luc/alpine-server
1
0
Fork 0
Code Issues Pull requests Activity

Compare commits

base: luc:8afa9dff44acd5b9480f3f1471ad4713877bce24
Branches Tags
luc:main
...
compare: luc:f129f83f6d85e3b7114a5555dc48fbac488e0689
Branches Tags
luc:main

7 commits
8afa9dff44 ... f129f83f6d

Author SHA1 Message Date
Luc Bijl
f129f83f6d dotconfig/sv: add 2025-08-17 15:02:24 +02:00
Luc Bijl
2e05501c92 dotconfig/pods: add 2025-08-17 15:02:06 +02:00
Luc Bijl
679647542d dotconfig/caddy: add 2025-08-17 15:01:32 +02:00
Luc Bijl
a93593061c bin: update 2025-08-17 15:01:12 +02:00
Luc Bijl
0cc125394f change folder layout 2025-08-17 15:00:35 +02:00
Luc Bijl
b8669e3b00 containerfiles: remove 2025-08-17 14:04:53 +02:00
Luc Bijl
a6901b271b README.md: update 2025-08-17 13:53:25 +02:00
64 changed files with 952 additions and 714 deletions
Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -1,3 +1,3 @@
# Alpine-server
# alpine-server
Guides and configuration files of my Alpine server install.
Configuration files of my server Alpine Linux operating system.

10
bin/backup Executable file
View file

@ -0,0 +1,10 @@
#!/bin/sh
host=""
user=""
serverdir=""
clientdirs="$HOME/.local/etc $HOME/.local/bin $HOME/.config $HOME/.volumes $HOME/.dump"
command="/usr/bin/restic"
exec $command -r sftp:${user}@${host}:/${serverdir} -v backup $clientdirs

0
bin/checkpod Normal file → Executable file
View file

4
bin/dump Normal file → Executable file
View file

@ -2,7 +2,6 @@
command="/usr/bin/podman"
# Dumps databases
postgres_databases=""
@ -12,12 +11,11 @@ do
$command exec -it ${database}-pod-postgres sh -c "pg_dumpall -U postgres | gzip > /dump/${database}.sql.gz"
done
# Exports volumes
volumes=""
for volume in $volumes
do
$command volume export $volume --output <home>/.volumes/${volume}.tar
$command volume export $volume --output /home/neutrino/.volumes/${volume}.tar
done

23
bin/load
View file

@ -1,23 +0,0 @@
#!/bin/sh
command="/usr/bin/podman"
# Loads dumped databases
postgres_databases="gitea"
for database in $postgres_databases
do
exec $command exec -it ${database}-pod-postgres sh -c "gunzip -c /dump/${database}.sql.gz | psql -U postgres"
done
# Imports volumes
volumes="gitea-pod-gitea-data"
for volume in $volumes
do
exec $command volume import $volume <home>/.volumes/${volume}.tar
done

12
bin/load-databases Executable file
View file

@ -0,0 +1,12 @@
#!/bin/sh
command="/usr/bin/podman"
# Loads dumped databases
postgres_databases=""
for database in $postgres_databases
do
$command exec -it ${database}-pod-postgres sh -c "gunzip -c /dump/${database}.sql.gz | psql -U postgres"
done

12
bin/load-volumes Executable file
View file

@ -0,0 +1,12 @@
#!/bin/sh
command="/usr/bin/podman"
# Imports volumes
volumes=""
for volume in $volumes
do
$command volume import $volume /home/neutrino/.volumes/${volume}.tar
done

49
caddy/caddyfile
View file

@ -1,49 +0,0 @@
{
email <email>
}
vault.bijl.us {
reverse_proxy :1080
}
git.bijl.us {
reverse_proxy :2080
}
docs.bijl.us {
reverse_proxy :2180
}
wiki.bijl.us {
reverse_proxy :2280
}
matrix.bijl.us {
handle /_matrix/* {
reverse_proxy :3080
}
handle /.well-known/matrix/server {
respond {"m.server":"matrix.bijl.us:443"}
}
handle /.well-known/matrix/client {
respond {"m.homeserver":{"base_url":"https://matrix.bijl.us"}}
}
}
element.bijl.us {
reverse_proxy :3180
}
notes.bijl.us {
reverse_proxy :4080
}
share.bijl.us {
reverse_proxy :5080
}
smarthome.bijl.us {
reverse_proxy :6080
}

15
containerfiles/git-mkdocs-wiki/default.conf.env
View file

@ -1,15 +0,0 @@
server {
listen $PORT;
listen [::]:${PORT};
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50.html {
root /usr/share/nginx/html;
}
}

10
containerfiles/git-mkdocs-wiki/git-mkdocs-wiki
View file

@ -1,10 +0,0 @@
#!/bin/sh
exec 2>&1
find /mkdocs/repo || git clone $GIT_REPO_URL /mkdocs/repo
cd /mkdocs/repo && git pull
for lang in $WIKI_LANG
do
mkdocs build -f /mkdocs/repo/config/${lang}/mkdocs.yml -d /usr/share/nginx/html/${lang}
done

25
containerfiles/git-mkdocs-wiki/git-mkdocs-wiki.containerfile
View file

@ -1,25 +0,0 @@
FROM nginx:alpine
ENV PORT="80"
COPY default.conf.env /etc/nginx/conf.d/default.conf.env
RUN apk add envsubst \
&& touch /docker-entrypoint.d/port.sh \
&& echo "exec envsubst < /etc/nginx/conf.d/default.conf.env > /etc/nginx/conf.d/default.conf && nginx -s reload" > /docker-entrypoint.d/port.sh \
&& chmod 776 /docker-entrypoint.d/port.sh
RUN apk add git \
&& apk add mkdocs \
&& apk add mkdocs-material \
&& apk add py3-regex
RUN mkdir /mkdocs
WORKDIR /mkdocs
COPY root /etc/crontabs/root
COPY git-mkdocs-wiki /bin/git-mkdocs-wiki
RUN chmod 744 /bin/git-mkdocs-wiki
RUN touch /docker-entrypoint.d/cron.sh \
&& echo "exec crond" > /docker-entrypoint.d/cron.sh \
&& chmod 776 /docker-entrypoint.d/cron.sh

3
containerfiles/git-mkdocs-wiki/root
View file

@ -1,3 +0,0 @@
# do daily/weekly/monthly maintanance
# min hour day month weekday command
* * * * * git-mkdocs-wiki

15
containerfiles/git-mkdocs/default.conf.env
View file

@ -1,15 +0,0 @@
server {
listen $PORT;
listen [::]:${PORT};
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50.html {
root /usr/share/nginx/html;
}
}

6
containerfiles/git-mkdocs/git-mkdocs
View file

@ -1,6 +0,0 @@
#!/bin/sh
exec 2>&1
find /mkdocs/repo || git clone $GIT_REPO_URL /mkdocs/repo
cd /mkdocs/repo && git pull
exec mkdocs build -f /mkdocs/repo/mkdocs.yml -d /usr/share/nginx/html

25
containerfiles/git-mkdocs/git-mkdocs.containerfile
View file

@ -1,25 +0,0 @@
FROM nginx:alpine
ENV PORT="80"
COPY default.conf.env /etc/nginx/conf.d/default.conf.env
RUN apk add envsubst \
&& touch /docker-entrypoint.d/port.sh \
&& echo "exec envsubst < /etc/nginx/conf.d/default.conf.env > /etc/nginx/conf.d/default.conf && nginx -s reload" > /docker-entrypoint.d/port.sh \
&& chmod 776 /docker-entrypoint.d/port.sh
RUN apk add git \
&& apk add mkdocs \
&& apk add mkdocs-material \
&& apk add py3-regex
RUN mkdir /mkdocs
WORKDIR /mkdocs
COPY root /etc/crontabs/root
COPY git-mkdocs /bin/git-mkdocs
RUN chmod 744 /bin/git-mkdocs
RUN touch /docker-entrypoint.d/cron.sh \
&& echo "exec crond" > /docker-entrypoint.d/cron.sh \
&& chmod 776 /docker-entrypoint.d/cron.sh

3
containerfiles/git-mkdocs/root
View file

@ -1,3 +0,0 @@
# do daily/weekly/monthly maintanance
# min hour day month weekday command
* * * * * git-mkdocs

73
dotconfig/caddy/caddyfile Normal file
View file

@ -0,0 +1,73 @@
hs.bijl.us {
reverse_proxy :
}
vault.bijl.us {
reverse_proxy :
}
matrix.bijl.us {
handle /_matrix/* {
reverse_proxy :
}
handle /.well-known/matrix/server {
respond {"m.server":"matrix.bijl.us:443"}
}
handle /.well-known/matrix/client {
respond {"m.homeserver":{"base_url":"https://matrix.bijl.us"}}
}
}
smarthome.bijl.us {
reverse_proxy :
}
share.bijl.us {
reverse_proxy :
}
media.bijl.us {
reverse_proxy :
}
ampel.dev {
reverse_proxy :
}
git.ampel.dev {
reverse_proxy :
}
docs.ampel.dev {
reverse_proxy :
}
blog.ampel.dev {
reverse_proxy :
}
notes.ampel.dev {
reverse_proxy :
}
lucbijl.nl {
reverse_proxy :
}
git.lucbijl.nl {
reverse_proxy :
}
wiki.lucbijl.nl {
reverse_proxy :
}
blog.lucbijl.nl {
reverse_proxy :
}
notes.lucbijl.nl {
reverse_proxy :
}

174
dotconfig/pods/ampel/ampel-pod.yml Normal file
View file

@ -0,0 +1,174 @@
apiversion: v1
kind: Pod
metadata:
name: ampel-pod
annotations:
io.podman.annotations.infra.name: ampel-pod-infra
spec:
containers:
# - name: root
# image:
# env:
# - name: PORT
# value: 3000
# ports:
# - containerport: 3000
# hostport:
# protocol: TCP
# volumemounts:
# - name: localtime
# mountpath: /etc/localtime
# readonly: true
- name: git
image: codeberg.org/forgejo/forgejo:9
env:
- name: USER_UID
value: "1000"
- name: USER_GID
value: "1000"
- name: FORGEJO__database__DB_TYPE
value: "postgres"
- name: FORGEJO__database__HOST
value: "ampel-pod-postgres"
- name: FORGEJO__database__USER
value: "postgres"
- name: FORGEJO__database__PASSWD
valuefrom:
secretkeyref:
name: ampel-secrets
key: postgres-password
- name: FORGEJO__database__NAME
value: "forgejo"
ports:
- containerport: 3100
hostport:
protocol: TCP
volumemounts:
- name: git-data
mountpath: /data
- name: localtime
mountpath: /etc/localtime
readonly: true
- name: tailscale
image: ghcr.io/tailscale/tailscale:latest
env:
- name: TS_HOSTNAME
value: "ampel-pod"
- name: TS_AUTHKEY
value: ""
- name: TS_STATE_DIR
value: "/var/lib/tailscale"
- name: TS_EXTRA_ARGS
value: "--login-server="
volumemounts:
- name: tailscale-lib
mountpath: /var/lib/tailscale
- name: localtime
mountpath: /etc/localtime
readonly: true
- name: docs
image: git.ampel.dev/ampel/mkdocs-git:latest
env:
- name: GIT_REPO_URL
value: ""
- name: PORT
value: 3200
ports:
- containerport: 3200
hostport:
protocol: TCP
volumemounts:
- name: localtime
mountpath: /etc/localtime
readonly: true
- name: blog
image: git.ampel.dev/ampel/mkdocs-git:latest
env:
- name: GIT_REPO_URL
value: ""
- name: PORT
value: 3300
ports:
- containerport: 3300
hostport:
protocol: TCP
volumemounts:
- name: localtime
mountpath: /etc/localtime
readonly: true
- name: notes
image: quay.io/hedgedoc/hedgedoc:alpine
env:
- name: CMD_DB_URL
valuefrom:
secretkeyref:
name: ampel-secrets
key: postgres-url
- name: CMD_PORT
value: 3400
- name: CMD_ALLOW_EMAIL_REGISTER
value: true
- name: CMD_DOMAIN
value: ""
- name: CMD_PROTOCOL_USESSL
value: true
- name: NODE_ENV
value: production
- name: CMD_IMAGE_UPLOAD_TYPE
value: filesystem
- name: UPLOADS_MODE
value: 0700
ports:
- containerport: 3400
hostport:
protocol: TCP
volumemounts:
- name: notes-uploads
mountpath: /hedgedoc/public/uploads
- name: localtime
mountpath: /etc/localtime
readonly: true
- name: postgres
image: docker.io/library/postgres:16-alpine
env:
- name: POSTGRES_PASSWORD
valuefrom:
secretkeyref:
name: ampel-secrets
key: postgres-password
volumemounts:
- name: postgres-dump
mountpath: /dump
- name: postgres-data
mountpath: /var/lib/postgresql/data
- name: localtime
mountpath: /etc/localtime
readonly: true
volumes:
- name: git-data
persistentvolumeclaim:
claimname: ampel-pod-git-data
- name: tailscale-lib
persistentvolumeclaim:
claimname: ampel-pod-tailscale-lib
- name: notes-uploads
persistentvolumeclaim:
claimname: ampel-pod-notes-uploads
- name: postgres-dump
hostpath:
path: $HOME/.dump/ampel
type: Directory
- name: postgres-data
persistentvolumeclaim:
claimname: ampel-pod-postgres-data
- name: localtime
hostpath:
path: /etc/localtime
type: File

8
dotconfig/pods/ampel/ampel-secrets.yml Normal file
View file

@ -0,0 +1,8 @@
apiversion: v1
data:
postgres-password:
postgres-url:
kind: Secret
metadata:
creationtimestamp: null
name: ampel-secrets

44
pods/bitwarden/bitwarden-pod.yml → dotconfig/pods/bitwarden/bitwarden-pod.yml
View file

@ -7,23 +7,23 @@ metadata:
spec:
containers:
- name: vaultwarden
image: docker.io/vaultwarden/server:alpine
image: docker.io/vaultwarden/server:latest-alpine
env:
- name: SIGNUPS_ALLOWED
value: false
- name: DATABASE_URL
value: "postgresql://postgres:<secret>@bitwarden-pod-postgres/vaultwarden"
value: ""
- name: ROCKET_PORT
value: 3000
ports:
- containerport: 3000
hostport: 1080
hostport:
protocol: TCP
volumemounts:
- mountpath: /data
name: vaultwarden-data
- mountpath: /etc/localtime
name: localtime
- name: vaultwarden-data
mountpath: /data
- name: localtime
mountpath: /etc/localtime
readonly: true
- name: postgres
@ -35,26 +35,26 @@ spec:
name: bitwarden-secrets
key: postgres-password
volumemounts:
- mountpath: /dump
name: postgres-dump
- mountpath: /var/lib/postgresql/data
name: postgres-data
- mountpath: /etc/localtime
name: localtime
- name: postgres-dump
mountpath: /dump
- name: postgres-data
mountpath: /var/lib/postgresql/data
- name: localtime
mountpath: /etc/localtime
readonly: true
volumes:
- persistentvolumeclaim:
- name: vaultwarden-data
persistentvolumeclaim:
claimname: bitwarden-pod-vaultwarden-data
name: vaultwarden-data
- hostpath:
path: <home>/.dump/bitwarden
- name: postgres-dump
hostpath:
path: $HOME/.dump/bitwarden
type: Directory
name: postgres-dump
- persistentvolumeclaim:
- name: postgres-data
persistentvolumeclaim:
claimname: bitwarden-pod-postgres-data
name: postgres-data
- hostPath:
- name: localtime
hostPath:
path: /etc/localtime
type: File
name: localtime

8
dotconfig/pods/bitwarden/bitwarden-secrets.yml Normal file
View file

@ -0,0 +1,8 @@
apiversion: v1
data:
postgres-password:
postgres-url:
kind: Secret
metadata:
creationtimestamp: null
name: bitwarden-secrets

134
dotconfig/pods/luc/luc-pod.yml Normal file
View file

@ -0,0 +1,134 @@
apiversion: v1
kind: Pod
metadata:
name: luc-pod
annotations:
io.podman.annotations.infra.name: luc-pod-infra
spec:
containers:
# - name: root
# image:
# env:
# - name: PORT
# value: 3000
# ports:
# - containerport: 3000
# hostport:
# protocol: TCP
# volumemounts:
# - name: localtime
# mountpath: /etc/localtime
# readonly: true
- name: git
image: codeberg.org/forgejo/forgejo:9
env:
- name: USER_UID
value: "1000"
- name: USER_GID
value: "1000"
- name: FORGEJO__database__DB_TYPE
value: "postgres"
- name: FORGEJO__database__HOST
value: "luc-pod-postgres"
- name: FORGEJO__database__USER
value: "postgres"
- name: FORGEJO__database__PASSWD
valuefrom:
secretkeyref:
name: luc-secrets
key: postgres-password
- name: FORGEJO__database__NAME
value: "forgejo"
ports:
- containerport: 3100
hostport:
protocol: TCP
volumemounts:
- name: git-data
mountpath: /data
- name: localtime
mountpath: /etc/localtime
readonly: true
- name: tailscale
image: ghcr.io/tailscale/tailscale:latest
env:
- name: TS_HOSTNAME
value: "luc-pod"
- name: TS_AUTHKEY
value: ""
- name: TS_STATE_DIR
value: "/var/lib/tailscale"
- name: TS_EXTRA_ARGS
value: "--login-server="
volumemounts:
- name: tailscale-lib
mountpath: /var/lib/tailscale
- name: localtime
mountpath: /etc/localtime
readonly: true
# - name: wiki
# image: git.ampel.dev/git-mkdocs:latest
# env:
# - name: GIT_REPO_URL
# value: ""
# - name: PORT
# value: 3200
# ports:
# - containerport: 3200
# hostport:
# protocol: TCP
# volumemounts:
# - name: localtime
# mountpath: /etc/localtime
# readonly: true
# - name: blog
# ports:
# - containerport: 3300
# hostport:
# protocol: TCP
# - name: notes
# ports:
# - containerport: 3400
# hostport:
# protocol: TCP
- name: postgres
image: docker.io/library/postgres:16-alpine
env:
- name: POSTGRES_PASSWORD
valuefrom:
secretkeyref:
name: luc-secrets
key: postgres-password
volumemounts:
- name: postgres-dump
mountpath: /dump
- name: postgres-data
mountpath: /var/lib/postgresql/data
- name: localtime
mountpath: /etc/localtime
readonly: true
volumes:
- name: git-data
persistentvolumeclaim:
claimname: luc-pod-git-data
- name: tailscale-lib
persistentvolumeclaim:
claimname: luc-pod-tailscale-lib
- name: postgres-dump
hostpath:
path: $HOME/.dump/luc
type: Directory
- name: postgres-data
persistentvolumeclaim:
claimname: luc-pod-postgres-data
- name: localtime
hostpath:
path: /etc/localtime
type: File

4
pods/git/git-secrets.yml → dotconfig/pods/luc/luc-secrets.yml
View file

@ -1,7 +1,7 @@
apiversion: v1
data:
postgres-password: <base64-secret>
postgres-password:
kind: Secret
metadata:
creationtimestamp: null
name: git-secrets
name: luc-secrets

112
dotconfig/pods/matrix/matrix-pod.yml Normal file
View file

@ -0,0 +1,112 @@
apiversion: v1
kind: Pod
metadata:
name: matrix-pod
annotations:
io.podman.annotations.infra.name: matrix-pod-infra
spec:
containers:
- name: dendrite
image: ghcr.io/element-hq/dendrite-monolith:latest
ports:
- containerport: 8008
hostport:
protocol: TCP
- containerport: 8448
hostport: 8448
protocol: TCP
volumemounts:
- name: dendrite-config
mountpath: /etc/dendrite
- name: dendrite-media
mountpath: /var/dendrite/media
- name: dendrite-jetstream
mountpath: /var/dendrite/jetstream
- name: dendrite-searchindex
mountpath: /var/dendrite/searchindex
- name: localtime
mountpath: /etc/localtime
readonly: true
- name: mautrix-whatsapp
image: dock.mau.dev/mautrix/whatsapp:latest
command:
- /usr/bin/mautrix-whatsapp
- -c
- /data/config.yaml
- -r
- /data/registration.yaml
- --ignore-unsupported-server
volumemounts:
- name: mautrix-whatsapp-config
mountpath: /data
- name: localtime
mountpath: /etc/localtime
readonly: true
- name: mautrix-signal
image: dock.mau.dev/mautrix/signal:latest
command:
- /usr/bin/mautrix-signal
- -c
- /data/config.yaml
- -r
- /data/registration.yaml
- --ignore-unsupported-server
volumemounts:
- name: mautrix-signal-config
mountpath: /data
- name: localtime
mountpath: /etc/localtime
readonly: true
- name: postgres
image: docker.io/library/postgres:16-alpine
env:
- name: POSTGRES_PASSWORD
valuefrom:
secretkeyref:
name: matrix-secrets
key: postgres-password
volumemounts:
- name: postgres-dump
mountpath: /dump
- name: postgres-data
mountpath: /var/lib/postgresql/data
- name: localtime
mountpath: /etc/localtime
readonly: true
volumes:
- name: dendrite-config
hostpath:
path: $HOME/.config/pods/matrix/dendrite-config
type: Directory
- name: dendrite-media
persistentvolumeclaim:
claimname: matrix-pod-dendrite-media
- name: dendrite-jetstream
persistentvolumeclaim:
claimname: matrix-pod-dendrite-jetstream
- name: dendrite-searchindex
persistentvolumeclaim:
claimname: matrix-pod-dendrite-searchindex
- name: mautrix-whatsapp-config
hostpath:
path: $HOME/.config/pods/matrix/mautrix-whatsapp-config
type: Directory
- name: mautrix-signal-config
hostpath:
path: $HOME/.config/pods/matrix/mautrix-signal-config
type: Directory
- name: postgres-dump
hostpath:
path: $HOME/.dump/matrix
type: Directory
- name: postgres-data
persistentvolumeclaim:
claimname: matrix-pod-postgres-data
- name: localtime
hostpath:
path: /etc/localtime
type: File

4
pods/matrix/matrix-secrets.yml → dotconfig/pods/matrix/matrix-secrets.yml
View file

@ -1,7 +1,7 @@
apiversion: v1
data:
postgres-password: <base64-secret>
postgres-password:
kind: Secret
metadata:
creationtimestamp: null
name: matrix-secrets
name: matrix-secrets

47
dotconfig/pods/media/media-pod.yml Normal file
View file

@ -0,0 +1,47 @@
apiversion: v1
kind: Pod
metadata:
name: media-pod
annotations:
io.podman.annotations.infra.name: media-pod-infra
spec:
containers:
- name: jellyfin
image: docker.io/jellyfin/jellyfin:latest
securitycontext:
runasgroup: 1000
runasuser: 1000
env:
- name: JELLYFIN_PublishedServerUrl
value: ""
ports:
- containerport: 8096
hostport:
protocol: TCP
volumemounts:
- name: jellyfin-config
mountpath: /config
- name: jellyfin-cache
mountpath: /cache
- name: jellyfin-media
mountpath: /media
readonly: true
- name: localtime
mountpath: /etc/localtime
readonly: true
volumes:
- name: jellyfin-config
persistentvolumeclaim:
claimname: media-pod-jellyfin-config
- name: jellyfin-media
hostpath:
path: $HOME/.local/share/media
type: Directory
- name: jellyfin-cache
persistentvolumeclaim:
claimname: media-pod-jellyfin-cache
- name: localtime
hostpath:
path: /etc/localtime
type: File

20
pods/share/share-pod.yml → dotconfig/pods/share/share-pod.yml
View file

@ -10,25 +10,25 @@ spec:
image: docker.io/mtlynch/picoshare:latest
env:
- name: PS_SHARED_SECRET
value: "<secret>"
value: ""
- name: PORT
value: 3000
ports:
- containerport: 3000
hostport: 5080
hostport:
protocol: TCP
volumemounts:
- mountpath: /data
name: picoshare-data
- mountpath: /etc/localtime
name: localtime
- name: picoshare-data
mountpath: /data
- name: localtime
mountpath: /etc/localtime
readonly: true
volumes:
- persistentvolumeclaim:
- name: picoshare-data
persistentvolumeclaim:
claimname: share-pod-picoshare-data
name: picoshare-data
- hostPath:
- name: localtime
hostpath:
path: /etc/localtime
type: File
name: localtime

7
dotconfig/pods/share/share-secrets.yml Normal file
View file

@ -0,0 +1,7 @@
apiversion: v1
data:
picoshare-password:
kind: Secret
metadata:
creationtimestamp: null
name: share-secrets

112
dotconfig/pods/smarthome/smarthome-pod.yml Normal file
View file

@ -0,0 +1,112 @@
apiversion: v1
kind: Pod
metadata:
name: smarthome-pod
annotations:
io.podman.annotations.infra.name: smarthome-pod-infra
run.oci.keep_original_groups: 1
spec:
containers:
- name: home-assistant
image: ghcr.io/home-assistant/home-assistant:latest
ports:
- containerport: 3000
hostport:
protocol: TCP
volumemounts:
- name: home-assistant-config
mountpath: /config
- name: home-assistant-usb0
mountpath: /dev/ttyUSB0
- name: home-assistant-usb1
mountpath: /dev/ttyUSB1
- name: localtime
mountpath: /etc/localtime
readonly: true
- name: mosquitto
image: docker.io/eclipse-mosquitto:latest
ports:
- containerport: 1883
hostport: 1883
protocol: TCP
volumemounts:
- name: mosquitto-config
mountpath: /mosquitto/config
- name: mosquitto-data
mountpath: /mosquitto/data
- name: mosquitto-log
mountpath: /mosquitto/log
- name: localtime
mountpath: /etc/localtime
readonly: true
- name: esphome
image: docker.io/esphome/esphome:latest
env:
- name: USERNAME
value: ""
- name: PASSWORD
value: ""
ports:
- containerport: 6052
hostport: 6052
protocol: TCP
volumemounts:
- name: esphome-config
mountpath: /config
- name: localtime
mountpath: /etc/localtime
readonly: true
- name: postgres
image: docker.io/library/postgres:16-alpine
env:
- name: POSTGRES_PASSWORD
valuefrom:
secretkeyref:
name: smarthome-secrets
key: postgres-password
volumemounts:
- name: postgres-dump
mountpath: /dump
- name: postgres-data
mountpath: /var/lib/postgresql/data
- name: localtime
mountpath: /etc/localtime
readonly: true
volumes:
- name: home-assistant-config
hostpath:
path: $HOME/.config/pods/smarthome/home-assistant-config
type: Directory
- name: home-assistant-usb0
hostpath:
path: /dev/ttyUSB0
type: File
- name: home-assistant-usb1
hostpath:
path: /dev/ttyUSB1
type: File
- name: mosquitto-config
hostpath:
path: $HOME/.config/pods/smarthome/mosquitto-config
type: Directory
- name: mosquitto-data
persistentvolumeclaim:
claimname: smarthome-pod-mosquitto-data
- name: mosquitto-log
persistentvolumeclaim:
claimname: smarthome-pod-mosquitto-log
- name: postgres-dump
hostpath:
path: $HOME/.dump/smarthome
type: Directory
- name: postgres-data
persistentvolumeclaim:
claimname: smarthome-pod-postgres-data
- name: localtime
hostpath:
path: /etc/localtime
type: File

7
dotconfig/pods/smarthome/smarthome-secrets.yml Normal file
View file

@ -0,0 +1,7 @@
apiversion: v1
data:
postgres-password:
kind: Secret
metadata:
creationtimestamp: null
name: smarthome-secrets

38
dotconfig/pods/tailscale/tailscale-pod.yml Normal file
View file

@ -0,0 +1,38 @@
apiversion: v1
kind: Pod
metadata:
name: tailscale-pod
annotations:
io.podman.annotations.infra.name: tailscale-pod-infra
spec:
containers:
- name: headscale
image: docker.io/headscale/headscale:0.26
command:
- headscale
- serve
ports:
- containerport: 8080
hostport:
protocol: TCP
volumemounts:
- name: headscale-config
mountpath: /etc/headscale
- name: headscale-lib
mountpath: /var/lib/headscale
- name: localtime
mountpath: /etc/localtime
readonly: true
volumes:
- name: headscale-config
hostpath:
path: $HOME/.config/pods/tailscale/headscale-config
type: Directory
- name: headscale-lib
persistentvolumeclaim:
claimname: tailscale-pod-headscale-lib
- name: localtime
hostpath:
path: /etc/localtime
type: File

5
dotconfig/sv/ampel/conf Executable file
View file

@ -0,0 +1,5 @@
name="ampel"
pod_location="${HOME}/.config/pods/ampel"
bin_location="${HOME}/.local/bin"
command="/usr/bin/podman"
command_args="--network=pasta --replace"

6
dotconfig/sv/ampel/finish Executable file
View file

@ -0,0 +1,6 @@
#!/bin/sh
. ./conf
exec 2>&1
exec $command kube down ${pod_location}/${name}-pod.yml

7
dotconfig/sv/ampel/run Executable file
View file

@ -0,0 +1,7 @@
#!/bin/sh
. ./conf
exec 2>&1
$command kube play $command_args ${pod_location}/${name}-pod.yml
exec ${bin_location}/checkpod

5
dotconfig/sv/bitwarden/conf Executable file
View file

@ -0,0 +1,5 @@
name="bitwarden"
pod_location="${HOME}/.config/pods/bitwarden"
bin_location="${HOME}/.local/bin"
command="/usr/bin/podman"
command_args="--network=pasta --replace"

6
dotconfig/sv/bitwarden/finish Executable file
View file

@ -0,0 +1,6 @@
#!/bin/sh
. ./conf
exec 2>&1
exec $command kube down ${pod_location}/${name}-pod.yml

7
dotconfig/sv/bitwarden/run Executable file
View file

@ -0,0 +1,7 @@
#!/bin/sh
. ./conf
exec 2>&1
$command kube play $command_args ${pod_location}/${name}-pod.yml
exec ${bin_location}/checkpod

11
dotconfig/sv/caddy/run Executable file
View file

@ -0,0 +1,11 @@
#!/bin/sh
command="/usr/sbin/caddy"
command_args="run --config ${HOME}/.config/caddy/caddy.json"
exec ps | grep '[${command}] ${command_args}' > /dev/null
if [ $? != 0 ]; then
exec 2>&1
exec $command $command_args
fi

4
dotconfig/sv/dump/run Executable file
View file

@ -0,0 +1,4 @@
#!/bin/sh
exec 2>&1
exec snooze -H0-3,5-23 -M0 ${HOME}/.local/bin/dump

5
dotconfig/sv/luc/conf Executable file
View file

@ -0,0 +1,5 @@
name="luc"
pod_location="${HOME}/.config/pods/luc"
bin_location="${HOME}/.local/bin"
command="/usr/bin/podman"
command_args="--network=pasta --replace"

6
dotconfig/sv/luc/finish Executable file
View file

@ -0,0 +1,6 @@
#!/bin/sh
. ./conf
exec 2>&1
exec $command kube down ${pod_location}/${name}-pod.yml

7
dotconfig/sv/luc/run Executable file
View file

@ -0,0 +1,7 @@
#!/bin/sh
. ./conf
exec 2>&1
$command kube play $command_args ${pod_location}/${name}-pod.yml
exec ${bin_location}/checkpod

5
dotconfig/sv/matrix/conf Executable file
View file

@ -0,0 +1,5 @@
name="matrix"
pod_location="${HOME}/.config/pods/matrix"
bin_location="${HOME}/.local/bin"
command="/usr/bin/podman"
command_args="--network=pasta --replace"

6
dotconfig/sv/matrix/finish Executable file
View file

@ -0,0 +1,6 @@
#!/bin/sh
. ./conf
exec 2>&1
exec $command kube down ${pod_location}/${name}-pod.yml

7
dotconfig/sv/matrix/run Executable file
View file

@ -0,0 +1,7 @@
#!/bin/sh
. ./conf
exec 2>&1
$command kube play $command_args ${pod_location}/${name}-pod.yml
exec ${bin_location}/checkpod

5
dotconfig/sv/media/conf Executable file
View file

@ -0,0 +1,5 @@
name="media"
pod_location="${HOME}/.config/pods/media"
bin_location="${HOME}/.local/bin"
command="/usr/bin/podman"
command_args="--network=pasta --replace"

6
dotconfig/sv/media/finish Executable file
View file

@ -0,0 +1,6 @@
#!/bin/sh
. ./conf
exec 2>&1
exec $command kube down ${pod_location}/${name}-pod.yml

7
dotconfig/sv/media/run Executable file
View file

@ -0,0 +1,7 @@
#!/bin/sh
. ./conf
exec 2>&1
$command kube play $command_args ${pod_location}/${name}-pod.yml
exec ${bin_location}/checkpod

5
dotconfig/sv/share/conf Executable file
View file

@ -0,0 +1,5 @@
name="share"
pod_location="${HOME}/.config/pods/share"
bin_location="${HOME}/.local/bin"
command="/usr/bin/podman"
command_args="--network=pasta --replace"

6
dotconfig/sv/share/finish Executable file
View file

@ -0,0 +1,6 @@
#!/bin/sh
. ./conf
exec 2>&1
exec $command kube down ${pod_location}/${name}-pod.yml

7
dotconfig/sv/share/run Executable file
View file

@ -0,0 +1,7 @@
#!/bin/sh
. ./conf
exec 2>&1
$command kube play $command_args ${pod_location}/${name}-pod.yml
exec ${bin_location}/checkpod

5
dotconfig/sv/smarthome/conf Executable file
View file

@ -0,0 +1,5 @@
name="smarthome"
pod_location="${HOME}/.config/pods/smarthome"
bin_location="${HOME}/.local/bin"
command="/usr/bin/podman"
command_args="--network=pasta --replace"

6
dotconfig/sv/smarthome/finish Executable file
View file

@ -0,0 +1,6 @@
#!/bin/sh
. ./conf
exec 2>&1
exec $command kube down ${pod_location}/${name}-pod.yml

7
dotconfig/sv/smarthome/run Executable file
View file

@ -0,0 +1,7 @@
#!/bin/sh
. ./conf
exec 2>&1
$command kube play $command_args ${pod_location}/${name}-pod.yml
exec ${bin_location}/checkpod

5
dotconfig/sv/tailscale/conf Executable file
View file

@ -0,0 +1,5 @@
name="tailscale"
pod_location="${HOME}/.config/pods/tailscale"
bin_location="${HOME}/.local/bin"
command="/usr/bin/podman"
command_args="--network=pasta --replace"

6
dotconfig/sv/tailscale/finish Executable file
View file

@ -0,0 +1,6 @@
#!/bin/sh
. ./conf
exec 2>&1
exec $command kube down ${pod_location}/${name}-pod.yml

7
dotconfig/sv/tailscale/run Executable file
View file

@ -0,0 +1,7 @@
#!/bin/sh
. ./conf
exec 2>&1
$command kube play $command_args ${pod_location}/${name}-pod.yml
exec ${bin_location}/checkpod

8
pods/bitwarden/bitwarden-secrets.yml
View file

@ -1,8 +0,0 @@
apiversion: v1
data:
postgres-password: <base64-secret>
postgres-url: <base64-secret>
kind: Secret
metadata:
creationtimestamp: null
name: bitwarden-secrets

101
pods/git/git-pod.yml
View file

@ -1,101 +0,0 @@
apiversion: v1
kind: Pod
metadata:
name: git-pod
annotations:
io.podman.annotations.infra.name: git-pod-infra
spec:
containers:
- name: gitea
image: docker.io/gitea/gitea:latest
env:
- name: USER_UID
value: "1000"
- name: USER_GID
value: "1000"
- name: GITEA__database__HOST
value: "git-pod-postgres"
- name: GITEA__database__USER
value: "postgres"
- name: GITEA__database__PASSWD
valuefrom:
secretkeyref:
name: git-secrets
key: postgres-password
- name: GITEA__database__NAME
value: "gitea"
ports:
- containerport: 3000
hostport: 2080
protocol: TCP
volumemounts:
- mountpath: /data
name: gitea-data
- mountpath: /etc/localtime
name: localtime
readonly: true
- name: documentation
image: git-mkdocs:latest
env:
- name: GIT_REPO_URL
value: "https://git.bijl.us/lnco/documentation.git"
- name: PORT
value: 3100
- containerport: 3100
hostport: 2180
protocol: TCP
volumemounts:
- mountpath: /etc/localtime
name: localtime
readonly: true
- name: wiki
image: git-mkdocs-wiki:latest
env:
- name: GIT_REPO_URL
value: "https://git.bijl.us/luc/mathematics-physics-wiki.git"
- name: WIKI_LANG
value: "en nl"
- name: PORT
value: 3200
- containerport: 3200
hostport: 2280
protocol: TCP
volumemounts:
- mountpath: /etc/localtime
name: localtime
readonly: true
- name: postgres
image: docker.io/library/postgres:16-alpine
env:
- name: POSTGRES_PASSWORD
valuefrom:
secretkeyref:
name: git-secrets
key: postgres-password
volumemounts:
- mountpath: /dump
name: postgres-dump
- mountpath: /var/lib/postgresql/data
name: postgres-data
- mountpath: /etc/localtime
name: localtime
readonly: true
volumes:
- persistentvolumeclaim:
claimname: git-pod-gitea-data
name: gitea-data
- hostpath:
path: <home>/.dump/git
type: Directory
name: postgres-dump
- persistentvolumeclaim:
claimname: git-pod-postgres-data
name: postgres-data
- hostpath:
path: /etc/localtime
type: File
name: localtime

129
pods/matrix/matrix-pod.yml
View file

@ -1,129 +0,0 @@
apiversion: v1
kind: Pod
metadata:
name: matrix-pod
annotations:
io.podman.annotations.infra.name: matrix-pod-infra
spec:
containers:
- name: dendrite
image: matrixdotorg/dendrite-monolith:latest
ports:
- containerport: 8008
hostport: 3080
protocol: TCP
- containerport: 8448
hostport: 8448
protocol: TCP
volumemounts:
- mountpath: /etc/dendrite
name: dendrite-config
- mountpath: /var/dendrite/media
name: dendrite-media
- mountpath: /var/dendrite/jetstream
name: dendrite-jetstream
- mountpath: /var/dendrite/searchindex
name: dendrite-searchindex
- mountpath: /etc/localtime
name: localtime
readonly: true
- name: mautrix-whatsapp
image: dock.mau.dev/mautrix/whatsapp:latest
command:
- /usr/bin/mautrix-whatsapp
- -c
- /data/config.yaml
- -r
- /data/registration.yaml
- --ignore-unsupported-server
volumemounts:
- mountpath: /data
name: mautrix-whatsapp-config
- mountpath: /etc/localtime
name: localtime
readonly: true
- name: mautrix-signal
image: dock.mau.dev/mautrix/signal:latest
command:
- /usr/bin/mautrix-signal
- -c
- /data/config.yaml
- -r
- /data/registration.yaml
- --ignore-unsupported-server
volumemounts:
- mountpath: /data
name: mautrix-signal-config
- mountpath: /etc/localtime
name: localtime
readonly: true
- name: element
image: vectorim/element-web:latest
ports:
- containerport: 80
hostport: 3180
protocol: TCP
volumemounts:
- mountpath: /app/config.json
name: element-config
- mountpath: /etc/localtime
name: localtime
readonly: true
- name: postgres
image: docker.io/library/postgres:16-alpine
env:
- name: POSTGRES_PASSWORD
valuefrom:
secretkeyref:
name: matrix-secrets
key: postgres-password
volumemounts:
- mountpath: /dump
name: postgres-dump
- mountpath: /var/lib/postgresql/data
name: postgres-data
- mountpath: /etc/localtime
name: localtime
readonly: true
volumes:
- hostpath:
path: <home>/.config/pods/matrix/dendrite-config
type: Directory
name: dendrite-config
- persistentvolumeclaim:
claimname: matrix-pod-dendrite-media
name: dendrite-media
- persistentvolumeclaim:
claimname: matrix-pod-dendrite-jetstream
name: dendrite-jetstream
- persistentvolumeclaim:
claimname: matrix-pod-dendrite-searchindex
name: dendrite-searchindex
- hostpath:
path: <home>/.config/pods/matrix/mautrix-whatsapp-config
type: Directory
name: mautrix-whatsapp-config
- hostpath:
path: <home>/.config/pods/matrix/mautrix-signal-config
type: Directory
name: mautrix-signal-config
- hostpath:
path: <home>/.config/pods/matrix/element-config/config.json
type: File
name: element-config
- hostpath:
path: <home>/.dump/matrix
type: Directory
name: postgres-dump
- persistentvolumeclaim:
claimname: matrix-pod-postgres-data
name: postgres-data
- hostpath:
path: /etc/localtime
type: File
name: localtime

73
pods/notes/notes-pod.yml
View file

@ -1,73 +0,0 @@
apiversion: v1
kind: Pod
metadata:
name: notes-pod
annotations:
io.podman.annotations.infra.name: notes-pod-infra
spec:
containers:
- name: hedgedoc
image: quay.io/hedgedoc/hedgedoc:alpine
env:
- name: CMD_DB_URL
valuefrom:
secretkeyref:
name: notes-secrets
key: postgres-url
- name: CMD_ALLOW_EMAIL_REGISTER
value: true
- name: CMD_DOMAIN
value: "notes.bijl.us"
- name: CMD_PROTOCOL_USESSL
value: true
- name: CMD_URL_ADDPORT
value: false
- name: NODE_ENV
value: production
- name: CMD_IMAGE_UPLOAD_TYPE
value: filesystem
- name: UPLOADS_MODE
value: 0700
ports:
- containerport: 3000
hostport: 4080
protocol: TCP
volumemounts:
- mountpath: /hedgedoc/public/uploads
name: hedgedoc-uploads
- mountpath: /etc/localtime
name: localtime
readonly: true
- name: postgres
image: docker.io/library/postgres:16-alpine
env:
- name: POSTGRES_PASSWORD
valuefrom:
secretkeyref:
name: notes-secrets
key: postgres-password
volumemounts:
- mountpath: /dump
name: postgres-dump
- mountpath: /var/lib/postgresql/data
name: postgres-data
- mountpath: /etc/localtime
name: localtime
readonly: true
volumes:
- persistentvolumeclaim:
claimname: notes-pod-hedgedoc-uploads
name: hedgedoc-uploads
- hostpath:
path: <home>/.dump/notes
type: Directory
name: postgres-dump
- persistentvolumeclaim:
claimname: notes-pod-postgres-data
name: postgres-data
- hostPath:
path: /etc/localtime
type: File
name: localtime

8
pods/notes/notes-secrets.yml
View file

@ -1,8 +0,0 @@
apiversion: v1
data:
postgres-password: <base64-secret>
postgres-url: <base64-url>
kind: Secret
metadata:
creationtimestamp: null
name: notes-secrets

171
pods/smarthome/smarthome-pod.yml
View file

@ -1,171 +0,0 @@
apiversion: v1
kind: Pod
metadata:
name: smarthome-pod
annotations:
io.podman.annotations.infra.name: smarthome-pod-infra
run.oci.keep_original_groups: 1
spec:
containers:
- name: home-assistant
image: ghcr.io/home-assistant/home-assistant:latest
ports:
- containerport: 3000
hostport: 6080
protocol: TCP
volumemounts:
- mountpath: /config
name: home-assistant-config
- mountpath: /dev/ttyUSB0
name: home-assistant-usb0
- mountpath: /dev/ttyUSB1
name: home-assistant-usb1
- mountpath: /etc/localtime
name: localtime
readonly: true
- name: mosquitto
image: docker.io/eclipse-mosquitto:latest
ports:
- containerport: 1883
hostport: 1883
protocol: TCP
volumemounts:
- mountpath: /mosquitto/config
name: mosquitto-config
- mountpath: /mosquitto/data
name: mosquitto-data
- mountpath: /mosquitto/log
name: mosquitto-log
- mountpath: /etc/localtime
name: localtime
readonly: true
- name: esphome
image: docker.io/esphome/esphome:stable
env:
- name: USERNAME
value: "<username>"
- name: PASSWORD
value: "<secret>"
ports:
- containerport: 6052
hostport: 6052
protocol: TCP
volumemounts:
- mountpath: /config
name: esphome-config
- mountpath: /etc/localtime
name: localtime
readonly: true
- name: ecowitt
image: docker.io/bachya/ecowitt2mqtt:latest
env:
- name: ECOWITT2MQTT_MQTT_BROKER
value: "smarthome-pod-mosquitto"
- name: ECOWITT2MQTT_MQTT_USERNAME
value: "<username>"
- name: ECOWITT2MQTT_MQTT_PASSWORD
value: "<secret>"
- name: ECOWITT2MQTT_PORT
value: 8181
- name: ECOWITT2MQTT_HASS_DISCOVERY
value: true
- name: ECOWITT2MQTT_INPUT_UNIT_SYSTEM
value: "imperial"
- name: ECOWITT2MQTT_OUTPUT_UNIT_SYSTEM
value: "metric"
- name: ECOWITT2MQTT_PRECISION
value: 1
ports:
- containerport: 8181
hostport: 8181
protocol: TCP
volumemounts:
- mountpath: /etc/localtime
name: localtime
readonly: true
- name: volvo
image: ghcr.io/dielee/volvo2mqtt:latest
env:
- name: CONF_updateInterval
value: 300
- name: CONF_babelLocale
value: "nl"
- name: CONF_mqtt
valuefrom:
secretkeyref:
name: smarthome-secrets
key: volvo-mosquitto
- name: CONF_volvoData
valuefrom:
secretkeyref:
name: smarthome-secrets
key: volvo-url
volumemounts:
- mountpath: /volvoAAOS2mqtt
name: volvo-data
- mountpath: /etc/localtime
name: localtime
readonly: true
- name: postgres
image: docker.io/library/postgres:16-alpine
env:
- name: POSTGRES_PASSWORD
valuefrom:
secretkeyref:
name: smarthome-secrets
key: postgres-password
volumemounts:
- mountpath: /dump
name: postgres-dump
- mountpath: /var/lib/postgresql/data
name: postgres-data
- mountpath: /etc/localtime
name: localtime
readonly: true
volumes:
- hostpath:
path: <home>/.config/pods/smarthome/home-assistant-config
type: Directory
name: home-assistant-config
- hostpath:
path: /dev/ttyUSB0
type: File
name: home-assistant-usb0
- hostpath:
path: /dev/ttyUSB1
type: File
name: home-assistant-usb1
- hostpath:
path: <home>/.config/pods/smarthome/mosquitto-config
type: Directory
name: mosquitto-config
- persistentvolumeclaim:
claimname: smarthome-pod-mosquitto-data
name: mosquitto-data
- persistentvolumeclaim:
claimname: smarthome-pod-mosquitto-log
name: mosquitto-log
- hostpath:
path: <home>/.config/pods/smarthome/esphome-config
type: Directory
name: esphome-config
- persistentvolumeclaim:
claimname: smarthome-pod-volvo-data
name: volvo-data
- hostpath:
path: <home>/.dump/smarthome
type: Directory
name: postgres-dump
- persistentvolumeclaim:
claimname: smarthome-pod-postgres-data
name: postgres-data
- hostpath:
path: /etc/localtime
type: File
name: localtime

9
pods/smarthome/smarthome-secrets.yml
View file

@ -1,9 +0,0 @@
apiversion: v1
data:
volvo-mosquitto: <base64-secret>
volvo-url: <base64-secret>
postgres-password: <base64-secret>
kind: Secret
metadata:
creationtimestamp: null
name: smarthome-secrets