luc/alpine-server
1
0
Fork 0
Code Issues Pull requests Activity

change folder layout

Browse source
This commit is contained in:
Luc Bijl 2025-08-17 15:00:35 +02:00
parent b8669e3b00
commit 0cc125394f
13 changed files with 0 additions and 679 deletions
Download patch file Download diff file Expand all files Collapse all files

23
bin/load
View file

@ -1,23 +0,0 @@
#!/bin/sh
command="/usr/bin/podman"
# Loads dumped databases
postgres_databases="gitea"
for database in $postgres_databases
do
exec $command exec -it ${database}-pod-postgres sh -c "gunzip -c /dump/${database}.sql.gz | psql -U postgres"
done
# Imports volumes
volumes="gitea-pod-gitea-data"
for volume in $volumes
do
exec $command volume import $volume <home>/.volumes/${volume}.tar
done

49
caddy/caddyfile
View file

@ -1,49 +0,0 @@
{
email <email>
}
vault.bijl.us {
reverse_proxy :1080
}
git.bijl.us {
reverse_proxy :2080
}
docs.bijl.us {
reverse_proxy :2180
}
wiki.bijl.us {
reverse_proxy :2280
}
matrix.bijl.us {
handle /_matrix/* {
reverse_proxy :3080
}
handle /.well-known/matrix/server {
respond {"m.server":"matrix.bijl.us:443"}
}
handle /.well-known/matrix/client {
respond {"m.homeserver":{"base_url":"https://matrix.bijl.us"}}
}
}
element.bijl.us {
reverse_proxy :3180
}
notes.bijl.us {
reverse_proxy :4080
}
share.bijl.us {
reverse_proxy :5080
}
smarthome.bijl.us {
reverse_proxy :6080
}

60
pods/bitwarden/bitwarden-pod.yml
View file

@ -1,60 +0,0 @@
apiversion: v1
kind: Pod
metadata:
name: bitwarden-pod
annotations:
io.podman.annotations.infra.name: bitwarden-pod-infra
spec:
containers:
- name: vaultwarden
image: docker.io/vaultwarden/server:alpine
env:
- name: SIGNUPS_ALLOWED
value: false
- name: DATABASE_URL
value: "postgresql://postgres:<secret>@bitwarden-pod-postgres/vaultwarden"
- name: ROCKET_PORT
value: 3000
ports:
- containerport: 3000
hostport: 1080
protocol: TCP
volumemounts:
- mountpath: /data
name: vaultwarden-data
- mountpath: /etc/localtime
name: localtime
readonly: true
- name: postgres
image: docker.io/library/postgres:16-alpine
env:
- name: POSTGRES_PASSWORD
valuefrom:
secretkeyref:
name: bitwarden-secrets
key: postgres-password
volumemounts:
- mountpath: /dump
name: postgres-dump
- mountpath: /var/lib/postgresql/data
name: postgres-data
- mountpath: /etc/localtime
name: localtime
readonly: true
volumes:
- persistentvolumeclaim:
claimname: bitwarden-pod-vaultwarden-data
name: vaultwarden-data
- hostpath:
path: <home>/.dump/bitwarden
type: Directory
name: postgres-dump
- persistentvolumeclaim:
claimname: bitwarden-pod-postgres-data
name: postgres-data
- hostPath:
path: /etc/localtime
type: File
name: localtime

8
pods/bitwarden/bitwarden-secrets.yml
View file

@ -1,8 +0,0 @@
apiversion: v1
data:
postgres-password: <base64-secret>
postgres-url: <base64-secret>
kind: Secret
metadata:
creationtimestamp: null
name: bitwarden-secrets

101
pods/git/git-pod.yml
View file

@ -1,101 +0,0 @@
apiversion: v1
kind: Pod
metadata:
name: git-pod
annotations:
io.podman.annotations.infra.name: git-pod-infra
spec:
containers:
- name: gitea
image: docker.io/gitea/gitea:latest
env:
- name: USER_UID
value: "1000"
- name: USER_GID
value: "1000"
- name: GITEA__database__HOST
value: "git-pod-postgres"
- name: GITEA__database__USER
value: "postgres"
- name: GITEA__database__PASSWD
valuefrom:
secretkeyref:
name: git-secrets
key: postgres-password
- name: GITEA__database__NAME
value: "gitea"
ports:
- containerport: 3000
hostport: 2080
protocol: TCP
volumemounts:
- mountpath: /data
name: gitea-data
- mountpath: /etc/localtime
name: localtime
readonly: true
- name: documentation
image: git-mkdocs:latest
env:
- name: GIT_REPO_URL
value: "https://git.bijl.us/lnco/documentation.git"
- name: PORT
value: 3100
- containerport: 3100
hostport: 2180
protocol: TCP
volumemounts:
- mountpath: /etc/localtime
name: localtime
readonly: true
- name: wiki
image: git-mkdocs-wiki:latest
env:
- name: GIT_REPO_URL
value: "https://git.bijl.us/luc/mathematics-physics-wiki.git"
- name: WIKI_LANG
value: "en nl"
- name: PORT
value: 3200
- containerport: 3200
hostport: 2280
protocol: TCP
volumemounts:
- mountpath: /etc/localtime
name: localtime
readonly: true
- name: postgres
image: docker.io/library/postgres:16-alpine
env:
- name: POSTGRES_PASSWORD
valuefrom:
secretkeyref:
name: git-secrets
key: postgres-password
volumemounts:
- mountpath: /dump
name: postgres-dump
- mountpath: /var/lib/postgresql/data
name: postgres-data
- mountpath: /etc/localtime
name: localtime
readonly: true
volumes:
- persistentvolumeclaim:
claimname: git-pod-gitea-data
name: gitea-data
- hostpath:
path: <home>/.dump/git
type: Directory
name: postgres-dump
- persistentvolumeclaim:
claimname: git-pod-postgres-data
name: postgres-data
- hostpath:
path: /etc/localtime
type: File
name: localtime

7
pods/git/git-secrets.yml
View file

@ -1,7 +0,0 @@
apiversion: v1
data:
postgres-password: <base64-secret>
kind: Secret
metadata:
creationtimestamp: null
name: git-secrets

129
pods/matrix/matrix-pod.yml
View file

@ -1,129 +0,0 @@
apiversion: v1
kind: Pod
metadata:
name: matrix-pod
annotations:
io.podman.annotations.infra.name: matrix-pod-infra
spec:
containers:
- name: dendrite
image: matrixdotorg/dendrite-monolith:latest
ports:
- containerport: 8008
hostport: 3080
protocol: TCP
- containerport: 8448
hostport: 8448
protocol: TCP
volumemounts:
- mountpath: /etc/dendrite
name: dendrite-config
- mountpath: /var/dendrite/media
name: dendrite-media
- mountpath: /var/dendrite/jetstream
name: dendrite-jetstream
- mountpath: /var/dendrite/searchindex
name: dendrite-searchindex
- mountpath: /etc/localtime
name: localtime
readonly: true
- name: mautrix-whatsapp
image: dock.mau.dev/mautrix/whatsapp:latest
command:
- /usr/bin/mautrix-whatsapp
- -c
- /data/config.yaml
- -r
- /data/registration.yaml
- --ignore-unsupported-server
volumemounts:
- mountpath: /data
name: mautrix-whatsapp-config
- mountpath: /etc/localtime
name: localtime
readonly: true
- name: mautrix-signal
image: dock.mau.dev/mautrix/signal:latest
command:
- /usr/bin/mautrix-signal
- -c
- /data/config.yaml
- -r
- /data/registration.yaml
- --ignore-unsupported-server
volumemounts:
- mountpath: /data
name: mautrix-signal-config
- mountpath: /etc/localtime
name: localtime
readonly: true
- name: element
image: vectorim/element-web:latest
ports:
- containerport: 80
hostport: 3180
protocol: TCP
volumemounts:
- mountpath: /app/config.json
name: element-config
- mountpath: /etc/localtime
name: localtime
readonly: true
- name: postgres
image: docker.io/library/postgres:16-alpine
env:
- name: POSTGRES_PASSWORD
valuefrom:
secretkeyref:
name: matrix-secrets
key: postgres-password
volumemounts:
- mountpath: /dump
name: postgres-dump
- mountpath: /var/lib/postgresql/data
name: postgres-data
- mountpath: /etc/localtime
name: localtime
readonly: true
volumes:
- hostpath:
path: <home>/.config/pods/matrix/dendrite-config
type: Directory
name: dendrite-config
- persistentvolumeclaim:
claimname: matrix-pod-dendrite-media
name: dendrite-media
- persistentvolumeclaim:
claimname: matrix-pod-dendrite-jetstream
name: dendrite-jetstream
- persistentvolumeclaim:
claimname: matrix-pod-dendrite-searchindex
name: dendrite-searchindex
- hostpath:
path: <home>/.config/pods/matrix/mautrix-whatsapp-config
type: Directory
name: mautrix-whatsapp-config
- hostpath:
path: <home>/.config/pods/matrix/mautrix-signal-config
type: Directory
name: mautrix-signal-config
- hostpath:
path: <home>/.config/pods/matrix/element-config/config.json
type: File
name: element-config
- hostpath:
path: <home>/.dump/matrix
type: Directory
name: postgres-dump
- persistentvolumeclaim:
claimname: matrix-pod-postgres-data
name: postgres-data
- hostpath:
path: /etc/localtime
type: File
name: localtime

7
pods/matrix/matrix-secrets.yml
View file

@ -1,7 +0,0 @@
apiversion: v1
data:
postgres-password: <base64-secret>
kind: Secret
metadata:
creationtimestamp: null
name: matrix-secrets

73
pods/notes/notes-pod.yml
View file

@ -1,73 +0,0 @@
apiversion: v1
kind: Pod
metadata:
name: notes-pod
annotations:
io.podman.annotations.infra.name: notes-pod-infra
spec:
containers:
- name: hedgedoc
image: quay.io/hedgedoc/hedgedoc:alpine
env:
- name: CMD_DB_URL
valuefrom:
secretkeyref:
name: notes-secrets
key: postgres-url
- name: CMD_ALLOW_EMAIL_REGISTER
value: true
- name: CMD_DOMAIN
value: "notes.bijl.us"
- name: CMD_PROTOCOL_USESSL
value: true
- name: CMD_URL_ADDPORT
value: false
- name: NODE_ENV
value: production
- name: CMD_IMAGE_UPLOAD_TYPE
value: filesystem
- name: UPLOADS_MODE
value: 0700
ports:
- containerport: 3000
hostport: 4080
protocol: TCP
volumemounts:
- mountpath: /hedgedoc/public/uploads
name: hedgedoc-uploads
- mountpath: /etc/localtime
name: localtime
readonly: true
- name: postgres
image: docker.io/library/postgres:16-alpine
env:
- name: POSTGRES_PASSWORD
valuefrom:
secretkeyref:
name: notes-secrets
key: postgres-password
volumemounts:
- mountpath: /dump
name: postgres-dump
- mountpath: /var/lib/postgresql/data
name: postgres-data
- mountpath: /etc/localtime
name: localtime
readonly: true
volumes:
- persistentvolumeclaim:
claimname: notes-pod-hedgedoc-uploads
name: hedgedoc-uploads
- hostpath:
path: <home>/.dump/notes
type: Directory
name: postgres-dump
- persistentvolumeclaim:
claimname: notes-pod-postgres-data
name: postgres-data
- hostPath:
path: /etc/localtime
type: File
name: localtime

8
pods/notes/notes-secrets.yml
View file

@ -1,8 +0,0 @@
apiversion: v1
data:
postgres-password: <base64-secret>
postgres-url: <base64-url>
kind: Secret
metadata:
creationtimestamp: null
name: notes-secrets

34
pods/share/share-pod.yml
View file

@ -1,34 +0,0 @@
apiversion: v1
kind: Pod
metadata:
name: share-pod
annotations:
io.podman.annotations.infra.name: share-pod-infra
spec:
containers:
- name: picoshare
image: docker.io/mtlynch/picoshare:latest
env:
- name: PS_SHARED_SECRET
value: "<secret>"
- name: PORT
value: 3000
ports:
- containerport: 3000
hostport: 5080
protocol: TCP
volumemounts:
- mountpath: /data
name: picoshare-data
- mountpath: /etc/localtime
name: localtime
readonly: true
volumes:
- persistentvolumeclaim:
claimname: share-pod-picoshare-data
name: picoshare-data
- hostPath:
path: /etc/localtime
type: File
name: localtime

171
pods/smarthome/smarthome-pod.yml
View file

@ -1,171 +0,0 @@
apiversion: v1
kind: Pod
metadata:
name: smarthome-pod
annotations:
io.podman.annotations.infra.name: smarthome-pod-infra
run.oci.keep_original_groups: 1
spec:
containers:
- name: home-assistant
image: ghcr.io/home-assistant/home-assistant:latest
ports:
- containerport: 3000
hostport: 6080
protocol: TCP
volumemounts:
- mountpath: /config
name: home-assistant-config
- mountpath: /dev/ttyUSB0
name: home-assistant-usb0
- mountpath: /dev/ttyUSB1
name: home-assistant-usb1
- mountpath: /etc/localtime
name: localtime
readonly: true
- name: mosquitto
image: docker.io/eclipse-mosquitto:latest
ports:
- containerport: 1883
hostport: 1883
protocol: TCP
volumemounts:
- mountpath: /mosquitto/config
name: mosquitto-config
- mountpath: /mosquitto/data
name: mosquitto-data
- mountpath: /mosquitto/log
name: mosquitto-log
- mountpath: /etc/localtime
name: localtime
readonly: true
- name: esphome
image: docker.io/esphome/esphome:stable
env:
- name: USERNAME
value: "<username>"
- name: PASSWORD
value: "<secret>"
ports:
- containerport: 6052
hostport: 6052
protocol: TCP
volumemounts:
- mountpath: /config
name: esphome-config
- mountpath: /etc/localtime
name: localtime
readonly: true
- name: ecowitt
image: docker.io/bachya/ecowitt2mqtt:latest
env:
- name: ECOWITT2MQTT_MQTT_BROKER
value: "smarthome-pod-mosquitto"
- name: ECOWITT2MQTT_MQTT_USERNAME
value: "<username>"
- name: ECOWITT2MQTT_MQTT_PASSWORD
value: "<secret>"
- name: ECOWITT2MQTT_PORT
value: 8181
- name: ECOWITT2MQTT_HASS_DISCOVERY
value: true
- name: ECOWITT2MQTT_INPUT_UNIT_SYSTEM
value: "imperial"
- name: ECOWITT2MQTT_OUTPUT_UNIT_SYSTEM
value: "metric"
- name: ECOWITT2MQTT_PRECISION
value: 1
ports:
- containerport: 8181
hostport: 8181
protocol: TCP
volumemounts:
- mountpath: /etc/localtime
name: localtime
readonly: true
- name: volvo
image: ghcr.io/dielee/volvo2mqtt:latest
env:
- name: CONF_updateInterval
value: 300
- name: CONF_babelLocale
value: "nl"
- name: CONF_mqtt
valuefrom:
secretkeyref:
name: smarthome-secrets
key: volvo-mosquitto
- name: CONF_volvoData
valuefrom:
secretkeyref:
name: smarthome-secrets
key: volvo-url
volumemounts:
- mountpath: /volvoAAOS2mqtt
name: volvo-data
- mountpath: /etc/localtime
name: localtime
readonly: true
- name: postgres
image: docker.io/library/postgres:16-alpine
env:
- name: POSTGRES_PASSWORD
valuefrom:
secretkeyref:
name: smarthome-secrets
key: postgres-password
volumemounts:
- mountpath: /dump
name: postgres-dump
- mountpath: /var/lib/postgresql/data
name: postgres-data
- mountpath: /etc/localtime
name: localtime
readonly: true
volumes:
- hostpath:
path: <home>/.config/pods/smarthome/home-assistant-config
type: Directory
name: home-assistant-config
- hostpath:
path: /dev/ttyUSB0
type: File
name: home-assistant-usb0
- hostpath:
path: /dev/ttyUSB1
type: File
name: home-assistant-usb1
- hostpath:
path: <home>/.config/pods/smarthome/mosquitto-config
type: Directory
name: mosquitto-config
- persistentvolumeclaim:
claimname: smarthome-pod-mosquitto-data
name: mosquitto-data
- persistentvolumeclaim:
claimname: smarthome-pod-mosquitto-log
name: mosquitto-log
- hostpath:
path: <home>/.config/pods/smarthome/esphome-config
type: Directory
name: esphome-config
- persistentvolumeclaim:
claimname: smarthome-pod-volvo-data
name: volvo-data
- hostpath:
path: <home>/.dump/smarthome
type: Directory
name: postgres-dump
- persistentvolumeclaim:
claimname: smarthome-pod-postgres-data
name: postgres-data
- hostpath:
path: /etc/localtime
type: File
name: localtime

9
pods/smarthome/smarthome-secrets.yml
View file

@ -1,9 +0,0 @@
apiversion: v1
data:
volvo-mosquitto: <base64-secret>
volvo-url: <base64-secret>
postgres-password: <base64-secret>
kind: Secret
metadata:
creationtimestamp: null
name: smarthome-secrets