jaggar/iac-cljs-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Move all files to root

Browse Source
This commit is contained in:
GigiaJ
2025-11-23 16:12:26 -06:00
parent c3e5976368
commit dfc621a9ff
61 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/main/k8s/add_ons/cert_manager.cljs Normal file
View File

@@ -0,0 +1,18 @@
(ns k8s.add-ons.cert-manager)
(def config
{:stack [:vault:prepare [:k8s :secret :chart :cluster-issuer]]
:app-namespace "cert-manager"
:app-name "cert-manager"
:is-prod? true
:k8s:chart-opts {:fetchOpts {:repo "https://charts.jetstack.io"}
:chart "cert-manager"
:version "v1.15.0"
:namespace "cert-manager"
:values {:installCRDs true}}
:k8s:secret-opts {:metadata {:name "api-token-secret"}
:stringData {:apiToken 'token}}
:k8s:cluster-issuer-opts {:spec {:acme {:email 'email
:solvers [{:dns01 {:cloudflare {:apiTokenSecretRef {:name "api-token-secret" :key "apiToken"}}}
:selector {:dnsZones '(parse domains)}}]}}}
})

16
src/main/k8s/add_ons/csi_driver/hetzner.cljs Normal file
View File

@@ -0,0 +1,16 @@
(ns k8s.add-ons.csi-driver.hetzner
(:require
[configs :refer [cfg]]))
(def config
{:stack [:k8s:secret :k8s:chart]
:app-namespace "kube-system"
:app-name "hcloud-csi"
:vault-load-yaml false
:k8s:secret-opts {:metadata {:name "hcloud"
:namespace "kube-system"}
:stringData {:token (-> cfg :hcloudToken)}}
:k8s:chart-opts {:fetchOpts {:repo "https://charts.hetzner.cloud"}
:values {:controller {:enabled false
:existingSecret {:name "hcloud-csi-secret"}
:node {:existingSecret {:name "hcloud-csi-secret"}}}}}})

26
src/main/k8s/add_ons/csi_driver/wasabi.cljs Normal file
View File

@@ -0,0 +1,26 @@
(ns k8s.add-ons.csi-driver.wasabi
(:require [configs :refer [cfg]]))
(def config
{:stack [:k8s:secret :k8s:chart]
:app-namespace "kube-system"
:no-namespace true
:app-name "wasabi-csi"
:k8s:chart-opts {:chart "csi-s3"
:fetchOpts {:repo "https://yandex-cloud.github.io/k8s-csi-s3/charts"}
:values {:controller {:enabled false
:existingSecret {:name "wasabi-csi-secrets"}
:node {:existingSecret {:name "wasabi-csi-secrets"}}}}
#_:storageClass #_{:create true
:name "csi-s3-sc"
:singleBucket "pulumi-harbor"
:region "us-east-1"
:accessKeyID "something"
:secretAccessKey "something"
;;:bucket "pulumi-harbor"
}}
:k8s:secret-opts {:stringData {:accessKeyID (-> cfg :wasabiId)
:secretAccessKey (-> cfg :wasabiKey)
:endpoint "http://wasabi-proxy.wasabi-proxy.svc.cluster.local"}}
:vault-load-yaml false})

20
src/main/k8s/add_ons/gateway/traefik.cljs Normal file
View File

@@ -0,0 +1,20 @@
(ns k8s.add-ons.gateway.traefik)
(def config
{:stack [:vault:prepare [:k8s :secret :chart :gateway :certificates]]
:app-namespace "traefik"
:app-name "traefik"
:is-prod? true
:vault-load-yaml false
:k8s:chart-opts {:fetchOpts {:repo 'repo}
:chart 'chart
:version "37.3.0"
:namespace "traefik"
:values {:providers {:kubernetesGateway {:enabled true}}
:gatewayClass {:enabled true
:name "traefik"}}}
:k8s:gateway-opts
{:metadata {:name "main-gateway"
:namespace "traefik"}
:spec {:gatewayClassName "traefik"
:listeners '(make-listeners domains)}}})

74
src/main/k8s/add_ons/image_registry/harbor.cljs Normal file
View File

@@ -0,0 +1,74 @@
(ns k8s.add-ons.image-registry.harbor)
(def config
{:stack [:vault:prepare [:k8s :storage-class :chart]]
:app-namespace "harbor"
:app-name "harbor"
:image-port 80
:vault-load-yaml false
:k8s:chart-opts {:fetchOpts {:repo "https://helm.goharbor.io"}
:values {:externalURL '(str "https://" host)
:expose {:type "route"
:tls {:enabled false}
:route {:hosts ['host]
:parentRefs [{:name "main-gateway"
:namespace "traefik"}]}}
:harborAdminPassword 'admin-password
:secretKey 'secret-key
:database {:enabled true
:internal {:password 'db-password}}
:postgresql {:auth {:postgresPassword 'db-password}}
:persistence {:enabled true
:resourcePolicy "keep"
:imageChartStorage {:type "s3"
:redirect {:disable true}
:delete {:enabled true}
:disableredirect true
:s3 {:region 'region
:bucket 'bucket
:secure false
:v4auth true
:accesskey 's3-access-key
:secretkey 's3-secret-key
:regionendpoint 'region-endpoint}}}
:core {:secret 'core-secret
:xsrfKey 'core-xrsf-key
:tokenKey 'core-token-key
:tokenCert 'core-token-cert}
:jobservice {:secret 'jobservice-secret}
:registry {:secret 'registry-secret
:s3 {:region 'region
:bucket 'bucket
:secure false
:forcepathstyle true
:accesskey 's3-access-key
:secretkey 's3-secret-key
:regionendpoint 'region-endpoint}
:upload_purging {:enabled true}
:logLevel "debug"}}
:transformations [(fn [args _opts]
(let [kind (get-in args [:resource :kind])]
(if (some #{kind} ["StatefulSet" "PersistentVolumeClaim" "Ingress"])
(update-in args [:resource :metadata :annotations]
#(assoc (or % {}) "pulumi.com/skipAwait" "true"))
args)))]}
:k8s:storage-class-opts {:provisioner "ru.yandex.s3.csi"
:parameters {"mounter" "geesefs"
"bucket" "pulumi-harbor"
"singleBucket" "pulumi-harbor"
"region" "us-east-1"
"accessKey" "something"
"secretKey" "something"
"accessKeyID" "something"
"secretAccessKey" "something"
"usePathStyle" "true"
"insecureSkipVerify" "true"
"options" "--memory-limit 1000 --dir-mode 0777 --file-mode 0666"
"csi.storage.k8s.io/provisioner-secret-name" "wasabi-csi-secrets"
"csi.storage.k8s.io/provisioner-secret-namespace" "kube-system"
"csi.storage.k8s.io/node-publish-secret-name" "wasabi-csi-secrets"
"csi.storage.k8s.io/node-publish-secret-namespace" "kube-system"
"csi.storage.k8s.io/node-stage-secret-name" "wasabi-csi-secrets"
"csi.storage.k8s.io/node-stage-secret-namespace" "kube-system"
"csi.storage.k8s.io/controller-publish-secret-name" "wasabi-csi-secrets"
"csi.storage.k8s.io/controller-publish-secret-namespace" "kube-system"}}})

27
src/main/k8s/add_ons/ingress_controller/caddy.cljs Normal file
View File

@@ -0,0 +1,27 @@
(ns k8s.add-ons.ingress-controller.caddy
(:require [configs :refer [cfg]]))
(def config
{:stack [:vault:prepare :docker:image :k8s:secret :k8s:chart]
:app-namespace "caddy-system"
:app-name "caddy-ingress-controller"
:k8s:image-port 8080
:k8s:vault-load-yaml false
:k8s:image-opts {:imageName '(str repo "/" app-name ":latest")}
:docker:image-opts {:registry {:server (-> cfg :public-image-registry-url)
:username (-> cfg :public-image-registry-username)
:password (-> cfg :public-image-registry-password)}
:tags [(str (-> cfg :public-image-registry-url) "/" (-> cfg :public-image-registry-username) "/" "caddy")]
:push true}
:k8s:chart-opts {:fetchOpts {:repo "https://caddyserver.github.io/ingress"}
:values
{:ingressController
{:deployment {:kind "DaemonSet"}
:daemonSet {:useHostPort true}
:ports {:web {:hostPort 80}
:websecure {:hostPort 443}}
:service {:type "NodePort"
:externalTrafficPolicy "Local"}
:image {:repository 'repo
:tag "latest"}
:config {:email 'email}}}}})

27
src/main/k8s/add_ons/minio.cljs Normal file
View File

@@ -0,0 +1,27 @@
(ns k8s.add-ons.minio)
(def config
{:stack [:vault-secrets :deployment :service :ingress]
:app-namespace "minio"
:no-namespace true
:app-name "minio"
:image-port 9000
:image "quay.io/minio/minio"
:load-yaml false
:deployment-opts {:spec {:template {:spec {:containers [{:name "minio"
:args ["gateway" "s3"]
:env [{:name "MINIO_ROOT_USER" :valueFrom {:secretKeyRef {:name "minio-secrets"
:key "MINIO_ROOT_USER"}}}
{:name "MINIO_ROOT_PASSWORD" :valueFrom {:secretKeyRef {:name "minio-secrets"
:key "MINIO_ROOT_PASSWORD"}}}
{:name "MINIO_COMPAT"
:value "on"}
{:name "MINIO_S3_URL"
:value "https://s3.wasabisys.com"}
{:name "MINIO_ACCESS_KEY"
:valueFrom {:secretKeyRef {:name "minio-secrets"
:key "MINIO_ACCESS_KEY"}}}
{:name "MINIO_SECRET_KEY"
:valueFrom {:secretKeyRef {:name "minio-secrets"
:key "MINIO_SECRET_KEY"}}}]}]}}
:nodeSelector {"kubernetes.io/hostname" "master-de"}}}})

59
src/main/k8s/add_ons/proxy.cljs Normal file
View File

@@ -0,0 +1,59 @@
(ns k8s.add-ons.proxy
(:require [clojure.string :as str]))
(def wasabi-proxy-caddyfile
(str/join "\n"
[":80 {"
""
" reverse_proxy https://s3.wasabisys.com {"
" flush_interval -1"
" transport http {"
" versions 1.1"
" }"
" header_up -X-Forwarded-For"
" header_up -X-Forwarded-Proto"
" header_up -X-Forwarded-Host"
" header_up -Transfer-Encoding"
" header_up Content-Type {http.request.header.Content-Type}"
" }"
"}"]))
(def config
{:stack [[:k8s :config-map :deployment :service]]
:app-namespace "wasabi-proxy"
:app-name "wasabi-proxy"
:image-port 80
:image "docker.io/library/caddy:2"
:vault-load-yaml false
:k8s:config-map-opts {:data {:Caddyfile wasabi-proxy-caddyfile}}
:k8s:deployment-opts
{:spec
{:template
{:spec
{:containers
[{:name 'app-name
:image "docker.io/library/caddy:2"
:ports [{:containerPort 80}]
:volumeMounts
[{:name "caddyfile-config"
:mountPath "/etc/caddy/Caddyfile"
:subPath "Caddyfile"}
{:name "caddy-data"
:mountPath "/data/caddy"}]}]
:volumes
[{:name "caddyfile-config"
:configMap {:name 'app-name}}
{:name "caddy-data"
:emptyDir {}}]
:nodeSelector {"node-role.kubernetes.io/master" "true"}}}}}
:k8s:service-opts
{:spec
{:ports
[{:port 80
:targetPort 80}]}}})

28
src/main/k8s/add_ons/s3proxy.cljs Normal file
View File

@@ -0,0 +1,28 @@
(ns k8s.add-ons.s3proxy)
(def config
{:stack [:vault-secrets :deployment :service]
:app-namespace "s3proxy"
:app-name "s3proxy"
:image-port 80
:image "andrewgaul/s3proxy:latest"
:load-yaml false
:deployment-opts
{:spec
{:template
{:spec
{:containers
[{:name "s3proxy"
:env [{:name "S3PROXY_AUTHORIZATION" :value "none"}
{:name "S3PROXY_ENDPOINT" :value "http://0.0.0.0:80"}
;;{:name "S3PROXY_IDENTITY" :value "local-identity"}
;;{:name "S3PROXY_CREDENTIAL" :value "local-credential"}
{:name "JCLOUDS_PROVIDER" :value "s3"}
{:name "JCLOUDS_IDENTITY" :valueFrom {:secretKeyRef {:name "s3proxy-secrets"
:key "S3PROXY_IDENTITY"}}}
{:name "JCLOUDS_CREDENTIAL" :valueFrom {:secretKeyRef {:name "s3proxy-secrets"
:key "S3PROXY_CREDENTIAL"}}}
{:name "JCLOUDS_ENDPOINT" :value "https://s3.wasabisys.com"}
{:name "JCLOUDS_REGION" :value "us-east-1"}
]}]
:nodeSelector {"node-role.kubernetes.io/master" "true"}}}}}})

9
src/main/k8s/add_ons/secret_replicator.cljs Normal file
View File

@@ -0,0 +1,9 @@
(ns k8s.add-ons.secret-replicator)
(def config
{:stack [:k8s:chart]
:image-port 80
:no-namespace true
:app-namespace "kube-system"
:app-name "kubernetes-replicator"
:k8s:chart-opts {:fetchOpts {:repo "https://helm.mittwald.de"}}})

33
src/main/k8s/preparers/harbor.cljs Normal file
View File

@@ -0,0 +1,33 @@
(ns k8s.preparers.harbor)
(defn execute-fn [env]
(let [docker-string (:docker-json-string env)]
{:docker-string docker-string}))
(def config
{:stack [:vault:retrieve [:harbor :project :robot-account] :k8s:secret]
:no-namespace true
:app-name "apps"
:app-namespace "generic"
:image-port 80
:vault-load-yaml false
:k8s:secret-opts {:metadata
{:name "harbor-creds-secrets"
:namespace "kube-system"
:annotations {"replicator.v1.mittwald.de/replicate-to" "*"}}
:type "kubernetes.io/dockerconfigjson"
:stringData {".dockerconfigjson" '(str "{\"auths\":{\""
host
"\":{\"auth\":\""
(b64e (str (-> :harbor:robot-account .-fullName) ":" (-> :harbor:robot-account .-secret)))
"\"}}}")}}
:harbor:robot-account-opts {:name '(str "kube-" app-name "-robot")
:namespace 'app-name
:level "project"
:permissions [{:kind "project"
:namespace 'app-name
:access [{:action "pull" :resource "repository"}
{:action "list" :resource "repository"}]}]}
:vault:retrieve-opts {:app-name "harbor"
:app-namespace "harbor"}})

14
src/main/k8s/services/act_runner/service.cljs Normal file
View File

@@ -0,0 +1,14 @@
(ns k8s.services.act-runner.service)
(def config
{:stack [:vault:prepare [:k8s :deployment :service]]
:image-port 80
:app-namespace "generic"
:app-name "act-runner"
:k8s:deployment-opts {:spec {:template {:spec {:containers [{:name 'app-name
:envFrom [{:secretRef {:name '(str app-name "-secrets")}}]
:image '(str repo "/" "act_runner" ":latest")
}]}}}}
:k8s:httproute-opts {:spec {::hostnames ['host]}}
})

24
src/main/k8s/services/foundryvtt/service.cljs Normal file
View File

@@ -0,0 +1,24 @@
(ns k8s.services.foundryvtt.service)
(def config
{:stack [:vault:prepare :harbor:robot-account :docker:image [:k8s :deployment :service :httproute]]
:image-port 30000
:app-namespace "generic"
:app-name "foundry"
:docker:image-opts {:is-local true
:buildArgs {:FOUNDRY_USERNAME 'FOUNDRY_USERNAME
:FOUNDRY_PASSWORD 'FOUNDRY_PASSWORD}
:registry {:server '(str registry-base "/" registry-namespace)
:username '(-> :harbor:robot-account .-name)
:password '(-> :harbor:robot-account .-secret)}
:tags ['(str registry-base "/" registry-namespace "/" app-name)]
:push true}
:k8s:deployment-opts {:spec {:template {:spec {:imagePullSecrets [{:name "harbor-creds-secrets"}]
:containers [{:name 'app-name :image '(str registry-base "/" registry-namespace "/" app-name ":latest")}]}}}}
:harbor:robot-account-opts {:name 'app-name
:permissions [{:kind "project"
:namespace 'registry-namespace
:access [{:action "pull" :resource "repository"}
{:action "push" :resource "repository"}
{:action "list" :resource "repository"}]}]}
:k8s:httproute-opts {:spec {::hostnames ['host]}}})

25
src/main/k8s/services/gitea/service.cljs Normal file
View File

@@ -0,0 +1,25 @@
(ns k8s.services.gitea.service)
(def config
{:stack [:vault:prepare :k8s:deployment :k8s:service :k8s:httproute]
:image-port 3000
:app-namespace "generic"
:app-name "gitea"
:k8s:deployment-opts {:spec {:template {:spec {:initContainers [
{:name "init-permissions"
:image "busybox:latest"
:command ["sh" "-c" "chown -R 1000:1000 /var/lib/gitea && chown -R 1000:1000 /etc/gitea"]
:volumeMounts [{:name "gitea-data" :mountPath "/var/lib/gitea"}
{:name "gitea-config" :mountPath "/etc/gitea"}]
:securityContext {:runAsUser 0 :runAsGroup 0}}
]
:containers [{:name 'app-name :image '(str repo "/" app-name ":latest-rootless")
:volumeMounts [{:name "gitea-data" :mountPath "/var/lib/gitea"}
{:name "gitea-config" :mountPath "/etc/gitea"}
{:name "timezone" :mountPath "/etc/timezone" :readOnly true}
{:name "localtime" :mountPath "/etc/localtime" :readOnly true}]}]
:volumes [{:name "gitea-data" :hostPath {:path "/opt/gitea/data" :type "DirectoryOrCreate"}}
{:name "gitea-config" :hostPath {:path "/opt/gitea/config" :type "DirectoryOrCreate"}}
{:name "timezone" :hostPath {:path "/etc/timezone" :type "File"}}
{:name "localtime" :hostPath {:path "/etc/localtime" :type "File"}}]}}}}
:k8s:httproute-opts {:spec {::hostnames ['host]}}})

12
src/main/k8s/services/matrix/cinny/service.cljs Normal file
View File

@@ -0,0 +1,12 @@
(ns k8s.services.matrix.cinny.service)
(def config
{:stack [:vault-secrets :docker-image :deployment :service :ingress]
:image-port 80
:app-namespace "matrix"
:app-name "cinny"
:image-opts {:build {:args {:FOUNDRY_USERNAME 'FOUNDRY_USERNAME
:FOUNDRY_PASSWORD 'FOUNDRY_PASSWORD}}
:imageName '(str repo "/" app-name ":latest")}
:deployment-opts {:spec {:template {:spec {:imagePullSecrets [{:name "harbor-creds-secrets"}]
:containers [{:name 'app-name :image '(str repo "/" app-name ":latest")}]}}}}})

13
src/main/k8s/services/matrix/database/service.cljs Normal file
View File

@@ -0,0 +1,13 @@
(ns k8s.services.matrix.database.service)
;; env_file:
;; - .env
;; volumes:
;; - ${PWD}/db-data/:/var/lib/postgresql/data/
(def config
{:stack [:deployment :service :ingress]
:image-port 80
:app-namespace "matrix"
:app-name "postgres"
:deployment-opts {:spec {:template {:spec {:containers [{:name 'app-name :image '(str repo "/" 'app-name ":latest")}]}}}}})

14
src/main/k8s/services/matrix/element/service.cljs Normal file
View File

@@ -0,0 +1,14 @@
;; volumes:
;; - ./personal/matrix/element-config.json:/app/config.json
;; environment:
;; ELEMENT_WEB_PORT: 3030
(ns k8s.services.matrix.element.service)
(def config
{:stack [:vault-secrets :docker-image :deployment :service :ingress]
:image-port 80
:app-namespace "matrix"
:app-name "element"
:deployment-opts {:spec {:template {:spec {:imagePullSecrets [{:name "harbor-creds-secrets"}]
:containers [{:name 'app-name :image '(str repo "/" app-name ":latest")}]}}}}})

18
src/main/k8s/services/matrix/element_call/service.cljs Normal file
View File

@@ -0,0 +1,18 @@
(ns k8s.services.matrix.element-call.service)
;; volumes:
;; - ./personal/matrix/elementcall/config.json:/app/config.json
(def config
{:stack [:vault-secrets :deployment :service :ingress]
:image-port 80
:app-namespace "matrix"
:app-name "element-call"
:deployment-opts {:spec {:template {:spec {:containers [{:name 'app-name :image '(str repo "/" app-name ":sha-1702b15")
:volumeMounts [{:name "data" :mountPath "/data"}]}]
:initContainers [{:name "init-permissions"
:image "busybox:latest"
:command ["sh" "-c" "chown -R 1000:1000 /data"]
:volumeMounts [{:name "data" :mountPath "/data"}]
:securityContext {:runAsUser 0 :runAsGroup 0}}]
:volumes [{:name "data" :hostPath {:path "/opt/mmr/data" :type "DirectoryOrCreate"}}]}}}}})

10
src/main/k8s/services/matrix/home_server/service.cljs Normal file
View File

@@ -0,0 +1,10 @@
;; homeserver:
;; volumes:
;; - db:/var/lib/conduwuit
(def config
{:stack [:vault-secrets :docker-image :deployment :service :ingress]
:image-port 80
:app-namespace "matrix"
:app-name "tuwunel"
:deployment-opts {:spec {:template {:spec {:containers [{:name 'app-name :image '(str repo "/" 'app-name ":latest")}]}}}}})

8
src/main/k8s/services/matrix/livekit_jwt/service.cljs Normal file
View File

@@ -0,0 +1,8 @@
(ns k8s.services.matrix.livekit-jwt.service)
(def config
{:stack [:vault-secrets :docker-image :deployment :service :ingress]
:image-port 80
:app-namespace "matrix"
:app-name "livekit-jwt"
:deployment-opts {:spec {:template {:spec {:containers [{:name 'app-name :image '(str repo "/" lk-jwt-service ":0.2.3")}]}}}}})

16
src/main/k8s/services/matrix/livekit_server/service.cljs Normal file
View File

@@ -0,0 +1,16 @@
;; livekit:
;; command: --config /etc/livekit.yaml
;; - ./personal/matrix/elementcall/livekit.yaml:/etc/livekit.yaml
;; ports:
;; - 50100-50200:50100-50200/udp
(ns k8s.services.matrix.livekit-server.service)
(def config
{:stack [:vault-secrets :docker-image :deployment :service :ingress]
:image-port 80
:app-namespace "matrix"
:app-name "livekit-server"
:deployment-opts {:spec {:template {:spec {:containers [{:name 'app-name :image '(str repo "/" 'app-name ":latest")}]}}}}})

10
src/main/k8s/services/matrix/mautrix_discord/service.cljs Normal file
View File

@@ -0,0 +1,10 @@
;; - ./personal/matrix/discord/data:/data
(ns k8s.services.matrix.mautrix-discord.service)
(def config
{:stack [:vault-secrets :docker-image :deployment :service :ingress]
:image-port 80
:app-namespace "matrix"
:app-name "mautrix-discord"
:deployment-opts {:spec {:template {:spec {:containers [{:name 'app-name :image '(str repo "/" "discord" ":4927a73ce7411f3970803d35c22f0c8c96dc2d7e-amd64")}]}}}}})

21
src/main/k8s/services/matrix/mmr/service.cljs Normal file
View File

@@ -0,0 +1,21 @@
(ns k8s.services.matrix.mmr.service)
(def config
{:stack [:vault-secrets :deployment :service :ingress]
:image-port 80
:app-namespace "matrix"
:app-name "matrix-media-repo"
:deployment-opts {:spec {:template {:spec {:containers [{:name 'app-name :image '(str repo "/" app-name ":v1.3.8")
:volumeMounts [{:name "data" :mountPath "/data"}]}]
:initContainers [{:name "init-permissions"
:image "busybox:latest"
:command ["sh" "-c" "chown -R 1000:1000 /data"]
:volumeMounts [{:name "data" :mountPath "/data"}]
:securityContext {:runAsUser 0 :runAsGroup 0}}]
:volumes [{:name "data" :hostPath {:path "/opt/mmr/data" :type "DirectoryOrCreate"}}]}}}}})
;;
;; - ./personal/matrix/mmr:/data

14
src/main/k8s/services/matrix/turn/service.cljs Normal file
View File

@@ -0,0 +1,14 @@
(ns k8s.services.matrix.turn.service)
;; - ./personal/matrix/coturn.conf:/etc/coturn/turnserver.conf
(def config
{:stack [:vault-secrets :docker-image :deployment :service :ingress]
:image-port 80
:app-namespace "matrix"
:app-name "coturn"
:image-opts {:build {:args {:FOUNDRY_USERNAME 'FOUNDRY_USERNAME
:FOUNDRY_PASSWORD 'FOUNDRY_PASSWORD}}
:imageName '(str repo "/" app-name ":latest")}
:deployment-opts {:spec {:template {:spec {:imagePullSecrets [{:name "harbor-creds-secrets"}]
:containers [{:name 'app-name :image '(str repo "/" app-name ":latest")}]}}}}})

34
src/main/k8s/services/mesite/service.cljs Normal file
View File

@@ -0,0 +1,34 @@
(ns k8s.services.mesite.service)
(defn test [env]
(js/console.log env)
(.apply (:test env) #(js/console.log %)))
(def config
{:stack [:vault:prepare
:harbor:robot-account
:docker:image
[:k8s :namespace :deployment :service :httproute]]
:app-name "mesite"
:app-namespace "generic"
:docker:image-opts {:context {:location "https://codeberg.org/Gigia/mesite.git"}
:imageName '(str registry-base "/" registry-namespace "/" app-name ":latest")
:registry {:server '(str registry-base "/" registry-namespace)
:username '(-> :harbor:robot-account .-name)
:password '(-> :harbor:robot-account .-secret)}
:tags ['(str registry-base "/" registry-namespace "/" app-name)]
:push true}
:harbor:robot-account-opts {:name 'app-name
:permissions [{:kind "project"
:namespace 'registry-namespace
:access [{:action "pull" :resource "repository"}
{:action "push" :resource "repository"}
{:action "list" :resource "repository"}]}]}
:k8s:deployment-opts {:spec {:template {:spec {:imagePullSecrets [{:name "harbor-creds-secrets"}]
:containers [{:name 'app-name
:image '(str registry-base "/" registry-namespace "/" app-name ":latest")
:ports [{:containerPort 80}]}]}}}}
:k8s:httproute-opts {:spec {::hostnames ['host]}}
})

17
src/main/k8s/services/nextcloud/service.cljs Normal file
View File

@@ -0,0 +1,17 @@
(ns k8s.services.nextcloud.service)
(def config
{:stack [:vault-secrets :chart :ingress]
:app-namespace "nextcloud"
:app-name "nextcloud"
:image-port 8080
:vault-load-yaml true
:chart-opts {:fetchOpts {:repo "https://nextcloud.github.io/helm/"}
:values {:nextcloud {:host 'host
:trustedDomains ['host 'app-name]}}
:transformations (fn [args _opts]
(let [kind (get-in args [:resource :kind])]
(if (some #{kind} ["StatefulSet" "PersistentVolumeClaim" "Ingress"])
(update-in args [:resource :metadata :annotations]
#(assoc (or % {}) "pulumi.com/skipAwait" "true"))
args)))}})

10
src/main/k8s/services/productive/service.cljs Normal file
View File

@@ -0,0 +1,10 @@
(ns k8s.services.productive.service)
(def config
{:stack [:vault:prepare [:k8s :deployment :service :httproute]]
:app-namespace "generic"
:app-name "superproductivity"
:image-port 80
:image "docker.io/johannesjo/super-productivity:latest"
:k8s:httproute-opts {:spec {::hostnames ['host]}}
})

26
src/main/k8s/services/prometheus/service.cljs Normal file
View File

@@ -0,0 +1,26 @@
(ns k8s.services.prometheus.service)
(def config
{:stack [:vault-secrets :chart]
:app-namespace "prometheus"
:app-name "prometheus"
:image-port 8080
:vault-load-yaml true
:chart-opts {:chart "kube-prometheus-stack"
:fetchOpts {:repo "https://prometheus-community.github.io/helm-charts"}
:namespace "monitoring"
:values {:grafana {:adminPassword 'password
:ingress {:enabled true
:ingressClassName "caddy"
:hosts ['grafana-host]}
:persistence {:enabled true
:type "pvc"
:storageClassName "hcloud-volumes"
:accessModes ["ReadWriteOnce"]
:size "10Gi"}}
:prometheus {:ingress {:enabled true
:ingressClassName "caddy"
:hosts ['prometheus-host]}
:prometheusSpec {:storageSpec {:volumeClaimTemplate {:spec {:accessModes ["ReadWriteOnce"]
:storageClassName "hcloud-volumes"
:resources {:requests {:storage "50Gi"}}}}}}}}}})

25
src/main/k8s/services/renovate/service.cljs Normal file
View File

@@ -0,0 +1,25 @@
(ns k8s.services.renovate.service)
;https://docs.renovatebot.com/self-hosted-configuration/
(def config
{:stack [:vault-secrets :chart :cronjob]
:app-namespace "renovate"
:app-name "renovate"
:image-port 8080
:vault-load-yaml true
:chart-opts
{:fetchOpts {:repo "https://docs.renovatebot.com/helm-charts"}
:values
{:renovate
{:config {:platform "github"
:token "vault:renovate/github-token"
:logLevel "info"
:repositories ["your-org/your-repo"]
:onboardingConfig {:extends ["config:base"]}}}}
:transformations
(fn [args _opts]
(let [kind (get-in args [:resource :kind])]
(if (= kind "CronJob")
(update-in args [:resource :spec :jobTemplate :spec :template :metadata :annotations]
#(assoc (or % {}) "pulumi.com/skipAwait" "true"))
args)))}})