aggarwalakshun/k3s-at-home
0
0
Fork 0
Code Issues 1 Pull Requests Actions 2 Packages Projects Releases Wiki Activity

ipv6 cluster initial commit
All checks were successful
Validate Kubernetes Manifests / kubeconform (push) Successful in 1m3s
Details

Browse Source
This commit is contained in:
Akshun Aggarwal
2026-01-04 07:08:20 +05:30
parent 12d4af9cd8
commit 9aabad8216
179 changed files with 16997 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

115
clusters/ipv6/tools/authelia/authelia-config.yml Normal file
View File

@@ -0,0 +1,115 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: authelia-config
namespace: tools
data:
configuration.yaml: |
server:
address: 'tcp4://:9091'
buffers:
read: 16384
log:
level: info
file_path: ''
keep_stdout: true
identity_validation:
elevated_session:
require_second_factor: true
reset_password:
jwt_lifespan: '5 minutes'
theme: dark
totp:
disable: false
issuer: 'akshun-lab.cc'
period: 30
skew: 1
algorithm: 'sha1'
digits: 6
secret_size: 32
allowed_algorithms:
- 'SHA1'
allowed_digits:
- 6
allowed_periods:
- 30
disable_reuse_security_policy: false
password_policy:
zxcvbn:
enabled: true
min_score: 4
authentication_backend:
file:
path: '/config/users.yml'
password:
algorithm: 'argon2'
argon2:
variant: 'argon2id'
iterations: 3
memory: 65535
parallelism: 4
key_length: 32
salt_length: 16
access_control:
default_policy: 'deny'
rules:
- domain: 'auth.akshun-lab.cc'
policy: bypass
- domain: 'invidious.akshun-lab.cc'
resources: '^/(api/v1|feed|videoplayback|vi/.+\.(jpg|webp)|ggpht|latest_version|sb)'
policy: bypass
- domain: 'immich.akshun-lab.cc'
policy: bypass
- domain: 'jellyfin.akshun-lab.cc'
policy: bypass
- domain: 'gitea.akshun-lab.cc'
policy: bypass
- domain: 'nextcloud.akshun-lab.cc'
policy: bypass
- domain: 'collabora.akshun-lab.cc'
policy: bypass
- domain: 'vw.akshun-lab.cc'
policy: bypass
- domain: '*.akshun-lab.cc'
policy: two_factor
session:
name: 'authelia_session'
cookies:
- domain: 'akshun-lab.cc'
authelia_url: 'https://auth.akshun-lab.cc'
regulation:
max_retries: 4
find_time: 120
ban_time: 300
storage:
local:
path: '/config/db.sqlite3'
notifier:
disable_startup_check: false
smtp:
address: submissions://smtp.gmail.com:465
username: aggarwalakshun@gmail.com
sender: aggarwalakshun@gmail.com
identifier: localhost
subject: "[Authelia] {title}"
startup_check_address: aggarwalakshun@gmail.com
disable_require_tls: false
disable_html_emails: false
tls:
skip_verify: false
minimum_version: TLS1.2
ntp:
address: 'time.google.com:123'
version: 4
max_desync: '3s'
disable_startup_check: false

25
clusters/ipv6/tools/authelia/authelia-ingress.yml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: authelia
namespace: tools
annotations:
cert-manager.io/cluster-issuer: letsencrypt-cloudflare
spec:
ingressClassName: traefik
tls:
- hosts:
- auth.akshun-lab.cc
secretName: authelia-tls
rules:
- host: auth.akshun-lab.cc
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: authelia
port:
number: 9091

15
clusters/ipv6/tools/authelia/authelia-middleware.yml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: authelia
namespace: tools
spec:
forwardAuth:
address: http://192.168.1.203:9091/api/authz/forward-auth
trustForwardHeader: true
authResponseHeaders:
- Remote-User
- Remote-Groups
- Remote-Name
- Remote-Email

14
clusters/ipv6/tools/authelia/authelia-pvc.yml Normal file
View File

@@ -0,0 +1,14 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: authelia-pvc
namespace: tools
spec:
storageClassName: longhorn
resources:
requests:
storage: 1Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce

46
clusters/ipv6/tools/authelia/authelia-release.yml Normal file
View File

@@ -0,0 +1,46 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: authelia
namespace: tools
spec:
interval: 6h
chart:
spec:
chart: authelia
version: "0.10.49"
sourceRef:
kind: HelmRepository
name: authelia
namespace: flux-system
interval: 6h
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
configMap:
notifier:
smtp:
enabled: true
password:
path: password
secret_name: authelia-secrets
username: aggarwalakshun@gmail.com
existingConfigMap: authelia-config
persistence:
enabled: true
existingClaim: authelia-pvc
secret:
existingSecret: authelia-secrets
additionalSecrets:
authelia-secrets: {}
pod:
kind: Deployment
strategy:
type: Recreate
service:
port: 9091

9
clusters/ipv6/tools/authelia/authelia-repo.yml Normal file
View File

@@ -0,0 +1,9 @@
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: authelia
namespace: flux-system
spec:
interval: 6h
url: https://charts.authelia.com

20
clusters/ipv6/tools/authelia/authelia-secrets-sealed.yml Normal file
View File

@@ -0,0 +1,20 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: authelia-secrets
namespace: tools
spec:
encryptedData:
identity_validation.reset_password.jwt.hmac.key: AgCHMesTu3xiWgUOZ8WSUV/qmxmV0QinuFMjC79EeCwL7npAvLmm7oaIl/gErKwmHM0BeJNh8upa/Qi/vz4xi7IAyaCqnmTRiKR2lLTipYtT4r3xQTnD3yX6RPqfESeLS8Oq2Y0s5v4Ypb7GHzqzjcV3Auji8Zi+iWCqXDrgSxWusGRqWOAPNEfThzJntDf5yxcpbARdP+80rac/+kij1Pa4oI+Rrbwi5frQ8GDRaQI1s3FiVmYfESDAIBGIRnMtLbsBVZvt1Vh51cpAb7HA32IxksFu81YdNrmO9QUQsxqrYEUgZCkMbKXbyXK+PPVfYNd9DcYpO7siImtjIk94oqUGEIy8F6G3nNoAwG1v8+qJZHBylooTesCXz0ORhm8Po9sL0bSBAOjVxRMEC7/EZ+WgDaHlAUXeJRQoorgL338TKVpftchFYOw625zuGqKziT7sBwnvpAVOYqIxVNU0nQLe+sbKuq6k3381wR7Cu5C7zAYPWA9Nq2DHv6czfyvUNc0o9YLEBRcZqrlmFoF0mpBRmORAdJJ8sAo/Jxpgnet+rQuaRaLIohg1paWKNGpv0VacXLIYF2FwHMLxDyPJtzV4bF91gAWhD27z8qenKVkZcim7Nvecc2IeRfrNWFD5m9q/Ca6XR8Y6liqKBE1wockR5HarXPxQ4X/Eo8jdorfiyI/3qvTVU5l7kblumSvKlsJUyYB+v5/fOBGXvMBzjwr1iOcZfZwhMkFYBXIaebXS
jwt.secret: AgDEmKfS0uyID0aWco02ktfU3VBqblcOW1XA21e3NA6ckdjFz9BYDT/Oq2Quj4AOyM33zEEamycL+anWfZzKbyFZ6QpDggOOnhG2M/rIe4WaxIUK8si7oZBFE8CJnMImplRjozFSa3z72Wzay1QK84gc6sCyiOpw2gbxY6c1kXZi/AdiJyHaN6o+7oJfEGczAaVGGKzbOZf5ynocvBDBx3n3IUkXiQw/OcL18sklInfrYC67+H/me6ga+Sm9Jfx4uF0Smf2+WFPAw/Ylu8U1QVWXMXHOVBt5KldkzTvtrTJsKWO9MG3xYp9AZtDQCFpHNjotLNcV5kcKoUoZWZgmn8BL6f4fNI3GJLNuhG+kam1T2lTiJrqBe+y15sRisc3M3zZJW9hC/Aa1Uph6Ba25r2ry9Li1L3Iqrd6yFzlq1Ecnhbscv+ImV3UkJ+hOOx/kqDq/SIMcigeemxgtkgmVrZVTQL7keswXs1ylCFd4PM/oi3KHNWG1+Ah23HxmwnYb3zCBaVTq0e3JLz8nRHL/SzaFl/JQKfi2P+j57qcdEN6s901srqh03M6Rg04VtgX+7WNgfVVpTby8Ayt0MJiyQvK0hHTi0e/Hu+oRhdZDR/RflAzxKVOFNkZzG3IpADeKSwR5iMWHYebBmVo/mgi+AA4Oo4Ma4axnTiczcPxMSJhslwWkEtMcXQzC3q2zBDWTbV6/4EQUPrKS8KTiZ+rIJzKwXhpOsosKDSTTCYTJi8+3ht5UsnP/3pK/KDSEIUsw33H92G0C33i2OHezSOgBhB+o
notifier.smtp.username: AgC1lL54rpLTear220XepMHxIiMFqz3sFQDhej+Ev/CFc5+EeC0iuQNRMMmQREinULYA+/Oy7TjFh89F0798SgCmVTYHNxQTgFS2aZn6HvVVNqSSefW7j70Gh3UVW9gmsiSg7hSnrM1dNk9m4BrrN9hf1CrKLLr3hAETQnDyCeWN53gYYByL4D3J2w46pb3AFkjXKU8Y0cz7mE8oB4ZcQhnNf7Cy2jJHaRQ08U+LZ/gD9d/U+orgYYMlzaw9vbSgcwYijjN9VT2DkTAg2Gf0mR7teklNp9OPRPl0uYyDjpyT+NzNLZN26Vljv6vUTtQlYh9O8Z/zTdtzpvQimcesCF+E/LhqJXqWiRQsMIb3Gih+zLIM6iPVkZQv5gEs5Fjc1TvhdHyn0FtWATrVUMKcFwznW0JisqJvTqm7FY9TUEXtqHMxs5BSPyNsUYpqqo8x+gll06ii1aVJRZyBUeShzcKsdLhrJmVPzC1FxOeWk0V/eK7KnG9QtBZNN/LkdMRTkvO+HlKqXP123TWjZUF8AR9kE34+yHrp1wiMdZADkFAX+Zaar/UwAhGfbcwVegSCTEHDpKZ2wCz5xmEczgg9ohWgOca8q69ola2tdP8ehBaMaviMmNBgD5B6LhFziVbhp1E+S7JRuwvdqdOx2YjkCw6rs7l6KceiGsDQ0T0CkvUWmKhNiKsoOmXys8tAS+jktCnoiNnZKleRjtZbWLQocwPGCzXPvoGSgDQ=
password: AgCEZBfAOk8yl0aU8ohD5FkPITTkvKDLNNr/0oMlwskkRDr+xvthPCMntPHXn4CISLDTHWjlr1JlEN/ggJdjYrso7oiI9Ku7RLrEeUJiIOOJDxcOY68ZNecGBKLQu3XmH0MmFCSLke2bG6bCK/NdnNKFQzzd+fMsxL04xjaHKpgyOU6tgbo9Cmlv/b3YcWPjXwdQRkWOTXEhpmbrVfZHtFjob51MHMB1Z6utXr613c7taGOkZZVxvVI3NskMvvWHPbzcceojB7AgeDoabIONDsg5p/rjdkpDq6nJJUNF0m1CjKDiYSfVmR2abUpwgic5X/O037X+/q0Nuk5hQWdhR0mgUiSXa/J3ftd8sAZFUKc4QiqU3/fCvcrwysVJOPpebah9F64MZBdcDvaqOPW3V7svLiIviPPpkZn/a32TTgzZjvn4nIhh6JTUNKj1QaP+jkX6KoUaPpTlWJgD4ksiyjiDl/FjHTHaiJkjchUCzRQIejoGF4JPmHAJk5G6z8elArpwzmHZQ36srjVLDCERbV9frDEx6DLY24WcBMtkGpV7oz8mrU9xipoPt/fR09riApFRslfgs+aK9RGwDP4HmxFQ/Qax4uUTwrcj17atlCQvtMHLHEYvI+8+bB9/aNwGUMr2IVZYQ1stg+dupRs2xQER/zQg+REj7bAbUTDWlkM680uv5Plxp2OfUSgAtiMbpwvX2wxw+eWtJ9lr0XCdZ+wp
session.authentication.key: AgAv7vKswgMSiZdJowR7yjwrU9ARqdGbLD7Cd0mTC9jdcU2yodANPN6gBichhJ14yj+NmI8r3dpOAZvhqCrZcHeB/qzTpZnHS6tcLbLmwmASfUvE8/CZCEuE3plY1SoWVsI3I8UN6+eeI0g6tXh5IcgJLw3qp3bj3aIXY9HJOYjhioEo+gG0RpeQ5VkPKFav2kb7jaXXYg4z3T3JyqE0jituNkGiZ3uTgZ1yPs7iYxqQ1wOtbWBj7SJYIH8SUV8UVbgIOGGs8jgRFiZeF6ABrZ54ZriGUI718qGY3FrbBJad9GiQvHuFXOyny2yeN1j3LTkr7cW0rpLBY1zzLWWny8FS+x69ftfbRTu+wBUaGfWNPNW3szGnSEDxbWs6j9dzHoUA06nKIbMICdlF8uhzb/MGf8YpR8wxFO5sDEcbIjG3MXc76a21ouqnJEi3kZlauwQx30/jqJMDqJ3onPI0/OhIvrqwyMGgCAGivCtDOmrCCwLtvCC+brc7sOPjAJ7O/BAUvEGw2YTbP5IGY+nW71/MQZB/AWz5o2u0Ro7wqE6EY3HDR5SEXGXOqnflrtUMVWNf7BU+Rr3rVkaakx6Mrmk3lhaF2gP1+MJochYGwnZqLlvi5ffmILWexbZjfw8V4fuPt9g+b04SELsmjXxpYddxxIOnQZUkh5c2OFZLDXX9DbncqpHU3q59Bojxq48bAfFv2ops6PogDtGfrQmcv/uWLJH6tV7i/kfi9MXyFr0/IQ==
session.encryption.key: AgAErQQk5jISeJWbwjVvtB4DIK3BeoZnoRyv0RtTbyheHZPNHtPro7bhD6v0wYh88spi51kaeYRDEJxGnHoOdiiFuI5Xo2UK4I4Poj6kCUQFhl2isntzd1dNonc6M5dikcnFYjQIIdMqPhW+jLNsnR7hJD9OksZhr27WPvvwE/h1QTRAKKIeeBeck2TnX8ArgA8lnzFAE3/U3V3PFgucrfYo/Zr/xTt+8267ouEL0x4jvjeOsynNqRvhcqAJtjwhxdobbP2GQ8e1jGyvXUBJ5v0qjwZpeoCvBqzprJaNnRARdMq+e0czrV7EdyDKZRqLpFOjAfs3AhMYHX02pjbvWgXN3AqMHojZDZtqvnDK+FncSS+t3E3sN/N/Bf2ruRVnlkRjdPAMU8jhw5X+cclZk8FH0M+MyGoGS/XXhFaYcaIg/YCIu4XDuGPmhUk4rVhz+ntaAm7+LJlHnt2NcINTdJ4NtU5LkrXovOhwDH6K+KNMdxPmUmj7U5XJSzbMr3Dyf4Y/rfWKofPsjCEyuwDfiSl+lyFH6p1Q8orbLE4flBgWuAn2lyLT4479uQ6jhqzYLfztsTkJiOxxLXC2oAiDQem12k9YuflQY1LsA2B/70K41gIEUynrwpV/sStL4f5oJH18c3HsNYeckULBfuBHRGTlHWJuL0gUNyxSt/wKlOlw4Rd7R6SvCxHXeb/E61ZW2RHVRTgw5/sUNM8KhYWVZdS9MXsWqkb4K6TXT6gXV+krvQ==
storage.encryption.key: AgB+YE9g1LGgUL7AilXufX2Ifqr+MUUfeJGEeVipNdif7Jd6lEZufj18W78OUn5TSvujT8eZIzsWC4s1DGxV8NO8G+1uNMFdL0gAXPtHTNQf06cfGYOxk6rXfgE+2U3qtN0/CHoLBKlaUEjtUzKeLpLntKobL2/vQf3OyDdogHlwGDINQ1L7dIUgoNSShfNVY62pDPPeQUuP8J9mxdEg2D+HFNTYX4mM9bCT31ZLReTKXpW4Cbc2cWsKe66jbtDfdthesV71dVgi8X5kacaW9O0O4bfq5iPZxuAfixeb/9QG1z7OolMpxGW2az1wZV8JfJrUWhgVGIGX67NJw2YYiSgp2dB6AcWmfHA0TAya84viJk35HthHRlYIArgIUYauPhAOzCRzc1oWzD7THVkLC+aGcccZC6n6eWnNNpYqxmJlZhp79oX2jHMtYD4HnmnYkhvf79R4MLU5YAvtdkxe9PGAqztufgSM7cq4cvQqTjddYjCyhrJYAyDmwOm9dDcCDqLcdIwRGmp0ELhr4KRYitBCN6/X9C5cq3CSn2NH0Jv9hmxnHoyvvA3mlLw8BuWF9AIGK89NoyuM50v0extpdZ8bpTd1Dd0Vzvt/iv/4n95+siW3YVr94id/LOIMVJKliXuL47Picu5bPMCylo9ss4odOQYADTfOckeSfFc6cz1SEk3k8pnv8wCfams2rB29En0wKOg70aBjEgDADqCGgOMOwFEjPqXhHbF1by9XwCNbeibML7eyPmdxMyzGwMbTkRVM/SqWhCEulqswCSS9DyEw
template:
metadata:
name: authelia-secrets
namespace: tools
type: Opaque

14
clusters/ipv6/tools/authelia/authelia-svc.yml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
name: authelia-service
namespace: tools
annotations:
metallb.io/loadBalancerIPs: 192.168.1.203
spec:
selector:
app.kubernetes.io/instance: authelia
ports:
- port: 9091
targetPort: 9091
type: LoadBalancer

14
clusters/ipv6/tools/cloudflare-ddns/cf-ddns-secret-sealed.yml Normal file
View File

@@ -0,0 +1,14 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: cf-ddns-secret
namespace: tools
spec:
encryptedData:
api-token: AgB0eovgOD1djWw86G6ETlDEtrs0Yf31v/9voMyLkBM76rlPQ1RaLSZ8ozyH1nriLgAtiF1/g5/dtshGE+YZ0o4RjMCLPEhJXGFftEYXCTqTfH6PoODf4FV3sSSB1qx0VIUYjk61xxM0SD1R0cjNUlfTQxpmVcI2Zw8bjuuYZXy3kNt/4znsWtYUdRWgLFb5cAsdsesL+deWTnvLv67M3DyQ3l1qoqndVHFh3Sshxd8eI46kEiPVYwK+s1lGxi/y+Qbmw9g8Ki5LNvryVe6SHDTEziNHtnKsbPeDQ4bHRCs2/KQqhZIR39+1KV8dJ6DcXgz3GUermcQdm2o5nnfb2e0hsrQflW/IKxValsO9Ds+I1LARIQqdEYMHvsoExd+YVyL86hO3OWqSu53WbWToqbzx2O2NZ0iVFhOIqGHzTOZS0CQY8n9w3lpB86VF7nGZHW8AjJ8Z8FpU11Yx5So0UJG25n0f7gszm6v9HVvb5MUBZyXosoJGgB6AGG4lFgDWze+JIvnsgWrfjUwzsGVXeXOoi16+qZwdXcU7NfRPy0c4UV6C+UQH1oAgHN6Qy/PoaOcs0qnHuP0Cnzr8TgeYzsStpntA+3sPLpRjYCzAiowc5HzKbHDArMDrKgdy6cQSYL58P57ZsYV/AmQC9S0n+vYAZbJlOeI7laxCoPYAxcWS8WCYPoBDVmELPeeI7ch4BaoTYpWpOrGVeaJkRtMTVuQ7Fgc5yFzVOH6KOTTLDXuM/3xYHhG1ZRXj
template:
metadata:
name: cf-ddns-secret
namespace: tools
type: Opaque

35
clusters/ipv6/tools/cloudflare-ddns/cf-ddns.yml Normal file
View File

@@ -0,0 +1,35 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cf-ddns
namespace: tools
spec:
selector:
matchLabels:
app: cf-ddns
template:
metadata:
labels:
app: cf-ddns
spec:
hostNetwork: true
containers:
- name: cf-ddns
image: favonia/cloudflare-ddns:1.15.1
securityContext:
capabilities:
drop:
- ALL
env:
- name: DOMAINS
value: "*.akshun-lab.cc"
- name: PROXIED
value: "false"
- name: IP4_PROVIDER
value: "none"
- name: CLOUDFLARE_API_TOKEN
valueFrom:
secretKeyRef:
name: cf-ddns-secret
key: api-token

27
clusters/ipv6/tools/code-server/code-server-ingress.yml Normal file
View File

@@ -0,0 +1,27 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: code-server-ingress
namespace: tools
annotations:
cert-manager.io/cluster-issuer: letsencrypt-cloudflare
traefik.ingress.kubernetes.io/router.middlewares: tools-authelia@kubernetescrd
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: traefik
tls:
- hosts:
- vs.akshun-lab.cc
secretName: code-server-tls
rules:
- host: vs.akshun-lab.cc
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: code-server-service
port:
number: 8443

14
clusters/ipv6/tools/code-server/code-server-pvc.yml Normal file
View File

@@ -0,0 +1,14 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: code-server-longhorn
namespace: tools
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 1Gi
storageClassName: longhorn

15
clusters/ipv6/tools/code-server/code-server-secrets-sealed.yml Normal file
View File

@@ -0,0 +1,15 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: code-server-secrets
namespace: tools
spec:
encryptedData:
PASSWORD: AgBpKtvNDDTdohQjCSlWNWuid964IEbN7SQRuISP/zeu5n1IOe4o7zoL47MwtvMdgC3GyLSWcExdkdZmfF8dlNw7lJ+2VGVLTzT0aM7X7RrGYUyv0YyruCUnfjvD605WqEymS/UVWnp69LDwoELLxnU8nm+WMvnPZEOqyuk0EF+++PjBVblQAvaPnLZ00b4BvG56+C4wMyRIZ8Fyc1TAjwIQGBBDDvRzMinMtSsjgqsnA534SZDgsWUkMlICT68ahEfcWiXQ1P/t7adi5AnA1ag2S7HaxvjP5749hKNIQXK9J1txIwHKCzxvoKYmSbhJ7DwIE1Gf1Z66es2hBMM2AU6Y8XnxQOGSdlYcckgDgyhIgUMtpSCrhO3ArS/ZFNFpkj22APVEIpRY64X7i2J1Lm8uhRwiKbg7ocQb2X8/dgNCAoTZnSVjlv7yu5vGY2CGsFp3kq0iaTBlGpmoeRJGNx8nHN6BOC45g6RJgGq/HWt0dLTey7VGoLzZ4nP4eeHBA3QAV4RzCQ0Is1UXUgVFJDnwEQo5PFPG8JSA0IOP/enpjk+wkAJH3+UX+xqIoKlr0ANGeHSMAT/7O6uXJnBjgGFqK6EbmKdV1Df59tyBCynlUVrt0e6KOf2zfLtTOaqHFSGefj+883ilwohAGQh7eJ0ZM4BeaXSs3RSTVPTnqV5REm9JscFatqJ8MP//sSYLqsB8eEQ6m/Q7AduSXg==
SUDO_PASSWORD: AgA2wqIq5/EcsTEMmTiYXv2+5w0eMZTrK0IHpEfCG2XLQkVWmzzuSBj2cLGEdsq5K+jPIda8gTVBBPZsWL6LYnbp1s1XrvnpJVnyF+Q8LuJvE452PLmpoQaJ4q9Exv0tXPGS3wxHhQG2rLHDOQF9bG9mWhCrFo79vpE1oyiEyeERJy4QlX4qNEF0lBe+owps9rHjFiyleat7ktiDyNryhq1QYAuSaJXm3M2P0Djd4589XlZc6NSiz+0igzcKM+fFgd+TWBHN5ZGLSAZexZjAM5FUZwqgRWwdJWK5vPEPljdhZ2ODe7a+PmTf3hcoN2/wkeVsBAuvyrwrJM/qCSi/fNBB2/mg0uVw7VPhS6HVBhhhxSnJS6ncCtnfiYsWxMjiCPEpvRZMtuKEhlvZ1JYlk3Q0cIDDrlICMSd/lGqlm+f7YbPOS5GoUvMhF0VgxRs65yqX4dJfH6kPCcPm24gSazh598rNaG8Rw1CYKuLiV7UztP4sllYsES1OvwLuB+/4cSaHnYY9wq1p4LXc47jkWfaJYoghfe/9bwJw+1vPQpvUv2tjANa7bY03na5Tp3Up2JtsIgk/qj+UJ2otsJpO2ZASHfLYQHQ5wWjJ/ih6TyAJPil4SZXnMpinSVJc4P6Degv1kMAYqGHfQ+paOxOOEx3PkO5t2JRhkTGjlI/v/UjOx5RbivNY2zcGr7AUip8eREdi6O2DuKc=
template:
metadata:
name: code-server-secrets
namespace: tools
type: Opaque

13
clusters/ipv6/tools/code-server/code-server-svc.yml Normal file
View File

@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: Service
metadata:
name: code-server-service
namespace: tools
spec:
selector:
app: code-server
ports:
- port: 8443
targetPort: 8443
protocol: TCP

49
clusters/ipv6/tools/code-server/code-server.yml Normal file
View File

@@ -0,0 +1,49 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: code-server
namespace: tools
spec:
strategy:
type: Recreate
replicas: 1
selector:
matchLabels:
app: code-server
template:
metadata:
labels:
app: code-server
spec:
containers:
- name: code-server
image: lscr.io/linuxserver/code-server:4.107.0
ports:
- containerPort: 8443
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: TZ
value: "Asia/Kolkata"
- name: PASSWORD
valueFrom:
secretKeyRef:
name: code-server-secrets
key: PASSWORD
- name: SUDO_PASSWORD
valueFrom:
secretKeyRef:
name: code-server-secrets
key: SUDO_PASSWORD
- name: DEFAULT_WORKSPACE
value: "/config/workspace"
volumeMounts:
- name: code-server
mountPath: /config
volumes:
- name: code-server
persistentVolumeClaim:
claimName: code-server-longhorn

12
clusters/ipv6/tools/gotenberg/gotenberg-svc.yml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: gotenberg-service
namespace: tools
spec:
selector:
app: gotenberg
type: ClusterIP
ports:
- port: 3000
targetPort: 3000

30
clusters/ipv6/tools/gotenberg/gotenberg.yml Normal file
View File

@@ -0,0 +1,30 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: gotenberg
namespace: tools
spec:
selector:
matchLabels:
app: gotenberg
template:
metadata:
labels:
app: gotenberg
spec:
securityContext:
runAsUser: 1001
containers:
- name: gotenberg
image: gotenberg/gotenberg:8.25
command:
- sh
- -c
- |
gotenberg --chromium-disable-javascript=true --chromium-allow-list=file:///tmp/.*
ports:
- containerPort: 3000
securityContext:
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
privileged: false

7
clusters/ipv6/tools/namespace.yml Normal file
View File

@@ -0,0 +1,7 @@
---
kind: Namespace
apiVersion: v1
metadata:
name: tools
labels:
name: tools

32
clusters/ipv6/tools/nextcloud/collabora.yml Normal file
View File

@@ -0,0 +1,32 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: collabora
namespace: tools
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: collabora
template:
metadata:
labels:
app: collabora
spec:
containers:
- name: collabora
image: collabora/code:25.04.8.1.1
ports:
- containerPort: 9980
env:
- name: aliasgroup1
valueFrom:
secretKeyRef:
key: nextcloud-url
name: nextcloud-secrets
securityContext:
capabilities:
add:
- MKNOD

51
clusters/ipv6/tools/nextcloud/nextcloud-db.yml Normal file
View File

@@ -0,0 +1,51 @@
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: nextcloud-db
namespace: tools
spec:
selector:
matchLabels:
app: nextcloud-db
serviceName: nextcloud-db
replicas: 1
template:
metadata:
labels:
app: nextcloud-db
spec:
containers:
- name: nextcloud-db
image: mariadb:12.1.2
ports:
- containerPort: 3306
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: nextcloud-secrets
key: root-password
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: nextcloud-secrets
key: user-password
- name: MYSQL_DATABASE
value: "nextcloud"
- name: MYSQL_USER
value: "nextcloud"
- name: MARIADB_AUTO_UPGRADE
value: "1"
volumeMounts:
- name: nextcloud-db
mountPath: /var/lib/mysql
volumeClaimTemplates:
- metadata:
name: nextcloud-db
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 2Gi
storageClassName: longhorn

53
clusters/ipv6/tools/nextcloud/nextcloud-ingress.yml Normal file
View File

@@ -0,0 +1,53 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nextcloud-ingress
namespace: tools
annotations:
cert-manager.io/cluster-issuer: letsencrypt-cloudflare
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: traefik
tls:
- hosts:
- nextcloud.akshun-lab.cc
secretName: nextcloud-tls
rules:
- host: nextcloud.akshun-lab.cc
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nextcloud-service
port:
number: 443
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: collabora-ingress
namespace: tools
annotations:
cert-manager.io/cluster-issuer: letsencrypt-cloudflare
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: traefik
tls:
- hosts:
- collabora.akshun-lab.cc
secretName: collabora-tls
rules:
- host: collabora.akshun-lab.cc
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: collabora-service
port:
number: 9980

29
clusters/ipv6/tools/nextcloud/nextcloud-pvc.yml Normal file
View File

@@ -0,0 +1,29 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nextcloud-longhorn
namespace: tools
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 2Gi
storageClassName: longhorn
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nextcloud-data-longhorn
namespace: tools
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 10Gi
storageClassName: longhorn

16
clusters/ipv6/tools/nextcloud/nextcloud-secrets-sealed.yml Normal file
View File

@@ -0,0 +1,16 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: nextcloud-secrets
namespace: tools
spec:
encryptedData:
nextcloud-url: AgAFzW3QSq6FnGK/H+pzimmSGnDOE+6hUxoTdfYWnr6GKGwzjJizDJgqRvknaNzKr1/1WtSIg32rJYM8HbRRA2RdTrWys59rG3OdDSGYrkBUnRxyw8aKOHDiSI/8gxtsJ+29t+GLL1u+apXBYOrnekjV+0R3TlDrQSG+XQmSueNX2n8sCawEwvq7M9IYJjcYISCJ+kDAChx0RdTjCfl1K+94Oc9lRZpeirDrXY0pX4+SBch8BTIyQngYX74BtqHHkonjJDyBsZySG2PToThmWYg0LQd8Xg2yrjmj89AicEh5PCgU4PW6a5RuK+8DxfW4CxRGyFwOMlD2YePTEC975oh5S+E4W+U2ccuJ9wUji8s3y52BoinlmvyixoOlDt1b+ALI69Meh6RDwDUpCWUYbiGnzlt5da1XFU6sdGBp9kMHt+f3Xknn9U+lxqFFlizBTviJTM2Ds2T9DONxnVOCTkecZzAC7HOWpWjufMln3yorvdzH9p8OAIgK8GNUK6O/+oOWeTSAvZQMDqJeOb0aFYk00oMGgyf5PKPvjUxQ9QncXl7T9+eQD8W9JNPqehTPQwXdRoXkxqXGFwlM0Yt+OcdagB7qM8lch156MLAxdzTJlw/kr2nirwgfJ4/oIKhpHDdohdIZkJWLV0p158S0CJbFGQ6M0HHb0WJPBYPdDmupXMpW+zvsUAkjx5q72zPLlG9EVhSNp7g4EeMIJKMC5ZmCQcoaUxKswu5rFhDhWXMW
root-password: AgBhzUvK0ez3PXXwAbwMHLVhOM+Aln/uI7tYPKplrasv5n8fVeKPF5Cpu3XbDmafCXvvaGDRQa1oaK+rvabe/9TbFd+p4SxD88VzcrU7j1uKpdoqwAcU0C6DpnoGN0ab2E8mtOeJFkeNUQ2+HOeCW9RUWXCPfMND8YJ23gbY5E2Ygo/UXyGi54xIf+XtVsTvORAIBnvziojA7Yfo6KjmYhtpeF0nRNMXWfAjw/1t6OgXTtRR2Jj2HA3k42cU3Q2+DXlbaCfErS/aKMFqdlQOFmINJyh8yqacm1Eb6lfmLmZfjHFKetbM0NJNHvYQ2Rni1tcjH9DnIOYivID84iJNDjnqMNbS7FtVEkjXamIafHbObo9QXxQbI0N1tgnmEkSuVYb9avTydos/hFMJ5dPGs/XBdvJUii+XhfIP54G86QxnkKQpXvV4gxHkdTxZOHMgprp+l8VyWpl6Ctj/lZy5ChFf6qPP8Q6BLHsmG6ykCt6gFJqFC0KBqLegWLioSHfYh6jyda2sEwJrX834TqDnrjykS4epOvf1oUdvUtx568XN9e2nGFcZTT7ehYTAY0RdSVQvKDyLL3/HuNo4HpqDB8tjPRis7opiL4WiGetmDe75H11JL5hecxMMsg9+O4xD0WbGrkb79S6A3u3MkjrnvXPTokkyQVO5doaG/hN28PFYa+j6RbJJQsvVP5I1ioU/W718E71idPU8o8/39g==
user-password: AgA3kPih0lVuivvYBxC3W5OuwLIiPDwMKukAAGSf6VsWgzwmhUaBoy9Psy1/0zcLg9CbjFPkcW6Me7sKpdCdumBa4KHTh2wznEUvIITXK15BiZeNsiiLSMWH5kNEvb0SZhgUn2sllQUcOL+4pkjjkCQ9SeH9aXtUkCu65eKjIsQ4j893Qx+kpD+lEkZbth7MZU6TL+LVjIFpmLv1M+eQmtz8G9+qShtrTPNaBJjWO0SgsS13K/4121bRsIBeao6LXaAIXr+RtAwMHJUMmrYV1rJHy/F/dAyCghAJuL6GL0mJKXwGJ+zag1+4ryE/VbnnGx2Et77941/f27Wl7PeH4uZmnhoEumO2ebl1Lxj+O5Qalov/fKreBYF1LOiHCbD9QyKYzCjHCQ+bVw7GDXwXnuQjHPEjAqAitTJCO5JL3ir33QFMO3C1b0xZldTdJ3HS8yeHv0icaelBFPIzawbPCJqiy38BnuJivJcHAPllOrbnjOHNNlVck+DqOq9PnFK3OnwHoMKLDqvTk0SYpKxd9m0oR5TTVgx986JgCbCD/gmzZmT6xrAatVLDaL7iG0GeIeFcWAKhJoKfQOmsLkkNNFMGk4d8f3cMV6et1FgvseMy6MFAoAHbur5768ONMkyA88BZMd4j1Jk8SUAUYbg50d0xVCSx8+L3twqk3FzRJ7c2h9ruWYyYz3P1fvJectHrXMLeiTjwA19JSNjngw==
template:
metadata:
name: nextcloud-secrets
namespace: tools
type: Opaque

62
clusters/ipv6/tools/nextcloud/nextcloud-svc.yml Normal file
View File

@@ -0,0 +1,62 @@
---
apiVersion: v1
kind: Service
metadata:
name: nextcloud-service
namespace: tools
annotations:
traefik.ingress.kubernetes.io/service.serversscheme: https
traefik.ingress.kubernetes.io/service.serverstransport: tools-insecure-transport@kubernetescrd
spec:
selector:
app: nextcloud
ports:
- protocol: TCP
port: 443
targetPort: 443
---
apiVersion: v1
kind: Service
metadata:
name: collabora-service
namespace: tools
annotations:
traefik.ingress.kubernetes.io/service.serversscheme: https
traefik.ingress.kubernetes.io/service.serverstransport: tools-insecure-transport@kubernetescrd
spec:
selector:
app: collabora
ports:
- protocol: TCP
port: 9980
targetPort: 9980
---
apiVersion: v1
kind: Service
metadata:
name: nextcloud-db
namespace: tools
spec:
selector:
app: nextcloud-db
ports:
- protocol: TCP
port: 3306
targetPort: 3306
clusterIP: None
---
apiVersion: v1
kind: Service
metadata:
name: nextcloud-lb
namespace: tools
spec:
type: LoadBalancer
selector:
app: nextcloud
ports:
- port: 443
targetPort: 443

50
clusters/ipv6/tools/nextcloud/nextcloud.yml Normal file
View File

@@ -0,0 +1,50 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nextcloud
namespace: tools
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: nextcloud
template:
metadata:
labels:
app: nextcloud
spec:
containers:
- name: nextcloud
image: lscr.io/linuxserver/nextcloud:32.0.3
readinessProbe:
exec:
command:
- sh
- -c
- nc -z nextcloud-db.tools.svc.cluster.local 3306
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 3
ports:
- containerPort: 443
env:
- name: PGID
value: "1000"
- name: PUID
value: "1000"
- name: TZ
value: "Asia/Kolkata"
volumeMounts:
- name: nextcloud-data
mountPath: /data
- name: nextcloud-config
mountPath: /config
volumes:
- name: nextcloud-data
persistentVolumeClaim:
claimName: nextcloud-data-longhorn
- name: nextcloud-config
persistentVolumeClaim:
claimName: nextcloud-longhorn

14
clusters/ipv6/tools/ollama/ollama-pvc.yml Normal file
View File

@@ -0,0 +1,14 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ollama-longhorn
namespace: tools
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 10Gi
storageClassName: longhorn

34
clusters/ipv6/tools/ollama/ollama-release.yml Normal file
View File

@@ -0,0 +1,34 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: ollama
namespace: tools
spec:
interval: 6h
chart:
spec:
chart: ollama
version: "1.36.0"
sourceRef:
kind: HelmRepository
name: ollama
namespace: flux-system
interval: 6h
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
ollama:
gpu:
enabled: true
type: nvidia
service:
type: ClusterIP
runtimeClassName: nvidia
persistentVolume:
enabled: true
existingClaim: ollama-longhorn

9
clusters/ipv6/tools/ollama/ollama-repo.yml Normal file
View File

@@ -0,0 +1,9 @@
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: ollama
namespace: flux-system
spec:
interval: 6h
url: https://otwld.github.io/ollama-helm/

27
clusters/ipv6/tools/open-webui/open-webui-ingress.yml Normal file
View File

@@ -0,0 +1,27 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: open-webui-ingress
namespace: tools
annotations:
cert-manager.io/cluster-issuer: letsencrypt-cloudflare
traefik.ingress.kubernetes.io/router.middlewares: tools-authelia@kubernetescrd
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: traefik
tls:
- hosts:
- ollama.akshun-lab.cc
secretName: open-webui-tls
rules:
- host: ollama.akshun-lab.cc
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: open-webui-service
port:
number: 8080

14
clusters/ipv6/tools/open-webui/open-webui-pvc.yml Normal file
View File

@@ -0,0 +1,14 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: open-webui-longhorn
namespace: tools
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 2Gi
storageClassName: longhorn

12
clusters/ipv6/tools/open-webui/open-webui-svc.yml Normal file
View File

@@ -0,0 +1,12 @@
---
apiVersion: v1
kind: Service
metadata:
name: open-webui-service
namespace: tools
spec:
selector:
app: open-webui
ports:
- port: 8080
targetPort: 8080

32
clusters/ipv6/tools/open-webui/open-webui.yml Normal file
View File

@@ -0,0 +1,32 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: open-webui
namespace: tools
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: open-webui
template:
metadata:
labels:
app: open-webui
spec:
containers:
- name: open-webui
image: ghcr.io/open-webui/open-webui:0.6.43
ports:
- containerPort: 8080
env:
- name: OLLAMA_BASE_URL
value: "http://ollama.tools.svc.cluster.local:11434"
volumeMounts:
- name: config
mountPath: /app/backend/data
volumes:
- name: config
persistentVolumeClaim:
claimName: open-webui-longhorn

35
clusters/ipv6/tools/paperless-ngx/paperless-ngx-db.yml Normal file
View File

@@ -0,0 +1,35 @@
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: paperless-ngx-db
namespace: tools
spec:
selector:
matchLabels:
app: paperless-ngx-db
serviceName: paperless-ngx-db
replicas: 1
template:
metadata:
labels:
app: paperless-ngx-db
spec:
containers:
- name: paperless-ngx-db
image: docker.io/library/redis:8
ports:
- containerPort: 6379
volumeMounts:
- name: paperless-ngx-db
mountPath: /data
subPath: redis
volumeClaimTemplates:
- metadata:
name: paperless-ngx-db
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 500Mi
storageClassName: longhorn

27
clusters/ipv6/tools/paperless-ngx/paperless-ngx-ingress.yml Normal file
View File

@@ -0,0 +1,27 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: paperless-ngx-ingress
namespace: tools
annotations:
cert-manager.io/cluster-issuer: letsencrypt-cloudflare
traefik.ingress.kubernetes.io/router.middlewares: tools-authelia@kubernetescrd
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: traefik
tls:
- hosts:
- ngx.akshun-lab.cc
secretName: paperless-ngx-tls
rules:
- host: ngx.akshun-lab.cc
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: paperless-ngx-service
port:
number: 8000

26
clusters/ipv6/tools/paperless-ngx/paperless-ngx-svc.yml Normal file
View File

@@ -0,0 +1,26 @@
---
apiVersion: v1
kind: Service
metadata:
name: paperless-ngx-service
namespace: tools
spec:
selector:
app: paperless-ngx
ports:
- port: 8000
targetPort: 8000
---
apiVersion: v1
kind: Service
metadata:
name: paperless-ngx-db
namespace: tools
spec:
selector:
app: paperless-ngx-db
ports:
- port: 6379
targetPort: 6379
clusterIP: None

62
clusters/ipv6/tools/paperless-ngx/paperless-ngx.yml Normal file
View File

@@ -0,0 +1,62 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: paperless-ngx
namespace: tools
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: paperless-ngx
template:
metadata:
labels:
app: paperless-ngx
spec:
containers:
- name: paperless-ngx
image: ghcr.io/paperless-ngx/paperless-ngx:2.20.3
readinessProbe:
exec:
command:
- bash
- -c
- |
(echo >/dev/tcp/paperless-ngx-db.tools.svc.cluster.local/6379)
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 3
ports:
- containerPort: 8000
env:
- name: PAPERLESS_REDIS
value: "redis://paperless-ngx-db.tools.svc.cluster.local:6379"
- name: PAPERLESS_URL
values: "https://ngx.akshun-lab.cc"
- name: PAPERLESS_TIME_ZONE
value: "Asia/Kolkata"
- name: PAPERLESS_TIKA_ENABLED
value: "1"
- name: PAPERLESS_TIKA_ENDPOINT
value: "http://tika-service.tools.svc.cluster.local:9998"
- name: PAPERLESS_TIKA_GOTENBERG_ENDPOINT
value: "http://gotenberg-service.tools.svc.cluster.local:3000"
volumeMounts:
- name: data
mountPath: /usr/src/paperless/data
subPath: data
- name: data
mountPath: usr/src/paperless/media
subPath: media
- name: data
mountPath: /usr/src/paperless/export
subPath: export
- name: data
mountPath: /usr/src/paperless/consume
subPath: consume
volumes:
- name: data
persistentVolumeClaim:
claimName: paperless-longhorn

14
clusters/ipv6/tools/paperless-ngx/paperless-pvc.yml Normal file
View File

@@ -0,0 +1,14 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: paperless-longhorn
namespace: tools
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 1Gi
storageClassName: longhorn

27
clusters/ipv6/tools/searxng/searxng-ingress.yml Normal file
View File

@@ -0,0 +1,27 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: searxng-ingress
namespace: tools
annotations:
cert-manager.io/cluster-issuer: letsencrypt-cloudflare
traefik.ingress.kubernetes.io/router.middlewares: tools-authelia@kubernetescrd
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: traefik
tls:
- hosts:
- sear.akshun-lab.cc
secretName: homepage-tls
rules:
- host: sear.akshun-lab.cc
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: searxng-service
port:
number: 8080

14
clusters/ipv6/tools/searxng/searxng-pvc.yml Normal file
View File

@@ -0,0 +1,14 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: searxng-longhorn
namespace: tools
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 100Mi
storageClassName: longhorn

12
clusters/ipv6/tools/searxng/searxng-svc.yml Normal file
View File

@@ -0,0 +1,12 @@
---
apiVersion: v1
kind: Service
metadata:
name: searxng-service
namespace: tools
spec:
selector:
app: searxng
ports:
- port: 8080
targetPort: 8080

35
clusters/ipv6/tools/searxng/searxng.yml Normal file
View File

@@ -0,0 +1,35 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: searxng
namespace: tools
spec:
strategy:
type: Recreate
replicas: 1
selector:
matchLabels:
app: searxng
template:
metadata:
labels:
app: searxng
spec:
containers:
- name: searxng
image: searxng/searxng@sha256:472dd0c84b8e2a05bca773b4a430b9fc9e4e92cd4fa0afaa223efab925ab752a
ports:
- containerPort: 8080
env:
- name: "INSTANCE_NAME"
value: "searxng"
- name: BASE_URL
value: "sear.akshun-lab.cc"
volumeMounts:
- name: searxng
mountPath: /etc/searxng
volumes:
- name: searxng
persistentVolumeClaim:
claimName: searxng-longhorn

7
clusters/ipv6/tools/server-transport.yml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: traefik.io/v1alpha1
kind: ServersTransport
metadata:
name: insecure-transport
namespace: tools
spec:
insecureSkipVerify: true

12
clusters/ipv6/tools/tika/tika-service.yml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: tika-service
namespace: tools
spec:
type: ClusterIP
selector:
app: tika
ports:
- port: 9998
targetPort: 9998

19
clusters/ipv6/tools/tika/tika.yml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: tika
namespace: tools
spec:
selector:
matchLabels:
app: tika
template:
metadata:
labels:
app: tika
spec:
containers:
- name: tika
image: apache/tika:3.2.3.0
ports:
- containerPort: 9998

26
clusters/ipv6/tools/vaultwarden/vaultwarden-ingress.yml Normal file
View File

@@ -0,0 +1,26 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: vw-ingress
namespace: tools
annotations:
cert-manager.io/cluster-issuer: letsencrypt-cloudflare
spec:
ingressClassName: traefik
tls:
- hosts:
- vw.akshun-lab.cc
secretName: vw-tls
rules:
- host: vw.akshun-lab.cc
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: vaultwarden-service
port:
number: 80

14
clusters/ipv6/tools/vaultwarden/vaultwarden-pvc.yml Normal file
View File

@@ -0,0 +1,14 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: vaultwarden-longhorn
namespace: tools
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 1Gi
storageClassName: longhorn

12
clusters/ipv6/tools/vaultwarden/vaultwarden-svc.yml Normal file
View File

@@ -0,0 +1,12 @@
---
apiVersion: v1
kind: Service
metadata:
name: vaultwarden-service
namespace: tools
spec:
selector:
app: vaultwarden
ports:
- port: 80
targetPort: 80

33
clusters/ipv6/tools/vaultwarden/vaultwarden.yml Normal file
View File

@@ -0,0 +1,33 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: vaultwarden
namespace: tools
spec:
strategy:
type: Recreate
replicas: 1
selector:
matchLabels:
app: vaultwarden
template:
metadata:
labels:
app: vaultwarden
spec:
containers:
- name: vaultwarden
image: vaultwarden/server:1.35.1
ports:
- containerPort: 80
env:
- name: SIGNUPS_ALLOWED
value: "false"
volumeMounts:
- name: data
mountPath: /data/
volumes:
- name: data
persistentVolumeClaim:
claimName: vaultwarden-longhorn