mirror of
https://github.com/outbackdingo/Biohazard.git
synced 2026-03-21 10:39:43 +00:00
feat(neko): add xfce
This commit is contained in:
JJGadgets
@@ -92,12 +92,14 @@ SECRET_ADMIN_SSH_PUBKEY_4=ENC[AES256_GCM,data:LbOsXrAJ7bN9hKH2caLAh7n9uKM8dN+dZZ
|
||||
SECRET_SOFT_SERVE_PG_USER=ENC[AES256_GCM,data:AoWziImY3+61gbzDdSWl6CAfqx4=,iv:t8hovrN43fpG1B2dPTmh6X4mxC8Ss97DV2Ms/FBpXZ4=,tag:kfgRcN3272WK1zULMTalIg==,type:str]
|
||||
SECRET_SOFT_SERVE_PG_PASS=ENC[AES256_GCM,data:GUzxtIwYyDiyUvdVUCrlw+lLJIhanUOGiI3SdLajRURseoZNNRjmp4gZ5YFXS1kLpt9hcigSDDaJbtaySdW0ZyD3gpRtDcHSKRyL6RjmW/lqTYrKmUizefxR,iv:OQ8nQgBgE6LKsB+xd6htB9dGqVmbjuOapT0Js+gQvew=,tag:KcBJBTC+L8/lXGxkj16d+w==,type:str]
|
||||
SECRET_SOFT_SERVE_PG_DBNAME=ENC[AES256_GCM,data:Gl8L9+Vo34EvTAQ3FQ8fYVGZqEs=,iv:ZCC3qVRFSST4/G21kHOuubYQUWYn1fhKNvC/ihSy7zo=,tag:5RtzoHgQf0POt+hLvRAGgQ==,type:str]
|
||||
sops_lastmodified=2023-08-07T02:20:50Z
|
||||
sops_age__list_0__map_recipient=age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj
|
||||
sops_mac=ENC[AES256_GCM,data:MTmw5/Ev22yxavsi60BKdqAj38m4Zx4QjIIimP/a5vVFYbxAj9mRXWs1L/XoQVSCdNe3EPJ2+t12uMx626ArDcr3XeWnmzdMeOF2JmvUL4DlOavrVwraOVp+uZ9YAK8fWvTa0W9wkkazKNnlFPxqU72IPTJTf3JKo3lZLGIoXQo=,iv:G5Rl+gwmGnbc60RoaiKVwt8uyb8arELf0buBgZdymRo=,tag:s0fuqb7DKWu+61s/jqIc/A==,type:str]
|
||||
SECRET_NEKO_XFCE_USER_PASSWORD=ENC[AES256_GCM,data:BylehHbX5P7nux34Cp4uQOwxJS1+OMG+lX+Td1JXsVq2F3x3uWvc2Yi91OZp3tDHFkalZ3/f7qK4TRJxbGnWq+UdetIXeJMQdha4t8DveSQpTG/EmXe890Fy,iv:C83AiZZxzu6DbCigikCoBbvrpwfHlc8LBptcHaJHIw0=,tag:nrldolyiIQOiTl6FpbjagQ==,type:str]
|
||||
SECRET_NEKO_XFCE_ADMIN_PASSWORD=ENC[AES256_GCM,data:lOl3nfvDaX3aRWDAyjouZdpjhWaTtg9g5XD9JY8Qe2lrtjEGYwlrnkNlerOEVtcHP1LQA5EKWMXD6RLAYuiMM0i0SgRwHaXUH3nhC3X6Z/H8oKZHVQeqd+gn,iv:HmkRe916M/rGi8f0Ky+7rUcv9NPf0g5dsJE7875euvM=,tag:1kG9f1ipuU/svvdJB/tmlw==,type:str]
|
||||
sops_lastmodified=2023-08-09T04:49:00Z
|
||||
sops_pgp__list_0__map_created_at=2023-06-01T18:01:07Z
|
||||
sops_pgp__list_0__map_enc=-----BEGIN PGP MESSAGE-----\n\nhF4DAAAAAAAAAAASAQdANDTQwVjZ/Ad3iqBe0LL2sGCrEvrl6W6VaMjFgJCUkzYw\nwASmi9Y/OqREXtEItA1rKZDTM38LuMfcU4vAeEV0SNWlW5CQquN8UpLwMATrBdXr\n0lwBcvIZFLbbnfqFAdJ1EzbRWvHuh+yn5DBMH+odm3ZLaJqiiV9EaWhfl2rdIOr4\nPJQf6Ev1hueWmc9H45a8nvwH8sOl9MH9hl3TW7o9JOOhGmZ4BBVaSJW6f0UiZw==\n=iSQg\n-----END PGP MESSAGE-----\n
|
||||
sops_pgp__list_0__map_fp=31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2
|
||||
sops_version=3.7.3
|
||||
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxalh5ckhGWGxFTmFqSDQv\ndXlPOUlyYVNkWHA5VGN2TERvaWtWMHlJdFRNCnQ1NlJldEgxb2E0VEdVSDVpbHp5\nZEpTMEQ5dWU0Q2ZWTFBOZFp5Ti95ejQKLS0tIDF0c3VlazRzVWtVQ1JXT3hyTWNN\nWXpUSUNydGY4V04xZ2dTSzlvWmNOTGsKQ3rimeB7zqB4dYMp1pR1AOltXk+GhGsb\ns0jDxr/SiPUaiYoVCY4fqu9geXNRDGlPh3T2Lhs9Siif4Vnc8qTQBw==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_unencrypted_suffix=_unencrypted
|
||||
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxalh5ckhGWGxFTmFqSDQv\ndXlPOUlyYVNkWHA5VGN2TERvaWtWMHlJdFRNCnQ1NlJldEgxb2E0VEdVSDVpbHp5\nZEpTMEQ5dWU0Q2ZWTFBOZFp5Ti95ejQKLS0tIDF0c3VlazRzVWtVQ1JXT3hyTWNN\nWXpUSUNydGY4V04xZ2dTSzlvWmNOTGsKQ3rimeB7zqB4dYMp1pR1AOltXk+GhGsb\ns0jDxr/SiPUaiYoVCY4fqu9geXNRDGlPh3T2Lhs9Siif4Vnc8qTQBw==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_mac=ENC[AES256_GCM,data:EYL1uG1ZQ6QNDtc8sT3iQBXFnLqCSxNMfozxoNl6kL9gWUKpXZv8RkLDvmUtcpU5T3vznM90LpK0LphpazvWscmaRJY6zYG5iIblPpSNecKMkx2pw7IXvYr3ENKxO1utJvJ7Jwmuq4x4KZSmUiAxIgAqQxsUYqTip5TOcupwck8=,iv:oTYh8PIJ74zBio+EqEnkxD8urevB6I174sWQEX6raMk=,tag:gMnffrbXmRTaWAWwVvzA9Q==,type:str]
|
||||
sops_version=3.7.3
|
||||
sops_age__list_0__map_recipient=age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj
|
||||
|
||||
@@ -132,6 +132,15 @@ APP_DNS_SOFT_SERVE=ENC[AES256_GCM,data:sLfoJfeEI8hZpQ==,iv:IEgTevFxve1iMtjnuGgtm
|
||||
APP_DNS_SOFT_SERVE_HTTPS=ENC[AES256_GCM,data:cqyOSwAqoCGkj6g=,iv:reGfB0BGgn2NeaTjGyZ/PwJZZJv02XLs4+8XcPUPNxQ=,tag:ZIspovR5scJcMesb3mXi0A==,type:str]
|
||||
APP_IP_SOFT_SERVE=ENC[AES256_GCM,data:9k1IB1HRR9WHD6jS,iv:9Ybhz0UckiuFRRIeaqfqCmGqpAeyBfGXLNkDp6Pdq9k=,tag:8l7msewWHZFCVCQEMbCYRQ==,type:str]
|
||||
APP_UID_SOFT_SERVE=ENC[AES256_GCM,data:KdcXyYI=,iv:+qDOkWcxNm4cONEo5Q1u67UwShVbtVADddh7GjxGYHg=,tag:BVEe66cpMMeEIKJkmic96A==,type:str]
|
||||
APP_DNS_NEKO_XFCE=ENC[AES256_GCM,data:X2qh7/i6IQeDZgI=,iv:KYProjKkutUSvnUvl/Xw1MPcgAhTanWVFSDFmQBrVpo=,tag:w+6MQ0ppVt8ImVUC0stcqA==,type:str]
|
||||
APP_IP_NEKO_XFCE=ENC[AES256_GCM,data:mQnENTlh4ex62MGX,iv:LvYbyD5Wqosm7zhtmez52Q1utstdkAPNndLMqzD0eH0=,tag:nvoeu/7MeYfg7u3DqWU//w==,type:str]
|
||||
APP_UID_NEKO_XFCE=ENC[AES256_GCM,data:gdBYxw==,iv:2XW9QyctihMHU+Dhud/tWD5J09ORGtEUaeCdRp3tKR0=,tag:w0yeOuHRtQWzZ3z2Lc+9QQ==,type:str]
|
||||
APP_DNS_NEKO_FIREFOX=ENC[AES256_GCM,data:Zn2tA94irbmaYrA4DsQ=,iv:749OXzSCKPp5216oGXd08lPYDmtksX5Ba11CLG4Btd4=,tag:C0nfP1oc4A4DzOlhPe9L/w==,type:str]
|
||||
APP_IP_NEKO_FIREFOX=ENC[AES256_GCM,data:FW4kONbT5gS04bmD,iv:I56V9DTO5m+3XkBTpHi6obC/mBT/NbsnaXqQyfuC/30=,tag:ns46QyV9bRVN4SHpW5LzhA==,type:str]
|
||||
APP_UID_NEKO_FIREFOX=ENC[AES256_GCM,data:YxS15sQ=,iv:wQCmX8j6DU3/E7qLfOC56AfMAI5BxEzUEJVsMA4YKng=,tag:6sLu+cpAK/KtEVQpBlh2LA==,type:str]
|
||||
APP_DNS_NEKO_CHROME=ENC[AES256_GCM,data:ZOIEQ9VSiiHpc24fEw==,iv:dOhuBg+lW27ohz0ffYaMV5e9TZC+HYlufwtIfAgnsV0=,tag:nP4Xk5nQrb0LiWwSbLf9Nw==,type:str]
|
||||
APP_IP_NEKO_CHROME=ENC[AES256_GCM,data:2HiM3lV/G2O3ScuQ,iv:oVv3s8nAbP9iVPK2W4pHng6bSHrpAHT3u5144UMJWRg=,tag:e+Cask6syEa44c88je2Q9g==,type:str]
|
||||
APP_UID_NEKO_CHROME=ENC[AES256_GCM,data:mRgGf9g=,iv:6SREW1PI5WpaK3ov9M5vdtb4NYvi4Kv69T2mJck1JP8=,tag:T8JhM3gl94KyjBXyZAVEKg==,type:str]
|
||||
CONFIG_MINECRAFT_OPS=ENC[AES256_GCM,data:al3glJDrtuqtTM2z4W7n+tPNf6XVfK64Jdb9s5RAE5NUwxyK,iv:kYqlsOabsa2iBZKgqjOpFYJo0DMFuoo3ZWCqb/Xzi5c=,tag:nIqPXvBvxdi8crMj1CYsEw==,type:str]
|
||||
CONFIG_MINECRAFT_ICON=ENC[AES256_GCM,data:nNzsyRclLnPZ+8Td/WJg2u8V/QKf/xowrghmTaKRNb9a5BMOxtzmiyAt6Us8OoY=,iv:b7fHZQdOjc4oCCLtLhopNg6G7IS2u9NUdBLCN6CjSKc=,tag:+cPgP1oK/9+EK2tB9Y45zw==,type:str]
|
||||
CONFIG_MINECRAFT_NAME=ENC[AES256_GCM,data:1qSqJGmGON9BhJKRJA==,iv:Sdwq0LLLdBQlr3m+0Ey2IE9FcRtVKOtXsswLMMp9A5A=,tag:WpaTzqSO3+N+vnJkGI+pCQ==,type:str]
|
||||
@@ -148,12 +157,12 @@ CONFIG_HEADSCALE_IPV4=ENC[AES256_GCM,data:EZ7GMHA6u1wWPS5g6Pg=,iv:W1hcseQ4Q6CisT
|
||||
CONFIG_OVENMEDIAENGINE_NAME=ENC[AES256_GCM,data:58CuH8bcUHWXBZA=,iv:BN7x6aAJPbzIn25sNoycsHRE5pugkubLS2VrM77+g/E=,tag:6JAsRjU0L6wbZtns3rk6KQ==,type:str]
|
||||
CONFIG_THELOUNGE_USERNAME=ENC[AES256_GCM,data:+C2aABtqq8YG,iv:4DYpguAvmaqPedRgrflDlKfX5jJEhyWXKuRS+UVgHLo=,tag:vfJko+R2D8ct7KZC2Vnujw==,type:str]
|
||||
CONFIG_THELOUNGE_JOIN=ENC[AES256_GCM,data:ocuC,iv:9Cn9zp2+iIVrEXYxklEtkpftmJwTGsWnff2xIG9KNec=,tag:3UL9Gn+kHoXu+40CFkP7sg==,type:str]
|
||||
sops_pgp__list_0__map_enc=-----BEGIN PGP MESSAGE-----\n\nhF4DAAAAAAAAAAASAQdAbA35718t0WVKrjQFYUPviCb0lVuh8NpfSdJCHjHcWWww\n8ak4q4VL69tZLSjQHx+VsMmKooknxWz6pw0lGxyDYlZMQ81bodInjaZGFZSz8Uuh\n0l4BhDCNDBBALTrnTliz6/DAHvmavI4UxMHost5alFio9JPkTDNmXZyvcy1/R6aw\n/uhQXLUBRvm0TSOhBZb7d0SLkLfe02Um40w1TibpKXsZz1GOMbPRNBMHHra0QIuQ\n=0jA+\n-----END PGP MESSAGE-----\n
|
||||
sops_unencrypted_suffix=_unencrypted
|
||||
sops_version=3.7.3
|
||||
sops_mac=ENC[AES256_GCM,data:p9MOYBQ/YBr7iv28s1NMQ+GOWoD9XgEmvomg4B6tVMRM1SXeFM+hvvbrCXGt+an1XMQ/OT31+ZxSiisSlZqVIama07maTi4FWexQOy55/rBkHJrYOZa1COknuF7T3Tp6hbwIUAoJcCn/bffdUuLlHlrOQjRFLg6CTe/bGR0+w8o=,iv:3bVP0OPqJ9k9sdO9d+L/BrCYfEcYoJYeMw7GZwMVKbc=,tag:srEQsUDDgID6iZ6uis8GhA==,type:str]
|
||||
sops_age__list_0__map_recipient=age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj
|
||||
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSXFvLzFQaFJ0OVJKUFV5\nTWh2OUltUlpJWFlVVytFYU9VajBHSnQ4SGdjCnRVbEVXdDVyUHJrR05Ba0xvUm1l\nTkt2YmNUZy90ZFA2b3QrODFKZ01EVG8KLS0tIEw2dkd1cnFCbnI5eWxKL2o1aDVB\nN0hveXZ2dWdxQ2k2L0pGR0ROMStVTmsK4dV/hNyDjsYnVUiFQ7kqdmcVHfYyVckz\nh/rwLjcZgsup72WDVP3v6Eul8B3LKFrSb8CDFA54tyQmSdFDCQC+Zg==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_pgp__list_0__map_fp=31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2
|
||||
sops_pgp__list_0__map_created_at=2023-06-01T18:01:04Z
|
||||
sops_lastmodified=2023-08-07T02:08:36Z
|
||||
sops_pgp__list_0__map_enc=-----BEGIN PGP MESSAGE-----\n\nhF4DAAAAAAAAAAASAQdAbA35718t0WVKrjQFYUPviCb0lVuh8NpfSdJCHjHcWWww\n8ak4q4VL69tZLSjQHx+VsMmKooknxWz6pw0lGxyDYlZMQ81bodInjaZGFZSz8Uuh\n0l4BhDCNDBBALTrnTliz6/DAHvmavI4UxMHost5alFio9JPkTDNmXZyvcy1/R6aw\n/uhQXLUBRvm0TSOhBZb7d0SLkLfe02Um40w1TibpKXsZz1GOMbPRNBMHHra0QIuQ\n=0jA+\n-----END PGP MESSAGE-----\n
|
||||
sops_pgp__list_0__map_fp=31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2
|
||||
sops_version=3.7.3
|
||||
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSXFvLzFQaFJ0OVJKUFV5\nTWh2OUltUlpJWFlVVytFYU9VajBHSnQ4SGdjCnRVbEVXdDVyUHJrR05Ba0xvUm1l\nTkt2YmNUZy90ZFA2b3QrODFKZ01EVG8KLS0tIEw2dkd1cnFCbnI5eWxKL2o1aDVB\nN0hveXZ2dWdxQ2k2L0pGR0ROMStVTmsK4dV/hNyDjsYnVUiFQ7kqdmcVHfYyVckz\nh/rwLjcZgsup72WDVP3v6Eul8B3LKFrSb8CDFA54tyQmSdFDCQC+Zg==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_lastmodified=2023-08-09T04:46:48Z
|
||||
sops_mac=ENC[AES256_GCM,data:4bp6wNlsAJ2p8fkPbSWaR5wuNtEsmtTtedPkzOz1x4F7095xD/fa5rIwrf5CneDdtsxxYjqNh9kGOasLdO2lpBPHf6Kcxwp5oyfXXxoAO5cgwEeSFAZRM2DNWKZPrvZXkxekXjs9+eXJyOQxv0bmDpW8sGMwUMjwhtFWuTUHdRk=,iv:zwzydf34ut5ePu+kbkQLHpSmF61TY+B+KSGRHsIGtb0=,tag:EcONudU/OpEaFWPL0OQCbw==,type:str]
|
||||
sops_unencrypted_suffix=_unencrypted
|
||||
sops_age__list_0__map_recipient=age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj
|
||||
|
||||
@@ -60,4 +60,5 @@ resources:
|
||||
- ../../../deploy/apps/libreddit/
|
||||
- ../../../deploy/apps/livestream/
|
||||
- ../../../deploy/apps/livestream/oven
|
||||
- ../../../deploy/apps/soft-serve/
|
||||
- ../../../deploy/apps/soft-serve/
|
||||
- ../../../deploy/apps/neko/
|
||||
9
kube/deploy/apps/neko/ks.yaml
Normal file
9
kube/deploy/apps/neko/ks.yaml
Normal file
@@ -0,0 +1,9 @@
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: neko-xfce
|
||||
namespace: flux-system
|
||||
spec:
|
||||
path: ./kube/deploy/apps/neko/xfce
|
||||
dependsOn: []
|
||||
6
kube/deploy/apps/neko/kustomization.yaml
Normal file
6
kube/deploy/apps/neko/kustomization.yaml
Normal file
@@ -0,0 +1,6 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ns.yaml
|
||||
- ks.yaml
|
||||
5
kube/deploy/apps/neko/ns.yaml
Normal file
5
kube/deploy/apps/neko/ns.yaml
Normal file
@@ -0,0 +1,5 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: neko
|
||||
97
kube/deploy/apps/neko/xfce/hr.yaml
Normal file
97
kube/deploy/apps/neko/xfce/hr.yaml
Normal file
@@ -0,0 +1,97 @@
|
||||
---
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: &app neko-xfce
|
||||
namespace: neko
|
||||
spec:
|
||||
chart:
|
||||
spec:
|
||||
chart: app-template
|
||||
version: 1.5.1
|
||||
sourceRef:
|
||||
name: bjw-s
|
||||
kind: HelmRepository
|
||||
namespace: flux-system
|
||||
values:
|
||||
global:
|
||||
fullnameOverride: *app
|
||||
automountServiceAccountToken: false
|
||||
controller:
|
||||
type: deployment
|
||||
replicas: 1
|
||||
image:
|
||||
repository: ghcr.io/m1k1o/neko/xfce
|
||||
tag: 2.8.8@sha256:d44e5b7f8b4968841a86860c402c008816fdc0eabc7eff39f42bc6c50670f78f
|
||||
podLabels:
|
||||
ingress.home.arpa/nginx: "allow"
|
||||
egress.home.arpa/world: "allow"
|
||||
env:
|
||||
TZ: "${CONFIG_TZ}"
|
||||
NEKO_SCREEN: "1920x1080@60"
|
||||
NEKO_MAX_FPS: "60"
|
||||
NEKO_UDPMUX: &rtc "13100"
|
||||
NEKO_TCPMUX: *rtc
|
||||
NEKO_NAT1TO1: &LB-IP "${APP_IP_NEKO_XFCE}"
|
||||
NEKO_ICESERVERS: {valueFrom: {secretKeyRef: {name: neko-xfce-secrets, key: ice}}}
|
||||
NEKO_PASSWORD: {valueFrom: {secretKeyRef: {name: neko-xfce-secrets, key: userPassword}}}
|
||||
NEKO_PASSWORD_ADMIN: {valueFrom: {secretKeyRef: {name: neko-xfce-secrets, key: adminPassword}}}
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
http:
|
||||
port: 443
|
||||
webrtc:
|
||||
enabled: true
|
||||
type: LoadBalancer
|
||||
externalTrafficPolicy: Cluster
|
||||
annotations:
|
||||
coredns.io/hostname: "${APP_DNS_NEKO_XFCE}"
|
||||
"io.cilium/lb-ipam-ips": *LB-IP
|
||||
ports:
|
||||
webrtc-udp:
|
||||
enabled: true
|
||||
port: *rtc
|
||||
protocol: UDP
|
||||
webrtc-tcp:
|
||||
enabled: true
|
||||
port: *rtc
|
||||
protocol: TCP
|
||||
ingress:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
ingressClassName: nginx
|
||||
hosts:
|
||||
- host: &host "${APP_DNS_NEKO_XFCE}"
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- hosts:
|
||||
- *host
|
||||
dnsConfig:
|
||||
options:
|
||||
- name: ndots
|
||||
value: "1"
|
||||
podSecurityContext:
|
||||
runAsUser: &uid ${APP_UID_NEKO_XFCE}
|
||||
runAsGroup: *uid
|
||||
fsGroup: *uid
|
||||
fsGroupChangePolicy: Always
|
||||
persistence:
|
||||
home:
|
||||
enabled: true
|
||||
existingClaim: "neko-xfce-home"
|
||||
mountPath: "/home"
|
||||
shm:
|
||||
enabled: true
|
||||
type: emptyDir
|
||||
mountPath: /dev/shm
|
||||
sizeLimit: 2Gi
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 128Mi
|
||||
limits:
|
||||
memory: 6000Mi
|
||||
17
kube/deploy/apps/neko/xfce/pvc.yaml
Normal file
17
kube/deploy/apps/neko/xfce/pvc.yaml
Normal file
@@ -0,0 +1,17 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: neko-xfce-home
|
||||
namespace: &app neko
|
||||
labels:
|
||||
app.kubernetes.io/name: *app
|
||||
app.kubernetes.io/instance: *app
|
||||
snapshot.home.arpa/enabled: "true"
|
||||
spec:
|
||||
storageClassName: file
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
resources:
|
||||
requests:
|
||||
storage: 50Gi
|
||||
12
kube/deploy/apps/neko/xfce/secrets.yaml
Normal file
12
kube/deploy/apps/neko/xfce/secrets.yaml
Normal file
@@ -0,0 +1,12 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: neko-xfce-secrets
|
||||
namespace: neko
|
||||
type: Opaque
|
||||
stringData:
|
||||
userPassword: "${SECRET_NEKO_XFCE_USER_PASSWORD}"
|
||||
adminPassword: "${SECRET_NEKO_XFCE_ADMIN_PASSWORD}"
|
||||
ice: |-
|
||||
[{"urls": ["stun:stun.l.google.com:19302"]}]
|
||||
36
kube/deploy/apps/neko/xfce/volsync.yaml
Normal file
36
kube/deploy/apps/neko/xfce/volsync.yaml
Normal file
@@ -0,0 +1,36 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: neko-xfce-home-restic
|
||||
namespace: neko
|
||||
type: Opaque
|
||||
stringData:
|
||||
RESTIC_REPOSITORY: ${SECRET_VOLSYNC_R2_REPO}/neko-xfce-home
|
||||
RESTIC_PASSWORD: ${SECRET_VOLSYNC_PASSWORD}
|
||||
AWS_ACCESS_KEY_ID: ${SECRET_VOLSYNC_R2_ID}
|
||||
AWS_SECRET_ACCESS_KEY: ${SECRET_VOLSYNC_R2_KEY}
|
||||
---
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: neko-xfce-home-restic
|
||||
namespace: neko
|
||||
spec:
|
||||
sourcePVC: neko-xfce-home
|
||||
trigger:
|
||||
schedule: "0 6 * * *"
|
||||
restic:
|
||||
copyMethod: Snapshot
|
||||
pruneIntervalDays: 14
|
||||
repository: neko-xfce-home-restic
|
||||
cacheCapacity: 2Gi
|
||||
volumeSnapshotClassName: file
|
||||
storageClassName: file
|
||||
moverSecurityContext:
|
||||
runAsUser: &uid ${APP_UID_NEKO_XFCE}
|
||||
runAsGroup: *uid
|
||||
fsGroup: *uid
|
||||
retain:
|
||||
daily: 14
|
||||
within: 7d
|
||||
Reference in New Issue
Block a user