jaggar/iac-cljs-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: jaggar:7aeee2f3c56d4f3dea0383fa70994b95236b0b6c
Branches Tags
jaggar:master
...
compare: jaggar:4e16bfc88eeda734d2b22345c909d6209889bfd5
Branches Tags
jaggar:master

4 Commits
7aeee2f3c5 ... 4e16bfc88e

Author SHA1 Message Date
GigiaJ
4e16bfc88e Add DB for Nextcloud 2025-12-04 03:02:23 -06:00
GigiaJ
3b8be5c7ee Add DB for Nextcloud 2025-12-04 03:02:16 -06:00
GigiaJ
6243db3cba Swap to using externalDb because Nextcloud chart absolutely sucks with defining custom values for the login info of the DB... 2025-12-04 03:02:01 -06:00
GigiaJ
cff8972366 Fix Gitea c: 2025-12-04 03:01:19 -06:00
4 changed files with 99 additions and 39 deletions
Expand all files Collapse all files

55
src/main/k8s/services/gitea/service.cljs
View File

@@ -1,54 +1,51 @@
(ns k8s.services.gitea.service) (ns k8s.services.gitea.service)
(def config (def config
{:stack [:vault:prepare :k8s:pvc :k8s:deployment :k8s:service :k8s:httproute] {:stack [:vault:prepare :k8s:pvc :k8s:deployment :k8s:service :k8s:httproute :k8s:tcproute]
:image-port 3000
:app-namespace "generic" :app-namespace "generic"
:app-name "gitea" :app-name "gitea"
:image-port 3000
:k8s:pvc-opts :k8s:pvc-opts
{"gitea-data" {:storageClass "juicefs-sc" :accessModes ["ReadWriteMany"] :storage "1Ti"} {:metadata {:name "gitea-state"
"gitea-config" {:storageClass "juicefs-sc" :accessModes ["ReadWriteMany"] :storage "1Gi"}} :namespace "generic"}
:spec {:storageClassName "juicefs-sc"
:accessModes ["ReadWriteMany"]
:resources {:requests {:storage "1Ti"}}}}
:k8s:deployment-opts :k8s:deployment-opts
{:spec {:spec
{:template {:template
{:spec {:metadata {:annotations {"backup.velero.io/backup-volumes" "gitea-state"}}
{:initContainers :spec
[{:name "init-permissions" {:containers
:image "busybox:latest"
:command ["sh" "-c" "chown -R 1000:1000 /var/lib/gitea && chown -R 1000:1000 /etc/gitea"]
:volumeMounts [{:name "gitea-data" :mountPath "/var/lib/gitea"}
{:name "gitea-config" :mountPath "/etc/gitea"}]
:securityContext {:runAsUser 0 :runAsGroup 0}}]
:containers
[{:name 'app-name [{:name 'app-name
:image '(str repo "/" app-name ":latest-rootless") :image '(str repo "/" app-name ":latest-rootless")
:command ["/usr/local/bin/gitea"]
:args ["web"
"-c" "/var/lib/gitea/custom/conf/app.ini"]
:env [{:name "TZ" :value "America/Chicago"}] :env [{:name "TZ" :value "America/Chicago"}]
:envFrom [{:secretRef {:name "gitea-secrets"}}] :envFrom [{:secretRef {:name "gitea-secrets"}}]
:ports [{:name "http" :containerPort 3000} :ports [{:name "ssh" :containerPort 2222}]
{:name "ssh" :containerPort 2222}]
:volumeMounts [{:name "gitea-data" :mountPath "/var/lib/gitea"} :volumeMounts [{:name "gitea-state" :mountPath "/var/lib/gitea"}]}]
{:name "gitea-config" :mountPath "/etc/gitea"}]}]
:volumes :volumes
[{:name "gitea-data" :persistentVolumeClaim {:claimName "gitea-data"}} [{:name "gitea-state"
{:name "gitea-config" :persistentVolumeClaim {:claimName "gitea-config"}}]}}}} :persistentVolumeClaim {:claimName "gitea-state"}}]}}}}
:k8s:service-opts :k8s:service-opts
{:spec {:spec
{:type "NodePort" {:type "NodePort"
:selector {:app "gitea"} :selector {:app "gitea"}
:ports [ :ports [{:name 'app-name :port 3000 :targetPort 3000}
{:name 'app-name :port 3000 :targetPort 3000}
{:name "ssh" {:name "ssh"
:port 22 :port 22
:targetPort 2222 :targetPort 2222
:nodePort 30022 :nodePort 30022}]}}
}]}} :k8s:httproute-opts {:spec {::hostnames ['host]
:rules [{:matches [{:path {:type "PathPrefix"
:value "/"}}]
:backendRefs [{:name 'app-name
:port 3000}]}]}}})
:k8s:httproute-opts {:spec {::hostnames ['host]}}})

40
src/main/k8s/services/nextcloud/database/service.cljs Normal file
View File

@@ -0,0 +1,40 @@
(ns k8s.services.nextcloud.database.service)
(def config
{:stack [:vault:prepare :k8s:pvc :k8s:deployment :k8s:service]
:app-namespace "nextcloud"
:app-name "nextcloud-db"
:k8s:pvc-opts
{:metadata {:name "nextcloud-mariadb-disk"
:namespace "nextcloud"}
:spec {:storageClassName "hcloud-volumes"
:accessModes ["ReadWriteOnce"]
:resources {:requests {:storage "10Gi"}}}}
:k8s:deployment-opts
{:spec
{:template
{:metadata
{:annotations {"backup.velero.io/backup-volumes" "db"}}
:spec
{:containers
[{:name 'app-name
:image "mariadb:10.6"
:ports [{:containerPort 3306}]
:env [{:name "MYSQL_ROOT_PASSWORD" :value 'mariadb-root-password}
{:name "MYSQL_DATABASE" :value "nextcloud"}
{:name "MYSQL_USER" :value 'username}
{:name "MYSQL_PASSWORD" :value 'mariadb-password}]
:volumeMounts [{:name "db" :mountPath "/var/lib/mysql"}]}]
:volumes
[{:name "db" :persistentVolumeClaim {:claimName "nextcloud-mariadb-disk"}}]}}}}
:k8s:service-opts
{:spec {:selector {:app 'app-name}
:ports [{:name 'app-name :port 3306 :targetPort 3306}]}}})

35
src/main/k8s/services/nextcloud/service.cljs
View File

@@ -1,7 +1,7 @@
(ns k8s.services.nextcloud.service) (ns k8s.services.nextcloud.service)
(def config (def config
{:stack [:vault:prepare :k8s:chart :k8s:httproute] {:stack [:vault:prepare [:k8s :httproute :chart]]
:app-namespace "nextcloud" :app-namespace "nextcloud"
:app-name "nextcloud" :app-name "nextcloud"
:image-port 80 :image-port 80
@@ -9,15 +9,28 @@
:k8s:chart-opts {:repositoryOpts {:repo "https://nextcloud.github.io/helm/"} :k8s:chart-opts {:repositoryOpts {:repo "https://nextcloud.github.io/helm/"}
:values :values
{:podAnnotations {"backup.velero.io/backup-volumes" "data"} {:podAnnotations {"backup.velero.io/backup-volumes" "data"}
:nextcloud {:host 'host :trustedDomains ['host 'app-name]
:nextcloud {:username 'username
:password 'password
:host 'host
:containerPort 80 :containerPort 80
:trustedDomains ['host 'app-name]
:persistence {:enabled true :persistence {:enabled true
:storageClass "juicefs-sc" :storageClass "juicefs-sc"
:accessMode "ReadWriteMany" :accessMode "ReadWriteMany"
:size "1Ti"}} :size "1Ti"}}
:service {:port 80} :service {:port 80}
:mariadb {:enabled true :redis {:auth {:password 'redis-password}}
:externalDatabase {:enabled true
:type "mysql"
:host "nextcloud-db.nextcloud.svc.cluster.local"
:database "nextcloud"
:user 'username
:password 'mariadb-password}
:internalDatabase {:enabled false}
:mariadb {:enabled false
:auth {:username 'username
:password 'mariadb-password
:rootPassword 'mariadb-root-password}
:architecture "standalone" :architecture "standalone"
:primary {:podAnnotations {"backup.velero.io/backup-volumes" "data"} :primary {:podAnnotations {"backup.velero.io/backup-volumes" "data"}
:persistence {:enabled true :persistence {:enabled true
@@ -28,8 +41,7 @@
:image {:registry "docker.io" :image {:registry "docker.io"
:repository "bitnami/os-shell" :repository "bitnami/os-shell"
:tag "latest" :tag "latest"
:pullPolicy "Always"}} :pullPolicy "Always"}}}
}
:transformations (fn [args _opts] :transformations (fn [args _opts]
(let [kind (get-in args [:resource :kind])] (let [kind (get-in args [:resource :kind])]
@@ -37,4 +49,13 @@
(update-in args [:resource :metadata :annotations] (update-in args [:resource :metadata :annotations]
#(assoc (or % {}) "pulumi.com/skipAwait" "true")) #(assoc (or % {}) "pulumi.com/skipAwait" "true"))
args)))}} args)))}}
:k8s:httproute-opts {:spec {::hostnames ['host]}}}) :k8s:httproute-opts {:spec {::hostnames ['host]
:rules [{:matches [{:path {:type "PathPrefix" :value "/"}}]
:filters [{:type "ResponseHeaderModifier"
:responseHeaderModifier
{:set [{:name "Content-Security-Policy"
:value "frame-src 'self' https://cinny.hampter.quest https://productive.chickensalad.quest https://gitea.chickensalad.quest;"}]
:remove ["X-Content-Security-Policy"]}}]
:backendRefs [{:name "nextcloud"
:port 80}]}]}}})

8
src/main/stack_resource_definitions.cljs
View File

@@ -17,6 +17,7 @@
[k8s.add-ons.secret-replicator :as secret-replicator] [k8s.add-ons.secret-replicator :as secret-replicator]
[k8s.add-ons.proxy :as proxy] [k8s.add-ons.proxy :as proxy]
[k8s.services.nextcloud.service :as nextcloud-service] [k8s.services.nextcloud.service :as nextcloud-service]
[k8s.services.nextcloud.database.service :as nextcloud-db-service]
[k8s.services.mesite.service :as mesite-service] [k8s.services.mesite.service :as mesite-service]
[k8s.services.gitea.service :as gitea-service] [k8s.services.gitea.service :as gitea-service]
[k8s.services.act-runner.service :as act-runner-service] [k8s.services.act-runner.service :as act-runner-service]
@@ -34,8 +35,7 @@
[k8s.services.matrix.mautrix-discord.database.service :as mautrix-discord-db-service] [k8s.services.matrix.mautrix-discord.database.service :as mautrix-discord-db-service]
[k8s.services.matrix.mautrix-discord.service :as mautrix-discord-service] [k8s.services.matrix.mautrix-discord.service :as mautrix-discord-service]
[k8s.services.matrix.home-server.well-known.service :as matrix-well-known-service] [k8s.services.matrix.home-server.well-known.service :as matrix-well-known-service]
[k8s.services.matrix.home-server.service :as homeserver-service] [k8s.services.matrix.home-server.service :as homeserver-service]))
))
(defn general-provider-output-refs [] (defn general-provider-output-refs []
{:vault {:stack :init {:vault {:stack :init
@@ -91,9 +91,11 @@
(create-resource-definition (create-resource-definition
[girls-foundry-service/config foundryvtt-service/config [girls-foundry-service/config foundryvtt-service/config
mesite-service/config productive-service/config mesite-service/config productive-service/config
nextcloud-db-service/config
nextcloud-service/config nextcloud-service/config
velero-service/config velero-service/config
;;gitea-service/config act-runner-service/config gitea-service/config
;;act-runner-service/config
] ]
["base" "init" "shared"] ["base" "init" "shared"]
(general-provider-output-refs))) (general-provider-output-refs)))