registry

ops/generate_auth.sh

@@ -11,7 +11,7 @@ htpasswd() {
       htpasswd -Bbn ${1} ${2} | head -n 1 2> /dev/null\""
 }
 
-K3S_HOST=strix.systems
+K3S_HOST=ntwl.xyz
 REGISTRY_ADMIN=ntr
 REGISTRY_PASSWORD=$(gen_password)
 REGISTRY_AUTH=$(htpasswd ${REGISTRY_ADMIN} ${REGISTRY_PASSWORD})
@@ -24,7 +24,7 @@ echo REGISTRY_AUTH is ${REGISTRY_AUTH}
 echo REGISTRY_HTTP_SECRET is ${REGISTRY_HTTP_SECRET}
 
 kubectl create secret generic registry \
-    -n ops
+    -n ops \
    --from-literal=REGISTRY_ADMIN=${REGISTRY_ADMIN} \
    --from-literal=REGISTRY_PASSWORD=${REGISTRY_PASSWORD} \
    --from-literal=REGISTRY_HTTP_SECRET=${REGISTRY_HTTP_SECRET} \
@@ -32,11 +32,11 @@ kubectl create secret generic registry \
 
 # cat <<EOF | ssh root@strix tee /etc/rancher/k3s/registries.yaml
 # mirrors:
-#   registry.strix.systems:
+#   registry.ntwl.xyz:
 #     endpoint:
-#       - "https://registry.strix.systems"
+#       - "https://registry.ntwl.xyz"
 # configs:
-#   "registry.strix.systems":
+#   "registry.ntwl.xyz":
 #     auth:
 #       username: ntr
 #       password: pw

ops/git.yaml

@@ -0,0 +1,130 @@
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: gitea-admin-secret
+  namespace: ops
+type: Opaque
+stringData:
+  username: ntr
+  password: "ghastly ghouls"
+  email: "ntr@strix.systems"
+
+---
+
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: gitea-data
+  namespace: ops
+spec:
+  storageClassName: fast
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi
+
+---
+
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: gitea-redis
+  namespace: ops
+spec:
+  storageClassName: fast
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 4Gi
+
+---
+
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: gitea-pg
+  namespace: ops
+spec:
+  storageClassName: fast
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 4Gi
+
+---
+
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: gitea
+  namespace: ops
+spec:
+  repo: https://dl.gitea.com/charts/
+  chart: gitea
+  targetNamespace: ops
+  valuesContent: |-
+
+    ingress:
+      enabled: true
+      className: haproxy
+      annotations:
+        cert-manager.io/cluster-issuer: "letsencrypt-prod"
+      tls:
+      - secretName: git-tls
+        hosts:
+        - git.ntwl.xyz
+        # - git.strix.systems
+      hosts:
+        - host: git.ntwl.xyz
+          paths:
+            - path: /
+              pathType: Prefix
+        - host: git.strix.systems
+          paths:
+            - path: /
+              pathType: Prefix
+
+    service:
+      ssh:
+        type: LoadBalancer
+        port: 60022
+        externalTrafficPolicy: Local
+
+    redis-cluster:
+      enabled: false
+
+    redis:
+      enabled: true
+      persistence:
+        enabled: true
+        existingClaim: gitea-redis
+
+    postgresql:
+      enabled: true
+      persistence:
+        enabled: true
+        existingClaim: gitea-pg
+
+    postgresql-ha:
+      enabled: false
+
+    persistence:
+      enabled: true
+      existingClaim: gitea-data
+
+    gitea:
+      config:
+        database:
+          DB_TYPE: postgres
+        indexer:
+          ISSUE_INDEXER_TYPE: bleve
+          REPO_INDEXER_ENABLED: true
+        server:
+          SSH_PORT: 60022
+      admin:
+        existingSecret: gitea-admin-secret

ops/registry.yaml

@@ -1,37 +1,17 @@
 ---
 
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: registry-pv
-spec:
-  storageClassName: local-path
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  claimRef:
-    namespace: default
-    name: registry-pvc
-  hostPath:
-    path: "/var/lib/rancher/k3s/storage/registry-pv"
-    type: DirectoryOrCreate
-
----
-
-apiVersion: v1
 kind: PersistentVolumeClaim
+apiVersion: v1
 metadata:
-  name: registry-pvc
+  name: registry-storage
+  namespace: ops
 spec:
-  volumeName: registry-pv
+  storageClassName: zfs-fast
   accessModes:
     - ReadWriteOnce
   resources:
     requests:
       storage: 10Gi
-  storageClassName: local-path
 
 ---
 
@@ -39,6 +19,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: registry
+  namespace: ops
 spec:
   ports:
     - name: web
@@ -53,6 +34,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: registry
+  namespace: ops
   labels:
     app: registry
 spec:
@@ -88,7 +70,7 @@ spec:
                   name: registry
                   key: REGISTRY_HTTP_SECRET
           volumeMounts:
-            - name: registry-pvc
+            - name: registry-storage
               mountPath: /var/lib/registry
             - name: registry-auth
               mountPath: /auth
@@ -105,9 +87,9 @@ spec:
         - name: registry-config
           configMap:
             name: registry
-        - name: registry-pvc
+        - name: registry-storage
           persistentVolumeClaim:
-            claimName: registry-pvc
+            claimName: registry-storage
 
 ---
 
@@ -115,7 +97,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: registry
-  # namespace: registry
+  namespace: ops
 data:
   config.yml: |
     version: 0.1