arch/infra
arch/infra
1
0
Fork 0
Code Actions Packages Activity

Compare commits

base: arch:60cb3d141973c00190da1d45589bf20a7ff8b052
Branches Tags
arch:trunk
arch:woodpecker-ci
..
compare: arch:57582cc81567a23fb0a6d5c3d664d2034ebe1b4b
Branches Tags
arch:trunk
arch:woodpecker-ci

4 commits
60cb3d1419 ... 57582cc815

Author SHA1 Message Date
Gabriel Simmer 57582cc815
Update authentik
All checks were successful
Lint / lint (push) Successful in 42s
Details
2024-07-14 15:45:15 +01:00
Gabriel Simmer 37f28e2981
Update talos 2024-07-14 15:43:59 +01:00
Gabriel Simmer a385ed156c
Soju s3 configuration 2024-07-14 15:43:42 +01:00
Gabriel Simmer 12328f342f
Vaultwarden replicas with Vault provided JWTs 2024-07-14 15:43:05 +01:00
11 changed files with 55 additions and 10 deletions
Show stats Expand all files Collapse all files

2
kubernetes/authentik/authentik.yml
View file

@ -3,7 +3,7 @@ authentik:
enabled: false
global:
image:
tag: 2024.6.0
tag: 2024.6.1
env:
- name: AUTHENTIK_WEB__THREADS
value: "2"

2
kubernetes/authentik/kustomization.yaml
View file

@ -6,7 +6,7 @@ helmCharts:
releaseName: authentik
repo: https://charts.goauthentik.io
valuesFile: ./authentik.yml
version: 2024.6.0
version: 2024.6.1
kind: Kustomization
namespace: authentik
resources:

1
kubernetes/e6-gallery/e6-gallery.yaml
View file

@ -4,7 +4,6 @@ kind: Deployment
metadata:
name: e6-gallery
namespace: e6-gallery
spec:
selector:
matchLabels:

3
kubernetes/irc/Deployment-soju.yaml
View file

@ -33,6 +33,9 @@ spec:
secretKeyRef:
key: username
name: postgres-soju
envFrom:
- secretRef:
name: soju
image: git.gmem.ca/arch/soju:s3
imagePullPolicy: Always
name: soju

5
kubernetes/irc/config.in
View file

@ -1,9 +1,12 @@
listen ircs://
listen unix+admin:///app/admin
listen ws+insecure://
listen http+insecure://
listen http+prometheus://localhost:9090
hostname irc.gmem.ca
title irc.gmem.ca
db postgres "dbname=soju"
message-store db
tls /ssl/tls.crt /ssl/tls.key
file-upload s3 https://7dc420732ea679a530aee304ea49a63c.r2.cloudflarestorage.com/gabrielsimmer-com
file-cdn https://stash.arch.dog

1
kubernetes/kustomization.yaml
View file

@ -27,3 +27,4 @@ resources:
- vaultwarden
- smarthome
- cert-manager
- e6-gallery

15
kubernetes/vaultwarden/VaultStaticSecret-vaultwarden.yaml
View file

@ -34,3 +34,18 @@ spec:
rolloutRestartTargets:
- name: vaultwarden
kind: Deployment
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: vaultwarden-keys
namespace: vaultwarden
spec:
destination:
create: true
name: vaultwarden-keys
mount: kv
path: vaultwarden/keys
refreshAfter: 30s
type: kv-v2
vaultAuthRef: vault

34
kubernetes/vaultwarden/deployment.yaml
View file

@ -4,7 +4,7 @@ metadata:
name: vaultwarden
namespace: vaultwarden
spec:
replicas: 1
replicas: 2
selector:
matchLabels:
app: vaultwarden
@ -16,16 +16,26 @@ spec:
volumes:
- name: data-dir
emptyDir: {}
- name: rsa-key
secret:
secretName: vaultwarden-keys
initContainers:
- name: copy-keys
image: busybox:1.36
command: ['sh', '-c', 'cp /keys/rsa_key.pem /data' ]
volumeMounts:
- name: data-dir
mountPath: /data
- name: rsa-key
mountPath: /keys
containers:
- name: vaultwarden
image: vaultwarden/server:1.31.0
resources:
limits:
memory: "128Mi"
cpu: "500m"
memory: "256Mi"
requests:
memory: "64Mi"
cpu: "100m"
memory: "32Mi"
envFrom:
- secretRef:
name: vaultwarden
@ -41,6 +51,20 @@ spec:
ports:
- containerPort: 80
name: web
livenessProbe:
httpGet:
path: /alive
port: 80
failureThreshold: 1
initialDelaySeconds: 2
periodSeconds: 10
readinessProbe:
httpGet:
path: /alive
port: 80
failureThreshold: 1
initialDelaySeconds: 2
periodSeconds: 10
volumeMounts:
- name: data-dir
mountPath: /data

BIN
talos/controlplane.yaml.age
View file

Binary file not shown.

BIN
talos/worker-144.yaml.age
View file

Binary file not shown.

BIN
talos/worker-146.yaml.age
View file

Binary file not shown.