From 06d1268ee926594e71fff6f6b2d43cc5ef93e6f9 Mon Sep 17 00:00:00 2001
From: prettysunflower <me@prettysunflower.moe>
Date: Tue, 10 Jun 2025 02:22:02 +0200
Subject: [PATCH] apps(znc): Moved storage to s3yuyuko

---
 apps/znc/pvc.yaml         | 38 +++++++++++++++++++++++++++++++++++---
 apps/znc/statefulset.yaml | 14 ++++++++++++--
 2 files changed, 47 insertions(+), 5 deletions(-)

diff --git a/apps/znc/pvc.yaml b/apps/znc/pvc.yaml
index 8141f6f..3536d54 100644
--- a/apps/znc/pvc.yaml
+++ b/apps/znc/pvc.yaml
@@ -1,11 +1,43 @@
 apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: znc-pv
+spec:
+  storageClassName: s3yuyuko
+  capacity:
+    storage: 5G
+  accessModes:
+    - ReadWriteOnce
+  claimRef:
+    namespace: default
+    name: znc-yuyuko-pvc
+  csi:
+    driver: ru.yandex.s3.csi
+    controllerPublishSecretRef:
+      name: csi-yuyuko-secret
+      namespace: kube-system
+    nodePublishSecretRef:
+      name: csi-yuyuko-secret
+      namespace: kube-system
+    nodeStageSecretRef:
+      name: csi-yuyuko-secret
+      namespace: kube-system
+    volumeAttributes:
+      capacity: 5G
+      mounter: s3fs-fuse
+      options: --memory-limit 1000 --dir-mode 0777 --file-mode 0666 -o allow_other --uid 1000 --gid 1000
+    volumeHandle: znc-pv
+---
+apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: znc-pvc
+  name: znc-yuyuko-pvc
 spec:
   accessModes:
     - ReadWriteOnce
-  storageClassName: longhorn
+  storageClassName: s3yuyuko
   resources:
     requests:
-      storage: 2Gi
\ No newline at end of file
+      storage: 5G
+  volumeMode: Filesystem
+  volumeName: znc-pv
\ No newline at end of file
diff --git a/apps/znc/statefulset.yaml b/apps/znc/statefulset.yaml
index b9ebcf6..44f2212 100644
--- a/apps/znc/statefulset.yaml
+++ b/apps/znc/statefulset.yaml
@@ -18,7 +18,7 @@ spec:
       volumes:
         - name: znc-config
           persistentVolumeClaim:
-            claimName: znc-pvc
+            claimName: znc-yuyuko-pvc
       containers:
         - name: znc
           image: znc:1.9.1
@@ -27,4 +27,14 @@ spec:
             - containerPort: 4921
           volumeMounts:
           - name: znc-config
-            mountPath: "/znc-data"
\ No newline at end of file
+            mountPath: "/znc-data"
+          securityContext:
+            runAsUser: 1000
+            runAsGroup: 1000
+            runAsNonRoot: true
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
\ No newline at end of file