mirror of
https://github.com/outbackdingo/Biohazard.git
synced 2026-01-28 02:18:24 +00:00
feat: add firefly
This commit is contained in:
JJGadgets
@@ -68,12 +68,16 @@ SECRET_MINIFLUX_PG_USER=ENC[AES256_GCM,data:qMBC7e5KW98=,iv:wu2+CK0pRy+uwQzDng/W
|
||||
SECRET_MINIFLUX_PG_PASS=ENC[AES256_GCM,data:rLuVT8S9hkQTE/T0Z6M06qgmzIt8ufC8drdofL1n19uefnLsU4WqgLZ/KYGrxQ==,iv:oLcrZilIuQf+QHCJYiQllummr4yRz6aflDhNb21GNUE=,tag:H4XCkfmJl8jQogvGDCVZOw==,type:str]
|
||||
SECRET_OVENMEDIAENGINE_SIGNEDPOLICY_SECRETKEY=ENC[AES256_GCM,data:5RF5A82+VFFBExTrY2QRRjUBuEq3peY/MAXDh7K/U6U3z6tzqqa+Cw==,iv:qz9k3l+Xi/O/13FPRTzIwozAVdRdGhjrFxxeo/YjUdE=,tag:aLNBq5qlxpJptIhGqLMCxg==,type:str]
|
||||
SECRET_OVENMEDIAENGINE_ACCESSTOKEN=ENC[AES256_GCM,data:5wq3Eh0MR/yZ09VIOCoiPO4bxRHkMU3S8AVlsR0BZVQpm/q/8WBjh+E7rxb2NlX+D2Lsdsy2VkGVKlD7DU2ysOe+h40HmxmW66A9dZAS/IoQfxfE3QXquVmHrRvdd7GEPi36sw51ZDstfWiL1YRA0TV6mfAi+Z/1UgD3bMlL7QI=,iv:rczJrTn9trKCWd1qdw1DyZDdLhjEE8nfNysYtkiXV1s=,tag:Gnd8kEAGLScgRW5ffWiOpQ==,type:str]
|
||||
SECRET_FIREFLY_APP_KEY=ENC[AES256_GCM,data:3QESMqZ4oVXlczAALYAPBgPcP/PZKF8gyhK6efYU4Jk=,iv:xNd99n5fwWG/6Aa1ZCDRaRHOq5Cj3tjIHVS3KnGesPM=,tag:oWn0Bx2XYOaqYvGpqMMQJg==,type:str]
|
||||
SECRET_FIREFLY_PG_SUPER_PASS=ENC[AES256_GCM,data:5xfK7H3pl1mLlhgehQu+zLrT5RB+2N5oD30zoTNpWzAzKWtsUghV42D6nT8lFAhdFK0IAE8aQFwE4jjgVLUsn3mdwNYHQehp3fHEUpRUBP9quq8YmL+alhSE,iv:qXDnjdj2PLw7BYL1OVFXYOLb4dlwK1K18mdkUyR2mn8=,tag:pxc4154huxbvBAlmloDfAA==,type:str]
|
||||
SECRET_FIREFLY_PG_DBNAME=ENC[AES256_GCM,data:3EA1/0emxdAbSdIxpcSAr6hjA6nGwIT5izab0fzR,iv:lnLSBreHziLwHFBP+fKAoTOzUAC/L+TCVQJB6RkdJtg=,tag:NiX/M8WAz+qLm/1zt55sXQ==,type:str]
|
||||
SECRET_FIREFLY_PG_USER=ENC[AES256_GCM,data:+0n0LWhlYfcgyrQZPaN/JHk9HNIKspJLEIS4QXUB,iv:ShpL1UA0EzkLdg/k7/33XjsdP5cTA5x+1l/iSOMLrxA=,tag:vfkj00ciXtpbVZqQ5Eicfg==,type:str]
|
||||
sops_lastmodified=2023-07-16T22:13:41Z
|
||||
sops_unencrypted_suffix=_unencrypted
|
||||
sops_version=3.7.3
|
||||
sops_age__list_0__map_recipient=age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj
|
||||
sops_lastmodified=2023-06-24T22:17:31Z
|
||||
sops_pgp__list_0__map_enc=-----BEGIN PGP MESSAGE-----\n\nhF4DAAAAAAAAAAASAQdANDTQwVjZ/Ad3iqBe0LL2sGCrEvrl6W6VaMjFgJCUkzYw\nwASmi9Y/OqREXtEItA1rKZDTM38LuMfcU4vAeEV0SNWlW5CQquN8UpLwMATrBdXr\n0lwBcvIZFLbbnfqFAdJ1EzbRWvHuh+yn5DBMH+odm3ZLaJqiiV9EaWhfl2rdIOr4\nPJQf6Ev1hueWmc9H45a8nvwH8sOl9MH9hl3TW7o9JOOhGmZ4BBVaSJW6f0UiZw==\n=iSQg\n-----END PGP MESSAGE-----\n
|
||||
sops_pgp__list_0__map_created_at=2023-06-01T18:01:07Z
|
||||
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxalh5ckhGWGxFTmFqSDQv\ndXlPOUlyYVNkWHA5VGN2TERvaWtWMHlJdFRNCnQ1NlJldEgxb2E0VEdVSDVpbHp5\nZEpTMEQ5dWU0Q2ZWTFBOZFp5Ti95ejQKLS0tIDF0c3VlazRzVWtVQ1JXT3hyTWNN\nWXpUSUNydGY4V04xZ2dTSzlvWmNOTGsKQ3rimeB7zqB4dYMp1pR1AOltXk+GhGsb\ns0jDxr/SiPUaiYoVCY4fqu9geXNRDGlPh3T2Lhs9Siif4Vnc8qTQBw==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_mac=ENC[AES256_GCM,data:Q97o4w/Ge5ZNtrei4yuwqPhZcVGAVfyAgvaGSiUvb5Sav/u4+T2uxZSdbf5p+nlLgszVo5CmW7hw1dvn1edKTB/RqHCJk2U/Ue1cpWZ8M/3rj3IioR4GybHIxKpQiTNCmIBn00YJx8l+0new0ohxnaWfGxsXcYboHxPninSOkpI=,iv:GLzaZSJvMjEvLCWqKajP2x9qmE9mieiaSEOQngqB0Fc=,tag:iAtNDY7Zq9lpT0E/zZTZZw==,type:str]
|
||||
sops_pgp__list_0__map_fp=31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2
|
||||
sops_version=3.7.3
|
||||
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxalh5ckhGWGxFTmFqSDQv\ndXlPOUlyYVNkWHA5VGN2TERvaWtWMHlJdFRNCnQ1NlJldEgxb2E0VEdVSDVpbHp5\nZEpTMEQ5dWU0Q2ZWTFBOZFp5Ti95ejQKLS0tIDF0c3VlazRzVWtVQ1JXT3hyTWNN\nWXpUSUNydGY4V04xZ2dTSzlvWmNOTGsKQ3rimeB7zqB4dYMp1pR1AOltXk+GhGsb\ns0jDxr/SiPUaiYoVCY4fqu9geXNRDGlPh3T2Lhs9Siif4Vnc8qTQBw==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_mac=ENC[AES256_GCM,data:JM2M/N5/PKT/S0xi4XBdc0IFHbLMFE0XWY1Fty8WSXwkVhlSd+PKVfwHHtALnp6pYTrdCb8DcIN0K0DsTmrsXQ4B8+j0Oz2QQCxIRRkFAi1Vl9SZswiidU911R/zsemKsEBO+r0fXYBD7jeX0mpSPiBSq5oDhOj3KyjZLltsviY=,iv:mxgE12LYSuuMNYVhPJm8Qi64RRqSBWi/E45D5tDycr8=,tag:4DWe6+u40VCacsECN9rkhQ==,type:str]
|
||||
sops_pgp__list_0__map_created_at=2023-06-01T18:01:07Z
|
||||
sops_age__list_0__map_recipient=age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj
|
||||
|
||||
@@ -2,6 +2,7 @@ CLUSTER_NAME=ENC[AES256_GCM,data:VEDYOJ8ZUwrG,iv:Wr1n+LLZNiB0m9PHs+jjRJssXWpvNKV
|
||||
CLUSTER_NAME_UPPER=ENC[AES256_GCM,data:brbPB3I9mZVo,iv:a4qpy23gX77lAhqtQ9Nj1YnPA420cqw+OknBEUURgDQ=,tag:jB+C2Oc2y9tUMNO881OKvw==,type:str]
|
||||
CONFIG_CILIUM_CLUSTER_ID=ENC[AES256_GCM,data:fs/S,iv:DhNm7cffZkRwtq5K6oK/z/DaWdQNVkJA1SBnur+AeFc=,tag:9UudcbEBO52EyXHPUOEfUA==,type:str]
|
||||
CONFIG_TZ=ENC[AES256_GCM,data:yjenwiH185SgIz1gDHs=,iv:zWulurvktdU7e+866iNrafkjqAuqZSnJtx8kq7RhNTM=,tag:M5IkAMqEep8dIIbHGXetIg==,type:str]
|
||||
ADMIN_EMAIL=ENC[AES256_GCM,data:wbMUdJNx+sDHW4CsPjXygR9o7NDSDw==,iv:r692Zq4sXcNuqfOfqTQOvO70XekdRcJLcvaZVrOW6Io=,tag:SoRRgPh7doIrAaI8a4iSRw==,type:str]
|
||||
USERS_1_UID=ENC[AES256_GCM,data:DY9qIA==,iv:M0E4LpIkCL4gABzOEzLVBHjGfXpPtYXb1ssezvN4D9o=,tag:wopQ/2iWx7aoxnLaQrYgFg==,type:str]
|
||||
USERS_1_ID=ENC[AES256_GCM,data:KC5Etz5c60gQ,iv:1kEHHkNqOxZVC+2InmSigQ+cnezXtZtSRTkzuaqYIAE=,tag:jMTC/BjiH8O+Tzfa//a3ig==,type:str]
|
||||
USERS_1_NAME=ENC[AES256_GCM,data:sPOtMDyiXKKt,iv:Qx2Kbrtgh6qhD5kIe4P6mEZ6H4mGhFHs1exEeiiwJew=,tag:TcmlQ+lx/3soaPDQ0WYRTA==,type:str]
|
||||
@@ -104,6 +105,8 @@ APP_DNS_ATUIN=ENC[AES256_GCM,data:Kgs4WlWUPIJYD+87,iv:uUeziXEoVAFqfUWE2o/onryjeT
|
||||
APP_UID_ATUIN=ENC[AES256_GCM,data:HYuHZ24=,iv:zHsrDTCdO0T4+RCAun8PRVyRiIlQHI4ijxIn+XS21x4=,tag:lFgExxN5ltzTzJtAvxy6rQ==,type:str]
|
||||
APP_DNS_MINIFLUX=ENC[AES256_GCM,data:BbbqsaMScHlifA==,iv:fIj1yKEoPyqvQoyMz5tghISWAcNL1A/3U4i2qBdt22c=,tag:/AVqrNyeL+Dm+F79ZbxyFA==,type:str]
|
||||
APP_UID_MINIFLUX=ENC[AES256_GCM,data:voTUTRE=,iv:uI1q5m+6yoQU+PtGVTrHU5uEgeC34Uow6g4gu8Agk3E=,tag:0/x8Il74NMp7gssnPNn61Q==,type:str]
|
||||
APP_DNS_FIREFLY=ENC[AES256_GCM,data:Z63+ioekJKPZatek,iv:BOx+OthYjX6Gwn8XxHPUIS9dHcF9yAN70iIO7rwfrMA=,tag:Cm384NVsLFjTjtphYRfZUw==,type:str]
|
||||
APP_UID_FIREFLY=ENC[AES256_GCM,data:jWRGD+8=,iv:dVYdD0RaflZjsMLD5+PZOlvOE1RvTKGTiGrc046aVw8=,tag:M9rY2p0BdfViDh3p48wbCg==,type:str]
|
||||
APP_DNS_OVENMEDIAENGINE=ENC[AES256_GCM,data:dyvSaVilJkBbBF88NW6aIsuVx1iTZss=,iv:Gb7V+4xmtYou/r0Y7avvX/oxtuMUiQ34vNnvhV3K3d0=,tag:lCrVrZ8PQzeRL1XC3nncVg==,type:str]
|
||||
APP_IP_OVENMEDIAENGINE=ENC[AES256_GCM,data:DkdaSMMW5NOTRHA=,iv:rbSo41gsGni4JvrMEnF2JyVKDvUc94EwJCwgpFAlNCo=,tag:C8gGscAF5TEq2krvXWkE7Q==,type:str]
|
||||
APP_UID_OVENMEDIAENGINE=ENC[AES256_GCM,data:ikSvegw=,iv:uWQZ+ECxaauHa5e77lxvr0CH20Ya7+jui7gZqYCVciA=,tag:YTfpLstA7TvvxvkXwWWi7A==,type:str]
|
||||
@@ -123,12 +126,12 @@ CONFIG_ZEROTIER_ENDPOINT=ENC[AES256_GCM,data:tOyIlrzdn8sck7um7OSicq5T0XWAmymaRLn
|
||||
CONFIG_AUTHENTIK_REMOTE_HOST=ENC[AES256_GCM,data:Iv7k3CoKsLrQf0PRIfhGMCAjOU3AdweS+LFWMeEQoWc=,iv:TsRwWDUrI3zAgBgFRkZAYUNlZV0Q/gOlGjKFrheM0nE=,tag:38OGfWYEm/h/+FH7IsIH3Q==,type:str]
|
||||
CONFIG_HEADSCALE_IPV4=ENC[AES256_GCM,data:EZ7GMHA6u1wWPS5g6Pg=,iv:W1hcseQ4Q6CisTXnDLI7hWTy18fIVKtZ46tudCyhfa4=,tag:2WnnNjuZhwUPG07OKTQt2g==,type:str]
|
||||
CONFIG_OVENMEDIAENGINE_NAME=ENC[AES256_GCM,data:58CuH8bcUHWXBZA=,iv:BN7x6aAJPbzIn25sNoycsHRE5pugkubLS2VrM77+g/E=,tag:6JAsRjU0L6wbZtns3rk6KQ==,type:str]
|
||||
sops_age__list_0__map_recipient=age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj
|
||||
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSXFvLzFQaFJ0OVJKUFV5\nTWh2OUltUlpJWFlVVytFYU9VajBHSnQ4SGdjCnRVbEVXdDVyUHJrR05Ba0xvUm1l\nTkt2YmNUZy90ZFA2b3QrODFKZ01EVG8KLS0tIEw2dkd1cnFCbnI5eWxKL2o1aDVB\nN0hveXZ2dWdxQ2k2L0pGR0ROMStVTmsK4dV/hNyDjsYnVUiFQ7kqdmcVHfYyVckz\nh/rwLjcZgsup72WDVP3v6Eul8B3LKFrSb8CDFA54tyQmSdFDCQC+Zg==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_unencrypted_suffix=_unencrypted
|
||||
sops_mac=ENC[AES256_GCM,data:y1VZHReNoFV2saUsBtIp5IncWZr1JoyLBzOSv9gSoDqPO1yGSJRsWqnNZhdbzNBTeKrcaZIxldFHiUFwPGHa3pEadkhNHcPOv1uidsKoeJUm1hI1gGcJPj5j6oyK+vtOd2GpiUjurKDhvkaRGuCUit3UoX5LofoWigG5xFtK7tI=,iv:VPyRzB4/gur1qEWqi70R26EGCGrfhJmABpU3eQ56M00=,tag:fx6QDKZW7rS51T4OKC/81g==,type:str]
|
||||
sops_pgp__list_0__map_fp=31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2
|
||||
sops_age__list_0__map_recipient=age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj
|
||||
sops_mac=ENC[AES256_GCM,data:TZqTBrYmSQiIo6GFhGXYKeeh6gTieYisfRtInXXD7nfGPyJCnLICC8Rajt59AoA5R2gSTwJXo+Wi4OC8mVeLS8ckf5EllOZeRhEhbygj5R1HQlqjHn3Vgw8vGy1fcbLxBwShYfVPXS+3trMPqMFv7fvwzzN1JAIRN47tNG5E+Ao=,iv:CATKvcj7Qyc+LfL/vmDuKBOMnkkGgyf1BfQWo4NGuxA=,tag:D6op/eANwVDl72HpzzOgcA==,type:str]
|
||||
sops_version=3.7.3
|
||||
sops_lastmodified=2023-06-29T21:14:36Z
|
||||
sops_pgp__list_0__map_created_at=2023-06-01T18:01:04Z
|
||||
sops_pgp__list_0__map_enc=-----BEGIN PGP MESSAGE-----\n\nhF4DAAAAAAAAAAASAQdAbA35718t0WVKrjQFYUPviCb0lVuh8NpfSdJCHjHcWWww\n8ak4q4VL69tZLSjQHx+VsMmKooknxWz6pw0lGxyDYlZMQ81bodInjaZGFZSz8Uuh\n0l4BhDCNDBBALTrnTliz6/DAHvmavI4UxMHost5alFio9JPkTDNmXZyvcy1/R6aw\n/uhQXLUBRvm0TSOhBZb7d0SLkLfe02Um40w1TibpKXsZz1GOMbPRNBMHHra0QIuQ\n=0jA+\n-----END PGP MESSAGE-----\n
|
||||
sops_unencrypted_suffix=_unencrypted
|
||||
sops_lastmodified=2023-07-16T22:15:23Z
|
||||
sops_pgp__list_0__map_fp=31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2
|
||||
|
||||
@@ -53,5 +53,6 @@ resources:
|
||||
- ../../../deploy/apps/atuin/
|
||||
- ../../../deploy/apps/miniflux/
|
||||
- ../../../deploy/apps/elk/
|
||||
- ../../../deploy/apps/firefly/
|
||||
- ../../../deploy/apps/livestream/
|
||||
- ../../../deploy/apps/livestream/oven
|
||||
|
||||
127
kube/deploy/apps/firefly/app/hr.yaml
Normal file
127
kube/deploy/apps/firefly/app/hr.yaml
Normal file
@@ -0,0 +1,127 @@
|
||||
---
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: &app firefly
|
||||
namespace: *app
|
||||
spec:
|
||||
chart:
|
||||
spec:
|
||||
chart: app-template
|
||||
version: 1.5.1
|
||||
sourceRef:
|
||||
name: bjw-s
|
||||
kind: HelmRepository
|
||||
namespace: flux-system
|
||||
values:
|
||||
global:
|
||||
fullnameOverride: *app
|
||||
automountServiceAccountToken: false
|
||||
controller:
|
||||
type: deployment
|
||||
replicas: 1
|
||||
image:
|
||||
repository: docker.io/fireflyiii/core
|
||||
tag: version-6.0.17
|
||||
podLabels:
|
||||
ingress.home.arpa/nginx: "allow"
|
||||
env:
|
||||
TZ: "${CONFIG_TZ}"
|
||||
APP_ENV: "production"
|
||||
APP_DEBUG: "false"
|
||||
LOG_CHANNEL: "stdout"
|
||||
APP_LOG_LEVEL: "notice"
|
||||
AUDIT_LOG_LEVEL: "info"
|
||||
DEFAULT_LANGUAGE: "en_US"
|
||||
DEFAULT_LOCALE: "equal"
|
||||
SITE_OWNER: "${ADMIN_EMAIL}"
|
||||
APP_KEY_FILE: &file-app-key "/secretkey"
|
||||
APP_URL: "https://${APP_DNS_FIREFLY}"
|
||||
TRUSTED_PROXIES: "*"
|
||||
COOKIE_PATH: "/"
|
||||
COOKIE_DOMAIN: "${APP_DNS_FIREFLY}"
|
||||
COOKIE_SECURE: "true"
|
||||
COOKIE_SAMESITE: "lax"
|
||||
DISABLE_FRAME_HEADER: "false" # just to be sure
|
||||
DISABLE_CSP_HEADER: "false" # just to be sure
|
||||
TRACKER_SITE_ID: "" # just to be sure
|
||||
TRACKER_URL: "" # just to be sure
|
||||
AUTHENTICATION_GUARD: "remote_user_guard"
|
||||
AUTHENTICATION_GUARD_HEADER: "X-authentik-uid"
|
||||
AUTHENTICATION_GUARD_EMAIL: "X-authentik-email"
|
||||
DB_CONNECTION: "pgsql"
|
||||
DB_HOST: "pg-firefly-rw.firefly.svc.cluster.local"
|
||||
DB_PORT: "5432"
|
||||
DB_DATABASE_FILE: &file-db-name "/db/database"
|
||||
DB_USERNAME_FILE: &file-db-user "/db/username"
|
||||
DB_PASSWORD_FILE: &file-db-pass "/db/password"
|
||||
PGSQL_SSL_MODE: "prefer"
|
||||
PGSQL_SCHEMA: "public"
|
||||
CACHE_DRIVER: "file"
|
||||
SESSION_DRIVER: "file"
|
||||
SEND_ERROR_MESSAGE: "true"
|
||||
SEND_REPORT_JOURNALS: "false"
|
||||
ENABLE_EXTERNAL_RATES: "true"
|
||||
ALLOW_WEBHOOKS: "false"
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
http:
|
||||
port: 8080
|
||||
ingress:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
ingressClassName: nginx
|
||||
hosts:
|
||||
- host: &host "${APP_DNS_FIREFLY}"
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- hosts:
|
||||
- *host
|
||||
podSecurityContext:
|
||||
runAsUser: &uid ${APP_UID_FIREFLY}
|
||||
runAsGroup: *uid
|
||||
fsGroup: *uid
|
||||
fsGroupChangePolicy: Always
|
||||
persistence:
|
||||
data:
|
||||
enabled: true
|
||||
existingClaim: firefly-uploads
|
||||
mountPath: "/var/www/html/firefly-iii/storage/upload"
|
||||
app-key:
|
||||
enabled: true
|
||||
type: secret
|
||||
name: firefly-secrets
|
||||
subPath: app-key
|
||||
mountPath: *file-app-key
|
||||
readOnly: true
|
||||
db-database:
|
||||
enabled: true
|
||||
type: secret
|
||||
name: firefly-secrets
|
||||
subPath: db-name
|
||||
mountPath: *file-db-name
|
||||
readOnly: true
|
||||
db-username:
|
||||
enabled: true
|
||||
type: secret
|
||||
name: pg-firefly-app
|
||||
subPath: username
|
||||
mountPath: *file-db-user
|
||||
readOnly: true
|
||||
db-password:
|
||||
enabled: true
|
||||
type: secret
|
||||
name: pg-firefly-app
|
||||
subPath: password
|
||||
mountPath: *file-db-pass
|
||||
readOnly: true
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 200Mi
|
||||
limits:
|
||||
memory: 500Mi
|
||||
18
kube/deploy/apps/firefly/app/netpol.yaml
Normal file
18
kube/deploy/apps/firefly/app/netpol.yaml
Normal file
@@ -0,0 +1,18 @@
|
||||
---
|
||||
apiVersion: cilium.io/v2
|
||||
kind: CiliumNetworkPolicy
|
||||
metadata:
|
||||
name: &app firefly
|
||||
namespace: *app
|
||||
spec:
|
||||
endpointSelector: {}
|
||||
ingress:
|
||||
# same namespace
|
||||
- fromEndpoints:
|
||||
- matchLabels:
|
||||
io.kubernetes.pod.namespace: *app
|
||||
egress:
|
||||
# same namespace
|
||||
- toEndpoints:
|
||||
- matchLabels:
|
||||
io.kubernetes.pod.namespace: *app
|
||||
15
kube/deploy/apps/firefly/app/pvc.yaml
Normal file
15
kube/deploy/apps/firefly/app/pvc.yaml
Normal file
@@ -0,0 +1,15 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: firefly-uploads
|
||||
labels:
|
||||
app.kubernetes.io/name: firefly
|
||||
app.kubernetes.io/instance: firefly
|
||||
spec:
|
||||
storageClassName: file
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 10Gi
|
||||
10
kube/deploy/apps/firefly/app/secrets.yaml
Normal file
10
kube/deploy/apps/firefly/app/secrets.yaml
Normal file
@@ -0,0 +1,10 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: "firefly-secrets"
|
||||
namespace: "firefly"
|
||||
type: Opaque
|
||||
stringData:
|
||||
app-key: "${SECRET_FIREFLY_APP_KEY}"
|
||||
db-name: "${SECRET_FIREFLY_PG_DBNAME}"
|
||||
36
kube/deploy/apps/firefly/app/volsync.yaml
Normal file
36
kube/deploy/apps/firefly/app/volsync.yaml
Normal file
@@ -0,0 +1,36 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: firefly-restic
|
||||
namespace: firefly
|
||||
type: Opaque
|
||||
stringData:
|
||||
RESTIC_REPOSITORY: ${SECRET_VOLSYNC_R2_REPO}/firefly
|
||||
RESTIC_PASSWORD: ${SECRET_VOLSYNC_PASSWORD}
|
||||
AWS_ACCESS_KEY_ID: ${SECRET_VOLSYNC_R2_ID}
|
||||
AWS_SECRET_ACCESS_KEY: ${SECRET_VOLSYNC_R2_KEY}
|
||||
---
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: firefly-restic
|
||||
namespace: firefly
|
||||
spec:
|
||||
sourcePVC: firefly-uploads
|
||||
trigger:
|
||||
schedule: "0 6 * * *"
|
||||
restic:
|
||||
copyMethod: Snapshot
|
||||
pruneIntervalDays: 14
|
||||
repository: firefly-restic
|
||||
cacheCapacity: 2Gi
|
||||
volumeSnapshotClassName: file
|
||||
storageClassName: file
|
||||
moverSecurityContext:
|
||||
runAsUser: ${UID}
|
||||
runAsGroup: ${UID}
|
||||
fsGroup: ${UID}
|
||||
retain:
|
||||
daily: 14
|
||||
within: 7d
|
||||
53
kube/deploy/apps/firefly/ks.yaml
Normal file
53
kube/deploy/apps/firefly/ks.yaml
Normal file
@@ -0,0 +1,53 @@
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: firefly-app
|
||||
namespace: flux-system
|
||||
labels:
|
||||
wait.flux.home.arpa/disabled: "true"
|
||||
spec:
|
||||
path: ./kube/deploy/apps/firefly/app
|
||||
dependsOn:
|
||||
- name: 1-core-ingress-nginx-app
|
||||
- name: firefly-db
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: firefly-db
|
||||
namespace: flux-system
|
||||
labels:
|
||||
substitution.flux.home.arpa/disabled: "true"
|
||||
spec:
|
||||
path: ./kube/deploy/core/db/pg/clusters/template
|
||||
dependsOn:
|
||||
- name: 1-core-db-pg-app
|
||||
postBuild:
|
||||
substitute:
|
||||
PG_APP_NAME: &app "firefly"
|
||||
PG_APP_NS: *app
|
||||
PG_CONFIG_VERSION: "15.2-11"
|
||||
PG_CONFIG_SIZE: "20Gi"
|
||||
PG_DB_REBUILD: "v1"
|
||||
PG_DB_LCOLLATE: "en_US.utf8"
|
||||
PG_DB_LCTYPE: "en_US.utf8"
|
||||
substituteFrom:
|
||||
- kind: Secret
|
||||
name: "firefly-db-secret"
|
||||
optional: false
|
||||
- kind: Secret
|
||||
name: "${CLUSTER_NAME}-vars"
|
||||
optional: false
|
||||
- kind: Secret
|
||||
name: "${CLUSTER_NAME}-secrets"
|
||||
optional: false
|
||||
healthChecks:
|
||||
- name: pg-firefly-s3
|
||||
namespace: firefly
|
||||
kind: ObjectBucketClaim
|
||||
apiVersion: objectbucket.io/v1alpha1
|
||||
- name: pg-firefly
|
||||
namespace: firefly
|
||||
kind: Cluster
|
||||
apiVersion: postgresql.cnpg.io/v1
|
||||
7
kube/deploy/apps/firefly/kustomization.yaml
Normal file
7
kube/deploy/apps/firefly/kustomization.yaml
Normal file
@@ -0,0 +1,7 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- secret-pg.yaml
|
||||
- ns.yaml
|
||||
- ks.yaml
|
||||
5
kube/deploy/apps/firefly/ns.yaml
Normal file
5
kube/deploy/apps/firefly/ns.yaml
Normal file
@@ -0,0 +1,5 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: firefly
|
||||
11
kube/deploy/apps/firefly/secret-pg.yaml
Normal file
11
kube/deploy/apps/firefly/secret-pg.yaml
Normal file
@@ -0,0 +1,11 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: "firefly-db-secret"
|
||||
namespace: "flux-system"
|
||||
type: Opaque
|
||||
stringData:
|
||||
PG_DB_NAME: "${SECRET_FIREFLY_PG_DBNAME}"
|
||||
PG_DB_USER: "${SECRET_FIREFLY_PG_USER}"
|
||||
PG_SUPER_PASS: "${SECRET_FIREFLY_PG_SUPER_PASS}"
|
||||
Reference in New Issue
Block a user