mthomson/fleet-infra
1
0
Fork 0
mirror of https://github.com/michaelthomson0797/fleet-infra.git synced 2026-02-04 13:09:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

initial refactor

Browse Source
This commit is contained in:
Michael Thomson
2025-06-07 16:33:55 -04:00
parent 5ac011f02b
commit b09446668d
249 changed files with 74 additions and 186 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
apps/nextcloud/collabora-secret.yaml Normal file
View File

@@ -0,0 +1,16 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: collabora-secret
namespace: nextcloud
spec:
encryptedData:
password: AgBgaJPlIiKl7lAZDAF50rM+BQdpb+wH8W19Eu5nh6U7G8kxI5s1FsSlBVUQKuBwcPQQT1WUOI2G3JgMNuuqvQ8afPsikL2f+YUo7iuLAaopToY8bHQK4WCjEtDy3U1w3p8hVLsJzFiV8+2Inot4N5GtQCFkHoeqnUgOpYOrbqtx6ZFJNZDt9xxi1szfdk7rjAzaiOLUwfzggtkralYGKdFQMd3V5xlMm126UNjA9PH65NWKOshlA07gsyc+iyk2/ICcO85Q5N1Q+zlui3kYRc2Y8uPLkKM4XV+ms9X27w10dsiRkjShU93sNQtGEYJSKCwLS/BQecQyej9JH/Lj4sy2fSXjKWMgbHp3Nmck7cHTUnrs/CKG/Isl2B2dnKB0zgHlXScCxgVw9KR0xxjcoOXTLO8nap9H/uOOu8cwCoBAWHkl5YNxgnK/UCEd1oenbabE8QqSX3RKp3Cp+ewWIHf3VhC/XI9LZrv/6rRLveZRUMBHQPVCI7okCAujfUKwYIPA2bNFrMypqiwhSyve8WwvtiXS6BPXEef2q/gKOy8s0WgFvSwGBYF4xwI88ZjaFdEuKgb05pVFRMLHLBz43rfDcRnZI5y6721dxSfg//UV4ugbmljfqD4E6aShSY2Y01Mh0icddpMNn66wDYlEzwfI5kx7TG2XJAwtRZLcSiTtCZUiuEdCQEbG+1MAUH+lmZV5Mha18ARqMA1XYrfT
username: AgBx59yYqCazJM1iApbasAi8piOxEaiRMOEoqEf5gStXDLlZHayb48jp4MqTm0cGRok0+R9iHRO9JnW68mRexu+uQaPgOZWTVFTmtzkgMqiRAio79ivCDxZfK+s507J4LzAOzjLs1rtMSHoqA6YJw/vz30oQrsthtBrLnj0CGvcLqCjKbIOE75IypJBBXCyLts6Ndh4NXTch3eyr40qHo3ABZ5zSCOpives3AUo6gI+tr4zVLQXYEt3hsahcaQtm3um4PozgJlC4zIsfpGq111issXo3SCT7Ag2zn/8HO2D3olss36HzQMgVzs+hAC89wRX7CvV3q84/jrZSJ4Ymc163e7JWnbZz7d9npxcr0dXCPiJQXqJ2uIW6ByKupGxpVxGisUnG8UJv1Cj0xd8+nGXpxMsNm2VgdVPsqxct47XEyl/K1/6Tdc4IlNEcNIjASrI8+QOF3ceaP/3tx+lGVB+fGh3OJ8mTaJlEd5vXPum5LB71SiVHyxXP8VHUGka+Kth3H3wq8CT2Bu9sPrZ8FVng6ars8qd0pZt7pd6LoHLFiJ4FEt60LXX3fbzizG1vdHoth3hIiHF2wXQahh+FHT2HYXvVZpHPydajZzE3sDE4sJXAW/VDKg2y4ZobC+jp4uPIQxuZmSCkbt90W+9FiifsccB3mgWe/PK9NxS7RW1hjwv7U1jPFQW3i7EeiEzRwsAfJJ8chg==
template:
metadata:
creationTimestamp: null
name: collabora-secret
namespace: nextcloud

15
apps/nextcloud/dns-endpoint-collabora.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: externaldns.k8s.io/v1alpha1
kind: DNSEndpoint
metadata:
name: collabora.michaelthomson.dev
namespace: nextcloud
spec:
endpoints:
- dnsName: collabora.michaelthomson.dev
recordTTL: 180
recordType: CNAME
targets:
- michaelthomson.ddns.net
providerSpecific:
- name: external-dns.alpha.kubernetes.io/cloudflare-proxied
value: "true"

15
apps/nextcloud/dns-endpoint-nextcloud.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: externaldns.k8s.io/v1alpha1
kind: DNSEndpoint
metadata:
name: nextcloud.michaelthomson.dev
namespace: nextcloud
spec:
endpoints:
- dnsName: nextcloud.michaelthomson.dev
recordTTL: 180
recordType: CNAME
targets:
- michaelthomson.ddns.net
providerSpecific:
- name: external-dns.alpha.kubernetes.io/cloudflare-proxied
value: "true"

4
apps/nextcloud/namespace.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: nextcloud

21
apps/nextcloud/nextcloud-redis-secret.yaml Normal file
View File

@@ -0,0 +1,21 @@
{
"kind": "SealedSecret",
"apiVersion": "bitnami.com/v1alpha1",
"metadata": {
"name": "nextcloud-redis-secret",
"namespace": "nextcloud",
"creationTimestamp": null
},
"spec": {
"template": {
"metadata": {
"name": "nextcloud-redis-secret",
"namespace": "nextcloud",
"creationTimestamp": null
}
},
"encryptedData": {
"password": "AgBKouCi+6E0aBUR1n/j8mvq5PUJb42wuR3q4JWLDgLYf+3MzVRUYPHh6bkN/aYtVpmRNOC8w9SjnJ3FTOwrgt4xsBP6faNcRoRPN1VjxQk68oWlExIIbZWkEAeyn2L0lwSkPV8aTfaEIFhBPPj2NaHyGJQ0uDWPc68ZVpmukuxkTuhQ3hm/8JDDTOe216Dc8FUpsEwr7AN0s+ZdDHFdi+opIjYs39cg4QyQ+YrIqRBK6oS1TrKtPJSmQEKPIOXyRqY7TxTc9t8NGLE3WKY26SSNFB9AHYaqhZFn3MDHg350g0KdXgxycxVuOLnxGnW+aEmQC58QCwxvZUcR+oapzDnJ8QnHv3vbtCdICBjSEF+Lq9vGYBMhqlI9zJ9SLj7WmG21rxxLFAscHPU7yzcowcWgGLpjndkmTvO//wXXPXcgYzJiIrBrxHiFRhwyNsTrEYI4+8CX8KHtcYYL+p/GUVJQ3YQSZc1IlzXnhutsniZb7jSOyrBIzvObhc+0pvOWh4GzBHX0rUUaU1PdvxUITNzVwZOrLLiKUxlPXqgOMijFcHlmxiWTD2U291NqKCdKDbnMKNKjWR9EgOR7GM6/OMWzAIaAlULw69DMnDZsoEQHkJbuQmmABQJE2HinY7Kt6EFKX3KueCN8gHIA1rpKEbahsl9cwnKIkLVSif0HkOibifV28MUhtVNLON5qjE7hvitEyOZoQgxXTw76gMMSBufjiWLUuDyl7ada"
}
}
}

16
apps/nextcloud/postgres-secret.yaml Normal file
View File

@@ -0,0 +1,16 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: postgres-secret
namespace: nextcloud
spec:
encryptedData:
password: AgAx4sGDsXEHDTu0lTvW0E9KFgouJKiQvP8eIeUq7lkrNMDJ1+3KW98yiZ8PFeSSlcOqmW8M8K13pOvGXvmkYKHA2uV0FCO3UwAVxxmllMZytDM4FYxXhGCWUV3XC7fuIUkFGLF8BgGyNNZkZmDfmrEczfqmAjIze3WlQrWpqBkp4tGtgLpqZaKpmyTvnEtkH5WUwbg/uupmwqUV8cNCmzczfEEhtWHq45w6Zov6kaYNXimVgKJCHCGGcrskE2MbdpYnJ2Me8Bs6HpjV6tlDVLMoaxlr/sc1sN7XyNQBjiApjT0S8iPhaUdEsTgFZa36X3ReWoZvBVoge6kyT7GKC0DzzVShLD/BJ5zdWMt31K+J+7jFuLpLeFlSHoMNpkhlb3J28GI/RGYvdPWkQT0kXkIvmXt/l9XoFvKKKwhe6UQ7ULGBN9cWTySoqr9/9G0eYqxZ9WQ2h9WjuOiZd14J2opjGzfIJB20YMMBLoJ+QCZINvRRS8rKBw7hrDK6hDP3mIocLz66OnNWhptLZjDxfAYg0FQE2CwYkgdFaGdkX33AcYmTtNPP1qYw/MQkUfEE7MMR5/ABtXDBQQrnK54KAa1EEZ94C2JElceQBeFajNWIllFpl/S3QiIFr8OrOtzN4hPkGfNi5TQ1hRNNxKCOMimxhS3c8+tvvLEZDI8w0gFxO++WITC75mPTbwlTzYkovskKGvectx3rm+V4ideHOeiDow2OmNE2GEka
username: AgAcnwH13ZVW+QfveKCC4uRwjXmq0KWSdQrdNezse+w/h8rYReFbhG+3JV2Q0jkovU2jdVY8hQGTQsXLH824KeMYJN2d3MJhsN9GuTmskqp6ALyRhsneQyTyzgscb8lQQrUsQQ3kZmhtr+FWJBgyqRZtYUKihU7NEHN6HZ0XBKbQ0Mu7uq5K2mu9emhYHf0AkiAzVmMIMWt1xvOefkyH2mojHXgglo4MHzglkxxS/8jy9pTXfhr2dGRwyViS4HyVTEAD+Z1VaLX3uhghrEWGKnEyGcZF8Nto3FJXwEtCJH0KPFpSnPmu3jsq4EkQ94abAVe0/tT1lEAilYFlZL7SkDd28QD6dkBZCxqNukW8mst7xf9CsvLaJ+SkZsSnT0J6hQ/Gl8GbcrIYazxTaVutZ37h2io+tcQ8rWLF3U9/1fStpPr2Z/rEUdDgw/urYGCYwsQZAb9Ta1tG/5YjXrJUGQlKpntECtiLEMBQvbzgGqhYvnPlVoUneeVCEzx1dWci7jPWZ94cjZTYubi3Q5Wm5jeaeST34FLn+s56zVfDJ7CttN9Rv/lytkhYd7Tmv2ILpf9eyDePK0+WSrdaDF2W7NjAeEpQbt/+2WpCxc+KoHPZ7HA2DO3922gCrbaKoQ7bcais39+q9qrGvVSdUlNkLdpqQ6lycwbtqIgov9OludiOMhetGig6OO3TNkagNxgup5rj/B0RKXgyRjY=
template:
metadata:
creationTimestamp: null
name: postgres-secret
namespace: nextcloud

12
apps/nextcloud/pvc-postgres.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-postgres
namespace: nextcloud
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: 8Gi

169
apps/nextcloud/release.yaml Normal file
View File

@@ -0,0 +1,169 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: nextcloud
namespace: nextcloud
spec:
chart:
spec:
chart: nextcloud
version: 6.x
sourceRef:
kind: HelmRepository
name: nextcloud
interval: 15m
timeout: 5m
releaseName: nextcloud
values:
image:
pullPolicy: Always
ingress:
enabled: true
className: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
tls:
- hosts:
- nextcloud.michaelthomson.dev
secretName: letsencrypt-wildcard-cert-michaelthomson.dev
labels: {}
path: /
pathType: Prefix
phpClientHttpsFix:
enabled: true
nextcloud:
host: nextcloud.michaelthomson.dev
username: admin
password: admin
datadir: /data
configs:
proxy.config.php: |-
<?php
$CONFIG = array (
'trusted_proxies' => array(
0 => '127.0.0.1',
1 => '10.0.0.0/8',
),
'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'),
);
sqlite.config.php: |-
<?php
$CONFIG = array (
'sqlite.journal_mode' => 'WAL',
);
previews.config.php: |-
<?php
$CONFIG = array (
'enable_previews' => true,
'enabledPreviewProviders' => array (
'OC\Preview\Movie',
'OC\Preview\PNG',
'OC\Preview\JPEG',
'OC\Preview\GIF',
'OC\Preview\BMP',
'OC\Preview\XBitmap',
'OC\Preview\MP3',
'OC\Preview\MP4',
'OC\Preview\TXT',
'OC\Preview\MarkDown',
'OC\Preview\PDF'
),
);
internalDatabase:
enabled: false
externalDatabase:
enabled: true
type: postgresql
existingSecret:
enable: true
secretName: postgres-secret
usernameKey: username
passwordKey: password
postgresql:
enabled: true
global:
postgresql:
auth:
existingSecret: postgres-secret
secretKeys:
adminPasswordKey: password
userPasswordKey: password
replicationPasswordKey: password
primary:
persistence:
enabled: true
existingClaim: pvc-postgres
persistence:
enabled: true
storageClass: longhorn
accessMode: ReadWriteOnce
size: 8Gi
nextcloudData:
enabled: true
storageClass: nfs-client
accessMode: ReadWriteOnce
size: 14Ti
redis:
enabled: true
auth:
existingSecret: nextcloud-redis-secret
existingSecretPasswordKey: password
global:
storageClass: longhorn
collabora:
enabled: true
image:
tag: 24.04.11.1.1
collabora:
extra_params: --o:ssl.enable=false --o:ssl.termination=true
existingSecret:
enabled: true
secretName: "collabora-secret"
usernameKey: "username"
passwordKey: "password"
# securityContext:
# runAsNonRoot: true
# privileged: true
# capabilities:
# add:
# - SYS_ADMIN
# - MKNOD
ingress:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
hosts:
- host: collabora.michaelthomson.dev
paths:
- path: /
pathType: ImplementationSpecific
tls:
- hosts:
- collabora.michaelthomson.dev
secretName: letsencrypt-wildcard-cert-michaelthomson.dev
cronjob:
enabled: true
livenessProbe:
enabled: false
readinessProbe:
enabled: false

8
apps/nextcloud/repository.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: nextcloud
namespace: nextcloud
spec:
interval: 15m
url: https://nextcloud.github.io/helm/