||
helmCharts:
|
helmCharts:
|
||||||
- name: redis
|
- name: redis
|
||||||
releaseName: searxng-redis
|
releaseName: searxng-redis
|
||||||
|
@ -12,12 +16,16 @@ helmCharts:
|
||||||
repository: redict
|
repository: redict
|
||||||
tag: 7.3-compat
|
tag: 7.3-compat
|
||||||
version: 18.6.1
|
version: 18.6.1
|
||||||
kind: Kustomization
|
|
||||||
namespace: searxng
|
|
||||||
resources:
|
resources:
|
||||||
- ConfigMap-searxng-3e1ca337d7.yaml
|
|
||||||
- Deployment-searxng.yaml
|
- Deployment-searxng.yaml
|
||||||
- Service-searxng.yaml
|
- Service-searxng.yaml
|
||||||
- Ingress-searxng.yaml
|
- Ingress-searxng.yaml
|
||||||
- VaultAuth.yaml
|
- VaultAuth.yaml
|
||||||
- VaultStaticSecret-searxng.yaml
|
- VaultStaticSecret-searxng.yaml
|
||||||
|
|
||||||
|
configMapGenerator:
|
||||||
|
- name: searxng
|
||||||
|
files:
|
||||||
|
- limiter.toml
|
||||||
|
- settings.yml
|
||||||
|
|
6
kubernetes/searxng/limiter.toml
Normal file
6
kubernetes/searxng/limiter.toml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
# This configuration file updates the default configuration file
|
||||||
|
|
||||||
|
# See https://github.com/searxng/searxng/blob/master/searx/botdetection/limiter.toml
|
||||||
|
[botdetection.ip_limit]
|
||||||
|
# activate link_token method in the ip_limit method
|
||||||
|
link_token = true
|
19
kubernetes/searxng/settings.yml
Normal file
19
kubernetes/searxng/settings.yml
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
use_default_settings: true
|
||||||
|
server:
|
||||||
|
image_proxy: true
|
||||||
|
http_protocol_version: "1.1"
|
||||||
|
method: "GET"
|
||||||
|
ui:
|
||||||
|
static_use_hash: true
|
||||||
|
redis:
|
||||||
|
url: redis://searxng-redis-master:6379/0
|
||||||
|
general:
|
||||||
|
instance_name: search.gmem.ca
|
||||||
|
hostnames:
|
||||||
|
replace:
|
||||||
|
'(.*\.)?youtube\.com$': 'piped.gmem.ca'
|
||||||
|
'(.*\.)?youtube\.com$': 'piped.gmem.ca'
|
||||||
|
'(.*\.)?youtube-noocookie.com$': 'piped.gmem.ca'
|
||||||
|
'(.*\.)?twitter.com$': 'nitter.gmem.ca'
|
||||||
|
'(.*\.)?x.com$': 'nitter.gmem.ca'
|
||||||
|
'(.*\.)?reddit.com$': 'red.gmem.ca'
|
|
@ -12,3 +12,25 @@ spec:
|
||||||
refreshAfter: 30s
|
refreshAfter: 30s
|
||||||
type: kv-v2
|
type: kv-v2
|
||||||
vaultAuthRef: vault
|
vaultAuthRef: vault
|
||||||
|
---
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultDynamicSecret
|
||||||
|
metadata:
|
||||||
|
name: postgres-vaultwarden
|
||||||
|
namespace: vaultwarden
|
||||||
|
spec:
|
||||||
|
allowStaticCreds: true
|
||||||
|
destination:
|
||||||
|
create: true
|
||||||
|
name: postgres-vaultwarden
|
||||||
|
transformation:
|
||||||
|
templates:
|
||||||
|
DATABASE_URL:
|
||||||
|
text: postgres://{{ .Secrets.username }}:{{ .Secrets.password }}@192.168.50.236/vaultwarden
|
||||||
|
mount: database
|
||||||
|
path: static-creds/vaultwarden
|
||||||
|
refreshAfter: 30s
|
||||||
|
vaultAuthRef: vault
|
||||||
|
rolloutRestartTargets:
|
||||||
|
- name: vaultwarden
|
||||||
|
kind: Deployment
|
||||||
|
|
|
@ -16,10 +16,6 @@ spec:
|
||||||
volumes:
|
volumes:
|
||||||
- name: data-dir
|
- name: data-dir
|
||||||
emptyDir: {}
|
emptyDir: {}
|
||||||
- name: rsa-keys
|
|
||||||
secret:
|
|
||||||
secretName: vaultwarden-rsa
|
|
||||||
defaultMode: 0644
|
|
||||||
containers:
|
containers:
|
||||||
- name: vaultwarden
|
- name: vaultwarden
|
||||||
image: vaultwarden/server:testing
|
image: vaultwarden/server:testing
|
||||||
|
@ -34,8 +30,10 @@ spec:
|
||||||
envFrom:
|
envFrom:
|
||||||
- secretRef:
|
- secretRef:
|
||||||
name: vaultwarden
|
name: vaultwarden
|
||||||
|
- secretRef:
|
||||||
|
name: postgres-vaultwarden
|
||||||
- configMapRef:
|
- configMapRef:
|
||||||
name: vaultwarden-env
|
name: vaultwarden
|
||||||
env:
|
env:
|
||||||
- name: LOG_LEVEL
|
- name: LOG_LEVEL
|
||||||
value: debug
|
value: debug
|
||||||
|
@ -43,9 +41,6 @@ spec:
|
||||||
- containerPort: 80
|
- containerPort: 80
|
||||||
name: web
|
name: web
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: rsa-keys
|
|
||||||
mountPath: /data/keys
|
|
||||||
readOnly: true
|
|
||||||
- name: data-dir
|
- name: data-dir
|
||||||
mountPath: /data
|
mountPath: /data
|
||||||
---
|
---
|
||||||
|
@ -87,49 +82,3 @@ spec:
|
||||||
name: vaultwarden
|
name: vaultwarden
|
||||||
port:
|
port:
|
||||||
number: 80
|
number: 80
|
||||||
---
|
|
||||||
apiVersion: secrets.infisical.com/v1alpha1
|
|
||||||
kind: InfisicalSecret
|
|
||||||
metadata:
|
|
||||||
name: vaultwarden
|
|
||||||
namespace: vaultwarden
|
|
||||||
spec:
|
|
||||||
hostAPI: http://infisical:8080
|
|
||||||
resyncInterval: 10
|
|
||||||
authentication:
|
|
||||||
kubernetesAuth:
|
|
||||||
identityId: 68d1f432-7b0a-4e4a-b439-acbbbc160f1e
|
|
||||||
serviceAccountRef:
|
|
||||||
name: infisical-auth
|
|
||||||
namespace: infisical
|
|
||||||
secretsScope:
|
|
||||||
projectSlug: kubernetes-homelab-dp67
|
|
||||||
envSlug: prod
|
|
||||||
secretsPath: "/vaultwarden"
|
|
||||||
managedSecretReference:
|
|
||||||
secretName: vaultwarden
|
|
||||||
secretNamespace: vaultwarden
|
|
||||||
creationPolicy: "Owner"
|
|
||||||
---
|
|
||||||
apiVersion: secrets.infisical.com/v1alpha1
|
|
||||||
kind: InfisicalSecret
|
|
||||||
metadata:
|
|
||||||
name: vaultwarden-rsa
|
|
||||||
namespace: vaultwarden
|
|
||||||
spec:
|
|
||||||
hostAPI: http://infisical:8080
|
|
||||||
resyncInterval: 10
|
|
||||||
authentication:
|
|
||||||
kubernetesAuth:
|
|
||||||
identityId: 68d1f432-7b0a-4e4a-b439-acbbbc160f1e
|
|
||||||
serviceAccountRef:
|
|
||||||
name: infisical-auth
|
|
||||||
namespace: infisical
|
|
||||||
secretsScope:
|
|
||||||
projectSlug: kubernetes-homelab-dp67
|
|
||||||
envSlug: prod
|
|
||||||
secretsPath: "/vaultwarden/keys"
|
|
||||||
managedSecretReference:
|
|
||||||
secretName: vaultwarden-rsa
|
|
||||||
secretNamespace: vaultwarden
|
|
||||||
creationPolicy: "Owner"
|
|
||||||
|
|
|
@ -1,6 +1,14 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
|
|
||||||
|
namespace: vaultwarden
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
- VaultAuth.yaml
|
- VaultAuth.yaml
|
||||||
- VaultStaticSecret-vaultwarden.yaml
|
- VaultStaticSecret-vaultwarden.yaml
|
||||||
- deployment.yaml
|
- deployment.yaml
|
||||||
|
|
||||||
|
configMapGenerator:
|
||||||
|
- name: vaultwarden
|
||||||
|
envs:
|
||||||
|
- vaultwarden.env
|
||||||
|
|
15
kubernetes/vaultwarden/vaultwarden.env
Normal file
15
kubernetes/vaultwarden/vaultwarden.env
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
DOMAIN=https://pw.gmem.ca
|
||||||
|
ENABLE_WEBSOCKET=true
|
||||||
|
EXTENDED_LOGGING=true
|
||||||
|
IP_HEADER=X-Real-IP
|
||||||
|
LOG_LEVEL=error
|
||||||
|
PUSH_ENABLED=true
|
||||||
|
PUSH_IDENTITY_URI=https://identity.bitwarden.eu
|
||||||
|
PUSH_RELAY_URI=https://push.bitwarden.eu
|
||||||
|
RSA_KEY_FILENAME=/data/rsa_key
|
||||||
|
SIGNUPS_ALLOWED=false
|
||||||
|
SIGNUPS_VERIFY=true
|
||||||
|
SMTP_FROM=vaultwarden@gmem.ca
|
||||||
|
SMTP_FROM_NAME=Arch's Vault
|
||||||
|
SMTP_PORT=465
|
||||||
|
SMTP_SECURITY=force_tls
|
36
kubernetes/vrchat/config.toml
Normal file
36
kubernetes/vrchat/config.toml
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
[groups.waterwolf]
|
||||||
|
id = "grp_41df2df4-be4e-4a4e-be5e-eabb1425c4e5"
|
||||||
|
vrcdn = "waterwolf"
|
||||||
|
|
||||||
|
[groups.vibenight]
|
||||||
|
id = "grp_8cf1101a-e75d-4e80-b5d5-c5ba2916cce8"
|
||||||
|
vrcdn = "vibenight"
|
||||||
|
|
||||||
|
[groups.vibenight-roxy]
|
||||||
|
id = ""
|
||||||
|
vrcdn = "roxyreee"
|
||||||
|
|
||||||
|
[groups.zrave]
|
||||||
|
id = "grp_f65e9e2e-c2a4-46af-a787-0e7c5d6be03c"
|
||||||
|
vrcdn = "furxmas"
|
||||||
|
|
||||||
|
[groups.eufuria]
|
||||||
|
id = "grp_47c07467-c09a-4354-bba2-31e103b3c934"
|
||||||
|
vrcdn = "technicallysane"
|
||||||
|
|
||||||
|
[groups.waterwolf-nullreff]
|
||||||
|
id = ""
|
||||||
|
vrcdn = "nullreff"
|
||||||
|
|
||||||
|
[groups.con-vr-portals]
|
||||||
|
id = "grp_dcddb898-14bf-41ab-8c3e-e874847be6c9"
|
||||||
|
|
||||||
|
#[groups.furality]
|
||||||
|
#id = "grp_210dbc09-c3da-4ebb-b641-73c99ce2619b"
|
||||||
|
#vrcdn = "furalityvrcdn"
|
||||||
|
|
||||||
|
[worlds]
|
||||||
|
"becki" = "wrld_e3a45ec6-a319-42af-b68d-f82f47bddef3"
|
||||||
|
"foxxcon" = "wrld_27806231-964b-4fbe-add8-10bf14be8071"
|
||||||
|
"becki v2" = "wrld_74f11f39-9064-4d03-93e9-2141f4a60147"
|
||||||
|
|
|
@ -1,7 +1,15 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
|
|
||||||
|
namespace: vrchat
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
- Deployment-vrchat-prometheus-adapter.yaml
|
- Deployment-vrchat-prometheus-adapter.yaml
|
||||||
- Service-vrchat-prometheus-adapter.yaml
|
- Service-vrchat-prometheus-adapter.yaml
|
||||||
- ServiceMonitor-vrchat-prometheus-adapter.yaml
|
- ServiceMonitor-vrchat-prometheus-adapter.yaml
|
||||||
- VaultAuth.yaml
|
- VaultAuth.yaml
|
||||||
|
|
||||||
|
configMapGenerator:
|
||||||
|
- name: vrchat-prometheus-adapter
|
||||||
|
files:
|
||||||
|
- config.toml
|
||||||
|
|
Loading…
Reference in a new issue