homeasistant/homeassistant.yaml

@@ -1,31 +1,3 @@
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: homeassistant
-spec:
-  storageClassName: manual
-  capacity:
-    storage: 300Mi
-  accessModes:
-    - ReadWriteOnce
-  nfs:
-    path: /volume1/NFS/homeassistant
-    server: 192.168.2.44
-    readOnly: false
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: homeassistant
-spec:
-  storageClassName: manual
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 300Mi
----
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -55,6 +27,8 @@ spec:
           image: ghcr.io/home-assistant/home-assistant:stable
           imagePullPolicy: "Always"
           env:
+          - name: TZ
+            value: "Europe/Zurich"
           volumeMounts:
           - name: homeassistant
             mountPath: /config
@@ -81,3 +55,15 @@ spec:
       targetPort: http
       nodePort: 31823
       name: http
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: homeassistant
+spec:
+  storageClassName: nfs-vrt
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 300Mi

ingress/values.yaml

@@ -11,7 +11,6 @@ controller:
     externalTrafficPolicy: "Local"
     # Make it accessible from my router.
     externalIPs:
-      - 35.184.127.55    # ggl.dodges.it
       - 5.196.26.88   # ovh.dodges.it
       - 81.6.34.64   # init7 home
       - 2001:41d0:401:3200::1d20
@@ -34,6 +33,9 @@ controller:
       - protocol: TCP
         port: 3125
         name: standardnotes-fs
+      - protocol: TCP
+        port: 8776
+        name: radicle-seed-tcp
   enableCertManager: true
   enableSnippets: true
   enableLatencyMetrics: true
@@ -55,6 +57,9 @@ controller:
       - name: standardnotes-fs-tcp
         port: 3125
         protocol: TCP
+      - name: radicle-seed-tcp
+        port: 8776
+        protocol: TCP
   tolerations:
     - key: "isNginx"
       operator: "Exists"

nextcloud/image/Dockerfile

@@ -1,4 +1,4 @@
-FROM nextcloud:29.0.1-apache
+FROM nextcloud:29.0.2-apache
 
 RUN apt-get update && apt-get install -y \
     supervisor \

puppet/values.yaml

@@ -1,32 +1,27 @@
+storage:
+  storageClass: nfs-vrt
 puppetdb:
-  fullname: "puppet.dodges.it"
-  persistence:
-    existingClaim: "ppt-puppetdb-pvc"
+  enabled: true
+  fqdns:
+    alternateServerNames: ["puppet.dodges.it"]
   image: ghcr.io/voxpupuli/container-puppetdb
+  metrics:
+    enabled: true
   extraEnv:
     PUPPETDB_JAVA_ARGS: "-Djava.net.preferIPv4Stack=true -Xms256m -Xmx256m -XX:+UseParallelGC -Xloggc:/opt/puppetlabs/server/data/puppetdb/puppetdb_gc.log -Djdk.tls.ephemeralDHKeySize=2048"
+  service:
+    type: ClusterIP
+puppetboard:
+  enabled: false
 puppetserver:
   pullPolicy: Always
   puppeturl: "ssh://git@gogs.dodges.it:31443/qdii/k8s_puppet.git"
-  persistence:
-    ca:
-      existingClaim: "ppt-ca-pvc"
-    code:
-      existingClaim: "ppt-code-pvc"
-    data:
-      existingClaim: "ppt-data-pvc"
-    confd:
-      existingClaim: "ppt-confd-pvc"
-    puppet:
-      existingClaim: "ppt-puppet-pvc"
-    server:
-      existingClaim: "ppt-server-pvc"
   masters:
     fqdns:
       alternateServerNames: "puppet.dodges.it"
     san: "puppet.dodges.it"
     extraEnv:
-      AUTOSIGN: false
+      AUTOSIGN: true
   image: "ghcr.io/voxpupuli/container-puppetserver"
 global:
   postgresql:
@@ -36,7 +31,7 @@ global:
 postgresql:
   primary:
     persistence:
-      existingClaim: "ppt-postgresql-pvc"
+      storageClass: nfs-vrt
     affinity:
       nodeAffinity:
         preferredDuringSchedulingIgnoredDuringExecution:
@@ -110,3 +105,4 @@ affinity:
 metrics:
   prometheus:
     enabled: true
+    port: 9090

radicle/Dockerfile

@@ -0,0 +1,38 @@
+FROM ubuntu:latest
+
+
+RUN apt-get update -y
+RUN apt-get install -y curl git xz-utils jq moreutils
+
+# Prepare directory to host radicle binaries 
+RUN mkdir -p /usr/local/{bin,man,man/man1}
+RUN chown ubuntu: /usr/local/{bin,man,man/man1}
+
+# Install rad and radicle-node
+RUN curl -v -o "/tmp/radicle.tar.xz" -L "https://files.radicle.xyz/releases/latest/radicle-x86_64-unknown-linux-musl.tar.xz"
+RUN tar -C "/usr/local" --strip-components=1 -xf "/tmp/radicle.tar.xz"
+RUN rm "/tmp/radicle.tar.xz"
+
+# Install radicle-httpd 
+RUN curl -v -o "/tmp/radicle-httpd.tar.xz" -L "https://files.radicle.xyz/releases/radicle-httpd/latest/radicle-x86_64-unknown-linux-musl.tar.xz"
+RUN tar -C "/usr/local" --strip-components=1 -xf "/tmp/radicle-httpd.tar.xz"
+RUN rm "/tmp/radicle-httpd.tar.xz"
+
+# Prepare scripts
+COPY start_radicle.sh "/home/ubuntu/start_radicle.sh"
+COPY probe_radicle.sh "/home/ubuntu/probe_radicle.sh"
+RUN chmod u+x "/home/ubuntu/start_radicle.sh"
+RUN chown "ubuntu:" "/home/ubuntu/start_radicle.sh"
+
+# Prepare storage directories
+RUN mkdir /home/ubuntu/radicle
+RUN chown ubuntu /home/ubuntu/radicle
+
+USER ubuntu
+WORKDIR /home/ubuntu
+
+ENV RAD_HOME=/home/ubuntu/radicle
+
+VOLUME /home/ubuntu/radicle
+
+ENTRYPOINT /home/ubuntu/start_radicle.sh

radicle/config.json

@@ -0,0 +1,53 @@
+{
+  "publicExplorer": "https://app.radicle.xyz/nodes/$host/$rid$path",
+  "preferredSeeds": [
+    "z6MkrLMMsiPWUcNPHcRajuMi9mDfYckSoJyPwwnknocNYPm7@seed.radicle.garden:8776",
+    "z6Mkmqogy2qEM2ummccUthFEaaHvyYmYBYh3dbe9W4ebScxo@ash.radicle.garden:8776"
+  ],
+  "web": {
+    "pinned": {
+      "repositories": []
+    }
+  },
+  "cli": {
+    "hints": true
+  },
+  "node": {
+    "alias": "radicle.dodges.it",
+    "listen": [],
+    "peers": {
+      "type": "dynamic"
+    },
+    "connect": [],
+    "externalAddresses": ["radicle.dodges.it:8776"],
+    "network": "main",
+    "log": "INFO",
+    "relay": "auto",
+    "limits": {
+      "routingMaxSize": 1000,
+      "routingMaxAge": 604800,
+      "gossipMaxAge": 1209600,
+      "fetchConcurrency": 1,
+      "maxOpenFiles": 4096,
+      "rate": {
+        "inbound": {
+          "fillRate": 5.0,
+          "capacity": 1024
+        },
+        "outbound": {
+          "fillRate": 10.0,
+          "capacity": 2048
+        }
+      },
+      "connection": {
+        "inbound": 128,
+        "outbound": 16
+      }
+    },
+    "workers": 8,
+    "seedingPolicy": {
+      "default": "allow"
+    }
+  }
+}
+

radicle/probe_radicle.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+# No need for a real passphrase as the node will be deleted right after
+# it connects to the target seed node. It is set in an environment variable
+# so that rad node start can access it.
+export RAD_PASSPHRASE="unused_passphrase"
+
+echo "$RAD_PASSPHRASE" | rad auth --stdin --alias "probe"
+
+echo "Starting node"
+rad node start
+
+echo "Probing $TARGET"
+rad node connect "$TARGET"

radicle/radicle.yaml

@@ -0,0 +1,128 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: radicle
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: radicle
+  template:
+    metadata:
+      labels:
+        name: radicle
+        nginx: backend
+    spec:
+      volumes:
+      - name: storage
+        persistentVolumeClaim:
+          claimName: "radicle-pvc"
+      restartPolicy: Always
+      containers:
+        - name: radicle
+          image: qdii/radicle:latest
+          imagePullPolicy: "Always"
+          env:
+          - name: HOSTNAME
+            value: "radicle.dodges.it"
+          - name: RAD_SEEDING_POLICY
+            value: "allow"
+          - name: RAD_KEYGEN_SEED
+            valueFrom: 
+              secretKeyRef:
+                name: radicle
+                key: seed
+          - name: RAD_PASSPHRASE
+            valueFrom: 
+              secretKeyRef:
+                name: radicle
+                key: passphrase
+          resources:
+            requests:
+              cpu: "2"
+              ephemeral-storage: "1Gi"
+              memory: "5Gi"
+            limits:
+              cpu: "3"
+              ephemeral-storage: "2Gi"
+              memory: "6Gi"
+          ports:
+            - containerPort: 8776
+              name: seed
+              protocol: TCP
+            - containerPort: 8080
+              name: http
+              protocol: TCP
+          volumeMounts:
+            - name: storage
+              mountPath: /home/ubuntu/radicle
+          livenessProbe:
+            httpGet:
+              path: /api/v1
+              port: http
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: radicle
+spec:
+  type: ClusterIP
+  ipFamilyPolicy: SingleStack
+  ipFamilies:
+    - IPv4
+  selector:
+    name: radicle
+  ports:
+    - protocol: TCP
+      port: 8080
+      targetPort: 8080
+      name: http
+    - protocol: TCP
+      port: 8776
+      targetPort: 8776
+      name: seed
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: radicle-ingress
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt"
+    acme.cert-manager.io/http01-edit-in-place: "true"
+    nginx.org/client-max-body-size: "500m"
+    nginx.org/proxy-connect-timeout: "60s"
+    nginx.org/proxy-read-timeout: "60s"
+    # Uncomment to allow solving HTTP01 challenge
+    nginx.org/hsts: "true"
+    ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.org/redirect-to-https: "true"
+spec:
+  tls:
+  - hosts:
+    - radicle.dodges.it
+    secretName: radicle-le-secret
+  rules:
+  - host: radicle.dodges.it
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: radicle
+            port:
+              number: 8080
+  ingressClassName: nginx
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: radicle-pvc
+spec:
+  storageClassName: nfs-vrt
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 50Gi
+

radicle/start_radicle.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+CONFIG="${RAD_HOME}/config.json"
+
+# Create a profile
+echo "$RAD_PASSPHRASE" | rad auth --stdin --alias "$HOSTNAME"
+
+if [ "$RAD_SEEDING_POLICY" = 'allow' ]; then
+  jq '.node.seedingPolicy.default = "allow"' "$CONFIG" | sponge "$CONFIG" 
+fi
+
+jq '.node.externalAddresses = ["'"${HOSTNAME}:8776"'"]' "$CONFIG" | sponge "$CONFIG" 
+jq '.node.listen = ["0.0.0.0:8776"]' "$CONFIG" | sponge "$CONFIG" 
+
+rad node start -- --listen "0.0.0.0:8776"
+
+# Print information about this node
+rad self
+
+# Start HTTPd server
+radicle-httpd

registry/values.yaml

@@ -1,7 +1,6 @@
 persistence:
   enabled: true
-  storageClass: manual
-  existingClaim: "registry"
+  storageClass: nfs-vrt
 metrics:
   enabled: true
 ingress: