prettysunflower/infra
1
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

The great reset, we moved infra into two clusters (sekibanki et seija)

Browse Source
This commit is contained in:
prettysunflower
2025-07-16 10:39:09 -04:00
parent 68f1108c2d
commit 1df5459f70
145 changed files with 2431 additions and 576 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
apps/seija/privatebin/deployment.yaml Normal file
View File

@@ -0,0 +1,78 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: privatebin
labels:
app.kubernetes.io/name: privatebin
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: privatebin
template:
metadata:
labels:
app.kubernetes.io/name: privatebin
spec:
volumes:
- name: privatebin-data
persistentVolumeClaim:
claimName: privatebin-data-pvc
containers:
- image: privatebin/nginx-fpm-alpine:1.7.8
name: privatebin
imagePullPolicy: Always
ports:
- containerPort: 8080
protocol: TCP
volumeMounts:
- name: privatebin-data
mountPath: "/srv/data"
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
- name: anubis
image: ghcr.io/techarohq/anubis:v1.20.0
imagePullPolicy: Always
env:
- name: "BIND"
value: ":8081"
- name: "DIFFICULTY"
value: "3"
- name: ED25519_PRIVATE_KEY_HEX
valueFrom:
secretKeyRef:
name: anubis-key
key: ED25519_PRIVATE_KEY_HEX
- name: "METRICS_BIND"
value: ":9090"
- name: "SERVE_ROBOTS_TXT"
value: "true"
- name: "TARGET"
value: "http://localhost:8080"
- name: "OG_PASSTHROUGH"
value: "false"
resources:
limits:
cpu: 750m
memory: 256Mi
requests:
cpu: 250m
memory: 256Mi
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault

5
apps/seija/privatebin/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
resources:
- pvc.yaml
- deployment.yaml
- services.yaml
- secrets.yaml

12
apps/seija/privatebin/pvc.yaml Normal file
View File

@@ -0,0 +1,12 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: privatebin-data-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: hcloud-volumes

22
apps/seija/privatebin/secrets.sops.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: v1
kind: Secret
metadata:
name: anubis-key
type: Opaque
data:
ED25519_PRIVATE_KEY_HEX: ENC[AES256_GCM,data:iatFUERK2zHMMq+2uzsTdr15pnyEY9bXYlXFt3sZR+C36cneumogFu3AhV4j0EadseLDPKxkSml3bazpejSyNvWinjpIOwORSi6EHlw71ByDy4Li4/hppg==,iv:5/wZHTzGHN8okMzzm19gt3T5d2rCjvb4RtoaWCwUwgY=,tag:9ZC63C2okeTRt/wGlvb6Lg==,type:str]
sops:
age:
- recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1aFZqQ3g1VDFLY0RuaVZ0
bzhpVHd0UERaSnlidVBidzVnR256T0xWS3lnCnBlbDdlSm9CNWlmVmFzdTZPSmFX
bTJUU3hJZy9jKzVWOTJFNVVMbWMzUnMKLS0tIFdDUnpLMGRQTlNjT3pqV2s2OVZH
V0lpRFdvMXVaYWZ6NmVxNTlsM2IvZHMK10ArWUv7S8w0WwDJCmOwWp56Us8fAkrp
5rZPG2IhlxAG+5NbbQq13jxjGuQuzACllkreXD3NtwmACWgubGZV2Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-16T14:35:28Z"
mac: ENC[AES256_GCM,data:K7jl1bA6UAlJ3LVJsnAOdHf1MFJAK4vrxRktWzoV1zh4DSOVIo3TeGn7wLqlPlbbILFlXKMJUHT7AzfKyv/MtECTe5TOyjQqFYPZ7ZRvE72faghkJAN/AfHIjLZWFOuWOAB2ZEY9cJWCe7zLbC+cwHC7KxepPBHZdQnh//wuz4s=,iv:aooSLGTTL5v5ZhHGJKKcaCGhSl6GciHpGyG00ybzWIQ=,tag:pQ/HNQODherqkToT+JTbIA==,type:str]
encrypted_regex: ^(data|stringData)$
version: 3.10.2

13
apps/seija/privatebin/services.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: privatebin
spec:
type: ClusterIP
selector:
app.kubernetes.io/name: privatebin
ports:
- protocol: TCP
port: 80
targetPort: 8081
name: http