diff --git a/dotconfig/pods/ampel/ampel-pod.yml b/dotconfig/pods/ampel/ampel-pod.yml new file mode 100644 index 0000000..d0c2798 --- /dev/null +++ b/dotconfig/pods/ampel/ampel-pod.yml @@ -0,0 +1,174 @@ +apiversion: v1 +kind: Pod +metadata: + name: ampel-pod + annotations: + io.podman.annotations.infra.name: ampel-pod-infra +spec: + containers: +# - name: root +# image: +# env: +# - name: PORT +# value: 3000 +# ports: +# - containerport: 3000 +# hostport: +# protocol: TCP +# volumemounts: +# - name: localtime +# mountpath: /etc/localtime +# readonly: true + + - name: git + image: codeberg.org/forgejo/forgejo:9 + env: + - name: USER_UID + value: "1000" + - name: USER_GID + value: "1000" + - name: FORGEJO__database__DB_TYPE + value: "postgres" + - name: FORGEJO__database__HOST + value: "ampel-pod-postgres" + - name: FORGEJO__database__USER + value: "postgres" + - name: FORGEJO__database__PASSWD + valuefrom: + secretkeyref: + name: ampel-secrets + key: postgres-password + - name: FORGEJO__database__NAME + value: "forgejo" + ports: + - containerport: 3100 + hostport: + protocol: TCP + volumemounts: + - name: git-data + mountpath: /data + - name: localtime + mountpath: /etc/localtime + readonly: true + + - name: tailscale + image: ghcr.io/tailscale/tailscale:latest + env: + - name: TS_HOSTNAME + value: "ampel-pod" + - name: TS_AUTHKEY + value: "" + - name: TS_STATE_DIR + value: "/var/lib/tailscale" + - name: TS_EXTRA_ARGS + value: "--login-server=" + volumemounts: + - name: tailscale-lib + mountpath: /var/lib/tailscale + - name: localtime + mountpath: /etc/localtime + readonly: true + + - name: docs + image: git.ampel.dev/ampel/mkdocs-git:latest + env: + - name: GIT_REPO_URL + value: "" + - name: PORT + value: 3200 + ports: + - containerport: 3200 + hostport: + protocol: TCP + volumemounts: + - name: localtime + mountpath: /etc/localtime + readonly: true + + - name: blog + image: git.ampel.dev/ampel/mkdocs-git:latest + env: + - name: GIT_REPO_URL + value: "" + - name: PORT + value: 3300 + ports: + - containerport: 3300 + hostport: + protocol: TCP + volumemounts: + - name: localtime + mountpath: /etc/localtime + readonly: true + + - name: notes + image: quay.io/hedgedoc/hedgedoc:alpine + env: + - name: CMD_DB_URL + valuefrom: + secretkeyref: + name: ampel-secrets + key: postgres-url + - name: CMD_PORT + value: 3400 + - name: CMD_ALLOW_EMAIL_REGISTER + value: true + - name: CMD_DOMAIN + value: "" + - name: CMD_PROTOCOL_USESSL + value: true + - name: NODE_ENV + value: production + - name: CMD_IMAGE_UPLOAD_TYPE + value: filesystem + - name: UPLOADS_MODE + value: 0700 + ports: + - containerport: 3400 + hostport: + protocol: TCP + volumemounts: + - name: notes-uploads + mountpath: /hedgedoc/public/uploads + - name: localtime + mountpath: /etc/localtime + readonly: true + + - name: postgres + image: docker.io/library/postgres:16-alpine + env: + - name: POSTGRES_PASSWORD + valuefrom: + secretkeyref: + name: ampel-secrets + key: postgres-password + volumemounts: + - name: postgres-dump + mountpath: /dump + - name: postgres-data + mountpath: /var/lib/postgresql/data + - name: localtime + mountpath: /etc/localtime + readonly: true + + volumes: + - name: git-data + persistentvolumeclaim: + claimname: ampel-pod-git-data + - name: tailscale-lib + persistentvolumeclaim: + claimname: ampel-pod-tailscale-lib + - name: notes-uploads + persistentvolumeclaim: + claimname: ampel-pod-notes-uploads + - name: postgres-dump + hostpath: + path: $HOME/.dump/ampel + type: Directory + - name: postgres-data + persistentvolumeclaim: + claimname: ampel-pod-postgres-data + - name: localtime + hostpath: + path: /etc/localtime + type: File diff --git a/dotconfig/pods/ampel/ampel-secrets.yml b/dotconfig/pods/ampel/ampel-secrets.yml new file mode 100644 index 0000000..75453f0 --- /dev/null +++ b/dotconfig/pods/ampel/ampel-secrets.yml @@ -0,0 +1,8 @@ +apiversion: v1 +data: + postgres-password: + postgres-url: +kind: Secret +metadata: + creationtimestamp: null + name: ampel-secrets diff --git a/dotconfig/pods/bitwarden/bitwarden-pod.yml b/dotconfig/pods/bitwarden/bitwarden-pod.yml new file mode 100644 index 0000000..259a18c --- /dev/null +++ b/dotconfig/pods/bitwarden/bitwarden-pod.yml @@ -0,0 +1,60 @@ +apiversion: v1 +kind: Pod +metadata: + name: bitwarden-pod + annotations: + io.podman.annotations.infra.name: bitwarden-pod-infra +spec: + containers: + - name: vaultwarden + image: docker.io/vaultwarden/server:latest-alpine + env: + - name: SIGNUPS_ALLOWED + value: false + - name: DATABASE_URL + value: "" + - name: ROCKET_PORT + value: 3000 + ports: + - containerport: 3000 + hostport: + protocol: TCP + volumemounts: + - name: vaultwarden-data + mountpath: /data + - name: localtime + mountpath: /etc/localtime + readonly: true + + - name: postgres + image: docker.io/library/postgres:16-alpine + env: + - name: POSTGRES_PASSWORD + valuefrom: + secretkeyref: + name: bitwarden-secrets + key: postgres-password + volumemounts: + - name: postgres-dump + mountpath: /dump + - name: postgres-data + mountpath: /var/lib/postgresql/data + - name: localtime + mountpath: /etc/localtime + readonly: true + + volumes: + - name: vaultwarden-data + persistentvolumeclaim: + claimname: bitwarden-pod-vaultwarden-data + - name: postgres-dump + hostpath: + path: $HOME/.dump/bitwarden + type: Directory + - name: postgres-data + persistentvolumeclaim: + claimname: bitwarden-pod-postgres-data + - name: localtime + hostPath: + path: /etc/localtime + type: File diff --git a/dotconfig/pods/bitwarden/bitwarden-secrets.yml b/dotconfig/pods/bitwarden/bitwarden-secrets.yml new file mode 100644 index 0000000..14e3375 --- /dev/null +++ b/dotconfig/pods/bitwarden/bitwarden-secrets.yml @@ -0,0 +1,8 @@ +apiversion: v1 +data: + postgres-password: + postgres-url: +kind: Secret +metadata: + creationtimestamp: null + name: bitwarden-secrets diff --git a/dotconfig/pods/luc/luc-pod.yml b/dotconfig/pods/luc/luc-pod.yml new file mode 100644 index 0000000..920164b --- /dev/null +++ b/dotconfig/pods/luc/luc-pod.yml @@ -0,0 +1,134 @@ +apiversion: v1 +kind: Pod +metadata: + name: luc-pod + annotations: + io.podman.annotations.infra.name: luc-pod-infra +spec: + containers: +# - name: root +# image: +# env: +# - name: PORT +# value: 3000 +# ports: +# - containerport: 3000 +# hostport: +# protocol: TCP +# volumemounts: +# - name: localtime +# mountpath: /etc/localtime +# readonly: true + + - name: git + image: codeberg.org/forgejo/forgejo:9 + env: + - name: USER_UID + value: "1000" + - name: USER_GID + value: "1000" + - name: FORGEJO__database__DB_TYPE + value: "postgres" + - name: FORGEJO__database__HOST + value: "luc-pod-postgres" + - name: FORGEJO__database__USER + value: "postgres" + - name: FORGEJO__database__PASSWD + valuefrom: + secretkeyref: + name: luc-secrets + key: postgres-password + - name: FORGEJO__database__NAME + value: "forgejo" + ports: + - containerport: 3100 + hostport: + protocol: TCP + volumemounts: + - name: git-data + mountpath: /data + - name: localtime + mountpath: /etc/localtime + readonly: true + + - name: tailscale + image: ghcr.io/tailscale/tailscale:latest + env: + - name: TS_HOSTNAME + value: "luc-pod" + - name: TS_AUTHKEY + value: "" + - name: TS_STATE_DIR + value: "/var/lib/tailscale" + - name: TS_EXTRA_ARGS + value: "--login-server=" + volumemounts: + - name: tailscale-lib + mountpath: /var/lib/tailscale + - name: localtime + mountpath: /etc/localtime + readonly: true + +# - name: wiki +# image: git.ampel.dev/git-mkdocs:latest +# env: +# - name: GIT_REPO_URL +# value: "" +# - name: PORT +# value: 3200 +# ports: +# - containerport: 3200 +# hostport: +# protocol: TCP +# volumemounts: +# - name: localtime +# mountpath: /etc/localtime +# readonly: true + +# - name: blog +# ports: +# - containerport: 3300 +# hostport: +# protocol: TCP + +# - name: notes +# ports: +# - containerport: 3400 +# hostport: +# protocol: TCP + + - name: postgres + image: docker.io/library/postgres:16-alpine + env: + - name: POSTGRES_PASSWORD + valuefrom: + secretkeyref: + name: luc-secrets + key: postgres-password + volumemounts: + - name: postgres-dump + mountpath: /dump + - name: postgres-data + mountpath: /var/lib/postgresql/data + - name: localtime + mountpath: /etc/localtime + readonly: true + + volumes: + - name: git-data + persistentvolumeclaim: + claimname: luc-pod-git-data + - name: tailscale-lib + persistentvolumeclaim: + claimname: luc-pod-tailscale-lib + - name: postgres-dump + hostpath: + path: $HOME/.dump/luc + type: Directory + - name: postgres-data + persistentvolumeclaim: + claimname: luc-pod-postgres-data + - name: localtime + hostpath: + path: /etc/localtime + type: File diff --git a/dotconfig/pods/luc/luc-secrets.yml b/dotconfig/pods/luc/luc-secrets.yml new file mode 100644 index 0000000..686b484 --- /dev/null +++ b/dotconfig/pods/luc/luc-secrets.yml @@ -0,0 +1,7 @@ +apiversion: v1 +data: + postgres-password: +kind: Secret +metadata: + creationtimestamp: null + name: luc-secrets diff --git a/dotconfig/pods/matrix/matrix-pod.yml b/dotconfig/pods/matrix/matrix-pod.yml new file mode 100644 index 0000000..9a924fe --- /dev/null +++ b/dotconfig/pods/matrix/matrix-pod.yml @@ -0,0 +1,112 @@ +apiversion: v1 +kind: Pod +metadata: + name: matrix-pod + annotations: + io.podman.annotations.infra.name: matrix-pod-infra +spec: + containers: + - name: dendrite + image: ghcr.io/element-hq/dendrite-monolith:latest + ports: + - containerport: 8008 + hostport: + protocol: TCP + - containerport: 8448 + hostport: 8448 + protocol: TCP + volumemounts: + - name: dendrite-config + mountpath: /etc/dendrite + - name: dendrite-media + mountpath: /var/dendrite/media + - name: dendrite-jetstream + mountpath: /var/dendrite/jetstream + - name: dendrite-searchindex + mountpath: /var/dendrite/searchindex + - name: localtime + mountpath: /etc/localtime + readonly: true + + - name: mautrix-whatsapp + image: dock.mau.dev/mautrix/whatsapp:latest + command: + - /usr/bin/mautrix-whatsapp + - -c + - /data/config.yaml + - -r + - /data/registration.yaml + - --ignore-unsupported-server + volumemounts: + - name: mautrix-whatsapp-config + mountpath: /data + - name: localtime + mountpath: /etc/localtime + readonly: true + + - name: mautrix-signal + image: dock.mau.dev/mautrix/signal:latest + command: + - /usr/bin/mautrix-signal + - -c + - /data/config.yaml + - -r + - /data/registration.yaml + - --ignore-unsupported-server + volumemounts: + - name: mautrix-signal-config + mountpath: /data + - name: localtime + mountpath: /etc/localtime + readonly: true + + - name: postgres + image: docker.io/library/postgres:16-alpine + env: + - name: POSTGRES_PASSWORD + valuefrom: + secretkeyref: + name: matrix-secrets + key: postgres-password + volumemounts: + - name: postgres-dump + mountpath: /dump + - name: postgres-data + mountpath: /var/lib/postgresql/data + - name: localtime + mountpath: /etc/localtime + readonly: true + + volumes: + - name: dendrite-config + hostpath: + path: $HOME/.config/pods/matrix/dendrite-config + type: Directory + - name: dendrite-media + persistentvolumeclaim: + claimname: matrix-pod-dendrite-media + - name: dendrite-jetstream + persistentvolumeclaim: + claimname: matrix-pod-dendrite-jetstream + - name: dendrite-searchindex + persistentvolumeclaim: + claimname: matrix-pod-dendrite-searchindex + - name: mautrix-whatsapp-config + hostpath: + path: $HOME/.config/pods/matrix/mautrix-whatsapp-config + type: Directory + - name: mautrix-signal-config + hostpath: + path: $HOME/.config/pods/matrix/mautrix-signal-config + type: Directory + - name: postgres-dump + hostpath: + path: $HOME/.dump/matrix + type: Directory + - name: postgres-data + persistentvolumeclaim: + claimname: matrix-pod-postgres-data + - name: localtime + hostpath: + path: /etc/localtime + type: File diff --git a/dotconfig/pods/matrix/matrix-secrets.yml b/dotconfig/pods/matrix/matrix-secrets.yml new file mode 100644 index 0000000..16d3430 --- /dev/null +++ b/dotconfig/pods/matrix/matrix-secrets.yml @@ -0,0 +1,7 @@ +apiversion: v1 +data: + postgres-password: +kind: Secret +metadata: + creationtimestamp: null + name: matrix-secrets diff --git a/dotconfig/pods/media/media-pod.yml b/dotconfig/pods/media/media-pod.yml new file mode 100644 index 0000000..c838b73 --- /dev/null +++ b/dotconfig/pods/media/media-pod.yml @@ -0,0 +1,47 @@ +apiversion: v1 +kind: Pod +metadata: + name: media-pod + annotations: + io.podman.annotations.infra.name: media-pod-infra +spec: + containers: + - name: jellyfin + image: docker.io/jellyfin/jellyfin:latest + securitycontext: + runasgroup: 1000 + runasuser: 1000 + env: + - name: JELLYFIN_PublishedServerUrl + value: "" + ports: + - containerport: 8096 + hostport: + protocol: TCP + volumemounts: + - name: jellyfin-config + mountpath: /config + - name: jellyfin-cache + mountpath: /cache + - name: jellyfin-media + mountpath: /media + readonly: true + - name: localtime + mountpath: /etc/localtime + readonly: true + + volumes: + - name: jellyfin-config + persistentvolumeclaim: + claimname: media-pod-jellyfin-config + - name: jellyfin-media + hostpath: + path: $HOME/.local/share/media + type: Directory + - name: jellyfin-cache + persistentvolumeclaim: + claimname: media-pod-jellyfin-cache + - name: localtime + hostpath: + path: /etc/localtime + type: File diff --git a/dotconfig/pods/share/share-pod.yml b/dotconfig/pods/share/share-pod.yml new file mode 100644 index 0000000..4c4c935 --- /dev/null +++ b/dotconfig/pods/share/share-pod.yml @@ -0,0 +1,34 @@ +apiversion: v1 +kind: Pod +metadata: + name: share-pod + annotations: + io.podman.annotations.infra.name: share-pod-infra +spec: + containers: + - name: picoshare + image: docker.io/mtlynch/picoshare:latest + env: + - name: PS_SHARED_SECRET + value: "" + - name: PORT + value: 3000 + ports: + - containerport: 3000 + hostport: + protocol: TCP + volumemounts: + - name: picoshare-data + mountpath: /data + - name: localtime + mountpath: /etc/localtime + readonly: true + + volumes: + - name: picoshare-data + persistentvolumeclaim: + claimname: share-pod-picoshare-data + - name: localtime + hostpath: + path: /etc/localtime + type: File diff --git a/dotconfig/pods/share/share-secrets.yml b/dotconfig/pods/share/share-secrets.yml new file mode 100644 index 0000000..eeaab7d --- /dev/null +++ b/dotconfig/pods/share/share-secrets.yml @@ -0,0 +1,7 @@ +apiversion: v1 +data: + picoshare-password: +kind: Secret +metadata: + creationtimestamp: null + name: share-secrets diff --git a/dotconfig/pods/smarthome/smarthome-pod.yml b/dotconfig/pods/smarthome/smarthome-pod.yml new file mode 100644 index 0000000..40bf07b --- /dev/null +++ b/dotconfig/pods/smarthome/smarthome-pod.yml @@ -0,0 +1,112 @@ +apiversion: v1 +kind: Pod +metadata: + name: smarthome-pod + annotations: + io.podman.annotations.infra.name: smarthome-pod-infra + run.oci.keep_original_groups: 1 +spec: + containers: + - name: home-assistant + image: ghcr.io/home-assistant/home-assistant:latest + ports: + - containerport: 3000 + hostport: + protocol: TCP + volumemounts: + - name: home-assistant-config + mountpath: /config + - name: home-assistant-usb0 + mountpath: /dev/ttyUSB0 + - name: home-assistant-usb1 + mountpath: /dev/ttyUSB1 + - name: localtime + mountpath: /etc/localtime + readonly: true + + - name: mosquitto + image: docker.io/eclipse-mosquitto:latest + ports: + - containerport: 1883 + hostport: 1883 + protocol: TCP + volumemounts: + - name: mosquitto-config + mountpath: /mosquitto/config + - name: mosquitto-data + mountpath: /mosquitto/data + - name: mosquitto-log + mountpath: /mosquitto/log + - name: localtime + mountpath: /etc/localtime + readonly: true + + - name: esphome + image: docker.io/esphome/esphome:latest + env: + - name: USERNAME + value: "" + - name: PASSWORD + value: "" + ports: + - containerport: 6052 + hostport: 6052 + protocol: TCP + volumemounts: + - name: esphome-config + mountpath: /config + - name: localtime + mountpath: /etc/localtime + readonly: true + + - name: postgres + image: docker.io/library/postgres:16-alpine + env: + - name: POSTGRES_PASSWORD + valuefrom: + secretkeyref: + name: smarthome-secrets + key: postgres-password + volumemounts: + - name: postgres-dump + mountpath: /dump + - name: postgres-data + mountpath: /var/lib/postgresql/data + - name: localtime + mountpath: /etc/localtime + readonly: true + + volumes: + - name: home-assistant-config + hostpath: + path: $HOME/.config/pods/smarthome/home-assistant-config + type: Directory + - name: home-assistant-usb0 + hostpath: + path: /dev/ttyUSB0 + type: File + - name: home-assistant-usb1 + hostpath: + path: /dev/ttyUSB1 + type: File + - name: mosquitto-config + hostpath: + path: $HOME/.config/pods/smarthome/mosquitto-config + type: Directory + - name: mosquitto-data + persistentvolumeclaim: + claimname: smarthome-pod-mosquitto-data + - name: mosquitto-log + persistentvolumeclaim: + claimname: smarthome-pod-mosquitto-log + - name: postgres-dump + hostpath: + path: $HOME/.dump/smarthome + type: Directory + - name: postgres-data + persistentvolumeclaim: + claimname: smarthome-pod-postgres-data + - name: localtime + hostpath: + path: /etc/localtime + type: File diff --git a/dotconfig/pods/smarthome/smarthome-secrets.yml b/dotconfig/pods/smarthome/smarthome-secrets.yml new file mode 100644 index 0000000..b46a1e1 --- /dev/null +++ b/dotconfig/pods/smarthome/smarthome-secrets.yml @@ -0,0 +1,7 @@ +apiversion: v1 +data: + postgres-password: +kind: Secret +metadata: + creationtimestamp: null + name: smarthome-secrets diff --git a/dotconfig/pods/tailscale/tailscale-pod.yml b/dotconfig/pods/tailscale/tailscale-pod.yml new file mode 100644 index 0000000..6d0da1a --- /dev/null +++ b/dotconfig/pods/tailscale/tailscale-pod.yml @@ -0,0 +1,38 @@ +apiversion: v1 +kind: Pod +metadata: + name: tailscale-pod + annotations: + io.podman.annotations.infra.name: tailscale-pod-infra +spec: + containers: + - name: headscale + image: docker.io/headscale/headscale:0.26 + command: + - headscale + - serve + ports: + - containerport: 8080 + hostport: + protocol: TCP + volumemounts: + - name: headscale-config + mountpath: /etc/headscale + - name: headscale-lib + mountpath: /var/lib/headscale + - name: localtime + mountpath: /etc/localtime + readonly: true + + volumes: + - name: headscale-config + hostpath: + path: $HOME/.config/pods/tailscale/headscale-config + type: Directory + - name: headscale-lib + persistentvolumeclaim: + claimname: tailscale-pod-headscale-lib + - name: localtime + hostpath: + path: /etc/localtime + type: File