init
This commit is contained in:
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@@ -0,0 +1 @@
|
|||||||
|
/.terraform/providers/registry.opentofu.org
|
||||||
102
.terraform.lock.hcl
generated
Normal file
102
.terraform.lock.hcl
generated
Normal file
@@ -0,0 +1,102 @@
|
|||||||
|
# This file is maintained automatically by "tofu init".
|
||||||
|
# Manual edits may be lost in future updates.
|
||||||
|
|
||||||
|
provider "registry.opentofu.org/camptocamp/pass" {
|
||||||
|
version = "2.1.1"
|
||||||
|
constraints = "2.1.1"
|
||||||
|
hashes = [
|
||||||
|
"h1:b26FFbTyOIKCeqpAjnBzLZU1S9jU7XE9U+3+NOxtAq0=",
|
||||||
|
"zh:2ec5926b48526bc23b99f26dd18138811f6b1f1f81125bce75e841020b58350c",
|
||||||
|
"zh:32448b55d615ffc4924aab08c5fdea57102cc0f2752003e81367e7d05d42ce9a",
|
||||||
|
"zh:35c2d4e4551486b3e3befcf5efcf56f94deae0e3293fe8634365e4fb8b632598",
|
||||||
|
"zh:4d7932ddc0bb0a4f429ce6213d8139c05e54ce0c8f1a60d0a42e84f0dcccf334",
|
||||||
|
"zh:4f44287a8cab55ad339a04422496f4b607ce257aaa8a8cf1e4bd459f5ac6dbbb",
|
||||||
|
"zh:6e8f181c187b5c070f6cba458eeabcefb5a8e110a414b349c2f94ccc5952ca64",
|
||||||
|
"zh:79ae6e5c34221ee6324d57bec033d336f72b96521560ca3ba017c90560e337ba",
|
||||||
|
"zh:9ff86045990bdac860d9535c2abaaa80794451910f353c8bf71bcc5a6d594fc2",
|
||||||
|
"zh:c76ed4b72ca17e24b201a2f3365bd0d0ea22f6e93621e61371f1322c1ff33806",
|
||||||
|
"zh:dc3f2410d08af24d58c3fb5357ec9a8cf74fd02b63f01ff52379b03f147c0b08",
|
||||||
|
"zh:de0c0ceb0ef2af78fe402ffa860ec1fbc08ff91b18342f17cb55100934ea2c4b",
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "registry.opentofu.org/gavinbunney/kubectl" {
|
||||||
|
version = "1.19.0"
|
||||||
|
constraints = ">= 1.14.0"
|
||||||
|
hashes = [
|
||||||
|
"h1:9QkxPjp0x5FZFfJbE+B7hBOoads9gmdfj9aYu5N4Sfc=",
|
||||||
|
"zh:1dec8766336ac5b00b3d8f62e3fff6390f5f60699c9299920fc9861a76f00c71",
|
||||||
|
"zh:43f101b56b58d7fead6a511728b4e09f7c41dc2e3963f59cf1c146c4767c6cb7",
|
||||||
|
"zh:4c4fbaa44f60e722f25cc05ee11dfaec282893c5c0ffa27bc88c382dbfbaa35c",
|
||||||
|
"zh:51dd23238b7b677b8a1abbfcc7deec53ffa5ec79e58e3b54d6be334d3d01bc0e",
|
||||||
|
"zh:5afc2ebc75b9d708730dbabdc8f94dd559d7f2fc5a31c5101358bd8d016916ba",
|
||||||
|
"zh:6be6e72d4663776390a82a37e34f7359f726d0120df622f4a2b46619338a168e",
|
||||||
|
"zh:72642d5fcf1e3febb6e5d4ae7b592bb9ff3cb220af041dbda893588e4bf30c0c",
|
||||||
|
"zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
|
||||||
|
"zh:a1da03e3239867b35812ee031a1060fed6e8d8e458e2eaca48b5dd51b35f56f7",
|
||||||
|
"zh:b98b6a6728fe277fcd133bdfa7237bd733eae233f09653523f14460f608f8ba2",
|
||||||
|
"zh:bb8b071d0437f4767695c6158a3cb70df9f52e377c67019971d888b99147511f",
|
||||||
|
"zh:dc89ce4b63bfef708ec29c17e85ad0232a1794336dc54dd88c3ba0b77e764f71",
|
||||||
|
"zh:dd7dd18f1f8218c6cd19592288fde32dccc743cde05b9feeb2883f37c2ff4b4e",
|
||||||
|
"zh:ec4bd5ab3872dedb39fe528319b4bba609306e12ee90971495f109e142d66310",
|
||||||
|
"zh:f610ead42f724c82f5463e0e71fa735a11ffb6101880665d93f48b4a67b9ad82",
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "registry.opentofu.org/hashicorp/kubernetes" {
|
||||||
|
version = "2.7.1"
|
||||||
|
constraints = "2.7.1"
|
||||||
|
hashes = [
|
||||||
|
"h1:6RosjiNWl8D02NLAemgFVus9LbbXCG9ISSlWZ/B6a+s=",
|
||||||
|
"zh:03a7020ea2360f88f67ae9a3130813a2842ea3ae9efbb2202c0e5f471ede0f60",
|
||||||
|
"zh:20fe4f0ec63f11e66c781cfe2ab4e4e1c6d6523419cc961407b9797fb46eb6e9",
|
||||||
|
"zh:2bf6709033c845a324e5f0675662fbcd44c67d20488d5ccc04b689a179d3e381",
|
||||||
|
"zh:3c4c908735c8478fb45ef476170b0c77db494c7b0c9b6b1e18d4257acf1f04fa",
|
||||||
|
"zh:71e228d78876a71eda78ece4569e9710d3a27f0520b75511cd8ec39b6469b40e",
|
||||||
|
"zh:75a8f1bcc02acb39a8dd5ca0c2f0da5577c9b87e59a6e89a9e550bc61b4451b3",
|
||||||
|
"zh:884542de0d78c76fae74c2a05bef69e9226fcc28f4d1d395f29997ee8226845c",
|
||||||
|
"zh:a49114029dcd14134d74f227e7377531f77f39de09beb0b8c96e9bc0611b42ce",
|
||||||
|
"zh:f836355067e90fc35ebdd1a9dcc1e0533aecd5f827c38a4664862f23542c2175",
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "registry.opentofu.org/kbst/kustomization" {
|
||||||
|
version = "0.9.6"
|
||||||
|
constraints = "0.9.6"
|
||||||
|
hashes = [
|
||||||
|
"h1:8Yh5MXSaSbKDO65cm/hqHc9LpKORNITWVWHOYqIjD0g=",
|
||||||
|
"zh:13d4d5510b02dcbde4e0e94b9541832913a2ae3c24b93e477c3963357774f0d7",
|
||||||
|
"zh:1e0bae2bffc2045b7f6d50e02ef519568d71ccf883cf7829b27bd45e813c4a8a",
|
||||||
|
"zh:24daa001846ef13b76fe35832e40d103fe8e6d0bbdb7e2a9623c3b0ef5d8f18e",
|
||||||
|
"zh:350b386fa0f3963aa1c245472ddf171b686514ce31d7229f8d09bca95353de1f",
|
||||||
|
"zh:4b94999e2b3d72f5835ec2f940ef911b6221b69c7bf769f1d2f2d86fbfa04fbe",
|
||||||
|
"zh:4e53a0b2cc8f3ad3defe7565cb228b09ddd394313ecbb2c81cfc378e6249e0b7",
|
||||||
|
"zh:7fbde5cdaec981ec958e680d66f35b664470d7ef0c74e8d79ab5b104bc2de105",
|
||||||
|
"zh:92273e9aa1319ee829ba608a7734aa4e334d8ebca1692eb23ca08b1187714ced",
|
||||||
|
"zh:c3165710124f6fd7ed3cda5ccac26d926070ff61f7650843d4dffe60379b78c6",
|
||||||
|
"zh:c8fd90b353a337b0c3d0e3dcba3bbbd1cc2e4f2548198b0a051912f53f91fab9",
|
||||||
|
"zh:cebce7b15cf666d66421f6ee56577af99845778a54d4485ee0cce593aaa82cda",
|
||||||
|
"zh:d184afeccedc579dd6412ba2521af86aea117dc2ddb60b2914263db7af1f0d1e",
|
||||||
|
"zh:dbc2ce52f067d36485630afba4ee606c85361ba7e7d7f424b1da9f498c095cf1",
|
||||||
|
"zh:f397be4632e06e4766cc38607a93b4606941a1940afc8a48aa5222384886fa82",
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "registry.opentofu.org/valodim/desec" {
|
||||||
|
version = "0.6.1"
|
||||||
|
constraints = "0.6.1"
|
||||||
|
hashes = [
|
||||||
|
"h1:cXLLxqkdJoiW+p/aDEBH6KK+laPM+RtWyYxd8IZBBN8=",
|
||||||
|
"zh:08fb06d0654d638ada1e2be948ff1070ff73314d65416a8c50775f6faa3c4730",
|
||||||
|
"zh:141baab7ef9c63dae9fa8edadfae19fcede4bde0132d576d26010dfddeac3fa3",
|
||||||
|
"zh:2f41c0ef69de1d75efb567bb54b132ce238dd0cca9f42fd71a67db44b0927d5a",
|
||||||
|
"zh:305d5137b7003701792a92242dd6010ad61db4fe69d94c9e00a1ae37332a0543",
|
||||||
|
"zh:70c86277d8929e6af2400fead92f5998f9b1dabddf7e57c85d9c5ccd29fcfe92",
|
||||||
|
"zh:79163bb3b16df4ebafc2128a2d65daf1f5d85d0d3831577e243094cb34e4fa67",
|
||||||
|
"zh:8dc0b89e311ca1c7a3c0621b265274b1590fbc0839a66677e0232a61c3ffb78e",
|
||||||
|
"zh:bc57f2f11a0f8e29387ba852474fe48f2a739d86dcd8f2aad545881e9d763912",
|
||||||
|
"zh:c0a3cab6728d52fdf5e3147c9033d838f4cd5873aae2b16a12c7027d825737f1",
|
||||||
|
"zh:dac69febd0e4b7a0aa78ab926a10f8c550f3d85fe180c255912308d2a484b3af",
|
||||||
|
"zh:ff517fd13df0a539c1e41615daea66fa56ac0e46250bf20a423a36e459cf13be",
|
||||||
|
]
|
||||||
|
}
|
||||||
9
https-redirect.yaml
Normal file
9
https-redirect.yaml
Normal file
@@ -0,0 +1,9 @@
|
|||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: redirect-https
|
||||||
|
spec:
|
||||||
|
redirectScheme:
|
||||||
|
scheme: https
|
||||||
|
permanent: true
|
||||||
|
|
||||||
6
kustomization.yaml
Normal file
6
kustomization.yaml
Normal file
@@ -0,0 +1,6 @@
|
|||||||
|
resources:
|
||||||
|
- ./manifests/devops/
|
||||||
|
- ./manifests/s3/
|
||||||
|
- ./manifests/jellyfin/
|
||||||
|
- ./manifests/cert-manager/
|
||||||
|
- ./manifests/argo/
|
||||||
19
letencrypt.yaml
Normal file
19
letencrypt.yaml
Normal file
@@ -0,0 +1,19 @@
|
|||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: ClusterIssuer
|
||||||
|
metadata:
|
||||||
|
name: letsencrypt-prod
|
||||||
|
spec:
|
||||||
|
acme:
|
||||||
|
email: tls@milasholsting.dk
|
||||||
|
server: https://acme-v02.api.letsencrypt.org/directory
|
||||||
|
privateKeySecretRef:
|
||||||
|
name: letsencrypt-prod
|
||||||
|
solvers:
|
||||||
|
- dns01:
|
||||||
|
webhook:
|
||||||
|
groupName: acme.hetzner.com
|
||||||
|
solverName: hetzner
|
||||||
|
config:
|
||||||
|
tokenSecretKeyRef:
|
||||||
|
name: hetzner-secret
|
||||||
|
key: api-token
|
||||||
11
main.tf
Normal file
11
main.tf
Normal file
@@ -0,0 +1,11 @@
|
|||||||
|
data "kustomization_build" "main" {
|
||||||
|
path = "."
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "kubectl_manifest" "main" {
|
||||||
|
for_each = data.kustomization_build.main.manifests
|
||||||
|
yaml_body = each.value
|
||||||
|
server_side_apply = true
|
||||||
|
force_conflicts = true
|
||||||
|
}
|
||||||
|
|
||||||
10
manifests/argo/argo-cmd-params.yaml
Normal file
10
manifests/argo/argo-cmd-params.yaml
Normal file
@@ -0,0 +1,10 @@
|
|||||||
|
# https://kubernetes.io/docs/concepts/configuration/configmap/
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: argocd-cmd-params-cm
|
||||||
|
namespace: argocd
|
||||||
|
data:
|
||||||
|
server.insecure: true
|
||||||
|
---
|
||||||
|
|
||||||
0
manifests/argo/argocd.yaml
Normal file
0
manifests/argo/argocd.yaml
Normal file
12
manifests/argo/cert.yaml
Normal file
12
manifests/argo/cert.yaml
Normal file
@@ -0,0 +1,12 @@
|
|||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: Certificate
|
||||||
|
metadata:
|
||||||
|
name: argo-tls
|
||||||
|
namespace: argocd
|
||||||
|
spec:
|
||||||
|
secretName: argo-tls
|
||||||
|
issuerRef:
|
||||||
|
name: letsencrypt-prod
|
||||||
|
kind: ClusterIssuer
|
||||||
|
dnsNames:
|
||||||
|
- argo.milasholsting.dk
|
||||||
27
manifests/argo/ingress.yaml
Normal file
27
manifests/argo/ingress.yaml
Normal file
@@ -0,0 +1,27 @@
|
|||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: IngressRoute
|
||||||
|
metadata:
|
||||||
|
name: argocd-server
|
||||||
|
namespace: argocd
|
||||||
|
spec:
|
||||||
|
entryPoints:
|
||||||
|
- websecure
|
||||||
|
routes:
|
||||||
|
- kind: Rule
|
||||||
|
match: Host(`argo.milasholsting.dk`)
|
||||||
|
priority: 10
|
||||||
|
services:
|
||||||
|
- name: argocd-server
|
||||||
|
port: 80
|
||||||
|
- kind: Rule
|
||||||
|
match: Host(`argo.milasholsting.dk`) && Header(`Content-Type`, `application/grpc`)
|
||||||
|
priority: 11
|
||||||
|
services:
|
||||||
|
- name: argocd-server
|
||||||
|
port: 80
|
||||||
|
scheme: h2c
|
||||||
|
tls:
|
||||||
|
secretName: argo-tls
|
||||||
|
domains:
|
||||||
|
- main: argo.milasholsting.dk
|
||||||
|
|
||||||
33375
manifests/argo/install.yaml
Normal file
33375
manifests/argo/install.yaml
Normal file
File diff suppressed because it is too large
Load Diff
8
manifests/argo/kustomization.yaml
Normal file
8
manifests/argo/kustomization.yaml
Normal file
@@ -0,0 +1,8 @@
|
|||||||
|
namespace: argocd
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- ./install.yaml
|
||||||
|
- ./namespace.yaml
|
||||||
|
- ./ingress.yaml
|
||||||
|
- ./cert.yaml
|
||||||
|
- ./argo-cmd-params.yaml
|
||||||
4
manifests/argo/namespace.yaml
Normal file
4
manifests/argo/namespace.yaml
Normal file
@@ -0,0 +1,4 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: argocd
|
||||||
12
manifests/cert-manager/hetzner-cert-manager.yaml
Normal file
12
manifests/cert-manager/hetzner-cert-manager.yaml
Normal file
@@ -0,0 +1,12 @@
|
|||||||
|
apiVersion: helm.cattle.io/v1
|
||||||
|
kind: HelmChart
|
||||||
|
metadata:
|
||||||
|
name: hetzer-cert-manager
|
||||||
|
namespace: cert-manager
|
||||||
|
spec:
|
||||||
|
repo: https://charts.hetzner.cloud
|
||||||
|
chart: cert-manager-webhook-hetzner
|
||||||
|
targetNamespace: cert-manager
|
||||||
|
version: 0.7.0
|
||||||
|
valuesContent: |-
|
||||||
|
|
||||||
4
manifests/cert-manager/kustomization.yaml
Normal file
4
manifests/cert-manager/kustomization.yaml
Normal file
@@ -0,0 +1,4 @@
|
|||||||
|
resources:
|
||||||
|
- ./hetzner-cert-manager.yaml
|
||||||
|
- ./secret.yaml
|
||||||
|
- ./rbac.yaml
|
||||||
24
manifests/cert-manager/rbac.yaml
Normal file
24
manifests/cert-manager/rbac.yaml
Normal file
@@ -0,0 +1,24 @@
|
|||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
name: cert-manager-webhook-hetzner:solver
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- acme.hetzner.com
|
||||||
|
resources:
|
||||||
|
- '*'
|
||||||
|
verbs:
|
||||||
|
- 'create'
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: cert-manager-webhook-hetzner:solver
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: cert-manager-webhook-hetzner:solver
|
||||||
|
subjects:
|
||||||
|
- name: cert-manager
|
||||||
|
namespace: cert-manager
|
||||||
|
kind: ServiceAccount
|
||||||
8
manifests/cert-manager/secret.yaml
Normal file
8
manifests/cert-manager/secret.yaml
Normal file
@@ -0,0 +1,8 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: hetzner-secret
|
||||||
|
namespace: cert-manager
|
||||||
|
type: Opaque
|
||||||
|
stringData:
|
||||||
|
api-token: "Sv4A7eb7nIqsX92vyN78czp4tzqlNP7T8EiocupF5oxY7K6ZMMGGFrgTKmJPs77C"
|
||||||
14
manifests/devops/gitea-admin-secret.yaml
Normal file
14
manifests/devops/gitea-admin-secret.yaml
Normal file
@@ -0,0 +1,14 @@
|
|||||||
|
# https://kubernetes.io/docs/concepts/configuration/secret/
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: gitea-admin
|
||||||
|
namespace: devops
|
||||||
|
type: Opaque
|
||||||
|
stringData:
|
||||||
|
username: admin
|
||||||
|
password: SuperSecertPassword1234
|
||||||
|
# Example:
|
||||||
|
# password: {{ .Values.password | b64enc }}
|
||||||
|
---
|
||||||
|
|
||||||
50
manifests/devops/gitea.yaml
Normal file
50
manifests/devops/gitea.yaml
Normal file
@@ -0,0 +1,50 @@
|
|||||||
|
|
||||||
|
apiVersion: helm.cattle.io/v1
|
||||||
|
kind: HelmChart
|
||||||
|
metadata:
|
||||||
|
name: gitea
|
||||||
|
namespace: devops
|
||||||
|
spec:
|
||||||
|
repo: https://dl.gitea.io/charts/
|
||||||
|
chart: gitea
|
||||||
|
targetNamespace: devops
|
||||||
|
version: 12.5.3
|
||||||
|
valuesContent: |-
|
||||||
|
image:
|
||||||
|
registry: docker.io
|
||||||
|
repository: commitgo/gitea-ee
|
||||||
|
tag: 25.4.3
|
||||||
|
rootless: true
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
|
service:
|
||||||
|
http:
|
||||||
|
type: ClusterIP
|
||||||
|
ssh:
|
||||||
|
type: ClusterIP
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
enabled: true
|
||||||
|
annotations:
|
||||||
|
kubernetes.io/ingress.class: traefik
|
||||||
|
hosts:
|
||||||
|
- host: gitea.milasholsting.dk
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- secretName: gitea-tls
|
||||||
|
hosts:
|
||||||
|
- gitea.milasholsting.dk
|
||||||
|
|
||||||
|
gitea:
|
||||||
|
admin:
|
||||||
|
existingSecret: gitea-admin
|
||||||
|
config:
|
||||||
|
server:
|
||||||
|
DOMAIN: gitea.milasholsting.dk
|
||||||
|
ROOT_URL: https://gitea.milasholsting.dk/
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
size: 20Gi
|
||||||
|
storageClass: local-path
|
||||||
46
manifests/devops/giteaChartConfig.yaml
Normal file
46
manifests/devops/giteaChartConfig.yaml
Normal file
@@ -0,0 +1,46 @@
|
|||||||
|
apiVersion: helm.cattle.io/v1
|
||||||
|
kind: HelmChartConfig
|
||||||
|
metadata:
|
||||||
|
name: gitea
|
||||||
|
namespace: devops
|
||||||
|
spec:
|
||||||
|
valuesContent: |-
|
||||||
|
image:
|
||||||
|
registry: docker.io
|
||||||
|
repository: commitgo/gitea-ee
|
||||||
|
tag: 25.4.3
|
||||||
|
rootless: true
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
|
service:
|
||||||
|
http:
|
||||||
|
type: ClusterIP
|
||||||
|
ssh:
|
||||||
|
type: ClusterIP
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
enabled: true
|
||||||
|
annotations:
|
||||||
|
kubernetes.io/ingress.class: traefik
|
||||||
|
hosts:
|
||||||
|
- host: gitea.milasholsting.dk
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- secretName: gitea-tls
|
||||||
|
hosts:
|
||||||
|
- gitea.milasholsting.dk
|
||||||
|
|
||||||
|
gitea:
|
||||||
|
admin:
|
||||||
|
existingSecret: gitea-admin
|
||||||
|
config:
|
||||||
|
server:
|
||||||
|
DOMAIN: gitea.milasholsting.dk
|
||||||
|
ROOT_URL: https://gitea.milasholsting.dk/
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
size: 20Gi
|
||||||
|
storageClass: local-path
|
||||||
|
|
||||||
6
manifests/devops/kustomization.yaml
Normal file
6
manifests/devops/kustomization.yaml
Normal file
@@ -0,0 +1,6 @@
|
|||||||
|
namespace: devops
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- ./namespace.yaml
|
||||||
|
- ./gitea-admin-secret.yaml
|
||||||
|
- ./gitea.yaml
|
||||||
4
manifests/devops/namespace.yaml
Normal file
4
manifests/devops/namespace.yaml
Normal file
@@ -0,0 +1,4 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: devops
|
||||||
13
manifests/s3/cert.yaml
Normal file
13
manifests/s3/cert.yaml
Normal file
@@ -0,0 +1,13 @@
|
|||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: Certificate
|
||||||
|
metadata:
|
||||||
|
name: rustfs-cert
|
||||||
|
namespace: s3storage # Ensure this matches your app's namespace
|
||||||
|
spec:
|
||||||
|
secretName: rustfs-tls-cert
|
||||||
|
issuerRef:
|
||||||
|
name: letsencrypt-prod # This must match your ClusterIssuer name
|
||||||
|
kind: ClusterIssuer
|
||||||
|
dnsNames:
|
||||||
|
- s3.milasholsting.dk
|
||||||
|
- console.s3.milasholsting.dk
|
||||||
8
manifests/s3/kustomization.yaml
Normal file
8
manifests/s3/kustomization.yaml
Normal file
@@ -0,0 +1,8 @@
|
|||||||
|
namespace: s3storage
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- ./rustfs.yaml
|
||||||
|
- ./namespace.yaml
|
||||||
|
- ./rustfs-ingress.yaml
|
||||||
|
- ./rustfsChartConfig.yaml
|
||||||
|
# - ./cert.yaml
|
||||||
4
manifests/s3/namespace.yaml
Normal file
4
manifests/s3/namespace.yaml
Normal file
@@ -0,0 +1,4 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: s3storage
|
||||||
26
manifests/s3/rustfs-ingress.yaml
Normal file
26
manifests/s3/rustfs-ingress.yaml
Normal file
@@ -0,0 +1,26 @@
|
|||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: IngressRoute
|
||||||
|
metadata:
|
||||||
|
name: rustfs-ingress
|
||||||
|
namespace: s3storage
|
||||||
|
spec:
|
||||||
|
entryPoints:
|
||||||
|
- websecure
|
||||||
|
routes:
|
||||||
|
- match: Host(`s3.milasholsting.dk`)
|
||||||
|
kind: Rule
|
||||||
|
services:
|
||||||
|
- name: rustfs-svc
|
||||||
|
port: 9000
|
||||||
|
sticky:
|
||||||
|
cookie:
|
||||||
|
httpOnly: true
|
||||||
|
name: s3-routing
|
||||||
|
secure: true
|
||||||
|
- match: Host(`console.s3.milasholsting.dk`)
|
||||||
|
kind: Rule
|
||||||
|
services:
|
||||||
|
- name: rustfs-svc
|
||||||
|
port: 9001
|
||||||
|
tls:
|
||||||
|
secretName: rustfs-tls-cert
|
||||||
32
manifests/s3/rustfs.yaml
Normal file
32
manifests/s3/rustfs.yaml
Normal file
@@ -0,0 +1,32 @@
|
|||||||
|
apiVersion: helm.cattle.io/v1
|
||||||
|
kind: HelmChart
|
||||||
|
metadata:
|
||||||
|
name: rustfs
|
||||||
|
namespace: s3storage
|
||||||
|
spec:
|
||||||
|
repo: https://charts.rustfs.com
|
||||||
|
chart: rustfs
|
||||||
|
targetNamespace: s3storage
|
||||||
|
version: 0.0.82
|
||||||
|
valuesContent: |-
|
||||||
|
# Standalone mode: single pod with single PVC
|
||||||
|
mode:
|
||||||
|
standalone:
|
||||||
|
enabled: true
|
||||||
|
distributed:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
# Optional: adjust storage sizes (default 256Mi each)
|
||||||
|
storageclass:
|
||||||
|
name: local-path
|
||||||
|
dataStorageSize: 15Gi
|
||||||
|
logStorageSize: 1Gi
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
enabled: false
|
||||||
|
# Optional: change default credentials
|
||||||
|
secret:
|
||||||
|
rustfs:
|
||||||
|
access_key: rustfsadmin
|
||||||
|
secret_key: f82g6toxn5xlwac6cd8bjwfl
|
||||||
|
|
||||||
28
manifests/s3/rustfsChartConfig.yaml
Normal file
28
manifests/s3/rustfsChartConfig.yaml
Normal file
@@ -0,0 +1,28 @@
|
|||||||
|
|
||||||
|
apiVersion: helm.cattle.io/v1
|
||||||
|
kind: HelmChartConfig
|
||||||
|
metadata:
|
||||||
|
name: rustfs
|
||||||
|
namespace: s3storage
|
||||||
|
spec:
|
||||||
|
valuesContent: |-
|
||||||
|
# Standalone mode: single pod with single PVC
|
||||||
|
mode:
|
||||||
|
standalone:
|
||||||
|
enabled: true
|
||||||
|
distributed:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
# Optional: adjust storage sizes (default 256Mi each)
|
||||||
|
storageclass:
|
||||||
|
name: local-path
|
||||||
|
dataStorageSize: 15Gi
|
||||||
|
logStorageSize: 1Gi
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
enabled: false
|
||||||
|
# Optional: change default credentials
|
||||||
|
secret:
|
||||||
|
rustfs:
|
||||||
|
access_key: rustfsadmin
|
||||||
|
secret_key: f82g6toxn5xlwac6cd8bjwfl
|
||||||
41
provider.tf
Normal file
41
provider.tf
Normal file
@@ -0,0 +1,41 @@
|
|||||||
|
terraform {
|
||||||
|
required_providers {
|
||||||
|
kustomization = {
|
||||||
|
source = "kbst/kustomization"
|
||||||
|
version = "0.9.6"
|
||||||
|
}
|
||||||
|
kubernetes = {
|
||||||
|
source = "hashicorp/kubernetes"
|
||||||
|
version = "2.7.1"
|
||||||
|
}
|
||||||
|
kubectl = {
|
||||||
|
source = "gavinbunney/kubectl"
|
||||||
|
version = ">= 1.14.0"
|
||||||
|
}
|
||||||
|
desec = {
|
||||||
|
source = "Valodim/desec"
|
||||||
|
version = "0.6.1"
|
||||||
|
}
|
||||||
|
pass = {
|
||||||
|
source = "camptocamp/pass"
|
||||||
|
version = "2.1.1"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
provider "pass" {}
|
||||||
|
|
||||||
|
provider "kubectl" {
|
||||||
|
config_path = "~/.kube/config"
|
||||||
|
config_context = "mecha"
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "kubernetes" {
|
||||||
|
config_path = "~/.kube/config"
|
||||||
|
config_context = "mecha"
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "kustomization" {
|
||||||
|
context = "mecha"
|
||||||
|
kubeconfig_path = "~/.kube/config"
|
||||||
|
}
|
||||||
|
|
||||||
8
scripts.ts
Normal file
8
scripts.ts
Normal file
@@ -0,0 +1,8 @@
|
|||||||
|
// check-headers.ts
|
||||||
|
const domain = "https://jellyfin.milasholsting.dk";
|
||||||
|
const resp = await fetch(domain);
|
||||||
|
|
||||||
|
console.log("--- Header Check ---");
|
||||||
|
resp.headers.forEach((value, key) => {
|
||||||
|
console.log(`${key}: ${value}`);
|
||||||
|
});
|
||||||
1
terraform.tfstate
Normal file
1
terraform.tfstate
Normal file
File diff suppressed because one or more lines are too long
1
terraform.tfstate.backup
Normal file
1
terraform.tfstate.backup
Normal file
File diff suppressed because one or more lines are too long
Reference in New Issue
Block a user