hoarder

bootstrap/kustomizations/kustomization-hoarder.yaml

@@ -0,0 +1,18 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: hoarder
+  namespace: flux-system
+spec:
+  interval: 15m
+  path: ./hoarder
+  prune: true # remove any elements later removed from the above path
+  timeout: 2m # if not set, this defaults to interval duration, which is 1h
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  healthChecks:
+    - apiVersion: apps/v1
+      kind: Deployment
+      name: web
+      namespace: hoarder

bootstrap/namespaces/namespace-hoarder.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: hoarder

hoarder/chrome-deployment.yaml

@@ -0,0 +1,27 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: chrome
+  namespace: hoarder
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: chrome
+  template:
+    metadata:
+      labels:
+        app: chrome
+    spec:
+      containers:
+        - name: chrome
+          image: gcr.io/zenika-hub/alpine-chrome:123
+          command:
+            - chromium-browser
+            - --headless
+            - --no-sandbox
+            - --disable-gpu
+            - --disable-dev-shm-usage
+            - --remote-debugging-address=0.0.0.0
+            - --remote-debugging-port=9222
+            - --hide-scrollbars

hoarder/chrome-service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: chrome
+  namespace: hoarder
+spec:
+  selector:
+    app: chrome
+  ports:
+    - protocol: TCP
+      port: 9222
+      targetPort: 9222
+  type: ClusterIP

hoarder/data-pvc.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: data-pvc
+  namespace: hoarder
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi

hoarder/dns-endpoint.yaml

@@ -0,0 +1,15 @@
+apiVersion: externaldns.k8s.io/v1alpha1
+kind: DNSEndpoint
+metadata:
+  name: hoarder.michaelthomson.dev
+  namespace: hoarder
+spec:
+  endpoints:
+  - dnsName: hoarder.michaelthomson.dev
+    recordTTL: 180
+    recordType: CNAME
+    targets:
+      - michaelthomson.ddns.net
+    providerSpecific:
+      - name: external-dns.alpha.kubernetes.io/cloudflare-proxied
+        value: "true"

hoarder/hoarder-secrets.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: hoarder-secrets
+  namespace: hoarder
+spec:
+  encryptedData:
+    MEILI_MASTER_KEY: AgCHcsgG2eNFA8M//KlFEXsD8v+kh9MWiIPr/vWBXqOtoyCoA5vTcrWdQvnmO+ic93kiBy2sTRa2thR2UQd9h3GnC4+MkTGZDLmbiArlE6HltuSWUnqaZESop8NBu8p3mFJ3kX8sLA3RzEZrj4/rmFT3CFym5v6vXjXxGaaT2C0VjsCxeOnGjcEyfm4gaptNP14v43bRRsxZtLo1F/pI1vkMPMbcQPsGXuiIkOxbaMAgGdlybMX1q7ZWWdXEHb/o+RDN2D2c9GJeZDgk/znT1A8IwfAUue1BpF2VamtFxoX2aI2w0xjGeJ7ffUOS3VzuBSAITsw4lb+7gCmC7FByqjxCmoiBI3L20XcFoWMmvNFKqsOPDVduNCJeYAZQHSNfC0SxGIu1tUw1T66NijsItDPH5vjH6BGvWyS3E+YMkxEHMV6ZJWkk3+S0gMRURSEo3Dr/MCby2x6MPbaKFB06u2Vyr0XWRUAXlphzndO0Ibt9P/KVldNX+ZueVxoZkxt+PiJqhWb6ZT8s0VBPmWleufbyjkZoa00KVM4/IGrSBJdLboGGmHU1p1EZGzpMEexCp/G0iEuNqkLJo8cCRxrHH6zsVunIpXnTYg+6Ob032+LDGGG2jKGKsjAlKKod/TIpL15poZZoVIv57IkLYd6bYASDQ9M4NpSJ3gyyIe+jICHBGFQ4t/mBfzlfy4fpjpFRxGNOQhr6TNBIgda9QI17OTkNDyace9Ltqu6CUIDvgOUYUH/gTBfYFtSk0NZWPJdJ+aA=
+    NEXT_PUBLIC_SECRET: AgB3LRSR+Y/VbTXIHpqlMUR1ec3LXdsghJ8vmMGEB+674W+x36ciekTkv8fGPj+XJXnXgPqCMrAr/Wd6ExrkW/nI2ZxDvbYLQ4POW34b5vF8IV0KD2kARUz5UGmVJOsCRSdlqqEsED72U2Cotw8voYOpEk7GfWZPTAyg6iv6pJyIa3gXEtdKV4k8XOQmMvdAui/0iAoTOeMpP6Qe2hGqCvSCtrsw+aj+ptUlQkP9pOQW6Uo/XMebwwZVSkgFOr6pEPhr70qMbi31ERR1at/vNYArQy8PXmUxJGsRF5KgjD+Nq6rrZPXJFjEk6qx+MAcysJ6rCJeYiCmZMZHabZ9CrhFTVdwtSO2su6B19hXS7fACzIrFNr5Z23NAn6+SoDodXo+Bqa+1ldHFzZl9ve0eoHEB8sG1qVvA5wWMtPm4D2mxd0UTlK0/EqY1jP+EvWNC05v/uD4toIEX3HEZCqdPqghmWxwq8qCm3ZpYvmxQwZxWHZdpxIen262vMZ6s5yZVC/n/v2EVmswqllUBvBCHq6WBBZqF5tgYBsuwy4qf976HMGvXXVx/WcE92eA3iT1olUnFJ7I4Isdp28tFl8jv5JLHJJozzWI91iwPUAwT5xFXi/2Jtk9Oe7QNjsEpYqnxxbogbMS6UZL4TJ1QNsyY29iue+E9q2Eck9Btb8xDtpSH2FNKNo/3FNcbe6hNXdwEbqoGIcNPZNNGDMOFVq6EeTmyxxR3CZYahHt65BXO0K/Smv8n4NSwI0e5T7Hn4S5o8JM=
+    NEXTAUTH_SECRET: AgChzv5iFZC4pFksnh7blvLWRn/2VsCqjOqkRnFQFTApAKf6CyfUgkFy5yBgbwqtS4oak6jtadtVZQuiWXrY2bIRvROwL4AEqGvteUhURSL7Hy/3oRd6BoBiT/zoiTkBmZRBG1LsI6KjCWXvjKAQGsoJ6sPQOGVGZ2eb57ne51op7xrhAyWbCuuy5tw237Qb/DnTgqeIQ4SmgTytLd5jO6nZ1yhzpmUW6ynu8TLy3ar3vIecc7IQkS7mmnXJgGilUrNUkdNjFdxkALBPah4a0qgwaRrZVh0MLa4Kvud5iYEC6Y5YFxZ2/6pH/OA0+aEw4gWdENyxDRVmxkwHpN22Ya1svvEI1V3RD7RQFA4psLClly3bJDpE96NIS0gSbpGzo2xszf3iKX5U5WjnGEODg9udQ+/RZvluU1NjwkPP5wFpAZU1YC5w2OUtZH/tQQ0Lumn1YsgXeH/oEtXfMgSTWD0Yoxwv7r+bFPb03OUllTG8AFVrP0Uigz9sl/td1u9zvrPFQMNPITSUOFrMbnVA0riKVGqFkkfxSp93lRpKHx7sA7LWyrZfYdcEGsaxMdBWGUcuv4OCtCHQhuyuxkJc7/Dygg3roxPyaehU/j5fY962qnRtv2Okmpf1Lm9VvuB83+ZhnJJNFgWVh6rPUgA+v0rVKOpzSYHpP878EMf3wz08wghhFmhlBSimAftMa8B9zSBkzlqfm6ByrtUNsKSuPE3k1H4YjusxRKFu4DXgo0eiZWmVQWb+YzhS4/zp5aJU3lA=
+    OPENAI_API_KEY: AgDISqGkHBSMNAmZa5uXoE2DAPy0FbxoZB1ngYRVGbQWN6LxW/3u+O+qtggo1qd+yaPTXJTi5DST22CNLZfk+pdYtMsTb3lQrEM0BkiACDsppOah9pz675xdZrAZG1+BlwGDfyRyKmww6t12D01MEl5g5dgXSA5ZHzPkhR4BySWzbVTN5oF3Yj/7twDkE8ignpdD0lIzPEqoOjdgeQ7g1cUAOTjbj9Q46S75kIaXhzIRnForZi3wbnhFn8pzcuNMERYfxms4u2x5cfUHyRTjblsS7KRIN2ymtsVauCdpmbe6bf3q7WCZ1XE7HcHdDpDK5N0kZRSHVMQUTp3kGripMiBb5aAfYOQBm+6Rjd0OE49dwEfgOV/zecOPZeTp70xwS3RhjioJlVRzHUIYZ9PRjt0gLqEULAQzF8E0FoQcwcjCxtEqTwLHNcVJ3xUBrt/Oq4yTgKspuu+Mb45UUlxyfZUaXrMZp73OE5qFVeUUjGRze6iQ2Hd5znOWH7BUqN+esEzqIyzhhREBSdyKmGdV33eYLcFrnaQkClilf5xeIbKjfA3QLl/3gtdteU3IiYd0PPNXPQr7aYK1buDsLExDo1M9tZM19eypLphStnOtXxtdHFua0jit6Cr7tVFRSF1gJYmtrLpcK5q5bnAt1KCZ2DBQCMgSQhOd1v9t0DQB7dbqgm5+44OJRZDOyhgE03qG57tdsTgr6ufL3Q+wfbo60VVl6JnR+MqgDbTrXvwzWyt5junDDL/FI/MLE9HAH7y5UDCyoHALEAhecE6FF+H34g5NHxQKxHTb6Id5uBdGcSTPDmJO+hwHwTvvSQUQPknGQzFURRw9cLTk+IeTjCfrQE1mIYnk9M5aa0CHWSALB8eXovWUiY1o7A3WYZkIFIz4+bcIws1ihd0M/vGr/cnczDZR5WeIqg==
+  template:
+    metadata:
+      creationTimestamp: null
+      name: hoarder-secrets
+      namespace: hoarder

hoarder/ingress.yaml

@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: hoarder-web-ingress
+  namespace: hoarder
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
+spec:
+  rules:
+  - host: "hoarder.michaelthomson.dev"
+    http:
+      paths:
+      - path: "/"
+        pathType: Prefix
+        backend:
+          service:
+            name: "web"
+            port:
+              number: 3000
+  tls:
+    - hosts:
+        - hoarder.michaelthomson.dev
+      secretName: letsencrypt-wildcard-cert-michaelthomson.dev

hoarder/meilisearch-deployment.yaml

@@ -0,0 +1,31 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: meilisearch
+  namespace: hoarder
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: meilisearch
+  template:
+    metadata:
+      labels:
+        app: meilisearch
+    spec:
+      containers:
+        - name: meilisearch
+          image: getmeili/meilisearch:v1.11.1
+          env:
+            - name: MEILI_NO_ANALYTICS
+              value: "true"
+          volumeMounts:
+            - mountPath: /meili_data
+              name: meilisearch
+          envFrom:
+            - secretRef:
+                name: hoarder-secrets
+      volumes:
+        - name: meilisearch
+          persistentVolumeClaim:
+            claimName: meilisearch-pvc

hoarder/meilisearch-pvc.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: meilisearch-pvc
+  namespace: hoarder
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi

hoarder/meilisearch-service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: meilisearch
+  namespace: hoarder
+spec:
+  selector:
+    app: meilisearch
+  ports:
+    - protocol: TCP
+      port: 7700
+      targetPort: 7700

hoarder/web-deployment.yaml

@@ -0,0 +1,38 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: web
+  namespace: hoarder
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: hoarder-web
+  template:
+    metadata:
+      labels:
+        app: hoarder-web
+    spec:
+      containers:
+        - name: web
+          image: ghcr.io/hoarder-app/hoarder:release
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 3000
+          env:
+            - name: MEILI_ADDR
+              value: http://meilisearch:7700
+            - name: BROWSER_WEB_URL
+              value: http://chrome:9222
+            - name: DATA_DIR
+              value: /data
+          volumeMounts:
+            - mountPath: /data
+              name: data
+          envFrom:
+            - secretRef:
+                name: hoarder-secrets
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: data-pvc

hoarder/web-service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: web
+  namespace: hoarder
+spec:
+  selector:
+    app: hoarder-web
+  ports:
+    - protocol: TCP
+      port: 3000
+      targetPort: 3000
+  type: ClusterIP