diff --git a/iac/src/main/k8s/services/act_runner/service.cljs b/iac/src/main/k8s/services/act_runner/service.cljs new file mode 100644 index 0000000..1f4e8f1 --- /dev/null +++ b/iac/src/main/k8s/services/act_runner/service.cljs @@ -0,0 +1,13 @@ +(ns k8s.services.act-runner.service) + + +(def config + {:stack [:vault-secrets :deployment :service] + :image-port 80 + :app-namespace "generic" + :app-name "act-runner" + :deployment-opts {:spec {:template {:spec {:containers [{:name 'app-name + :envFrom [{:secretRef {:name '(str app-name "-secrets")}}] + :image '(str repo "/" "act_runner" ":latest") + }] + }}}}}) \ No newline at end of file diff --git a/iac/src/main/k8s/services/foundryvtt/service.cljs b/iac/src/main/k8s/services/foundryvtt/service.cljs index 49415fe..2102aef 100644 --- a/iac/src/main/k8s/services/foundryvtt/service.cljs +++ b/iac/src/main/k8s/services/foundryvtt/service.cljs @@ -2,7 +2,7 @@ (def config {:stack [:vault-secrets :docker-image :deployment :service :ingress] - :image-port 80 + :image-port 30000 :app-namespace "generic" :app-name "foundry" :image-opts {:build {:args {:FOUNDRY_USERNAME 'FOUNDRY_USERNAME diff --git a/iac/src/main/k8s/services/gitea/service.cljs b/iac/src/main/k8s/services/gitea/service.cljs new file mode 100644 index 0000000..b2b8330 --- /dev/null +++ b/iac/src/main/k8s/services/gitea/service.cljs @@ -0,0 +1,24 @@ +(ns k8s.services.gitea.service) + +(def config + {:stack [:vault-secrets :deployment :service :ingress] + :image-port 3000 + :app-namespace "generic" + :app-name "gitea" + :deployment-opts {:spec {:template {:spec {:initContainers [ + {:name "init-permissions" + :image "busybox:latest" + :command ["sh" "-c" "chown -R 1000:1000 /var/lib/gitea && chown -R 1000:1000 /etc/gitea"] + :volumeMounts [{:name "gitea-data" :mountPath "/var/lib/gitea"} + {:name "gitea-config" :mountPath "/etc/gitea"}] + :securityContext {:runAsUser 0 :runAsGroup 0}} + ] + :containers [{:name 'app-name :image '(str repo "/" app-name ":latest-rootless") + :volumeMounts [{:name "gitea-data" :mountPath "/var/lib/gitea"} + {:name "gitea-config" :mountPath "/etc/gitea"} + {:name "timezone" :mountPath "/etc/timezone" :readOnly true} + {:name "localtime" :mountPath "/etc/localtime" :readOnly true}]}] + :volumes [{:name "gitea-data" :hostPath {:path "/opt/gitea/data" :type "DirectoryOrCreate"}} + {:name "gitea-config" :hostPath {:path "/opt/gitea/config" :type "DirectoryOrCreate"}} + {:name "timezone" :hostPath {:path "/etc/timezone" :type "File"}} + {:name "localtime" :hostPath {:path "/etc/localtime" :type "File"}}]}}}}}) diff --git a/iac/src/main/k8s/services/matrix/cinny/service.cljs b/iac/src/main/k8s/services/matrix/cinny/service.cljs new file mode 100644 index 0000000..dfde372 --- /dev/null +++ b/iac/src/main/k8s/services/matrix/cinny/service.cljs @@ -0,0 +1,12 @@ +(ns k8s.services.matrix.cinny.service) + +(def config + {:stack [:vault-secrets :docker-image :deployment :service :ingress] + :image-port 80 + :app-namespace "matrix" + :app-name "cinny" + :image-opts {:build {:args {:FOUNDRY_USERNAME 'FOUNDRY_USERNAME + :FOUNDRY_PASSWORD 'FOUNDRY_PASSWORD}} + :imageName '(str repo "/" app-name ":latest")} + :deployment-opts {:spec {:template {:spec {:imagePullSecrets [{:name "harbor-creds-secrets"}] + :containers [{:name 'app-name :image '(str repo "/" app-name ":latest")}]}}}}}) \ No newline at end of file diff --git a/iac/src/main/k8s/services/matrix/database/service.cljs b/iac/src/main/k8s/services/matrix/database/service.cljs new file mode 100644 index 0000000..244aee9 --- /dev/null +++ b/iac/src/main/k8s/services/matrix/database/service.cljs @@ -0,0 +1,13 @@ +(ns k8s.services.matrix.database.service) +;; env_file: +;; - .env +;; volumes: + ;; - ${PWD}/db-data/:/var/lib/postgresql/data/ + + +(def config + {:stack [:deployment :service :ingress] + :image-port 80 + :app-namespace "matrix" + :app-name "postgres" + :deployment-opts {:spec {:template {:spec {:containers [{:name 'app-name :image '(str repo "/" 'app-name ":latest")}]}}}}}) \ No newline at end of file diff --git a/iac/src/main/k8s/services/matrix/element/service.cljs b/iac/src/main/k8s/services/matrix/element/service.cljs new file mode 100644 index 0000000..23bf1d3 --- /dev/null +++ b/iac/src/main/k8s/services/matrix/element/service.cljs @@ -0,0 +1,14 @@ +;; volumes: +;; - ./personal/matrix/element-config.json:/app/config.json +;; environment: +;; ELEMENT_WEB_PORT: 3030 + +(ns k8s.services.matrix.element.service) + +(def config + {:stack [:vault-secrets :docker-image :deployment :service :ingress] + :image-port 80 + :app-namespace "matrix" + :app-name "element" + :deployment-opts {:spec {:template {:spec {:imagePullSecrets [{:name "harbor-creds-secrets"}] + :containers [{:name 'app-name :image '(str repo "/" app-name ":latest")}]}}}}}) \ No newline at end of file diff --git a/iac/src/main/k8s/services/matrix/element_call/service.cljs b/iac/src/main/k8s/services/matrix/element_call/service.cljs new file mode 100644 index 0000000..35c41c9 --- /dev/null +++ b/iac/src/main/k8s/services/matrix/element_call/service.cljs @@ -0,0 +1,18 @@ +(ns k8s.services.matrix.element-call.service) + +;; volumes: +;; - ./personal/matrix/elementcall/config.json:/app/config.json + +(def config + {:stack [:vault-secrets :deployment :service :ingress] + :image-port 80 + :app-namespace "matrix" + :app-name "element-call" + :deployment-opts {:spec {:template {:spec {:containers [{:name 'app-name :image '(str repo "/" app-name ":sha-1702b15") + :volumeMounts [{:name "data" :mountPath "/data"}]}] + :initContainers [{:name "init-permissions" + :image "busybox:latest" + :command ["sh" "-c" "chown -R 1000:1000 /data"] + :volumeMounts [{:name "data" :mountPath "/data"}] + :securityContext {:runAsUser 0 :runAsGroup 0}}] + :volumes [{:name "data" :hostPath {:path "/opt/mmr/data" :type "DirectoryOrCreate"}}]}}}}}) \ No newline at end of file diff --git a/iac/src/main/k8s/services/matrix/home_server/service.cljs b/iac/src/main/k8s/services/matrix/home_server/service.cljs new file mode 100644 index 0000000..7c7dde0 --- /dev/null +++ b/iac/src/main/k8s/services/matrix/home_server/service.cljs @@ -0,0 +1,10 @@ +;; homeserver: +;; volumes: +;; - db:/var/lib/conduwuit + + (def config + {:stack [:vault-secrets :docker-image :deployment :service :ingress] + :image-port 80 + :app-namespace "matrix" + :app-name "tuwunel" + :deployment-opts {:spec {:template {:spec {:containers [{:name 'app-name :image '(str repo "/" 'app-name ":latest")}]}}}}}) \ No newline at end of file diff --git a/iac/src/main/k8s/services/matrix/livekit_jwt/service.cljs b/iac/src/main/k8s/services/matrix/livekit_jwt/service.cljs new file mode 100644 index 0000000..c2337e8 --- /dev/null +++ b/iac/src/main/k8s/services/matrix/livekit_jwt/service.cljs @@ -0,0 +1,8 @@ +(ns k8s.services.matrix.livekit-jwt.service) + +(def config + {:stack [:vault-secrets :docker-image :deployment :service :ingress] + :image-port 80 + :app-namespace "matrix" + :app-name "livekit-jwt" + :deployment-opts {:spec {:template {:spec {:containers [{:name 'app-name :image '(str repo "/" lk-jwt-service ":0.2.3")}]}}}}}) \ No newline at end of file diff --git a/iac/src/main/k8s/services/matrix/livekit_server/service.cljs b/iac/src/main/k8s/services/matrix/livekit_server/service.cljs new file mode 100644 index 0000000..5c563cf --- /dev/null +++ b/iac/src/main/k8s/services/matrix/livekit_server/service.cljs @@ -0,0 +1,16 @@ + + +;; livekit: +;; command: --config /etc/livekit.yaml +;; - ./personal/matrix/elementcall/livekit.yaml:/etc/livekit.yaml + ;; ports: + ;; - 50100-50200:50100-50200/udp + +(ns k8s.services.matrix.livekit-server.service) + +(def config + {:stack [:vault-secrets :docker-image :deployment :service :ingress] + :image-port 80 + :app-namespace "matrix" + :app-name "livekit-server" + :deployment-opts {:spec {:template {:spec {:containers [{:name 'app-name :image '(str repo "/" 'app-name ":latest")}]}}}}}) \ No newline at end of file diff --git a/iac/src/main/k8s/services/matrix/mautrix_discord/service.cljs b/iac/src/main/k8s/services/matrix/mautrix_discord/service.cljs new file mode 100644 index 0000000..43146b7 --- /dev/null +++ b/iac/src/main/k8s/services/matrix/mautrix_discord/service.cljs @@ -0,0 +1,10 @@ +;; - ./personal/matrix/discord/data:/data + +(ns k8s.services.matrix.mautrix-discord.service) + +(def config + {:stack [:vault-secrets :docker-image :deployment :service :ingress] + :image-port 80 + :app-namespace "matrix" + :app-name "mautrix-discord" + :deployment-opts {:spec {:template {:spec {:containers [{:name 'app-name :image '(str repo "/" "discord" ":4927a73ce7411f3970803d35c22f0c8c96dc2d7e-amd64")}]}}}}}) \ No newline at end of file diff --git a/iac/src/main/k8s/services/matrix/mmr/service.cljs b/iac/src/main/k8s/services/matrix/mmr/service.cljs new file mode 100644 index 0000000..e4163c6 --- /dev/null +++ b/iac/src/main/k8s/services/matrix/mmr/service.cljs @@ -0,0 +1,21 @@ + +(ns k8s.services.matrix.mmr.service) + +(def config + {:stack [:vault-secrets :deployment :service :ingress] + :image-port 80 + :app-namespace "matrix" + :app-name "matrix-media-repo" + :deployment-opts {:spec {:template {:spec {:containers [{:name 'app-name :image '(str repo "/" app-name ":v1.3.8") + :volumeMounts [{:name "data" :mountPath "/data"}]}] + :initContainers [{:name "init-permissions" + :image "busybox:latest" + :command ["sh" "-c" "chown -R 1000:1000 /data"] + :volumeMounts [{:name "data" :mountPath "/data"}] + :securityContext {:runAsUser 0 :runAsGroup 0}}] + :volumes [{:name "data" :hostPath {:path "/opt/mmr/data" :type "DirectoryOrCreate"}}]}}}}}) + + + +;; +;; - ./personal/matrix/mmr:/data \ No newline at end of file diff --git a/iac/src/main/k8s/services/matrix/turn/service.cljs b/iac/src/main/k8s/services/matrix/turn/service.cljs new file mode 100644 index 0000000..164dbe0 --- /dev/null +++ b/iac/src/main/k8s/services/matrix/turn/service.cljs @@ -0,0 +1,14 @@ +(ns k8s.services.matrix.turn.service) + +;; - ./personal/matrix/coturn.conf:/etc/coturn/turnserver.conf + +(def config + {:stack [:vault-secrets :docker-image :deployment :service :ingress] + :image-port 80 + :app-namespace "matrix" + :app-name "coturn" + :image-opts {:build {:args {:FOUNDRY_USERNAME 'FOUNDRY_USERNAME + :FOUNDRY_PASSWORD 'FOUNDRY_PASSWORD}} + :imageName '(str repo "/" app-name ":latest")} + :deployment-opts {:spec {:template {:spec {:imagePullSecrets [{:name "harbor-creds-secrets"}] + :containers [{:name 'app-name :image '(str repo "/" app-name ":latest")}]}}}}}) \ No newline at end of file diff --git a/iac/src/main/k8s/services/mesite/service.cljs b/iac/src/main/k8s/services/mesite/service.cljs index 920691b..2e1b32b 100644 --- a/iac/src/main/k8s/services/mesite/service.cljs +++ b/iac/src/main/k8s/services/mesite/service.cljs @@ -1,9 +1,20 @@ (ns k8s.services.mesite.service) (def config - {:stack [:vault-secrets :deployment :service :ingress] - :image-port 80 - :app-namespace "generic" - :app-name "mesite" - :deployment-opts {:spec {:template {:spec {:imagePullSecrets [{:name "harbor-creds-secrets"}] - :containers [{:name 'app-name :image '(str repo "/" app-name ":latest")}]}}}}}) \ No newline at end of file + {:stack [:vault-secrets:prepare + :harbor:robot-account + :docker:image + [-> :k8s :namespace :deployment :service :ingress]] + :app-name "mesite" + :docker:image-opts {:context {:location "https://codeberg.org/Gigia/mesite.git"} + :registry {:server 'repo + :username '(-> :harbor:robot-account .-name) + :password '(-> :harbor:robot-account .-secret)} + :tags ['(str registry-base "/" registry-namespace "/" app-name)] + :push true} + + :harbor:robot-account-opts {:permissions [{:kind "project" + :namespace 'registry-namespace + :access [{:action "push" :resource "repository"} + {:action "list" :resource "repository"}]}]} + :k8s:deployment-opts {:spec {:template {:spec {:imagePullSecrets [{:name "harbor-creds-secrets"}]}}}}}) \ No newline at end of file