dotconfig/sv: add

dotconfig/pods: add
dotconfig/caddy: add
2025-08-17 15:02:24 +02:00 · 2025-08-17 15:02:06 +02:00 · 2025-08-17 15:01:32 +02:00 · 2025-08-17 15:01:12 +02:00 · 2025-08-17 15:00:35 +02:00 · 2025-08-17 14:04:53 +02:00
64 changed files with 952 additions and 714 deletions
--- a/README.md
+++ b/README.md
@ -1,3 +1,3 @@
-# Alpine-server
+# alpine-server
-Guides and configuration files of my Alpine server install.
+Configuration files of my server Alpine Linux operating system.
--- a/bin/backup
+++ b/bin/backup
@ -0,0 +1,10 @@
 #!/bin/sh
 host=""
 user=""
 serverdir=""
 clientdirs="$HOME/.local/etc $HOME/.local/bin $HOME/.config $HOME/.volumes $HOME/.dump"
 command="/usr/bin/restic"
 exec $command -r sftp:${user}@${host}:/${serverdir} -v backup $clientdirs
--- a/bin/checkpod
+++ b/bin/checkpod
--- a/bin/dump
+++ b/bin/dump
@ -2,7 +2,6 @@
 command="/usr/bin/podman"
 # Dumps databases
 postgres_databases=""
@ -12,12 +11,11 @@ do
    $command exec -it ${database}-pod-postgres sh -c "pg_dumpall -U postgres | gzip > /dump/${database}.sql.gz"
 done
 # Exports volumes
 volumes=""
 for volume in $volumes
 do
-    $command volume export $volume --output <home>/.volumes/${volume}.tar
+    $command volume export $volume --output /home/neutrino/.volumes/${volume}.tar
 done
--- a/bin/load
+++ b/bin/load
@ -1,23 +0,0 @@
 #!/bin/sh
 command="/usr/bin/podman"
 # Loads dumped databases
 postgres_databases="gitea"
 for database in $postgres_databases
 do
    exec $command exec -it ${database}-pod-postgres sh -c "gunzip -c /dump/${database}.sql.gz | psql -U postgres"
 done
 # Imports volumes
 volumes="gitea-pod-gitea-data"
 for volume in $volumes
 do
    exec $command volume import $volume <home>/.volumes/${volume}.tar
 done
--- a/bin/load-databases
+++ b/bin/load-databases
@ -0,0 +1,12 @@
 #!/bin/sh
 command="/usr/bin/podman"
 # Loads dumped databases
 postgres_databases=""
 for database in $postgres_databases
 do
    $command exec -it ${database}-pod-postgres sh -c "gunzip -c /dump/${database}.sql.gz | psql -U postgres"
 done
--- a/bin/load-volumes
+++ b/bin/load-volumes
@ -0,0 +1,12 @@
 #!/bin/sh
 command="/usr/bin/podman"
 # Imports volumes
 volumes=""
 for volume in $volumes
 do
    $command volume import $volume /home/neutrino/.volumes/${volume}.tar
 done
--- a/caddy/caddyfile
+++ b/caddy/caddyfile
@ -1,49 +0,0 @@
 {
    email <email>
 }
 vault.bijl.us {
    reverse_proxy :1080
 }
 git.bijl.us {
    reverse_proxy :2080
 }
 docs.bijl.us {
    reverse_proxy :2180
 }
 wiki.bijl.us {
    reverse_proxy :2280
 }
 matrix.bijl.us {
    handle /_matrix/* {
        reverse_proxy :3080
    }
    handle /.well-known/matrix/server {
        respond {"m.server":"matrix.bijl.us:443"}
    }
    handle /.well-known/matrix/client {
        respond {"m.homeserver":{"base_url":"https://matrix.bijl.us"}}
    }
 }
 element.bijl.us {
    reverse_proxy :3180
 }
 notes.bijl.us {
    reverse_proxy :4080
 }
 share.bijl.us {
    reverse_proxy :5080
 }
 smarthome.bijl.us {
    reverse_proxy :6080
 }
--- a/containerfiles/git-mkdocs-wiki/default.conf.env
+++ b/containerfiles/git-mkdocs-wiki/default.conf.env
@ -1,15 +0,0 @@
 server {
    listen $PORT;
    listen [::]:${PORT};
    server_name localhost;
    location / {
        root /usr/share/nginx/html;
        index index.html index.htm;
    }
    error_page 500 502 503 504 /50x.html;
    location = /50.html {
        root /usr/share/nginx/html;
    }
 }
--- a/containerfiles/git-mkdocs-wiki/git-mkdocs-wiki
+++ b/containerfiles/git-mkdocs-wiki/git-mkdocs-wiki
@ -1,10 +0,0 @@
 #!/bin/sh
 exec 2>&1
 find /mkdocs/repo || git clone $GIT_REPO_URL /mkdocs/repo
 cd /mkdocs/repo && git pull
 for lang in $WIKI_LANG
 do
    mkdocs build -f /mkdocs/repo/config/${lang}/mkdocs.yml -d /usr/share/nginx/html/${lang}
 done
--- a/containerfiles/git-mkdocs-wiki/git-mkdocs-wiki.containerfile
+++ b/containerfiles/git-mkdocs-wiki/git-mkdocs-wiki.containerfile
@ -1,25 +0,0 @@
 FROM nginx:alpine
 ENV PORT="80"
 COPY default.conf.env /etc/nginx/conf.d/default.conf.env
 RUN apk add envsubst \
    && touch /docker-entrypoint.d/port.sh \
    && echo "exec envsubst < /etc/nginx/conf.d/default.conf.env > /etc/nginx/conf.d/default.conf && nginx -s reload" > /docker-entrypoint.d/port.sh \
    && chmod 776 /docker-entrypoint.d/port.sh
 RUN apk add git \
    && apk add mkdocs \
    && apk add mkdocs-material \ 
    && apk add py3-regex
 RUN mkdir /mkdocs
 WORKDIR /mkdocs
 COPY root /etc/crontabs/root
 COPY git-mkdocs-wiki /bin/git-mkdocs-wiki
 RUN chmod 744 /bin/git-mkdocs-wiki
 RUN touch /docker-entrypoint.d/cron.sh \
    && echo "exec crond" > /docker-entrypoint.d/cron.sh \
    && chmod 776 /docker-entrypoint.d/cron.sh
--- a/containerfiles/git-mkdocs-wiki/root
+++ b/containerfiles/git-mkdocs-wiki/root
@ -1,3 +0,0 @@
 # do daily/weekly/monthly maintanance
 # min hour day month weekday command
 * * * * * git-mkdocs-wiki
--- a/containerfiles/git-mkdocs/default.conf.env
+++ b/containerfiles/git-mkdocs/default.conf.env
@ -1,15 +0,0 @@
 server {
    listen $PORT;
    listen [::]:${PORT};
    server_name localhost;
    location / {
        root /usr/share/nginx/html;
        index index.html index.htm;
    }
    error_page 500 502 503 504 /50x.html;
    location = /50.html {
        root /usr/share/nginx/html;
    }
 }
--- a/containerfiles/git-mkdocs/git-mkdocs
+++ b/containerfiles/git-mkdocs/git-mkdocs
@ -1,6 +0,0 @@
 #!/bin/sh
 exec 2>&1
 find /mkdocs/repo || git clone $GIT_REPO_URL /mkdocs/repo
 cd /mkdocs/repo && git pull
 exec mkdocs build -f /mkdocs/repo/mkdocs.yml -d /usr/share/nginx/html
--- a/containerfiles/git-mkdocs/git-mkdocs.containerfile
+++ b/containerfiles/git-mkdocs/git-mkdocs.containerfile
@ -1,25 +0,0 @@
 FROM nginx:alpine
 ENV PORT="80"
 COPY default.conf.env /etc/nginx/conf.d/default.conf.env
 RUN apk add envsubst \
    && touch /docker-entrypoint.d/port.sh \
    && echo "exec envsubst < /etc/nginx/conf.d/default.conf.env > /etc/nginx/conf.d/default.conf && nginx -s reload" > /docker-entrypoint.d/port.sh \
    && chmod 776 /docker-entrypoint.d/port.sh
 RUN apk add git \
    && apk add mkdocs \
    && apk add mkdocs-material \ 
    && apk add py3-regex
 RUN mkdir /mkdocs
 WORKDIR /mkdocs
 COPY root /etc/crontabs/root
 COPY git-mkdocs /bin/git-mkdocs
 RUN chmod 744 /bin/git-mkdocs
 RUN touch /docker-entrypoint.d/cron.sh \
    && echo "exec crond" > /docker-entrypoint.d/cron.sh \
    && chmod 776 /docker-entrypoint.d/cron.sh
--- a/containerfiles/git-mkdocs/root
+++ b/containerfiles/git-mkdocs/root
@ -1,3 +0,0 @@
 # do daily/weekly/monthly maintanance
 # min hour day month weekday command
 * * * * * git-mkdocs
--- a/dotconfig/caddy/caddyfile
+++ b/dotconfig/caddy/caddyfile
@ -0,0 +1,73 @@
 hs.bijl.us {
 	reverse_proxy :
 }
 vault.bijl.us {
 	reverse_proxy :
 }
 matrix.bijl.us {
 	handle /_matrix/* {
 		reverse_proxy :
 	}
 	handle /.well-known/matrix/server {
 		respond {"m.server":"matrix.bijl.us:443"}
 	}
 	handle /.well-known/matrix/client {
 		respond {"m.homeserver":{"base_url":"https://matrix.bijl.us"}}
 	}
 }
 smarthome.bijl.us {
 	reverse_proxy :
 }
 share.bijl.us {
 	reverse_proxy :
 }
 media.bijl.us {
 	reverse_proxy :
 }
 ampel.dev {
 	reverse_proxy :
 }
 git.ampel.dev {
 	reverse_proxy :
 }
 docs.ampel.dev {
 	reverse_proxy :
 }
 blog.ampel.dev {
 	reverse_proxy :
 }
 notes.ampel.dev {
 	reverse_proxy :
 }
 lucbijl.nl {
 	reverse_proxy :
 }
 git.lucbijl.nl {
 	reverse_proxy :
 }
 wiki.lucbijl.nl {
 	reverse_proxy :
 }
 blog.lucbijl.nl {
 	reverse_proxy :
 }
 notes.lucbijl.nl {
 	reverse_proxy :
 }
--- a/dotconfig/pods/ampel/ampel-pod.yml
+++ b/dotconfig/pods/ampel/ampel-pod.yml
@ -0,0 +1,174 @@
 apiversion: v1
 kind: Pod
 metadata:
  name: ampel-pod
  annotations:
    io.podman.annotations.infra.name: ampel-pod-infra
 spec:
  containers:
 #  - name: root
 #    image: 
 #    env:
 #    - name: PORT
 #      value: 3000
 #    ports:
 #    - containerport: 3000 
 #      hostport:
 #      protocol: TCP
 #    volumemounts:
 #    - name: localtime
 #      mountpath: /etc/localtime
 #      readonly: true
  - name: git
    image: codeberg.org/forgejo/forgejo:9
    env:
    - name: USER_UID
      value: "1000"
    - name: USER_GID
      value: "1000"
    - name: FORGEJO__database__DB_TYPE
      value: "postgres"
    - name: FORGEJO__database__HOST
      value: "ampel-pod-postgres"
    - name: FORGEJO__database__USER
      value: "postgres"
    - name: FORGEJO__database__PASSWD
      valuefrom:
        secretkeyref:
          name: ampel-secrets
          key: postgres-password
    - name: FORGEJO__database__NAME
      value: "forgejo"
    ports: 
    - containerport: 3100
      hostport: 
      protocol: TCP
    volumemounts:
    - name: git-data
      mountpath: /data
    - name: localtime
      mountpath: /etc/localtime
      readonly: true
  - name: tailscale
    image: ghcr.io/tailscale/tailscale:latest
    env:
    - name: TS_HOSTNAME
      value: "ampel-pod"
    - name: TS_AUTHKEY
      value: ""
    - name: TS_STATE_DIR
      value: "/var/lib/tailscale"
    - name: TS_EXTRA_ARGS
      value: "--login-server="
    volumemounts:
    - name: tailscale-lib
      mountpath: /var/lib/tailscale
    - name: localtime
      mountpath: /etc/localtime
      readonly: true
  - name: docs
    image: git.ampel.dev/ampel/mkdocs-git:latest
    env:
    - name: GIT_REPO_URL
      value: ""
    - name: PORT
      value: 3200
    ports:
    - containerport: 3200
      hostport: 
      protocol: TCP
    volumemounts:
    - name: localtime
      mountpath: /etc/localtime
      readonly: true
  - name: blog
    image: git.ampel.dev/ampel/mkdocs-git:latest
    env:
    - name: GIT_REPO_URL
      value: ""
    - name: PORT
      value: 3300
    ports:
    - containerport: 3300
      hostport: 
      protocol: TCP
    volumemounts:
    - name: localtime
      mountpath: /etc/localtime
      readonly: true
  - name: notes
    image: quay.io/hedgedoc/hedgedoc:alpine
    env: 
    - name: CMD_DB_URL
      valuefrom:
        secretkeyref:
          name: ampel-secrets
          key: postgres-url
    - name: CMD_PORT
      value: 3400
    - name: CMD_ALLOW_EMAIL_REGISTER
      value: true
    - name: CMD_DOMAIN
      value: ""
    - name: CMD_PROTOCOL_USESSL
      value: true
    - name: NODE_ENV
      value: production
    - name: CMD_IMAGE_UPLOAD_TYPE
      value: filesystem
    - name: UPLOADS_MODE
      value: 0700
    ports:
    - containerport: 3400
      hostport: 
      protocol: TCP
    volumemounts:
    - name: notes-uploads
      mountpath: /hedgedoc/public/uploads
    - name: localtime
      mountpath: /etc/localtime
      readonly: true
  - name: postgres
    image: docker.io/library/postgres:16-alpine
    env:
    - name: POSTGRES_PASSWORD
      valuefrom:
        secretkeyref:
          name: ampel-secrets
          key: postgres-password
    volumemounts:
    - name: postgres-dump
      mountpath: /dump
    - name: postgres-data
      mountpath: /var/lib/postgresql/data
    - name: localtime
      mountpath: /etc/localtime
      readonly: true
  volumes:
  - name: git-data
    persistentvolumeclaim: 
      claimname: ampel-pod-git-data
  - name: tailscale-lib
    persistentvolumeclaim:
      claimname: ampel-pod-tailscale-lib
  - name: notes-uploads
    persistentvolumeclaim:
      claimname: ampel-pod-notes-uploads
  - name: postgres-dump
    hostpath:
      path: $HOME/.dump/ampel
      type: Directory
  - name: postgres-data
    persistentvolumeclaim:
      claimname: ampel-pod-postgres-data
  - name: localtime
    hostpath:
      path: /etc/localtime
      type: File
--- a/dotconfig/pods/ampel/ampel-secrets.yml
+++ b/dotconfig/pods/ampel/ampel-secrets.yml
@ -0,0 +1,8 @@
 apiversion: v1
 data:
  postgres-password: 
  postgres-url: 
 kind: Secret
 metadata:
  creationtimestamp: null
  name: ampel-secrets
--- a/dotconfig/pods/bitwarden/bitwarden-pod.yml
+++ b/dotconfig/pods/bitwarden/bitwarden-pod.yml
@ -7,23 +7,23 @@ metadata:
 spec:
  containers:
  - name: vaultwarden
-    image: docker.io/vaultwarden/server:alpine
+    image: docker.io/vaultwarden/server:latest-alpine
    env:
    - name: SIGNUPS_ALLOWED
      value: false
    - name: DATABASE_URL
-      value: "postgresql://postgres:<secret>@bitwarden-pod-postgres/vaultwarden"
+      value: ""
    - name: ROCKET_PORT
      value: 3000
    ports:
    - containerport: 3000
-      hostport: 1080
+      hostport: 
      protocol: TCP
    volumemounts:
-    - mountpath: /data
+    - name: vaultwarden-data
-      name: vaultwarden-data
+      mountpath: /data
-    - mountpath: /etc/localtime
+    - name: localtime
-      name: localtime
+      mountpath: /etc/localtime
      readonly: true
  - name: postgres
@ -35,26 +35,26 @@ spec:
          name: bitwarden-secrets
          key: postgres-password
    volumemounts:
-    - mountpath: /dump
+    - name: postgres-dump
-      name: postgres-dump
+      mountpath: /dump
-    - mountpath: /var/lib/postgresql/data
+    - name: postgres-data
-      name: postgres-data
+      mountpath: /var/lib/postgresql/data
-    - mountpath: /etc/localtime
+    - name: localtime
-      name: localtime
+      mountpath: /etc/localtime
      readonly: true
  volumes:
-  - persistentvolumeclaim:
+  - name: vaultwarden-data
    persistentvolumeclaim:
      claimname: bitwarden-pod-vaultwarden-data
-    name: vaultwarden-data
+  - name: postgres-dump
-  - hostpath:
+    hostpath:
-      path: <home>/.dump/bitwarden
+      path: $HOME/.dump/bitwarden
      type: Directory
-    name: postgres-dump
+  - name: postgres-data
-  - persistentvolumeclaim:
+    persistentvolumeclaim:
      claimname: bitwarden-pod-postgres-data
-    name: postgres-data
+  - name: localtime
-  - hostPath:
+    hostPath:
      path: /etc/localtime
      type: File
    name: localtime
--- a/dotconfig/pods/bitwarden/bitwarden-secrets.yml
+++ b/dotconfig/pods/bitwarden/bitwarden-secrets.yml
@ -0,0 +1,8 @@
 apiversion: v1
 data:
  postgres-password: 
  postgres-url: 
 kind: Secret
 metadata:
  creationtimestamp: null
  name: bitwarden-secrets
--- a/dotconfig/pods/luc/luc-pod.yml
+++ b/dotconfig/pods/luc/luc-pod.yml
@ -0,0 +1,134 @@
 apiversion: v1
 kind: Pod
 metadata:
  name: luc-pod
  annotations:
    io.podman.annotations.infra.name: luc-pod-infra
 spec:
  containers:
 #  - name: root
 #   image: 
 #   env:
 #   - name: PORT
 #     value: 3000
 #    ports:
 #    - containerport: 3000
 #      hostport: 
 #      protocol: TCP
 #   volumemounts:
 #   - name: localtime
 #     mountpath: /etc/localtime
 #     readonly: true
  - name: git
    image: codeberg.org/forgejo/forgejo:9
    env:
    - name: USER_UID
      value: "1000"
    - name: USER_GID
      value: "1000"
    - name: FORGEJO__database__DB_TYPE
      value: "postgres"
    - name: FORGEJO__database__HOST
      value: "luc-pod-postgres"
    - name: FORGEJO__database__USER
      value: "postgres"
    - name: FORGEJO__database__PASSWD
      valuefrom:
        secretkeyref:
          name: luc-secrets
          key: postgres-password
    - name: FORGEJO__database__NAME
      value: "forgejo"
    ports: 
    - containerport: 3100
      hostport: 
      protocol: TCP
    volumemounts:
    - name: git-data
      mountpath: /data
    - name: localtime
      mountpath: /etc/localtime
      readonly: true
  - name: tailscale
    image: ghcr.io/tailscale/tailscale:latest
    env:
    - name: TS_HOSTNAME
      value: "luc-pod"
    - name: TS_AUTHKEY
      value: ""
    - name: TS_STATE_DIR
      value: "/var/lib/tailscale"
    - name: TS_EXTRA_ARGS
      value: "--login-server="
    volumemounts:
    - name: tailscale-lib
      mountpath: /var/lib/tailscale
    - name: localtime
      mountpath: /etc/localtime
      readonly: true
 #  - name: wiki
 #    image: git.ampel.dev/git-mkdocs:latest
 #    env: 
 #    - name: GIT_REPO_URL
 #      value: ""
 #    - name: PORT
 #      value: 3200
 #    ports:
 #    - containerport: 3200
 #      hostport: 
 #      protocol: TCP
 #    volumemounts:
 #    - name: localtime
 #      mountpath: /etc/localtime
 #      readonly: true
 #  - name: blog
 #    ports:
 #    - containerport: 3300
 #      hostport: 
 #      protocol: TCP
 #  - name: notes
 #    ports:
 #    - containerport: 3400
 #      hostport: 
 #      protocol: TCP
  - name: postgres
    image: docker.io/library/postgres:16-alpine
    env:
    - name: POSTGRES_PASSWORD
      valuefrom:
        secretkeyref:
          name: luc-secrets
          key: postgres-password
    volumemounts:
    - name: postgres-dump
      mountpath: /dump
    - name: postgres-data
      mountpath: /var/lib/postgresql/data
    - name: localtime
      mountpath: /etc/localtime
      readonly: true
  volumes:
  - name: git-data
    persistentvolumeclaim: 
      claimname: luc-pod-git-data
  - name: tailscale-lib
    persistentvolumeclaim:
      claimname: luc-pod-tailscale-lib
  - name: postgres-dump
    hostpath:
      path: $HOME/.dump/luc
      type: Directory
  - name: postgres-data
    persistentvolumeclaim:
      claimname: luc-pod-postgres-data
  - name: localtime
    hostpath:
      path: /etc/localtime
      type: File
--- a/dotconfig/pods/luc/luc-secrets.yml
+++ b/dotconfig/pods/luc/luc-secrets.yml
@ -1,7 +1,7 @@
 apiversion: v1
 data:
-  postgres-password: <base64-secret>
+  postgres-password:
 kind: Secret
 metadata:
  creationtimestamp: null
-  name: git-secrets
+  name: luc-secrets
--- a/dotconfig/pods/matrix/matrix-pod.yml
+++ b/dotconfig/pods/matrix/matrix-pod.yml
@ -0,0 +1,112 @@
 apiversion: v1
 kind: Pod
 metadata:
  name: matrix-pod
  annotations:
    io.podman.annotations.infra.name: matrix-pod-infra
 spec:
  containers:
  - name: dendrite
    image: ghcr.io/element-hq/dendrite-monolith:latest
    ports:
    - containerport: 8008
      hostport: 
      protocol: TCP
    - containerport: 8448
      hostport: 8448
      protocol: TCP
    volumemounts:
    - name: dendrite-config
      mountpath: /etc/dendrite
    - name: dendrite-media
      mountpath: /var/dendrite/media
    - name: dendrite-jetstream
      mountpath: /var/dendrite/jetstream
    - name: dendrite-searchindex
      mountpath: /var/dendrite/searchindex
    - name: localtime
      mountpath: /etc/localtime
      readonly: true
  - name: mautrix-whatsapp
    image: dock.mau.dev/mautrix/whatsapp:latest
    command:
    - /usr/bin/mautrix-whatsapp
    - -c
    - /data/config.yaml
    - -r
    - /data/registration.yaml
    - --ignore-unsupported-server
    volumemounts:
    - name: mautrix-whatsapp-config
      mountpath: /data
    - name: localtime
      mountpath: /etc/localtime
      readonly: true
  - name: mautrix-signal
    image: dock.mau.dev/mautrix/signal:latest
    command:
    - /usr/bin/mautrix-signal
    - -c
    - /data/config.yaml
    - -r
    - /data/registration.yaml
    - --ignore-unsupported-server
    volumemounts:
    - name: mautrix-signal-config
      mountpath: /data
    - name: localtime
      mountpath: /etc/localtime
      readonly: true
  - name: postgres
    image: docker.io/library/postgres:16-alpine
    env:
    - name: POSTGRES_PASSWORD
      valuefrom:
        secretkeyref:
          name: matrix-secrets
          key: postgres-password
    volumemounts:
    - name: postgres-dump
      mountpath: /dump
    - name: postgres-data
      mountpath: /var/lib/postgresql/data
    - name: localtime
      mountpath: /etc/localtime
      readonly: true
  volumes:
  - name: dendrite-config
    hostpath: 
      path: $HOME/.config/pods/matrix/dendrite-config
      type: Directory
  - name: dendrite-media
    persistentvolumeclaim: 
      claimname: matrix-pod-dendrite-media
  - name: dendrite-jetstream
    persistentvolumeclaim: 
      claimname: matrix-pod-dendrite-jetstream
  - name: dendrite-searchindex
    persistentvolumeclaim: 
      claimname: matrix-pod-dendrite-searchindex
  - name: mautrix-whatsapp-config
    hostpath: 
      path: $HOME/.config/pods/matrix/mautrix-whatsapp-config
      type: Directory
  - name: mautrix-signal-config
    hostpath: 
      path: $HOME/.config/pods/matrix/mautrix-signal-config
      type: Directory
  - name: postgres-dump
    hostpath:
      path: $HOME/.dump/matrix
      type: Directory
  - name: postgres-data
    persistentvolumeclaim:
      claimname: matrix-pod-postgres-data
  - name: localtime
    hostpath:
      path: /etc/localtime
      type: File
--- a/dotconfig/pods/matrix/matrix-secrets.yml
+++ b/dotconfig/pods/matrix/matrix-secrets.yml
@ -1,7 +1,7 @@
 apiversion: v1
 data:
-  postgres-password: <base64-secret>
+  postgres-password:
 kind: Secret
 metadata:
  creationtimestamp: null
-  name: matrix-secrets
+  name: matrix-secrets
--- a/dotconfig/pods/media/media-pod.yml
+++ b/dotconfig/pods/media/media-pod.yml
@ -0,0 +1,47 @@
 apiversion: v1
 kind: Pod
 metadata:
  name: media-pod
  annotations:
    io.podman.annotations.infra.name: media-pod-infra
 spec:
  containers:
  - name: jellyfin
    image: docker.io/jellyfin/jellyfin:latest
    securitycontext:
      runasgroup: 1000
      runasuser: 1000
    env: 
    - name: JELLYFIN_PublishedServerUrl
      value: ""
    ports:
    - containerport: 8096
      hostport: 
      protocol: TCP
    volumemounts:
    - name: jellyfin-config
      mountpath: /config
    - name: jellyfin-cache
      mountpath: /cache
    - name: jellyfin-media
      mountpath: /media
      readonly: true
    - name: localtime
      mountpath: /etc/localtime
      readonly: true
  volumes:
  - name: jellyfin-config
    persistentvolumeclaim:
      claimname: media-pod-jellyfin-config
  - name: jellyfin-media
    hostpath:
      path: $HOME/.local/share/media
      type: Directory
  - name: jellyfin-cache
    persistentvolumeclaim: 
      claimname: media-pod-jellyfin-cache
  - name: localtime
    hostpath:
      path: /etc/localtime
      type: File
--- a/dotconfig/pods/share/share-pod.yml
+++ b/dotconfig/pods/share/share-pod.yml
@ -10,25 +10,25 @@ spec:
    image: docker.io/mtlynch/picoshare:latest
    env:
    - name: PS_SHARED_SECRET
-      value: "<secret>"
+      value: ""
    - name: PORT
      value: 3000
    ports:
    - containerport: 3000
-      hostport: 5080
+      hostport: 
      protocol: TCP
    volumemounts:
-    - mountpath: /data
+    - name: picoshare-data
-      name: picoshare-data
+      mountpath: /data
-    - mountpath: /etc/localtime
+    - name: localtime
-      name: localtime
+      mountpath: /etc/localtime
      readonly: true
  volumes:
-  - persistentvolumeclaim:
+  - name: picoshare-data
    persistentvolumeclaim:
      claimname: share-pod-picoshare-data
-    name: picoshare-data
+  - name: localtime
-  - hostPath:
+    hostpath:
      path: /etc/localtime
      type: File
    name: localtime
--- a/dotconfig/pods/share/share-secrets.yml
+++ b/dotconfig/pods/share/share-secrets.yml
@ -0,0 +1,7 @@
 apiversion: v1
 data: 
  picoshare-password: 
 kind: Secret
 metadata:
  creationtimestamp: null
  name: share-secrets
--- a/dotconfig/pods/smarthome/smarthome-pod.yml
+++ b/dotconfig/pods/smarthome/smarthome-pod.yml
@ -0,0 +1,112 @@
 apiversion: v1
 kind: Pod
 metadata:
  name: smarthome-pod
  annotations:
    io.podman.annotations.infra.name: smarthome-pod-infra
    run.oci.keep_original_groups: 1
 spec:
  containers:
  - name: home-assistant
    image: ghcr.io/home-assistant/home-assistant:latest
    ports:
    - containerport: 3000
      hostport: 
      protocol: TCP
    volumemounts:
    - name: home-assistant-config
      mountpath: /config
    - name: home-assistant-usb0
      mountpath: /dev/ttyUSB0
    - name: home-assistant-usb1
      mountpath: /dev/ttyUSB1
    - name: localtime
      mountpath: /etc/localtime
      readonly: true
  - name: mosquitto
    image: docker.io/eclipse-mosquitto:latest
    ports:
    - containerport: 1883
      hostport: 1883
      protocol: TCP
    volumemounts:
    - name: mosquitto-config
      mountpath: /mosquitto/config
    - name: mosquitto-data
      mountpath: /mosquitto/data
    - name: mosquitto-log
      mountpath: /mosquitto/log
    - name: localtime
      mountpath: /etc/localtime
      readonly: true
  - name: esphome
    image: docker.io/esphome/esphome:latest
    env: 
    - name: USERNAME
      value: ""
    - name: PASSWORD
      value: ""
    ports:
    - containerport: 6052
      hostport: 6052
      protocol: TCP
    volumemounts:
    - name: esphome-config
      mountpath: /config
    - name: localtime
      mountpath: /etc/localtime
      readonly: true
  - name: postgres
    image: docker.io/library/postgres:16-alpine
    env:
    - name: POSTGRES_PASSWORD
      valuefrom:
        secretkeyref:
          name: smarthome-secrets
          key: postgres-password
    volumemounts:
    - name: postgres-dump
      mountpath: /dump
    - name: postgres-data
      mountpath: /var/lib/postgresql/data
    - name: localtime
      mountpath: /etc/localtime
      readonly: true
  volumes:
  - name: home-assistant-config
    hostpath: 
      path: $HOME/.config/pods/smarthome/home-assistant-config
      type: Directory
  - name: home-assistant-usb0
    hostpath:
      path: /dev/ttyUSB0
      type: File
  - name: home-assistant-usb1
    hostpath:
      path: /dev/ttyUSB1
      type: File
  - name: mosquitto-config
    hostpath: 
      path: $HOME/.config/pods/smarthome/mosquitto-config
      type: Directory
  - name:  mosquitto-data
    persistentvolumeclaim:
      claimname: smarthome-pod-mosquitto-data
  - name:  mosquitto-log
    persistentvolumeclaim:
      claimname: smarthome-pod-mosquitto-log
  - name: postgres-dump
    hostpath:
      path: $HOME/.dump/smarthome
      type: Directory
  - name: postgres-data
    persistentvolumeclaim:
      claimname: smarthome-pod-postgres-data
  - name: localtime
    hostpath:
      path: /etc/localtime
      type: File
--- a/dotconfig/pods/smarthome/smarthome-secrets.yml
+++ b/dotconfig/pods/smarthome/smarthome-secrets.yml
@ -0,0 +1,7 @@
 apiversion: v1
 data:
  postgres-password: 
 kind: Secret
 metadata:
  creationtimestamp: null
  name: smarthome-secrets
--- a/dotconfig/pods/tailscale/tailscale-pod.yml
+++ b/dotconfig/pods/tailscale/tailscale-pod.yml
@ -0,0 +1,38 @@
 apiversion: v1
 kind: Pod
 metadata:
  name: tailscale-pod
  annotations:
    io.podman.annotations.infra.name: tailscale-pod-infra
 spec:
  containers:
  - name: headscale
    image: docker.io/headscale/headscale:0.26
    command:
    - headscale
    - serve
    ports:
    - containerport: 8080
      hostport: 
      protocol: TCP
    volumemounts:
    - name: headscale-config
      mountpath: /etc/headscale
    - name: headscale-lib
      mountpath: /var/lib/headscale
    - name: localtime
      mountpath: /etc/localtime
      readonly: true
  volumes:
  - name: headscale-config
    hostpath: 
      path: $HOME/.config/pods/tailscale/headscale-config
      type: Directory
  - name: headscale-lib
    persistentvolumeclaim: 
      claimname: tailscale-pod-headscale-lib
  - name: localtime
    hostpath:
      path: /etc/localtime
      type: File
--- a/dotconfig/sv/ampel/conf
+++ b/dotconfig/sv/ampel/conf
@ -0,0 +1,5 @@
 name="ampel"
 pod_location="${HOME}/.config/pods/ampel"
 bin_location="${HOME}/.local/bin"
 command="/usr/bin/podman"
 command_args="--network=pasta --replace"
--- a/dotconfig/sv/ampel/finish
+++ b/dotconfig/sv/ampel/finish
@ -0,0 +1,6 @@
 #!/bin/sh
 . ./conf
 exec 2>&1
 exec $command kube down ${pod_location}/${name}-pod.yml
--- a/dotconfig/sv/ampel/run
+++ b/dotconfig/sv/ampel/run
@ -0,0 +1,7 @@
 #!/bin/sh
 . ./conf
 exec 2>&1
 $command kube play $command_args ${pod_location}/${name}-pod.yml
 exec ${bin_location}/checkpod
--- a/dotconfig/sv/bitwarden/conf
+++ b/dotconfig/sv/bitwarden/conf
@ -0,0 +1,5 @@
 name="bitwarden"
 pod_location="${HOME}/.config/pods/bitwarden"
 bin_location="${HOME}/.local/bin"
 command="/usr/bin/podman"
 command_args="--network=pasta --replace"
--- a/dotconfig/sv/bitwarden/finish
+++ b/dotconfig/sv/bitwarden/finish
@ -0,0 +1,6 @@
 #!/bin/sh
 . ./conf
 exec 2>&1
 exec $command kube down ${pod_location}/${name}-pod.yml
--- a/dotconfig/sv/bitwarden/run
+++ b/dotconfig/sv/bitwarden/run
@ -0,0 +1,7 @@
 #!/bin/sh
 . ./conf
 exec 2>&1
 $command kube play $command_args ${pod_location}/${name}-pod.yml
 exec ${bin_location}/checkpod
--- a/dotconfig/sv/caddy/run
+++ b/dotconfig/sv/caddy/run
@ -0,0 +1,11 @@
 #!/bin/sh
 command="/usr/sbin/caddy"
 command_args="run --config ${HOME}/.config/caddy/caddy.json"
 exec ps | grep '[${command}] ${command_args}' > /dev/null
 if [ $? != 0 ]; then
 	exec 2>&1
 	exec $command $command_args
 fi
--- a/dotconfig/sv/dump/run
+++ b/dotconfig/sv/dump/run
@ -0,0 +1,4 @@
 #!/bin/sh
 exec 2>&1
 exec snooze -H0-3,5-23 -M0 ${HOME}/.local/bin/dump
--- a/dotconfig/sv/luc/conf
+++ b/dotconfig/sv/luc/conf
@ -0,0 +1,5 @@
 name="luc"
 pod_location="${HOME}/.config/pods/luc"
 bin_location="${HOME}/.local/bin"
 command="/usr/bin/podman"
 command_args="--network=pasta --replace"
--- a/dotconfig/sv/luc/finish
+++ b/dotconfig/sv/luc/finish
@ -0,0 +1,6 @@
 #!/bin/sh
 . ./conf
 exec 2>&1
 exec $command kube down ${pod_location}/${name}-pod.yml
--- a/dotconfig/sv/luc/run
+++ b/dotconfig/sv/luc/run
@ -0,0 +1,7 @@
 #!/bin/sh
 . ./conf
 exec 2>&1
 $command kube play $command_args ${pod_location}/${name}-pod.yml
 exec ${bin_location}/checkpod
--- a/dotconfig/sv/matrix/conf
+++ b/dotconfig/sv/matrix/conf
@ -0,0 +1,5 @@
 name="matrix"
 pod_location="${HOME}/.config/pods/matrix"
 bin_location="${HOME}/.local/bin"
 command="/usr/bin/podman"
 command_args="--network=pasta --replace"
--- a/dotconfig/sv/matrix/finish
+++ b/dotconfig/sv/matrix/finish
@ -0,0 +1,6 @@
 #!/bin/sh
 . ./conf
 exec 2>&1
 exec $command kube down ${pod_location}/${name}-pod.yml
--- a/dotconfig/sv/matrix/run
+++ b/dotconfig/sv/matrix/run
@ -0,0 +1,7 @@
 #!/bin/sh
 . ./conf
 exec 2>&1
 $command kube play $command_args ${pod_location}/${name}-pod.yml
 exec ${bin_location}/checkpod
--- a/dotconfig/sv/media/conf
+++ b/dotconfig/sv/media/conf
@ -0,0 +1,5 @@
 name="media"
 pod_location="${HOME}/.config/pods/media"
 bin_location="${HOME}/.local/bin"
 command="/usr/bin/podman"
 command_args="--network=pasta --replace"
--- a/dotconfig/sv/media/finish
+++ b/dotconfig/sv/media/finish
@ -0,0 +1,6 @@
 #!/bin/sh
 . ./conf
 exec 2>&1
 exec $command kube down ${pod_location}/${name}-pod.yml
--- a/dotconfig/sv/media/run
+++ b/dotconfig/sv/media/run
@ -0,0 +1,7 @@
 #!/bin/sh
 . ./conf
 exec 2>&1
 $command kube play $command_args ${pod_location}/${name}-pod.yml
 exec ${bin_location}/checkpod
--- a/dotconfig/sv/share/conf
+++ b/dotconfig/sv/share/conf
@ -0,0 +1,5 @@
 name="share"
 pod_location="${HOME}/.config/pods/share"
 bin_location="${HOME}/.local/bin"
 command="/usr/bin/podman"
 command_args="--network=pasta --replace"
--- a/dotconfig/sv/share/finish
+++ b/dotconfig/sv/share/finish
@ -0,0 +1,6 @@
 #!/bin/sh
 . ./conf
 exec 2>&1
 exec $command kube down ${pod_location}/${name}-pod.yml
--- a/dotconfig/sv/share/run
+++ b/dotconfig/sv/share/run
@ -0,0 +1,7 @@
 #!/bin/sh
 . ./conf
 exec 2>&1
 $command kube play $command_args ${pod_location}/${name}-pod.yml
 exec ${bin_location}/checkpod
--- a/dotconfig/sv/smarthome/conf
+++ b/dotconfig/sv/smarthome/conf
@ -0,0 +1,5 @@
 name="smarthome"
 pod_location="${HOME}/.config/pods/smarthome"
 bin_location="${HOME}/.local/bin"
 command="/usr/bin/podman"
 command_args="--network=pasta --replace"
--- a/dotconfig/sv/smarthome/finish
+++ b/dotconfig/sv/smarthome/finish
@ -0,0 +1,6 @@
 #!/bin/sh
 . ./conf
 exec 2>&1
 exec $command kube down ${pod_location}/${name}-pod.yml
--- a/dotconfig/sv/smarthome/run
+++ b/dotconfig/sv/smarthome/run
@ -0,0 +1,7 @@
 #!/bin/sh
 . ./conf
 exec 2>&1
 $command kube play $command_args ${pod_location}/${name}-pod.yml
 exec ${bin_location}/checkpod
--- a/dotconfig/sv/tailscale/conf
+++ b/dotconfig/sv/tailscale/conf
@ -0,0 +1,5 @@
 name="tailscale"
 pod_location="${HOME}/.config/pods/tailscale"
 bin_location="${HOME}/.local/bin"
 command="/usr/bin/podman"
 command_args="--network=pasta --replace"
--- a/dotconfig/sv/tailscale/finish
+++ b/dotconfig/sv/tailscale/finish
@ -0,0 +1,6 @@
 #!/bin/sh
 . ./conf
 exec 2>&1
 exec $command kube down ${pod_location}/${name}-pod.yml
--- a/dotconfig/sv/tailscale/run
+++ b/dotconfig/sv/tailscale/run
@ -0,0 +1,7 @@
 #!/bin/sh
 . ./conf
 exec 2>&1
 $command kube play $command_args ${pod_location}/${name}-pod.yml
 exec ${bin_location}/checkpod
--- a/pods/bitwarden/bitwarden-secrets.yml
+++ b/pods/bitwarden/bitwarden-secrets.yml
@ -1,8 +0,0 @@
 apiversion: v1
 data:
  postgres-password: <base64-secret>
  postgres-url: <base64-secret>
 kind: Secret
 metadata:
  creationtimestamp: null
  name: bitwarden-secrets
--- a/pods/git/git-pod.yml
+++ b/pods/git/git-pod.yml
@ -1,101 +0,0 @@
 apiversion: v1
 kind: Pod
 metadata:
  name: git-pod
  annotations:
    io.podman.annotations.infra.name: git-pod-infra
 spec:
  containers:
  - name: gitea
    image: docker.io/gitea/gitea:latest
    env:
    - name: USER_UID
      value: "1000"
    - name: USER_GID
      value: "1000"
    - name: GITEA__database__HOST
      value: "git-pod-postgres"
    - name: GITEA__database__USER
      value: "postgres"
    - name: GITEA__database__PASSWD
      valuefrom:
        secretkeyref:
          name: git-secrets
          key: postgres-password
    - name: GITEA__database__NAME
      value: "gitea"
    ports: 
    - containerport: 3000
      hostport: 2080
      protocol: TCP
    volumemounts:
    - mountpath: /data
      name: gitea-data
    - mountpath: /etc/localtime
      name: localtime
      readonly: true
  - name: documentation
    image: git-mkdocs:latest
    env: 
    - name: GIT_REPO_URL
      value: "https://git.bijl.us/lnco/documentation.git"
    - name: PORT
      value: 3100
    - containerport: 3100
      hostport: 2180
      protocol: TCP
    volumemounts:
    - mountpath: /etc/localtime
      name: localtime
      readonly: true
  - name: wiki
    image: git-mkdocs-wiki:latest
    env: 
    - name: GIT_REPO_URL
      value: "https://git.bijl.us/luc/mathematics-physics-wiki.git"
    - name: WIKI_LANG
      value: "en nl"
    - name: PORT
      value: 3200
    - containerport: 3200
      hostport: 2280
      protocol: TCP
    volumemounts:
    - mountpath: /etc/localtime
      name: localtime
      readonly: true
  - name: postgres
    image: docker.io/library/postgres:16-alpine
    env:
    - name: POSTGRES_PASSWORD
      valuefrom:
        secretkeyref:
          name: git-secrets
          key: postgres-password
    volumemounts:
    - mountpath: /dump
      name: postgres-dump
    - mountpath: /var/lib/postgresql/data
      name: postgres-data
    - mountpath: /etc/localtime
      name: localtime
      readonly: true
  volumes:
  - persistentvolumeclaim: 
      claimname: git-pod-gitea-data
    name: gitea-data
  - hostpath:
      path: <home>/.dump/git
      type: Directory
    name: postgres-dump
  - persistentvolumeclaim:
      claimname: git-pod-postgres-data
    name: postgres-data
  - hostpath:
      path: /etc/localtime
      type: File
    name: localtime
--- a/pods/matrix/matrix-pod.yml
+++ b/pods/matrix/matrix-pod.yml
@ -1,129 +0,0 @@
 apiversion: v1
 kind: Pod
 metadata:
  name: matrix-pod
  annotations:
    io.podman.annotations.infra.name: matrix-pod-infra
 spec:
  containers:
  - name: dendrite
    image: matrixdotorg/dendrite-monolith:latest
    ports:
    - containerport: 8008
      hostport: 3080
      protocol: TCP
    - containerport: 8448
      hostport: 8448
      protocol: TCP
    volumemounts:
    - mountpath: /etc/dendrite
      name: dendrite-config
    - mountpath: /var/dendrite/media
      name: dendrite-media
    - mountpath: /var/dendrite/jetstream
      name: dendrite-jetstream
    - mountpath: /var/dendrite/searchindex
      name: dendrite-searchindex
    - mountpath: /etc/localtime
      name: localtime
      readonly: true
  - name: mautrix-whatsapp
    image: dock.mau.dev/mautrix/whatsapp:latest
    command:
    - /usr/bin/mautrix-whatsapp
    - -c
    - /data/config.yaml
    - -r
    - /data/registration.yaml
    - --ignore-unsupported-server
    volumemounts:
    - mountpath: /data
      name: mautrix-whatsapp-config
    - mountpath: /etc/localtime
      name: localtime
      readonly: true
  - name: mautrix-signal
    image: dock.mau.dev/mautrix/signal:latest
    command:
    - /usr/bin/mautrix-signal
    - -c
    - /data/config.yaml
    - -r
    - /data/registration.yaml
    - --ignore-unsupported-server
    volumemounts:
    - mountpath: /data
      name: mautrix-signal-config
    - mountpath: /etc/localtime
      name: localtime
      readonly: true
  - name: element
    image: vectorim/element-web:latest
    ports:
    - containerport: 80
      hostport: 3180
      protocol: TCP
    volumemounts:
    - mountpath: /app/config.json
      name: element-config
    - mountpath: /etc/localtime
      name: localtime
      readonly: true
  - name: postgres
    image: docker.io/library/postgres:16-alpine
    env:
    - name: POSTGRES_PASSWORD
      valuefrom:
        secretkeyref:
          name: matrix-secrets
          key: postgres-password
    volumemounts:
    - mountpath: /dump
      name: postgres-dump
    - mountpath: /var/lib/postgresql/data
      name: postgres-data
    - mountpath: /etc/localtime
      name: localtime
      readonly: true
  volumes:
  - hostpath: 
      path: <home>/.config/pods/matrix/dendrite-config
      type: Directory
    name: dendrite-config
  - persistentvolumeclaim: 
      claimname: matrix-pod-dendrite-media
    name: dendrite-media
  - persistentvolumeclaim: 
      claimname: matrix-pod-dendrite-jetstream
    name: dendrite-jetstream
  - persistentvolumeclaim: 
      claimname: matrix-pod-dendrite-searchindex
    name: dendrite-searchindex
  - hostpath: 
      path: <home>/.config/pods/matrix/mautrix-whatsapp-config
      type: Directory
    name: mautrix-whatsapp-config
  - hostpath: 
      path: <home>/.config/pods/matrix/mautrix-signal-config
      type: Directory
    name: mautrix-signal-config
  - hostpath: 
      path: <home>/.config/pods/matrix/element-config/config.json
      type: File
    name: element-config
  - hostpath:
      path: <home>/.dump/matrix
      type: Directory
    name: postgres-dump
  - persistentvolumeclaim:
      claimname: matrix-pod-postgres-data
    name: postgres-data
  - hostpath:
      path: /etc/localtime
      type: File
    name: localtime
--- a/pods/notes/notes-pod.yml
+++ b/pods/notes/notes-pod.yml
@ -1,73 +0,0 @@
 apiversion: v1
 kind: Pod
 metadata:
  name: notes-pod
  annotations:
    io.podman.annotations.infra.name: notes-pod-infra
 spec:
  containers:
  - name: hedgedoc
    image: quay.io/hedgedoc/hedgedoc:alpine
    env:
    - name: CMD_DB_URL
      valuefrom:
        secretkeyref:
          name: notes-secrets
          key: postgres-url
    - name: CMD_ALLOW_EMAIL_REGISTER
      value: true
    - name: CMD_DOMAIN
      value: "notes.bijl.us"
    - name: CMD_PROTOCOL_USESSL
      value: true
    - name: CMD_URL_ADDPORT
      value: false
    - name: NODE_ENV
      value: production
    - name: CMD_IMAGE_UPLOAD_TYPE
      value: filesystem
    - name: UPLOADS_MODE
      value: 0700
    ports:
    - containerport: 3000
      hostport: 4080
      protocol: TCP
    volumemounts:
    - mountpath: /hedgedoc/public/uploads
      name: hedgedoc-uploads
    - mountpath: /etc/localtime
      name: localtime
      readonly: true
  - name: postgres
    image: docker.io/library/postgres:16-alpine
    env:
    - name: POSTGRES_PASSWORD
      valuefrom:
        secretkeyref:
          name: notes-secrets
          key: postgres-password
    volumemounts:
    - mountpath: /dump
      name: postgres-dump
    - mountpath: /var/lib/postgresql/data
      name: postgres-data
    - mountpath: /etc/localtime
      name: localtime
      readonly: true
  volumes:
  - persistentvolumeclaim:
      claimname: notes-pod-hedgedoc-uploads
    name: hedgedoc-uploads
  - hostpath:
      path: <home>/.dump/notes
      type: Directory
    name: postgres-dump
  - persistentvolumeclaim:
      claimname: notes-pod-postgres-data
    name: postgres-data
  - hostPath:
      path: /etc/localtime
      type: File
    name: localtime
--- a/pods/notes/notes-secrets.yml
+++ b/pods/notes/notes-secrets.yml
@ -1,8 +0,0 @@
 apiversion: v1
 data:
  postgres-password: <base64-secret>
  postgres-url: <base64-url>
 kind: Secret
 metadata:
  creationtimestamp: null
  name: notes-secrets
--- a/pods/smarthome/smarthome-pod.yml
+++ b/pods/smarthome/smarthome-pod.yml
@ -1,171 +0,0 @@
 apiversion: v1
 kind: Pod
 metadata:
  name: smarthome-pod
  annotations:
    io.podman.annotations.infra.name: smarthome-pod-infra
    run.oci.keep_original_groups: 1
 spec:
  containers:
  - name: home-assistant
    image: ghcr.io/home-assistant/home-assistant:latest
    ports:
    - containerport: 3000
      hostport: 6080
      protocol: TCP
    volumemounts:
    - mountpath: /config
      name: home-assistant-config
    - mountpath: /dev/ttyUSB0
      name: home-assistant-usb0
    - mountpath: /dev/ttyUSB1
      name: home-assistant-usb1
    - mountpath: /etc/localtime
      name: localtime
      readonly: true
  - name: mosquitto
    image: docker.io/eclipse-mosquitto:latest
    ports:
    - containerport: 1883
      hostport: 1883
      protocol: TCP
    volumemounts:
    - mountpath: /mosquitto/config
      name: mosquitto-config
    - mountpath: /mosquitto/data
      name: mosquitto-data
    - mountpath: /mosquitto/log
      name: mosquitto-log
    - mountpath: /etc/localtime
      name: localtime
      readonly: true
  - name: esphome
    image: docker.io/esphome/esphome:stable
    env: 
    - name: USERNAME
      value: "<username>"
    - name: PASSWORD
      value: "<secret>"
    ports:
    - containerport: 6052
      hostport: 6052
      protocol: TCP
    volumemounts:
    - mountpath: /config
      name: esphome-config
    - mountpath: /etc/localtime
      name: localtime
      readonly: true
  - name: ecowitt
    image: docker.io/bachya/ecowitt2mqtt:latest
    env: 
    - name: ECOWITT2MQTT_MQTT_BROKER
      value: "smarthome-pod-mosquitto"
    - name: ECOWITT2MQTT_MQTT_USERNAME
      value: "<username>"
    - name: ECOWITT2MQTT_MQTT_PASSWORD
      value: "<secret>"
    - name: ECOWITT2MQTT_PORT
      value: 8181
    - name: ECOWITT2MQTT_HASS_DISCOVERY
      value: true
    - name: ECOWITT2MQTT_INPUT_UNIT_SYSTEM
      value: "imperial"
    - name: ECOWITT2MQTT_OUTPUT_UNIT_SYSTEM
      value: "metric"
    - name: ECOWITT2MQTT_PRECISION
      value: 1
    ports:
    - containerport: 8181
      hostport: 8181
      protocol: TCP
    volumemounts:
    - mountpath: /etc/localtime
      name: localtime
      readonly: true
  - name: volvo
    image: ghcr.io/dielee/volvo2mqtt:latest
    env: 
    - name: CONF_updateInterval
      value: 300
    - name: CONF_babelLocale
      value: "nl"
    - name: CONF_mqtt
      valuefrom:
        secretkeyref:
          name: smarthome-secrets
          key: volvo-mosquitto
    - name: CONF_volvoData
      valuefrom:
        secretkeyref:
          name: smarthome-secrets
          key: volvo-url
    volumemounts:
    - mountpath: /volvoAAOS2mqtt 
      name: volvo-data
    - mountpath: /etc/localtime
      name: localtime
      readonly: true
  - name: postgres
    image: docker.io/library/postgres:16-alpine
    env:
    - name: POSTGRES_PASSWORD
      valuefrom:
        secretkeyref:
          name: smarthome-secrets
          key: postgres-password
    volumemounts:
    - mountpath: /dump
      name: postgres-dump
    - mountpath: /var/lib/postgresql/data
      name: postgres-data
    - mountpath: /etc/localtime
      name: localtime
      readonly: true
  volumes:
  - hostpath: 
      path: <home>/.config/pods/smarthome/home-assistant-config
      type: Directory
    name: home-assistant-config
  - hostpath:
      path: /dev/ttyUSB0
      type: File
    name: home-assistant-usb0
  - hostpath:
      path: /dev/ttyUSB1
      type: File
    name: home-assistant-usb1
  - hostpath: 
      path: <home>/.config/pods/smarthome/mosquitto-config
      type: Directory
    name: mosquitto-config
  - persistentvolumeclaim:
      claimname: smarthome-pod-mosquitto-data
    name:  mosquitto-data
  - persistentvolumeclaim:
      claimname: smarthome-pod-mosquitto-log
    name:  mosquitto-log
  - hostpath: 
      path: <home>/.config/pods/smarthome/esphome-config
      type: Directory
    name: esphome-config
  - persistentvolumeclaim:
      claimname: smarthome-pod-volvo-data
    name: volvo-data
  - hostpath:
      path: <home>/.dump/smarthome
      type: Directory
    name: postgres-dump
  - persistentvolumeclaim:
      claimname: smarthome-pod-postgres-data
    name: postgres-data
  - hostpath:
      path: /etc/localtime
      type: File
    name: localtime
--- a/pods/smarthome/smarthome-secrets.yml
+++ b/pods/smarthome/smarthome-secrets.yml
@ -1,9 +0,0 @@
 apiversion: v1
 data:
  volvo-mosquitto: <base64-secret>
  volvo-url: <base64-secret>
  postgres-password: <base64-secret>
 kind: Secret
 metadata:
  creationtimestamp: null
  name: smarthome-secrets
Author	SHA1	Message	Date
Luc Bijl	f129f83f6d	dotconfig/sv: add	2025-08-17 15:02:24 +02:00
Luc Bijl	2e05501c92	dotconfig/pods: add	2025-08-17 15:02:06 +02:00
Luc Bijl	679647542d	dotconfig/caddy: add	2025-08-17 15:01:32 +02:00
Luc Bijl	a93593061c	bin: update	2025-08-17 15:01:12 +02:00
Luc Bijl	0cc125394f	change folder layout	2025-08-17 15:00:35 +02:00
Luc Bijl	b8669e3b00	containerfiles: remove	2025-08-17 14:04:53 +02:00
Luc Bijl	a6901b271b	README.md: update	2025-08-17 13:53:25 +02:00
`@ -1,3 +1,3 @@`
	`# Alpine-server`	`# alpine-server`

	`Guides and configuration files of my Alpine server install.`	`Configuration files of my server Alpine Linux operating system.`