grant/fog
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: grant:0a9c20b78cbdd7c17724942dcc80ad3f942e7ce8
Branches Tags
grant:main
..
compare: grant:e065c42420433565ff27ee99b41882d29b04a401
Branches Tags
grant:main

4 Commits
0a9c20b78c ... e065c42420

Author SHA1 Message Date
Grant
e065c42420 Switch DNS provider to hetzner 2025-03-13 20:49:57 -06:00
Grant
0be0027cdb reduce ceph resource requests 2025-03-13 20:44:36 -06:00
Grant
e011b8f568 Add tailscale 2025-03-13 20:44:26 -06:00
Grant
cdde2a4cbd Add gitea 2025-03-13 20:44:09 -06:00
6 changed files with 71 additions and 12 deletions
Show Stats Expand all files Collapse all files

29
README.md
View File

@ -83,14 +83,37 @@ kubectl create secret generic digitalocean-api-key --from-literal=token=$DIGITAL
``` ```
#### Postgres #### Postgres
copy secret over to goatchat namespace
#### synapse
```sh
kubectl create secret generic goatchatca-signingkey --from-literal=signing.key=$GOATCHAT_SYNAPSE_SIGNING_KEY
```
copy secret from datastore over to goatchat namespace
```sh ```sh
kubectl get secrets -n datastore postgres-pguser-synapse -o json | jq 'del(.metadata.resourceVersion,.metadata.uid,.metadata.ownerReferences) | .metadata.creationTimestamp=null,.metadata.namespace="goatchat"' | kubectl apply -f - kubectl get secrets -n datastore postgres-pguser-synapse -o json | jq 'del(.metadata.resourceVersion,.metadata.uid,.metadata.ownerReferences) | .metadata.creationTimestamp=null,.metadata.namespace="goatchat"' | kubectl apply -f -
``` ```
delete synapse db and recreate with correct locale
```sh
PRIMARY_POD=$(kubectl -n datastore get pods --selector='postgres-operator.crunchydata.com/cluster=postgres,postgres-operator.crunchydata.com/role=master' -o jsonpath='{.items[*].metadata.labels.statefulset\.kubernetes\.io/pod-name}')
PGPASSWORD=$(kubectl -n datastore get secrets "postgres-pguser-grant" -o go-template='{{.data.password | base64decode}}')
#### synapse kubectl -n datastore exec -it "$PRIMARY_POD" -- psql -c 'DROP DATABASE synapse;'
kubectl -n datastore exec -it "$PRIMARY_POD" -- createdb --encoding=UTF8 --locale=C --template=template0 --owner=synapse synapse
``` ```
kubectl create secret generic goatchatca-signingkey --from-literal=signing.key=$GOATCHAT_SYNAPSE_SIGNING_KEY
#### gitea
copy secret from datastore over to goatchat namespace
```sh
kubectl get secrets -n datastore postgres-pguser-gitea -o json | jq 'del(.metadata.resourceVersion,.metadata.uid,.metadata.ownerReferences) | .metadata.creationTimestamp=null,.metadata.namespace="gitea"' | kubectl apply -f -
```
delete gitea db and recreate with correct locale
```sh
PRIMARY_POD=$(kubectl -n datastore get pods --selector='postgres-operator.crunchydata.com/cluster=postgres,postgres-operator.crunchydata.com/role=master' -o jsonpath='{.items[*].metadata.labels.statefulset\.kubernetes\.io/pod-name}')
PGPASSWORD=$(kubectl -n datastore get secrets "postgres-pguser-grant" -o go-template='{{.data.password | base64decode}}')
kubectl -n datastore exec -it "$PRIMARY_POD" -- psql -c 'DROP DATABASE gitea;'
kubectl -n datastore exec -it "$PRIMARY_POD" -- createdb --encoding=UTF8 --locale=C --template=template0 --owner=gitea gitea
``` ```
#### Ghost Blogs #### Ghost Blogs

12
helmfile.lock
View File

@ -6,6 +6,9 @@ dependencies:
- name: ghost - name: ghost
repository: https://charts.bitnami.com/bitnami repository: https://charts.bitnami.com/bitnami
version: 22.1.19 version: 22.1.19
- name: gitea
repository: https://dl.gitea.io/charts
version: 11.0.0
- name: k8up - name: k8up
repository: https://k8up-io.github.io/k8up repository: https://k8up-io.github.io/k8up
version: 4.8.4 version: 4.8.4
@ -14,7 +17,7 @@ dependencies:
version: 20.4.1 version: 20.4.1
- name: matrix-synapse - name: matrix-synapse
repository: https://ananace.gitlab.io/charts repository: https://ananace.gitlab.io/charts
version: 3.11.4 version: 3.11.5
- name: pgo - name: pgo
repository: git+https://github.com/grantdhunter/postgres-operator@helm?ref=main repository: git+https://github.com/grantdhunter/postgres-operator@helm?ref=main
version: 5.7.2 version: 5.7.2
@ -27,8 +30,11 @@ dependencies:
- name: rook-ceph-cluster - name: rook-ceph-cluster
repository: https://charts.rook.io/release repository: https://charts.rook.io/release
version: v1.16.5 version: v1.16.5
- name: tailscale-operator
repository: https://pkgs.tailscale.com/helmcharts
version: 1.80.3
- name: traefik - name: traefik
repository: https://traefik.github.io/charts repository: https://traefik.github.io/charts
version: 34.4.1 version: 34.4.1
digest: sha256:639b864ac6cbaa4164f58c388865d7a2796abbfacec9e69c5c077e1452cb557c digest: sha256:14c9bc504c5060f8bbce5ec9a8df737a19a7216428a31c1cb34ef5c6648e45c5
generated: "2025-03-09T19:02:38.355742026-06:00" generated: "2025-03-12T21:27:22.529913117-06:00"

25
helmfile.yaml
View File

@ -15,6 +15,10 @@ repositories:
url: https://immich-app.github.io/immich-charts url: https://immich-app.github.io/immich-charts
- name: k8up-io - name: k8up-io
url: https://k8up-io.github.io/k8up url: https://k8up-io.github.io/k8up
- name: tailscale
url: https://pkgs.tailscale.com/helmcharts
- name: gitea
url: https://dl.gitea.io/charts
releases: releases:
# networking # networking
- name: metallb - name: metallb
@ -32,6 +36,17 @@ releases:
value: {{ requiredEnv "ACME_EMAIL" }} value: {{ requiredEnv "ACME_EMAIL" }}
- name: extraObjects[0].stringData.password - name: extraObjects[0].stringData.password
value: {{ requiredEnv "TRAEFIK_ADMIN_PASSWORD" }} value: {{ requiredEnv "TRAEFIK_ADMIN_PASSWORD" }}
- name: tailscale-operator
namespace: tailscale
createNamespace: true
chart: tailscale/tailscale-operator
setString:
- name: oauth.clientId
value: {{ requiredEnv "TAILSCALE_OAUTH_CLIENT_ID" }}
- name: oauth.clientSecret
value: {{ requiredEnv "TAILSCALE_OAUTH_CLIENT_SECRET" }}
- name: apiServerProxyConfig.mode
value: noauth
# storage infrastructure # storage infrastructure
- name: rook-ceph - name: rook-ceph
namespace: rook-ceph namespace: rook-ceph
@ -114,6 +129,16 @@ releases:
- name: ghostUsername - name: ghostUsername
value: {{ requiredEnv "GHOST_53LL_USER_NAME" }} value: {{ requiredEnv "GHOST_53LL_USER_NAME" }}
# dev tools
- name: gitea
namespace: gitea
createNamespace: true
chart: gitea/gitea
values:
- ./gitea/values.yaml
setString:
- name: gitea.admin.password
value: {{ requiredEnv "GITEA_ADMIN_PASSWORD" }}
# backup # backup
- name: k8up - name: k8up
namespace: k8up namespace: k8up

5
postgres/values.yaml
View File

@ -12,11 +12,16 @@ users:
databases: databases:
- postgres - postgres
- synapse - synapse
- gitea
options: "SUPERUSER LOGIN" options: "SUPERUSER LOGIN"
- name: synapse - name: synapse
databases: databases:
- synapse - synapse
options: "LOGIN" options: "LOGIN"
- name: gitea
databases:
- gitea
options: "LOGIN"

6
rook-ceph-cluster/values.yaml
View File

@ -9,19 +9,19 @@ cephClusterSpec:
resources: resources:
mgr: mgr:
requests: requests:
cpu: 250m cpu: 150m
memory: 256Mi memory: 256Mi
limits: limits:
cpu: "1" cpu: "1"
mon: mon:
requests: requests:
cpu: 250m cpu: 150m
memory: 256Mi memory: 256Mi
limits: limits:
cpu: "1" cpu: "1"
osd: osd:
requests: requests:
cpu: 250m cpu: 150m
memory: 256Mi memory: 256Mi
limits: limits:
cpu: "1" cpu: "1"

6
traefik/values.yaml
View File

@ -8,10 +8,10 @@ deployment:
mountPath: /data mountPath: /data
env: env:
- name: DO_AUTH_TOKEN - name: HETZNER_API_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: digitalocean-api-key name: hetzner-api-key
key: token key: token
additionalArguments: additionalArguments:
@ -52,7 +52,7 @@ certificatesResolvers:
letsencrypt: letsencrypt:
acme: acme:
dnschallenge: dnschallenge:
provider: digitalocean provider: hetzner
delaybeforecheck: 30 delaybeforecheck: 30
email: # set through cli args email: # set through cli args
storage: /data/acme.json storage: /data/acme.json