feat: Add nextcloud
This commit is contained in:
parent
223174ad68
commit
66d7045056
@ -1,10 +1,11 @@
|
||||
$ORIGIN mnke.org.
|
||||
@ 900 IN SOA dns-server. hostadmin 37 900 300 604800 900
|
||||
@ 900 IN SOA dns-server. hostadmin 38 900 300 604800 900
|
||||
@ 3600 IN NS dns-server.
|
||||
authentik 600 IN CNAME authentik.dolo
|
||||
blog 600 IN CNAME blog.dolo
|
||||
git 600 IN CNAME git.jumper
|
||||
media 600 IN CNAME media.dolo
|
||||
nc 600 IN CNAME nc.dolo
|
||||
panel 600 IN CNAME panel.dolo
|
||||
seerr 600 IN CNAME seerr.dolo
|
||||
up 600 IN CNAME up.dolo
|
||||
|
@ -124,5 +124,9 @@ data:
|
||||
service: https://wings-01_jodye.mnke.org
|
||||
- hostname: vault.mnke.org
|
||||
service: https://vault.mnke.org
|
||||
- hostname: authentik.mnke.org
|
||||
service: https://authentik.mnke.org
|
||||
- hostname: nc.mnke.org
|
||||
service: https://nc.mnke.org
|
||||
# This rule matches any traffic which didn't match a previous rule, and responds with HTTP 404.
|
||||
- service: http_status:404
|
||||
|
@ -5,3 +5,4 @@ resources:
|
||||
- blog-tonydu-me.yaml
|
||||
- up-tonydu-me.yaml
|
||||
- up-mnke-org.yaml
|
||||
- nc-mnke-org.yaml
|
||||
|
21
k8s/apps/ingressroutes/internal/nc-mnke-org.yaml
Normal file
21
k8s/apps/ingressroutes/internal/nc-mnke-org.yaml
Normal file
@ -0,0 +1,21 @@
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: nc-mnke-org
|
||||
namespace: default
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
routes:
|
||||
- match: Host(`nc.mnke.org`)
|
||||
kind: Rule
|
||||
services:
|
||||
- kind: Service
|
||||
name: nextcloud
|
||||
port: http
|
||||
sticky:
|
||||
cookie:
|
||||
name: nextcloud
|
||||
tls:
|
||||
secretName: wildcard-mnke-org-tls
|
@ -2,7 +2,7 @@
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: up-tonydu-me
|
||||
name: up-mnke-org
|
||||
namespace: default
|
||||
spec:
|
||||
entryPoints:
|
||||
@ -10,7 +10,7 @@ spec:
|
||||
routes:
|
||||
- match: >-
|
||||
(Host(`up.mnke.org`) || Host(`up.dolo.mnke.org`)) &&
|
||||
(PathRegex(`^/status/*$`) || PathRegex(`^/api/*`))
|
||||
(PathRegexp(`^/status/*$`) || PathRegexp(`^/api/*`))
|
||||
kind: Rule
|
||||
services:
|
||||
- kind: Service
|
||||
|
@ -2,7 +2,7 @@
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: up-mnke-org
|
||||
name: up-tonydu-me
|
||||
namespace: default
|
||||
spec:
|
||||
entryPoints:
|
||||
|
@ -7,5 +7,6 @@ resources:
|
||||
- ghost
|
||||
- authentik
|
||||
- ingressroutes
|
||||
- nextcloud
|
||||
- cloudflared
|
||||
# - twingate
|
||||
|
@ -2,7 +2,6 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- repository.yaml
|
||||
- secrets.yaml
|
||||
- repository.yaml
|
||||
- release.yaml
|
||||
|
110
k8s/apps/nextcloud/release.yaml
Normal file
110
k8s/apps/nextcloud/release.yaml
Normal file
@ -0,0 +1,110 @@
|
||||
---
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: nextcloud
|
||||
namespace: default
|
||||
spec:
|
||||
interval: 10m0s
|
||||
releaseName: nextcloud
|
||||
targetNamespace: default
|
||||
chart:
|
||||
spec:
|
||||
chart: nextcloud
|
||||
version: 6.6.3
|
||||
reconcileStrategy: ChartVersion
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: nextcloud
|
||||
namespace: flux-system
|
||||
|
||||
valuesFrom:
|
||||
- kind: Secret
|
||||
name: nextcloud-creds
|
||||
valuesKey: nextcloud-password
|
||||
targetPath: nextcloud.password
|
||||
|
||||
- kind: Secret
|
||||
name: nextcloud-db-creds
|
||||
valuesKey: mysql-password
|
||||
targetPath: externalDatabase.password
|
||||
|
||||
- kind: Secret
|
||||
name: nextcloud-db-creds
|
||||
valuesKey: mysql-password
|
||||
targetPath: mariadb.auth.password
|
||||
|
||||
values:
|
||||
replicas: 3
|
||||
|
||||
nextcloud:
|
||||
host: nc.mnke.org
|
||||
username: admin
|
||||
# password: ""
|
||||
|
||||
internalDatabase:
|
||||
enabled: false
|
||||
|
||||
externalDatabase:
|
||||
enabled: true
|
||||
type: mysql
|
||||
host: db.home.mnke.org:3306
|
||||
database: nextcloud
|
||||
user: nextcloud
|
||||
# password: ""
|
||||
|
||||
# mariadb:
|
||||
# enabled: true
|
||||
# auth:
|
||||
# database: nextcloud
|
||||
# username: nextcloud
|
||||
# # password: ""
|
||||
# global:
|
||||
# defaultStorageClass:
|
||||
|
||||
persistence:
|
||||
enabled: true
|
||||
storageClass: longhorn
|
||||
accessMode: ReadWriteMany
|
||||
size: 8Gi
|
||||
nextcloudData:
|
||||
enabled: true
|
||||
storageClass: nfs-client
|
||||
accessMode: ReadWriteMany
|
||||
size: 64Gi
|
||||
|
||||
livenessProbe:
|
||||
# it takes so long for nextcloud to start up
|
||||
enabled: false
|
||||
initialDelaySeconds: 1200
|
||||
periodSeconds: 30
|
||||
failureThreshold: 10
|
||||
|
||||
readinessProbe:
|
||||
enabled: false
|
||||
initialDelaySeconds: 1200
|
||||
periodSeconds: 30
|
||||
failureThreshold: 10
|
||||
|
||||
cronjob:
|
||||
enabled: true
|
||||
resources:
|
||||
requests:
|
||||
cpu: "50m"
|
||||
memory: "64M"
|
||||
limits:
|
||||
cpu: "200m"
|
||||
memory: "256M"
|
||||
|
||||
redis:
|
||||
enabled: true
|
||||
global:
|
||||
storageClass: nfs-client
|
||||
|
||||
resources:
|
||||
requests:
|
||||
cpu: "200m"
|
||||
memory: "512M"
|
||||
limits:
|
||||
cpu: "1000m"
|
||||
memory: "1G"
|
@ -2,8 +2,8 @@
|
||||
apiVersion: source.toolkit.fluxcd.io/v1
|
||||
kind: HelmRepository
|
||||
metadata:
|
||||
name: twingate
|
||||
name: nextcloud
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 10m0s
|
||||
url: https://twingate.github.io/helm-charts
|
||||
url: https://nextcloud.github.io/helm/
|
37
k8s/apps/nextcloud/secrets.yaml
Normal file
37
k8s/apps/nextcloud/secrets.yaml
Normal file
@ -0,0 +1,37 @@
|
||||
---
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: nextcloud-db-creds
|
||||
namespace: default
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: infisical
|
||||
|
||||
target:
|
||||
name: nextcloud-db-creds
|
||||
|
||||
data:
|
||||
- secretKey: mysql-password
|
||||
remoteRef:
|
||||
key: nextcloud-mysql-password
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: nextcloud-creds
|
||||
namespace: default
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: infisical
|
||||
|
||||
target:
|
||||
name: nextcloud-creds
|
||||
|
||||
data:
|
||||
- secretKey: nextcloud-password
|
||||
remoteRef:
|
||||
key: nextcloud-password
|
@ -1,32 +0,0 @@
|
||||
---
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: twingate
|
||||
namespace: default
|
||||
spec:
|
||||
interval: 10m0s
|
||||
releaseName: twingate-rampant-eagle
|
||||
targetNamespace: default
|
||||
chart:
|
||||
spec:
|
||||
chart: connector
|
||||
reconcileStrategy: ChartVersion
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: twingate
|
||||
namespace: flux-system
|
||||
valuesFrom:
|
||||
- kind: Secret
|
||||
name: twingate-creds
|
||||
valuesKey: access-token
|
||||
targetPath: connector.accessToken
|
||||
- kind: Secret
|
||||
name: twingate-creds
|
||||
valuesKey: refresh-token
|
||||
targetPath: connector.refreshToken
|
||||
values:
|
||||
connector:
|
||||
network: mnke
|
||||
# accessToken:
|
||||
# refreshToken:
|
@ -1,21 +0,0 @@
|
||||
---
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: twingate-creds
|
||||
namespace: default
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: infisical
|
||||
|
||||
target:
|
||||
name: twingate-creds
|
||||
|
||||
data:
|
||||
- secretKey: access-token
|
||||
remoteRef:
|
||||
key: twingate-access-token
|
||||
- secretKey: refresh-token
|
||||
remoteRef:
|
||||
key: twingate-refresh-token
|
Loading…
x
Reference in New Issue
Block a user