fix gitea

apps/adguard/configmap.yaml

@@ -2,7 +2,6 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: adguard-home-config
-  namespace: adguard
 data:
   AdGuardHome.yaml: |-
     bind_host: 0.0.0.0

apps/adguard/deployment.yaml

@@ -2,7 +2,6 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: adguard-home
-  namespace: adguard
 spec:
   replicas: 1
   revisionHistoryLimit: 3

apps/adguard/ingress.yaml

@@ -2,7 +2,6 @@ apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRouteTCP
 metadata:
   name: adguard-tls-ingress
-  namespace: adguard
 spec:
   entryPoints:
     - dnsovertls

apps/adguard/kustomization.yaml

@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources: 
+  - namespace.yaml
+  - configmap.yaml
+  - ingress.yaml
+  - service.yaml
+  - deployment.yaml
+
+namespace: adguard
+

apps/adguard/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: placeholder

apps/adguard/service.yaml

@@ -1,8 +1,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: adguard-home
+  name: adguard-home-web
-  namespace: adguard
 spec:
   ports:
   - name: http
@@ -22,7 +21,6 @@ metadata:
     metallb.universe.tf/allow-shared-ip: adguard-svc
 
   name: adguard-home-dns-tcp
-  namespace: adguard
 spec:
   allocateLoadBalancerNodePorts: true
   loadBalancerIP: 192.168.3.2
@@ -45,7 +43,6 @@ metadata:
     metallb.universe.tf/allow-shared-ip: adguard-svc
 
   name: adguard-home-dns-udp
-  namespace: adguard
 spec:
   allocateLoadBalancerNodePorts: true
   loadBalancerIP: 192.168.3.2

apps/media/ingress.yaml

@@ -12,8 +12,8 @@ spec:
         - name: jellyfin-websocket
       kind: Rule
       services:
-        - name: jellyfin
+        - name: jellyfin-web
-          port: 8096
+          port: 8080
   tls:
     certResolver: default-tls
 

apps/media/kustomization.yaml

@@ -0,0 +1,12 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources: 
+  - namespace.yaml
+  - pvc.yaml
+  - server.deployment.yaml
+  - server.service.yaml
+  - web.deployment.yaml
+  - web.service.yaml
+  - ingress.yaml
+
+namespace: media

apps/media/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: placeholder

apps/media/pvc.yaml

@@ -4,12 +4,9 @@ kind: PersistentVolume
 metadata:
   namespace: media
   name: jellyfin-config-nfs
-
 spec:
-  # storageClassName: slow
   capacity:
     storage: "1Gi"
-  # volumeMode: Filesystem
   accessModes:
     - ReadWriteOnce
   nfs:
@@ -29,6 +26,7 @@ spec:
     requests:
       storage: "1Gi"
   volumeName: jellyfin-config-nfs
+
 ---
 
 apiVersion: v1
@@ -37,10 +35,8 @@ metadata:
   namespace: media
   name: jellyfin-data-nfs
 spec:
-  # storageClassName: slow
   capacity:
     storage: "1Ti"
-  # volumeMode: Filesystem
   accessModes:
     - ReadWriteOnce
   nfs:
@@ -53,7 +49,7 @@ metadata:
   namespace: media
   name: jellyfin-data-nfs
 spec:
-  storageClassName: nfs-client
+  storageClassName: ""
   accessModes:
     - ReadWriteOnce
   resources:

apps/media/server.deployment.yaml

@@ -0,0 +1,44 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: jellyfin-server
+spec:
+  selector:
+    matchLabels:
+      app: jellyfin-server
+  template:
+    metadata:
+      labels:
+        app: jellyfin-server
+    spec:
+      containers:
+      - name: jellyfin-server
+        image: jellyfin/jellyfin:10.8.9
+        resources:
+          limits:
+            memory: "500Mi"
+            cpu: "2"
+        ports:
+        - containerPort: 8096
+        env:
+        - name: TZ
+          value: Europe/Berlin
+        volumeMounts:
+        - name: jellyfin-config
+          mountPath: /config
+        - name: jellyfin-data
+          mountPath: /media
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: 8096
+          initialDelaySeconds: 100
+          periodSeconds: 15
+      volumes:
+      - name: jellyfin-config
+        persistentVolumeClaim:
+          claimName: jellyfin-config-nfs
+      - name: jellyfin-data
+        persistentVolumeClaim:
+          claimName: jellyfin-data-nfs
+

apps/media/server.service.yaml

@@ -0,0 +1,12 @@
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: jellyfin-server
+spec:
+  selector:
+    app: jellyfin-server
+  ports:
+    - protocol: TCP
+      port: 8096
+      targetPort: 8096

apps/media/web.deployment.yaml

@@ -0,0 +1,27 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: jellyfin-web
+spec:
+  selector:
+    matchLabels:
+      app: jellyfin-web
+  template:
+    metadata:
+      labels:
+        app: jellyfin-web
+    spec:
+      containers:
+      - name: jellyfin-web
+        image: ghcr.io/jellyfin/jellyfin-vue
+        resources:
+          limits:
+            memory: "128Mi"
+            cpu: "30m"
+        ports:
+        - containerPort: 8080
+        env:
+        - name: TZ
+          value: Europe/Berlin
+        - name: DEFAULT_SERVERS
+          value: "jellyfin-server:8096"

apps/media/web.service.yaml

@@ -0,0 +1,12 @@
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: jellyfin-web
+spec:
+  selector:
+    app: jellyfin-web
+  ports:
+    - protocol: TCP
+      port: 8080
+      targetPort: 8080

infrastructure/argocd/known-hosts.configmap.yaml

@@ -8,5 +8,4 @@ metadata:
 data:
   # this is the fingerprint of the host key of git.kluster.moll.re
   ssh_known_hosts: |
-    [git.kluster.moll.re]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOTtII97BheLIPWTpxMLmuFGFb7C96kqdhf78x7yWhlu
+    [git.kluster.moll.re]:2222 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDgoKSgzXDvMelTDIWDToGnxr+1CjcFK4k0DxS47vaRWYenfGExB4uKhLg1pMyMQkPh2Zl62KyRa8kFXl1b7GtaH+1ty1YebxE18ooktkAViPr+Ct1U2ez3mWDnb6bhwQOdzpxX8O/THAxIsEXc2vkIQCL1L4GeaHb7QY6t1WwaboOYE+xDPtU2nZNnfIYklBBgU1XFpAGBxu2xN856hW9g/S0vNaNKciAanALq97G4+8o6/ZN7G0OLV+KIWHvbeBG7lEB8e7mH1b+pALxyBwN0GEFm34iocObSLRKV1wqFotu3NWk6I67mWrPuXTbbR0uo+wfZ/ZdiV5+C5eT7g9nKzkJT5YEc53yyodxFUay1bbwWDs6xeF9iWHpuN3ebL2+gZcdqprfaMyhJDk0/HgtmKrhsJdnpbP18E40qBUcEZUUvp7Wjy6/JzVm75NU/gVGauRgepVEYhCrG6s7kTDb7kCxkIxMKpc8oQpfXtjJYW+BgPSr6Y2wzYS+JjoQ5bHxV/VHDMEKd+lk/qxqFcLy+0mc/PQl4YCFVkyIFFAqinFLHW/FrWy9rWeSfnrefJGxsl8chVuHJe/eEE87JY2zQVWf7+m7MIXoh9QEEufmkqYkUg5BnVfg2B1UFYWMS8DqlP1Rtx7QG11w9tAC1hBdI7JrrPVX2xzzUivGQQs9CAw==
-    github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=

infrastructure/gitea/drone-server.deployment.yaml

@@ -92,13 +92,9 @@ apiVersion: v1
 kind: PersistentVolume
 metadata:
   name: drone-data-nfs
-  labels:
-    directory: drone
 spec:
-  # storageClassName: fast
   capacity:
     storage: "1Gi"
-  # volumeMode: Filesystem
   accessModes:
     - ReadWriteOnce
   nfs:
@@ -110,15 +106,10 @@ kind: PersistentVolumeClaim
 metadata:
   name: drone-data-nfs
 spec:
-  # storageClassName: fast
+  storageClassName: ""
   accessModes:
     - ReadWriteOnce
   resources:
     requests:
       storage: "1Gi"
-  selector:
+  volumeName: drone-data-nfs
-    matchLabels:
-      directory: drone
-
-
-

infrastructure/gitea/gitea.pvc.yaml

@@ -39,13 +39,12 @@ spec:
     server: 192.168.1.157
 
 ---
-
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: gitea-postgresql-data-nfs
 spec:
-  storageClassName: nfs-client
+  storageClassName: ""
   accessModes:
     - ReadWriteOnce
   resources:

infrastructure/gitea/gitea.values.yaml

@@ -68,26 +68,12 @@ resources:
 
 
 ## @section Persistence
-#
-## @param persistence.enabled Enable persistent storage
-## @param persistence.existingClaim Use an existing claim to store repository information
-## @param persistence.size Size for persistence to store repo information
-## @param persistence.accessModes AccessMode for persistence
-## @param persistence.labels Labels for the persistence volume claim to be created
-## @param persistence.annotations Annotations for the persistence volume claim to be created
-## @param persistence.storageClass Name of the storage class to use
-## @param persistence.subPath Subdirectory of the volume to mount at
 persistence:
   enabled: true
-  existingClaim: gitea-data-nfs
+  create: false
+  mount: true
+  claimName: gitea-data-nfs
 
-  size: 10Gi
-  accessModes:
-    - ReadWriteOnce
-  labels: {}
-  annotations: {}
-  storageClass:
-  subPath:
 
 
 # Configure commit/action signing prerequisites
@@ -99,13 +85,6 @@ persistence:
 ## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey`
 signing:
   enabled: false
-  gpgHome: /data/git/.gnupg
-  privateKey: ""
-  # privateKey: |-
-  #   -----BEGIN PGP PRIVATE KEY BLOCK-----
-  #   ...
-  #   -----END PGP PRIVATE KEY BLOCK-----
-  existingSecret: ""
 
 ## @section Gitea
 #
@@ -116,8 +95,9 @@ gitea:
   ## @param gitea.admin.email Email for the Gitea admin user
   admin:
     username: gitea_admin
-    password: r8sA8CPHD9!bt6d
+    # this user needs to stay admin, and active. But we change its password to be unusable
-    email: "gitea@local.domain"
+    password: changedalready
+    email: "gitea@delete.me"
 
   ## @param gitea.metrics.enabled Enable Gitea metrics
   ## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor
@@ -134,7 +114,7 @@ gitea:
     server:
       DOMAIN: git.kluster.moll.re
       ROOT_URL: https://git.kluster.moll.re
-      SSH_LISTEN_PORT: 2222
+      SSH_PORT: 2222
     actions:
       ENABLED: true
 
@@ -145,23 +125,6 @@ gitea:
     logLevel: "INFO"
 
 
-## @section Memcached
-#
-## @param memcached.enabled Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website.
-## ref: https://hub.docker.com/r/bitnami/memcached/tags/
-## @param memcached.service.ports.memcached Port for Memcached
-memcached:
-  enabled: true
-  # image:
-  #   registry: docker.io
-  #   repository: bitnami/memcached
-  #   tag: ""
-  #   digest: ""
-  #   pullPolicy: IfNotPresent
-  #   pullSecrets: []
-  service:
-    ports:
-      memcached: 11211
 
 ## @section PostgreSQL
 #
@@ -177,8 +140,8 @@ postgresql:
     tag: 11
   # diagnosticMode:
   #   enabled: true
-  # containerSecurityContext:
+  containerSecurityContext:
-  #   runAsUser: 0
+    runAsUser: 0
   global:
     postgresql:
       auth:
@@ -192,7 +155,16 @@ postgresql:
     persistence:
       size: 10Gi
       existingClaim: gitea-postgresql-data-nfs
-      mountPath: /bitnami/postgresql/data
+      # mountPath: /bitnami/postgresql/data
+
+
+
+redis-cluster:
+  enabled: true
+  usePassword: false
+  cluster:
+    nodes: 3 # default: 6
+    replicas: 0 # default: 1
 
 
 postgresql-ha:
@@ -206,12 +178,3 @@ postgresql-ha:
 ## @param test.image.name Image name for the wget container used in the test-connection Pod.
 ## @param test.image.tag Image tag for the wget container used in the test-connection Pod.
 checkDeprecation: true
-test:
-  enabled: true
-  image:
-    name: busybox
-    tag: latest
-
-## @param extraDeploy Array of extra objects to deploy with the release
-##
-extraDeploy: []

infrastructure/gitea/kustomization.yaml

@@ -1,18 +1,19 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources: 
-- namespace.yaml
+  - namespace.yaml
-- gitea.pvc.yaml
+  - gitea.pvc.yaml
-- gitea.ingress.yaml
+  - gitea.ingress.yaml
-- drone-kube-runner.deployment.yaml
+  - drone-kube-runner.deployment.yaml
-- drone-server.deployment.yaml
+  - drone-server.deployment.yaml
-- drone-server.sealedsecret.yaml
+  - drone-server.sealedsecret.yaml
 
 namespace: gitea
 
 
 helmCharts:
   - name: gitea
+    namespace: gitea # needs to be set explicitly for svc to be referenced correctly
     releaseName: gitea
     version: 9.6.1
     valuesFile: gitea.values.yaml

kluster-deployments/adguard/application.yaml

@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: adguard-application
+  namespace: argocd
+spec:
+  project: apps
+  source:
+    repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
+    targetRevision: main
+    path: apps/adguard
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: adguard
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true

kluster-deployments/adguard/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - application.yaml

kluster-deployments/kustomization.yaml

@@ -24,3 +24,5 @@ resources:
   - homeassistant/
   - ntfy/
   - rss/
+  - adguard/
+  - media/

kluster-deployments/media/application.yaml

@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: media-application
+  namespace: argocd
+spec:
+  project: apps
+  source:
+    repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
+    targetRevision: main
+    path: apps/media/
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: media
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true

kluster-deployments/media/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- application.yaml