ntr/ntwl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

obs livesync

Browse Source
This commit is contained in:
Nathan Rashleigh 2025-07-09 01:17:26 +10:00
parent 514948f3e8
commit 69af1882cb
9 changed files with 154 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
memestream/memestream.ingress.yaml
View File

@ -28,6 +28,7 @@ spec:
name: memestream-meili name: memestream-meili
port: port:
number: 7700 number: 7700
- host: memestream.ntwl.xyz - host: memestream.ntwl.xyz
http: http:
paths: paths:

30
ops/grafana.yaml
View File

@ -1,30 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: grafana-pv
spec:
storageClassName: ""
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
claimRef:
namespace: monitor
name: grafana-pvc
hostPath:
path: "/var/lib/rancher/k3s/storage/grafana-pv"
type: DirectoryOrCreate
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: grafana-pvc
namespace: monitor
spec:
volumeName: grafana-pv
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi

14
ops/kubeseal.yaml Executable file
View File

@ -0,0 +1,14 @@
---
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: sealed-secrets
namespace: ops
spec:
repo: https://bitnami-labs.github.io/sealed-secrets
chart: sealed-secrets
version: 2.17.3
targetNamespace: kube-system
valuesContent: |-
fullnameOverride: sealed-secrets-controller

39
ops/minio.ingress.yaml Executable file
View File

@ -0,0 +1,39 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: storage
namespace: ops
labels:
app: minio
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
haproxy.org/proxy-body-size-limit: "1g"
spec:
ingressClassName: haproxy
tls:
- hosts:
- minio.ntwl.xyz
- storage.ntwl.xyz
secretName: minio-tls
rules:
- host: minio.ntwl.xyz
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: minio
port:
number: 9090
- host: storage.ntwl.xyz
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: minio
port:
number: 9000

33
storage/minio.yaml → ops/minio.yaml Normal file → Executable file
View File

@ -4,37 +4,18 @@
--- ---
apiVersion: v1
kind: PersistentVolume
metadata:
name: minio-pv
spec:
storageClassName: ""
capacity:
storage: 20Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
claimRef:
namespace: default
name: minio-pvc
hostPath:
path: "/var/lib/rancher/k3s/storage/minio-pv"
type: DirectoryOrCreate
---
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: minio-pvc name: minio-storage
namespace: ops
spec: spec:
volumeName: minio-pv storageClassName: zfs-fast
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
resources: resources:
requests: requests:
storage: 20Gi storage: 100Gi
--- ---
@ -46,6 +27,7 @@ apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: minio name: minio
namespace: ops
spec: spec:
replicas: 1 replicas: 1
selector: selector:
@ -107,7 +89,7 @@ spec:
volumes: volumes:
- name: minio-storage - name: minio-storage
persistentVolumeClaim: persistentVolumeClaim:
claimName: minio-pvc claimName: minio-storage
--- ---
@ -115,7 +97,8 @@ spec:
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: minio-service name: minio
namespace: ops
labels: labels:
app: minio app: minio
spec: spec:

20
ops/values.yaml
View File

@ -1,20 +0,0 @@
grafana:
persistence:
type: pvc
enabled: true
# annotations: {}
finalizers:
- kubernetes.io/pvc-protection
existingClaim: grafana-pvc
alertmanager:
enabled: false
loki:
auth_enabled: false
commonConfig:
replication_factor: 1
storage:
type: 'filesystem'
singleBinary:
replicas: 1

29
ops/vlt.seal.json Normal file
View File

@ -0,0 +1,29 @@
{
"kind": "SealedSecret",
"apiVersion": "bitnami.com/v1alpha1",
"metadata": {
"name": "couchdb-couchdb",
"namespace": "ops",
"creationTimestamp": null
},
"spec": {
"template": {
"metadata": {
"name": "couchdb-couchdb",
"namespace": "ops",
"creationTimestamp": null,
"labels": {
"app": "couchdb",
"service": "obsidian-livesync"
}
},
"type": "Opaque"
},
"encryptedData": {
"adminPassword": "AgAv+nUY0+WeMJ2Kz0DX9F2l3BvdRrtqbWIowaiIcbWOEjBh3CAFNj4YqUBcUSKn0RsTqYcStDuM1bHBdoWvUj+bfjuoZcYXlXck0QYoGH6PkVfP67GvTgAgQpD7D3D1Q/su16lVBQ671jIxjBi6J38Aiq7Iqkg70vqTE3fclxW6rD6uuPSuYcpaUEUr98/ZYwKgdOZdYLbPAtdwFY6iD2u7HmhZN8Io7N77ofd8GcVREjsOl/5f9y29OBEyAgRzb0glj10z4cdnR/fhVQeGMFKlFU/ld3lVMqncpmC+/hi2JiNYa31S8Uld4oJp/w74fkWBsV+1rsDIrch1uXjRmdpVfpZ5EYBew/t/5G6PtaTGvI9I00zlbrRflYeSMSe4qNIPP4B77LP78FjuHo+NCqLP5pvJ+e3jJJppy9fuhnoy+1rDo1wl/8l4YcQTL77idgvSwCYmaOXi4BApbebZBKwHdKVEnO+yEHEG9VomVcfSEo8NZeXT6aa8BlmTuQLDOZf1vEfGeYnKNz2t5m4uy5tYZ76i5NM37w2vLv+TU/mG9LbKzFBSJ+CHnnv+pmfoXSd1co7vS2vbi1CRkeB0t1RuB7i/YYtpPCtVTnk8s6eZ315pQkLR7M0/0yi2RyJiYB3UEvaZlDF4y8DstbKDWzqPslmLq5VumxMZEQDYvzPbsdYQaEiX90hDnMfKHt48rnO1htOC5NwaqKWWMWs6",
"adminUsername": "AgAe33Ip20GvP1XRkon2XNBwsfTa0YVVlH+jg8NqKKEkRy4Xa6+Nwzl3OAcTxCxrLECxx0OCafCZXTU/dxbaoTO8izrtOGcmlb0fxjucf/5vwJFjTuhdk4AehpUSYXqIw76ZkJLJcqFSHewv7BvbCBRwef7gR/xnpFWak2r2Hhi1po6AmRzhJlp/Z3ndLfpywl1Jnqfsz9H54R5lDz3BXUXxW5zYTS8jsXJS60Cp7oFuNO8UQoYYJ+a1C6kXIvqVuEf1NuFwfx6hjTfm56MjSLTKr7G8rIX4bEpGtjHcAiuNXGlk2of5Uw/PgaUvsIfymoz+tnIsLbHEBOK0v1MRBkvsOz1M/D9C+lu2XX0CrtOX3Ww2Z5L542V8SqL5QBR2PBf0J0IvaDSioh4mgdcHZUhvduUZJ3FLbxVptWMQvRKvhsiR6U5/XXXLIMIQDUQ4kDpgsb7rPYmeqbeJOxY0SZ5XO4OY+kreBP1pylza/mr+DuzSWxzDyDV+VM+XfwkzgeBW8hv9dfuWJnD6Z0T4cYOQ+4VGrTwK5K6hNV84aK+zXDlMiijdX5Gxe3oS7Vdl3pAKz40v/7YZ5UWBHHk+TAu5DKU7mAF6MvICwTFj4M0s85jnI/uUGjEZ0y0BlX9W6cZF5wusczTUyhDv1WvSPpNBv4Htk+NZq50Y/v8PPyQUspLEngfoVEBZUL2z6hLtneITFhI=",
"cookieAuthSecret": "AgCIstQYGlgIvZMgx0obHFxz+vpefo9f5ZSiBmdxOm3HiU7saVS2s2Yc1YYhXO4ANvOOz5aRBdTp9l53c735htcq5vIhc9kERsxSLyxsGKfaq7ZtYt8fcHn00cmGwJDfIBzG5u1mBPe+mp+WZaBjXFEbBdISD1cndom7x6JdEljdZ5v19+z3TuAhHo2/kWMK7mVucIn1vglo51SSSz2F1HfgxfdPo7mDPybJYkOV1DOe8xzRvOWcAV7DhPxdkjFlLejTSiwFixkSy8QtnD96gjQXXZfOJsxdaYOXn3QMqNHBOq7qwhdHtJ3ugKHlrlJyGtlYFNhh9+i/MaWCEXvRZmCdZqee7un6KCPlL3vhFR0ABvXqgAWtIHPDgrDihqPHBv+CHvJs8Tu5d2ryKWTUkndMwTs+7BaZFS8KfIUtMrxec7+McEO2SyJOMjMJkDZMzcIz+gfu/9/0LYQ9IGjQ4P4m+/ZxM+VyBQjIRM/TjwmF8pXdB0Zs7HBL3KrWHELoe25lMa0iYOkI0tmZKhR43yCO+NOt93c6LS/QrVcJHnK5aY3GqwG9sjB5MEmR4eycYMNU/EjlYhRHrIMZnRvPb9TF8tD55nc8Eulc9DYZ9uFOG+OFlNRr4XHRvy1cmzS6z8lHntlzGyCMO9lkWGPGHC81llKG9uYpHa/eg0askHa7yjYLU1DfxDPAlIvgOqOLLvODOpoyDqAds/HUxZTpeak=",
"erlangCookie": "AgCTickThp91F/3kKWGpsYTKnGKrG7LWN9dbF1vL/gN/4nZ6thW28bQNNSdfKOYLp05U9oRvso4ja3dOpGBGmCS5NnSQY8UA2lGJuGloi49rgeuc34XW/+99RnCG2pwvjLJGhUJ3Zprb5J2Ky6CH4vUVd5Q0/zjGM5MEpaSxqkHriZj33gNy1cink/ZlkSMLpDGktjjHV4k7QHocT06Cu1Gg/ixrF3C2k8kQ9evoJTsOGAXH94E+vdtq/YvH0Be+AKCMc5MldROBEx69qI6uVKh9aM6YKPNfsgoh9A76ialeCYfYxPV/0oSx7YH86tg1yQ3V1Law3Y02tPjfyTsScuLnGbfoDXdcaShyfxxIaUtbEagohpofEZj6xQfO18wwpObZVVny72T9PEt5z5Fbkvv/wHGi0G9BZJ/E6/0T2Onap4WsJlC8I9CwzmcZMhBuECheRxxJ5z20k4bVq99e/iX5Ays90yZeHoJJwVC0e5zxwvdMZ775OSR9I2ibuKZx8UGLw/ZLrFNjdHvt3yAVKNAsdvOg1g7l0zS0i2CW46PcoUaqeFyX5NVda6upc0bEvVDCQV8TKzAv3Kk+rdaIbUM6ovDaClH80oY6lBpVSdGDtJ7Tf5sn5d/jwnm3TJtFyt5B1YXboQL9KWCdYgsUAcWQp9DuCd57sR0BG7oGUuGXwvxLnhAdCe3JkZRrpi7YXr708PXno3dx8wH3K7+j1/zC"
}
}
}

62
ops/vlt.yaml Normal file
View File

@ -0,0 +1,62 @@
---
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: couchdb
namespace: ops
labels:
app: couchdb
service: vlt
spec:
repo: https://apache.github.io/couchdb-helm
chart: couchdb
version: 4.6.1
targetNamespace: ops
valuesContent: |-
clusterSize: 1
createAdminSecret: false
couchdbConfig:
couchdb:
single_node: true
uuid: 1723f780-f9df-4efb-84dc2e5a691207d8
max_document_size: 50000000
max_http_request_size: 4294967296
chttpd:
require_valid_user: true
enable_cors: true
httpd:
enable_cors: true
WWW-Authenticate: "Basic realm=\"couchdb\""
cors:
origins: "*"
credentials: true
methods: "GET, PUT, POST, HEAD, DELETE"
headers: "accept, authorization, content-type, origin, referer, x-csrf-token"
persistentVolume:
enabled: true
storageClass: "zfs-fast"
size: 10Gi
service:
type: ClusterIP
port: 5984
ingress:
enabled: true
className: haproxy
hosts:
- vlt.ntwl.xyz
tls:
- hosts:
- vlt.ntwl.xyz
secretName: couchdb-tls
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
haproxy.org/ssl-redirect: "true"
haproxy.org/proxy-body-size: "100m"
haproxy.org/timeout-client: "600s"
haproxy.org/timeout-server: "600s"

14
storage/minio.ingress.yaml
View File

@ -10,7 +10,6 @@ spec:
ingressClassName: haproxy ingressClassName: haproxy
tls: tls:
- hosts: - hosts:
- minio.strix.systems
- minio.ntwl.xyz - minio.ntwl.xyz
secretName: minio.strix.systems secretName: minio.strix.systems
rules: rules:
@ -50,20 +49,9 @@ spec:
ingressClassName: haproxy ingressClassName: haproxy
tls: tls:
- hosts: - hosts:
- storage.strix.systems
- storage.ntwl.xyz - storage.ntwl.xyz
secretName: storage.strix.systems secretName: storage.ntwl.xyz
rules: rules:
- host: storage.strix.systems
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: minio-service
port:
number: 9000
- host: storage.ntwl.xyz - host: storage.ntwl.xyz
http: http:
paths: paths: