Compare commits

...

4 Commits

Author SHA1 Message Date
Bart Geesink
9983d61812 Add more apps 2024-01-27 09:44:35 +01:00
Bart Geesink
3c092eda6a Gitea: Config update 2024-01-27 09:44:18 +01:00
Bart Geesink
45860a0358 mysqlbackup: rename the job with -test suffix 2024-01-27 09:43:50 +01:00
Bart Geesink
9d65866fca Add commands 2024-01-27 09:43:16 +01:00
14 changed files with 4843 additions and 2 deletions

View File

@ -1,3 +1,7 @@
# k43D
Kubernetes related configuration
kubectl drain node1 --ignore-daemonsets --delete-emptydir-data
../venv/bin/ansible-playbook upgrade-cluster.yml -b -i inventory/43D/hosts.yml -e kube_version=v1.26.13 -l node1

View File

@ -352,6 +352,8 @@ gitea:
PASSWD: Saigoh0iekepeithieba
SCHEMA: gitea
APP_NAME: "Gitea van Bart"
server:
ROOT_URL: https://git.geesink.org
# RUN_MODE: dev
#
# server:

19
immich/.env Normal file
View File

@ -0,0 +1,19 @@
# You can find documentation for all the supported env variables at https://immich.app/docs/install/environment-variables
# The location where your uploaded files are stored
UPLOAD_LOCATION=./library
# The Immich version to use. You can pin this to a specific version like "v1.71.0"
IMMICH_VERSION=release
# Connection secrets for postgres and typesense. You should change these to random passwords
TYPESENSE_API_KEY=some-random-text
DB_PASSWORD=postgres
# The values below this line do not need to be changed
###################################################################################
DB_HOSTNAME=immich_postgres
DB_USERNAME=postgres
DB_DATABASE_NAME=immich
REDIS_HOSTNAME=immich_redis

91
immich/docker-compose.yml Normal file
View File

@ -0,0 +1,91 @@
version: "3.8"
#
# WARNING: Make sure to use the docker-compose.yml of the current release:
#
# https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml
#
# The compose file on main may not be compatible with the latest release.
#
name: immich
services:
immich-server:
container_name: immich_server
image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
command: [ "start.sh", "immich" ]
volumes:
- ${UPLOAD_LOCATION}:/usr/src/app/upload
- /etc/localtime:/etc/localtime:ro
env_file:
- .env
ports:
- 2283:3001
depends_on:
- redis
- database
- typesense
restart: always
immich-microservices:
container_name: immich_microservices
image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
# extends:
# file: hwaccel.yml
# service: hwaccel
command: [ "start.sh", "microservices" ]
volumes:
- ${UPLOAD_LOCATION}:/usr/src/app/upload
- /etc/localtime:/etc/localtime:ro
env_file:
- .env
depends_on:
- redis
- database
- typesense
restart: always
immich-machine-learning:
container_name: immich_machine_learning
image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
volumes:
- model-cache:/cache
env_file:
- .env
restart: always
typesense:
container_name: immich_typesense
image: typesense/typesense:0.24.1@sha256:9bcff2b829f12074426ca044b56160ca9d777a0c488303469143dd9f8259d4dd
environment:
- TYPESENSE_API_KEY=${TYPESENSE_API_KEY}
- TYPESENSE_DATA_DIR=/data
# remove this to get debug messages
- GLOG_minloglevel=1
volumes:
- tsdata:/data
restart: always
redis:
container_name: immich_redis
image: redis:6.2-alpine@sha256:80cc8518800438c684a53ed829c621c94afd1087aaeb59b0d4343ed3e7bcf6c5
restart: always
database:
container_name: immich_postgres
image: postgres:14-alpine@sha256:50d9be76e9a90da4c781554955e0ffc79d9d5c4226838e64b36aacc97cbc35ad
env_file:
- .env
environment:
POSTGRES_PASSWORD: ${DB_PASSWORD}
POSTGRES_USER: ${DB_USERNAME}
POSTGRES_DB: ${DB_DATABASE_NAME}
volumes:
- pgdata:/var/lib/postgresql/data
restart: always
volumes:
pgdata:
model-cache:
tsdata:

11
immich/pvc.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: immich-data
spec:
accessModes:
- ReadWriteMany
storageClassName: longhorn
resources:
requests:
storage: 1Gi

119
immich/values.yaml Normal file
View File

@ -0,0 +1,119 @@
## This chart relies on the common library chart from bjw-s
## You can find it at https://github.com/bjw-s/helm-charts/tree/main/charts/library/common
## Refer there for more detail about the supported values
# These entries are shared between all the Immich components
env:
REDIS_HOSTNAME: '{{ printf "%s-redis-master" .Release.Name }}'
DB_HOSTNAME: "postgres-postgresql"
DB_USERNAME: "{{ .Values.postgresql.global.postgresql.auth.username }}"
DB_DATABASE_NAME: "{{ .Values.postgresql.global.postgresql.auth.database }}"
# -- You should provide your own secret outside of this helm-chart and use `postgresql.global.postgresql.auth.existingSecret` to provide credentials to the postgresql instance
DB_PASSWORD: "{{ .Values.postgresql.global.postgresql.auth.existingSecret }}"
TYPESENSE_ENABLED: "{{ .Values.typesense.enabled }}"
TYPESENSE_API_KEY: "{{ .Values.typesense.env.TYPESENSE_API_KEY }}"
TYPESENSE_HOST: '{{ printf "%s-typesense" .Release.Name }}'
IMMICH_MACHINE_LEARNING_URL: '{{ printf "http://%s-machine-learning:3003" .Release.Name }}'
image:
tag: v1.91.3
immich:
persistence:
# Main data store for all photos shared between different components.
library:
# Automatically creating the library volume is not supported by this chart
# You have to specify an existing PVC to use
existingClaim: immichadata2
# Dependencies
postgresql:
enabled: false
global:
postgresql:
auth:
username: immich
database: immich
password: immich
existingSecret: "tuiTi0ohReafo6aiqu9V"
redis:
enabled: true
architecture: standalone
auth:
enabled: false
typesense:
enabled: false
env:
TYPESENSE_DATA_DIR: /tsdata
TYPESENSE_API_KEY: typesense
persistence:
tsdata:
# Enabling typesense persistence is recommended to avoid slow reindexing
enabled: false
accessMode: ReadWriteOnce
size: 1Gi
# storageClass: storage-class
image:
repository: docker.io/typesense/typesense
tag: 0.24.0
pullPolicy: IfNotPresent
# Immich components
server:
enabled: true
image:
repository: ghcr.io/immich-app/immich-server
pullPolicy: IfNotPresent
ingress:
main:
enabled: true
annotations:
# proxy-body-size is set to 0 to remove the body limit on file uploads
cert-manager.io/cluster-issuer: letsencrypt-prod
kubernetes.io/ingress.class: haproxy
hosts:
- host: img.geesink.org
paths:
- path: "/"
tls:
- hosts:
- img.geesink.org
secretName: immich-cert-prod
microservices:
enabled: true
env:
REVERSE_GEOCODING_DUMP_DIRECTORY: /geodata-cache
persistence:
geodata-cache:
enabled: true
size: 1Gi
# Optional: Set this to pvc to avoid downloading the geodata every start.
type: emptyDir
accessMode: ReadWriteMany
# storageClass: your-class
image:
repository: ghcr.io/immich-app/immich-server
pullPolicy: IfNotPresent
machine-learning:
enabled: true
image:
repository: ghcr.io/immich-app/immich-machine-learning
pullPolicy: IfNotPresent
env:
TRANSFORMERS_CACHE: /cache
persistence:
cache:
enabled: true
size: 10Gi
# Optional: Set this to pvc to avoid downloading the ML models every start.
type: emptyDir
accessMode: ReadWriteMany
# storageClass: your-class

98
immich/values2.yml Normal file
View File

@ -0,0 +1,98 @@
# This chart relies on the common library chart from bjw-s
## You can find it at https://github.com/bjw-s/helm-charts/tree/main/charts/library/common
## Refer there for more detail about the supported values
# These entries are shared between all the Immich components
env:
REDIS_HOSTNAME: '{{ printf "%s-redis-master" .Release.Name }}'
DB_HOSTNAME: "{{ .Release.Name }}-postgresql"
DB_USERNAME: "{{ .Values.postgresql.global.postgresql.auth.username }}"
DB_DATABASE_NAME: "{{ .Values.postgresql.global.postgresql.auth.database }}"
# -- You should provide your own secret outside of this helm-chart and use `postgresql.global.postgresql.auth.existingSecret` to provide credentials to the postgresql instance
DB_PASSWORD: "{{ .Values.postgresql.global.postgresql.auth.password }}"
IMMICH_MACHINE_LEARNING_URL: '{{ printf "http://%s-machine-learning:3003" .Release.Name }}'
image:
tag: v1.93.3
immich:
persistence:
# Main data store for all photos shared between different components.
library:
# Automatically creating the library volume is not supported by this chart
# You have to specify an existing PVC to use
existingClaim: immich-data
# Dependencies
postgresql:
enabled: true
image:
repository: tensorchord/pgvecto-rs
tag: pg14-v0.1.11
global:
postgresql:
auth:
username: immich
database: immich
password: immich
primary:
initdb:
scripts:
create-extensions.sql: |
CREATE EXTENSION cube;
CREATE EXTENSION earthdistance;
CREATE EXTENSION vectors;
redis:
enabled: true
architecture: standalone
auth:
enabled: false
# Immich components
server:
enabled: true
image:
repository: ghcr.io/immich-app/immich-server
pullPolicy: IfNotPresent
ingress:
main:
enabled: true
annotations:
# proxy-body-size is set to 0 to remove the body limit on file uploads
cert-manager.io/cluster-issuer: letsencrypt-prod
kubernetes.io/ingress.class: haproxy
hosts:
- host: img.geesink.org
paths:
- path: "/"
tls:
- hosts:
- img.geesink.org
secretName: immich-cert-prod
microservices:
enabled: true
image:
repository: ghcr.io/immich-app/immich-server
pullPolicy: IfNotPresent
machine-learning:
enabled: true
image:
repository: ghcr.io/immich-app/immich-machine-learning
pullPolicy: IfNotPresent
env:
TRANSFORMERS_CACHE: /cache
persistence:
cache:
enabled: true
size: 10Gi
# Optional: Set this to pvc to avoid downloading the ML models every start.
type: emptyDir
accessMode: ReadWriteMany
# storageClass: your-class

196
influx/values.yaml Normal file
View File

@ -0,0 +1,196 @@
image:
repository: influxdb
tag: 2.3.0-alpine
pullPolicy: IfNotPresent
## If specified, use these secrets to access the images
# pullSecrets:
# - registry-secret
## Annotations to be added to InfluxDB pods
##
podAnnotations: {}
## Labels to be added to InfluxDB pods
##
podLabels: {}
nameOverride: ""
fullnameOverride: ""
## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
## Node labels for pod assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Tolerations for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
securityContext: {}
## Customize liveness, readiness and startup probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
##
livenessProbe: {}
# path: "/health"
# scheme: "HTTP"
# initialDelaySeconds: 0
# periodSeconds: 10
# timeoutSeconds: 1
# failureThreshold: 3
readinessProbe: {}
# path: "/health"
# scheme: "HTTP"
# initialDelaySeconds: 0
# periodSeconds: 10
# timeoutSeconds: 1
# successThreshold: 1
# failureThreshold: 3
startupProbe:
enabled: false
# path: "/health"
# scheme: "HTTP"
# initialDelaySeconds: 30
# periodSeconds: 5
# timeoutSeconds: 1
# failureThreshold: 6
## Extra environment variables to configure influxdb
## e.g.
# env:
# - name: FOO
# value: BAR
# - name: BAZ
# valueFrom:
# secretKeyRef:
# name: my-secret
# key: my-key
env: {}
## Create default user through docker entrypoint
## Defaults indicated below
##
adminUser:
organization: "influxdata"
bucket: "default"
user: "admin"
retention_policy: "0s"
## Leave empty to generate a random password and token.
## Or fill any of these values to use fixed values.
password: ""
token: ""
## The password and token are obtained from an existing secret. The expected
## keys are `admin-password` and `admin-token`.
## If set, the password and token values above are ignored.
# existingSecret: influxdb-auth
## Persist data to a persistent volume
##
persistence:
enabled: true
## If true will use an existing PVC instead of creating one
# useExisting: false
## Name of existing PVC to be used in the influx deployment
# name:
## influxdb data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
accessMode: ReadWriteOnce
size: 20Gi
mountPath: /var/lib/influxdb2
subPath: ""
## Add custom volume and volumeMounts
##
# volumes:
# - name: influxdb2-templates
# hostPath:
# path: /data/influxdb2-templates
# type: Directory
# mountPoints:
# - name: influxdb2-templates
# mountPath: /influxdb2-templates
# readOnly: true
## Allow executing custom init scripts
## If the container finds any files with the .sh extension inside of the
## /docker-entrypoint-initdb.d folder, it will execute them.
## When multiple scripts are present, they will be executed in lexical sort order by name.
## For more details see Custom Initialization Scripts in https://hub.docker.com/_/influxdb
initScripts:
enabled: false
scripts:
init.sh: |+
#!/bin/bash
influx apply --force yes -u https://raw.githubusercontent.com/influxdata/community-templates/master/influxdb2_operational_monitoring/influxdb2_operational_monitoring.yml
## Specify a service type
## ref: http://kubernetes.io/docs/user-guide/services/
##
service:
type: ClusterIP
port: 80
targetPort: 8086
annotations: {}
labels: {}
portName: http
serviceAccount:
# Specifies whether a ServiceAccount should be created
create: true
# The name of the ServiceAccount to use.
# If not set and create is true, a name is generated using the fullname template
name:
# Annotations for the ServiceAccount
annotations: {}
ingress:
enabled: false
# For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
# See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
# className: nginx
tls: false
# secretName: my-tls-cert # only needed if tls above is true or default certificate is not configured for Nginx
hostname: influxdb.foobar.com
annotations: {}
# kubernetes.io/ingress.class: "nginx"
# kubernetes.io/tls-acme: "true"
path: /
## Pod disruption budget configuration
##
pdb:
## Specifies whether a Pod disruption budget should be created
##
create: true
minAvailable: 1
# maxUnavailable: 1

39
joplin/joplin.yml Normal file
View File

@ -0,0 +1,39 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: joplin
labels:
app: joplin
spec:
replicas: 1
selector:
matchLabels:
app: joplin
template:
metadata:
labels:
app: joplin
spec:
containers:
- name: joplin
image: etechonomy/joplin-server:2.14
ports:
- containerPort: 22300
env:
- name: APP_BASE_URL
value: https://joplin.geesink.org
- name: DB_CLIENT
value: pg
- name: POSTGRES_DATABASE
value: joplin
- name: POSTGRES_USER
value: joplin
- name: POSTGRES_PORT
value: "5432"
- name: POSTGRES_HOST
value: postgres-postgresql
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: joplinsecrets
key: pgpass

24
joplin/jopliningres.yaml Normal file
View File

@ -0,0 +1,24 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: jopliningress
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
ingressClassName: haproxy
rules:
- host: "joplin.geesink.org"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: joplinsvc
port:
number: 22300
tls:
-
secretName: joplin-cert-prod
hosts:
- joplin.geesink.org

6
joplin/secret.yml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Secret
metadata:
name: joplinsecrets
data:
pgpass: SWQ4b29DZWF0ZWl3aWVDYWlXbzQ=

10
joplin/servicejoplin.yml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: Service
metadata:
name: joplinsvc
spec:
selector:
app: joplin
ports:
- name: joplin
port: 22300

4222
kube-prometheus/values.yaml Normal file

File diff suppressed because it is too large Load Diff

View File

@ -1,7 +1,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: mysql-backup
name: mysql-backup-test
spec:
template:
spec: