diff --git a/jellyfin/jellyfin.yaml b/jellyfin/jellyfin.yaml new file mode 100644 index 0000000..5e94846 --- /dev/null +++ b/jellyfin/jellyfin.yaml @@ -0,0 +1,87 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: jellyfin +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: jellyfin + namespace: jellyfin + labels: + app: jellyfin +spec: + replicas: 1 + selector: + matchLabels: + app: jellyfin + template: + metadata: + labels: + app: jellyfin + spec: + containers: + - name: jellyfin + image: jellyfin/jellyfin:latest + ports: + - containerPort: 8096 + name: http + volumeMounts: + - name: config + mountPath: /config + - name: cache + mountPath: /cache + resources: + requests: + memory: "512Mi" + cpu: "250m" + limits: + memory: "2Gi" + cpu: "2" + volumes: + - name: config + hostPath: + path: /opt/k3s/jellyfin/config + type: DirectoryOrCreate + - name: cache + hostPath: + path: /opt/k3s/jellyfin/cache + type: DirectoryOrCreate +--- +apiVersion: v1 +kind: Service +metadata: + name: jellyfin + namespace: jellyfin +spec: + type: ClusterIP + selector: + app: jellyfin + ports: + - port: 8096 + targetPort: 8096 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: jellyfin + namespace: jellyfin + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod +spec: + ingressClassName: traefik + tls: + - hosts: + - jelly.roysland.net + secretName: jellyfin-tls + rules: + - host: jelly.roysland.net + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: jellyfin + port: + number: 8096 diff --git a/passbolt/passbolt.yaml b/passbolt/passbolt.yaml new file mode 100644 index 0000000..826dde4 --- /dev/null +++ b/passbolt/passbolt.yaml @@ -0,0 +1,196 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: passbolt +--- +apiVersion: v1 +kind: Secret +metadata: + name: passbolt-secrets + namespace: passbolt +type: Opaque +stringData: + DATASOURCES_DEFAULT_PASSWORD: "change-me-db-password" + DATASOURCES_DEFAULT_USERNAME: "passbolt" + DATASOURCES_DEFAULT_DATABASE: "passbolt" + MYSQL_ROOT_PASSWORD: "change-me-root-password" + MYSQL_PASSWORD: "change-me-db-password" + MYSQL_USER: "passbolt" + MYSQL_DATABASE: "passbolt" +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mariadb-pvc + namespace: passbolt +spec: + accessModes: + - ReadWriteOnce + storageClassName: local-path + resources: + requests: + storage: 5Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: passbolt-gpg-pvc + namespace: passbolt +spec: + accessModes: + - ReadWriteOnce + storageClassName: local-path + resources: + requests: + storage: 1Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: passbolt-jwt-pvc + namespace: passbolt +spec: + accessModes: + - ReadWriteOnce + storageClassName: local-path + resources: + requests: + storage: 1Gi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mariadb + namespace: passbolt +spec: + replicas: 1 + selector: + matchLabels: + app: mariadb + template: + metadata: + labels: + app: mariadb + spec: + containers: + - name: mariadb + image: mariadb:10.11 + envFrom: + - secretRef: + name: passbolt-secrets + ports: + - containerPort: 3306 + volumeMounts: + - name: mariadb-data + mountPath: /var/lib/mysql + volumes: + - name: mariadb-data + persistentVolumeClaim: + claimName: mariadb-pvc +--- +apiVersion: v1 +kind: Service +metadata: + name: mariadb + namespace: passbolt +spec: + selector: + app: mariadb + ports: + - port: 3306 + targetPort: 3306 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: passbolt + namespace: passbolt +spec: + replicas: 1 + selector: + matchLabels: + app: passbolt + template: + metadata: + labels: + app: passbolt + spec: + containers: + - name: passbolt + image: passbolt/passbolt:latest-ce + env: + - name: APP_FULL_BASE_URL + value: "https://pb.roysland.net" + - name: DATASOURCES_DEFAULT_HOST + value: "mariadb" + - name: DATASOURCES_DEFAULT_PORT + value: "3306" + - name: DATASOURCES_DEFAULT_USERNAME + valueFrom: + secretKeyRef: + name: passbolt-secrets + key: DATASOURCES_DEFAULT_USERNAME + - name: DATASOURCES_DEFAULT_PASSWORD + valueFrom: + secretKeyRef: + name: passbolt-secrets + key: DATASOURCES_DEFAULT_PASSWORD + - name: DATASOURCES_DEFAULT_DATABASE + valueFrom: + secretKeyRef: + name: passbolt-secrets + key: DATASOURCES_DEFAULT_DATABASE + - name: PASSBOLT_SSL_FORCE + value: "true" + ports: + - containerPort: 80 + - containerPort: 443 + volumeMounts: + - name: gpg-data + mountPath: /etc/passbolt/gpg + - name: jwt-data + mountPath: /etc/passbolt/jwt + volumes: + - name: gpg-data + persistentVolumeClaim: + claimName: passbolt-gpg-pvc + - name: jwt-data + persistentVolumeClaim: + claimName: passbolt-jwt-pvc +--- +apiVersion: v1 +kind: Service +metadata: + name: passbolt + namespace: passbolt +spec: + selector: + app: passbolt + ports: + - port: 80 + targetPort: 80 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: passbolt + namespace: passbolt + annotations: + cert-manager.io/cluster-issuer: letsencrypt +spec: + ingressClassName: traefik + tls: + - hosts: + - pb.roysland.net + secretName: passbolt-tls + rules: + - host: pb.roysland.net + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: passbolt + port: + number: 80