From 66d7045056663882e10c0f5e19aea6e42da56032 Mon Sep 17 00:00:00 2001 From: Tony Du Date: Mon, 17 Feb 2025 21:49:34 -0800 Subject: [PATCH] feat: Add nextcloud --- dns/zones/mnke.org.zone | 3 +- k8s/apps/cloudflared/cloudflared-mnke.yaml | 4 + .../ingressroutes/internal/kustomization.yaml | 1 + .../ingressroutes/internal/nc-mnke-org.yaml | 21 ++++ .../ingressroutes/internal/up-mnke-org.yaml | 4 +- .../ingressroutes/internal/up-tonydu-me.yaml | 2 +- k8s/apps/kustomization.yaml | 1 + .../kustomization.yaml | 3 +- k8s/apps/nextcloud/release.yaml | 110 ++++++++++++++++++ .../{twingate => nextcloud}/repository.yaml | 4 +- k8s/apps/nextcloud/secrets.yaml | 37 ++++++ k8s/apps/twingate/release.yaml | 32 ----- k8s/apps/twingate/secrets.yaml | 21 ---- 13 files changed, 182 insertions(+), 61 deletions(-) create mode 100644 k8s/apps/ingressroutes/internal/nc-mnke-org.yaml rename k8s/apps/{twingate => nextcloud}/kustomization.yaml (99%) create mode 100644 k8s/apps/nextcloud/release.yaml rename k8s/apps/{twingate => nextcloud}/repository.yaml (66%) create mode 100644 k8s/apps/nextcloud/secrets.yaml delete mode 100644 k8s/apps/twingate/release.yaml delete mode 100644 k8s/apps/twingate/secrets.yaml diff --git a/dns/zones/mnke.org.zone b/dns/zones/mnke.org.zone index 54655b9..916b85b 100644 --- a/dns/zones/mnke.org.zone +++ b/dns/zones/mnke.org.zone @@ -1,10 +1,11 @@ $ORIGIN mnke.org. -@ 900 IN SOA dns-server. hostadmin 37 900 300 604800 900 +@ 900 IN SOA dns-server. hostadmin 38 900 300 604800 900 @ 3600 IN NS dns-server. authentik 600 IN CNAME authentik.dolo blog 600 IN CNAME blog.dolo git 600 IN CNAME git.jumper media 600 IN CNAME media.dolo +nc 600 IN CNAME nc.dolo panel 600 IN CNAME panel.dolo seerr 600 IN CNAME seerr.dolo up 600 IN CNAME up.dolo diff --git a/k8s/apps/cloudflared/cloudflared-mnke.yaml b/k8s/apps/cloudflared/cloudflared-mnke.yaml index e59698d..af41f4e 100644 --- a/k8s/apps/cloudflared/cloudflared-mnke.yaml +++ b/k8s/apps/cloudflared/cloudflared-mnke.yaml @@ -124,5 +124,9 @@ data: service: https://wings-01_jodye.mnke.org - hostname: vault.mnke.org service: https://vault.mnke.org + - hostname: authentik.mnke.org + service: https://authentik.mnke.org + - hostname: nc.mnke.org + service: https://nc.mnke.org # This rule matches any traffic which didn't match a previous rule, and responds with HTTP 404. - service: http_status:404 diff --git a/k8s/apps/ingressroutes/internal/kustomization.yaml b/k8s/apps/ingressroutes/internal/kustomization.yaml index ef30234..9810f1d 100644 --- a/k8s/apps/ingressroutes/internal/kustomization.yaml +++ b/k8s/apps/ingressroutes/internal/kustomization.yaml @@ -5,3 +5,4 @@ resources: - blog-tonydu-me.yaml - up-tonydu-me.yaml - up-mnke-org.yaml + - nc-mnke-org.yaml diff --git a/k8s/apps/ingressroutes/internal/nc-mnke-org.yaml b/k8s/apps/ingressroutes/internal/nc-mnke-org.yaml new file mode 100644 index 0000000..834b852 --- /dev/null +++ b/k8s/apps/ingressroutes/internal/nc-mnke-org.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: nc-mnke-org + namespace: default +spec: + entryPoints: + - websecure + routes: + - match: Host(`nc.mnke.org`) + kind: Rule + services: + - kind: Service + name: nextcloud + port: http + sticky: + cookie: + name: nextcloud + tls: + secretName: wildcard-mnke-org-tls diff --git a/k8s/apps/ingressroutes/internal/up-mnke-org.yaml b/k8s/apps/ingressroutes/internal/up-mnke-org.yaml index dc2107b..039ed15 100644 --- a/k8s/apps/ingressroutes/internal/up-mnke-org.yaml +++ b/k8s/apps/ingressroutes/internal/up-mnke-org.yaml @@ -2,7 +2,7 @@ apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: - name: up-tonydu-me + name: up-mnke-org namespace: default spec: entryPoints: @@ -10,7 +10,7 @@ spec: routes: - match: >- (Host(`up.mnke.org`) || Host(`up.dolo.mnke.org`)) && - (PathRegex(`^/status/*$`) || PathRegex(`^/api/*`)) + (PathRegexp(`^/status/*$`) || PathRegexp(`^/api/*`)) kind: Rule services: - kind: Service diff --git a/k8s/apps/ingressroutes/internal/up-tonydu-me.yaml b/k8s/apps/ingressroutes/internal/up-tonydu-me.yaml index 55bf0a2..30066e8 100644 --- a/k8s/apps/ingressroutes/internal/up-tonydu-me.yaml +++ b/k8s/apps/ingressroutes/internal/up-tonydu-me.yaml @@ -2,7 +2,7 @@ apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: - name: up-mnke-org + name: up-tonydu-me namespace: default spec: entryPoints: diff --git a/k8s/apps/kustomization.yaml b/k8s/apps/kustomization.yaml index 15426ba..800eeec 100644 --- a/k8s/apps/kustomization.yaml +++ b/k8s/apps/kustomization.yaml @@ -7,5 +7,6 @@ resources: - ghost - authentik - ingressroutes + - nextcloud - cloudflared # - twingate diff --git a/k8s/apps/twingate/kustomization.yaml b/k8s/apps/nextcloud/kustomization.yaml similarity index 99% rename from k8s/apps/twingate/kustomization.yaml rename to k8s/apps/nextcloud/kustomization.yaml index a43f5a2..ea387eb 100644 --- a/k8s/apps/twingate/kustomization.yaml +++ b/k8s/apps/nextcloud/kustomization.yaml @@ -2,7 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - repository.yaml - secrets.yaml + - repository.yaml - release.yaml - diff --git a/k8s/apps/nextcloud/release.yaml b/k8s/apps/nextcloud/release.yaml new file mode 100644 index 0000000..bac0f24 --- /dev/null +++ b/k8s/apps/nextcloud/release.yaml @@ -0,0 +1,110 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: nextcloud + namespace: default +spec: + interval: 10m0s + releaseName: nextcloud + targetNamespace: default + chart: + spec: + chart: nextcloud + version: 6.6.3 + reconcileStrategy: ChartVersion + sourceRef: + kind: HelmRepository + name: nextcloud + namespace: flux-system + + valuesFrom: + - kind: Secret + name: nextcloud-creds + valuesKey: nextcloud-password + targetPath: nextcloud.password + + - kind: Secret + name: nextcloud-db-creds + valuesKey: mysql-password + targetPath: externalDatabase.password + + - kind: Secret + name: nextcloud-db-creds + valuesKey: mysql-password + targetPath: mariadb.auth.password + + values: + replicas: 3 + + nextcloud: + host: nc.mnke.org + username: admin + # password: "" + + internalDatabase: + enabled: false + + externalDatabase: + enabled: true + type: mysql + host: db.home.mnke.org:3306 + database: nextcloud + user: nextcloud + # password: "" + + # mariadb: + # enabled: true + # auth: + # database: nextcloud + # username: nextcloud + # # password: "" + # global: + # defaultStorageClass: + + persistence: + enabled: true + storageClass: longhorn + accessMode: ReadWriteMany + size: 8Gi + nextcloudData: + enabled: true + storageClass: nfs-client + accessMode: ReadWriteMany + size: 64Gi + + livenessProbe: + # it takes so long for nextcloud to start up + enabled: false + initialDelaySeconds: 1200 + periodSeconds: 30 + failureThreshold: 10 + + readinessProbe: + enabled: false + initialDelaySeconds: 1200 + periodSeconds: 30 + failureThreshold: 10 + + cronjob: + enabled: true + resources: + requests: + cpu: "50m" + memory: "64M" + limits: + cpu: "200m" + memory: "256M" + + redis: + enabled: true + global: + storageClass: nfs-client + + resources: + requests: + cpu: "200m" + memory: "512M" + limits: + cpu: "1000m" + memory: "1G" diff --git a/k8s/apps/twingate/repository.yaml b/k8s/apps/nextcloud/repository.yaml similarity index 66% rename from k8s/apps/twingate/repository.yaml rename to k8s/apps/nextcloud/repository.yaml index 00e75a9..5e9e1b5 100644 --- a/k8s/apps/twingate/repository.yaml +++ b/k8s/apps/nextcloud/repository.yaml @@ -2,8 +2,8 @@ apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: - name: twingate + name: nextcloud namespace: flux-system spec: interval: 10m0s - url: https://twingate.github.io/helm-charts + url: https://nextcloud.github.io/helm/ diff --git a/k8s/apps/nextcloud/secrets.yaml b/k8s/apps/nextcloud/secrets.yaml new file mode 100644 index 0000000..a744d20 --- /dev/null +++ b/k8s/apps/nextcloud/secrets.yaml @@ -0,0 +1,37 @@ +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: nextcloud-db-creds + namespace: default +spec: + secretStoreRef: + kind: ClusterSecretStore + name: infisical + + target: + name: nextcloud-db-creds + + data: + - secretKey: mysql-password + remoteRef: + key: nextcloud-mysql-password + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: nextcloud-creds + namespace: default +spec: + secretStoreRef: + kind: ClusterSecretStore + name: infisical + + target: + name: nextcloud-creds + + data: + - secretKey: nextcloud-password + remoteRef: + key: nextcloud-password diff --git a/k8s/apps/twingate/release.yaml b/k8s/apps/twingate/release.yaml deleted file mode 100644 index b07f46e..0000000 --- a/k8s/apps/twingate/release.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: twingate - namespace: default -spec: - interval: 10m0s - releaseName: twingate-rampant-eagle - targetNamespace: default - chart: - spec: - chart: connector - reconcileStrategy: ChartVersion - sourceRef: - kind: HelmRepository - name: twingate - namespace: flux-system - valuesFrom: - - kind: Secret - name: twingate-creds - valuesKey: access-token - targetPath: connector.accessToken - - kind: Secret - name: twingate-creds - valuesKey: refresh-token - targetPath: connector.refreshToken - values: - connector: - network: mnke - # accessToken: - # refreshToken: diff --git a/k8s/apps/twingate/secrets.yaml b/k8s/apps/twingate/secrets.yaml deleted file mode 100644 index fc4d860..0000000 --- a/k8s/apps/twingate/secrets.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: twingate-creds - namespace: default -spec: - secretStoreRef: - kind: ClusterSecretStore - name: infisical - - target: - name: twingate-creds - - data: - - secretKey: access-token - remoteRef: - key: twingate-access-token - - secretKey: refresh-token - remoteRef: - key: twingate-refresh-token