djpbessems/Kubernetes.K3s.installLog
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Delete commit history along with sensitive data

Browse Source
This commit is contained in:
Danny Bessems
2020-09-01 17:44:43 +02:00
commit 6892ae9ef6
41 changed files with 3786 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
services/Adminer/configMap_Adminer.yml Normal file
View File

@ -0,0 +1,16 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: configmap-adminer-conf
data:
login-password-less.php: |
<?php
require_once('plugins/login-password-less.php');
/** Set allowed password
* @param string result of password_hash
*/
return new AdminerLoginPasswordLess(
$password_hash = password_hash(rtrim(file_get_contents('/vault/secrets/sqlitepw')), PASSWORD_DEFAULT)
);
?>

112
services/Adminer/deploy-Adminer.yml Normal file
View File

@ -0,0 +1,112 @@
apiVersion: v1
kind: Service
metadata:
name: adminer
spec:
ports:
- protocol: TCP
name: web
port: 8080
selector:
app: adminer
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: adminer
labels:
app: adminer
spec:
replicas: 1
selector:
matchLabels:
app: adminer
template:
metadata:
annotations:
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-inject-secret-sqlitepw: "secret/adminer"
vault.hashicorp.com/role: "adminer"
vault.hashicorp.com/agent-inject-template-sqlitepw: |
{{ with secret "secret/adminer" -}}
{{ .Data.data.sqlitepw }}
{{- end }}
labels:
app: adminer
spec:
serviceAccountName: adminer
containers:
- name: adminer
image: adminer
ports:
- name: web
containerPort: 8080
volumeMounts:
- mountPath: /mnt/websites
name: flexvolsmb-adminer-websites
- name: configmap-adminer-conf
mountPath: /var/www/html/plugins-enabled/login-password-less.php
subPath: login-password-less.php
volumes:
- name: flexvolsmb-adminer-websites
persistentVolumeClaim:
claimName: flexvolsmb-adminer-websites
- name: configmap-adminer-conf
configMap:
name: configmap-adminer-conf
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: adminer
labels:
app: adminer
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: adminer
spec:
entryPoints:
- websecure
routes:
- match: Host(`sql.spamasaurus.com`)
kind: Rule
services:
- name: adminer
port: 8080
middlewares:
- name: 2fa-authentication@file
- name: security-headers@file
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-adminer-websites
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-adminer-websites
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
options:
opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
server: 192.168.11.225
share: /K3s.Volumes/lighttpd/websites
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-adminer-websites
namespace: default
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-adminer-websites
resources:
requests:
storage: 1Gi

142
services/Authelia/deploy-Authelia.yml Normal file
View File

@ -0,0 +1,142 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: authelia
labels:
app: authelia
spec:
replicas: 1
selector:
matchLabels:
app: authelia
template:
metadata:
labels:
app: authelia
spec:
containers:
- name: authelia
image: authelia/authelia
env:
- name: TZ
value: Europe/Amsterdam
ports:
- name: web
containerPort: 9091
volumeMounts:
- name: flexvolsmb-authelia-conf
mountPath: /config
- name: redis
image: redis:alpine
args:
- redis-server
- --requirepass authelia
- --appendonly yes
ports:
- name: redis
containerPort: 6379
volumeMounts:
- name: flexvolsmb-authelia-redis
mountPath: /data
volumes:
- name: flexvolsmb-authelia-conf
persistentVolumeClaim:
claimName: flexvolsmb-authelia-conf
- name: flexvolsmb-authelia-redis
persistentVolumeClaim:
claimName: flexvolsmb-authelia-redis
---
apiVersion: v1
kind: Service
metadata:
name: authelia
spec:
ports:
- protocol: TCP
name: web
port: 9091
- protocol: TCP
name: redis
port: 6379
selector:
app: authelia
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: authelia
spec:
entryPoints:
- websecure
routes:
- match: Host(`auth.spamasaurus.com`)
kind: Rule
services:
- name: authelia
port: 9091
middlewares:
- name: security-headers@file
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-authelia-conf
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-authelia-conf
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
options:
opts: domain=bessems.eu,file_mode=0600,dir_mode=0600,iocharset=utf8,nobrl
server: 192.168.11.225
share: /K3s.Volumes/authelia/conf
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-authelia-conf
namespace: default
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-authelia-conf
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-authelia-redis
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-authelia-redis
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
options:
opts: domain=bessems.eu,file_mode=0700,dir_mode=0700,uid=999,gid=1000,iocharset=utf8,nobrl
server: 192.168.11.225
share: /K3s.Volumes/authelia/redis
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-authelia-redis
namespace: default
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-authelia-redis
resources:
requests:
storage: 1Gi

135
services/Bitwarden/deployment_Bitwarden.yml Normal file
View File

@ -0,0 +1,135 @@
apiVersion: v1
kind: Service
metadata:
name: bitwarden
spec:
ports:
- protocol: TCP
name: ui
port: 8080
- protocol: TCP
name: websocket
port: 3012
selector:
app: bitwarden
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: bitwarden
labels:
app: bitwarden
spec:
replicas: 1
selector:
matchLabels:
app: bitwarden
template:
metadata:
annotations:
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-inject-secret-bitwarden: "secret/bitwarden"
vault.hashicorp.com/role: "bitwarden"
vault.hashicorp.com/agent-inject-template-bitwarden: |
{{ with secret "secret/bitwarden" -}}
export ADMIN_TOKEN="{{ .Data.data.admintoken }}"
export YUBICO_CLIENT_ID="{{ .Data.data.yubicoclientid }}"
export YUBICO_SECRET_KEY="{{ .Data.data.yubicosecretkey }}"
{{- end }}
labels:
app: bitwarden
spec:
serviceAccountName: bitwarden
containers:
- name: bitwarden
image: bitwardenrs/server
args: ["sh", "-c", ". /vault/secrets/bitwarden && /start.sh"]
env:
- name: ENABLE_DB_WAL
value: "false"
- name: ROCKET_PORT
value: "8080"
- name: SIGNUPS_ALLOWED
value: "false"
- name: WEBSOCKET_ENABLED
value: "true"
- name: WEBSOCKET_PORT
value: "3012"
- name: LOG_LEVEL
value: "debug"
- name: EXTENDED_LOGGING
value: "true"
ports:
- name: ui
containerPort: 8080
- name: websocket
containerPort: 3012
volumeMounts:
- mountPath: /data
name: flexvolsmb-bitwarden-data
volumes:
- name: flexvolsmb-bitwarden-data
persistentVolumeClaim:
claimName: flexvolsmb-bitwarden-data
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: bitwarden
labels:
app: bitwarden
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: bitwarden
spec:
entryPoints:
- websecure
routes:
- match: Host(`vault.spamasaurus.com`)
kind: Rule
services:
- name: bitwarden
port: 8080
middlewares:
- name: security-headers@file
- match: Host(`vault.spamasaurus.com`) && Path(`/notifications/hub`)
kind: Rule
services:
- name: bitwarden
port: 3012
middlewares:
- name: security-headers@file
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-bitwarden-data
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-bitwarden-data
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
options:
opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
server: 192.168.11.225
share: /K3s.Volumes/bitwarden/data
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-bitwarden-data
namespace: default
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-bitwarden-data
resources:
requests:
storage: 1Gi

26
services/DDclient/deploy-DDclient.yml Normal file
View File

@ -0,0 +1,26 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: ddclient
labels:
app: ddclient
spec:
replicas: 1
selector:
matchLabels:
app: ddclient
template:
metadata:
labels:
app: ddclient
spec:
containers:
- name: ddclient
image: linuxserver/ddclient
volumeMounts:
- mountPath: /config
name: ddclient-secret
volumes:
- name: ddclient-secret
secret:
secretName: ddclient-secret

35
services/DDclient/secret-DDclient.yml Normal file
View File

@ -0,0 +1,35 @@
apiVersion: v1
kind: Secret
metadata:
name: ddclient-secret
labels:
app: ddclient
stringData:
ddclient.conf: |
daemon=300
syslog=yes
protocol=cloudflare
use=web
web=https://domains.google.com/checkip
ssl=yes
ttl=1
login=cloudflare.com.danny@spamasaurus.com
password=9ec5ad8d1e8c6240c5488bb61b7bcd7bdc0fc
zone=bessems.com
bessems.com
zone=bessems.eu
bessems.eu,deschakel.bessems.eu
zone=gabaldon.eu
gabaldon.eu
zone=gabaldon.nl
gabaldon.nl
zone=itch.fyi
itch.fyi
zone=spamasaurus.com
spamasaurus.com

175
services/DroneCI/deployment_DroneCI.yml Normal file
View File

@ -0,0 +1,175 @@
apiVersion: v1
kind: Service
metadata:
name: drone
spec:
ports:
- protocol: TCP
name: ui
port: 80
selector:
app: drone
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: drone
labels:
app: drone
spec:
replicas: 1
selector:
matchLabels:
app: drone
template:
metadata:
annotations:
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-inject-secret-drone: "secret/drone"
vault.hashicorp.com/role: "drone"
vault.hashicorp.com/agent-inject-template-drone: |
{{ with secret "secret/drone" -}}
export DRONE_RPC_SECRET="{{ .Data.data.rpcsecret }}"
export DRONE_GITEA_CLIENT_ID="{{ .Data.data.giteaclientid }}"
export DRONE_GITEA_CLIENT_SECRET="{{ .Data.data.giteaclientsecret }}"
{{- end }}
labels:
app: drone
spec:
# serviceAccountName: drone
containers:
- name: drone
image: drone/drone
command: ["sh", "-c", ". /vault/secrets/drone && /bin/drone-server"]
env:
- name: DRONE_SERVER_PROTO
value: 'https'
- name: DRONE_SERVER_HOST
value: 'ci.spamasaurus.com'
- name: DRONE_SERVER_PORT
value: ':80'
- name: DRONE_TLS_AUTOCERT
value: 'false'
- name: DRONE_GITEA_SERVER
value: 'https://code.spamasaurus.com'
# - name: DRONE_LOGS_DEBUG
# value: 'true'
- name: DRONE_GIT_ALWAYS_AUTH
value: 'false'
- name: DRONE_AGENTS_ENABLED
value: 'true'
ports:
- name: ui
containerPort: 80
volumeMounts:
- mountPath: /data
name: flexvolsmb-drone-data
- name: drone-runner
image: drone/drone-runner-kube:latest
command: ["sh", "-c", ". /vault/secrets/drone && /bin/drone-runner-kube"]
ports:
- containerPort: 3000
env:
- name: DRONE_RPC_HOST
value: 'ci.spamasaurus.com'
- name: DRONE_RPC_PROTO
value: 'https'
volumes:
- name: flexvolsmb-drone-data
persistentVolumeClaim:
claimName: flexvolsmb-drone-data
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: drone
labels:
app: drone
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: drone
spec:
entryPoints:
- websecure
routes:
- match: Host(`ci.spamasaurus.com`)
kind: Rule
services:
- name: drone
port: 80
middlewares:
- name: security-headers@file
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-drone-data
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-drone-data
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
options:
opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
server: 192.168.11.225
share: /K3s.Volumes/drone/data
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-drone-data
namespace: default
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-drone-data
resources:
requests:
storage: 1Gi
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: default
name: drone
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- apiGroups:
- ""
resources:
- pods
- pods/log
verbs:
- get
- create
- delete
- list
- watch
- update
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: drone
namespace: default
subjects:
- kind: ServiceAccount
name: default
namespace: default
roleRef:
kind: Role
name: drone
apiGroup: rbac.authorization.k8s.io

160
services/Gitea/deployment_Gitea.yml Normal file
View File

@ -0,0 +1,160 @@
apiVersion: v1
kind: Service
metadata:
name: gitea
spec:
ports:
- protocol: TCP
name: ui
port: 3000
- protocol: TCP
name: ssh
port: 22
targetPort: ssh
selector:
app: gitea
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitea
labels:
app: gitea
spec:
replicas: 1
selector:
matchLabels:
app: gitea
template:
metadata:
labels:
app: gitea
spec:
containers:
- name: gitea
image: gitea/gitea:1
env:
- name: DB_TYPE
value: 'sqlite3'
- name: ROOT_URL
value: 'https://code.spamasaurus.com'
- name: USER_UID
value: "1000"
- name: USER_GID
value: "1000"
ports:
- name: ui
containerPort: 3000
- name: ssh
containerPort: 22
volumeMounts:
- mountPath: /data
name: flexvolsmb-gitea-data
- mountPath: /data/ssh
name: flexvolsmb-gitea-ssh
subPath: ssh
# securityContext:
# runAsUser: 1000
# runAsGroup: 1000
# fsGroup: 1000
volumes:
- name: flexvolsmb-gitea-data
persistentVolumeClaim:
claimName: flexvolsmb-gitea-data
- name: flexvolsmb-gitea-ssh
persistentVolumeClaim:
claimName: flexvolsmb-gitea-ssh
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: gitea
spec:
entryPoints:
- websecure
routes:
- match: Host(`code.spamasaurus.com`)
kind: Rule
services:
- name: gitea
port: 3000
middlewares:
- name: security-headers@file
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: gitea
spec:
entryPoints:
- ssh
routes:
- match: HostSNI(`*`)
kind: Rule
services:
- name: gitea
port: 22
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-gitea-data
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-gitea-data
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
options:
opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,uid=1000,gid=1000,iocharset=utf8,nobrl
server: 192.168.11.225
share: /K3s.Volumes/gitea/data
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-gitea-data
namespace: default
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-gitea-data
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-gitea-ssh
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-gitea-ssh
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
options:
opts: domain=bessems.eu,file_mode=0600,dir_mode=0600,iocharset=utf8
server: 192.168.11.225
share: /K3s.Volumes/gitea/ssh
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-gitea-ssh
namespace: default
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-gitea-ssh
resources:
requests:
storage: 1Gi

89
services/Gotify/deploy-Gotify.yml Normal file
View File

@ -0,0 +1,89 @@
apiVersion: v1
kind: Service
metadata:
name: gotify
spec:
ports:
- protocol: TCP
name: web
port: 80
selector:
app: gotify
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gotify
labels:
app: gotify
spec:
replicas: 1
selector:
matchLabels:
app: gotify
template:
metadata:
labels:
app: gotify
spec:
containers:
- name: gotify
image: gotify/server
ports:
- name: web
containerPort: 80
volumeMounts:
- mountPath: /app/data
name: flexvolsmb-gotify-data
volumes:
- name: flexvolsmb-gotify-data
persistentVolumeClaim:
claimName: flexvolsmb-gotify-data
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: gotify
spec:
entryPoints:
- websecure
routes:
- match: Host(`notify.spamasaurus.com`)
kind: Rule
services:
- name: gotify
port: 80
middlewares:
- name: security-headers@file
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-gotify-data
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-gotify-data
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
options:
opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
server: 192.168.11.225
share: /K3s.Volumes/gotify/data
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-gotify-data
namespace: default
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-gotify-data
resources:
requests:
storage: 1Gi

8
services/Guacamole/configMap_Guacamole.yml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: configmap-guacamole-mysql-conf
data:
MYSQL_DATABASE: 'guacamole'
MYSQL_PASSWORD: 'guacamole'
MYSQL_USER: 'guacamole'

175
services/Guacamole/deployment_Guacamole.yml Normal file
View File

@ -0,0 +1,175 @@
apiVersion: v1
kind: Service
metadata:
name: guacamole
spec:
ports:
- protocol: TCP
name: ui
port: 8080
- protocol: TCP
name: proxy
port: 4822
- protocol: TCP
name: db
port: 3306
selector:
app: guacamole
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: guacamole
labels:
app: guacamole
spec:
replicas: 1
selector:
matchLabels:
app: guacamole
template:
metadata:
labels:
app: guacamole
spec:
hostname: guacamole
containers:
- name: guacamole
image: guacamole/guacamole
env:
- name: GUACD_HOSTNAME
value: 'guacamole.default.svc.cluster.local'
- name: MYSQL_HOSTNAME
value: 'guacamole.default.svc.cluster.local'
- name: GUACAMOLE_HOME
value: '/etc/guacamole'
envFrom:
- configMapRef:
name: configmap-guacamole-mysql-conf
volumeMounts:
- name: flexvolsmb-guacamole-home
mountPath: /etc/guacamole
ports:
- name: ui
containerPort: 8080
- name: guacd
image: guacamole/guacd
env:
- name: GUACD_LOG_LEVEL
value: 'debug'
ports:
- name: proxy
containerPort: 4822
- name: mysql
image: mysql:latest
securityContext:
runAsUser: 999
runAsGroup: 999
env:
- name: MYSQL_RANDOM_ROOT_PASSWORD
value: 'true'
envFrom:
- configMapRef:
name: configmap-guacamole-mysql-conf
volumeMounts:
- name: flexvolsmb-guacamole-db
mountPath: /var/lib/mysql
ports:
- name: db
containerPort: 3306
volumes:
- name: flexvolsmb-guacamole-db
persistentVolumeClaim:
claimName: flexvolsmb-guacamole-db
- name: flexvolsmb-guacamole-home
persistentVolumeClaim:
claimName: flexvolsmb-guacamole-home
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: prepend-path-guacamole
spec:
addPrefix:
prefix: /guacamole
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: guacamole
spec:
entryPoints:
- websecure
routes:
- match: Host(`remote.spamasaurus.com`)
kind: Rule
services:
- name: guacamole
port: 8080
middlewares:
- name: prepend-path-guacamole
- name: security-headers@file
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-guacamole-db
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-guacamole-db
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
options:
opts: domain=bessems.eu,file_mode=0755,dir_mode=0755,uid=999,gid=999,iocharset=utf8
server: 192.168.11.225
share: /K3s.Volumes/guacamole/db
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-guacamole-db
namespace: default
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-guacamole-db
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-guacamole-home
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-guacamole-home
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
options:
opts: domain=bessems.eu,file_mode=0755,dir_mode=0755,uid=999,gid=999,iocharset=utf8
server: 192.168.11.225
share: /K3s.Volumes/guacamole/home
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-guacamole-home
namespace: default
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-guacamole-home
resources:
requests:
storage: 1Gi

42
services/Harbor/chart-values.yml Normal file
View File

@ -0,0 +1,42 @@
expose:
ingress:
hosts:
core: registry.spamasaurus.com
notary: notary.spamasaurus.com
externalURL: https://registry.spamasaurus.com
persistence:
enabled: true
resourcePolicy: "keep"
persistentVolumeClaim:
registry:
existingClaim: "flexvolsmb-harbor-registry"
storageClass: "-"
accessMode: ReadWriteMany
size: 5Gi
chartmuseum:
existingClaim: "flexvolsmb-harbor-chartmuseum"
storageClass: "-"
accessMode: ReadWriteMany
size: 5Gi
jobservice:
existingClaim: "flexvolsmb-harbor-jobservice"
storageClass: "-"
accessMode: ReadWriteMany
size: 1Gi
database:
existingClaim: "flexvolsmb-harbor-database"
storageClass: "-"
accessMode: ReadWriteMany
size: 1Gi
redis:
existingClaim: "flexvolsmb-harbor-redis"
storageClass: "-"
accessMode: ReadWriteMany
size: 1Gi
trivy:
existingClaim: "flexvolsmb-harbor-trivy"
storageClass: "-"
accessMode: ReadWriteMany
size: 1Gi

33
services/Harbor/ingressRoute-Harbor.yml Normal file
View File

@ -0,0 +1,33 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: harbor
namespace: harbor
spec:
entryPoints:
- websecure
routes:
- match: Host(`registry.spamasaurus.com`)
kind: Rule
services:
- name: harbor-harbor-portal
namespace: harbor
port: 80
middlewares:
- name: security-headers@file
- match: Host(`registry.spamasaurus.com`) && PathPrefix(`/api/`, `/service/`, `/v2/`, `/chartrepo/`, `/c/`)
kind: Rule
services:
- name: harbor-harbor-core
namespace: harbor
port: 80
middlewares:
- name: security-headers@file
- match: Host(`notary.spamasaurus.com`)
kind: Rule
services:
- name: harbor-harbor-notary-server
namespace: harbor
port: 4443
middlewares:
- name: security-headers@file

204
services/Harbor/persistentVolumeClaim_Harbor.yml Normal file
View File

@ -0,0 +1,204 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-harbor-chartmuseum
namespace: harbor
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-harbor-chartmuseum
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
namespace: default
options:
opts: domain=bessems.eu,file_mode=0700,dir_mode=0700,uid=999,gid=999,iocharset=utf8,nobrl
server: 192.168.11.225
share: /K3s.Volumes/harbor/chartmuseum
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-harbor-chartmuseum
namespace: harbor
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-harbor-chartmuseum
resources:
requests:
storage: 10Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-harbor-database
namespace: harbor
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-harbor-database
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
namespace: default
options:
opts: domain=bessems.eu,file_mode=0700,dir_mode=0700,uid=999,gid=999,iocharset=utf8,nobrl
server: 192.168.11.225
share: /K3s.Volumes/harbor/database
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-harbor-database
namespace: harbor
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-harbor-database
resources:
requests:
storage: 10Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-harbor-jobservice
namespace: harbor
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-harbor-jobservice
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
namespace: default
options:
opts: domain=bessems.eu,file_mode=0700,dir_mode=0700,uid=10000,gid=10000,iocharset=utf8,nobrl
server: 192.168.11.225
share: /K3s.Volumes/harbor/jobservice
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-harbor-jobservice
namespace: harbor
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-harbor-jobservice
resources:
requests:
storage: 10Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-harbor-redis
namespace: harbor
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-harbor-redis
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
namespace: default
options:
opts: domain=bessems.eu,file_mode=0700,dir_mode=0700,iocharset=utf8,nobrl
server: 192.168.11.225
share: /K3s.Volumes/harbor/redis
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-harbor-redis
namespace: harbor
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-harbor-redis
resources:
requests:
storage: 10Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-harbor-registry
namespace: harbor
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-harbor-registry
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
namespace: default
options:
opts: domain=bessems.eu,file_mode=0700,dir_mode=0700,uid=10000,gid=10000,iocharset=utf8,nobrl
server: 192.168.11.225
share: /K3s.Volumes/harbor/registry
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-harbor-registry
namespace: harbor
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-harbor-registry
resources:
requests:
storage: 10Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-harbor-trivy
namespace: harbor
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-harbor-trivy
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
namespace: default
options:
opts: domain=bessems.eu,file_mode=0700,dir_mode=0700,uid=10000,gid=10000,iocharset=utf8,nobrl
server: 192.168.11.225
share: /K3s.Volumes/harbor/trivy
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-harbor-trivy
namespace: harbor
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-harbor-trivy
resources:
requests:
storage: 10Gi

64
services/Lighttpd/configMap_lighttpd.yml Normal file
View File

@ -0,0 +1,64 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: configmap-lighttpd-conf
data:
lighttpd.conf: |
server.modules = (
"mod_access",
"mod_alias",
"mod_compress",
"mod_redirect",
"mod_rewrite",
)
server.document-root = "/var/www/html"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 8080
index-file.names = ( "index.php", "index.html", "index.lighttpd.html" )
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )
include_shell "/usr/share/lighttpd/create-mime.assign.pl"
include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
include_shell "cat /etc/lighttpd/vhosts.d/*.conf"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: configmap-lighttpd-vhosts
data:
bessems.com.conf: |
$HTTP["host"] =~ "^bessems\.(com|eu)$" {
server.document-root = "/var/www/bessems.com/"
}
gabaldon.eu.conf: |
$HTTP["host"] =~ "^gabaldon\.(eu|nl)$" {
server.document-root = "/var/www/gabaldon.eu/"
}
sn.itch.fyi.conf: |
$HTTP["host"] == "sn.itch.fyi" {
server.document-root = "/var/www/sn.itch.fyi/"
index-file.names += ("/_h5ai/public/index.php")
}
spamasaurus.com.conf: |
$HTTP["host"] == "spamasaurus.com" {
server.document-root = "/var/www/spamasaurus.com/public"
}
sw.itch.fyi.conf: |
$HTTP["host"] == "sw.itch.fyi" {
server.document-root = "/var/www/sw.itch.fyi/"
url.rewrite-once = (
"^/api\?(.*)" => "index.php?page=newznabapi&$1"
)
}

26
services/Lighttpd/cronJob-Spotweb.yml Normal file
View File

@ -0,0 +1,26 @@
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: cronjob-spotweb-retrievearticles
spec:
schedule: "0 * * * *"
successfulJobsHistoryLimit: 1
jobTemplate:
spec:
template:
spec:
containers:
- name: php-retrievearticles
image: php:7.4-cli
workingDir: /var/www/sw.itch.fyi
args:
- php
- /var/www/sw.itch.fyi/retrieve.php
volumeMounts:
- name: flexvolsmb-lighttpd-websites
mountPath: /var/www/
volumes:
- name: flexvolsmb-lighttpd-websites
persistentVolumeClaim:
claimName: flexvolsmb-lighttpd-websites
restartPolicy: OnFailure

137
services/Lighttpd/deploy-Lighttpd.yml Normal file
View File

@ -0,0 +1,137 @@
apiVersion: v1
kind: Service
metadata:
name: lighttpd
spec:
ports:
- protocol: TCP
name: web
port: 8080
selector:
app: lighttpd
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: lighttpd
labels:
app: lighttpd
spec:
replicas: 1
selector:
matchLabels:
app: lighttpd
template:
metadata:
labels:
app: lighttpd
spec:
containers:
- name: lighttpd-php-pwsh
image: djpbessems/lighttpd-php-powershell
ports:
- name: web
containerPort: 8080
volumeMounts:
- name: configmap-lighttpd-conf
mountPath: /etc/lighttpd/lighttpd.conf
subPath: lighttpd.conf
- name: configmap-lighttpd-vhosts
mountPath: /etc/lighttpd/vhosts.d
- name: flexvolsmb-lighttpd-data
mountPath: /data/scripts
- name: flexvolsmb-lighttpd-websites
mountPath: /var/www/
volumes:
- name: configmap-lighttpd-conf
configMap:
name: configmap-lighttpd-conf
- name: configmap-lighttpd-vhosts
configMap:
name: configmap-lighttpd-vhosts
- name: flexvolsmb-lighttpd-data
persistentVolumeClaim:
claimName: flexvolsmb-lighttpd-data
- name: flexvolsmb-lighttpd-websites
persistentVolumeClaim:
claimName: flexvolsmb-lighttpd-websites
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: lighttpd
spec:
entryPoints:
- websecure
routes:
- match: Host(`bessems.com`) || Host(`bessems.eu`) || Host(`gabaldon.eu`) || Host(`gabaldon.nl`) || Host(`sn.itch.fyi`) || Host(`sw.itch.fyi`) || Host(`spamasaurus.com`)
kind: Rule
services:
- name: lighttpd
port: 8080
middlewares:
- name: security-headers@file
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-lighttpd-data
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-lighttpd-data
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
options:
opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8
server: 192.168.11.225
share: /K3s.Volumes/lighttpd/data
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-lighttpd-websites
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-lighttpd-websites
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
options:
opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
server: 192.168.11.225
share: /K3s.Volumes/lighttpd/websites
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-lighttpd-data
namespace: default
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-lighttpd-data
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-lighttpd-websites
namespace: default
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-lighttpd-websites
resources:
requests:
storage: 1Gi

110
services/PVR/WIP/deploy-NZBHydra.yml Normal file
View File

@ -0,0 +1,110 @@
apiVersion: v1
kind: Service
metadata:
name: nzbhydra
namespace: pvr
spec:
type: NodePort
ports:
- protocol: TCP
name: web
port: 5076
nodePort: 30010
selector:
app: nzbhydra
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nzbhydra
namespace: pvr
labels:
app: nzbhydra
spec:
replicas: 1
selector:
matchLabels:
app: nzbhydra
template:
metadata:
labels:
app: nzbhydra
spec:
containers:
- name: nzbhydra
image: linuxserver/nzbhydra2
ports:
- name: web
containerPort: 5076
volumeMounts:
- mountPath: /config
name: flexvolsmb-nzbhydra-config
- mountPath: /downloads
name: flexvolsmb-pvr-downloads
subPath: downloads
volumes:
- name: flexvolsmb-nzbhydra-config
persistentVolumeClaim:
claimName: flexvolsmb-nzbhydra-config
- name: flexvolsmb-pvr-downloads
persistentVolumeClaim:
claimName: flexvolsmb-pvr-downloads
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: nzbhydra
namespace: pvr
spec:
entryPoints:
- websecure
routes:
- match: Host(`index.pvr.spamasaurus.com`)
kind: Rule
services:
- name: nzbhydra
port: 5076
middlewares:
- name: ldap-authentication@file
- name: security-headers@file
tls:
options:
name: defaults@file
certResolver: default
domains:
- main: '*.pvr.spamasaurus.com'
sans:
- 'pvr.spamasaurus.com'
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-nzbhydra-config
namespace: pvr
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-nzbhydra-config
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
options:
opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8
server: 192.168.11.225
share: /K3s.Volumes/nzbhydra/config
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-nzbhydra-config
namespace: pvr
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-nzbhydra-config
resources:
requests:
storage: 1Gi

115
services/PVR/WIP/deploy-Radarr.yml Normal file
View File

@ -0,0 +1,115 @@
apiVersion: v1
kind: Service
metadata:
name: radarr
namespace: pvr
spec:
type: NodePort
ports:
- protocol: TCP
name: web
port: 7878
nodePort: 30020
selector:
app: radarr
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: radarr
namespace: pvr
labels:
app: radarr
spec:
replicas: 1
selector:
matchLabels:
app: radarr
template:
metadata:
labels:
app: radarr
spec:
containers:
- name: radarr
image: linuxserver/radarr
ports:
- name: web
containerPort: 7878
volumeMounts:
- mountPath: /config
name: flexvolsmb-radarr-config
- mountPath: /movies
name: flexvolsmb-pvr-movies
- mountPath: /downloads
name: flexvolsmb-pvr-downloads
subPath: downloads
volumes:
- name: flexvolsmb-radarr-config
persistentVolumeClaim:
claimName: flexvolsmb-radarr-config
- name: flexvolsmb-pvr-movies
persistentVolumeClaim:
claimName: flexvolsmb-pvr-movies
- name: flexvolsmb-pvr-downloads
persistentVolumeClaim:
claimName: flexvolsmb-pvr-downloads
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: radarr
namespace: pvr
spec:
entryPoints:
- websecure
routes:
- match: Host(`movies.pvr.spamasaurus.com`)
kind: Rule
services:
- name: radarr
port: 7878
middlewares:
- name: ldap-authentication@file
- name: security-headers@file
tls:
options:
name: defaults@file
certResolver: default
domains:
- main: '*.pvr.spamasaurus.com'
sans:
- 'pvr.spamasaurus.com'
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-radarr-config
namespace: pvr
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-radarr-config
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
options:
opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8
server: 192.168.11.225
share: /K3s.Volumes/radarr/config
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-radarr-config
namespace: pvr
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-radarr-config
resources:
requests:
storage: 1Gi

113
services/PVR/WIP/deploy-SABnzbd.yml Normal file
View File

@ -0,0 +1,113 @@
apiVersion: v1
kind: Service
metadata:
name: sabnzbd
namespace: pvr
spec:
type: NodePort
ports:
- protocol: TCP
name: web
port: 8080
nodePort: 30030
selector:
app: sabnzbd
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sabnzbd
namespace: pvr
labels:
app: sabnzbd
spec:
replicas: 1
selector:
matchLabels:
app: sabnzbd
template:
metadata:
labels:
app: sabnzbd
spec:
containers:
- name: sabnzbd
image: linuxserver/sabnzbd
ports:
- name: web
containerPort: 8080
volumeMounts:
- mountPath: /config
name: flexvolsmb-sabnzbd-config
- mountPath: /downloads
name: flexvolsmb-pvr-downloads
subPath: downloads
- mountPath: /incomplete-downloads
name: flexvolsmb-pvr-downloads
subPath: incomplete-downloads
volumes:
- name: flexvolsmb-sabnzbd-config
persistentVolumeClaim:
claimName: flexvolsmb-sabnzbd-config
- name: flexvolsmb-pvr-downloads
persistentVolumeClaim:
claimName: flexvolsmb-pvr-downloads
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: sabnzbd
namespace: pvr
spec:
entryPoints:
- websecure
routes:
- match: Host(`download.pvr.spamasaurus.com`)
kind: Rule
services:
- name: sabnzbd
port: 8080
middlewares:
- name: ldap-authentication@file
- name: security-headers@file
tls:
options:
name: defaults@file
certResolver: default
domains:
- main: '*.pvr.spamasaurus.com'
sans:
- 'pvr.spamasaurus.com'
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-sabnzbd-config
namespace: pvr
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-sabnzbd-config
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
options:
opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,uid=911,gid=911,iocharset=utf8
server: 192.168.11.225
share: /K3s.Volumes/sabnzbd/config
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-sabnzbd-config
namespace: pvr
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-sabnzbd-config
resources:
requests:
storage: 1Gi

115
services/PVR/WIP/deploy-Sonarr.yml Normal file
View File

@ -0,0 +1,115 @@
apiVersion: v1
kind: Service
metadata:
name: sonarr
namespace: pvr
spec:
type: NodePort
ports:
- protocol: TCP
name: web
port: 8989
nodePort: 30040
selector:
app: sonarr
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sonarr
namespace: pvr
labels:
app: sonarr
spec:
replicas: 1
selector:
matchLabels:
app: sonarr
template:
metadata:
labels:
app: sonarr
spec:
containers:
- name: sonarr
image: linuxserver/sonarr:preview
ports:
- name: web
containerPort: 8989
volumeMounts:
- mountPath: /config
name: flexvolsmb-sonarr-config
- mountPath: /tv
name: flexvolsmb-pvr-series
- mountPath: /downloads
name: flexvolsmb-pvr-downloads
subPath: downloads
volumes:
- name: flexvolsmb-sonarr-config
persistentVolumeClaim:
claimName: flexvolsmb-sonarr-config
- name: flexvolsmb-pvr-series
persistentVolumeClaim:
claimName: flexvolsmb-pvr-series
- name: flexvolsmb-pvr-downloads
persistentVolumeClaim:
claimName: flexvolsmb-pvr-downloads
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: sonarr
namespace: pvr
spec:
entryPoints:
- websecure
routes:
- match: Host(`series.pvr.spamasaurus.com`)
kind: Rule
services:
- name: sonarr
port: 8989
middlewares:
- name: ldap-authentication@file
- name: security-headers@file
tls:
options:
name: defaults@file
certResolver: default
domains:
- main: '*.pvr.spamasaurus.com'
sans:
- 'pvr.spamasaurus.com'
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-sonarr-config
namespace: pvr
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-sonarr-config
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
options:
opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,uid=1000,gid=1000,iocharset=utf8
server: 192.168.11.225
share: /K3s.Volumes/sonarr/config
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-sonarr-config
namespace: pvr
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-sonarr-config
resources:
requests:
storage: 1Gi

98
services/PVR/WIP/persistentVolumeClaim_shared.yml Normal file
View File

@ -0,0 +1,98 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-pvr-downloads
namespace: pvr
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-pvr-downloads
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
options:
opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8,cache=none
server: 192.168.11.225
share: /Volatile/downloads
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-pvr-downloads
namespace: pvr
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-pvr-downloads
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-pvr-movies
namespace: pvr
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-pvr-movies
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
options:
opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8,cache=none
server: 192.168.11.225
share: /Public/Video's/Films
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-pvr-movies
namespace: pvr
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-pvr-movies
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-pvr-series
namespace: pvr
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-pvr-series
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
options:
opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8,cache=none
server: 192.168.11.225
share: /Public/Video's/Series
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-pvr-series
namespace: pvr
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-pvr-series
resources:
requests:
storage: 1Gi

147
services/PVR/deploy-PVR.yml Normal file
View File

@ -0,0 +1,147 @@
apiVersion: v1
kind: Service
metadata:
name: nzbhydra
spec:
ports:
- protocol: TCP
port: 5076
targetPort: 5076
---
apiVersion: v1
kind: Endpoints
metadata:
name: nzbhydra
subsets:
- addresses:
- ip: 192.168.11.242
ports:
- port: 5076
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: nzbhydra
spec:
entryPoints:
- websecure
routes:
- match: Host(`index.pvr.spamasaurus.com`)
kind: Rule
services:
- name: nzbhydra
port: 5076
middlewares:
- name: 2fa-authentication@file
- name: security-headers@file
---
apiVersion: v1
kind: Service
metadata:
name: radarr
spec:
ports:
- protocol: TCP
port: 7878
targetPort: 7878
---
apiVersion: v1
kind: Endpoints
metadata:
name: radarr
subsets:
- addresses:
- ip: 192.168.11.242
ports:
- port: 7878
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: radarr
spec:
entryPoints:
- websecure
routes:
- match: Host(`movies.pvr.spamasaurus.com`)
kind: Rule
services:
- name: radarr
port: 7878
middlewares:
- name: 2fa-authentication@file
- name: security-headers@file
---
apiVersion: v1
kind: Service
metadata:
name: sabnzbd
spec:
ports:
- protocol: TCP
port: 8080
targetPort: 8080
---
apiVersion: v1
kind: Endpoints
metadata:
name: sabnzbd
subsets:
- addresses:
- ip: 192.168.11.242
ports:
- port: 8080
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: sabnzbd
spec:
entryPoints:
- websecure
routes:
- match: Host(`download.pvr.spamasaurus.com`)
kind: Rule
services:
- name: sabnzbd
port: 8080
middlewares:
- name: 2fa-authentication@file
- name: security-headers@file
---
apiVersion: v1
kind: Service
metadata:
name: sonarr
spec:
ports:
- protocol: TCP
port: 8989
targetPort: 8989
---
apiVersion: v1
kind: Endpoints
metadata:
name: sonarr
subsets:
- addresses:
- ip: 192.168.11.242
ports:
- port: 8989
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: sonarr
spec:
entryPoints:
- websecure
routes:
- match: Host(`series.pvr.spamasaurus.com`)
kind: Rule
services:
- name: sonarr
port: 8989
middlewares:
- name: 2fa-authentication@file
- name: security-headers@file

134
services/Shaarli/deploy-Shaarli.yml Normal file
View File

@ -0,0 +1,134 @@
apiVersion: v1
kind: Service
metadata:
name: shaarli
spec:
ports:
- protocol: TCP
name: web
port: 80
selector:
app: shaarli
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: shaarli
labels:
app: shaarli
spec:
replicas: 1
selector:
matchLabels:
app: shaarli
template:
metadata:
labels:
app: shaarli
spec:
containers:
- name: shaarli
image: shaarli/shaarli
ports:
- name: web
containerPort: 80
volumeMounts:
- mountPath: /var/www/shaarli/cache
name: flexvolsmb-shaarli-cache
- mountPath: /var/www/shaarli/data
name: flexvolsmb-shaarli-data
volumes:
- name: flexvolsmb-shaarli-cache
persistentVolumeClaim:
claimName: flexvolsmb-shaarli-cache
- name: flexvolsmb-shaarli-data
persistentVolumeClaim:
claimName: flexvolsmb-shaarli-data
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: shaarli
spec:
entryPoints:
- websecure
routes:
- match: Host(`p.itch.fyi`)
kind: Rule
services:
- name: shaarli
port: 80
middlewares:
- name: security-headers@file
# tls:
# options:
# name: defaults@file
# certResolver: default
# domains:
# - main: '*.itch.fyi'
# sans:
# - 'itch.fyi'
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-shaarli-cache
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-shaarli-cache
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
options:
opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8
server: 192.168.11.225
share: /K3s.Volumes/shaarli/cache
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-shaarli-data
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-shaarli-data
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
options:
opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8
server: 192.168.11.225
share: /K3s.Volumes/shaarli/data
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-shaarli-cache
namespace: default
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-shaarli-cache
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-shaarli-data
namespace: default
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-shaarli-data
resources:
requests:
storage: 1Gi

132
services/Theia/deploy-Theia.yml Normal file
View File

@ -0,0 +1,132 @@
apiVersion: v1
kind: Service
metadata:
name: theia
spec:
ports:
- protocol: TCP
name: web
port: 3000
selector:
app: theia
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: theia
labels:
app: theia
spec:
replicas: 1
selector:
matchLabels:
app: theia
template:
metadata:
labels:
app: theia
spec:
containers:
- name: theia
image: theiaide/theia-full
ports:
- name: web
containerPort: 3000
volumeMounts:
- mountPath: /home/project/websites
name: flexvolsmb-theia-websites
- mountPath: /home/project
name: flexvolsmb-theia-workspace
volumes:
- name: flexvolsmb-theia-websites
persistentVolumeClaim:
claimName: flexvolsmb-theia-websites
- name: flexvolsmb-theia-workspace
persistentVolumeClaim:
claimName: flexvolsmb-theia-workspace
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: theia
spec:
entryPoints:
- websecure
routes:
- match: Host(`ide.spamasaurus.com`)
kind: Rule
services:
- name: theia
port: 3000
middlewares:
- name: security-headers@file
- name: 2fa-authentication@file
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-theia-websites
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-theia-websites
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
options:
# opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8
server: 192.168.11.225
share: /K3s.Volumes/lighttpd/websites
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-theia-websites
namespace: default
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-theia-websites
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-theia-workspace
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-theia-workspace
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
options:
opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8
server: 192.168.11.225
share: /K3s.Volumes/theia/workspace
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-theia-workspace
namespace: default
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-theia-workspace
resources:
requests:
storage: 1Gi

104
services/TraefikCertsDumper/deploy-TraefikCertsDumper.yml Normal file
View File

@ -0,0 +1,104 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: traefik-certs-dumper
labels:
app: traefik-certs-dumper
spec:
replicas: 1
selector:
matchLabels:
app: traefik-certs-dumper
template:
metadata:
labels:
app: traefik-certs-dumper
spec:
containers:
- name: traefik-certs-dumper
image: ldez/traefik-certs-dumper:latest-amd64
command: ['traefik-certs-dumper', 'file']
args:
- --watch
- --version=v2
- --source=/data/source/acme.json
- --dest=/data/export/
- --domain-subdir
volumeMounts:
- mountPath: /data/source/acme.json
name: flexvolsmb-traefikcertsdumper-acmejson
subPath: acme.json
readOnly: true
- mountPath: /data/export
name: flexvolsmb-traefikcertsdumper-export
volumes:
- name: flexvolsmb-traefikcertsdumper-acmejson
persistentVolumeClaim:
claimName: flexvolsmb-traefikcertsdumper-acmejson
- name: flexvolsmb-traefikcertsdumper-export
persistentVolumeClaim:
claimName: flexvolsmb-traefikcertsdumper-export
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-traefikcertsdumper-acmejson
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-traefikcertsdumper-acmejson
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
options:
opts: domain=bessems.eu,file_mode=0600,dir_mode=0600,iocharset=utf8,nobrl
server: 192.168.11.225
share: /K3s.Volumes/traefik/data
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-traefikcertsdumper-acmejson
namespace: default
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-traefikcertsdumper-acmejson
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-traefikcertsdumper-export
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-traefikcertsdumper-export
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
options:
opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
server: 192.168.11.225
share: /K3s.Volumes/traefikcertsdumper/export
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-traefikcertsdumper-export
namespace: default
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-traefikcertsdumper-export
resources:
requests:
storage: 1Gi

10
services/Vault/chart-values.yml Normal file
View File

@ -0,0 +1,10 @@
server:
dataStorage:
enabled: true
size: 1Gi
storageClass: flexvolsmb-vault-data
accessMode: ReadWriteMany
priorityClassName: system-cluster-critical
ui:
enabled: true

18
services/Vault/ingressRoute_Vault.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: vault
namespace: vault
spec:
entryPoints:
- websecure
routes:
- match: Host(`secure.spamasaurus.com`)
kind: Rule
services:
- name: vault
namespace: vault
port: 8200
middlewares:
# - name: ldap-authentication@file
- name: security-headers@file

33
services/Vault/persistentVolume_Vault.yml Normal file
View File

@ -0,0 +1,33 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-vault-data
namespace: vault
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-vault-data
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
namespace: default
options:
opts: domain=bessems.eu,file_mode=0755,dir_mode=0755,uid=100,gid=1000,iocharset=utf8,nobrl
server: 192.168.11.225
share: /K3s.Volumes/vault/data
---
#apiVersion: v1
#kind: PersistentVolumeClaim
#metadata:
# name: data-vault-0
# namespace: vault
#spec:
# accessModes:
# - ReadWriteMany
# storageClassName: flexvolsmb-vault-data
# resources:
# requests:
# storage: 1Gi