From 8109cc44d0fc7ec44c3141e443e2b49451f32647 Mon Sep 17 00:00:00 2001 From: Gabriel Simmer Date: Tue, 5 Sep 2023 17:10:55 +0100 Subject: [PATCH] Add food. and home. --- homelab/food.yaml | 118 +++++++++++++++++++++++ homelab/home.yml | 49 ++++++++++ krops/oracle-nix-cache/configuration.nix | 26 ++--- 3 files changed, 182 insertions(+), 11 deletions(-) create mode 100644 homelab/food.yaml create mode 100644 homelab/home.yml diff --git a/homelab/food.yaml b/homelab/food.yaml new file mode 100644 index 0000000..e7186e1 --- /dev/null +++ b/homelab/food.yaml @@ -0,0 +1,118 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: grocy +spec: + podManagementPolicy: OrderedReady + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app: grocy + serviceName: grocy + replicas: 1 + template: + metadata: + labels: + app: grocy + spec: + securityContext: + fsGroup: 911 + #runAsUser: 911 + #runAsGroup: 911 + + initContainers: + - name: init-litestream + image: litestream/litestream:sha-749bc0d + args: ['restore', '-if-db-not-exists', '-if-replica-exists', '-v', '/config/data/grocy.db'] + volumeMounts: + - name: config + mountPath: /config + - name: litestream + mountPath: /etc/litestream.yml + subPath: grocy.yml + envFrom: + - secretRef: + name: grocy-litestream-s3 + + containers: + - name: grocy + image: lscr.io/linuxserver/grocy:latest + ports: + - containerPort: 80 + name: web + env: + - name: PUID + value: "911" + - name: PGID + value: "911" + volumeMounts: + - name: config + mountPath: /config + - name: litestream + image: litestream/litestream:sha-749bc0d + args: ['replicate'] + volumeMounts: + - name: config + mountPath: /config + - name: litestream + mountPath: /etc/litestream.yml + subPath: grocy.yml + envFrom: + - secretRef: + name: grocy-litestream-s3 + ports: + - name: metrics + containerPort: 9090 + resources: + limits: + memory: "128Mi" + cpu: "300m" + requests: + memory: "64Mi" + cpu: "100m" + + volumes: + - name: litestream + configMap: + name: grocy-litestream + volumeClaimTemplates: + - metadata: + name: config + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: 1Gi +--- +apiVersion: v1 +kind: Service +metadata: + name: grocy + annotations: + prometheus.io/port: "9090" + prometheus.io/scrape: "true" + prometheus.io/path: "/metrics" +spec: + selector: + app: grocy + ports: + - port: 80 + targetPort: 80 + name: web + - port: 9090 + targetPort: 9090 + name: litestream-metrics +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: grocy +spec: + selector: + matchLabels: + app: grocy + endpoints: + - port: metrics + interval: 30s diff --git a/homelab/home.yml b/homelab/home.yml new file mode 100644 index 0000000..86afc55 --- /dev/null +++ b/homelab/home.yml @@ -0,0 +1,49 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: dashy +spec: + podManagementPolicy: OrderedReady + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app: dashy + serviceName: dashy + replicas: 1 + template: + metadata: + labels: + app: dashy + spec: + containers: + - name: dashy + image: lissy93/dashy:latest + ports: + - containerPort: 80 + name: web + volumeMounts: + - name: config + mountPath: /app/public + + volumeClaimTemplates: + - metadata: + name: config + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: 1Gi +--- +apiVersion: v1 +kind: Service +metadata: + name: dashy +spec: + selector: + app: dashy + ports: + - port: 80 + targetPort: 80 + name: web diff --git a/krops/oracle-nix-cache/configuration.nix b/krops/oracle-nix-cache/configuration.nix index c80987d..cfa203a 100644 --- a/krops/oracle-nix-cache/configuration.nix +++ b/krops/oracle-nix-cache/configuration.nix @@ -51,7 +51,7 @@ users.users.root.openssh.authorizedKeys.keys = let authorizedKeys = pkgs.fetchurl { url = "https://gmem.ca/ssh"; - sha256 = "0iwrm80hsadr0midy0h3da4x0sbci76a92g8f9wnz5pj38gimdi9"; + sha256 = "0vm0q5fzx55mmgw7md430c20rvywmknmpvnkffx9szlm0l74bypc"; }; in pkgs.lib.splitString "\n" (builtins.readFile authorizedKeys); @@ -71,10 +71,6 @@ rpcbind.enable = true; openssh.enable = true; tailscale.enable = true; - nix-serve = { - enable = true; - secretKeyFile = "/var/cache-priv-key.pem"; - }; nginx = { enable = true; recommendedProxySettings = true; @@ -84,11 +80,6 @@ recommendedOptimisation = true; recommendedTlsSettings = true; virtualHosts = { - "nix-cache.gmem.ca" = { - enableACME = true; - forceSSL = true; - locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; - }; "git.gmem.ca" = { enableACME = true; forceSSL = true; @@ -100,13 +91,26 @@ ''; }; }; + "food.gmem.ca" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://100.77.43.133"; + extraConfig = + '' + client_max_body_size 100M; + ''; + }; + }; }; }; }; security.acme = { acceptTerms = true; - email = "acme@gmem.ca"; + defaults = { + email = "acme@gmem.ca"; + }; }; system.copySystemConfiguration = true;