From a6901b271be498a94e91cb018a172a1033e55f68 Mon Sep 17 00:00:00 2001 From: Luc Bijl Date: Sun, 17 Aug 2025 13:53:25 +0200 Subject: [PATCH 1/7] README.md: update --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f64ac1a..fc6b1ac 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,3 @@ -# Alpine-server +# alpine-server -Guides and configuration files of my Alpine server install. \ No newline at end of file +Configuration files of my server Alpine Linux operating system. From b8669e3b00eb70b47f011ee5cc551464799c8227 Mon Sep 17 00:00:00 2001 From: Luc Bijl Date: Sun, 17 Aug 2025 14:04:53 +0200 Subject: [PATCH 2/7] containerfiles: remove --- .../git-mkdocs-wiki/default.conf.env | 15 ----------- .../git-mkdocs-wiki/git-mkdocs-wiki | 10 -------- .../git-mkdocs-wiki.containerfile | 25 ------------------- containerfiles/git-mkdocs-wiki/root | 3 --- containerfiles/git-mkdocs/default.conf.env | 15 ----------- containerfiles/git-mkdocs/git-mkdocs | 6 ----- .../git-mkdocs/git-mkdocs.containerfile | 25 ------------------- containerfiles/git-mkdocs/root | 3 --- 8 files changed, 102 deletions(-) delete mode 100644 containerfiles/git-mkdocs-wiki/default.conf.env delete mode 100644 containerfiles/git-mkdocs-wiki/git-mkdocs-wiki delete mode 100644 containerfiles/git-mkdocs-wiki/git-mkdocs-wiki.containerfile delete mode 100644 containerfiles/git-mkdocs-wiki/root delete mode 100644 containerfiles/git-mkdocs/default.conf.env delete mode 100644 containerfiles/git-mkdocs/git-mkdocs delete mode 100644 containerfiles/git-mkdocs/git-mkdocs.containerfile delete mode 100644 containerfiles/git-mkdocs/root diff --git a/containerfiles/git-mkdocs-wiki/default.conf.env b/containerfiles/git-mkdocs-wiki/default.conf.env deleted file mode 100644 index 5111323..0000000 --- a/containerfiles/git-mkdocs-wiki/default.conf.env +++ /dev/null @@ -1,15 +0,0 @@ -server { - listen $PORT; - listen [::]:${PORT}; - server_name localhost; - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - - error_page 500 502 503 504 /50x.html; - location = /50.html { - root /usr/share/nginx/html; - } -} \ No newline at end of file diff --git a/containerfiles/git-mkdocs-wiki/git-mkdocs-wiki b/containerfiles/git-mkdocs-wiki/git-mkdocs-wiki deleted file mode 100644 index e9a7dc5..0000000 --- a/containerfiles/git-mkdocs-wiki/git-mkdocs-wiki +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - -exec 2>&1 -find /mkdocs/repo || git clone $GIT_REPO_URL /mkdocs/repo -cd /mkdocs/repo && git pull - -for lang in $WIKI_LANG -do - mkdocs build -f /mkdocs/repo/config/${lang}/mkdocs.yml -d /usr/share/nginx/html/${lang} -done \ No newline at end of file diff --git a/containerfiles/git-mkdocs-wiki/git-mkdocs-wiki.containerfile b/containerfiles/git-mkdocs-wiki/git-mkdocs-wiki.containerfile deleted file mode 100644 index dbbf612..0000000 --- a/containerfiles/git-mkdocs-wiki/git-mkdocs-wiki.containerfile +++ /dev/null @@ -1,25 +0,0 @@ -FROM nginx:alpine - -ENV PORT="80" -COPY default.conf.env /etc/nginx/conf.d/default.conf.env - -RUN apk add envsubst \ - && touch /docker-entrypoint.d/port.sh \ - && echo "exec envsubst < /etc/nginx/conf.d/default.conf.env > /etc/nginx/conf.d/default.conf && nginx -s reload" > /docker-entrypoint.d/port.sh \ - && chmod 776 /docker-entrypoint.d/port.sh - -RUN apk add git \ - && apk add mkdocs \ - && apk add mkdocs-material \ - && apk add py3-regex - -RUN mkdir /mkdocs -WORKDIR /mkdocs - -COPY root /etc/crontabs/root -COPY git-mkdocs-wiki /bin/git-mkdocs-wiki -RUN chmod 744 /bin/git-mkdocs-wiki - -RUN touch /docker-entrypoint.d/cron.sh \ - && echo "exec crond" > /docker-entrypoint.d/cron.sh \ - && chmod 776 /docker-entrypoint.d/cron.sh \ No newline at end of file diff --git a/containerfiles/git-mkdocs-wiki/root b/containerfiles/git-mkdocs-wiki/root deleted file mode 100644 index aace2f3..0000000 --- a/containerfiles/git-mkdocs-wiki/root +++ /dev/null @@ -1,3 +0,0 @@ -# do daily/weekly/monthly maintanance -# min hour day month weekday command -* * * * * git-mkdocs-wiki \ No newline at end of file diff --git a/containerfiles/git-mkdocs/default.conf.env b/containerfiles/git-mkdocs/default.conf.env deleted file mode 100644 index 5111323..0000000 --- a/containerfiles/git-mkdocs/default.conf.env +++ /dev/null @@ -1,15 +0,0 @@ -server { - listen $PORT; - listen [::]:${PORT}; - server_name localhost; - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - - error_page 500 502 503 504 /50x.html; - location = /50.html { - root /usr/share/nginx/html; - } -} \ No newline at end of file diff --git a/containerfiles/git-mkdocs/git-mkdocs b/containerfiles/git-mkdocs/git-mkdocs deleted file mode 100644 index 60a65d9..0000000 --- a/containerfiles/git-mkdocs/git-mkdocs +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - -exec 2>&1 -find /mkdocs/repo || git clone $GIT_REPO_URL /mkdocs/repo -cd /mkdocs/repo && git pull -exec mkdocs build -f /mkdocs/repo/mkdocs.yml -d /usr/share/nginx/html \ No newline at end of file diff --git a/containerfiles/git-mkdocs/git-mkdocs.containerfile b/containerfiles/git-mkdocs/git-mkdocs.containerfile deleted file mode 100644 index 1d02ab4..0000000 --- a/containerfiles/git-mkdocs/git-mkdocs.containerfile +++ /dev/null @@ -1,25 +0,0 @@ -FROM nginx:alpine - -ENV PORT="80" -COPY default.conf.env /etc/nginx/conf.d/default.conf.env - -RUN apk add envsubst \ - && touch /docker-entrypoint.d/port.sh \ - && echo "exec envsubst < /etc/nginx/conf.d/default.conf.env > /etc/nginx/conf.d/default.conf && nginx -s reload" > /docker-entrypoint.d/port.sh \ - && chmod 776 /docker-entrypoint.d/port.sh - -RUN apk add git \ - && apk add mkdocs \ - && apk add mkdocs-material \ - && apk add py3-regex - -RUN mkdir /mkdocs -WORKDIR /mkdocs - -COPY root /etc/crontabs/root -COPY git-mkdocs /bin/git-mkdocs -RUN chmod 744 /bin/git-mkdocs - -RUN touch /docker-entrypoint.d/cron.sh \ - && echo "exec crond" > /docker-entrypoint.d/cron.sh \ - && chmod 776 /docker-entrypoint.d/cron.sh \ No newline at end of file diff --git a/containerfiles/git-mkdocs/root b/containerfiles/git-mkdocs/root deleted file mode 100644 index d260f99..0000000 --- a/containerfiles/git-mkdocs/root +++ /dev/null @@ -1,3 +0,0 @@ -# do daily/weekly/monthly maintanance -# min hour day month weekday command -* * * * * git-mkdocs \ No newline at end of file From 0cc125394f609aecf50daaefd10d267549b7b7d2 Mon Sep 17 00:00:00 2001 From: Luc Bijl Date: Sun, 17 Aug 2025 15:00:35 +0200 Subject: [PATCH 3/7] change folder layout --- bin/load | 23 ---- caddy/caddyfile | 49 -------- pods/bitwarden/bitwarden-pod.yml | 60 ---------- pods/bitwarden/bitwarden-secrets.yml | 8 -- pods/git/git-pod.yml | 101 ---------------- pods/git/git-secrets.yml | 7 -- pods/matrix/matrix-pod.yml | 129 -------------------- pods/matrix/matrix-secrets.yml | 7 -- pods/notes/notes-pod.yml | 73 ------------ pods/notes/notes-secrets.yml | 8 -- pods/share/share-pod.yml | 34 ------ pods/smarthome/smarthome-pod.yml | 171 --------------------------- pods/smarthome/smarthome-secrets.yml | 9 -- 13 files changed, 679 deletions(-) delete mode 100644 bin/load delete mode 100644 caddy/caddyfile delete mode 100644 pods/bitwarden/bitwarden-pod.yml delete mode 100644 pods/bitwarden/bitwarden-secrets.yml delete mode 100644 pods/git/git-pod.yml delete mode 100644 pods/git/git-secrets.yml delete mode 100644 pods/matrix/matrix-pod.yml delete mode 100644 pods/matrix/matrix-secrets.yml delete mode 100644 pods/notes/notes-pod.yml delete mode 100644 pods/notes/notes-secrets.yml delete mode 100644 pods/share/share-pod.yml delete mode 100644 pods/smarthome/smarthome-pod.yml delete mode 100644 pods/smarthome/smarthome-secrets.yml diff --git a/bin/load b/bin/load deleted file mode 100644 index 7ab81c5..0000000 --- a/bin/load +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh - -command="/usr/bin/podman" - - -# Loads dumped databases - -postgres_databases="gitea" - -for database in $postgres_databases -do - exec $command exec -it ${database}-pod-postgres sh -c "gunzip -c /dump/${database}.sql.gz | psql -U postgres" -done - - -# Imports volumes - -volumes="gitea-pod-gitea-data" - -for volume in $volumes -do - exec $command volume import $volume /.volumes/${volume}.tar -done diff --git a/caddy/caddyfile b/caddy/caddyfile deleted file mode 100644 index 7c79291..0000000 --- a/caddy/caddyfile +++ /dev/null @@ -1,49 +0,0 @@ -{ - email -} - -vault.bijl.us { - reverse_proxy :1080 -} - -git.bijl.us { - reverse_proxy :2080 -} - -docs.bijl.us { - reverse_proxy :2180 -} - -wiki.bijl.us { - reverse_proxy :2280 -} - -matrix.bijl.us { - handle /_matrix/* { - reverse_proxy :3080 - } - - handle /.well-known/matrix/server { - respond {"m.server":"matrix.bijl.us:443"} - } - - handle /.well-known/matrix/client { - respond {"m.homeserver":{"base_url":"https://matrix.bijl.us"}} - } -} - -element.bijl.us { - reverse_proxy :3180 -} - -notes.bijl.us { - reverse_proxy :4080 -} - -share.bijl.us { - reverse_proxy :5080 -} - -smarthome.bijl.us { - reverse_proxy :6080 -} \ No newline at end of file diff --git a/pods/bitwarden/bitwarden-pod.yml b/pods/bitwarden/bitwarden-pod.yml deleted file mode 100644 index 61572dd..0000000 --- a/pods/bitwarden/bitwarden-pod.yml +++ /dev/null @@ -1,60 +0,0 @@ -apiversion: v1 -kind: Pod -metadata: - name: bitwarden-pod - annotations: - io.podman.annotations.infra.name: bitwarden-pod-infra -spec: - containers: - - name: vaultwarden - image: docker.io/vaultwarden/server:alpine - env: - - name: SIGNUPS_ALLOWED - value: false - - name: DATABASE_URL - value: "postgresql://postgres:@bitwarden-pod-postgres/vaultwarden" - - name: ROCKET_PORT - value: 3000 - ports: - - containerport: 3000 - hostport: 1080 - protocol: TCP - volumemounts: - - mountpath: /data - name: vaultwarden-data - - mountpath: /etc/localtime - name: localtime - readonly: true - - - name: postgres - image: docker.io/library/postgres:16-alpine - env: - - name: POSTGRES_PASSWORD - valuefrom: - secretkeyref: - name: bitwarden-secrets - key: postgres-password - volumemounts: - - mountpath: /dump - name: postgres-dump - - mountpath: /var/lib/postgresql/data - name: postgres-data - - mountpath: /etc/localtime - name: localtime - readonly: true - - volumes: - - persistentvolumeclaim: - claimname: bitwarden-pod-vaultwarden-data - name: vaultwarden-data - - hostpath: - path: /.dump/bitwarden - type: Directory - name: postgres-dump - - persistentvolumeclaim: - claimname: bitwarden-pod-postgres-data - name: postgres-data - - hostPath: - path: /etc/localtime - type: File - name: localtime \ No newline at end of file diff --git a/pods/bitwarden/bitwarden-secrets.yml b/pods/bitwarden/bitwarden-secrets.yml deleted file mode 100644 index 091a46c..0000000 --- a/pods/bitwarden/bitwarden-secrets.yml +++ /dev/null @@ -1,8 +0,0 @@ -apiversion: v1 -data: - postgres-password: - postgres-url: -kind: Secret -metadata: - creationtimestamp: null - name: bitwarden-secrets \ No newline at end of file diff --git a/pods/git/git-pod.yml b/pods/git/git-pod.yml deleted file mode 100644 index 8f6e9ad..0000000 --- a/pods/git/git-pod.yml +++ /dev/null @@ -1,101 +0,0 @@ -apiversion: v1 -kind: Pod -metadata: - name: git-pod - annotations: - io.podman.annotations.infra.name: git-pod-infra -spec: - containers: - - name: gitea - image: docker.io/gitea/gitea:latest - env: - - name: USER_UID - value: "1000" - - name: USER_GID - value: "1000" - - name: GITEA__database__HOST - value: "git-pod-postgres" - - name: GITEA__database__USER - value: "postgres" - - name: GITEA__database__PASSWD - valuefrom: - secretkeyref: - name: git-secrets - key: postgres-password - - name: GITEA__database__NAME - value: "gitea" - ports: - - containerport: 3000 - hostport: 2080 - protocol: TCP - volumemounts: - - mountpath: /data - name: gitea-data - - mountpath: /etc/localtime - name: localtime - readonly: true - - - name: documentation - image: git-mkdocs:latest - env: - - name: GIT_REPO_URL - value: "https://git.bijl.us/lnco/documentation.git" - - name: PORT - value: 3100 - - containerport: 3100 - hostport: 2180 - protocol: TCP - volumemounts: - - mountpath: /etc/localtime - name: localtime - readonly: true - - - name: wiki - image: git-mkdocs-wiki:latest - env: - - name: GIT_REPO_URL - value: "https://git.bijl.us/luc/mathematics-physics-wiki.git" - - name: WIKI_LANG - value: "en nl" - - name: PORT - value: 3200 - - containerport: 3200 - hostport: 2280 - protocol: TCP - volumemounts: - - mountpath: /etc/localtime - name: localtime - readonly: true - - - name: postgres - image: docker.io/library/postgres:16-alpine - env: - - name: POSTGRES_PASSWORD - valuefrom: - secretkeyref: - name: git-secrets - key: postgres-password - volumemounts: - - mountpath: /dump - name: postgres-dump - - mountpath: /var/lib/postgresql/data - name: postgres-data - - mountpath: /etc/localtime - name: localtime - readonly: true - - volumes: - - persistentvolumeclaim: - claimname: git-pod-gitea-data - name: gitea-data - - hostpath: - path: /.dump/git - type: Directory - name: postgres-dump - - persistentvolumeclaim: - claimname: git-pod-postgres-data - name: postgres-data - - hostpath: - path: /etc/localtime - type: File - name: localtime diff --git a/pods/git/git-secrets.yml b/pods/git/git-secrets.yml deleted file mode 100644 index 5dba2b0..0000000 --- a/pods/git/git-secrets.yml +++ /dev/null @@ -1,7 +0,0 @@ -apiversion: v1 -data: - postgres-password: -kind: Secret -metadata: - creationtimestamp: null - name: git-secrets \ No newline at end of file diff --git a/pods/matrix/matrix-pod.yml b/pods/matrix/matrix-pod.yml deleted file mode 100644 index 8744339..0000000 --- a/pods/matrix/matrix-pod.yml +++ /dev/null @@ -1,129 +0,0 @@ -apiversion: v1 -kind: Pod -metadata: - name: matrix-pod - annotations: - io.podman.annotations.infra.name: matrix-pod-infra -spec: - containers: - - name: dendrite - image: matrixdotorg/dendrite-monolith:latest - ports: - - containerport: 8008 - hostport: 3080 - protocol: TCP - - containerport: 8448 - hostport: 8448 - protocol: TCP - volumemounts: - - mountpath: /etc/dendrite - name: dendrite-config - - mountpath: /var/dendrite/media - name: dendrite-media - - mountpath: /var/dendrite/jetstream - name: dendrite-jetstream - - mountpath: /var/dendrite/searchindex - name: dendrite-searchindex - - mountpath: /etc/localtime - name: localtime - readonly: true - - - name: mautrix-whatsapp - image: dock.mau.dev/mautrix/whatsapp:latest - command: - - /usr/bin/mautrix-whatsapp - - -c - - /data/config.yaml - - -r - - /data/registration.yaml - - --ignore-unsupported-server - volumemounts: - - mountpath: /data - name: mautrix-whatsapp-config - - mountpath: /etc/localtime - name: localtime - readonly: true - - - name: mautrix-signal - image: dock.mau.dev/mautrix/signal:latest - command: - - /usr/bin/mautrix-signal - - -c - - /data/config.yaml - - -r - - /data/registration.yaml - - --ignore-unsupported-server - volumemounts: - - mountpath: /data - name: mautrix-signal-config - - mountpath: /etc/localtime - name: localtime - readonly: true - - - name: element - image: vectorim/element-web:latest - ports: - - containerport: 80 - hostport: 3180 - protocol: TCP - volumemounts: - - mountpath: /app/config.json - name: element-config - - mountpath: /etc/localtime - name: localtime - readonly: true - - - name: postgres - image: docker.io/library/postgres:16-alpine - env: - - name: POSTGRES_PASSWORD - valuefrom: - secretkeyref: - name: matrix-secrets - key: postgres-password - volumemounts: - - mountpath: /dump - name: postgres-dump - - mountpath: /var/lib/postgresql/data - name: postgres-data - - mountpath: /etc/localtime - name: localtime - readonly: true - - volumes: - - hostpath: - path: /.config/pods/matrix/dendrite-config - type: Directory - name: dendrite-config - - persistentvolumeclaim: - claimname: matrix-pod-dendrite-media - name: dendrite-media - - persistentvolumeclaim: - claimname: matrix-pod-dendrite-jetstream - name: dendrite-jetstream - - persistentvolumeclaim: - claimname: matrix-pod-dendrite-searchindex - name: dendrite-searchindex - - hostpath: - path: /.config/pods/matrix/mautrix-whatsapp-config - type: Directory - name: mautrix-whatsapp-config - - hostpath: - path: /.config/pods/matrix/mautrix-signal-config - type: Directory - name: mautrix-signal-config - - hostpath: - path: /.config/pods/matrix/element-config/config.json - type: File - name: element-config - - hostpath: - path: /.dump/matrix - type: Directory - name: postgres-dump - - persistentvolumeclaim: - claimname: matrix-pod-postgres-data - name: postgres-data - - hostpath: - path: /etc/localtime - type: File - name: localtime diff --git a/pods/matrix/matrix-secrets.yml b/pods/matrix/matrix-secrets.yml deleted file mode 100644 index 101a814..0000000 --- a/pods/matrix/matrix-secrets.yml +++ /dev/null @@ -1,7 +0,0 @@ -apiversion: v1 -data: - postgres-password: -kind: Secret -metadata: - creationtimestamp: null - name: matrix-secrets \ No newline at end of file diff --git a/pods/notes/notes-pod.yml b/pods/notes/notes-pod.yml deleted file mode 100644 index 7efdd4b..0000000 --- a/pods/notes/notes-pod.yml +++ /dev/null @@ -1,73 +0,0 @@ -apiversion: v1 -kind: Pod -metadata: - name: notes-pod - annotations: - io.podman.annotations.infra.name: notes-pod-infra -spec: - containers: - - name: hedgedoc - image: quay.io/hedgedoc/hedgedoc:alpine - env: - - name: CMD_DB_URL - valuefrom: - secretkeyref: - name: notes-secrets - key: postgres-url - - name: CMD_ALLOW_EMAIL_REGISTER - value: true - - name: CMD_DOMAIN - value: "notes.bijl.us" - - name: CMD_PROTOCOL_USESSL - value: true - - name: CMD_URL_ADDPORT - value: false - - name: NODE_ENV - value: production - - name: CMD_IMAGE_UPLOAD_TYPE - value: filesystem - - name: UPLOADS_MODE - value: 0700 - ports: - - containerport: 3000 - hostport: 4080 - protocol: TCP - volumemounts: - - mountpath: /hedgedoc/public/uploads - name: hedgedoc-uploads - - mountpath: /etc/localtime - name: localtime - readonly: true - - - name: postgres - image: docker.io/library/postgres:16-alpine - env: - - name: POSTGRES_PASSWORD - valuefrom: - secretkeyref: - name: notes-secrets - key: postgres-password - volumemounts: - - mountpath: /dump - name: postgres-dump - - mountpath: /var/lib/postgresql/data - name: postgres-data - - mountpath: /etc/localtime - name: localtime - readonly: true - - volumes: - - persistentvolumeclaim: - claimname: notes-pod-hedgedoc-uploads - name: hedgedoc-uploads - - hostpath: - path: /.dump/notes - type: Directory - name: postgres-dump - - persistentvolumeclaim: - claimname: notes-pod-postgres-data - name: postgres-data - - hostPath: - path: /etc/localtime - type: File - name: localtime \ No newline at end of file diff --git a/pods/notes/notes-secrets.yml b/pods/notes/notes-secrets.yml deleted file mode 100644 index 00140de..0000000 --- a/pods/notes/notes-secrets.yml +++ /dev/null @@ -1,8 +0,0 @@ -apiversion: v1 -data: - postgres-password: - postgres-url: -kind: Secret -metadata: - creationtimestamp: null - name: notes-secrets \ No newline at end of file diff --git a/pods/share/share-pod.yml b/pods/share/share-pod.yml deleted file mode 100644 index b4da767..0000000 --- a/pods/share/share-pod.yml +++ /dev/null @@ -1,34 +0,0 @@ -apiversion: v1 -kind: Pod -metadata: - name: share-pod - annotations: - io.podman.annotations.infra.name: share-pod-infra -spec: - containers: - - name: picoshare - image: docker.io/mtlynch/picoshare:latest - env: - - name: PS_SHARED_SECRET - value: "" - - name: PORT - value: 3000 - ports: - - containerport: 3000 - hostport: 5080 - protocol: TCP - volumemounts: - - mountpath: /data - name: picoshare-data - - mountpath: /etc/localtime - name: localtime - readonly: true - - volumes: - - persistentvolumeclaim: - claimname: share-pod-picoshare-data - name: picoshare-data - - hostPath: - path: /etc/localtime - type: File - name: localtime \ No newline at end of file diff --git a/pods/smarthome/smarthome-pod.yml b/pods/smarthome/smarthome-pod.yml deleted file mode 100644 index 59272b4..0000000 --- a/pods/smarthome/smarthome-pod.yml +++ /dev/null @@ -1,171 +0,0 @@ -apiversion: v1 -kind: Pod -metadata: - name: smarthome-pod - annotations: - io.podman.annotations.infra.name: smarthome-pod-infra - run.oci.keep_original_groups: 1 -spec: - containers: - - name: home-assistant - image: ghcr.io/home-assistant/home-assistant:latest - ports: - - containerport: 3000 - hostport: 6080 - protocol: TCP - volumemounts: - - mountpath: /config - name: home-assistant-config - - mountpath: /dev/ttyUSB0 - name: home-assistant-usb0 - - mountpath: /dev/ttyUSB1 - name: home-assistant-usb1 - - mountpath: /etc/localtime - name: localtime - readonly: true - - - name: mosquitto - image: docker.io/eclipse-mosquitto:latest - ports: - - containerport: 1883 - hostport: 1883 - protocol: TCP - volumemounts: - - mountpath: /mosquitto/config - name: mosquitto-config - - mountpath: /mosquitto/data - name: mosquitto-data - - mountpath: /mosquitto/log - name: mosquitto-log - - mountpath: /etc/localtime - name: localtime - readonly: true - - - name: esphome - image: docker.io/esphome/esphome:stable - env: - - name: USERNAME - value: "" - - name: PASSWORD - value: "" - ports: - - containerport: 6052 - hostport: 6052 - protocol: TCP - volumemounts: - - mountpath: /config - name: esphome-config - - mountpath: /etc/localtime - name: localtime - readonly: true - - - name: ecowitt - image: docker.io/bachya/ecowitt2mqtt:latest - env: - - name: ECOWITT2MQTT_MQTT_BROKER - value: "smarthome-pod-mosquitto" - - name: ECOWITT2MQTT_MQTT_USERNAME - value: "" - - name: ECOWITT2MQTT_MQTT_PASSWORD - value: "" - - name: ECOWITT2MQTT_PORT - value: 8181 - - name: ECOWITT2MQTT_HASS_DISCOVERY - value: true - - name: ECOWITT2MQTT_INPUT_UNIT_SYSTEM - value: "imperial" - - name: ECOWITT2MQTT_OUTPUT_UNIT_SYSTEM - value: "metric" - - name: ECOWITT2MQTT_PRECISION - value: 1 - ports: - - containerport: 8181 - hostport: 8181 - protocol: TCP - volumemounts: - - mountpath: /etc/localtime - name: localtime - readonly: true - - - name: volvo - image: ghcr.io/dielee/volvo2mqtt:latest - env: - - name: CONF_updateInterval - value: 300 - - name: CONF_babelLocale - value: "nl" - - name: CONF_mqtt - valuefrom: - secretkeyref: - name: smarthome-secrets - key: volvo-mosquitto - - name: CONF_volvoData - valuefrom: - secretkeyref: - name: smarthome-secrets - key: volvo-url - volumemounts: - - mountpath: /volvoAAOS2mqtt - name: volvo-data - - mountpath: /etc/localtime - name: localtime - readonly: true - - - name: postgres - image: docker.io/library/postgres:16-alpine - env: - - name: POSTGRES_PASSWORD - valuefrom: - secretkeyref: - name: smarthome-secrets - key: postgres-password - volumemounts: - - mountpath: /dump - name: postgres-dump - - mountpath: /var/lib/postgresql/data - name: postgres-data - - mountpath: /etc/localtime - name: localtime - readonly: true - - volumes: - - hostpath: - path: /.config/pods/smarthome/home-assistant-config - type: Directory - name: home-assistant-config - - hostpath: - path: /dev/ttyUSB0 - type: File - name: home-assistant-usb0 - - hostpath: - path: /dev/ttyUSB1 - type: File - name: home-assistant-usb1 - - hostpath: - path: /.config/pods/smarthome/mosquitto-config - type: Directory - name: mosquitto-config - - persistentvolumeclaim: - claimname: smarthome-pod-mosquitto-data - name: mosquitto-data - - persistentvolumeclaim: - claimname: smarthome-pod-mosquitto-log - name: mosquitto-log - - hostpath: - path: /.config/pods/smarthome/esphome-config - type: Directory - name: esphome-config - - persistentvolumeclaim: - claimname: smarthome-pod-volvo-data - name: volvo-data - - hostpath: - path: /.dump/smarthome - type: Directory - name: postgres-dump - - persistentvolumeclaim: - claimname: smarthome-pod-postgres-data - name: postgres-data - - hostpath: - path: /etc/localtime - type: File - name: localtime diff --git a/pods/smarthome/smarthome-secrets.yml b/pods/smarthome/smarthome-secrets.yml deleted file mode 100644 index 109b448..0000000 --- a/pods/smarthome/smarthome-secrets.yml +++ /dev/null @@ -1,9 +0,0 @@ -apiversion: v1 -data: - volvo-mosquitto: - volvo-url: - postgres-password: -kind: Secret -metadata: - creationtimestamp: null - name: smarthome-secrets \ No newline at end of file From a93593061c1555d051f79f4a09de5330a2f0dfc0 Mon Sep 17 00:00:00 2001 From: Luc Bijl Date: Sun, 17 Aug 2025 15:01:12 +0200 Subject: [PATCH 4/7] bin: update --- bin/backup | 10 ++++++++++ bin/checkpod | 0 bin/dump | 4 +--- bin/load-databases | 12 ++++++++++++ bin/load-volumes | 12 ++++++++++++ 5 files changed, 35 insertions(+), 3 deletions(-) create mode 100755 bin/backup mode change 100644 => 100755 bin/checkpod mode change 100644 => 100755 bin/dump create mode 100755 bin/load-databases create mode 100755 bin/load-volumes diff --git a/bin/backup b/bin/backup new file mode 100755 index 0000000..446e732 --- /dev/null +++ b/bin/backup @@ -0,0 +1,10 @@ +#!/bin/sh + +host="" +user="" +serverdir="" + +clientdirs="$HOME/.local/etc $HOME/.local/bin $HOME/.config $HOME/.volumes $HOME/.dump" +command="/usr/bin/restic" + +exec $command -r sftp:${user}@${host}:/${serverdir} -v backup $clientdirs diff --git a/bin/checkpod b/bin/checkpod old mode 100644 new mode 100755 diff --git a/bin/dump b/bin/dump old mode 100644 new mode 100755 index dfb9e8a..8b9ff7a --- a/bin/dump +++ b/bin/dump @@ -2,7 +2,6 @@ command="/usr/bin/podman" - # Dumps databases postgres_databases="" @@ -12,12 +11,11 @@ do $command exec -it ${database}-pod-postgres sh -c "pg_dumpall -U postgres | gzip > /dump/${database}.sql.gz" done - # Exports volumes volumes="" for volume in $volumes do - $command volume export $volume --output /.volumes/${volume}.tar + $command volume export $volume --output /home/neutrino/.volumes/${volume}.tar done diff --git a/bin/load-databases b/bin/load-databases new file mode 100755 index 0000000..df6d3b0 --- /dev/null +++ b/bin/load-databases @@ -0,0 +1,12 @@ +#!/bin/sh + +command="/usr/bin/podman" + +# Loads dumped databases + +postgres_databases="" + +for database in $postgres_databases +do + $command exec -it ${database}-pod-postgres sh -c "gunzip -c /dump/${database}.sql.gz | psql -U postgres" +done diff --git a/bin/load-volumes b/bin/load-volumes new file mode 100755 index 0000000..04f7958 --- /dev/null +++ b/bin/load-volumes @@ -0,0 +1,12 @@ +#!/bin/sh + +command="/usr/bin/podman" + +# Imports volumes + +volumes="" + +for volume in $volumes +do + $command volume import $volume /home/neutrino/.volumes/${volume}.tar +done From 679647542ddb030a9f41f006cc807e3ee75b9abc Mon Sep 17 00:00:00 2001 From: Luc Bijl Date: Sun, 17 Aug 2025 15:01:32 +0200 Subject: [PATCH 5/7] dotconfig/caddy: add --- dotconfig/caddy/caddyfile | 73 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 dotconfig/caddy/caddyfile diff --git a/dotconfig/caddy/caddyfile b/dotconfig/caddy/caddyfile new file mode 100644 index 0000000..4c35ce7 --- /dev/null +++ b/dotconfig/caddy/caddyfile @@ -0,0 +1,73 @@ +hs.bijl.us { + reverse_proxy : +} + +vault.bijl.us { + reverse_proxy : +} + +matrix.bijl.us { + handle /_matrix/* { + reverse_proxy : + } + + handle /.well-known/matrix/server { + respond {"m.server":"matrix.bijl.us:443"} + } + + handle /.well-known/matrix/client { + respond {"m.homeserver":{"base_url":"https://matrix.bijl.us"}} + } +} + +smarthome.bijl.us { + reverse_proxy : +} + +share.bijl.us { + reverse_proxy : +} + +media.bijl.us { + reverse_proxy : +} + +ampel.dev { + reverse_proxy : +} + +git.ampel.dev { + reverse_proxy : +} + +docs.ampel.dev { + reverse_proxy : +} + +blog.ampel.dev { + reverse_proxy : +} + +notes.ampel.dev { + reverse_proxy : +} + +lucbijl.nl { + reverse_proxy : +} + +git.lucbijl.nl { + reverse_proxy : +} + +wiki.lucbijl.nl { + reverse_proxy : +} + +blog.lucbijl.nl { + reverse_proxy : +} + +notes.lucbijl.nl { + reverse_proxy : +} From 2e05501c92d376cfc99cf7097dd875ca3f5d2a9e Mon Sep 17 00:00:00 2001 From: Luc Bijl Date: Sun, 17 Aug 2025 15:02:06 +0200 Subject: [PATCH 6/7] dotconfig/pods: add --- dotconfig/pods/ampel/ampel-pod.yml | 174 ++++++++++++++++++ dotconfig/pods/ampel/ampel-secrets.yml | 8 + dotconfig/pods/bitwarden/bitwarden-pod.yml | 60 ++++++ .../pods/bitwarden/bitwarden-secrets.yml | 8 + dotconfig/pods/luc/luc-pod.yml | 134 ++++++++++++++ dotconfig/pods/luc/luc-secrets.yml | 7 + dotconfig/pods/matrix/matrix-pod.yml | 112 +++++++++++ dotconfig/pods/matrix/matrix-secrets.yml | 7 + dotconfig/pods/media/media-pod.yml | 47 +++++ dotconfig/pods/share/share-pod.yml | 34 ++++ dotconfig/pods/share/share-secrets.yml | 7 + dotconfig/pods/smarthome/smarthome-pod.yml | 112 +++++++++++ .../pods/smarthome/smarthome-secrets.yml | 7 + dotconfig/pods/tailscale/tailscale-pod.yml | 38 ++++ 14 files changed, 755 insertions(+) create mode 100644 dotconfig/pods/ampel/ampel-pod.yml create mode 100644 dotconfig/pods/ampel/ampel-secrets.yml create mode 100644 dotconfig/pods/bitwarden/bitwarden-pod.yml create mode 100644 dotconfig/pods/bitwarden/bitwarden-secrets.yml create mode 100644 dotconfig/pods/luc/luc-pod.yml create mode 100644 dotconfig/pods/luc/luc-secrets.yml create mode 100644 dotconfig/pods/matrix/matrix-pod.yml create mode 100644 dotconfig/pods/matrix/matrix-secrets.yml create mode 100644 dotconfig/pods/media/media-pod.yml create mode 100644 dotconfig/pods/share/share-pod.yml create mode 100644 dotconfig/pods/share/share-secrets.yml create mode 100644 dotconfig/pods/smarthome/smarthome-pod.yml create mode 100644 dotconfig/pods/smarthome/smarthome-secrets.yml create mode 100644 dotconfig/pods/tailscale/tailscale-pod.yml diff --git a/dotconfig/pods/ampel/ampel-pod.yml b/dotconfig/pods/ampel/ampel-pod.yml new file mode 100644 index 0000000..d0c2798 --- /dev/null +++ b/dotconfig/pods/ampel/ampel-pod.yml @@ -0,0 +1,174 @@ +apiversion: v1 +kind: Pod +metadata: + name: ampel-pod + annotations: + io.podman.annotations.infra.name: ampel-pod-infra +spec: + containers: +# - name: root +# image: +# env: +# - name: PORT +# value: 3000 +# ports: +# - containerport: 3000 +# hostport: +# protocol: TCP +# volumemounts: +# - name: localtime +# mountpath: /etc/localtime +# readonly: true + + - name: git + image: codeberg.org/forgejo/forgejo:9 + env: + - name: USER_UID + value: "1000" + - name: USER_GID + value: "1000" + - name: FORGEJO__database__DB_TYPE + value: "postgres" + - name: FORGEJO__database__HOST + value: "ampel-pod-postgres" + - name: FORGEJO__database__USER + value: "postgres" + - name: FORGEJO__database__PASSWD + valuefrom: + secretkeyref: + name: ampel-secrets + key: postgres-password + - name: FORGEJO__database__NAME + value: "forgejo" + ports: + - containerport: 3100 + hostport: + protocol: TCP + volumemounts: + - name: git-data + mountpath: /data + - name: localtime + mountpath: /etc/localtime + readonly: true + + - name: tailscale + image: ghcr.io/tailscale/tailscale:latest + env: + - name: TS_HOSTNAME + value: "ampel-pod" + - name: TS_AUTHKEY + value: "" + - name: TS_STATE_DIR + value: "/var/lib/tailscale" + - name: TS_EXTRA_ARGS + value: "--login-server=" + volumemounts: + - name: tailscale-lib + mountpath: /var/lib/tailscale + - name: localtime + mountpath: /etc/localtime + readonly: true + + - name: docs + image: git.ampel.dev/ampel/mkdocs-git:latest + env: + - name: GIT_REPO_URL + value: "" + - name: PORT + value: 3200 + ports: + - containerport: 3200 + hostport: + protocol: TCP + volumemounts: + - name: localtime + mountpath: /etc/localtime + readonly: true + + - name: blog + image: git.ampel.dev/ampel/mkdocs-git:latest + env: + - name: GIT_REPO_URL + value: "" + - name: PORT + value: 3300 + ports: + - containerport: 3300 + hostport: + protocol: TCP + volumemounts: + - name: localtime + mountpath: /etc/localtime + readonly: true + + - name: notes + image: quay.io/hedgedoc/hedgedoc:alpine + env: + - name: CMD_DB_URL + valuefrom: + secretkeyref: + name: ampel-secrets + key: postgres-url + - name: CMD_PORT + value: 3400 + - name: CMD_ALLOW_EMAIL_REGISTER + value: true + - name: CMD_DOMAIN + value: "" + - name: CMD_PROTOCOL_USESSL + value: true + - name: NODE_ENV + value: production + - name: CMD_IMAGE_UPLOAD_TYPE + value: filesystem + - name: UPLOADS_MODE + value: 0700 + ports: + - containerport: 3400 + hostport: + protocol: TCP + volumemounts: + - name: notes-uploads + mountpath: /hedgedoc/public/uploads + - name: localtime + mountpath: /etc/localtime + readonly: true + + - name: postgres + image: docker.io/library/postgres:16-alpine + env: + - name: POSTGRES_PASSWORD + valuefrom: + secretkeyref: + name: ampel-secrets + key: postgres-password + volumemounts: + - name: postgres-dump + mountpath: /dump + - name: postgres-data + mountpath: /var/lib/postgresql/data + - name: localtime + mountpath: /etc/localtime + readonly: true + + volumes: + - name: git-data + persistentvolumeclaim: + claimname: ampel-pod-git-data + - name: tailscale-lib + persistentvolumeclaim: + claimname: ampel-pod-tailscale-lib + - name: notes-uploads + persistentvolumeclaim: + claimname: ampel-pod-notes-uploads + - name: postgres-dump + hostpath: + path: $HOME/.dump/ampel + type: Directory + - name: postgres-data + persistentvolumeclaim: + claimname: ampel-pod-postgres-data + - name: localtime + hostpath: + path: /etc/localtime + type: File diff --git a/dotconfig/pods/ampel/ampel-secrets.yml b/dotconfig/pods/ampel/ampel-secrets.yml new file mode 100644 index 0000000..75453f0 --- /dev/null +++ b/dotconfig/pods/ampel/ampel-secrets.yml @@ -0,0 +1,8 @@ +apiversion: v1 +data: + postgres-password: + postgres-url: +kind: Secret +metadata: + creationtimestamp: null + name: ampel-secrets diff --git a/dotconfig/pods/bitwarden/bitwarden-pod.yml b/dotconfig/pods/bitwarden/bitwarden-pod.yml new file mode 100644 index 0000000..259a18c --- /dev/null +++ b/dotconfig/pods/bitwarden/bitwarden-pod.yml @@ -0,0 +1,60 @@ +apiversion: v1 +kind: Pod +metadata: + name: bitwarden-pod + annotations: + io.podman.annotations.infra.name: bitwarden-pod-infra +spec: + containers: + - name: vaultwarden + image: docker.io/vaultwarden/server:latest-alpine + env: + - name: SIGNUPS_ALLOWED + value: false + - name: DATABASE_URL + value: "" + - name: ROCKET_PORT + value: 3000 + ports: + - containerport: 3000 + hostport: + protocol: TCP + volumemounts: + - name: vaultwarden-data + mountpath: /data + - name: localtime + mountpath: /etc/localtime + readonly: true + + - name: postgres + image: docker.io/library/postgres:16-alpine + env: + - name: POSTGRES_PASSWORD + valuefrom: + secretkeyref: + name: bitwarden-secrets + key: postgres-password + volumemounts: + - name: postgres-dump + mountpath: /dump + - name: postgres-data + mountpath: /var/lib/postgresql/data + - name: localtime + mountpath: /etc/localtime + readonly: true + + volumes: + - name: vaultwarden-data + persistentvolumeclaim: + claimname: bitwarden-pod-vaultwarden-data + - name: postgres-dump + hostpath: + path: $HOME/.dump/bitwarden + type: Directory + - name: postgres-data + persistentvolumeclaim: + claimname: bitwarden-pod-postgres-data + - name: localtime + hostPath: + path: /etc/localtime + type: File diff --git a/dotconfig/pods/bitwarden/bitwarden-secrets.yml b/dotconfig/pods/bitwarden/bitwarden-secrets.yml new file mode 100644 index 0000000..14e3375 --- /dev/null +++ b/dotconfig/pods/bitwarden/bitwarden-secrets.yml @@ -0,0 +1,8 @@ +apiversion: v1 +data: + postgres-password: + postgres-url: +kind: Secret +metadata: + creationtimestamp: null + name: bitwarden-secrets diff --git a/dotconfig/pods/luc/luc-pod.yml b/dotconfig/pods/luc/luc-pod.yml new file mode 100644 index 0000000..920164b --- /dev/null +++ b/dotconfig/pods/luc/luc-pod.yml @@ -0,0 +1,134 @@ +apiversion: v1 +kind: Pod +metadata: + name: luc-pod + annotations: + io.podman.annotations.infra.name: luc-pod-infra +spec: + containers: +# - name: root +# image: +# env: +# - name: PORT +# value: 3000 +# ports: +# - containerport: 3000 +# hostport: +# protocol: TCP +# volumemounts: +# - name: localtime +# mountpath: /etc/localtime +# readonly: true + + - name: git + image: codeberg.org/forgejo/forgejo:9 + env: + - name: USER_UID + value: "1000" + - name: USER_GID + value: "1000" + - name: FORGEJO__database__DB_TYPE + value: "postgres" + - name: FORGEJO__database__HOST + value: "luc-pod-postgres" + - name: FORGEJO__database__USER + value: "postgres" + - name: FORGEJO__database__PASSWD + valuefrom: + secretkeyref: + name: luc-secrets + key: postgres-password + - name: FORGEJO__database__NAME + value: "forgejo" + ports: + - containerport: 3100 + hostport: + protocol: TCP + volumemounts: + - name: git-data + mountpath: /data + - name: localtime + mountpath: /etc/localtime + readonly: true + + - name: tailscale + image: ghcr.io/tailscale/tailscale:latest + env: + - name: TS_HOSTNAME + value: "luc-pod" + - name: TS_AUTHKEY + value: "" + - name: TS_STATE_DIR + value: "/var/lib/tailscale" + - name: TS_EXTRA_ARGS + value: "--login-server=" + volumemounts: + - name: tailscale-lib + mountpath: /var/lib/tailscale + - name: localtime + mountpath: /etc/localtime + readonly: true + +# - name: wiki +# image: git.ampel.dev/git-mkdocs:latest +# env: +# - name: GIT_REPO_URL +# value: "" +# - name: PORT +# value: 3200 +# ports: +# - containerport: 3200 +# hostport: +# protocol: TCP +# volumemounts: +# - name: localtime +# mountpath: /etc/localtime +# readonly: true + +# - name: blog +# ports: +# - containerport: 3300 +# hostport: +# protocol: TCP + +# - name: notes +# ports: +# - containerport: 3400 +# hostport: +# protocol: TCP + + - name: postgres + image: docker.io/library/postgres:16-alpine + env: + - name: POSTGRES_PASSWORD + valuefrom: + secretkeyref: + name: luc-secrets + key: postgres-password + volumemounts: + - name: postgres-dump + mountpath: /dump + - name: postgres-data + mountpath: /var/lib/postgresql/data + - name: localtime + mountpath: /etc/localtime + readonly: true + + volumes: + - name: git-data + persistentvolumeclaim: + claimname: luc-pod-git-data + - name: tailscale-lib + persistentvolumeclaim: + claimname: luc-pod-tailscale-lib + - name: postgres-dump + hostpath: + path: $HOME/.dump/luc + type: Directory + - name: postgres-data + persistentvolumeclaim: + claimname: luc-pod-postgres-data + - name: localtime + hostpath: + path: /etc/localtime + type: File diff --git a/dotconfig/pods/luc/luc-secrets.yml b/dotconfig/pods/luc/luc-secrets.yml new file mode 100644 index 0000000..686b484 --- /dev/null +++ b/dotconfig/pods/luc/luc-secrets.yml @@ -0,0 +1,7 @@ +apiversion: v1 +data: + postgres-password: +kind: Secret +metadata: + creationtimestamp: null + name: luc-secrets diff --git a/dotconfig/pods/matrix/matrix-pod.yml b/dotconfig/pods/matrix/matrix-pod.yml new file mode 100644 index 0000000..9a924fe --- /dev/null +++ b/dotconfig/pods/matrix/matrix-pod.yml @@ -0,0 +1,112 @@ +apiversion: v1 +kind: Pod +metadata: + name: matrix-pod + annotations: + io.podman.annotations.infra.name: matrix-pod-infra +spec: + containers: + - name: dendrite + image: ghcr.io/element-hq/dendrite-monolith:latest + ports: + - containerport: 8008 + hostport: + protocol: TCP + - containerport: 8448 + hostport: 8448 + protocol: TCP + volumemounts: + - name: dendrite-config + mountpath: /etc/dendrite + - name: dendrite-media + mountpath: /var/dendrite/media + - name: dendrite-jetstream + mountpath: /var/dendrite/jetstream + - name: dendrite-searchindex + mountpath: /var/dendrite/searchindex + - name: localtime + mountpath: /etc/localtime + readonly: true + + - name: mautrix-whatsapp + image: dock.mau.dev/mautrix/whatsapp:latest + command: + - /usr/bin/mautrix-whatsapp + - -c + - /data/config.yaml + - -r + - /data/registration.yaml + - --ignore-unsupported-server + volumemounts: + - name: mautrix-whatsapp-config + mountpath: /data + - name: localtime + mountpath: /etc/localtime + readonly: true + + - name: mautrix-signal + image: dock.mau.dev/mautrix/signal:latest + command: + - /usr/bin/mautrix-signal + - -c + - /data/config.yaml + - -r + - /data/registration.yaml + - --ignore-unsupported-server + volumemounts: + - name: mautrix-signal-config + mountpath: /data + - name: localtime + mountpath: /etc/localtime + readonly: true + + - name: postgres + image: docker.io/library/postgres:16-alpine + env: + - name: POSTGRES_PASSWORD + valuefrom: + secretkeyref: + name: matrix-secrets + key: postgres-password + volumemounts: + - name: postgres-dump + mountpath: /dump + - name: postgres-data + mountpath: /var/lib/postgresql/data + - name: localtime + mountpath: /etc/localtime + readonly: true + + volumes: + - name: dendrite-config + hostpath: + path: $HOME/.config/pods/matrix/dendrite-config + type: Directory + - name: dendrite-media + persistentvolumeclaim: + claimname: matrix-pod-dendrite-media + - name: dendrite-jetstream + persistentvolumeclaim: + claimname: matrix-pod-dendrite-jetstream + - name: dendrite-searchindex + persistentvolumeclaim: + claimname: matrix-pod-dendrite-searchindex + - name: mautrix-whatsapp-config + hostpath: + path: $HOME/.config/pods/matrix/mautrix-whatsapp-config + type: Directory + - name: mautrix-signal-config + hostpath: + path: $HOME/.config/pods/matrix/mautrix-signal-config + type: Directory + - name: postgres-dump + hostpath: + path: $HOME/.dump/matrix + type: Directory + - name: postgres-data + persistentvolumeclaim: + claimname: matrix-pod-postgres-data + - name: localtime + hostpath: + path: /etc/localtime + type: File diff --git a/dotconfig/pods/matrix/matrix-secrets.yml b/dotconfig/pods/matrix/matrix-secrets.yml new file mode 100644 index 0000000..16d3430 --- /dev/null +++ b/dotconfig/pods/matrix/matrix-secrets.yml @@ -0,0 +1,7 @@ +apiversion: v1 +data: + postgres-password: +kind: Secret +metadata: + creationtimestamp: null + name: matrix-secrets diff --git a/dotconfig/pods/media/media-pod.yml b/dotconfig/pods/media/media-pod.yml new file mode 100644 index 0000000..c838b73 --- /dev/null +++ b/dotconfig/pods/media/media-pod.yml @@ -0,0 +1,47 @@ +apiversion: v1 +kind: Pod +metadata: + name: media-pod + annotations: + io.podman.annotations.infra.name: media-pod-infra +spec: + containers: + - name: jellyfin + image: docker.io/jellyfin/jellyfin:latest + securitycontext: + runasgroup: 1000 + runasuser: 1000 + env: + - name: JELLYFIN_PublishedServerUrl + value: "" + ports: + - containerport: 8096 + hostport: + protocol: TCP + volumemounts: + - name: jellyfin-config + mountpath: /config + - name: jellyfin-cache + mountpath: /cache + - name: jellyfin-media + mountpath: /media + readonly: true + - name: localtime + mountpath: /etc/localtime + readonly: true + + volumes: + - name: jellyfin-config + persistentvolumeclaim: + claimname: media-pod-jellyfin-config + - name: jellyfin-media + hostpath: + path: $HOME/.local/share/media + type: Directory + - name: jellyfin-cache + persistentvolumeclaim: + claimname: media-pod-jellyfin-cache + - name: localtime + hostpath: + path: /etc/localtime + type: File diff --git a/dotconfig/pods/share/share-pod.yml b/dotconfig/pods/share/share-pod.yml new file mode 100644 index 0000000..4c4c935 --- /dev/null +++ b/dotconfig/pods/share/share-pod.yml @@ -0,0 +1,34 @@ +apiversion: v1 +kind: Pod +metadata: + name: share-pod + annotations: + io.podman.annotations.infra.name: share-pod-infra +spec: + containers: + - name: picoshare + image: docker.io/mtlynch/picoshare:latest + env: + - name: PS_SHARED_SECRET + value: "" + - name: PORT + value: 3000 + ports: + - containerport: 3000 + hostport: + protocol: TCP + volumemounts: + - name: picoshare-data + mountpath: /data + - name: localtime + mountpath: /etc/localtime + readonly: true + + volumes: + - name: picoshare-data + persistentvolumeclaim: + claimname: share-pod-picoshare-data + - name: localtime + hostpath: + path: /etc/localtime + type: File diff --git a/dotconfig/pods/share/share-secrets.yml b/dotconfig/pods/share/share-secrets.yml new file mode 100644 index 0000000..eeaab7d --- /dev/null +++ b/dotconfig/pods/share/share-secrets.yml @@ -0,0 +1,7 @@ +apiversion: v1 +data: + picoshare-password: +kind: Secret +metadata: + creationtimestamp: null + name: share-secrets diff --git a/dotconfig/pods/smarthome/smarthome-pod.yml b/dotconfig/pods/smarthome/smarthome-pod.yml new file mode 100644 index 0000000..40bf07b --- /dev/null +++ b/dotconfig/pods/smarthome/smarthome-pod.yml @@ -0,0 +1,112 @@ +apiversion: v1 +kind: Pod +metadata: + name: smarthome-pod + annotations: + io.podman.annotations.infra.name: smarthome-pod-infra + run.oci.keep_original_groups: 1 +spec: + containers: + - name: home-assistant + image: ghcr.io/home-assistant/home-assistant:latest + ports: + - containerport: 3000 + hostport: + protocol: TCP + volumemounts: + - name: home-assistant-config + mountpath: /config + - name: home-assistant-usb0 + mountpath: /dev/ttyUSB0 + - name: home-assistant-usb1 + mountpath: /dev/ttyUSB1 + - name: localtime + mountpath: /etc/localtime + readonly: true + + - name: mosquitto + image: docker.io/eclipse-mosquitto:latest + ports: + - containerport: 1883 + hostport: 1883 + protocol: TCP + volumemounts: + - name: mosquitto-config + mountpath: /mosquitto/config + - name: mosquitto-data + mountpath: /mosquitto/data + - name: mosquitto-log + mountpath: /mosquitto/log + - name: localtime + mountpath: /etc/localtime + readonly: true + + - name: esphome + image: docker.io/esphome/esphome:latest + env: + - name: USERNAME + value: "" + - name: PASSWORD + value: "" + ports: + - containerport: 6052 + hostport: 6052 + protocol: TCP + volumemounts: + - name: esphome-config + mountpath: /config + - name: localtime + mountpath: /etc/localtime + readonly: true + + - name: postgres + image: docker.io/library/postgres:16-alpine + env: + - name: POSTGRES_PASSWORD + valuefrom: + secretkeyref: + name: smarthome-secrets + key: postgres-password + volumemounts: + - name: postgres-dump + mountpath: /dump + - name: postgres-data + mountpath: /var/lib/postgresql/data + - name: localtime + mountpath: /etc/localtime + readonly: true + + volumes: + - name: home-assistant-config + hostpath: + path: $HOME/.config/pods/smarthome/home-assistant-config + type: Directory + - name: home-assistant-usb0 + hostpath: + path: /dev/ttyUSB0 + type: File + - name: home-assistant-usb1 + hostpath: + path: /dev/ttyUSB1 + type: File + - name: mosquitto-config + hostpath: + path: $HOME/.config/pods/smarthome/mosquitto-config + type: Directory + - name: mosquitto-data + persistentvolumeclaim: + claimname: smarthome-pod-mosquitto-data + - name: mosquitto-log + persistentvolumeclaim: + claimname: smarthome-pod-mosquitto-log + - name: postgres-dump + hostpath: + path: $HOME/.dump/smarthome + type: Directory + - name: postgres-data + persistentvolumeclaim: + claimname: smarthome-pod-postgres-data + - name: localtime + hostpath: + path: /etc/localtime + type: File diff --git a/dotconfig/pods/smarthome/smarthome-secrets.yml b/dotconfig/pods/smarthome/smarthome-secrets.yml new file mode 100644 index 0000000..b46a1e1 --- /dev/null +++ b/dotconfig/pods/smarthome/smarthome-secrets.yml @@ -0,0 +1,7 @@ +apiversion: v1 +data: + postgres-password: +kind: Secret +metadata: + creationtimestamp: null + name: smarthome-secrets diff --git a/dotconfig/pods/tailscale/tailscale-pod.yml b/dotconfig/pods/tailscale/tailscale-pod.yml new file mode 100644 index 0000000..6d0da1a --- /dev/null +++ b/dotconfig/pods/tailscale/tailscale-pod.yml @@ -0,0 +1,38 @@ +apiversion: v1 +kind: Pod +metadata: + name: tailscale-pod + annotations: + io.podman.annotations.infra.name: tailscale-pod-infra +spec: + containers: + - name: headscale + image: docker.io/headscale/headscale:0.26 + command: + - headscale + - serve + ports: + - containerport: 8080 + hostport: + protocol: TCP + volumemounts: + - name: headscale-config + mountpath: /etc/headscale + - name: headscale-lib + mountpath: /var/lib/headscale + - name: localtime + mountpath: /etc/localtime + readonly: true + + volumes: + - name: headscale-config + hostpath: + path: $HOME/.config/pods/tailscale/headscale-config + type: Directory + - name: headscale-lib + persistentvolumeclaim: + claimname: tailscale-pod-headscale-lib + - name: localtime + hostpath: + path: /etc/localtime + type: File From f129f83f6d85e3b7114a5555dc48fbac488e0689 Mon Sep 17 00:00:00 2001 From: Luc Bijl Date: Sun, 17 Aug 2025 15:02:24 +0200 Subject: [PATCH 7/7] dotconfig/sv: add --- dotconfig/sv/ampel/conf | 5 +++++ dotconfig/sv/ampel/finish | 6 ++++++ dotconfig/sv/ampel/run | 7 +++++++ dotconfig/sv/bitwarden/conf | 5 +++++ dotconfig/sv/bitwarden/finish | 6 ++++++ dotconfig/sv/bitwarden/run | 7 +++++++ dotconfig/sv/caddy/run | 11 +++++++++++ dotconfig/sv/dump/run | 4 ++++ dotconfig/sv/luc/conf | 5 +++++ dotconfig/sv/luc/finish | 6 ++++++ dotconfig/sv/luc/run | 7 +++++++ dotconfig/sv/matrix/conf | 5 +++++ dotconfig/sv/matrix/finish | 6 ++++++ dotconfig/sv/matrix/run | 7 +++++++ dotconfig/sv/media/conf | 5 +++++ dotconfig/sv/media/finish | 6 ++++++ dotconfig/sv/media/run | 7 +++++++ dotconfig/sv/share/conf | 5 +++++ dotconfig/sv/share/finish | 6 ++++++ dotconfig/sv/share/run | 7 +++++++ dotconfig/sv/smarthome/conf | 5 +++++ dotconfig/sv/smarthome/finish | 6 ++++++ dotconfig/sv/smarthome/run | 7 +++++++ dotconfig/sv/tailscale/conf | 5 +++++ dotconfig/sv/tailscale/finish | 6 ++++++ dotconfig/sv/tailscale/run | 7 +++++++ 26 files changed, 159 insertions(+) create mode 100755 dotconfig/sv/ampel/conf create mode 100755 dotconfig/sv/ampel/finish create mode 100755 dotconfig/sv/ampel/run create mode 100755 dotconfig/sv/bitwarden/conf create mode 100755 dotconfig/sv/bitwarden/finish create mode 100755 dotconfig/sv/bitwarden/run create mode 100755 dotconfig/sv/caddy/run create mode 100755 dotconfig/sv/dump/run create mode 100755 dotconfig/sv/luc/conf create mode 100755 dotconfig/sv/luc/finish create mode 100755 dotconfig/sv/luc/run create mode 100755 dotconfig/sv/matrix/conf create mode 100755 dotconfig/sv/matrix/finish create mode 100755 dotconfig/sv/matrix/run create mode 100755 dotconfig/sv/media/conf create mode 100755 dotconfig/sv/media/finish create mode 100755 dotconfig/sv/media/run create mode 100755 dotconfig/sv/share/conf create mode 100755 dotconfig/sv/share/finish create mode 100755 dotconfig/sv/share/run create mode 100755 dotconfig/sv/smarthome/conf create mode 100755 dotconfig/sv/smarthome/finish create mode 100755 dotconfig/sv/smarthome/run create mode 100755 dotconfig/sv/tailscale/conf create mode 100755 dotconfig/sv/tailscale/finish create mode 100755 dotconfig/sv/tailscale/run diff --git a/dotconfig/sv/ampel/conf b/dotconfig/sv/ampel/conf new file mode 100755 index 0000000..c1e86eb --- /dev/null +++ b/dotconfig/sv/ampel/conf @@ -0,0 +1,5 @@ +name="ampel" +pod_location="${HOME}/.config/pods/ampel" +bin_location="${HOME}/.local/bin" +command="/usr/bin/podman" +command_args="--network=pasta --replace" diff --git a/dotconfig/sv/ampel/finish b/dotconfig/sv/ampel/finish new file mode 100755 index 0000000..a0a58d5 --- /dev/null +++ b/dotconfig/sv/ampel/finish @@ -0,0 +1,6 @@ +#!/bin/sh + +. ./conf + +exec 2>&1 +exec $command kube down ${pod_location}/${name}-pod.yml \ No newline at end of file diff --git a/dotconfig/sv/ampel/run b/dotconfig/sv/ampel/run new file mode 100755 index 0000000..c5ec5d3 --- /dev/null +++ b/dotconfig/sv/ampel/run @@ -0,0 +1,7 @@ +#!/bin/sh + +. ./conf + +exec 2>&1 +$command kube play $command_args ${pod_location}/${name}-pod.yml +exec ${bin_location}/checkpod \ No newline at end of file diff --git a/dotconfig/sv/bitwarden/conf b/dotconfig/sv/bitwarden/conf new file mode 100755 index 0000000..ece9073 --- /dev/null +++ b/dotconfig/sv/bitwarden/conf @@ -0,0 +1,5 @@ +name="bitwarden" +pod_location="${HOME}/.config/pods/bitwarden" +bin_location="${HOME}/.local/bin" +command="/usr/bin/podman" +command_args="--network=pasta --replace" diff --git a/dotconfig/sv/bitwarden/finish b/dotconfig/sv/bitwarden/finish new file mode 100755 index 0000000..a0a58d5 --- /dev/null +++ b/dotconfig/sv/bitwarden/finish @@ -0,0 +1,6 @@ +#!/bin/sh + +. ./conf + +exec 2>&1 +exec $command kube down ${pod_location}/${name}-pod.yml \ No newline at end of file diff --git a/dotconfig/sv/bitwarden/run b/dotconfig/sv/bitwarden/run new file mode 100755 index 0000000..c5ec5d3 --- /dev/null +++ b/dotconfig/sv/bitwarden/run @@ -0,0 +1,7 @@ +#!/bin/sh + +. ./conf + +exec 2>&1 +$command kube play $command_args ${pod_location}/${name}-pod.yml +exec ${bin_location}/checkpod \ No newline at end of file diff --git a/dotconfig/sv/caddy/run b/dotconfig/sv/caddy/run new file mode 100755 index 0000000..4102ebe --- /dev/null +++ b/dotconfig/sv/caddy/run @@ -0,0 +1,11 @@ +#!/bin/sh + +command="/usr/sbin/caddy" +command_args="run --config ${HOME}/.config/caddy/caddy.json" + +exec ps | grep '[${command}] ${command_args}' > /dev/null + +if [ $? != 0 ]; then + exec 2>&1 + exec $command $command_args +fi diff --git a/dotconfig/sv/dump/run b/dotconfig/sv/dump/run new file mode 100755 index 0000000..b93cf31 --- /dev/null +++ b/dotconfig/sv/dump/run @@ -0,0 +1,4 @@ +#!/bin/sh + +exec 2>&1 +exec snooze -H0-3,5-23 -M0 ${HOME}/.local/bin/dump diff --git a/dotconfig/sv/luc/conf b/dotconfig/sv/luc/conf new file mode 100755 index 0000000..98321fa --- /dev/null +++ b/dotconfig/sv/luc/conf @@ -0,0 +1,5 @@ +name="luc" +pod_location="${HOME}/.config/pods/luc" +bin_location="${HOME}/.local/bin" +command="/usr/bin/podman" +command_args="--network=pasta --replace" diff --git a/dotconfig/sv/luc/finish b/dotconfig/sv/luc/finish new file mode 100755 index 0000000..a0a58d5 --- /dev/null +++ b/dotconfig/sv/luc/finish @@ -0,0 +1,6 @@ +#!/bin/sh + +. ./conf + +exec 2>&1 +exec $command kube down ${pod_location}/${name}-pod.yml \ No newline at end of file diff --git a/dotconfig/sv/luc/run b/dotconfig/sv/luc/run new file mode 100755 index 0000000..c5ec5d3 --- /dev/null +++ b/dotconfig/sv/luc/run @@ -0,0 +1,7 @@ +#!/bin/sh + +. ./conf + +exec 2>&1 +$command kube play $command_args ${pod_location}/${name}-pod.yml +exec ${bin_location}/checkpod \ No newline at end of file diff --git a/dotconfig/sv/matrix/conf b/dotconfig/sv/matrix/conf new file mode 100755 index 0000000..30938fd --- /dev/null +++ b/dotconfig/sv/matrix/conf @@ -0,0 +1,5 @@ +name="matrix" +pod_location="${HOME}/.config/pods/matrix" +bin_location="${HOME}/.local/bin" +command="/usr/bin/podman" +command_args="--network=pasta --replace" diff --git a/dotconfig/sv/matrix/finish b/dotconfig/sv/matrix/finish new file mode 100755 index 0000000..a0a58d5 --- /dev/null +++ b/dotconfig/sv/matrix/finish @@ -0,0 +1,6 @@ +#!/bin/sh + +. ./conf + +exec 2>&1 +exec $command kube down ${pod_location}/${name}-pod.yml \ No newline at end of file diff --git a/dotconfig/sv/matrix/run b/dotconfig/sv/matrix/run new file mode 100755 index 0000000..c5ec5d3 --- /dev/null +++ b/dotconfig/sv/matrix/run @@ -0,0 +1,7 @@ +#!/bin/sh + +. ./conf + +exec 2>&1 +$command kube play $command_args ${pod_location}/${name}-pod.yml +exec ${bin_location}/checkpod \ No newline at end of file diff --git a/dotconfig/sv/media/conf b/dotconfig/sv/media/conf new file mode 100755 index 0000000..405397c --- /dev/null +++ b/dotconfig/sv/media/conf @@ -0,0 +1,5 @@ +name="media" +pod_location="${HOME}/.config/pods/media" +bin_location="${HOME}/.local/bin" +command="/usr/bin/podman" +command_args="--network=pasta --replace" diff --git a/dotconfig/sv/media/finish b/dotconfig/sv/media/finish new file mode 100755 index 0000000..a0a58d5 --- /dev/null +++ b/dotconfig/sv/media/finish @@ -0,0 +1,6 @@ +#!/bin/sh + +. ./conf + +exec 2>&1 +exec $command kube down ${pod_location}/${name}-pod.yml \ No newline at end of file diff --git a/dotconfig/sv/media/run b/dotconfig/sv/media/run new file mode 100755 index 0000000..c5ec5d3 --- /dev/null +++ b/dotconfig/sv/media/run @@ -0,0 +1,7 @@ +#!/bin/sh + +. ./conf + +exec 2>&1 +$command kube play $command_args ${pod_location}/${name}-pod.yml +exec ${bin_location}/checkpod \ No newline at end of file diff --git a/dotconfig/sv/share/conf b/dotconfig/sv/share/conf new file mode 100755 index 0000000..b5fbeac --- /dev/null +++ b/dotconfig/sv/share/conf @@ -0,0 +1,5 @@ +name="share" +pod_location="${HOME}/.config/pods/share" +bin_location="${HOME}/.local/bin" +command="/usr/bin/podman" +command_args="--network=pasta --replace" diff --git a/dotconfig/sv/share/finish b/dotconfig/sv/share/finish new file mode 100755 index 0000000..a0a58d5 --- /dev/null +++ b/dotconfig/sv/share/finish @@ -0,0 +1,6 @@ +#!/bin/sh + +. ./conf + +exec 2>&1 +exec $command kube down ${pod_location}/${name}-pod.yml \ No newline at end of file diff --git a/dotconfig/sv/share/run b/dotconfig/sv/share/run new file mode 100755 index 0000000..c5ec5d3 --- /dev/null +++ b/dotconfig/sv/share/run @@ -0,0 +1,7 @@ +#!/bin/sh + +. ./conf + +exec 2>&1 +$command kube play $command_args ${pod_location}/${name}-pod.yml +exec ${bin_location}/checkpod \ No newline at end of file diff --git a/dotconfig/sv/smarthome/conf b/dotconfig/sv/smarthome/conf new file mode 100755 index 0000000..9530aae --- /dev/null +++ b/dotconfig/sv/smarthome/conf @@ -0,0 +1,5 @@ +name="smarthome" +pod_location="${HOME}/.config/pods/smarthome" +bin_location="${HOME}/.local/bin" +command="/usr/bin/podman" +command_args="--network=pasta --replace" diff --git a/dotconfig/sv/smarthome/finish b/dotconfig/sv/smarthome/finish new file mode 100755 index 0000000..a0a58d5 --- /dev/null +++ b/dotconfig/sv/smarthome/finish @@ -0,0 +1,6 @@ +#!/bin/sh + +. ./conf + +exec 2>&1 +exec $command kube down ${pod_location}/${name}-pod.yml \ No newline at end of file diff --git a/dotconfig/sv/smarthome/run b/dotconfig/sv/smarthome/run new file mode 100755 index 0000000..c5ec5d3 --- /dev/null +++ b/dotconfig/sv/smarthome/run @@ -0,0 +1,7 @@ +#!/bin/sh + +. ./conf + +exec 2>&1 +$command kube play $command_args ${pod_location}/${name}-pod.yml +exec ${bin_location}/checkpod \ No newline at end of file diff --git a/dotconfig/sv/tailscale/conf b/dotconfig/sv/tailscale/conf new file mode 100755 index 0000000..bec42d7 --- /dev/null +++ b/dotconfig/sv/tailscale/conf @@ -0,0 +1,5 @@ +name="tailscale" +pod_location="${HOME}/.config/pods/tailscale" +bin_location="${HOME}/.local/bin" +command="/usr/bin/podman" +command_args="--network=pasta --replace" diff --git a/dotconfig/sv/tailscale/finish b/dotconfig/sv/tailscale/finish new file mode 100755 index 0000000..a0a58d5 --- /dev/null +++ b/dotconfig/sv/tailscale/finish @@ -0,0 +1,6 @@ +#!/bin/sh + +. ./conf + +exec 2>&1 +exec $command kube down ${pod_location}/${name}-pod.yml \ No newline at end of file diff --git a/dotconfig/sv/tailscale/run b/dotconfig/sv/tailscale/run new file mode 100755 index 0000000..c5ec5d3 --- /dev/null +++ b/dotconfig/sv/tailscale/run @@ -0,0 +1,7 @@ +#!/bin/sh + +. ./conf + +exec 2>&1 +$command kube play $command_args ${pod_location}/${name}-pod.yml +exec ${bin_location}/checkpod \ No newline at end of file