prettysunflower/infra
1
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

The great reset, we moved infra into two clusters (sekibanki et seija)

Browse Source
This commit is contained in:
prettysunflower
2025-07-16 10:39:09 -04:00
parent 68f1108c2d
commit 1df5459f70
145 changed files with 2431 additions and 576 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
apps/seija/prettysunflower-website/deployment.yaml Normal file
View File

@@ -0,0 +1,84 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: prettysunflower-website
labels:
app.kubernetes.io/name: prettysunflower-website
spec:
replicas: 2
selector:
matchLabels:
app.kubernetes.io/name: prettysunflower-website
template:
metadata:
labels:
app.kubernetes.io/name: prettysunflower-website
spec:
containers:
- name: website
image: 'git.prettysunflower.moe/prettysunflower/prettysunflower-website:latest'
imagePullPolicy: Always
envFrom:
- secretRef:
name: prettysunflower-website-secret
ports:
- containerPort: 3334
- name: website-static
image: 'git.prettysunflower.moe/prettysunflower/prettysunflower-website-static:main'
imagePullPolicy: Always
ports:
- containerPort: 8001
- name: anubis
image: ghcr.io/techarohq/anubis:latest
imagePullPolicy: Always
env:
- name: "BIND"
value: ":8080"
- name: "DIFFICULTY"
value: "4"
- name: ED25519_PRIVATE_KEY_HEX
valueFrom:
secretKeyRef:
name: anubis-prettysunflower-website-key
key: ED25519_PRIVATE_KEY_HEX
- name: "METRICS_BIND"
value: ":9090"
- name: "SERVE_ROBOTS_TXT"
value: "false"
- name: "TARGET"
value: "http://localhost:3334"
- name: "OG_PASSTHROUGH"
value: "true"
- name: "OG_EXPIRY_TIME"
value: "24h"
- name: "THOTH_URL"
valueFrom:
secretKeyRef:
name: anubis-prettysunflower-website-key
key: THOTH_URL
- name: "THOTH_TOKEN"
valueFrom:
secretKeyRef:
name: anubis-prettysunflower-website-key
key: THOTH_TOKEN
resources:
limits:
cpu: 750m
memory: 256Mi
requests:
cpu: 250m
memory: 256Mi
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
dnsPolicy: "ClusterFirst"
dnsConfig:
nameservers:
- 100.96.226.96

4
apps/seija/prettysunflower-website/kustomization.yaml Normal file
View File

@@ -0,0 +1,4 @@
resources:
- deployment.yaml
- services.yaml
- secrets.yaml

48
apps/seija/prettysunflower-website/secrets.sops.yaml Normal file
View File

@@ -0,0 +1,48 @@
apiVersion: v1
kind: Secret
metadata:
name: prettysunflower-website-secret
type: Opaque
data:
GOOGLE_API_KEY: ENC[AES256_GCM,data:irEM9uQpUiQiQ1ORclh6DbAPdahzXGCC/32KhgVmgxd1ApEd9yxcaH/DaCssldoMyu0EDQ==,iv:rQtEs+4zhA6MVXGJbCFeG+I7X/kGMNW1fcH6jR5hS8w=,tag:dfRid1Arrui6EcFEKh1b4Q==,type:str]
sops:
age:
- recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2d0dIQnlnRjk1UFJTdFlx
bkVjdytJUjF6SnRVMW1tckdGVUN3OTRCRkIwClBhNi9NR1VIQ2dQR2ZjbWd5dnNT
MzlsV2xjaW93NUljeGlnelgxT1pSZlUKLS0tIEJEMS9VNDdQN0ppOEFnZ2lqeFJp
V2cyekl2WmN1cjBWNzVQUStQVmNBQ3MKaAzPeJuPHKUsF8WFMKBLfijcc9xGoiIy
7ZUqenMvu/hO62LgT+4NlQ66XN/OfLSiwSl3YYuGuELR1jGdK9LXVA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-16T14:35:28Z"
mac: ENC[AES256_GCM,data:vaiTEgR5/qYJf9tOwnn4ZB3ZgD62taLHHBEw252d1eaW9TSOCv4UGplPao8CVpp4dtEPY+EJlBV5h3pBB42KFDKZHDSrGqIz3wE/H3xJMovazmz4ZtHKVFbzp852CApL2F7GNWZgyZI/IRyYVk74v7XYqrks+BgF9WnPLdka1WY=,iv:zKYlyFmLeVaMfLiX3ZB3evlbekzrnQKripy6shpWTCs=,tag:dGjhYoaGCxvnJ8JQ6h5qfA==,type:str]
encrypted_regex: ^(data|stringData)$
version: 3.10.2
---
apiVersion: v1
kind: Secret
metadata:
name: anubis-prettysunflower-website-key
type: Opaque
data:
ED25519_PRIVATE_KEY_HEX: ENC[AES256_GCM,data:rsuPNEvHbI3CRnCDydyYrtkT2VIz9Ps4hos35joR2sVuaNtaLC9NGYeueRRMxusHZIgFED+KqP8YbIYotpOXqJuS8NTjFI8dgQj5dkXF6ZjNk5L3nJz9BA==,iv:mTmq2vSmJVJBQTVPINC4lcK6yxdxOpkHLk3mF8UJ84k=,tag:WbvdAu69Rhdr36aQq1zeYg==,type:str]
stringData:
THOTH_URL: ENC[AES256_GCM,data:o1Gk3f6ADbEyQ1dKXlcMyZqIj9Fb0IXFBkm+PrlBcMb/lPi9,iv:vBS7y4Hj4v8ySNL2zgIIK97wxIwgYs9vuM6lwVZeywc=,tag:SiFy3WIHTz585Zi/BR8X+g==,type:str]
THOTH_TOKEN: ENC[AES256_GCM,data:S9ZIlYOTEF31n/AdnPKd/JByg/B+tQpSRLXl8bLjbpA5dMEVBJfjYT68WBh/cJLRIUwkJMJhgIEVN3yJBePRpu+kRRzcg+XE2f4yuYdbgplGYfm7RG50CjE8GRNdLnE5bK05Z7LIuEGeYG6DEDiH0iNHWeZdGpmzeynSxTdVFlcRMSBzi8LRXQdw3ZySOabn+Z2F45Fv6DMKbyANLtR9YPViLvo0B8VLhVtoYJ5spu0Rr31p9ZLv4+w/AfeCt1NrN379UXmEoZ8YgvScpi42q9/qC/zjtKPx0AfC7vuTGSodQPcmmlDkvrxsZC3/mhy9QFsE3vHt64Yk9PcJXiv8R8ZgGN04yiWrI48vkeXjtEe/UIOnCyExwfXVQk6xRATY+xO946NgPUBz6ACX8CcEiiK9UNkZbEULho4=,iv:4+0uA3BWZgctn6W1xZYHjXHksdx364Y+PG6CqCiHKCw=,tag:2lJyO+KISqLFZfaJeaHGbQ==,type:str]
sops:
age:
- recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2d0dIQnlnRjk1UFJTdFlx
bkVjdytJUjF6SnRVMW1tckdGVUN3OTRCRkIwClBhNi9NR1VIQ2dQR2ZjbWd5dnNT
MzlsV2xjaW93NUljeGlnelgxT1pSZlUKLS0tIEJEMS9VNDdQN0ppOEFnZ2lqeFJp
V2cyekl2WmN1cjBWNzVQUStQVmNBQ3MKaAzPeJuPHKUsF8WFMKBLfijcc9xGoiIy
7ZUqenMvu/hO62LgT+4NlQ66XN/OfLSiwSl3YYuGuELR1jGdK9LXVA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-16T14:35:28Z"
mac: ENC[AES256_GCM,data:vaiTEgR5/qYJf9tOwnn4ZB3ZgD62taLHHBEw252d1eaW9TSOCv4UGplPao8CVpp4dtEPY+EJlBV5h3pBB42KFDKZHDSrGqIz3wE/H3xJMovazmz4ZtHKVFbzp852CApL2F7GNWZgyZI/IRyYVk74v7XYqrks+BgF9WnPLdka1WY=,iv:zKYlyFmLeVaMfLiX3ZB3evlbekzrnQKripy6shpWTCs=,tag:dGjhYoaGCxvnJ8JQ6h5qfA==,type:str]
encrypted_regex: ^(data|stringData)$
version: 3.10.2

17
apps/seija/prettysunflower-website/services.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: v1
kind: Service
metadata:
name: prettysunflower-website
spec:
type: ClusterIP
selector:
app.kubernetes.io/name: prettysunflower-website
ports:
- protocol: TCP
port: 80
targetPort: 8080
name: anubis
- protocol: TCP
port: 8001
targetPort: 8001
name: website-static