From 4b9e5c2a74a32074005c8dc3f3ac4f37cbdb67d0 Mon Sep 17 00:00:00 2001 From: JJGadgets Date: Wed, 9 Aug 2023 13:00:50 +0800 Subject: [PATCH] feat(neko): add xfce --- .../biohazard/config/secrets.sops.env | 12 ++- kube/clusters/biohazard/config/vars.sops.env | 25 +++-- .../biohazard/flux/kustomization.yaml | 3 +- kube/deploy/apps/neko/ks.yaml | 9 ++ kube/deploy/apps/neko/kustomization.yaml | 6 ++ kube/deploy/apps/neko/ns.yaml | 5 + kube/deploy/apps/neko/xfce/hr.yaml | 97 +++++++++++++++++++ kube/deploy/apps/neko/xfce/pvc.yaml | 17 ++++ kube/deploy/apps/neko/xfce/secrets.yaml | 12 +++ kube/deploy/apps/neko/xfce/volsync.yaml | 36 +++++++ 10 files changed, 208 insertions(+), 14 deletions(-) create mode 100644 kube/deploy/apps/neko/ks.yaml create mode 100644 kube/deploy/apps/neko/kustomization.yaml create mode 100644 kube/deploy/apps/neko/ns.yaml create mode 100644 kube/deploy/apps/neko/xfce/hr.yaml create mode 100644 kube/deploy/apps/neko/xfce/pvc.yaml create mode 100644 kube/deploy/apps/neko/xfce/secrets.yaml create mode 100644 kube/deploy/apps/neko/xfce/volsync.yaml diff --git a/kube/clusters/biohazard/config/secrets.sops.env b/kube/clusters/biohazard/config/secrets.sops.env index 7c3c1840..1e900134 100644 --- a/kube/clusters/biohazard/config/secrets.sops.env +++ b/kube/clusters/biohazard/config/secrets.sops.env @@ -92,12 +92,14 @@ SECRET_ADMIN_SSH_PUBKEY_4=ENC[AES256_GCM,data:LbOsXrAJ7bN9hKH2caLAh7n9uKM8dN+dZZ SECRET_SOFT_SERVE_PG_USER=ENC[AES256_GCM,data:AoWziImY3+61gbzDdSWl6CAfqx4=,iv:t8hovrN43fpG1B2dPTmh6X4mxC8Ss97DV2Ms/FBpXZ4=,tag:kfgRcN3272WK1zULMTalIg==,type:str] SECRET_SOFT_SERVE_PG_PASS=ENC[AES256_GCM,data:GUzxtIwYyDiyUvdVUCrlw+lLJIhanUOGiI3SdLajRURseoZNNRjmp4gZ5YFXS1kLpt9hcigSDDaJbtaySdW0ZyD3gpRtDcHSKRyL6RjmW/lqTYrKmUizefxR,iv:OQ8nQgBgE6LKsB+xd6htB9dGqVmbjuOapT0Js+gQvew=,tag:KcBJBTC+L8/lXGxkj16d+w==,type:str] SECRET_SOFT_SERVE_PG_DBNAME=ENC[AES256_GCM,data:Gl8L9+Vo34EvTAQ3FQ8fYVGZqEs=,iv:ZCC3qVRFSST4/G21kHOuubYQUWYn1fhKNvC/ihSy7zo=,tag:5RtzoHgQf0POt+hLvRAGgQ==,type:str] -sops_lastmodified=2023-08-07T02:20:50Z -sops_age__list_0__map_recipient=age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj -sops_mac=ENC[AES256_GCM,data:MTmw5/Ev22yxavsi60BKdqAj38m4Zx4QjIIimP/a5vVFYbxAj9mRXWs1L/XoQVSCdNe3EPJ2+t12uMx626ArDcr3XeWnmzdMeOF2JmvUL4DlOavrVwraOVp+uZ9YAK8fWvTa0W9wkkazKNnlFPxqU72IPTJTf3JKo3lZLGIoXQo=,iv:G5Rl+gwmGnbc60RoaiKVwt8uyb8arELf0buBgZdymRo=,tag:s0fuqb7DKWu+61s/jqIc/A==,type:str] +SECRET_NEKO_XFCE_USER_PASSWORD=ENC[AES256_GCM,data:BylehHbX5P7nux34Cp4uQOwxJS1+OMG+lX+Td1JXsVq2F3x3uWvc2Yi91OZp3tDHFkalZ3/f7qK4TRJxbGnWq+UdetIXeJMQdha4t8DveSQpTG/EmXe890Fy,iv:C83AiZZxzu6DbCigikCoBbvrpwfHlc8LBptcHaJHIw0=,tag:nrldolyiIQOiTl6FpbjagQ==,type:str] +SECRET_NEKO_XFCE_ADMIN_PASSWORD=ENC[AES256_GCM,data:lOl3nfvDaX3aRWDAyjouZdpjhWaTtg9g5XD9JY8Qe2lrtjEGYwlrnkNlerOEVtcHP1LQA5EKWMXD6RLAYuiMM0i0SgRwHaXUH3nhC3X6Z/H8oKZHVQeqd+gn,iv:HmkRe916M/rGi8f0Ky+7rUcv9NPf0g5dsJE7875euvM=,tag:1kG9f1ipuU/svvdJB/tmlw==,type:str] +sops_lastmodified=2023-08-09T04:49:00Z sops_pgp__list_0__map_created_at=2023-06-01T18:01:07Z sops_pgp__list_0__map_enc=-----BEGIN PGP MESSAGE-----\n\nhF4DAAAAAAAAAAASAQdANDTQwVjZ/Ad3iqBe0LL2sGCrEvrl6W6VaMjFgJCUkzYw\nwASmi9Y/OqREXtEItA1rKZDTM38LuMfcU4vAeEV0SNWlW5CQquN8UpLwMATrBdXr\n0lwBcvIZFLbbnfqFAdJ1EzbRWvHuh+yn5DBMH+odm3ZLaJqiiV9EaWhfl2rdIOr4\nPJQf6Ev1hueWmc9H45a8nvwH8sOl9MH9hl3TW7o9JOOhGmZ4BBVaSJW6f0UiZw==\n=iSQg\n-----END PGP MESSAGE-----\n sops_pgp__list_0__map_fp=31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 -sops_version=3.7.3 -sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxalh5ckhGWGxFTmFqSDQv\ndXlPOUlyYVNkWHA5VGN2TERvaWtWMHlJdFRNCnQ1NlJldEgxb2E0VEdVSDVpbHp5\nZEpTMEQ5dWU0Q2ZWTFBOZFp5Ti95ejQKLS0tIDF0c3VlazRzVWtVQ1JXT3hyTWNN\nWXpUSUNydGY4V04xZ2dTSzlvWmNOTGsKQ3rimeB7zqB4dYMp1pR1AOltXk+GhGsb\ns0jDxr/SiPUaiYoVCY4fqu9geXNRDGlPh3T2Lhs9Siif4Vnc8qTQBw==\n-----END AGE ENCRYPTED FILE-----\n sops_unencrypted_suffix=_unencrypted +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxalh5ckhGWGxFTmFqSDQv\ndXlPOUlyYVNkWHA5VGN2TERvaWtWMHlJdFRNCnQ1NlJldEgxb2E0VEdVSDVpbHp5\nZEpTMEQ5dWU0Q2ZWTFBOZFp5Ti95ejQKLS0tIDF0c3VlazRzVWtVQ1JXT3hyTWNN\nWXpUSUNydGY4V04xZ2dTSzlvWmNOTGsKQ3rimeB7zqB4dYMp1pR1AOltXk+GhGsb\ns0jDxr/SiPUaiYoVCY4fqu9geXNRDGlPh3T2Lhs9Siif4Vnc8qTQBw==\n-----END AGE ENCRYPTED FILE-----\n +sops_mac=ENC[AES256_GCM,data:EYL1uG1ZQ6QNDtc8sT3iQBXFnLqCSxNMfozxoNl6kL9gWUKpXZv8RkLDvmUtcpU5T3vznM90LpK0LphpazvWscmaRJY6zYG5iIblPpSNecKMkx2pw7IXvYr3ENKxO1utJvJ7Jwmuq4x4KZSmUiAxIgAqQxsUYqTip5TOcupwck8=,iv:oTYh8PIJ74zBio+EqEnkxD8urevB6I174sWQEX6raMk=,tag:gMnffrbXmRTaWAWwVvzA9Q==,type:str] +sops_version=3.7.3 +sops_age__list_0__map_recipient=age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj diff --git a/kube/clusters/biohazard/config/vars.sops.env b/kube/clusters/biohazard/config/vars.sops.env index be0d20ab..bff5b5a0 100644 --- a/kube/clusters/biohazard/config/vars.sops.env +++ b/kube/clusters/biohazard/config/vars.sops.env @@ -132,6 +132,15 @@ APP_DNS_SOFT_SERVE=ENC[AES256_GCM,data:sLfoJfeEI8hZpQ==,iv:IEgTevFxve1iMtjnuGgtm APP_DNS_SOFT_SERVE_HTTPS=ENC[AES256_GCM,data:cqyOSwAqoCGkj6g=,iv:reGfB0BGgn2NeaTjGyZ/PwJZZJv02XLs4+8XcPUPNxQ=,tag:ZIspovR5scJcMesb3mXi0A==,type:str] APP_IP_SOFT_SERVE=ENC[AES256_GCM,data:9k1IB1HRR9WHD6jS,iv:9Ybhz0UckiuFRRIeaqfqCmGqpAeyBfGXLNkDp6Pdq9k=,tag:8l7msewWHZFCVCQEMbCYRQ==,type:str] APP_UID_SOFT_SERVE=ENC[AES256_GCM,data:KdcXyYI=,iv:+qDOkWcxNm4cONEo5Q1u67UwShVbtVADddh7GjxGYHg=,tag:BVEe66cpMMeEIKJkmic96A==,type:str] +APP_DNS_NEKO_XFCE=ENC[AES256_GCM,data:X2qh7/i6IQeDZgI=,iv:KYProjKkutUSvnUvl/Xw1MPcgAhTanWVFSDFmQBrVpo=,tag:w+6MQ0ppVt8ImVUC0stcqA==,type:str] +APP_IP_NEKO_XFCE=ENC[AES256_GCM,data:mQnENTlh4ex62MGX,iv:LvYbyD5Wqosm7zhtmez52Q1utstdkAPNndLMqzD0eH0=,tag:nvoeu/7MeYfg7u3DqWU//w==,type:str] +APP_UID_NEKO_XFCE=ENC[AES256_GCM,data:gdBYxw==,iv:2XW9QyctihMHU+Dhud/tWD5J09ORGtEUaeCdRp3tKR0=,tag:w0yeOuHRtQWzZ3z2Lc+9QQ==,type:str] +APP_DNS_NEKO_FIREFOX=ENC[AES256_GCM,data:Zn2tA94irbmaYrA4DsQ=,iv:749OXzSCKPp5216oGXd08lPYDmtksX5Ba11CLG4Btd4=,tag:C0nfP1oc4A4DzOlhPe9L/w==,type:str] +APP_IP_NEKO_FIREFOX=ENC[AES256_GCM,data:FW4kONbT5gS04bmD,iv:I56V9DTO5m+3XkBTpHi6obC/mBT/NbsnaXqQyfuC/30=,tag:ns46QyV9bRVN4SHpW5LzhA==,type:str] +APP_UID_NEKO_FIREFOX=ENC[AES256_GCM,data:YxS15sQ=,iv:wQCmX8j6DU3/E7qLfOC56AfMAI5BxEzUEJVsMA4YKng=,tag:6sLu+cpAK/KtEVQpBlh2LA==,type:str] +APP_DNS_NEKO_CHROME=ENC[AES256_GCM,data:ZOIEQ9VSiiHpc24fEw==,iv:dOhuBg+lW27ohz0ffYaMV5e9TZC+HYlufwtIfAgnsV0=,tag:nP4Xk5nQrb0LiWwSbLf9Nw==,type:str] +APP_IP_NEKO_CHROME=ENC[AES256_GCM,data:2HiM3lV/G2O3ScuQ,iv:oVv3s8nAbP9iVPK2W4pHng6bSHrpAHT3u5144UMJWRg=,tag:e+Cask6syEa44c88je2Q9g==,type:str] +APP_UID_NEKO_CHROME=ENC[AES256_GCM,data:mRgGf9g=,iv:6SREW1PI5WpaK3ov9M5vdtb4NYvi4Kv69T2mJck1JP8=,tag:T8JhM3gl94KyjBXyZAVEKg==,type:str] CONFIG_MINECRAFT_OPS=ENC[AES256_GCM,data:al3glJDrtuqtTM2z4W7n+tPNf6XVfK64Jdb9s5RAE5NUwxyK,iv:kYqlsOabsa2iBZKgqjOpFYJo0DMFuoo3ZWCqb/Xzi5c=,tag:nIqPXvBvxdi8crMj1CYsEw==,type:str] CONFIG_MINECRAFT_ICON=ENC[AES256_GCM,data:nNzsyRclLnPZ+8Td/WJg2u8V/QKf/xowrghmTaKRNb9a5BMOxtzmiyAt6Us8OoY=,iv:b7fHZQdOjc4oCCLtLhopNg6G7IS2u9NUdBLCN6CjSKc=,tag:+cPgP1oK/9+EK2tB9Y45zw==,type:str] CONFIG_MINECRAFT_NAME=ENC[AES256_GCM,data:1qSqJGmGON9BhJKRJA==,iv:Sdwq0LLLdBQlr3m+0Ey2IE9FcRtVKOtXsswLMMp9A5A=,tag:WpaTzqSO3+N+vnJkGI+pCQ==,type:str] @@ -148,12 +157,12 @@ CONFIG_HEADSCALE_IPV4=ENC[AES256_GCM,data:EZ7GMHA6u1wWPS5g6Pg=,iv:W1hcseQ4Q6CisT CONFIG_OVENMEDIAENGINE_NAME=ENC[AES256_GCM,data:58CuH8bcUHWXBZA=,iv:BN7x6aAJPbzIn25sNoycsHRE5pugkubLS2VrM77+g/E=,tag:6JAsRjU0L6wbZtns3rk6KQ==,type:str] CONFIG_THELOUNGE_USERNAME=ENC[AES256_GCM,data:+C2aABtqq8YG,iv:4DYpguAvmaqPedRgrflDlKfX5jJEhyWXKuRS+UVgHLo=,tag:vfJko+R2D8ct7KZC2Vnujw==,type:str] CONFIG_THELOUNGE_JOIN=ENC[AES256_GCM,data:ocuC,iv:9Cn9zp2+iIVrEXYxklEtkpftmJwTGsWnff2xIG9KNec=,tag:3UL9Gn+kHoXu+40CFkP7sg==,type:str] -sops_pgp__list_0__map_enc=-----BEGIN PGP MESSAGE-----\n\nhF4DAAAAAAAAAAASAQdAbA35718t0WVKrjQFYUPviCb0lVuh8NpfSdJCHjHcWWww\n8ak4q4VL69tZLSjQHx+VsMmKooknxWz6pw0lGxyDYlZMQ81bodInjaZGFZSz8Uuh\n0l4BhDCNDBBALTrnTliz6/DAHvmavI4UxMHost5alFio9JPkTDNmXZyvcy1/R6aw\n/uhQXLUBRvm0TSOhBZb7d0SLkLfe02Um40w1TibpKXsZz1GOMbPRNBMHHra0QIuQ\n=0jA+\n-----END PGP MESSAGE-----\n -sops_unencrypted_suffix=_unencrypted -sops_version=3.7.3 -sops_mac=ENC[AES256_GCM,data:p9MOYBQ/YBr7iv28s1NMQ+GOWoD9XgEmvomg4B6tVMRM1SXeFM+hvvbrCXGt+an1XMQ/OT31+ZxSiisSlZqVIama07maTi4FWexQOy55/rBkHJrYOZa1COknuF7T3Tp6hbwIUAoJcCn/bffdUuLlHlrOQjRFLg6CTe/bGR0+w8o=,iv:3bVP0OPqJ9k9sdO9d+L/BrCYfEcYoJYeMw7GZwMVKbc=,tag:srEQsUDDgID6iZ6uis8GhA==,type:str] -sops_age__list_0__map_recipient=age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj -sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSXFvLzFQaFJ0OVJKUFV5\nTWh2OUltUlpJWFlVVytFYU9VajBHSnQ4SGdjCnRVbEVXdDVyUHJrR05Ba0xvUm1l\nTkt2YmNUZy90ZFA2b3QrODFKZ01EVG8KLS0tIEw2dkd1cnFCbnI5eWxKL2o1aDVB\nN0hveXZ2dWdxQ2k2L0pGR0ROMStVTmsK4dV/hNyDjsYnVUiFQ7kqdmcVHfYyVckz\nh/rwLjcZgsup72WDVP3v6Eul8B3LKFrSb8CDFA54tyQmSdFDCQC+Zg==\n-----END AGE ENCRYPTED FILE-----\n -sops_pgp__list_0__map_fp=31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 sops_pgp__list_0__map_created_at=2023-06-01T18:01:04Z -sops_lastmodified=2023-08-07T02:08:36Z +sops_pgp__list_0__map_enc=-----BEGIN PGP MESSAGE-----\n\nhF4DAAAAAAAAAAASAQdAbA35718t0WVKrjQFYUPviCb0lVuh8NpfSdJCHjHcWWww\n8ak4q4VL69tZLSjQHx+VsMmKooknxWz6pw0lGxyDYlZMQ81bodInjaZGFZSz8Uuh\n0l4BhDCNDBBALTrnTliz6/DAHvmavI4UxMHost5alFio9JPkTDNmXZyvcy1/R6aw\n/uhQXLUBRvm0TSOhBZb7d0SLkLfe02Um40w1TibpKXsZz1GOMbPRNBMHHra0QIuQ\n=0jA+\n-----END PGP MESSAGE-----\n +sops_pgp__list_0__map_fp=31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 +sops_version=3.7.3 +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSXFvLzFQaFJ0OVJKUFV5\nTWh2OUltUlpJWFlVVytFYU9VajBHSnQ4SGdjCnRVbEVXdDVyUHJrR05Ba0xvUm1l\nTkt2YmNUZy90ZFA2b3QrODFKZ01EVG8KLS0tIEw2dkd1cnFCbnI5eWxKL2o1aDVB\nN0hveXZ2dWdxQ2k2L0pGR0ROMStVTmsK4dV/hNyDjsYnVUiFQ7kqdmcVHfYyVckz\nh/rwLjcZgsup72WDVP3v6Eul8B3LKFrSb8CDFA54tyQmSdFDCQC+Zg==\n-----END AGE ENCRYPTED FILE-----\n +sops_lastmodified=2023-08-09T04:46:48Z +sops_mac=ENC[AES256_GCM,data:4bp6wNlsAJ2p8fkPbSWaR5wuNtEsmtTtedPkzOz1x4F7095xD/fa5rIwrf5CneDdtsxxYjqNh9kGOasLdO2lpBPHf6Kcxwp5oyfXXxoAO5cgwEeSFAZRM2DNWKZPrvZXkxekXjs9+eXJyOQxv0bmDpW8sGMwUMjwhtFWuTUHdRk=,iv:zwzydf34ut5ePu+kbkQLHpSmF61TY+B+KSGRHsIGtb0=,tag:EcONudU/OpEaFWPL0OQCbw==,type:str] +sops_unencrypted_suffix=_unencrypted +sops_age__list_0__map_recipient=age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj diff --git a/kube/clusters/biohazard/flux/kustomization.yaml b/kube/clusters/biohazard/flux/kustomization.yaml index 13702aee..a27376c7 100644 --- a/kube/clusters/biohazard/flux/kustomization.yaml +++ b/kube/clusters/biohazard/flux/kustomization.yaml @@ -60,4 +60,5 @@ resources: - ../../../deploy/apps/libreddit/ - ../../../deploy/apps/livestream/ - ../../../deploy/apps/livestream/oven - - ../../../deploy/apps/soft-serve/ \ No newline at end of file + - ../../../deploy/apps/soft-serve/ + - ../../../deploy/apps/neko/ \ No newline at end of file diff --git a/kube/deploy/apps/neko/ks.yaml b/kube/deploy/apps/neko/ks.yaml new file mode 100644 index 00000000..42408bbc --- /dev/null +++ b/kube/deploy/apps/neko/ks.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: neko-xfce + namespace: flux-system +spec: + path: ./kube/deploy/apps/neko/xfce + dependsOn: [] \ No newline at end of file diff --git a/kube/deploy/apps/neko/kustomization.yaml b/kube/deploy/apps/neko/kustomization.yaml new file mode 100644 index 00000000..5eeb2657 --- /dev/null +++ b/kube/deploy/apps/neko/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ns.yaml + - ks.yaml diff --git a/kube/deploy/apps/neko/ns.yaml b/kube/deploy/apps/neko/ns.yaml new file mode 100644 index 00000000..fdf32d04 --- /dev/null +++ b/kube/deploy/apps/neko/ns.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: neko diff --git a/kube/deploy/apps/neko/xfce/hr.yaml b/kube/deploy/apps/neko/xfce/hr.yaml new file mode 100644 index 00000000..9c09d039 --- /dev/null +++ b/kube/deploy/apps/neko/xfce/hr.yaml @@ -0,0 +1,97 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: &app neko-xfce + namespace: neko +spec: + chart: + spec: + chart: app-template + version: 1.5.1 + sourceRef: + name: bjw-s + kind: HelmRepository + namespace: flux-system + values: + global: + fullnameOverride: *app + automountServiceAccountToken: false + controller: + type: deployment + replicas: 1 + image: + repository: ghcr.io/m1k1o/neko/xfce + tag: 2.8.8@sha256:d44e5b7f8b4968841a86860c402c008816fdc0eabc7eff39f42bc6c50670f78f + podLabels: + ingress.home.arpa/nginx: "allow" + egress.home.arpa/world: "allow" + env: + TZ: "${CONFIG_TZ}" + NEKO_SCREEN: "1920x1080@60" + NEKO_MAX_FPS: "60" + NEKO_UDPMUX: &rtc "13100" + NEKO_TCPMUX: *rtc + NEKO_NAT1TO1: &LB-IP "${APP_IP_NEKO_XFCE}" + NEKO_ICESERVERS: {valueFrom: {secretKeyRef: {name: neko-xfce-secrets, key: ice}}} + NEKO_PASSWORD: {valueFrom: {secretKeyRef: {name: neko-xfce-secrets, key: userPassword}}} + NEKO_PASSWORD_ADMIN: {valueFrom: {secretKeyRef: {name: neko-xfce-secrets, key: adminPassword}}} + service: + main: + ports: + http: + port: 443 + webrtc: + enabled: true + type: LoadBalancer + externalTrafficPolicy: Cluster + annotations: + coredns.io/hostname: "${APP_DNS_NEKO_XFCE}" + "io.cilium/lb-ipam-ips": *LB-IP + ports: + webrtc-udp: + enabled: true + port: *rtc + protocol: UDP + webrtc-tcp: + enabled: true + port: *rtc + protocol: TCP + ingress: + main: + enabled: true + primary: true + ingressClassName: nginx + hosts: + - host: &host "${APP_DNS_NEKO_XFCE}" + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - *host + dnsConfig: + options: + - name: ndots + value: "1" + podSecurityContext: + runAsUser: &uid ${APP_UID_NEKO_XFCE} + runAsGroup: *uid + fsGroup: *uid + fsGroupChangePolicy: Always + persistence: + home: + enabled: true + existingClaim: "neko-xfce-home" + mountPath: "/home" + shm: + enabled: true + type: emptyDir + mountPath: /dev/shm + sizeLimit: 2Gi + resources: + requests: + cpu: 10m + memory: 128Mi + limits: + memory: 6000Mi \ No newline at end of file diff --git a/kube/deploy/apps/neko/xfce/pvc.yaml b/kube/deploy/apps/neko/xfce/pvc.yaml new file mode 100644 index 00000000..d8726d6a --- /dev/null +++ b/kube/deploy/apps/neko/xfce/pvc.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: neko-xfce-home + namespace: &app neko + labels: + app.kubernetes.io/name: *app + app.kubernetes.io/instance: *app + snapshot.home.arpa/enabled: "true" +spec: + storageClassName: file + accessModes: + - ReadWriteMany + resources: + requests: + storage: 50Gi \ No newline at end of file diff --git a/kube/deploy/apps/neko/xfce/secrets.yaml b/kube/deploy/apps/neko/xfce/secrets.yaml new file mode 100644 index 00000000..9d64b804 --- /dev/null +++ b/kube/deploy/apps/neko/xfce/secrets.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: neko-xfce-secrets + namespace: neko +type: Opaque +stringData: + userPassword: "${SECRET_NEKO_XFCE_USER_PASSWORD}" + adminPassword: "${SECRET_NEKO_XFCE_ADMIN_PASSWORD}" + ice: |- + [{"urls": ["stun:stun.l.google.com:19302"]}] diff --git a/kube/deploy/apps/neko/xfce/volsync.yaml b/kube/deploy/apps/neko/xfce/volsync.yaml new file mode 100644 index 00000000..a28b9836 --- /dev/null +++ b/kube/deploy/apps/neko/xfce/volsync.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: neko-xfce-home-restic + namespace: neko +type: Opaque +stringData: + RESTIC_REPOSITORY: ${SECRET_VOLSYNC_R2_REPO}/neko-xfce-home + RESTIC_PASSWORD: ${SECRET_VOLSYNC_PASSWORD} + AWS_ACCESS_KEY_ID: ${SECRET_VOLSYNC_R2_ID} + AWS_SECRET_ACCESS_KEY: ${SECRET_VOLSYNC_R2_KEY} +--- +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: neko-xfce-home-restic + namespace: neko +spec: + sourcePVC: neko-xfce-home + trigger: + schedule: "0 6 * * *" + restic: + copyMethod: Snapshot + pruneIntervalDays: 14 + repository: neko-xfce-home-restic + cacheCapacity: 2Gi + volumeSnapshotClassName: file + storageClassName: file + moverSecurityContext: + runAsUser: &uid ${APP_UID_NEKO_XFCE} + runAsGroup: *uid + fsGroup: *uid + retain: + daily: 14 + within: 7d