luc/alpine-server
1
0
Fork 0
Code Issues Pull requests Activity

dotconfig/pods: add

Browse source
This commit is contained in:
Luc Bijl 2025-08-17 15:02:06 +02:00
parent 679647542d
commit 2e05501c92
14 changed files with 755 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

174
dotconfig/pods/ampel/ampel-pod.yml Normal file
View file

@ -0,0 +1,174 @@
apiversion: v1
kind: Pod
metadata:
name: ampel-pod
annotations:
io.podman.annotations.infra.name: ampel-pod-infra
spec:
containers:
# - name: root
# image:
# env:
# - name: PORT
# value: 3000
# ports:
# - containerport: 3000
# hostport:
# protocol: TCP
# volumemounts:
# - name: localtime
# mountpath: /etc/localtime
# readonly: true
- name: git
image: codeberg.org/forgejo/forgejo:9
env:
- name: USER_UID
value: "1000"
- name: USER_GID
value: "1000"
- name: FORGEJO__database__DB_TYPE
value: "postgres"
- name: FORGEJO__database__HOST
value: "ampel-pod-postgres"
- name: FORGEJO__database__USER
value: "postgres"
- name: FORGEJO__database__PASSWD
valuefrom:
secretkeyref:
name: ampel-secrets
key: postgres-password
- name: FORGEJO__database__NAME
value: "forgejo"
ports:
- containerport: 3100
hostport:
protocol: TCP
volumemounts:
- name: git-data
mountpath: /data
- name: localtime
mountpath: /etc/localtime
readonly: true
- name: tailscale
image: ghcr.io/tailscale/tailscale:latest
env:
- name: TS_HOSTNAME
value: "ampel-pod"
- name: TS_AUTHKEY
value: ""
- name: TS_STATE_DIR
value: "/var/lib/tailscale"
- name: TS_EXTRA_ARGS
value: "--login-server="
volumemounts:
- name: tailscale-lib
mountpath: /var/lib/tailscale
- name: localtime
mountpath: /etc/localtime
readonly: true
- name: docs
image: git.ampel.dev/ampel/mkdocs-git:latest
env:
- name: GIT_REPO_URL
value: ""
- name: PORT
value: 3200
ports:
- containerport: 3200
hostport:
protocol: TCP
volumemounts:
- name: localtime
mountpath: /etc/localtime
readonly: true
- name: blog
image: git.ampel.dev/ampel/mkdocs-git:latest
env:
- name: GIT_REPO_URL
value: ""
- name: PORT
value: 3300
ports:
- containerport: 3300
hostport:
protocol: TCP
volumemounts:
- name: localtime
mountpath: /etc/localtime
readonly: true
- name: notes
image: quay.io/hedgedoc/hedgedoc:alpine
env:
- name: CMD_DB_URL
valuefrom:
secretkeyref:
name: ampel-secrets
key: postgres-url
- name: CMD_PORT
value: 3400
- name: CMD_ALLOW_EMAIL_REGISTER
value: true
- name: CMD_DOMAIN
value: ""
- name: CMD_PROTOCOL_USESSL
value: true
- name: NODE_ENV
value: production
- name: CMD_IMAGE_UPLOAD_TYPE
value: filesystem
- name: UPLOADS_MODE
value: 0700
ports:
- containerport: 3400
hostport:
protocol: TCP
volumemounts:
- name: notes-uploads
mountpath: /hedgedoc/public/uploads
- name: localtime
mountpath: /etc/localtime
readonly: true
- name: postgres
image: docker.io/library/postgres:16-alpine
env:
- name: POSTGRES_PASSWORD
valuefrom:
secretkeyref:
name: ampel-secrets
key: postgres-password
volumemounts:
- name: postgres-dump
mountpath: /dump
- name: postgres-data
mountpath: /var/lib/postgresql/data
- name: localtime
mountpath: /etc/localtime
readonly: true
volumes:
- name: git-data
persistentvolumeclaim:
claimname: ampel-pod-git-data
- name: tailscale-lib
persistentvolumeclaim:
claimname: ampel-pod-tailscale-lib
- name: notes-uploads
persistentvolumeclaim:
claimname: ampel-pod-notes-uploads
- name: postgres-dump
hostpath:
path: $HOME/.dump/ampel
type: Directory
- name: postgres-data
persistentvolumeclaim:
claimname: ampel-pod-postgres-data
- name: localtime
hostpath:
path: /etc/localtime
type: File

8
dotconfig/pods/ampel/ampel-secrets.yml Normal file
View file

@ -0,0 +1,8 @@
apiversion: v1
data:
postgres-password:
postgres-url:
kind: Secret
metadata:
creationtimestamp: null
name: ampel-secrets

60
dotconfig/pods/bitwarden/bitwarden-pod.yml Normal file
View file

@ -0,0 +1,60 @@
apiversion: v1
kind: Pod
metadata:
name: bitwarden-pod
annotations:
io.podman.annotations.infra.name: bitwarden-pod-infra
spec:
containers:
- name: vaultwarden
image: docker.io/vaultwarden/server:latest-alpine
env:
- name: SIGNUPS_ALLOWED
value: false
- name: DATABASE_URL
value: ""
- name: ROCKET_PORT
value: 3000
ports:
- containerport: 3000
hostport:
protocol: TCP
volumemounts:
- name: vaultwarden-data
mountpath: /data
- name: localtime
mountpath: /etc/localtime
readonly: true
- name: postgres
image: docker.io/library/postgres:16-alpine
env:
- name: POSTGRES_PASSWORD
valuefrom:
secretkeyref:
name: bitwarden-secrets
key: postgres-password
volumemounts:
- name: postgres-dump
mountpath: /dump
- name: postgres-data
mountpath: /var/lib/postgresql/data
- name: localtime
mountpath: /etc/localtime
readonly: true
volumes:
- name: vaultwarden-data
persistentvolumeclaim:
claimname: bitwarden-pod-vaultwarden-data
- name: postgres-dump
hostpath:
path: $HOME/.dump/bitwarden
type: Directory
- name: postgres-data
persistentvolumeclaim:
claimname: bitwarden-pod-postgres-data
- name: localtime
hostPath:
path: /etc/localtime
type: File

8
dotconfig/pods/bitwarden/bitwarden-secrets.yml Normal file
View file

@ -0,0 +1,8 @@
apiversion: v1
data:
postgres-password:
postgres-url:
kind: Secret
metadata:
creationtimestamp: null
name: bitwarden-secrets

134
dotconfig/pods/luc/luc-pod.yml Normal file
View file

@ -0,0 +1,134 @@
apiversion: v1
kind: Pod
metadata:
name: luc-pod
annotations:
io.podman.annotations.infra.name: luc-pod-infra
spec:
containers:
# - name: root
# image:
# env:
# - name: PORT
# value: 3000
# ports:
# - containerport: 3000
# hostport:
# protocol: TCP
# volumemounts:
# - name: localtime
# mountpath: /etc/localtime
# readonly: true
- name: git
image: codeberg.org/forgejo/forgejo:9
env:
- name: USER_UID
value: "1000"
- name: USER_GID
value: "1000"
- name: FORGEJO__database__DB_TYPE
value: "postgres"
- name: FORGEJO__database__HOST
value: "luc-pod-postgres"
- name: FORGEJO__database__USER
value: "postgres"
- name: FORGEJO__database__PASSWD
valuefrom:
secretkeyref:
name: luc-secrets
key: postgres-password
- name: FORGEJO__database__NAME
value: "forgejo"
ports:
- containerport: 3100
hostport:
protocol: TCP
volumemounts:
- name: git-data
mountpath: /data
- name: localtime
mountpath: /etc/localtime
readonly: true
- name: tailscale
image: ghcr.io/tailscale/tailscale:latest
env:
- name: TS_HOSTNAME
value: "luc-pod"
- name: TS_AUTHKEY
value: ""
- name: TS_STATE_DIR
value: "/var/lib/tailscale"
- name: TS_EXTRA_ARGS
value: "--login-server="
volumemounts:
- name: tailscale-lib
mountpath: /var/lib/tailscale
- name: localtime
mountpath: /etc/localtime
readonly: true
# - name: wiki
# image: git.ampel.dev/git-mkdocs:latest
# env:
# - name: GIT_REPO_URL
# value: ""
# - name: PORT
# value: 3200
# ports:
# - containerport: 3200
# hostport:
# protocol: TCP
# volumemounts:
# - name: localtime
# mountpath: /etc/localtime
# readonly: true
# - name: blog
# ports:
# - containerport: 3300
# hostport:
# protocol: TCP
# - name: notes
# ports:
# - containerport: 3400
# hostport:
# protocol: TCP
- name: postgres
image: docker.io/library/postgres:16-alpine
env:
- name: POSTGRES_PASSWORD
valuefrom:
secretkeyref:
name: luc-secrets
key: postgres-password
volumemounts:
- name: postgres-dump
mountpath: /dump
- name: postgres-data
mountpath: /var/lib/postgresql/data
- name: localtime
mountpath: /etc/localtime
readonly: true
volumes:
- name: git-data
persistentvolumeclaim:
claimname: luc-pod-git-data
- name: tailscale-lib
persistentvolumeclaim:
claimname: luc-pod-tailscale-lib
- name: postgres-dump
hostpath:
path: $HOME/.dump/luc
type: Directory
- name: postgres-data
persistentvolumeclaim:
claimname: luc-pod-postgres-data
- name: localtime
hostpath:
path: /etc/localtime
type: File

7
dotconfig/pods/luc/luc-secrets.yml Normal file
View file

@ -0,0 +1,7 @@
apiversion: v1
data:
postgres-password:
kind: Secret
metadata:
creationtimestamp: null
name: luc-secrets

112
dotconfig/pods/matrix/matrix-pod.yml Normal file
View file

@ -0,0 +1,112 @@
apiversion: v1
kind: Pod
metadata:
name: matrix-pod
annotations:
io.podman.annotations.infra.name: matrix-pod-infra
spec:
containers:
- name: dendrite
image: ghcr.io/element-hq/dendrite-monolith:latest
ports:
- containerport: 8008
hostport:
protocol: TCP
- containerport: 8448
hostport: 8448
protocol: TCP
volumemounts:
- name: dendrite-config
mountpath: /etc/dendrite
- name: dendrite-media
mountpath: /var/dendrite/media
- name: dendrite-jetstream
mountpath: /var/dendrite/jetstream
- name: dendrite-searchindex
mountpath: /var/dendrite/searchindex
- name: localtime
mountpath: /etc/localtime
readonly: true
- name: mautrix-whatsapp
image: dock.mau.dev/mautrix/whatsapp:latest
command:
- /usr/bin/mautrix-whatsapp
- -c
- /data/config.yaml
- -r
- /data/registration.yaml
- --ignore-unsupported-server
volumemounts:
- name: mautrix-whatsapp-config
mountpath: /data
- name: localtime
mountpath: /etc/localtime
readonly: true
- name: mautrix-signal
image: dock.mau.dev/mautrix/signal:latest
command:
- /usr/bin/mautrix-signal
- -c
- /data/config.yaml
- -r
- /data/registration.yaml
- --ignore-unsupported-server
volumemounts:
- name: mautrix-signal-config
mountpath: /data
- name: localtime
mountpath: /etc/localtime
readonly: true
- name: postgres
image: docker.io/library/postgres:16-alpine
env:
- name: POSTGRES_PASSWORD
valuefrom:
secretkeyref:
name: matrix-secrets
key: postgres-password
volumemounts:
- name: postgres-dump
mountpath: /dump
- name: postgres-data
mountpath: /var/lib/postgresql/data
- name: localtime
mountpath: /etc/localtime
readonly: true
volumes:
- name: dendrite-config
hostpath:
path: $HOME/.config/pods/matrix/dendrite-config
type: Directory
- name: dendrite-media
persistentvolumeclaim:
claimname: matrix-pod-dendrite-media
- name: dendrite-jetstream
persistentvolumeclaim:
claimname: matrix-pod-dendrite-jetstream
- name: dendrite-searchindex
persistentvolumeclaim:
claimname: matrix-pod-dendrite-searchindex
- name: mautrix-whatsapp-config
hostpath:
path: $HOME/.config/pods/matrix/mautrix-whatsapp-config
type: Directory
- name: mautrix-signal-config
hostpath:
path: $HOME/.config/pods/matrix/mautrix-signal-config
type: Directory
- name: postgres-dump
hostpath:
path: $HOME/.dump/matrix
type: Directory
- name: postgres-data
persistentvolumeclaim:
claimname: matrix-pod-postgres-data
- name: localtime
hostpath:
path: /etc/localtime
type: File

7
dotconfig/pods/matrix/matrix-secrets.yml Normal file
View file

@ -0,0 +1,7 @@
apiversion: v1
data:
postgres-password:
kind: Secret
metadata:
creationtimestamp: null
name: matrix-secrets

47
dotconfig/pods/media/media-pod.yml Normal file
View file

@ -0,0 +1,47 @@
apiversion: v1
kind: Pod
metadata:
name: media-pod
annotations:
io.podman.annotations.infra.name: media-pod-infra
spec:
containers:
- name: jellyfin
image: docker.io/jellyfin/jellyfin:latest
securitycontext:
runasgroup: 1000
runasuser: 1000
env:
- name: JELLYFIN_PublishedServerUrl
value: ""
ports:
- containerport: 8096
hostport:
protocol: TCP
volumemounts:
- name: jellyfin-config
mountpath: /config
- name: jellyfin-cache
mountpath: /cache
- name: jellyfin-media
mountpath: /media
readonly: true
- name: localtime
mountpath: /etc/localtime
readonly: true
volumes:
- name: jellyfin-config
persistentvolumeclaim:
claimname: media-pod-jellyfin-config
- name: jellyfin-media
hostpath:
path: $HOME/.local/share/media
type: Directory
- name: jellyfin-cache
persistentvolumeclaim:
claimname: media-pod-jellyfin-cache
- name: localtime
hostpath:
path: /etc/localtime
type: File

34
dotconfig/pods/share/share-pod.yml Normal file
View file

@ -0,0 +1,34 @@
apiversion: v1
kind: Pod
metadata:
name: share-pod
annotations:
io.podman.annotations.infra.name: share-pod-infra
spec:
containers:
- name: picoshare
image: docker.io/mtlynch/picoshare:latest
env:
- name: PS_SHARED_SECRET
value: ""
- name: PORT
value: 3000
ports:
- containerport: 3000
hostport:
protocol: TCP
volumemounts:
- name: picoshare-data
mountpath: /data
- name: localtime
mountpath: /etc/localtime
readonly: true
volumes:
- name: picoshare-data
persistentvolumeclaim:
claimname: share-pod-picoshare-data
- name: localtime
hostpath:
path: /etc/localtime
type: File

7
dotconfig/pods/share/share-secrets.yml Normal file
View file

@ -0,0 +1,7 @@
apiversion: v1
data:
picoshare-password:
kind: Secret
metadata:
creationtimestamp: null
name: share-secrets

112
dotconfig/pods/smarthome/smarthome-pod.yml Normal file
View file

@ -0,0 +1,112 @@
apiversion: v1
kind: Pod
metadata:
name: smarthome-pod
annotations:
io.podman.annotations.infra.name: smarthome-pod-infra
run.oci.keep_original_groups: 1
spec:
containers:
- name: home-assistant
image: ghcr.io/home-assistant/home-assistant:latest
ports:
- containerport: 3000
hostport:
protocol: TCP
volumemounts:
- name: home-assistant-config
mountpath: /config
- name: home-assistant-usb0
mountpath: /dev/ttyUSB0
- name: home-assistant-usb1
mountpath: /dev/ttyUSB1
- name: localtime
mountpath: /etc/localtime
readonly: true
- name: mosquitto
image: docker.io/eclipse-mosquitto:latest
ports:
- containerport: 1883
hostport: 1883
protocol: TCP
volumemounts:
- name: mosquitto-config
mountpath: /mosquitto/config
- name: mosquitto-data
mountpath: /mosquitto/data
- name: mosquitto-log
mountpath: /mosquitto/log
- name: localtime
mountpath: /etc/localtime
readonly: true
- name: esphome
image: docker.io/esphome/esphome:latest
env:
- name: USERNAME
value: ""
- name: PASSWORD
value: ""
ports:
- containerport: 6052
hostport: 6052
protocol: TCP
volumemounts:
- name: esphome-config
mountpath: /config
- name: localtime
mountpath: /etc/localtime
readonly: true
- name: postgres
image: docker.io/library/postgres:16-alpine
env:
- name: POSTGRES_PASSWORD
valuefrom:
secretkeyref:
name: smarthome-secrets
key: postgres-password
volumemounts:
- name: postgres-dump
mountpath: /dump
- name: postgres-data
mountpath: /var/lib/postgresql/data
- name: localtime
mountpath: /etc/localtime
readonly: true
volumes:
- name: home-assistant-config
hostpath:
path: $HOME/.config/pods/smarthome/home-assistant-config
type: Directory
- name: home-assistant-usb0
hostpath:
path: /dev/ttyUSB0
type: File
- name: home-assistant-usb1
hostpath:
path: /dev/ttyUSB1
type: File
- name: mosquitto-config
hostpath:
path: $HOME/.config/pods/smarthome/mosquitto-config
type: Directory
- name: mosquitto-data
persistentvolumeclaim:
claimname: smarthome-pod-mosquitto-data
- name: mosquitto-log
persistentvolumeclaim:
claimname: smarthome-pod-mosquitto-log
- name: postgres-dump
hostpath:
path: $HOME/.dump/smarthome
type: Directory
- name: postgres-data
persistentvolumeclaim:
claimname: smarthome-pod-postgres-data
- name: localtime
hostpath:
path: /etc/localtime
type: File

7
dotconfig/pods/smarthome/smarthome-secrets.yml Normal file
View file

@ -0,0 +1,7 @@
apiversion: v1
data:
postgres-password:
kind: Secret
metadata:
creationtimestamp: null
name: smarthome-secrets

38
dotconfig/pods/tailscale/tailscale-pod.yml Normal file
View file

@ -0,0 +1,38 @@
apiversion: v1
kind: Pod
metadata:
name: tailscale-pod
annotations:
io.podman.annotations.infra.name: tailscale-pod-infra
spec:
containers:
- name: headscale
image: docker.io/headscale/headscale:0.26
command:
- headscale
- serve
ports:
- containerport: 8080
hostport:
protocol: TCP
volumemounts:
- name: headscale-config
mountpath: /etc/headscale
- name: headscale-lib
mountpath: /var/lib/headscale
- name: localtime
mountpath: /etc/localtime
readonly: true
volumes:
- name: headscale-config
hostpath:
path: $HOME/.config/pods/tailscale/headscale-config
type: Directory
- name: headscale-lib
persistentvolumeclaim:
claimname: tailscale-pod-headscale-lib
- name: localtime
hostpath:
path: /etc/localtime
type: File