prettysunflower/infra
1
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

The great reset, we moved infra into two clusters (sekibanki et seija)

Browse Source
This commit is contained in:
prettysunflower
2025-07-16 10:39:09 -04:00
parent 68f1108c2d
commit 1df5459f70
145 changed files with 2431 additions and 576 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
apps/sekibanki/opengist/deployment.yaml Normal file
View File

@@ -0,0 +1,38 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: opengist
labels:
app.kubernetes.io/name: opengist
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: opengist
template:
metadata:
labels:
app.kubernetes.io/name: opengist
spec:
volumes:
- name: opengist-data
persistentVolumeClaim:
claimName: opengist-data-pvc
containers:
- name: opengist
image: ghcr.io/thomiceli/opengist:1.10
ports:
- containerPort: 6157
volumeMounts:
- name: opengist-data
mountPath: "/opengist"
envFrom:
- secretRef:
name: opengist-secret
livenessProbe:
httpGet:
path: /healthcheck
port: 6157
initialDelaySeconds: 30
periodSeconds: 30
failureThreshold: 3

5
apps/sekibanki/opengist/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
resources:
- deployment.yaml
- pvc.yaml
- services.yaml
- secrets.yaml

12
apps/sekibanki/opengist/pvc.yaml Normal file
View File

@@ -0,0 +1,12 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: opengist-data-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: nfs-csi

28
apps/sekibanki/opengist/secrets.sops.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: v1
kind: Secret
metadata:
name: opengist-secret
type: Opaque
data:
OG_SECRET_KEY: ENC[AES256_GCM,data:CvlbIc/O4FkhELpy76zfE027zavhIEfSDx1JwPfjN5716LJDEuPIoLd19RDx8i92jbPk5RrGEvgLcwyWShwQ11BXPuXIXD8KsAqFwECwk6TKneuJSDbnlQ==,iv:xruob7s++xnqvzmS+JboXlL6W0leicziZMOc0zn//HA=,tag:/OLxQC02uFbcduvhJeoAKg==,type:str]
OG_OIDC_PROVIDER_NAME: ENC[AES256_GCM,data:Asg/Wvct6UjcKQj0ZmO/zWYAlZ8=,iv:14qEsQgm923nX3L+zDrrwYWX4oqpAGRS5lkP/c+Ufl4=,tag:38WXRayva09L2/QsKqPsXw==,type:str]
OG_OIDC_DISCOVERY_URL: ENC[AES256_GCM,data:3OD/XS9JUAAI3MacofVKQXWl/jC1mBoG9CEFmIm/ol7GaN9PBdmlC7c5+rsvf37aolqKkpyQdlVVEAlP98caRAJxR75STzEQS708pw==,iv:b4d1i/xOX3TaYR3ZwDh84mvAe0MYmat5JHLJj4TXSsU=,tag:5Aqhpl39RURk+PjEPJtw2A==,type:str]
stringData:
OG_OIDC_CLIENT_KEY: ENC[AES256_GCM,data:mdWOC+W+ksd+XOJRYKBEFSHDyIYV7ID9fYkpHAjoJf9UNx+c,iv:xU9zVltACcgqsATlJgfhT7M/P3+sVIE8rWn83/1fubo=,tag:rW3zq1rY0InpFo3Mmgft2A==,type:str]
OG_OIDC_SECRET: ENC[AES256_GCM,data:97lerV+9dPvEcCEJneTnwO7Iv829PnLiGd0WYuD48H4=,iv:5oDgiZ0oOnTCVJPyHXIQ+Tjaq/dBe+xZEn6EhGaDn+s=,tag:ZWBqzTGREyEuDRu6gBfKcA==,type:str]
OG_DB_URI: ENC[AES256_GCM,data:QjdJc2PDyMTBga9P+U6c5JkTABuXIpoA5ba+rPW+DHyWDA7WZtvlt+cssPd2yBH363+XqLmH40r9Wz8pWXaRHj7dnhmI7cSfSgtnGA==,iv:ilk2GD0wL/5jefsa5fu9YXwXn0G+U4Agqzme+ilUGL4=,tag:F8C+/Hdv/gSkh0Uvxt1qAA==,type:str]
sops:
age:
- recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYMnRpRlJxbjBReDVGS2dY
bDNyVlFWaW5oQ2VmaUdsRWNZN0dnNE9kQ1FJCjg5VW9XOUc3eEdOcnZCMTI4YXcz
Q3RpZjNIczJSV01QZmFsRkV6aU4vMEkKLS0tIE5xMHd4Tk1xYlllTWwxQ2htS1NR
M3VwVERJVHE3VVB0QzlOMGk4RDF1UEkKT2BbgMdJBz9OVX279VffXQ+LonSi5IzB
+gxybF3+/HzTaGnKo0juVDO8x8cZqjmWkOWGl7iFTDv7z87qHgLV+A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-16T14:35:28Z"
mac: ENC[AES256_GCM,data:KIeBdomBppTaAua5hF3UJUX3a2bViLNEu2kygATDCEovnhCZCr7vwuJBHnwOq9X1+tvoMJLzEf4vhXCE2PjOcNAf5QHR/a/7NZdnB/9lnWCpRVu2Av6vJPBtbqWhIhS6skFgBPnz22Lo9y1A4ZhqiMF4kx0gVKe8CfMXhFhcfT4=,iv:TfY9mxLBDllQE56GklfCgMD9OrSW1tHMHvhWKVjQulI=,tag:O//p0etj0WTf+/5qnmkmEw==,type:str]
encrypted_regex: ^(data|stringData)$
version: 3.10.2

13
apps/sekibanki/opengist/services.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: opengist
spec:
type: ClusterIP
selector:
app.kubernetes.io/name: opengist
ports:
- protocol: TCP
port: 80
targetPort: 6157
name: http