ntr/ntwl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'nightowl' of ssh://strix:/home/ntr/repos/strix into nightowl

Browse Source
This commit is contained in:
Nathan Rashleigh 2025-04-07 23:36:47 +10:00
commit 7071dbc06c
11 changed files with 164 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
CLAUDE.md Normal file
View File

@ -0,0 +1,24 @@
# CLAUDE.md
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
## Commands
- Validate YAML: `kubectl --dry-run=client -f <filename.yaml>`
- Validate syntax with YAML linter: `yamllint <filename.yaml>`
- Check Kubernetes resources: `kubectl get <resource-type> --namespace <namespace>`
## Style Guidelines
1. YAML Formatting:
- Use 2-space indentation
- Use snake_case for keys
- Keep line length under 100 characters
2. Kubernetes Resources:
- Include resource limits/requests in all deployments
- Add appropriate labels and annotations
- Group related resources in the same file
- Use namespaces to organize resources by service
3. Documentation:
- Add comments for non-obvious configuration choices
- Document environment-specific variables clearly

27
crates/crates.ingress.yaml
View File

@ -11,7 +11,7 @@ metadata:
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
ingressClassName: nginx
ingressClassName: haproxy
tls:
- hosts:
- crates.strix.systems
@ -27,6 +27,16 @@ spec:
name: crates-client
port:
number: 8080
- host: crates.ntwl.xyz
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: crates-client
port:
number: 8080
---
@ -35,12 +45,11 @@ kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$2
haproxy.org/path-rewrite: "/api(/)?(.*) /$2"
name: crates-api
namespace: default
spec:
ingressClassName: nginx
ingressClassName: haproxy
tls:
- hosts:
- crates.strix.systems
@ -56,3 +65,13 @@ spec:
name: crates-api
port:
number: 41337
- host: crates.ntwl.xyz
http:
paths:
- path: /api(/|$)(.*)
pathType: ImplementationSpecific
backend:
service:
name: crates-api
port:
number: 41337

24
memestream/memestream.ingress.yaml
View File

@ -5,11 +5,13 @@ metadata:
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
ingressClassName: nginx
ingressClassName: haproxy
tls:
- hosts:
- memestream.strix.systems
- search.memestream.strix.systems
- memestream.ntwl.xyz
- search.memestream.ntwl.xyz
secretName: memestream-strix-systems-tls
rules:
- host: search.memestream.strix.systems
@ -22,7 +24,27 @@ spec:
name: memestream-meili
port:
number: 7700
- host: search.memestream.ntwl.xyz
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: memestream-meili
port:
number: 7700
- host: memestream.strix.systems
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: memestream-client
port:
number: 8080
- host: memestream.ntwl.xyz
http:
paths:
- path: /

24
memestream/memestream.yaml
View File

@ -76,6 +76,30 @@ spec:
# DEPLOYMENTS
# -----------------------------------------------------------------------
apiVersion: apps/v1
kind: Deployment
metadata:
name: memestream-archiver
spec:
replicas: 1
selector:
matchLabels:
app: memestream-archiver
template:
metadata:
labels:
app: memestream-archiver
spec:
containers:
- name: memestream-archiver
image: registry.strix.systems/memestream-archiver
imagePullPolicy: Always
envFrom:
- secretRef:
name: memestream-archiver
---
apiVersion: apps/v1
kind: Deployment
metadata:

13
mnml/mnml.ingress.yaml
View File

@ -10,7 +10,7 @@ metadata:
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
ingressClassName: nginx
ingressClassName: haproxy
tls:
- hosts:
- mnml.gg
@ -36,9 +36,9 @@ metadata:
namespace: default
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.org/websocket-services: "mnml-ws"
haproxy.org/websocket-support: "true"
spec:
ingressClassName: nginx
ingressClassName: haproxy
tls:
- hosts:
- mnml.gg
@ -63,11 +63,10 @@ metadata:
name: mnml-ws
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.org/proxy-read-timeout: "3600"
nginx.org/proxy-send-timeout: "3600"
nginx.org/websocket-services: mnml-ws
haproxy.org/websocket-support: "true"
haproxy.org/timeout-tunnel: "3600s"
spec:
ingressClassName: nginx
ingressClassName: haproxy
tls:
- hosts:
- mnml.gg

13
monitor/monitor.ingress.yaml
View File

@ -8,10 +8,11 @@ metadata:
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
ingressClassName: nginx
ingressClassName: haproxy
tls:
- hosts:
- monitor.strix.systems
- monitor.ntwl.xyz
secretName: monitor-strix-systems-tls
rules:
- host: monitor.strix.systems
@ -24,3 +25,13 @@ spec:
name: kube-prometheus-stack-grafana
port:
number: 80
- host: monitor.ntwl.xyz
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kube-prometheus-stack-grafana
port:
number: 80

43
nginx-ingress/cert-manager.yaml
View File

@ -1,43 +0,0 @@
# using the same issuer for everything
# ntr@strix is the big boss
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
# The ACME server URL
server: https://acme-staging-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: ntr@strix.systems
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-staging
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
ingressClassName: nginx
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: ntr@strix.systems
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-prod
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
ingressClassName: nginx

13
ntr-cv/ntr-cv.ingress.yaml
View File

@ -7,10 +7,11 @@ metadata:
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
ingressClassName: nginx
ingressClassName: haproxy
tls:
- hosts:
- strix.systems
- ntr.ntwl.xyz
secretName: strix-systems-tls
rules:
- host: strix.systems
@ -23,3 +24,13 @@ spec:
name: ntr-cv
port:
number: 8080
- host: ntr.ntwl.xyz
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: ntr-cv
port:
number: 8080

15
registry/registry.ingress.yaml
View File

@ -5,13 +5,14 @@ kind: Ingress
metadata:
name: registry
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: 2g
haproxy.org/proxy-body-size-limit: "2g"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
ingressClassName: nginx
ingressClassName: haproxy
tls:
- hosts:
- registry.strix.systems
- registry.ntwl.xyz
secretName: registry-strix-systems-tls
rules:
- host: registry.strix.systems
@ -24,3 +25,13 @@ spec:
name: registry
port:
number: 5000
- host: registry.ntwl.xyz
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: registry
port:
number: 5000

6
spacerace/spacerace.ingress.yaml
View File

@ -5,11 +5,9 @@ metadata:
name: spacerace-api
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
# don't do this again
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$2
haproxy.org/path-rewrite: "/api(/)?(.*) /$2"
spec:
ingressClassName: nginx
ingressClassName: haproxy
tls:
- hosts:
- spacerace.strix.systems

28
storage/minio.ingress.yaml
View File

@ -7,10 +7,11 @@ metadata:
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
ingressClassName: nginx
ingressClassName: haproxy
tls:
- hosts:
- minio.strix.systems
- minio.ntwl.xyz
secretName: minio.strix.systems
rules:
- host: minio.strix.systems
@ -23,6 +24,16 @@ spec:
name: minio-service
port:
number: 9090
- host: minio.ntwl.xyz
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: minio-service
port:
number: 9090
---
@ -34,12 +45,13 @@ metadata:
app: minio
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/proxy-body-size: 1g
haproxy.org/proxy-body-size-limit: "1g"
spec:
ingressClassName: nginx
ingressClassName: haproxy
tls:
- hosts:
- storage.strix.systems
- storage.ntwl.xyz
secretName: storage.strix.systems
rules:
- host: storage.strix.systems
@ -52,3 +64,13 @@ spec:
name: minio-service
port:
number: 9000
- host: storage.ntwl.xyz
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: minio-service
port:
number: 9000