Add food. and home.

homelab/food.yaml

@@ -0,0 +1,118 @@
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: grocy
+spec:
+  podManagementPolicy: OrderedReady
+  updateStrategy:
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: grocy
+  serviceName: grocy
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: grocy
+    spec:
+      securityContext:
+        fsGroup: 911
+        #runAsUser: 911
+        #runAsGroup: 911
+
+      initContainers:
+        - name: init-litestream
+          image: litestream/litestream:sha-749bc0d
+          args: ['restore', '-if-db-not-exists', '-if-replica-exists', '-v', '/config/data/grocy.db']
+          volumeMounts:
+          - name: config
+            mountPath: /config
+          - name: litestream
+            mountPath: /etc/litestream.yml
+            subPath: grocy.yml
+          envFrom:
+            - secretRef:
+                name: grocy-litestream-s3
+
+      containers:
+      - name: grocy
+        image: lscr.io/linuxserver/grocy:latest
+        ports:
+        - containerPort: 80
+          name: web
+        env:
+          - name: PUID
+            value: "911"
+          - name: PGID
+            value: "911"
+        volumeMounts:
+        - name: config
+          mountPath: /config
+      - name: litestream
+        image: litestream/litestream:sha-749bc0d
+        args: ['replicate']
+        volumeMounts:
+        - name: config
+          mountPath: /config
+        - name: litestream
+          mountPath: /etc/litestream.yml
+          subPath: grocy.yml
+        envFrom:
+          - secretRef:
+              name: grocy-litestream-s3
+        ports:
+        - name: metrics
+          containerPort: 9090
+        resources:
+          limits:
+            memory: "128Mi"
+            cpu: "300m"
+          requests:
+            memory: "64Mi"
+            cpu: "100m"
+
+      volumes:
+      - name: litestream
+        configMap:
+          name: grocy-litestream
+  volumeClaimTemplates:
+  - metadata:
+      name: config
+    spec:
+      accessModes: [ "ReadWriteOnce" ]
+      resources:
+        requests:
+          storage: 1Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: grocy
+  annotations:
+     prometheus.io/port: "9090"
+     prometheus.io/scrape: "true"
+     prometheus.io/path: "/metrics"
+spec:
+  selector:
+    app: grocy
+  ports:
+  - port: 80
+    targetPort: 80
+    name: web
+  - port: 9090
+    targetPort: 9090
+    name: litestream-metrics
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: grocy
+spec:
+  selector:
+    matchLabels:
+      app: grocy
+  endpoints:
+  - port: metrics
+    interval: 30s

homelab/home.yml

@@ -0,0 +1,49 @@
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: dashy
+spec:
+  podManagementPolicy: OrderedReady
+  updateStrategy:
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: dashy
+  serviceName: dashy
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: dashy
+    spec:
+      containers:
+      - name: dashy
+        image: lissy93/dashy:latest
+        ports:
+        - containerPort: 80
+          name: web
+        volumeMounts:
+        - name: config
+          mountPath: /app/public
+
+  volumeClaimTemplates:
+  - metadata:
+      name: config
+    spec:
+      accessModes: [ "ReadWriteOnce" ]
+      resources:
+        requests:
+          storage: 1Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: dashy
+spec:
+  selector:
+    app: dashy
+  ports:
+  - port: 80
+    targetPort: 80
+    name: web

krops/oracle-nix-cache/configuration.nix

@@ -51,7 +51,7 @@
   users.users.root.openssh.authorizedKeys.keys = let
     authorizedKeys = pkgs.fetchurl {
       url = "https://gmem.ca/ssh";
-      sha256 = "0iwrm80hsadr0midy0h3da4x0sbci76a92g8f9wnz5pj38gimdi9";
+      sha256 = "0vm0q5fzx55mmgw7md430c20rvywmknmpvnkffx9szlm0l74bypc";
     };
   in pkgs.lib.splitString "\n" (builtins.readFile
     authorizedKeys);
@@ -71,10 +71,6 @@
     rpcbind.enable = true;
     openssh.enable = true;
     tailscale.enable = true;
-    nix-serve = {
-      enable = true;
-      secretKeyFile = "/var/cache-priv-key.pem";
-    };
     nginx = {
       enable = true;
       recommendedProxySettings = true;
@@ -84,11 +80,6 @@
       recommendedOptimisation = true;
       recommendedTlsSettings = true;
       virtualHosts = {
-        "nix-cache.gmem.ca" = {
-          enableACME = true;
-          forceSSL = true;
-          locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
-        };
         "git.gmem.ca" = {
           enableACME = true;
           forceSSL = true;
@@ -100,13 +91,26 @@
               '';
           };
         };
+        "food.gmem.ca" = {
+          enableACME = true;
+          forceSSL = true;
+          locations."/" = {
+            proxyPass = "http://100.77.43.133";
+            extraConfig =
+              ''
+              client_max_body_size 100M;
+              '';
+          };
+        };
       };
     };
   };
 
   security.acme = {
     acceptTerms = true;
-    email = "acme@gmem.ca";
+    defaults = {
+      email = "acme@gmem.ca";
+    };
   };
 
   system.copySystemConfiguration = true;