From cd793f1f01ba58aa66f28672c1edaa3350c982f7 Mon Sep 17 00:00:00 2001
From: prettysunflower <me@prettysunflower.moe>
Date: Fri, 1 Aug 2025 11:18:47 -0400
Subject: [PATCH] apps(anko): Added Anko to seija

---
 apps/seija/anko/.gitignore             |  1 +
 apps/seija/anko/deployment.yaml        | 45 ++++++++++++++++++++++++++
 apps/seija/anko/kustomization.yaml     |  7 ++++
 apps/seija/anko/local_settings.sops.py | 15 +++++++++
 apps/seija/anko/services.yaml          | 12 +++++++
 5 files changed, 80 insertions(+)
 create mode 100644 apps/seija/anko/.gitignore
 create mode 100644 apps/seija/anko/deployment.yaml
 create mode 100644 apps/seija/anko/kustomization.yaml
 create mode 100644 apps/seija/anko/local_settings.sops.py
 create mode 100644 apps/seija/anko/services.yaml

diff --git a/apps/seija/anko/.gitignore b/apps/seija/anko/.gitignore
new file mode 100644
index 0000000..6a07bff
--- /dev/null
+++ b/apps/seija/anko/.gitignore
@@ -0,0 +1 @@
+local_settings.py
diff --git a/apps/seija/anko/deployment.yaml b/apps/seija/anko/deployment.yaml
new file mode 100644
index 0000000..b6d5dba
--- /dev/null
+++ b/apps/seija/anko/deployment.yaml
@@ -0,0 +1,45 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: anko
+  labels:
+    app.kubernetes.io/name: anko
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: anko
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: anko
+    spec:
+      containers:
+        - name: anko
+          image: "git.prettysunflower.moe/prettysunflower/anko:main"
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8000
+              name: http
+          volumeMounts:
+          - name: config
+            mountPath: /anko/anko/local_settings.py
+            subPath: local_settings.py
+          securityContext:
+            runAsUser: 1000
+            runAsGroup: 1000
+            runAsNonRoot: true
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
+      volumes:
+      - name: config
+        configMap:
+          name: anko-config
+      dnsPolicy: "None"
+      dnsConfig:
+        nameservers:
+          - 100.94.59.38
diff --git a/apps/seija/anko/kustomization.yaml b/apps/seija/anko/kustomization.yaml
new file mode 100644
index 0000000..9ae2ea7
--- /dev/null
+++ b/apps/seija/anko/kustomization.yaml
@@ -0,0 +1,7 @@
+resources:
+- deployment.yaml
+- services.yaml
+configMapGenerator:
+- name: anko-config
+  files:
+  - local_settings.py
\ No newline at end of file
diff --git a/apps/seija/anko/local_settings.sops.py b/apps/seija/anko/local_settings.sops.py
new file mode 100644
index 0000000..db88a8f
--- /dev/null
+++ b/apps/seija/anko/local_settings.sops.py
@@ -0,0 +1,15 @@
+{
+	"data": "ENC[AES256_GCM,data:nmMmB4eMiVT9mTyyYCg5opEdseQnu/6aW0Hzd4jO7uyPP3YYziuN2VUB+D35BiznQemB0kyCSjrGK+hsD6SkMRF2+3NGwoUoETJhD+/sC6vz5+VzWCh01jkJvcpoZuHKb9uLnS5NixMIXCos4IQdpioSFJm63aGUrrl5sWKNTpL78Jtt0w4Lsdb70oaqJlaGpFTpm26w3gUmCPLH/UZUQzCBOqzAxHC4GVS81ctGzqq/jLYji+qJyMw/LZLyXJY0V183VzNeiw7Jajm7pQAZzu0N+G1xkud5L8QW7/1UhbUvO9fIQ5hbYSmIa6i3XDzOY8MDNVZrZDg8dYZXFxZagI0mKGOeaYevwo/8d3/wD1g8261/6RMDC3md3M1yDBnzAnWKY5btIFRyQlRbYGBY67O8tyd8MGvJExat5avUhBfNVIfdDZWD3aSLIZF35wfCopsHLP62dhcNYzqkPKsLMVzOjy+VbNcJ69i3LX5QC7vwpqiEMG+c3bNbiU6LMbtXw5xPnNExy0kuAqWXcA6xgeOG+5/nFCnytrq5ltDeweoeqCfP/0WNi9FW2q/OkASjAU6VcemCX9h3qonYrzxHP3o138kQPwdUvXdJrr4PUyddKQZaGxziCn7Kj88Jww==,iv:PYUTTzJRIFP+zke8k0KQwhTiHuTypb998WnZTiyaUxs=,tag:wjWH0OTyDRZ/sUWZjjbu4g==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"recipient": "age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJN3k2RlFTVjErWGExVEx2\nRW96OUdPT2hHYjE3SVBBTXZibTJtaWp1Y0hNClRXbnAwWFAzUU5JbEFQK0h2QjJZ\nZTNrQlR0WjIrWWZUWENydzFjNDdWdDgKLS0tIG1RQUluOWQxM0IxcUs4K29ZMEpL\nTVZEZyt1OXFsNHJra1Fla1J2NHV5Q0UKBUFbsUthHnT0A9hhroi5E1dkWh6t9PL1\nUyf9zVas9TJC3VJoVx/ngY5BuCBKqpPAirzf656SwQRjxT3otXEAqw==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2025-08-01T15:14:39Z",
+		"mac": "ENC[AES256_GCM,data:yqRT65355uUY9RzwrBu1A+zfQe7T+7Yt4mQRMvbPjFmFctjcirlD9uHvam1zKvDHfHEzXP3ABsUW5rxPMJyz4VoWq8f3R/x30tcUvRHbruqLpO9rsMQfrtRv9dhP7XvbbfgHxoSrveZEY/jdxly3BlhzZlAZidPBdN1P54W186k=,iv:rvwpWYDgThjN7HfRwMoOdztQttOdvvmJpz8heuY/Wpk=,tag:XrW4Q/LnhpQzl3WZab0K7w==,type:str]",
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.10.2"
+	}
+}
diff --git a/apps/seija/anko/services.yaml b/apps/seija/anko/services.yaml
new file mode 100644
index 0000000..842715c
--- /dev/null
+++ b/apps/seija/anko/services.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: anko
+spec:
+  type: ClusterIP
+  selector:
+    app.kubernetes.io/name: anko
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: http
\ No newline at end of file