From fcaf8d3e8390f30abf80b51d5b646bf00502e25f Mon Sep 17 00:00:00 2001 From: prettysunflower Date: Fri, 1 Aug 2025 11:16:55 -0400 Subject: [PATCH] apps(outline): Added outline to sekibanki --- apps/sekibanki/outline/configmap.yaml | 29 ++++++++++ apps/sekibanki/outline/deployment.yaml | 64 +++++++++++++++++++++++ apps/sekibanki/outline/kustomization.yaml | 6 +++ apps/sekibanki/outline/pvc.yaml | 11 ++++ apps/sekibanki/outline/secrets.sops.yaml | 28 ++++++++++ apps/sekibanki/outline/svc.yaml | 13 +++++ 6 files changed, 151 insertions(+) create mode 100644 apps/sekibanki/outline/configmap.yaml create mode 100644 apps/sekibanki/outline/deployment.yaml create mode 100644 apps/sekibanki/outline/kustomization.yaml create mode 100644 apps/sekibanki/outline/pvc.yaml create mode 100644 apps/sekibanki/outline/secrets.sops.yaml create mode 100644 apps/sekibanki/outline/svc.yaml diff --git a/apps/sekibanki/outline/configmap.yaml b/apps/sekibanki/outline/configmap.yaml new file mode 100644 index 0000000..842db63 --- /dev/null +++ b/apps/sekibanki/outline/configmap.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: outline-config +data: + NODE_ENV: production + PGSSLMODE: disable + REDIS_URL: redis://127.0.0.1:6379 + URL: https://wiki.prettysunflower.moe + PORT: "3000" + FILE_STORAGE: s3 + FILE_STORAGE_UPLOAD_MAX_SIZE: "262144000" + AWS_REGION: auto + AWS_S3_UPLOAD_BUCKET_URL: https://t3.storage.dev + AWS_S3_UPLOAD_BUCKET_NAME: prettysunflower-wiki + AWS_S3_FORCE_PATH_STYLE: "true" + AWS_S3_ACL: private + OIDC_AUTH_URI: https://auth.remilia.ch/authorize + OIDC_TOKEN_URI: https://auth.remilia.ch/api/oidc/token + OIDC_USERINFO_URI: https://auth.remilia.ch/api/oidc/userinfo + OIDC_LOGOUT_URI: https://auth.remilia.ch/api/oidc/end-session + OIDC_USERNAME_CLAIM: preferred_username + OIDC_DISPLAY_NAME: Auth prettysunflower + OIDC_SCOPES: openid profile email + DEFAULT_LANGUAGE: en_US + RATE_LIMITER_ENABLED: "true" + RATE_LIMITER_REQUESTS: "1000" + RATE_LIMITER_DURATION_WINDOW: "60" + FORCE_HTTPS: "false" \ No newline at end of file diff --git a/apps/sekibanki/outline/deployment.yaml b/apps/sekibanki/outline/deployment.yaml new file mode 100644 index 0000000..4566429 --- /dev/null +++ b/apps/sekibanki/outline/deployment.yaml @@ -0,0 +1,64 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: outline + labels: + app.kubernetes.io/name: outline +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: outline + template: + metadata: + labels: + app.kubernetes.io/name: outline + spec: + hostAliases: + - ip: "100.113.193.5" + hostnames: + - "mail.prettysunflower.moe" + volumes: + - name: valkey-data + persistentVolumeClaim: + claimName: valkey-outline-pvc + containers: + - name: outline + image: docker.getoutline.com/outlinewiki/outline:0.85.1 + ports: + - containerPort: 3000 + name: http + envFrom: + - configMapRef: + name: outline-config + - secretRef: + name: outline-secret + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + - image: valkey/valkey:8.1.3-alpine + name: valkey + command: ["valkey-server"] + ports: + - containerPort: 6379 + protocol: TCP + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + volumeMounts: + - name: valkey-data + mountPath: "/data" \ No newline at end of file diff --git a/apps/sekibanki/outline/kustomization.yaml b/apps/sekibanki/outline/kustomization.yaml new file mode 100644 index 0000000..527409e --- /dev/null +++ b/apps/sekibanki/outline/kustomization.yaml @@ -0,0 +1,6 @@ +resources: +- deployment.yaml +- configmap.yaml +- secrets.yaml +- svc.yaml +- pvc.yaml \ No newline at end of file diff --git a/apps/sekibanki/outline/pvc.yaml b/apps/sekibanki/outline/pvc.yaml new file mode 100644 index 0000000..6d1af3d --- /dev/null +++ b/apps/sekibanki/outline/pvc.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: valkey-outline-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: nfs-csi \ No newline at end of file diff --git a/apps/sekibanki/outline/secrets.sops.yaml b/apps/sekibanki/outline/secrets.sops.yaml new file mode 100644 index 0000000..553113a --- /dev/null +++ b/apps/sekibanki/outline/secrets.sops.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Secret +metadata: + name: outline-secret +type: Opaque +stringData: + SECRET_KEY: ENC[AES256_GCM,data:zoadiee6r+eBUnt/b0hh25P9QZfjHy7ayAif6jdXO9LDNbakeoM+g4GDavioDkFY0NJLaXIBllwjHYJm8jzufg==,iv:oTIJMcFAPlpcVYBHa8grkSeyz9tv2/VZtlO7YhlxE/4=,tag:SLPBQKYwEcJdBn9/gedjUw==,type:str] + UTILS_SECRET: ENC[AES256_GCM,data:q6spGJkw3KINizrBFn9XdMqpBCmeWG9pUWHDnhXWfRG3H2ZWwBEqc8DVvIEfjnETtMh0adHh9FP+zi+BKjBegg==,iv:h7sMjSO/hQBT/tmqd+It3wxPgO6fUQ4RGQmT3JeNnAE=,tag:m04+dAX2q20QeDwXoTatog==,type:str] + DATABASE_URL: ENC[AES256_GCM,data:gkT46vh0OPga38NULb9dG6z33IsJ2r76qkYs3f4C+HaZPRvTlRer4Xve5fXCM7VY44KVtviKo+Yw+Q==,iv:DxsMqNmHFGyhqleleUE8jlBglQtF76J9s3cziskBiIg=,tag:bFUErLHP2jEOB9ZTq85Uxw==,type:str] + AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:klyyWd1mDCti8O/WmsugF1WdJhoIRoYCIlzWjko8+zbIVzYkP3UiC5Ol3luf6pGkNwK9V1Ke,iv:4fShu8gnUGfsTw7ZjN0lro59/YyzbARpm24+N+0W2tU=,tag:SB5xVD/ZZ5AibiT2DWIUhQ==,type:str] + AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:xPbpQgFUwGXyzWOPS83OnblEa/962keAMJ5Rgc4YJccqpaFc+h0TTz1KYr2Kx/jMt8VEyd+WTVxHlkOdIK9Czkwika1CR0CYwzlS,iv:M4/+5RFEmhq7W7eUEigX+369cxTZKPmxxV9zQPT0EGE=,tag:Llc9+UsZpDQfXAguzsjiCg==,type:str] + OIDC_CLIENT_ID: ENC[AES256_GCM,data:MVfKjQgTy28mb4DsE/JyuWuu5A9nrN3bg0ECx+zdbGDWPvmZ,iv:sU8j7EePuYzpJ7bwQmAjGKD1mlJFFI4OtFf66MfoSWs=,tag:0Pg1ZruZNV1XYwo1D9WULQ==,type:str] + OIDC_CLIENT_SECRET: ENC[AES256_GCM,data:1hPq1s2LTQmN/THsgVfZntqCx8YrLXFFEXHW0m0JnfM=,iv:eNLlJcUkOLjbbouamA+y7T2d/BGXgEkoS7GYEoVGi/w=,tag:UxDhthu9jaUpRGvZsfbXVw==,type:str] +sops: + age: + - recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCc2pFK0pNZjhrU0lVK041 + QUFBT01sMHFyZnNldUFCU20xMUVaT0ZhMFJrCjZrWmllQWQ5Tjc1TVFuSDF1cmgr + OGdYQkI3TDFOd2kxL3pqelM4WjdYNTgKLS0tICsxNVN2emY4azBvZnM0ZDFMMXJL + OTQ1YmU1RFByeTM3ckFXS3JnRGphVU0K5F14e9Yja6tNHp1iiN6DNX57bokZIKjC + WosPe865F+Lie6GBv1hRzRKQuR0scl1Q7p3kC9tFgNbV52s4wFASHg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-08-01T15:14:39Z" + mac: ENC[AES256_GCM,data:OeuEllidHzi6FsLgqH+CI60FUlHshF593L0cRrz7EvnCRzVDqwuBophXjMp0NWWc4fwheLEmkI2v4oCBfyYzf21Bnk02DPeJBGd30BpCmjIcc3b9iHEo6KlBLPFzveUHOBBQ5S2IWX8EBeBrwu29x5IhgQcpttXKtmqCditGTz0=,iv:Ganr6VovP8bM9mVC7wFo/KSkwrHFXigK8riEuX3F6vM=,tag:l01vl0e0wUiDY1SkX8xXhw==,type:str] + encrypted_regex: ^(data|stringData)$ + version: 3.10.2 diff --git a/apps/sekibanki/outline/svc.yaml b/apps/sekibanki/outline/svc.yaml new file mode 100644 index 0000000..61cfe09 --- /dev/null +++ b/apps/sekibanki/outline/svc.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: outline +spec: + type: ClusterIP + selector: + app.kubernetes.io/name: outline + ports: + - protocol: TCP + port: 80 + targetPort: http + name: http \ No newline at end of file