This commit is contained in:
parent
b37680435e
commit
8109cc44d0
118
homelab/food.yaml
Normal file
118
homelab/food.yaml
Normal file
|
@ -0,0 +1,118 @@
|
|||
---
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: grocy
|
||||
spec:
|
||||
podManagementPolicy: OrderedReady
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: grocy
|
||||
serviceName: grocy
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: grocy
|
||||
spec:
|
||||
securityContext:
|
||||
fsGroup: 911
|
||||
#runAsUser: 911
|
||||
#runAsGroup: 911
|
||||
|
||||
initContainers:
|
||||
- name: init-litestream
|
||||
image: litestream/litestream:sha-749bc0d
|
||||
args: ['restore', '-if-db-not-exists', '-if-replica-exists', '-v', '/config/data/grocy.db']
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /config
|
||||
- name: litestream
|
||||
mountPath: /etc/litestream.yml
|
||||
subPath: grocy.yml
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: grocy-litestream-s3
|
||||
|
||||
containers:
|
||||
- name: grocy
|
||||
image: lscr.io/linuxserver/grocy:latest
|
||||
ports:
|
||||
- containerPort: 80
|
||||
name: web
|
||||
env:
|
||||
- name: PUID
|
||||
value: "911"
|
||||
- name: PGID
|
||||
value: "911"
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /config
|
||||
- name: litestream
|
||||
image: litestream/litestream:sha-749bc0d
|
||||
args: ['replicate']
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /config
|
||||
- name: litestream
|
||||
mountPath: /etc/litestream.yml
|
||||
subPath: grocy.yml
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: grocy-litestream-s3
|
||||
ports:
|
||||
- name: metrics
|
||||
containerPort: 9090
|
||||
resources:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "300m"
|
||||
requests:
|
||||
memory: "64Mi"
|
||||
cpu: "100m"
|
||||
|
||||
volumes:
|
||||
- name: litestream
|
||||
configMap:
|
||||
name: grocy-litestream
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: config
|
||||
spec:
|
||||
accessModes: [ "ReadWriteOnce" ]
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: grocy
|
||||
annotations:
|
||||
prometheus.io/port: "9090"
|
||||
prometheus.io/scrape: "true"
|
||||
prometheus.io/path: "/metrics"
|
||||
spec:
|
||||
selector:
|
||||
app: grocy
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: 80
|
||||
name: web
|
||||
- port: 9090
|
||||
targetPort: 9090
|
||||
name: litestream-metrics
|
||||
---
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: grocy
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: grocy
|
||||
endpoints:
|
||||
- port: metrics
|
||||
interval: 30s
|
49
homelab/home.yml
Normal file
49
homelab/home.yml
Normal file
|
@ -0,0 +1,49 @@
|
|||
---
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: dashy
|
||||
spec:
|
||||
podManagementPolicy: OrderedReady
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: dashy
|
||||
serviceName: dashy
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: dashy
|
||||
spec:
|
||||
containers:
|
||||
- name: dashy
|
||||
image: lissy93/dashy:latest
|
||||
ports:
|
||||
- containerPort: 80
|
||||
name: web
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /app/public
|
||||
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: config
|
||||
spec:
|
||||
accessModes: [ "ReadWriteOnce" ]
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: dashy
|
||||
spec:
|
||||
selector:
|
||||
app: dashy
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: 80
|
||||
name: web
|
|
@ -51,7 +51,7 @@
|
|||
users.users.root.openssh.authorizedKeys.keys = let
|
||||
authorizedKeys = pkgs.fetchurl {
|
||||
url = "https://gmem.ca/ssh";
|
||||
sha256 = "0iwrm80hsadr0midy0h3da4x0sbci76a92g8f9wnz5pj38gimdi9";
|
||||
sha256 = "0vm0q5fzx55mmgw7md430c20rvywmknmpvnkffx9szlm0l74bypc";
|
||||
};
|
||||
in pkgs.lib.splitString "\n" (builtins.readFile
|
||||
authorizedKeys);
|
||||
|
@ -71,10 +71,6 @@
|
|||
rpcbind.enable = true;
|
||||
openssh.enable = true;
|
||||
tailscale.enable = true;
|
||||
nix-serve = {
|
||||
enable = true;
|
||||
secretKeyFile = "/var/cache-priv-key.pem";
|
||||
};
|
||||
nginx = {
|
||||
enable = true;
|
||||
recommendedProxySettings = true;
|
||||
|
@ -84,11 +80,6 @@
|
|||
recommendedOptimisation = true;
|
||||
recommendedTlsSettings = true;
|
||||
virtualHosts = {
|
||||
"nix-cache.gmem.ca" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
|
||||
};
|
||||
"git.gmem.ca" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
@ -100,14 +91,27 @@
|
|||
'';
|
||||
};
|
||||
};
|
||||
"food.gmem.ca" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://100.77.43.133";
|
||||
extraConfig =
|
||||
''
|
||||
client_max_body_size 100M;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults = {
|
||||
email = "acme@gmem.ca";
|
||||
};
|
||||
};
|
||||
|
||||
system.copySystemConfiguration = true;
|
||||
|
||||
|
|
Loading…
Reference in a new issue