Initial commit

cert-manager-letsencrypt-prod.yaml

@@ -0,0 +1,15 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+  namespace: cert-manager
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: david@bodicsek.host
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    solvers:
+      - http01:
+          ingress:
+            class: traefik

cert-manager.yaml

@@ -0,0 +1,17 @@
+# copy it to /var/lib/rancher/k3s/server/manifests on the server node
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cert-manager
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: cert-manager
+  namespace: kube-system
+spec:
+  repo: https://charts.jetstack.io
+  chart: cert-manager
+  targetNamespace: cert-manager
+  set:
+    installCRDs: "true"

container-registry.yaml

@@ -0,0 +1,52 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: container-registry-deployment
+  namespace: kube-system
+  labels:
+    app: container-registry
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: container-registry
+  template:
+    metadata:
+      labels:
+        app: container-registry
+    spec:
+      containers:
+        - image: registry:2
+          name: container-registry
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 5000
+          env:
+            - name: REGISTRY_STORAGE_DELETE_ENABLED
+              value: "true"
+          volumeMounts:
+            - name: registry-vol
+              mountPath: /var/lib/registry
+      volumes:
+        - name: registry-vol
+          hostPath:
+            path: /mnt/registry/
+            type: Directory
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: container-registry
+  namespace: kube-system
+  labels:
+    app: container-registry
+spec:
+  type: NodePort
+  selector:
+    app: container-registry
+  ports:
+  - port: 5000
+    targetPort: 5000
+    nodePort: 30000

dav.yaml

@@ -0,0 +1,85 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dav-deployment
+  namespace: default
+  labels:
+    app: dav
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: dav
+  template:
+    metadata:
+      labels:
+        app: dav
+    spec:
+      containers:
+        - image: tomsquest/docker-radicale:3.1.8.0
+          name: radicale
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 5232
+          volumeMounts:
+            - name: radicale-data-vol
+              mountPath: /data
+            - name: radicale-config-vol
+              mountPath: /config
+      volumes:
+        - name: radicale-data-vol
+          hostPath:
+            path: /mnt/radicale/data
+            type: Directory
+        - name: radicale-config-vol
+          hostPath:
+            path: /mnt/radicale/config
+            type: Directory            
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: dav
+  namespace: default
+  labels:
+    app: dav
+spec:
+  type: ClusterIP
+  selector:
+    app: dav
+  ports:
+  - port: 80
+    targetPort: 5232
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: dav.bodicsek.host
+spec:
+  secretName: dav.bodicsek.host
+  issuerRef:
+    name: letsencrypt-prod
+    kind: ClusterIssuer
+  dnsNames:
+    - dav.bodicsek.host
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: dav
+  namespace: default
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - kind: Rule
+    match: Host(`dav.bodicsek.host`)
+    services:
+    - kind: Service
+      name: dav
+      namespace: default
+      passHostHeader: true
+      port: 80
+  tls:
+    secretName: dav.bodicsek.host

git.yaml

@@ -0,0 +1,79 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: git-deployment
+  namespace: default
+  labels:
+    app: git
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: git
+  template:
+    metadata:
+      labels:
+        app: git
+    spec:
+      containers:
+        - image: gogs/gogs
+          name: gogs
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 3000
+          volumeMounts:
+            - name: gogs-vol
+              mountPath: /data
+      volumes:
+        - name: gogs-vol
+          hostPath:
+            path: /mnt/gogs2/
+            type: Directory
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: git
+  namespace: default
+  labels:
+    app: git
+spec:
+  type: ClusterIP
+  selector:
+    app: git
+  ports:
+  - port: 80
+    targetPort: 3000
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: git.bodicsek.host
+spec:
+  secretName: git.bodicsek.host
+  issuerRef:
+    name: letsencrypt-prod
+    kind: ClusterIssuer
+  dnsNames:
+    - git.bodicsek.host
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: git
+  namespace: default
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - kind: Rule
+    match: Host(`git.bodicsek.host`)
+    services:
+    - kind: Service
+      name: git
+      namespace: default
+      passHostHeader: true
+      port: 80
+  tls:
+    secretName: git.bodicsek.host

pwd.yaml

@@ -0,0 +1,88 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: pwd-deployment
+  namespace: default
+  labels:
+    app: pwd
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: pwd
+  template:
+    metadata:
+      labels:
+        app: pwd
+    spec:
+      containers:
+        - image: vaultwarden/server:1.28.1-alpine
+          name: vaultwarden
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 80
+          env:
+            - name: ENABLE_DB_WAL
+              value: "false"
+            - name: YUBICO_CLIENT_ID
+              value: "72098"
+            - name: YUBICO_SECRET_KEY
+              value: U1m4/HNRXLcNIp9zDA6DWOpLiGA=
+            - name: DOMAIN
+              value: https://pwd.bodicsek.host
+          volumeMounts:
+            - name: vaultwarden-vol
+              mountPath: /data
+      volumes:
+        - name: vaultwarden-vol
+          hostPath:
+            path: /mnt/bitwarden/
+            type: Directory
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: pwd
+  namespace: default
+  labels:
+    app: pwd
+spec:
+  type: ClusterIP
+  selector:
+    app: pwd
+  ports:
+  - port: 80
+    targetPort: 80
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: pwd.bodicsek.host
+spec:
+  secretName: pwd.bodicsek.host
+  issuerRef:
+    name: letsencrypt-prod
+    kind: ClusterIssuer
+  dnsNames:
+    - pwd.bodicsek.host
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: pwd
+  namespace: default
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - kind: Rule
+    match: Host(`pwd.bodicsek.host`)
+    services:
+    - kind: Service
+      name: pwd
+      namespace: default
+      passHostHeader: true
+      port: 80
+  tls:
+    secretName: pwd.bodicsek.host

webdav.yaml

@@ -0,0 +1,115 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: webdav-deployment
+  namespace: default
+  labels:
+    app: webdav
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: webdav
+  template:
+    metadata:
+      labels:
+        app: webdav
+    spec:
+      containers:
+        - image: rclone/rclone
+          name: rclone
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 80
+          volumeMounts:
+            - name: webdav-data-vol
+              mountPath: /data
+            - name: webdav-config-vol
+              mountPath: /config
+          args: ["serve", "webdav", "/data", "--addr", ":80", "--htpasswd", "/config/htpasswd"]
+      volumes:
+        - name: webdav-data-vol
+          hostPath:
+            path: /mnt/webdav/data
+            type: Directory
+        - name: webdav-config-vol
+          hostPath:
+            path: /mnt/webdav/config
+            type: Directory            
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: webdav
+  namespace: default
+  labels:
+    app: webdav
+spec:
+  type: ClusterIP
+  selector:
+    app: webdav
+  ports:
+  - port: 80
+    targetPort: 80
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: webdav.bodicsek.host
+spec:
+  secretName: webdav.bodicsek.host
+  issuerRef:
+    name: letsencrypt-prod
+    kind: ClusterIssuer
+  dnsNames:
+    - webdav.bodicsek.host
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: webdav-options-support
+spec:
+  headers:
+    accessControlAllowMethods:
+      - "GET"
+      - "HEAD"
+      - "POST"
+      - "PUT"
+      - "DELETE"
+      - "PATCH"
+      - "COPY"
+      - "LOCK"
+      - "UNLOCK"
+      - "MKCOL"
+      - "MOVE"
+      - "PROPFIND"
+      - "PROPPATCH"
+      - "OPTIONS"
+    accessControlAllowHeaders:
+      - "*"
+    accessControlAllowOriginList:
+      - "*"
+    accessControlMaxAge: 100
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: webdav
+  namespace: default
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - kind: Rule
+    match: Host(`webdav.bodicsek.host`)
+    middlewares:
+    - name: webdav-options-support
+    services:
+    - kind: Service
+      name: webdav
+      namespace: default
+      passHostHeader: true
+      port: 80
+  tls:
+    secretName: webdav.bodicsek.host