From 64df2f8f50fdaa5c1031c362d7e5518c50855585 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 24 Apr 2025 14:23:48 -0400 Subject: [PATCH] add cyberchef, mariadb, postgres slskd, update ntfy --- .gitignore | 2 + cyberchef.yaml | 38 ++++++++++++ mariadb.yaml | 128 +++++++++++++++++++++++++++++++++++++++ ntfy.docker.yaml | 26 -------- ntfy.yaml | 143 +++++++++++++++++++++++++++----------------- postgres.yaml | 86 +++++++++++++++++++++++++++ slskd.yaml | 151 +++++++++++++++++++++++++++++++++++++++++++++++ 7 files changed, 494 insertions(+), 80 deletions(-) create mode 100644 .gitignore create mode 100644 cyberchef.yaml create mode 100644 mariadb.yaml delete mode 100644 ntfy.docker.yaml create mode 100644 postgres.yaml create mode 100644 slskd.yaml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..764f0b8 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +temp/ +secrets/ diff --git a/cyberchef.yaml b/cyberchef.yaml new file mode 100644 index 0000000..3e9cef5 --- /dev/null +++ b/cyberchef.yaml @@ -0,0 +1,38 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: cyberchef + name: cyberchef +spec: + replicas: 1 + selector: + matchLabels: + app: cyberchef + template: + metadata: + labels: + app: cyberchef + spec: + containers: + - image: mpepping/cyberchef:latest + name: cyberchef + ports: + - containerPort: 8000 + protocol: TCP + restartPolicy: Always +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: cyberchef + name: cyberchef-svc +spec: + ports: + - name: "8000" + port: 8000 + targetPort: 8000 + selector: + app: cyberchef diff --git a/mariadb.yaml b/mariadb.yaml new file mode 100644 index 0000000..45d76bb --- /dev/null +++ b/mariadb.yaml @@ -0,0 +1,128 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: mariadb + name: mariadb +spec: + replicas: 1 + selector: + matchLabels: + app: mariadb + strategy: + type: Recreate + template: + metadata: + annotations: + traefik.enable: "false" + labels: + app: mariadb + spec: + containers: + - env: + - name: MYSQL_PASSWORD + valueFrom: + configMapKeyRef: + key: MYSQL_PASSWORD + name: mariadb-secrets-env + - name: MYSQL_ROOT_PASSWORD + valueFrom: + configMapKeyRef: + key: MYSQL_ROOT_PASSWORD + name: mariadb-secrets-env + - name: MYSQL_USER + valueFrom: + configMapKeyRef: + key: MYSQL_USER + name: mariadb-secrets-env + image: linuxserver/mariadb:latest + name: mariadb + ports: + - containerPort: 3306 + protocol: TCP + volumeMounts: + - mountPath: /config + name: mariadb-data-volume + - mountPath: /config/conf + name: mariadb-config-volume + volumes: + - name: mariadb-config-volume + persistentVolumeClaim: + claimName: mariadb-config-pvc + - name: mariadb-data-volume + persistentVolumeClaim: + claimName: mariadb-data-pvc + restartPolicy: Always +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + traefik.enable: "false" + name: mariadb-svc +spec: + ports: + - name: "3306" + port: 3306 + targetPort: 3306 + nodePort: 31306 + type: NodePort + selector: + app: mariadb +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: mariadb-data-pv +spec: + capacity: + storage: 100Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: "" + nfs: + path: /mnt/raid/00_meta/02_services/mariadb + server: 192.168.1.146 +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mariadb-data-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + volumeName: mariadb-data-pv + storageClassName: "" +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: mariadb-config-pv +spec: + capacity: + storage: 100Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: "" + nfs: + path: /mnt/raid/00_meta/05_service_config/mariadb/conf + server: 192.168.1.146 +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mariadb-config-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + volumeName: mariadb-config-pv + storageClassName: "" diff --git a/ntfy.docker.yaml b/ntfy.docker.yaml deleted file mode 100644 index 24bf0d9..0000000 --- a/ntfy.docker.yaml +++ /dev/null @@ -1,26 +0,0 @@ -services: - ntfy: - image: binwiederhier/ntfy - container_name: ntfy - command: - - serve - environment: - - TZ=America/New_York # optional: set desired timezone - # user: UID:GID # optional: replace with your own user/group or uid/gid - # volumes: - # - $DATA_PATH/ntfy:/var/cache/ntfy - # - $CONF_DIR/ntfy:/etc/ntfy - ports: - - 80:80 - healthcheck: # optional: remember to adapt the host:port to your environment - test: - [ - "CMD-SHELL", - "wget -q --tries=1 http://localhost:80/v1/health -O - | grep -Eo '\"healthy\"\\s*:\\s*true' || exit 1", - ] - interval: 60s - timeout: 10s - retries: 3 - start_period: 40s - restart: unless-stopped - diff --git a/ntfy.yaml b/ntfy.yaml index d87eff4..efefd1b 100644 --- a/ntfy.yaml +++ b/ntfy.yaml @@ -9,7 +9,7 @@ spec: replicas: 1 selector: matchLabels: - io.kompose.service: ntfy + app: ntfy template: metadata: labels: @@ -22,28 +22,27 @@ spec: - name: TZ value: America/New_York image: binwiederhier/ntfy - livenessProbe: - exec: - command: - - wget -q --tries=1 http://localhost:80/v1/health -O - | grep -Eo '"healthy"\s*:\s*true' || exit 1 - failureThreshold: 3 - initialDelaySeconds: 40 - periodSeconds: 60 - timeoutSeconds: 10 + volumeMounts: + - name: ntfy-cache-volume + mountPath: /var/cache/ntfy + - name: ntfy-config-volume + mountPath: /etc/ntfy name: ntfy ports: - containerPort: 80 protocol: TCP volumes: - - name: smb-storage - PersistentVolumeClaim: - claimName: smb-pvc + - name: ntfy-cache-volume + persistentVolumeClaim: + claimName: ntfy-cache-pvc + - name: ntfy-config-volume + persistentVolumeClaim: + claimName: ntfy-config-pvc restartPolicy: Always --- apiVersion: v1 kind: Service metadata: - labels: name: ntfy-svc spec: ports: @@ -55,7 +54,7 @@ spec: apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: adminer-http + name: ntfy-http annotations: traefik.ingress.kubernetes.io/router.entrypoints: web spec: @@ -67,54 +66,90 @@ spec: pathType: Prefix backend: service: - name: adminer-svc + name: ntfy-svc port: number: 80 --- -# TODO: make this use samba -apiVersion: v1 -kind: PersistentVolume -metadata: - name: ntfy-config-pv -spec: - capacity: - storage: 100Gi - volumeMode: Filesystem - accessModes: - - ReadWriteMultiple - persistentVolumeReclaimPolicy: Delete - storageClassName: local-storage - local: - path: /mnt/raid # TODO: make this point to correct dir - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - lipotropin ---- -# TODO: make this use samba apiVersion: v1 kind: PersistentVolume metadata: + annotations: + pv.kubernetes.io/provisioned-by: smb.csi.k8s.io name: ntfy-cache-pv spec: capacity: storage: 100Gi - volumeMode: Filesystem accessModes: - - ReadWriteMultiple - persistentVolumeReclaimPolicy: Delete - storageClassName: local-storage - local: - path: /mnt/raid # TODO: make this point to correct dir - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - lipotropin + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: smb + mountOptions: + - dir_mode=0777 + - file_mode=0777 + # - vers=3.0 + csi: + driver: smb.csi.k8s.io + # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name} + # make sure this value is unique for every share in the cluster + volumeHandle: lipotropin.lan#meta/services/ntfy#raid# + volumeAttributes: + source: //192.168.1.146/raid + subDir: 00_meta/02_services/ntfy + nodeStageSecretRef: + name: smbcreds + namespace: default +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: ntfy-cache-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + volumeName: ntfy-cache-pv + storageClassName: smb +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + annotations: + pv.kubernetes.io/provisioned-by: smb.csi.k8s.io + name: ntfy-config-pv +spec: + capacity: + storage: 100Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: smb + mountOptions: + - dir_mode=0777 + - file_mode=0777 + # - vers=3.0 + csi: + driver: smb.csi.k8s.io + # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name} + # make sure this value is unique for every share in the cluster + volumeHandle: lipotropin.lan#meta/services_config/ntfy#raid# + volumeAttributes: + source: //192.168.1.146/raid + subDir: 00_meta/05_service_config/ntfy + nodeStageSecretRef: + name: smbcreds + namespace: default +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: ntfy-config-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + volumeName: ntfy-config-pv + storageClassName: smb diff --git a/postgres.yaml b/postgres.yaml new file mode 100644 index 0000000..881d3ca --- /dev/null +++ b/postgres.yaml @@ -0,0 +1,86 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: postgres + name: postgres +spec: + replicas: 1 + selector: + matchLabels: + app: postgres + strategy: + type: Recreate + template: + metadata: + labels: + app: postgres + spec: + containers: + - env: + - name: POSTGRES_PASSWORD + valueFrom: + configMapKeyRef: + key: POSTGRES_PASSWORD + name: postgres-secrets-env + - name: POSTGRES_USER + valueFrom: + configMapKeyRef: + key: POSTGRES_USER + name: postgres-secrets-env + image: postgres:15-alpine + name: postgres + ports: + - containerPort: 5432 + protocol: TCP + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: postgres-data-volume + restartPolicy: Always + volumes: + - name: postgres-data-volume + persistentVolumeClaim: + claimName: postgres-data-pvc +--- +apiVersion: v1 +kind: Service +metadata: + name: postgres-svc +spec: + ports: + - name: "5432" + port: 5432 + targetPort: 5432 + nodePort: 31432 + type: NodePort + selector: + app: postgres +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: postgres-data-pv +spec: + capacity: + storage: 100Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: "" + nfs: + path: /mnt/raid/00_meta/02_services/postgresql/ + server: 192.168.1.146 +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: postgres-data-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + volumeName: postgres-data-pv + storageClassName: "" diff --git a/slskd.yaml b/slskd.yaml new file mode 100644 index 0000000..7080799 --- /dev/null +++ b/slskd.yaml @@ -0,0 +1,151 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: slskd + name: slskd +spec: + replicas: 1 + selector: + matchLabels: + app: slskd + strategy: + type: Recreate + template: + metadata: + labels: + app: slskd + spec: + containers: + - image: slskd/slskd + name: slskd + ports: + - containerPort: 5030 + protocol: TCP + - containerPort: 5031 + protocol: TCP + - containerPort: 50300 + protocol: TCP + volumeMounts: + - mountPath: /app + name: slskd-config-volume + - mountPath: /app/downloads + name: slskd-downloads-volume + - mountPath: /music + name: slskd-music-volume + restartPolicy: Always + volumes: + - name: slskd-config-volume + persistentVolumeClaim: + claimName: slskd-config-pvc + - name: slskd-downloads-volume + persistentVolumeClaim: + claimName: slskd-downloads-pvc + - name: slskd-music-volume + persistentVolumeClaim: + claimName: slskd-music-pvc +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: slskd + name: slskd-svc +spec: + ports: + - name: "5030" + port: 5030 + targetPort: 5030 + - name: "5031" + port: 5031 + targetPort: 5031 + - name: "50300" + port: 50300 + targetPort: 50300 + selector: + app: slskd +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: slskd-config-pv +spec: + capacity: + storage: 100Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: "" + nfs: + path: /mnt/raid/00_meta/05_service_config/slskd + server: 192.168.1.146 +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: slskd-config-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + volumeName: slskd-config-pv + storageClassName: "" +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: slskd-downloads-pv +spec: + capacity: + storage: 100Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: "" + nfs: + path: /mnt/raid/30_media/33_music/ + server: 192.168.1.146 +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: slskd-downloads-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + volumeName: slskd-downloads-pv + storageClassName: "" +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: slskd-music-pv +spec: + capacity: + storage: 100Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: "" + nfs: + path: /mnt/raid/30_media/33_music/ + server: 192.168.1.146 +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: slskd-music-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + volumeName: slskd-music-pv + storageClassName: ""