apps(kakigoori): Added kakigoori to deployment

apps/kakigoori/.gitignore

@@ -0,0 +1 @@
+local_settings.py

apps/kakigoori/deployment.yaml

@@ -0,0 +1,90 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kakigoori
+  labels:
+    app.kubernetes.io/name: kakigoori
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: kakigoori
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: kakigoori
+    spec:
+      affinity:
+        nodeAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 1
+            preference:
+              matchExpressions:
+              - key: location
+                operator: In
+                values:
+                - fsn
+      containers:
+        - name: kakigoori
+          image: "git.remilia.ch/remilia/kakigoori:main"
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8001
+          volumeMounts:
+          - name: config
+            mountPath: /kakigoori/kakigoori/local_settings.py
+            subPath: local_settings.py
+          securityContext:
+            runAsUser: 1000
+            runAsGroup: 1000
+            runAsNonRoot: true
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
+        - name: anubis
+          image: ghcr.io/techarohq/anubis:latest
+          imagePullPolicy: Always
+          env:
+            - name: "BIND"
+              value: ":8080"
+            - name: "DIFFICULTY"
+              value: "4"
+            - name: ED25519_PRIVATE_KEY_HEX
+              valueFrom:
+                secretKeyRef:
+                  name: anubis-kakigoori-key
+                  key: ED25519_PRIVATE_KEY_HEX
+            - name: "METRICS_BIND"
+              value: ":9090"
+            - name: "SERVE_ROBOTS_TXT"
+              value: "true"
+            - name: "TARGET"
+              value: "http://localhost:8001"
+            - name: "OG_PASSTHROUGH"
+              value: "true"
+            - name: "OG_EXPIRY_TIME"
+              value: "24h"
+          resources:
+            limits:
+              cpu: 750m
+              memory: 256Mi
+            requests:
+              cpu: 250m
+              memory: 256Mi
+          securityContext:
+            runAsUser: 1000
+            runAsGroup: 1000
+            runAsNonRoot: true
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
+      volumes:
+      - name: config
+        configMap:
+          name: kakigoori-config

apps/kakigoori/kustomization.yaml

@@ -0,0 +1,8 @@
+resources:
+- deployment.yaml
+- services.yaml
+- secrets.yaml
+configMapGenerator:
+- name: kakigoori-config
+  files:
+  - local_settings.py

apps/kakigoori/local_settings.sops.py

@@ -0,0 +1,15 @@
+{
+	"data": "ENC[AES256_GCM,data:pESnbjbgxGjxVV4Q9oRZxsWXP1eJILBO1jGLp/IRIOw82hWAleen6nECSVuFl4Q7klsChEYrTki2hhNt7+2KQVymUWkfJScPwbRdoP8hlB72fDSxyca7FDrfXg458UcBMozJlrw5XwReTSV3f5OUcUXb2sC9ptUHCvE2U+U4yjHa2TdlvEbuCpY9NOYyl+k1lERzLLj/WhtyjRWk56HSUb4XSr3i3m2SJre6ikywnL7ErzdZ51E34jD23ED7BsAs8UdN7jGk7fyUD4+0P8goBXHqhliaPwoounS3P5MdgL5j5MoIFCih+6LeWBezthVZ6XSqYvVIZI2dtbYh7qzb43k12s2cgxYfRd7VhYSwM0QI3oInsXpr5YTocLBozzXGw1zTeguRR49lPNMPuRx5Yj/3nTnL/qFOPSABIvA9C2L1XohZBELZkuO3kB613vQbPDq48darb075WF9XO7cUN9d3B33X6zoxPRBf5JBGJV6WCx1fWZI+/j5AHPuDm8tXeN1aBcctCEJMjxNO4PVWOkyqEKtpnpPNhMwNriWV0rZkvtPNeDVKvbUCNSJVxCnHViKtIIOtqQX8QrWvGayiQTsr394FB/F+J1wty5Zsvk/WuYN62c5ICPiKWJR4Mb58MrybX1UlxZcnHuJBz7W+yTa6kF5L9GaAuicCORVoDCTGq/QyAUsm1FrUuKjs3CVkXmhtZOMF42kyAlnNKTnBb505hN2NE4iE0xek134K3FW12t37deavyNak96rsn6OVCgsASYiLQo+ygDyWjHfk5rKCc9FoZ+x8TPpEDKx1+N2KRMljq8ECfOCvJPZ+93pUg/ExmrmVtW16tR78AJ0sGFOvyClwwntzhk6KJH5FeaqIbA+lSYbBCLkQvXM7WBnlgaZpvIaO6B7ru7wiGjbojWqyzE/2TEPvXP85,iv:ys2DmK1Y/hGm/t8QRI9DiMpoaP6nwPXXWGTX8yiIYow=,tag:i5zn5dn9F8BorSc+1Zm3Wg==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"recipient": "age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIaGxKaDVkckwyYktyTzBG\nNVNyUFozblhlaWUra1U2cTRxYm1TOEpyZ0Z3ClRENDA4WXl4QVpQQ3V0RGIrdkVM\nYVFpRWs1WERHK1ZZenVsZU0xZGJQTHcKLS0tIDlVN2c3N21qemd1S3hDaHlDaDU2\nZU1WTTJZUUhaRUkyQW9WL05KNkNwRW8KS3lwtuo1sUo0iwwjV8fQILOsuRv5Onkc\niSc7wDNyvsL+mqkM0DqfgqeSvi6JHDUXxMU6b2OPg4M6YQ0Y/rsTJA==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2025-05-31T11:09:17Z",
+		"mac": "ENC[AES256_GCM,data:MbEPM+n/vYATVnstjTsiGmmArSsSiYNXPAPNv9AmNQdxQDgtJSkBSA9TfVBtBL4x9Bymv9v0d+7N+Skn38ZPfQN5cVxncw1d05J03l6+COznyBNVDaA5u6iHrAf6olbfxdhN5/eoT8IZtn+hfSM+ZXM2MDP/u7/VD9j4G2pNTPA=,iv:qdDIp8vHvawnWIhJcJcGYvfHtZknljqfdufi8IlDFr8=,tag:6Kmg1jhv4VE1LLO9lBqzqw==,type:str]",
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.10.2"
+	}
+}

apps/kakigoori/secrets.sops.yaml

@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: anubis-kakigoori-key
+type: Opaque
+data:
+    ED25519_PRIVATE_KEY_HEX: ENC[AES256_GCM,data:hLiIseiRyHxRyeqOr/l25I02LIY9UylK2O136X6904c7ZVpYIvqahI8Y94BNkDTSWQCUohEq2gAM3/NUb2OMosRX7/KJFOed3oqruvUz6imaSFTDXu9Jlg==,iv:R2hIPEttqS0k3lawoF1D51AExSodFt5HTs8h6dTr6h0=,tag:NOOZVbGD11jPtDEQ/GhCDw==,type:str]
+sops:
+    age:
+        - recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUOEtoSE14clR0ZnBiTmxT
+            Nlc1VDFPWXZBamxySGZVYUxVeklKb0RVdnlnCk9seGNYa1NOSzlENzV5LzQzeGVh
+            UUd2UllMNUNkbWRyVEhHWmVHd3lyVzQKLS0tIERTdWRZRERBUmNuWm4vRHR4RjBG
+            RCtXMks0aFlPMHUzQXFuQ2tNb3U5OHMKwBGwir6zmtEuLbk/QJHLshHmby65aeK+
+            4IcT9Ez+OytpTx2iRgCPI5eFFIAirejzpc9TLviHdsPzrq/bN/v6Rw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-05-31T11:19:27Z"
+    mac: ENC[AES256_GCM,data:pGhHDJqdWQdDePmFqNFJsGb8xQnSIshlC+d2A6tVmPL2GZITFNHs7fjAODSpy91tev4p29N4RaKbukKqz0sXZADqj8edpQ01xrzLxeFsphYiC3wJcpGtlXWNjNxvHC8L1pzKjLS47/V+JcDJxzrZMvP4ZmmwSYXORMErgtARAZI=,iv:W9Kd77VPEDnbRbs4F7PQCj97NwhmIER0FiaRDEoo48I=,tag:R5iHYlsy+pP/GJBw4pci0g==,type:str]
+    encrypted_regex: ^(data|stringData)$
+    version: 3.10.2

apps/kakigoori/services.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: kakigoori
+spec:
+  type: ClusterIP
+  selector:
+    app.kubernetes.io/name: kakigoori
+  ports:
+    - protocol: TCP
+      port: 8001
+      targetPort: 8001
+      name: kakigoori
+    - protocol: TCP
+      port: 80
+      targetPort: 8080
+      name: anubis