Trivernis
/
cluster-config
mirror of https://codeberg.org/Trivernis/cluster-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

apps(sharkey): Initial config

Browse Source
main
trivernis 10 months ago
parent 6de786bc05
commit 6808fcdfa1
WARNING! Although there is a key with this ID in the database it does not verify this commit! This commit is SUSPICIOUS.
GPG Key ID: DFFFCC2C7A02DB45
10 changed files with 333 additions and 0 deletions
Show Stats Download Patch File Download Diff File

14
apps/sharkey/app.yaml
Unescape Escape View File

@ -0,0 +1,14 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: discordbot-2b
metadata:
name: discordbot-2b
resources:
- app/namespace.yaml
- app/sealedsecret.yaml
- app/config-sealedsecret.yaml
- app/config.yaml
- app/volume.yaml
- app/stackgres-scripts.yaml
- app/stackgres.yaml
- app/deploy.yaml

16
apps/sharkey/app/config-sealedsecret.yaml
Unescape Escape View File

@ -0,0 +1,16 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: sharkey-config-secret
namespace: sharkey
spec:
encryptedData:
secret.yaml: AgAYJjYoxcBeqMdf+R5bb/fB7KTSDf/LchotQRJClzU5l9vCJFuJiGh7dhzT5ZLzHM+6gf1cEuI6vCXiHsNTAiTbkpjbKPhlUU3vMNpieuh8HBjTHzeCNJpLl1UIRxBOPZ9fgzp9ROSoaEjMBgSSc7zgTnhr4s7/FNTbCzeuHso6MiHNdtcC9yFeiwDb17Bm1r8Lko88fRWHqKAHeNoLnh1bo316C6H1fLvsQC/MWN+shXxpMnRIjjIAtIgW+8ayvAdYjs0TAhKgWRLD/mjku5toqoK+uOGypVjrkfrrKPtDgWD/VO8SFRLXoJfhen2PAU1dbmrrHBJy/RPJ3cOPTU4cVSeKtwLmj0a2YxjLOldv9zQ1SnRqkCSQUMQf+7/cArWhn632qsuhm/ECzbE7w11T3N9hlyhl8ZebSzSgW87B9Re7syiBh10Wno4uUuzETkQ6/59jrpfLFzdmptYd623RT72kzjg+uHYzw0fp6kzjd0yMi3bbt1c6JaW0y9WPkRQN4ONcIfi3XJ07uulLsj2x6R90a3zea+cCDJdDF24Bqr/MK9Ro5MooHmEMm6C06Lf5GUjirkoktUnosxsEywiYpOgwrfS0ib1OCCw1+qSoStyBW1EGI7tDVrY16R1I1XSjz1CJrl0Zq2ZFHtU8rlYTuIm5JnVq1/lkJZQsO1NP5RE6rhkOS2RqMIjyDNXPyyR4irdodQutkY2ToZb8qFo6NH9oMYtyXVERtes9TwwmjmQtwQdDMBhknMVutUlsHGzawepuucsOYhRyk3bqxhAgE+WXE+4c2fwu7/EIL+rtNSMqTwGvSTgYT63tZhsWC5/NqRtwBMpFhKXxqgN1r2mkperB
template:
metadata:
creationTimestamp: null
name: sharkey-config-secret
namespace: sharkey
type: Opaque

144
apps/sharkey/app/config.yaml
Unescape Escape View File

@ -0,0 +1,144 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: sharkey-config
namespace: sharkey
data:
default.yaml: |
#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
# Misskey configuration
#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
# ┌─────┐
#───┘ URL └─────────────────────────────────────────────────────
# Final accessible URL seen by a user.
url: https://social.funkyfish.cool
# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE
# URL SETTINGS AFTER THAT!
# The port that your Misskey server should listen on.
port: 3000
# You can also use UNIX domain socket.
# socket: /path/to/misskey.sock
# chmodSocket: '777'
# ┌──────────────────────────┐
#───┘ PostgreSQL configuration └────────────────────────────────
dbReplications: false
# ┌─────────────────────┐
#───┘ Redis configuration └─────────────────────────────────────
redis:
host: localhost
port: 6379
# ┌───────────────────────────┐
#───┘ MeiliSearch configuration └─────────────────────────────
#meilisearch:
# host: localhost
# port: 7700
# apiKey: ''
# ssl: true
# index: ''
# scope: global
# ┌───────────────┐
#───┘ ID generation └───────────────────────────────────────────
# You can select the ID generation method.
# You don't usually need to change this setting, but you can
# change it according to your preferences.
# Available methods:
# aid ... Short, Millisecond accuracy
# aidx ... Millisecond accuracy
# meid ... Similar to ObjectID, Millisecond accuracy
# ulid ... Millisecond accuracy
# objectid ... This is left for backward compatibility
# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE
# ID SETTINGS AFTER THAT!
id: 'aidx'
# ┌─────────────────────┐
#───┘ Other configuration └─────────────────────────────────────
# Whether disable HSTS
#disableHsts: true
# Number of worker processes
#clusterLimit: 1
# Job concurrency per worker
#deliverJobConcurrency: 128
#inboxJobConcurrency: 16
#relashionshipJobConcurrency: 16
# What's relashionshipJob?:
# Follow, unfollow, block and unblock(ings) while following-imports, etc. or account migrations.
# Job rate limiter
#deliverJobPerSec: 128
#inboxJobPerSec: 16
#relashionshipJobPerSec: 64
# Job attempts
#deliverJobMaxAttempts: 12
#inboxJobMaxAttempts: 8
# Local address used for outgoing requests
#outgoingAddress: 127.0.0.1
# IP address family used for outgoing request (ipv4, ipv6 or dual)
#outgoingAddressFamily: ipv4
# Proxy for HTTP/HTTPS
#proxy: http://127.0.0.1:3128
proxyBypassHosts:
- api.deepl.com
- api-free.deepl.com
- www.recaptcha.net
- hcaptcha.com
- challenges.cloudflare.com
# Proxy for SMTP/SMTPS
#proxySmtp: http://127.0.0.1:3128 # use HTTP/1.1 CONNECT
#proxySmtp: socks4://127.0.0.1:1080 # use SOCKS4
#proxySmtp: socks5://127.0.0.1:1080 # use SOCKS5
# Media Proxy
# Reference Implementation: https://github.com/misskey-dev/media-proxy
# * Deliver a common cache between instances
# * Perform image compression (on a different server resource than the main process)
#mediaProxy: https://example.com/proxy
# Proxy remote files (default: true)
# Proxy remote files by this instance or mediaProxy to prevent remote files from running in remote domains.
proxyRemoteFiles: true
# Movie Thumbnail Generation URL
# There is no reference implementation.
# For example, Misskey will point to the following URL:
# https://example.com/thumbnail.webp?thumbnail=1&url=https%3A%2F%2Fstorage.example.com%2Fpath%2Fto%2Fvideo.mp4
#videoThumbnailGenerator: https://example.com
# Sign to ActivityPub GET request (default: true)
signToActivityPubGet: true
#allowedPrivateNetworks: [
# '127.0.0.1/32'
#]
# Upload or download file size limits (bytes)
#maxFileSize: 262144000
# PID File of master process
#pidFile: /tmp/misskey.pid

53
apps/sharkey/app/deploy.yaml
Unescape Escape View File

@ -0,0 +1,53 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: sharkey
namespace: sharkey
spec:
replicas: 1
selector:
matchLabels:
app: sharkey
template:
metadata:
labels:
app: sharkey
spec:
containers:
- name: redis
image: redis
ports:
- containerPort: 6379
name: redis
protocol: TCP
- image: ghcr.io/transfem-org/sharkey:stable
name: sharkey
volumeMounts:
- name: config-secret
mountPath: "/sharkey/.config"
readOnly: true
- name: config
mountPath: "/sharkey/.config"
readOnly: true
- name: sharkey-files
mountPath: "/sharkey/files"
env:
- name: example
valueFrom:
secretKeyRef:
name: example-secret
key: example
volumes:
- name: config-secret
secret:
secretName: sharkey-config-secret
optional: false
- name: config
configMap:
name: sharkey-config
items:
- key: "default.yml"
path: "default.yml"
- name: sharkey-files
persistentVolumeClaim:
claimName: sharkey-files

6
apps/sharkey/app/namespace.yaml
Unescape Escape View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: sharkey
labels:
name: sharkey

16
apps/sharkey/app/sealedsecret.yaml
Unescape Escape View File

@ -0,0 +1,16 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: sharkey-secret
namespace: sharkey
spec:
encryptedData:
create-user.sql: AgCLEUD8N2UkaLu/HCu0XG6cOXqdhy2TUGohMwknLVEli0U91Ez3U6XIME6EPxbD/+yfCId41M/fqE1TIDh9mFEYcv0nlgzjKeBjkAiDXPTTsavWhJk1zWqv7+/PRFM6mmHTJY3N5DxHh4YwTPcWXuQMxu1UpOgwgdZM+VvVL5SlMVmk7YaPzskyhny/IqV2iQkHw05Jgc6qeIm1GmvfsXUYDigIckyNKzmKrroKUZRMUo9b/gsFAdUR00+AUaUIXr332GZh/bUWPn80Y2BOEp0O9fu4WsrRRv/I3B5u0Z0MlNpWiADN3AEUu0lHwIHBtad69yCX30ryuFoj0jOUT3EXhn5/uSVRn0BI3mdxmgCkJwOEf74ZJvGP/OCPl9B3weg3z4YejDH8+5g3cLqGS1JBkcbppD9G8XQOsjnKHHNM22aareCUxy4b2Sh3vBf21tASq5DFXpj+uV8VZKVSFhX2a4m7NFyUj/1mKUNS9D0PxQrnOj7AoWlDnWw2+W6t/eA77QJqIrS2fxEKWsZZTgh/9v28S77VEASKhacVq+bmL2jU1vHZUfltG1YAAjE59yJaST0zjowY0PTQB0YyuluGA4PnbLYF4fHxr1jhN2J5hj3UvIriEeASJA/pB6CcmJ+yootg/fobfJLBzEXvHDhIhos+9icsJsr36NanQv9a6b20qm8AjPta9VJ6NcgCkFumjQUgb/U5MAIEVtPpM6GMTytZFyabwX8ATy7174CcQeL6eA+H9lzfIrQ4VOSES6c=
template:
metadata:
creationTimestamp: null
name: sharkey-secret
namespace: sharkey
type: Opaque

27
apps/sharkey/app/stackgres-scripts.yaml
Unescape Escape View File

@ -0,0 +1,27 @@
apiVersion: stackgres.io/v1
kind: SGScript
metadata:
namespace: sharkey
name: cluster-scripts
spec:
continueOnError: true
scripts:
- name: create-user
retryOnError: true
version: 1
scriptFrom:
secretKeyRef:
name: sharkey-secret
key: create-user.sql
- name: create-db
version: 1
script: |
CREATE DATABASE sharkey;
- name: grant-permissions
retryOnError: true
version: 1
script: |
GRANT ALL ON DATABASE sharkey TO sharkey;
ALTER DATABASE sharkey OWNER TO sharkey;
GRANT USAGE, CREATE ON SCHEMA public TO sharkey;

17
apps/sharkey/app/stackgres.yaml
Unescape Escape View File

@ -0,0 +1,17 @@
apiVersion: stackgres.io/v1
kind: SGCluster
metadata:
namespace: sharkey
name: cluster
spec:
postgres:
version: '16'
instances: 2
pods:
persistentVolume:
size: '2Gi'
storageClass: ebs-ssd
prometheusAutobind: true
managedSql:
scripts:
- sgScript: cluster-scripts

23
apps/sharkey/app/volume.yaml
Unescape Escape View File

@ -0,0 +1,23 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: sharkey-files
namespace: sharkey
spec:
capacity:
storage: 10Gi
storageClassName: "ebs-hdd"
accessModes:
- ReadWriteOnce
claimRef:
name: sharkey-files-pvc
namespace: sharkey
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: sharkey-files-pvc
namespace: sharkey
spec:
storageClassName: "ebs-hdd"
volumeName: sharkey-files

17
cluster/apps.yaml
Unescape Escape View File

@ -286,3 +286,20 @@ spec:
prune: true prune: true
wait: true wait: true
timeout: 5m0s timeout: 5m0s
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: apps-sharkey
namespace: flux-system
spec:
dependsOn:
- name: repos
interval: 5m
sourceRef:
kind: GitRepository
name: flux-system
path: ./apps/sharkey
prune: true
wait: true
timeout: 5m0s

Write Preview
Loading…
Cancel
Save