teddy/k3s
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

init

Browse source
This commit is contained in:
Teddy 2026-02-20 23:33:45 +00:00
commit a83cfb8e28
13 changed files with 60386 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

14
cert-manager-issuer.yaml Normal file
View file

@ -0,0 +1,14 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: toredvard99@gmail.com
privateKeySecretRef:
name: letsencrypt-account-key
solvers:
- http01:
ingress:
ingressClassName: traefik

26
dashboard-ingress.yaml Normal file
View file

@ -0,0 +1,26 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kubernetes-dashboard
namespace: kubernetes-dashboard
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/service.serversscheme: https
traefik.ingress.kubernetes.io/service.serverstransport: insecure@internal
spec:
ingressClassName: traefik
tls:
- hosts:
- dashboard.roysland.net
secretName: dashboard-tls
rules:
- host: dashboard.roysland.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kubernetes-dashboard
port:
number: 443

18
dashboard-user.yaml Normal file
View file

@ -0,0 +1,18 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard

76
forgejo/forgejo.yaml Normal file
View file

@ -0,0 +1,76 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: forgejo-data-pvc
namespace: forgejo
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-path
resources:
requests:
storage: 10Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: forgejo
namespace: forgejo
spec:
replicas: 1
selector:
matchLabels:
app: forgejo
template:
metadata:
labels:
app: forgejo
spec:
containers:
- name: forgejo
image: codeberg.org/forgejo/forgejo:11
env:
- name: USER_UID
value: "1000"
- name: USER_GID
value: "1000"
ports:
- containerPort: 3000
- containerPort: 22
volumeMounts:
- name: forgejo-data
mountPath: /data
- name: timezone
mountPath: /etc/timezone
readOnly: true
- name: localtime
mountPath: /etc/localtime
readOnly: true
volumes:
- name: forgejo-data
persistentVolumeClaim:
claimName: forgejo-data-pvc
- name: timezone
hostPath:
path: /etc/timezone
- name: localtime
hostPath:
path: /etc/localtime
---
apiVersion: v1
kind: Service
metadata:
name: forgejo
namespace: forgejo
spec:
type: NodePort
selector:
app: forgejo
ports:
- name: http
port: 3000
targetPort: 3000
- name: ssh
port: 22
targetPort: 22
nodePort: 30022

24
forgejo/ingress.yaml Normal file
View file

@ -0,0 +1,24 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: forgejo
namespace: forgejo
annotations:
cert-manager.io/cluster-issuer: letsencrypt
spec:
ingressClassName: traefik
tls:
- hosts:
- git.roysland.net
secretName: forgejo-tls
rules:
- host: git.roysland.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: forgejo
port:
number: 3000

57
forgejo/postgres.yaml Normal file
View file

@ -0,0 +1,57 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: forgejo-postgres-pvc
namespace: forgejo
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-path
resources:
requests:
storage: 5Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgres
namespace: forgejo
spec:
replicas: 1
selector:
matchLabels:
app: postgres
template:
metadata:
labels:
app: postgres
spec:
containers:
- name: postgres
image: postgres:16-alpine
env:
- name: POSTGRES_USER
value: forgejo
- name: POSTGRES_PASSWORD
value: forgejo
- name: POSTGRES_DB
value: forgejo
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: forgejo-postgres-pvc
---
apiVersion: v1
kind: Service
metadata:
name: postgres
namespace: forgejo
spec:
selector:
app: postgres
ports:
- port: 5432
targetPort: 5432

18
headlamp-ingress.yaml Normal file
View file

@ -0,0 +1,18 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: headlamp
namespace: kube-system
spec:
ingressClassName: traefik
rules:
- host: headlamp.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: headlamp
port:
number: 80

89
netdata.yaml Normal file
View file

@ -0,0 +1,89 @@
apiVersion: v1
kind: Namespace
metadata:
name: netdata
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: netdata
namespace: netdata
spec:
selector:
matchLabels:
app: netdata
template:
metadata:
labels:
app: netdata
spec:
hostPID: true
hostIPC: true
hostNetwork: true
containers:
- name: netdata
image: netdata/netdata:latest
securityContext:
capabilities:
add:
- SYS_PTRACE
- SYS_ADMIN
volumeMounts:
- name: proc
mountPath: /host/proc
readOnly: true
- name: sys
mountPath: /host/sys
readOnly: true
- name: os-release
mountPath: /host/etc/os-release
readOnly: true
env:
- name: NETDATA_CLAIM_TOKEN
value: ""
volumes:
- name: proc
hostPath:
path: /proc
- name: sys
hostPath:
path: /sys
- name: os-release
hostPath:
path: /etc/os-release
---
apiVersion: v1
kind: Service
metadata:
name: netdata
namespace: netdata
spec:
selector:
app: netdata
ports:
- port: 19999
targetPort: 19999
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: netdata
namespace: netdata
spec:
ingressClassName: traefik
rules:
- host: netdata.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: netdata
port:
number: 19999
```
Keeping it on `netdata.local` like Headlamp so it's not exposed to the internet. Add to your hosts file too:
```
192.168.50.49 netdata.local

59693
nextcloud-backup.sql Normal file
View file

File diff suppressed because one or more lines are too long

165
nextcloud/nextcloud.yaml Normal file
View file

@ -0,0 +1,165 @@
apiVersion: v1
kind: Namespace
metadata:
name: nextcloud
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nextcloud-db-pvc
namespace: nextcloud
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-path
resources:
requests:
storage: 5Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nextcloud-data-pvc
namespace: nextcloud
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-path
resources:
requests:
storage: 50Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgres
namespace: nextcloud
spec:
replicas: 1
selector:
matchLabels:
app: postgres
template:
metadata:
labels:
app: postgres
spec:
containers:
- name: postgres
image: postgres:16-alpine
env:
- name: POSTGRES_DB
value: nextcloud
- name: POSTGRES_USER
value: nextcloud
- name: POSTGRES_PASSWORD
value: nextcloud
volumeMounts:
- name: db-data
mountPath: /var/lib/postgresql/data
volumes:
- name: db-data
persistentVolumeClaim:
claimName: nextcloud-db-pvc
---
apiVersion: v1
kind: Service
metadata:
name: postgres
namespace: nextcloud
spec:
selector:
app: postgres
ports:
- port: 5432
targetPort: 5432
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nextcloud
namespace: nextcloud
spec:
replicas: 1
selector:
matchLabels:
app: nextcloud
template:
metadata:
labels:
app: nextcloud
spec:
containers:
- name: nextcloud
image: nextcloud:latest
env:
- name: POSTGRES_HOST
value: postgres
- name: POSTGRES_DB
value: nextcloud
- name: POSTGRES_USER
value: nextcloud
- name: POSTGRES_PASSWORD
value: nextcloud
- name: NEXTCLOUD_TRUSTED_DOMAINS
value: next.roysland.net
- name: TRUSTED_PROXIES
value: "10.42.0.0/16"
- name: OVERWRITEPROTOCOL
value: "https"
volumeMounts:
- name: nextcloud-data
mountPath: /var/www/html
volumes:
- name: nextcloud-data
persistentVolumeClaim:
claimName: nextcloud-data-pvc
---
apiVersion: v1
kind: Service
metadata:
name: nextcloud
namespace: nextcloud
spec:
selector:
app: nextcloud
ports:
- port: 80
targetPort: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nextcloud
namespace: nextcloud
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/router.middlewares: nextcloud-hsts@kubernetescrd
spec:
ingressClassName: traefik
tls:
- hosts:
- next.roysland.net
secretName: nextcloud-tls
rules:
- host: next.roysland.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nextcloud
port:
number: 80
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: hsts
namespace: nextcloud
spec:
headers:
stsSeconds: 15552000
stsIncludeSubdomains: true
stsPreload: true

45
ollama-ingress.yaml Normal file
View file

@ -0,0 +1,45 @@
apiVersion: v1
kind: Service
metadata:
name: ollama-external
namespace: default
spec:
ports:
- port: 3000
targetPort: 3000
---
apiVersion: v1
kind: Endpoints
metadata:
name: ollama-external
namespace: default
subsets:
- addresses:
- ip: 192.168.50.100
ports:
- port: 3000
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ollama
namespace: default
annotations:
cert-manager.io/cluster-issuer: letsencrypt
spec:
ingressClassName: traefik
tls:
- hosts:
- ai.roysland.net
secretName: ollama-tls
rules:
- host: ai.roysland.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: ollama-external
port:
number: 3000

72
teamspeak/teamspeak.yaml Normal file
View file

@ -0,0 +1,72 @@
apiVersion: v1
kind: Namespace
metadata:
name: teamspeak
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: teamspeak-pvc
namespace: teamspeak
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-path
resources:
requests:
storage: 5Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: teamspeak
namespace: teamspeak
spec:
replicas: 1
selector:
matchLabels:
app: teamspeak
template:
metadata:
labels:
app: teamspeak
spec:
containers:
- name: teamspeak
image: teamspeaksystems/teamspeak6-server:latest
env:
- name: TSSERVER_LICENSE_ACCEPTED
value: "accept"
ports:
- containerPort: 9987
protocol: UDP
- containerPort: 30033
protocol: TCP
volumeMounts:
- name: teamspeak-data
mountPath: /var/tsserver
volumes:
- name: teamspeak-data
persistentVolumeClaim:
claimName: teamspeak-pvc
---
apiVersion: v1
kind: Service
metadata:
name: teamspeak
namespace: teamspeak
spec:
type: NodePort
selector:
app: teamspeak
ports:
- name: voice
port: 9987
targetPort: 9987
nodePort: 30987
protocol: UDP
- name: filetransfer
port: 30033
targetPort: 30033
nodePort: 30033
protocol: TCP

89
vault/vaultwarden.yaml Normal file
View file

@ -0,0 +1,89 @@
apiVersion: v1
kind: Namespace
metadata:
name: vaultwarden
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: vaultwarden-pvc
namespace: vaultwarden
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-path
resources:
requests:
storage: 5Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: vaultwarden
namespace: vaultwarden
spec:
replicas: 1
selector:
matchLabels:
app: vaultwarden
template:
metadata:
labels:
app: vaultwarden
spec:
containers:
- name: vaultwarden
image: vaultwarden/server:latest
env:
- name: DOMAIN
value: "https://vault.roysland.net"
- name: SIGNUPS_ALLOWED
value: "false"
- name: ADMIN_TOKEN
value: "your-super-secret-admin-token-change-this"
ports:
- containerPort: 80
volumeMounts:
- name: vaultwarden-data
mountPath: /data
volumes:
- name: vaultwarden-data
persistentVolumeClaim:
claimName: vaultwarden-pvc
---
apiVersion: v1
kind: Service
metadata:
name: vaultwarden
namespace: vaultwarden
spec:
selector:
app: vaultwarden
ports:
- port: 80
targetPort: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: vaultwarden
namespace: vaultwarden
annotations:
cert-manager.io/cluster-issuer: letsencrypt
spec:
ingressClassName: traefik
tls:
- hosts:
- vault.roysland.net
secretName: vaultwarden-tls
rules:
- host: vault.roysland.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: vaultwarden
port:
number: 80