prettysunflower/infra
1
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

apps(outline): Added outline to sekibanki

Browse Source
This commit is contained in:
prettysunflower
2025-08-01 11:16:55 -04:00
parent 7022cdc90b
commit fcaf8d3e83
6 changed files with 151 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
apps/sekibanki/outline/configmap.yaml Normal file
View File

@@ -0,0 +1,29 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: outline-config
data:
NODE_ENV: production
PGSSLMODE: disable
REDIS_URL: redis://127.0.0.1:6379
URL: https://wiki.prettysunflower.moe
PORT: "3000"
FILE_STORAGE: s3
FILE_STORAGE_UPLOAD_MAX_SIZE: "262144000"
AWS_REGION: auto
AWS_S3_UPLOAD_BUCKET_URL: https://t3.storage.dev
AWS_S3_UPLOAD_BUCKET_NAME: prettysunflower-wiki
AWS_S3_FORCE_PATH_STYLE: "true"
AWS_S3_ACL: private
OIDC_AUTH_URI: https://auth.remilia.ch/authorize
OIDC_TOKEN_URI: https://auth.remilia.ch/api/oidc/token
OIDC_USERINFO_URI: https://auth.remilia.ch/api/oidc/userinfo
OIDC_LOGOUT_URI: https://auth.remilia.ch/api/oidc/end-session
OIDC_USERNAME_CLAIM: preferred_username
OIDC_DISPLAY_NAME: Auth prettysunflower
OIDC_SCOPES: openid profile email
DEFAULT_LANGUAGE: en_US
RATE_LIMITER_ENABLED: "true"
RATE_LIMITER_REQUESTS: "1000"
RATE_LIMITER_DURATION_WINDOW: "60"
FORCE_HTTPS: "false"

64
apps/sekibanki/outline/deployment.yaml Normal file
View File

@@ -0,0 +1,64 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: outline
labels:
app.kubernetes.io/name: outline
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: outline
template:
metadata:
labels:
app.kubernetes.io/name: outline
spec:
hostAliases:
- ip: "100.113.193.5"
hostnames:
- "mail.prettysunflower.moe"
volumes:
- name: valkey-data
persistentVolumeClaim:
claimName: valkey-outline-pvc
containers:
- name: outline
image: docker.getoutline.com/outlinewiki/outline:0.85.1
ports:
- containerPort: 3000
name: http
envFrom:
- configMapRef:
name: outline-config
- secretRef:
name: outline-secret
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
- image: valkey/valkey:8.1.3-alpine
name: valkey
command: ["valkey-server"]
ports:
- containerPort: 6379
protocol: TCP
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
volumeMounts:
- name: valkey-data
mountPath: "/data"

6
apps/sekibanki/outline/kustomization.yaml Normal file
View File

@@ -0,0 +1,6 @@
resources:
- deployment.yaml
- configmap.yaml
- secrets.yaml
- svc.yaml
- pvc.yaml

11
apps/sekibanki/outline/pvc.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: valkey-outline-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: nfs-csi

28
apps/sekibanki/outline/secrets.sops.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: v1
kind: Secret
metadata:
name: outline-secret
type: Opaque
stringData:
SECRET_KEY: ENC[AES256_GCM,data:zoadiee6r+eBUnt/b0hh25P9QZfjHy7ayAif6jdXO9LDNbakeoM+g4GDavioDkFY0NJLaXIBllwjHYJm8jzufg==,iv:oTIJMcFAPlpcVYBHa8grkSeyz9tv2/VZtlO7YhlxE/4=,tag:SLPBQKYwEcJdBn9/gedjUw==,type:str]
UTILS_SECRET: ENC[AES256_GCM,data:q6spGJkw3KINizrBFn9XdMqpBCmeWG9pUWHDnhXWfRG3H2ZWwBEqc8DVvIEfjnETtMh0adHh9FP+zi+BKjBegg==,iv:h7sMjSO/hQBT/tmqd+It3wxPgO6fUQ4RGQmT3JeNnAE=,tag:m04+dAX2q20QeDwXoTatog==,type:str]
DATABASE_URL: ENC[AES256_GCM,data:gkT46vh0OPga38NULb9dG6z33IsJ2r76qkYs3f4C+HaZPRvTlRer4Xve5fXCM7VY44KVtviKo+Yw+Q==,iv:DxsMqNmHFGyhqleleUE8jlBglQtF76J9s3cziskBiIg=,tag:bFUErLHP2jEOB9ZTq85Uxw==,type:str]
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:klyyWd1mDCti8O/WmsugF1WdJhoIRoYCIlzWjko8+zbIVzYkP3UiC5Ol3luf6pGkNwK9V1Ke,iv:4fShu8gnUGfsTw7ZjN0lro59/YyzbARpm24+N+0W2tU=,tag:SB5xVD/ZZ5AibiT2DWIUhQ==,type:str]
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:xPbpQgFUwGXyzWOPS83OnblEa/962keAMJ5Rgc4YJccqpaFc+h0TTz1KYr2Kx/jMt8VEyd+WTVxHlkOdIK9Czkwika1CR0CYwzlS,iv:M4/+5RFEmhq7W7eUEigX+369cxTZKPmxxV9zQPT0EGE=,tag:Llc9+UsZpDQfXAguzsjiCg==,type:str]
OIDC_CLIENT_ID: ENC[AES256_GCM,data:MVfKjQgTy28mb4DsE/JyuWuu5A9nrN3bg0ECx+zdbGDWPvmZ,iv:sU8j7EePuYzpJ7bwQmAjGKD1mlJFFI4OtFf66MfoSWs=,tag:0Pg1ZruZNV1XYwo1D9WULQ==,type:str]
OIDC_CLIENT_SECRET: ENC[AES256_GCM,data:1hPq1s2LTQmN/THsgVfZntqCx8YrLXFFEXHW0m0JnfM=,iv:eNLlJcUkOLjbbouamA+y7T2d/BGXgEkoS7GYEoVGi/w=,tag:UxDhthu9jaUpRGvZsfbXVw==,type:str]
sops:
age:
- recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCc2pFK0pNZjhrU0lVK041
QUFBT01sMHFyZnNldUFCU20xMUVaT0ZhMFJrCjZrWmllQWQ5Tjc1TVFuSDF1cmgr
OGdYQkI3TDFOd2kxL3pqelM4WjdYNTgKLS0tICsxNVN2emY4azBvZnM0ZDFMMXJL
OTQ1YmU1RFByeTM3ckFXS3JnRGphVU0K5F14e9Yja6tNHp1iiN6DNX57bokZIKjC
WosPe865F+Lie6GBv1hRzRKQuR0scl1Q7p3kC9tFgNbV52s4wFASHg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-01T15:14:39Z"
mac: ENC[AES256_GCM,data:OeuEllidHzi6FsLgqH+CI60FUlHshF593L0cRrz7EvnCRzVDqwuBophXjMp0NWWc4fwheLEmkI2v4oCBfyYzf21Bnk02DPeJBGd30BpCmjIcc3b9iHEo6KlBLPFzveUHOBBQ5S2IWX8EBeBrwu29x5IhgQcpttXKtmqCditGTz0=,iv:Ganr6VovP8bM9mVC7wFo/KSkwrHFXigK8riEuX3F6vM=,tag:l01vl0e0wUiDY1SkX8xXhw==,type:str]
encrypted_regex: ^(data|stringData)$
version: 3.10.2

13
apps/sekibanki/outline/svc.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: outline
spec:
type: ClusterIP
selector:
app.kubernetes.io/name: outline
ports:
- protocol: TCP
port: 80
targetPort: http
name: http