The great reset, we moved infra into two clusters (sekibanki et seija)

apps/seija/kakigoori/.gitignore

@@ -0,0 +1 @@
+local_settings.py

apps/seija/kakigoori/deployment.yaml

@@ -0,0 +1,93 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kakigoori
+  labels:
+    app.kubernetes.io/name: kakigoori
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: kakigoori
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: kakigoori
+    spec:
+      containers:
+        - name: kakigoori
+          image: "git.prettysunflower.moe/prettysunflower/kakigoori:main"
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8001
+          volumeMounts:
+          - name: config
+            mountPath: /kakigoori/kakigoori/local_settings.py
+            subPath: local_settings.py
+          securityContext:
+            runAsUser: 1000
+            runAsGroup: 1000
+            runAsNonRoot: true
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
+        - name: anubis
+          image: ghcr.io/techarohq/anubis:v1.20.0
+          env:
+            - name: "BIND"
+              value: ":8080"
+            - name: "DIFFICULTY"
+              value: "4"
+            - name: ED25519_PRIVATE_KEY_HEX
+              valueFrom:
+                secretKeyRef:
+                  name: anubis-kakigoori-key
+                  key: ED25519_PRIVATE_KEY_HEX
+            - name: "THOTH_URL"
+              valueFrom:
+                secretKeyRef:
+                  name: anubis-kakigoori-key
+                  key: THOTH_URL
+            - name: "THOTH_TOKEN"
+              valueFrom:
+                secretKeyRef:
+                  name: anubis-kakigoori-key
+                  key: THOTH_TOKEN
+            - name: "METRICS_BIND"
+              value: ":9090"
+            - name: "SERVE_ROBOTS_TXT"
+              value: "true"
+            - name: "TARGET"
+              value: "http://localhost:8001"
+            - name: "OG_PASSTHROUGH"
+              value: "true"
+            - name: "OG_EXPIRY_TIME"
+              value: "24h"
+          resources:
+            limits:
+              cpu: 750m
+              memory: 256Mi
+            requests:
+              cpu: 250m
+              memory: 256Mi
+          securityContext:
+            runAsUser: 1000
+            runAsGroup: 1000
+            runAsNonRoot: true
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
+      volumes:
+      - name: config
+        configMap:
+          name: kakigoori-config
+      dnsPolicy: "None"
+      dnsConfig:
+        nameservers:
+          - 100.96.226.96

apps/seija/kakigoori/kustomization.yaml

@@ -0,0 +1,8 @@
+resources:
+- deployment.yaml
+- services.yaml
+- secrets.yaml
+configMapGenerator:
+- name: kakigoori-config
+  files:
+  - local_settings.py

apps/seija/kakigoori/local_settings.sops.py

@@ -0,0 +1,15 @@
+{
+	"data": "ENC[AES256_GCM,data:xk32d+fT8YwTbJ9zSh+5ceMzF43NCRnQzPeoxcgRijQHKAbTiJyG6bz5bd98aNkc5dTKtDmFzJlPVszzud4g/zQAUxToJ/IMiWG+6YQxcUZA6b/DsTYu8hB/sw8YVS/fUhvtOMaI4p5Yt/cxFSkRBDLumTMIiCMr/hjJfL7KsnQnT+G1SOkdXKOW5ZCC1DwePH4uSAT+pIBDS4T/j6+bfnIk69BFo2O6J30abNJv8n7/jCLUDCuuZ+KQNfiAYHJIcsj1HI5hLUyTxSRXDxBYBDhar/sceJWZCzumEiqieSmWiUTBELQmado4+i5sqEVBNCqAcDmtRBJM67au0CKoOLM1Zce1O9JBOT/pPA1h5oIQ8j3S4JcEwivcZOvI1F47QkMcwqzvsVY1l43Jj2bAs8f9i/QfyoahBjIQdqTZ1GSMMDiZxv8Od1pMZ3RduptdzUZwXlghdtQRRaO9Wp/Qdm+EhcN89k9lmw9wcNl3sAywjmy+7ZeHMwTxZdWHW7ooYf3miaxahewqQXKkydLoaPF2LjI2b76mMiuw45HsKg8laURrdRp9KP8YEZUz43BEOUPBicL5SHvBJbvZOhtMKgGkX4vKvGztUdkDlk8Jn/KCoKL6eWyqJs90lTp7pY+pf8CTFeZk9cHamBF6qi3But95pPGFz65ZOJP5PUrVkM0HY1gsMlXJQyo6umMo6NYtwnlXakqcN5lr9noAZdZZljzfPlDEwLOQ/UkDuoMhFbIRtsE6bqibs4NRAPdboI9dh97HPns3jx4krXjm+IaLyG2Fjb+HsrpxOpOKhVYxE6ogB32gm0jmd0OsuIQHHhuI6XTCv7ojCTAfWHpDzfa/wpj5JTaDT2KhaKmwxDremT3QtdoEA4tC5TYmw9ACoYL2sLsw6bKikMi3eW+aqUCUnxGoB1s51bBeEjKCN6v/qYaPOh7+3MkqGsOJpyTrcYkk+QznYKRJBN9J0qK36PwCtS0IOeHErtNkzo8k8di4M5Gfmgtym406Bmv2v5fRiCfUHZ3TszOSILi8VmlzmkjRuD96zatnlS5LGbf5fSRfRjqBLpx6vHrzlmACzMqJtLGW3zHm/8b5tffLAy+uNMTFj25o+iFRMPCC0nBeCmBex2AAcbZEmEeiUgx1zfQEUVo3HotdXbXCCWBL0l6YCInZ9QikANqMo6urUAtG1nBxe6GxG+2t3KI=,iv:K8WPuND70blkG810M/ru82znvGVqJVWh7U3ZfhRTS5Q=,tag:e7TewsvDz2x0R+pohEGlDA==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"recipient": "age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0MEQxbnA4T0NQSER6NzhG\nN29rVVpmOEJWbEV0TmdVbVp0SGdoMXU4cmxnCkNpMS9Ua2dqQkNQU0RJSUNSTkZu\nUzc4RldaeERPYWxWaElwZlBzU3JjWHcKLS0tIGRoa3pSdDhQbG1kYm9Jb0F6eVZs\nODNRaHFtbnlGMC9rTDJFVWZOMkdZd00KBBUHdx/zbhwEqBaAoeaauiWgkrQ/06wO\nAcGtTapGrKKEj+hDJNVIuP4EcCXt6tlaYPm9IVxQh92VQ3YrAkHLrw==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2025-07-16T14:35:28Z",
+		"mac": "ENC[AES256_GCM,data:+boBB9vcGpRgwaxDs4kFgQk6nVmE3jL1lCkNnmL0ya501M2YlKgZ/UP87qkh8eMQFizpWfs6NFamdF0Zfd7fM1hokOjXQ4pM3rfNa+3lxK2pkEV16OOA5V2F9vTAIkuaCHqKihUZL/PMIko/koKroGU8jfq3ZtgBXTlhIRKeGNI=,iv:zc7vR7gJrMbGIUr+C/R4EWH8LaYX2SxwNtX050nrfEI=,tag:EacHLbwFtujnJuQaKteXkw==,type:str]",
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.10.2"
+	}
+}

apps/seija/kakigoori/secrets.sops.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: anubis-kakigoori-key
+type: Opaque
+data:
+    ED25519_PRIVATE_KEY_HEX: ENC[AES256_GCM,data:mLGdCjuZFgjQ/0WlGBRCf+T0TKHbc/1otllDvsqmAOi+1unw0ZEoCH6+fr1WEAagN0VKulwQmlf26ji7g/+9Q1fiwWMBzxAd1/ZbDZdRptLBvDRBjAP6zA==,iv:P2bwoNjfT8NkBtf8xcKk+VlAPUMzjiuD3z/DHIiDacg=,tag:3CE4qOo0K0BVGgFAUIGZ2Q==,type:str]
+stringData:
+    THOTH_URL: ENC[AES256_GCM,data:9jcvAvIylF4WkQKvAPwyOLpE8w9Es7XJCBHi2gU6A79dTnnl,iv:PcwIyDifQxOmJzrxNxPQqvhS5gT2r7G2+mBP7OYNvCs=,tag:a+sqdXJpd1WVWQlAC3lgdw==,type:str]
+    THOTH_TOKEN: ENC[AES256_GCM,data:ER/93+x9aFGjSPtv7ObT4zhTnCdlJGa+MMY1nqGNGH/GtDKoF+XtyRmclQj+oFZ6DxhV9gM6VeP20YLz7g5t5K23ZmIfFzwAtQAxwJSvDeJw85dkhQbKfTIvou/NM4bL9T1A7j9zGuKvpYAqlkwYnLlDfBy3aWUdD4qkRIjTvXwijG6BjL3dBNXqC1UAxn7j5Y9QojGt6j04/rllYfjuADsIsT4Kbb/EM4jgP13Mu+nJP/3GkfjBQfaC02RvAREjIPuKfVz28zcwLbBTT2kPPSYGuSxIpo1kWKnpttmHDkKgcHu9/q6EFaswgeX3aIbowXiPEY20yYZW4QBbvcBSQOX27Rhg9HR4pcYVM5VT7RTia+kDWIEmhV5JtFlYzx5wiXDM2vgEF+wX+t5mVC96I+En4PuTaBV2lbE=,iv:3dvQjX+takhickmJ3AHo29sEUEfXpSYgh78Rqkfmgkw=,tag:78wOIOovvjkfRxbpDpQoKg==,type:str]
+sops:
+    age:
+        - recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWK2RpVUIxZkZVMjdFV29L
+            VnpYUVJnY3hIYTVSb1htNm5xcTJGRlVWZ0IwCmdSWXFFanBMV1FKTnozUmorL0Qr
+            Z0F0cjc1T2VqRXRwK080VU5tUk1VbkUKLS0tIENiTm5CbkVmTnRRNzJaK3hjMjgr
+            TzhQMmFQOXhCWjRUbGNGOUZHazFNdU0KTLIACJrcciwiFdEhyQCY+ln/afHuwaUU
+            dQXcslNIFa5GeFCA7P7zDkhJWbM1nwOg2D/hh36vYKH6mwdhKVy3Bw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-07-16T14:35:28Z"
+    mac: ENC[AES256_GCM,data:uPR8lkkMZ1Uko36jISMNG6YMKRHh2jZ1P6aA8lY12Qlml21QsDz3z2c+3iOFaSE9CHZ2TPaMj4gkTkHojkkoKmOdGOZSulKKnnSZ42bDVZPPIjiTcMZxYGUiloBrFAzitRqub5UPtgnoKIxnlsZvMJvl8m9oZ27oi9R7K0MgyYI=,iv:AJBS0RDHXDkjF0DMctPCka2f7iaKFw6VQIHl9VWOCog=,tag:bL5DPT/uvQElYbUG9BjxJQ==,type:str]
+    encrypted_regex: ^(data|stringData)$
+    version: 3.10.2

apps/seija/kakigoori/services.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: kakigoori
+spec:
+  type: ClusterIP
+  selector:
+    app.kubernetes.io/name: kakigoori
+  ports:
+    - protocol: TCP
+      port: 8001
+      targetPort: 8001
+      name: kakigoori
+    - protocol: TCP
+      port: 80
+      targetPort: 8080
+      name: anubis