This commit is contained in:
parent
7ac99af974
commit
25d061877c
4
.gitignore
vendored
4
.gitignore
vendored
|
@ -43,4 +43,6 @@ result
|
|||
.direnv/
|
||||
.env
|
||||
plan.out
|
||||
config.tf.json
|
||||
config.tf.json
|
||||
|
||||
**/charts
|
||||
|
|
|
@ -1,14 +1,21 @@
|
|||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultStaticSecret
|
||||
kind: VaultDynamicSecret
|
||||
metadata:
|
||||
name: postgres-atuin
|
||||
namespace: atuin
|
||||
spec:
|
||||
allowStaticCreds: true
|
||||
destination:
|
||||
create: true
|
||||
name: postgres-atuin
|
||||
mount: kv
|
||||
path: atuin/postgres-atuin
|
||||
transformation:
|
||||
templates:
|
||||
ATUIN_DB_URI:
|
||||
text: postgres://{{ .Secrets.username }}:{{ .Secrets.password }}@192.168.50.236/atuin
|
||||
mount: database
|
||||
path: static-creds/atuin
|
||||
refreshAfter: 30s
|
||||
type: kv-v2
|
||||
vaultAuthRef: vault
|
||||
rolloutRestartTargets:
|
||||
- name: atuin
|
||||
kind: Deployment
|
||||
|
|
|
@ -19,18 +19,17 @@ spec:
|
|||
- server
|
||||
- start
|
||||
env:
|
||||
- name: ATUIN_DB_URI
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgres-atuin
|
||||
key: uri
|
||||
optional: false
|
||||
- name: ATUIN_HOST
|
||||
value: 0.0.0.0
|
||||
- name: ATUIN_PORT
|
||||
value: "8888"
|
||||
- name: ATUIN_OPEN_REGISTRATION
|
||||
value: "false"
|
||||
- name: RUST_LOG
|
||||
value: "info,atuin_server=debug"
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: postgres-atuin
|
||||
image: ghcr.io/atuinsh/atuin:v18.2.0
|
||||
name: atuin
|
||||
ports:
|
||||
|
|
|
@ -81,43 +81,3 @@ spec:
|
|||
podMetricsEndpoints:
|
||||
- port: metrics
|
||||
interval: 30s
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: cloudflared
|
||||
namespace: cloudflare
|
||||
data:
|
||||
config.yaml: |
|
||||
tunnel: new-homelab
|
||||
credentials-file: /etc/cloudflared/creds/credentials.json
|
||||
metrics: 0.0.0.0:2000
|
||||
no-autoupdate: true
|
||||
warp-routing:
|
||||
enabled: true
|
||||
ingress:
|
||||
- hostname: photos.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: pw.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: authentik.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: nitter.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: git.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: proxmox.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: tokyo.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: ibiza.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: chat.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: paste.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: e6.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: minecraft-invites.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- service: http_status:404
|
32
kubernetes/cloudflare/config.yaml
Normal file
32
kubernetes/cloudflare/config.yaml
Normal file
|
@ -0,0 +1,32 @@
|
|||
tunnel: new-homelab
|
||||
credentials-file: /etc/cloudflared/creds/credentials.json
|
||||
metrics: 0.0.0.0:2000
|
||||
no-autoupdate: true
|
||||
warp-routing:
|
||||
enabled: true
|
||||
ingress:
|
||||
- hostname: photos.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: pw.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: authentik.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: nitter.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: git.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: proxmox.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: tokyo.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: ibiza.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: chat.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: paste.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: e6.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: minecraft-invites.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- service: http_status:404
|
|
@ -1,4 +1,18 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: cloudflare
|
||||
|
||||
resources:
|
||||
- cloudflared.yaml
|
||||
- VaultAuth.yaml
|
||||
- VaultStaticSecret-tunnel-credentials.yaml
|
||||
- VaultStaticSecret-cloudflare-exporter.yaml
|
||||
|
||||
configMapGenerator:
|
||||
- name: cloudflared
|
||||
files:
|
||||
- config.yaml
|
||||
|
||||
helmCharts:
|
||||
- kubeVersion: '1.30'
|
||||
name: cloudflare-exporter
|
||||
|
@ -13,10 +27,3 @@ helmCharts:
|
|||
labels:
|
||||
release: prometheus
|
||||
version: 0.2.1
|
||||
kind: Kustomization
|
||||
namespace: cloudflare
|
||||
resources:
|
||||
- cloudflared.yml
|
||||
- VaultAuth.yaml
|
||||
- VaultStaticSecret-tunnel-credentials.yaml
|
||||
- VaultStaticSecret-cloudflare-exporter.yaml
|
||||
|
|
|
@ -20,10 +20,7 @@ spec:
|
|||
containers:
|
||||
- env:
|
||||
- name: PGDATABASE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: dbname
|
||||
name: postgres-soju
|
||||
value: soju
|
||||
- name: PGHOST
|
||||
value: 192.168.50.236
|
||||
- name: PGPASSWORD
|
||||
|
@ -34,7 +31,7 @@ spec:
|
|||
- name: PGUSER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: user
|
||||
key: username
|
||||
name: postgres-soju
|
||||
image: git.gmem.ca/arch/soju:s3
|
||||
imagePullPolicy: Always
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultStaticSecret
|
||||
kind: VaultDynamicSecret
|
||||
metadata:
|
||||
name: postgres-soju
|
||||
namespace: irc
|
||||
namespace: soju
|
||||
spec:
|
||||
allowStaticCreds: true
|
||||
destination:
|
||||
create: true
|
||||
name: postgres-soju
|
||||
mount: kv
|
||||
path: irc/postgres-soju
|
||||
transformation:
|
||||
mount: database
|
||||
path: static-creds/soju
|
||||
refreshAfter: 30s
|
||||
type: kv-v2
|
||||
vaultAuthRef: vault
|
||||
rolloutRestartTargets:
|
||||
- name: soju
|
||||
kind: Deployment
|
||||
|
|
238
kubernetes/jellyseerr/ConfigMap-jellyseerr.yaml
Normal file
238
kubernetes/jellyseerr/ConfigMap-jellyseerr.yaml
Normal file
|
@ -0,0 +1,238 @@
|
|||
apiVersion: v1
|
||||
data:
|
||||
DB_HOST: 192.168.50.236
|
||||
DB_TYPE: postgres
|
||||
DB_USER: jellyseerr
|
||||
settings.json: |
|
||||
{
|
||||
"clientId": "a54f0b33-d4d3-4c23-962f-8cd912e9c19d",
|
||||
"vapidPrivate": "j85uoYz8PoOdcFsZ15ePwqpJ2CqSB5BM_9wrdzDR2Oc",
|
||||
"vapidPublic": "BCohD75wkSzbTF4WTLCWgQc7gstxaXVOlZ1SSjsGnloqsjdSrMr3FG_pM6l4YkiC710yhKRxtdIeD3BWLlU2YGY",
|
||||
"main": {
|
||||
"apiKey": "MTcxNDMxNzE2NDkyMGMyODczOWFkLWY2OTgtNGZmYy04NmUzLTg0YjVkZjhhNTQ5NA==",
|
||||
"applicationTitle": "Jellyseerr",
|
||||
"applicationUrl": "",
|
||||
"csrfProtection": false,
|
||||
"cacheImages": false,
|
||||
"defaultPermissions": 32,
|
||||
"defaultQuotas": {
|
||||
"movie": {},
|
||||
"tv": {}
|
||||
},
|
||||
"hideAvailable": false,
|
||||
"localLogin": true,
|
||||
"newPlexLogin": true,
|
||||
"region": "",
|
||||
"originalLanguage": "",
|
||||
"trustProxy": false,
|
||||
"mediaServerType": 1,
|
||||
"partialRequestsEnabled": true,
|
||||
"locale": "en"
|
||||
},
|
||||
"plex": {
|
||||
"name": "vancouver",
|
||||
"ip": "192-168-50-229.9fbcf035272d41dfa381c69090233d0c.plex.direct",
|
||||
"port": 32400,
|
||||
"useSsl": true,
|
||||
"libraries": [
|
||||
{
|
||||
"id": "1",
|
||||
"name": "Movies",
|
||||
"enabled": true,
|
||||
"type": "movie",
|
||||
"lastScan": 1714317300613
|
||||
},
|
||||
{
|
||||
"id": "2",
|
||||
"name": "TV Shows",
|
||||
"enabled": true,
|
||||
"type": "show",
|
||||
"lastScan": 1714317300676
|
||||
}
|
||||
],
|
||||
"machineId": "b719ba766ebd77c763e95b5a9ae3cb818f7da290"
|
||||
},
|
||||
"jellyfin": {
|
||||
"name": "",
|
||||
"hostname": "",
|
||||
"externalHostname": "",
|
||||
"jellyfinForgotPasswordUrl": "",
|
||||
"libraries": [],
|
||||
"serverId": ""
|
||||
},
|
||||
"tautulli": {},
|
||||
"radarr": [
|
||||
{
|
||||
"name": "Radarr",
|
||||
"hostname": "192.168.50.187",
|
||||
"port": 7878,
|
||||
"apiKey": "2818686b8ed44f878bd964512fc6a183",
|
||||
"useSsl": false,
|
||||
"baseUrl": "",
|
||||
"activeProfileId": 4,
|
||||
"activeProfileName": "HD-1080p",
|
||||
"activeDirectory": "/media/movies",
|
||||
"is4k": false,
|
||||
"minimumAvailability": "released",
|
||||
"tags": [],
|
||||
"isDefault": true,
|
||||
"syncEnabled": false,
|
||||
"preventSearch": false,
|
||||
"tagRequests": true,
|
||||
"id": 0
|
||||
}
|
||||
],
|
||||
"sonarr": [
|
||||
{
|
||||
"name": "Sonarr",
|
||||
"hostname": "192.168.50.187",
|
||||
"port": 8989,
|
||||
"apiKey": "5d8fa991e831479f97dd03cc7532a697",
|
||||
"useSsl": false,
|
||||
"baseUrl": "",
|
||||
"activeProfileId": 4,
|
||||
"activeLanguageProfileId": 1,
|
||||
"activeProfileName": "HD-1080p",
|
||||
"activeDirectory": "/media/tvshows",
|
||||
"tags": [],
|
||||
"animeTags": [],
|
||||
"is4k": false,
|
||||
"isDefault": true,
|
||||
"enableSeasonFolders": false,
|
||||
"syncEnabled": false,
|
||||
"preventSearch": false,
|
||||
"tagRequests": true,
|
||||
"id": 0
|
||||
}
|
||||
],
|
||||
"public": {
|
||||
"initialized": true
|
||||
},
|
||||
"notifications": {
|
||||
"agents": {
|
||||
"email": {
|
||||
"enabled": false,
|
||||
"options": {
|
||||
"userEmailRequired": false,
|
||||
"emailFrom": "",
|
||||
"smtpHost": "",
|
||||
"smtpPort": 587,
|
||||
"secure": false,
|
||||
"ignoreTls": false,
|
||||
"requireTls": false,
|
||||
"allowSelfSigned": false,
|
||||
"senderName": "Jellyseerr"
|
||||
}
|
||||
},
|
||||
"discord": {
|
||||
"enabled": false,
|
||||
"types": 0,
|
||||
"options": {
|
||||
"webhookUrl": "",
|
||||
"enableMentions": true
|
||||
}
|
||||
},
|
||||
"lunasea": {
|
||||
"enabled": false,
|
||||
"types": 0,
|
||||
"options": {
|
||||
"webhookUrl": ""
|
||||
}
|
||||
},
|
||||
"slack": {
|
||||
"enabled": false,
|
||||
"types": 0,
|
||||
"options": {
|
||||
"webhookUrl": ""
|
||||
}
|
||||
},
|
||||
"telegram": {
|
||||
"enabled": false,
|
||||
"types": 0,
|
||||
"options": {
|
||||
"botAPI": "",
|
||||
"chatId": "",
|
||||
"sendSilently": false
|
||||
}
|
||||
},
|
||||
"pushbullet": {
|
||||
"enabled": false,
|
||||
"types": 0,
|
||||
"options": {
|
||||
"accessToken": ""
|
||||
}
|
||||
},
|
||||
"pushover": {
|
||||
"enabled": false,
|
||||
"types": 0,
|
||||
"options": {
|
||||
"accessToken": "",
|
||||
"userToken": "",
|
||||
"sound": ""
|
||||
}
|
||||
},
|
||||
"webhook": {
|
||||
"enabled": false,
|
||||
"types": 0,
|
||||
"options": {
|
||||
"webhookUrl": "",
|
||||
"jsonPayload": "IntcbiAgXCJub3RpZmljYXRpb25fdHlwZVwiOiBcInt7bm90aWZpY2F0aW9uX3R5cGV9fVwiLFxuICBcImV2ZW50XCI6IFwie3tldmVudH19XCIsXG4gIFwic3ViamVjdFwiOiBcInt7c3ViamVjdH19XCIsXG4gIFwibWVzc2FnZVwiOiBcInt7bWVzc2FnZX19XCIsXG4gIFwiaW1hZ2VcIjogXCJ7e2ltYWdlfX1cIixcbiAgXCJ7e21lZGlhfX1cIjoge1xuICAgIFwibWVkaWFfdHlwZVwiOiBcInt7bWVkaWFfdHlwZX19XCIsXG4gICAgXCJ0bWRiSWRcIjogXCJ7e21lZGlhX3RtZGJpZH19XCIsXG4gICAgXCJ0dmRiSWRcIjogXCJ7e21lZGlhX3R2ZGJpZH19XCIsXG4gICAgXCJzdGF0dXNcIjogXCJ7e21lZGlhX3N0YXR1c319XCIsXG4gICAgXCJzdGF0dXM0a1wiOiBcInt7bWVkaWFfc3RhdHVzNGt9fVwiXG4gIH0sXG4gIFwie3tyZXF1ZXN0fX1cIjoge1xuICAgIFwicmVxdWVzdF9pZFwiOiBcInt7cmVxdWVzdF9pZH19XCIsXG4gICAgXCJyZXF1ZXN0ZWRCeV9lbWFpbFwiOiBcInt7cmVxdWVzdGVkQnlfZW1haWx9fVwiLFxuICAgIFwicmVxdWVzdGVkQnlfdXNlcm5hbWVcIjogXCJ7e3JlcXVlc3RlZEJ5X3VzZXJuYW1lfX1cIixcbiAgICBcInJlcXVlc3RlZEJ5X2F2YXRhclwiOiBcInt7cmVxdWVzdGVkQnlfYXZhdGFyfX1cIixcbiAgICBcInJlcXVlc3RlZEJ5X3NldHRpbmdzX2Rpc2NvcmRJZFwiOiBcInt7cmVxdWVzdGVkQnlfc2V0dGluZ3NfZGlzY29yZElkfX1cIixcbiAgICBcInJlcXVlc3RlZEJ5X3NldHRpbmdzX3RlbGVncmFtQ2hhdElkXCI6IFwie3tyZXF1ZXN0ZWRCeV9zZXR0aW5nc190ZWxlZ3JhbUNoYXRJZH19XCJcbiAgfSxcbiAgXCJ7e2lzc3VlfX1cIjoge1xuICAgIFwiaXNzdWVfaWRcIjogXCJ7e2lzc3VlX2lkfX1cIixcbiAgICBcImlzc3VlX3R5cGVcIjogXCJ7e2lzc3VlX3R5cGV9fVwiLFxuICAgIFwiaXNzdWVfc3RhdHVzXCI6IFwie3tpc3N1ZV9zdGF0dXN9fVwiLFxuICAgIFwicmVwb3J0ZWRCeV9lbWFpbFwiOiBcInt7cmVwb3J0ZWRCeV9lbWFpbH19XCIsXG4gICAgXCJyZXBvcnRlZEJ5X3VzZXJuYW1lXCI6IFwie3tyZXBvcnRlZEJ5X3VzZXJuYW1lfX1cIixcbiAgICBcInJlcG9ydGVkQnlfYXZhdGFyXCI6IFwie3tyZXBvcnRlZEJ5X2F2YXRhcn19XCIsXG4gICAgXCJyZXBvcnRlZEJ5X3NldHRpbmdzX2Rpc2NvcmRJZFwiOiBcInt7cmVwb3J0ZWRCeV9zZXR0aW5nc19kaXNjb3JkSWR9fVwiLFxuICAgIFwicmVwb3J0ZWRCeV9zZXR0aW5nc190ZWxlZ3JhbUNoYXRJZFwiOiBcInt7cmVwb3J0ZWRCeV9zZXR0aW5nc190ZWxlZ3JhbUNoYXRJZH19XCJcbiAgfSxcbiAgXCJ7e2NvbW1lbnR9fVwiOiB7XG4gICAgXCJjb21tZW50X21lc3NhZ2VcIjogXCJ7e2NvbW1lbnRfbWVzc2FnZX19XCIsXG4gICAgXCJjb21tZW50ZWRCeV9lbWFpbFwiOiBcInt7Y29tbWVudGVkQnlfZW1haWx9fVwiLFxuICAgIFwiY29tbWVudGVkQnlfdXNlcm5hbWVcIjogXCJ7e2NvbW1lbnRlZEJ5X3VzZXJuYW1lfX1cIixcbiAgICBcImNvbW1lbnRlZEJ5X2F2YXRhclwiOiBcInt7Y29tbWVudGVkQnlfYXZhdGFyfX1cIixcbiAgICBcImNvbW1lbnRlZEJ5X3NldHRpbmdzX2Rpc2NvcmRJZFwiOiBcInt7Y29tbWVudGVkQnlfc2V0dGluZ3NfZGlzY29yZElkfX1cIixcbiAgICBcImNvbW1lbnRlZEJ5X3NldHRpbmdzX3RlbGVncmFtQ2hhdElkXCI6IFwie3tjb21tZW50ZWRCeV9zZXR0aW5nc190ZWxlZ3JhbUNoYXRJZH19XCJcbiAgfSxcbiAgXCJ7e2V4dHJhfX1cIjogW11cbn0i"
|
||||
}
|
||||
},
|
||||
"webpush": {
|
||||
"enabled": false,
|
||||
"options": {}
|
||||
},
|
||||
"gotify": {
|
||||
"enabled": false,
|
||||
"types": 0,
|
||||
"options": {
|
||||
"url": "",
|
||||
"token": ""
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"jobs": {
|
||||
"plex-recently-added-scan": {
|
||||
"schedule": "0 */5 * * * *"
|
||||
},
|
||||
"plex-full-scan": {
|
||||
"schedule": "0 0 3 * * *"
|
||||
},
|
||||
"plex-watchlist-sync": {
|
||||
"schedule": "0 */10 * * * *"
|
||||
},
|
||||
"radarr-scan": {
|
||||
"schedule": "0 0 4 * * *"
|
||||
},
|
||||
"sonarr-scan": {
|
||||
"schedule": "0 30 4 * * *"
|
||||
},
|
||||
"availability-sync": {
|
||||
"schedule": "0 0 5 * * *"
|
||||
},
|
||||
"download-sync": {
|
||||
"schedule": "0 * * * * *"
|
||||
},
|
||||
"download-sync-reset": {
|
||||
"schedule": "0 0 1 * * *"
|
||||
},
|
||||
"jellyfin-recently-added-scan": {
|
||||
"schedule": "0 */5 * * * *"
|
||||
},
|
||||
"jellyfin-full-scan": {
|
||||
"schedule": "0 0 3 * * *"
|
||||
},
|
||||
"image-cache-cleanup": {
|
||||
"schedule": "0 0 5 * * *"
|
||||
}
|
||||
}
|
||||
}
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
creationTimestamp: "2024-05-02T22:13:49Z"
|
||||
name: jellyseerr
|
||||
namespace: jellyseerr
|
||||
resourceVersion: "6982"
|
||||
uid: 00bf4e51-4a34-46b5-8e5c-1bdd957f5bb5
|
|
@ -6,3 +6,4 @@ resources:
|
|||
- Ingress-jellyseerr.yaml
|
||||
- VaultAuth.yaml
|
||||
- VaultStaticSecret-jellyseerr.yaml
|
||||
- ConfigMap-jellyseerr.yaml
|
||||
|
|
8
kubernetes/nitter/ConfigMap-nitter-bot.yaml
Normal file
8
kubernetes/nitter/ConfigMap-nitter-bot.yaml
Normal file
|
@ -0,0 +1,8 @@
|
|||
apiVersion: v1
|
||||
data:
|
||||
NITTER_EXTERNAL_URL: https://nitter.gmem.ca
|
||||
NITTER_URL: http://nitter:8080
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: nitter-bot
|
||||
namespace: nitter
|
103
kubernetes/nitter/ConfigMap-nitter.yaml
Normal file
103
kubernetes/nitter/ConfigMap-nitter.yaml
Normal file
|
@ -0,0 +1,103 @@
|
|||
apiVersion: v1
|
||||
data:
|
||||
nitter-ro.conf: |
|
||||
[Server]
|
||||
hostname = "nitter.gmem.ca" # for generating links, change this to your own domain/ip
|
||||
title = "nitter.gmem.ca"
|
||||
address = "0.0.0.0"
|
||||
port = 8081
|
||||
https = false # disable to enable cookies when not using https
|
||||
httpMaxConnections = 100
|
||||
staticDir = "./public"
|
||||
readOnly = true
|
||||
|
||||
[Cache]
|
||||
listMinutes = 240 # how long to cache list info (not the tweets, so keep it high)
|
||||
rssMinutes = 10 # how long to cache rss queries
|
||||
redisHost = "nitter-redis-master" # Change to "nitter-redis" if using docker-compose
|
||||
redisPort = 6379
|
||||
redisPassword = ""
|
||||
redisConnections = 20 # minimum open connections in pool
|
||||
redisMaxConnections = 30
|
||||
# new connections are opened when none are available, but if the pool size
|
||||
# goes above this, they're closed when released. don't worry about this unless
|
||||
# you receive tons of requests per second
|
||||
|
||||
[Config]
|
||||
hmacKey = "66c3d14a0576c2c0fb723a2193f8f7a49f8f70a87c4e3b5b278cafa988cd3df25f92dc6d59fe2e44ca0316f850df4d42849833ebd3fbf2dba07479b20ebb543e" # random key for cryptographic signing of video urls
|
||||
base64Media = false # use base64 encoding for proxied media urls
|
||||
enableRSS = true # set this to false to disable RSS feeds
|
||||
enableDebug = false # enable request logs and debug endpoints (/.tokens)
|
||||
proxy = "" # http/https url, SOCKS proxies are not supported
|
||||
proxyAuth = ""
|
||||
tokenCount = 10
|
||||
# minimum amount of usable tokens. tokens are used to authorize API requests,
|
||||
# but they expire after ~1 hour, and have a limit of 500 requests per endpoint.
|
||||
# the limits reset every 15 minutes, and the pool is filled up so there's
|
||||
# always at least `tokenCount` usable tokens. only increase this if you receive
|
||||
# major bursts all the time and don't have a rate limiting setup via e.g. nginx
|
||||
|
||||
# cookieHeader = "ct0=a5239634ecfbbdfe8c4826016062b7c1d3f5db7f5ccf45898d854739541810865323f2535c504bcd4f3907ee888379b02871a4fa78abace77c6f155c515740e99fb8add35bcd38ac534927e6c5744ba2; auth_token=cd6e00f611df987100a886885b019a3c6b575c97" # authentication cookie of a logged in account, required for the likes tab and NSFW content
|
||||
# xCsrfToken = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" # required for the likes tab and NSFW content
|
||||
|
||||
# Change default preferences here, see src/prefs_impl.nim for a complete list
|
||||
[Preferences]
|
||||
theme = "Nitter"
|
||||
replaceTwitter = "nitter.gmem.ca"
|
||||
replaceYouTube = "piped.video"
|
||||
replaceReddit = "teddit.net"
|
||||
proxyVideos = false
|
||||
hlsPlayback = true
|
||||
infiniteScroll = true
|
||||
nitter.conf: |
|
||||
[Server]
|
||||
hostname = "nitter.gmem.ca" # for generating links, change this to your own domain/ip
|
||||
title = "nitter.gmem.ca"
|
||||
address = "0.0.0.0"
|
||||
port = 8080
|
||||
https = false # disable to enable cookies when not using https
|
||||
httpMaxConnections = 100
|
||||
staticDir = "./public"
|
||||
|
||||
[Cache]
|
||||
listMinutes = 240 # how long to cache list info (not the tweets, so keep it high)
|
||||
rssMinutes = 10 # how long to cache rss queries
|
||||
redisHost = "nitter-redis-master" # Change to "nitter-redis" if using docker-compose
|
||||
redisPort = 6379
|
||||
redisPassword = ""
|
||||
redisConnections = 20 # minimum open connections in pool
|
||||
redisMaxConnections = 30
|
||||
# new connections are opened when none are available, but if the pool size
|
||||
# goes above this, they're closed when released. don't worry about this unless
|
||||
# you receive tons of requests per second
|
||||
|
||||
[Config]
|
||||
hmacKey = "66c3d14a0576c2c0fb723a2193f8f7a49f8f70a87c4e3b5b278cafa988cd3df25f92dc6d59fe2e44ca0316f850df4d42849833ebd3fbf2dba07479b20ebb543e" # random key for cryptographic signing of video urls
|
||||
base64Media = false # use base64 encoding for proxied media urls
|
||||
enableRSS = true # set this to false to disable RSS feeds
|
||||
enableDebug = false # enable request logs and debug endpoints (/.tokens)
|
||||
proxy = "" # http/https url, SOCKS proxies are not supported
|
||||
proxyAuth = ""
|
||||
tokenCount = 10
|
||||
# minimum amount of usable tokens. tokens are used to authorize API requests,
|
||||
# but they expire after ~1 hour, and have a limit of 500 requests per endpoint.
|
||||
# the limits reset every 15 minutes, and the pool is filled up so there's
|
||||
# always at least `tokenCount` usable tokens. only increase this if you receive
|
||||
# major bursts all the time and don't have a rate limiting setup via e.g. nginx
|
||||
|
||||
# cookieHeader = "ct0=a5239634ecfbbdfe8c4826016062b7c1d3f5db7f5ccf45898d854739541810865323f2535c504bcd4f3907ee888379b02871a4fa78abace77c6f155c515740e99fb8add35bcd38ac534927e6c5744ba2; auth_token=cd6e00f611df987100a886885b019a3c6b575c97" # authentication cookie of a logged in account, required for the likes tab and NSFW content
|
||||
# xCsrfToken = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" # required for the likes tab and NSFW content
|
||||
|
||||
# Change default preferences here, see src/prefs_impl.nim for a complete list
|
||||
[Preferences]
|
||||
theme = "Nitter"
|
||||
replaceTwitter = "nitter.gmem.ca"
|
||||
replaceYouTube = "piped.gmem.ca"
|
||||
replaceReddit = "red.gmem.ca"
|
||||
proxyVideos = false
|
||||
hlsPlayback = true
|
||||
infiniteScroll = true
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: nitter
|
||||
namespace: nitter
|
|
@ -11,6 +11,8 @@ resources:
|
|||
- VaultAuth.yaml
|
||||
- VaultStaticSecret-nitter-bot.yaml
|
||||
- VaultStaticSecret-nitter.yaml
|
||||
- ConfigMap-nitter.yaml
|
||||
- ConfigMap-nitter-bot.yaml
|
||||
|
||||
helmCharts:
|
||||
- name: redis
|
||||
|
|
|
@ -1,29 +0,0 @@
|
|||
apiVersion: v1
|
||||
data:
|
||||
limiter.toml: '# This configuration file updates the default configuration file
|
||||
|
||||
# See https://github.com/searxng/searxng/blob/master/searx/botdetection/limiter.toml
|
||||
|
||||
|
||||
[botdetection.ip_limit]
|
||||
|
||||
# activate link_token method in the ip_limit method
|
||||
|
||||
link_token = true
|
||||
|
||||
'
|
||||
settings.yml: "use_default_settings: true\nserver:\n image_proxy: true\n http_protocol_version:\
|
||||
\ \"1.1\"\n method: \"GET\"\nui:\n static_use_hash: true\nredis:\n url: redis://searxng-redis-master:6379/0\n\
|
||||
general:\n instance_name: search.gmem.ca\nhostname_replace:\n '(.*\\.)?youtube\\\
|
||||
.com$': 'piped.gmem.ca'\n '(.*\\.)?youtu\\.be$': 'piped.gmem.ca'\n '(.*\\.)?youtube-noocookie\\\
|
||||
.com$': 'piped.gmem.ca'\n '(www\\.)?twitter\\.com$': 'nitter.gmem.ca'\n '(www\\\
|
||||
.)?x\\.com$': 'nitter.gmem.ca'\n '(.*\\.)?reddit\\.com$': 'red.gmem.ca'\n"
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
annotations:
|
||||
kubenix/k8s-version: '1.30'
|
||||
kubenix/project-name: kubenix
|
||||
labels:
|
||||
kubenix/hash: e672eb08bf0db5ef675b3b6036ca047f43b4614f
|
||||
name: searxng-3e1ca337d7
|
||||
namespace: searxng
|
|
@ -42,5 +42,5 @@ spec:
|
|||
subPath: limiter.toml
|
||||
volumes:
|
||||
- configMap:
|
||||
name: searxng-3e1ca337d7
|
||||
name: searxng
|
||||
name: config
|
||||
|
|
|
@ -1,4 +1,8 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
namespace: searxng
|
||||
|
||||
helmCharts:
|
||||
- name: redis
|
||||
releaseName: searxng-redis
|
||||
|
@ -12,12 +16,16 @@ helmCharts:
|
|||
repository: redict
|
||||
tag: 7.3-compat
|
||||
version: 18.6.1
|
||||
kind: Kustomization
|
||||
namespace: searxng
|
||||
|
||||
resources:
|
||||
- ConfigMap-searxng-3e1ca337d7.yaml
|
||||
- Deployment-searxng.yaml
|
||||
- Service-searxng.yaml
|
||||
- Ingress-searxng.yaml
|
||||
- VaultAuth.yaml
|
||||
- VaultStaticSecret-searxng.yaml
|
||||
|
||||
configMapGenerator:
|
||||
- name: searxng
|
||||
files:
|
||||
- limiter.toml
|
||||
- settings.yml
|
||||
|
|
6
kubernetes/searxng/limiter.toml
Normal file
6
kubernetes/searxng/limiter.toml
Normal file
|
@ -0,0 +1,6 @@
|
|||
# This configuration file updates the default configuration file
|
||||
|
||||
# See https://github.com/searxng/searxng/blob/master/searx/botdetection/limiter.toml
|
||||
[botdetection.ip_limit]
|
||||
# activate link_token method in the ip_limit method
|
||||
link_token = true
|
19
kubernetes/searxng/settings.yml
Normal file
19
kubernetes/searxng/settings.yml
Normal file
|
@ -0,0 +1,19 @@
|
|||
use_default_settings: true
|
||||
server:
|
||||
image_proxy: true
|
||||
http_protocol_version: "1.1"
|
||||
method: "GET"
|
||||
ui:
|
||||
static_use_hash: true
|
||||
redis:
|
||||
url: redis://searxng-redis-master:6379/0
|
||||
general:
|
||||
instance_name: search.gmem.ca
|
||||
hostnames:
|
||||
replace:
|
||||
'(.*\.)?youtube\.com$': 'piped.gmem.ca'
|
||||
'(.*\.)?youtube\.com$': 'piped.gmem.ca'
|
||||
'(.*\.)?youtube-noocookie.com$': 'piped.gmem.ca'
|
||||
'(.*\.)?twitter.com$': 'nitter.gmem.ca'
|
||||
'(.*\.)?x.com$': 'nitter.gmem.ca'
|
||||
'(.*\.)?reddit.com$': 'red.gmem.ca'
|
|
@ -12,3 +12,25 @@ spec:
|
|||
refreshAfter: 30s
|
||||
type: kv-v2
|
||||
vaultAuthRef: vault
|
||||
---
|
||||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultDynamicSecret
|
||||
metadata:
|
||||
name: postgres-vaultwarden
|
||||
namespace: vaultwarden
|
||||
spec:
|
||||
allowStaticCreds: true
|
||||
destination:
|
||||
create: true
|
||||
name: postgres-vaultwarden
|
||||
transformation:
|
||||
templates:
|
||||
DATABASE_URL:
|
||||
text: postgres://{{ .Secrets.username }}:{{ .Secrets.password }}@192.168.50.236/vaultwarden
|
||||
mount: database
|
||||
path: static-creds/vaultwarden
|
||||
refreshAfter: 30s
|
||||
vaultAuthRef: vault
|
||||
rolloutRestartTargets:
|
||||
- name: vaultwarden
|
||||
kind: Deployment
|
||||
|
|
|
@ -16,10 +16,6 @@ spec:
|
|||
volumes:
|
||||
- name: data-dir
|
||||
emptyDir: {}
|
||||
- name: rsa-keys
|
||||
secret:
|
||||
secretName: vaultwarden-rsa
|
||||
defaultMode: 0644
|
||||
containers:
|
||||
- name: vaultwarden
|
||||
image: vaultwarden/server:testing
|
||||
|
@ -34,8 +30,10 @@ spec:
|
|||
envFrom:
|
||||
- secretRef:
|
||||
name: vaultwarden
|
||||
- secretRef:
|
||||
name: postgres-vaultwarden
|
||||
- configMapRef:
|
||||
name: vaultwarden-env
|
||||
name: vaultwarden
|
||||
env:
|
||||
- name: LOG_LEVEL
|
||||
value: debug
|
||||
|
@ -43,9 +41,6 @@ spec:
|
|||
- containerPort: 80
|
||||
name: web
|
||||
volumeMounts:
|
||||
- name: rsa-keys
|
||||
mountPath: /data/keys
|
||||
readOnly: true
|
||||
- name: data-dir
|
||||
mountPath: /data
|
||||
---
|
||||
|
@ -87,49 +82,3 @@ spec:
|
|||
name: vaultwarden
|
||||
port:
|
||||
number: 80
|
||||
---
|
||||
apiVersion: secrets.infisical.com/v1alpha1
|
||||
kind: InfisicalSecret
|
||||
metadata:
|
||||
name: vaultwarden
|
||||
namespace: vaultwarden
|
||||
spec:
|
||||
hostAPI: http://infisical:8080
|
||||
resyncInterval: 10
|
||||
authentication:
|
||||
kubernetesAuth:
|
||||
identityId: 68d1f432-7b0a-4e4a-b439-acbbbc160f1e
|
||||
serviceAccountRef:
|
||||
name: infisical-auth
|
||||
namespace: infisical
|
||||
secretsScope:
|
||||
projectSlug: kubernetes-homelab-dp67
|
||||
envSlug: prod
|
||||
secretsPath: "/vaultwarden"
|
||||
managedSecretReference:
|
||||
secretName: vaultwarden
|
||||
secretNamespace: vaultwarden
|
||||
creationPolicy: "Owner"
|
||||
---
|
||||
apiVersion: secrets.infisical.com/v1alpha1
|
||||
kind: InfisicalSecret
|
||||
metadata:
|
||||
name: vaultwarden-rsa
|
||||
namespace: vaultwarden
|
||||
spec:
|
||||
hostAPI: http://infisical:8080
|
||||
resyncInterval: 10
|
||||
authentication:
|
||||
kubernetesAuth:
|
||||
identityId: 68d1f432-7b0a-4e4a-b439-acbbbc160f1e
|
||||
serviceAccountRef:
|
||||
name: infisical-auth
|
||||
namespace: infisical
|
||||
secretsScope:
|
||||
projectSlug: kubernetes-homelab-dp67
|
||||
envSlug: prod
|
||||
secretsPath: "/vaultwarden/keys"
|
||||
managedSecretReference:
|
||||
secretName: vaultwarden-rsa
|
||||
secretNamespace: vaultwarden
|
||||
creationPolicy: "Owner"
|
||||
|
|
|
@ -1,6 +1,14 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
namespace: vaultwarden
|
||||
|
||||
resources:
|
||||
- VaultAuth.yaml
|
||||
- VaultStaticSecret-vaultwarden.yaml
|
||||
- deployment.yaml
|
||||
|
||||
configMapGenerator:
|
||||
- name: vaultwarden
|
||||
envs:
|
||||
- vaultwarden.env
|
||||
|
|
15
kubernetes/vaultwarden/vaultwarden.env
Normal file
15
kubernetes/vaultwarden/vaultwarden.env
Normal file
|
@ -0,0 +1,15 @@
|
|||
DOMAIN=https://pw.gmem.ca
|
||||
ENABLE_WEBSOCKET=true
|
||||
EXTENDED_LOGGING=true
|
||||
IP_HEADER=X-Real-IP
|
||||
LOG_LEVEL=error
|
||||
PUSH_ENABLED=true
|
||||
PUSH_IDENTITY_URI=https://identity.bitwarden.eu
|
||||
PUSH_RELAY_URI=https://push.bitwarden.eu
|
||||
RSA_KEY_FILENAME=/data/rsa_key
|
||||
SIGNUPS_ALLOWED=false
|
||||
SIGNUPS_VERIFY=true
|
||||
SMTP_FROM=vaultwarden@gmem.ca
|
||||
SMTP_FROM_NAME=Arch's Vault
|
||||
SMTP_PORT=465
|
||||
SMTP_SECURITY=force_tls
|
36
kubernetes/vrchat/config.toml
Normal file
36
kubernetes/vrchat/config.toml
Normal file
|
@ -0,0 +1,36 @@
|
|||
[groups.waterwolf]
|
||||
id = "grp_41df2df4-be4e-4a4e-be5e-eabb1425c4e5"
|
||||
vrcdn = "waterwolf"
|
||||
|
||||
[groups.vibenight]
|
||||
id = "grp_8cf1101a-e75d-4e80-b5d5-c5ba2916cce8"
|
||||
vrcdn = "vibenight"
|
||||
|
||||
[groups.vibenight-roxy]
|
||||
id = ""
|
||||
vrcdn = "roxyreee"
|
||||
|
||||
[groups.zrave]
|
||||
id = "grp_f65e9e2e-c2a4-46af-a787-0e7c5d6be03c"
|
||||
vrcdn = "furxmas"
|
||||
|
||||
[groups.eufuria]
|
||||
id = "grp_47c07467-c09a-4354-bba2-31e103b3c934"
|
||||
vrcdn = "technicallysane"
|
||||
|
||||
[groups.waterwolf-nullreff]
|
||||
id = ""
|
||||
vrcdn = "nullreff"
|
||||
|
||||
[groups.con-vr-portals]
|
||||
id = "grp_dcddb898-14bf-41ab-8c3e-e874847be6c9"
|
||||
|
||||
#[groups.furality]
|
||||
#id = "grp_210dbc09-c3da-4ebb-b641-73c99ce2619b"
|
||||
#vrcdn = "furalityvrcdn"
|
||||
|
||||
[worlds]
|
||||
"becki" = "wrld_e3a45ec6-a319-42af-b68d-f82f47bddef3"
|
||||
"foxxcon" = "wrld_27806231-964b-4fbe-add8-10bf14be8071"
|
||||
"becki v2" = "wrld_74f11f39-9064-4d03-93e9-2141f4a60147"
|
||||
|
|
@ -1,7 +1,15 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
namespace: vrchat
|
||||
|
||||
resources:
|
||||
- Deployment-vrchat-prometheus-adapter.yaml
|
||||
- Service-vrchat-prometheus-adapter.yaml
|
||||
- ServiceMonitor-vrchat-prometheus-adapter.yaml
|
||||
- VaultAuth.yaml
|
||||
|
||||
configMapGenerator:
|
||||
- name: vrchat-prometheus-adapter
|
||||
files:
|
||||
- config.toml
|
||||
|
|
Loading…
Reference in a new issue