waylon/homelab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

wip

Browse source
This commit is contained in:
Waylon Walker 2025-11-22 22:20:32 -06:00
parent 8c0277c8f3
commit 9e2c30af22
60 changed files with 8853 additions and 232 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -965,3 +965,5 @@ FodyWeavers.xsd
# Additional files built by Visual Studio
# End of https://www.toptal.com/developers/gitignore/api/vim,node,data,emacs,python,pycharm,executable,sublimetext,visualstudio,visualstudiocode
traefik
frigate/config

6
active Normal file
View file

@ -0,0 +1,6 @@
traefik
portainer
pihole
librespeed
syncthing
home-gallery

1352
argo/install.yaml Normal file
View file

File diff suppressed because it is too large Load diff

45
authelia/configmap-inspector.yml Normal file
View file

@ -0,0 +1,45 @@
apiVersion: v1
kind: Pod
metadata:
name: configmap-inspector
namespace: authelia
spec:
containers:
- image: registry.wayl.one/devtainer:slim
name: pvc-inspector
command: ["sleep", "300"]
volumeMounts:
- mountPath: /configmap
name: configmap
- mountPath: /config
name: config
volumes:
- name: configmap
projected:
sources:
- configMap:
name: configuration
- configMap:
name: users
- name: config
persistentVolumeClaim:
claimName: config
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: config
name: config
namespace: authelia
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}

132
authelia/deployment.yaml Normal file
View file

@ -0,0 +1,132 @@
---
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.cmd: kompose convert -o deployment.yaml -n authelia
kompose.service.expose: auth.wayl.one
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: authelia
name: authelia
namespace: authelia
spec:
ports:
- name: "9091"
port: 9091
targetPort: 9091
- name: 9091-tcp
port: 9091
targetPort: 9091
selector:
io.kompose.service: authelia
status:
loadBalancer: {}
---
apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: null
name: authelia
namespace: authelia
spec: {}
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.cmd: kompose convert -o deployment.yaml -n authelia
kompose.service.expose: auth.wayl.one
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: authelia
name: authelia
namespace: authelia
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: authelia
strategy:
type: Recreate
template:
metadata:
annotations:
kompose.cmd: kompose convert -o deployment.yaml -n authelia
kompose.service.expose: auth.wayl.one
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.network/authelia-default: "true"
io.kompose.service: authelia
spec:
containers:
- env:
- name: TZ
value: America/Chicago
image: authelia/authelia
name: authelia
ports:
- containerPort: 9091
protocol: TCP
resources: {}
volumeMounts:
- mountPath: /config
name: config
restartPolicy: Always
volumes:
- name: config
persistentVolumeClaim:
claimName: config
status: {}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kompose.cmd: kompose convert -o deployment.yaml -n authelia
kompose.service.expose: auth.wayl.one
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: authelia
name: authelia
namespace: authelia
spec:
rules:
- host: auth.wayl.one
http:
paths:
- backend:
service:
name: authelia
port:
number: 9091
path: /
pathType: Prefix
status:
loadBalancer: {}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: config
name: config
namespace: authelia
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}

21
authelia/docker-compose.yml Normal file
View file

@ -0,0 +1,21 @@
version: "3"
services:
authelia:
image: authelia/authelia
container_name: authelia
volumes:
- config:/config
ports:
- 9091
expose:
- 9091
environment:
- TZ=America/Chicago
healthcheck:
disable: true
labels:
kompose.service.expose: auth.wayl.one
# kompose.volume.type: configMap
volumes:
config:

31
authelia/justfile Normal file
View file

@ -0,0 +1,31 @@
default: cred convert deploy viz
update: convert patch
create-ns:
kubectl create ns authelia
cred:
kubectl get secret -n default regcred --output=yaml -o yaml | sed 's/namespace: default/namespace: authelia/' | kubectl apply -n authelia -f - && echo deployed secret || echo secret exists
convert:
kompose convert -o deployment.yaml -n authelia
deploy:
kubectl apply -f deployment.yaml
delete:
kubectl delete all --all -n authelia --timeout=0s
viz:
k8sviz -n authelia --kubeconfig $KUBECONFIG -t png -o authelia-k8s.png
restart:
kubectl rollout restart -n authelia deployment/authelia
patch:
kubectl patch -f deployment.yaml
describe:
kubectl get deployment -n authelia
kubectl get rs -n authelia
kubectl get pod -n authelia
kubectl get svc -n authelia
kubectl get ing -n authelia
describe-pod:
kubectl describe pod -n authelia
logs:
kubectl logs --all-containers -l io.kompose.service=authelia-wayl-one -n authelia -f

16
authelia/middleware.yaml Normal file
View file

@ -0,0 +1,16 @@
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: forwardauth-authelia
namespace: authelia
labels:
app.kubernetes.io/instance: authelia
app.kubernetes.io/name: authelia
spec:
forwardAuth:
address: http://authelia.authelia.svc/api/verify?rd=https%3A%2F%2Fwww.wayl.one%2F
authResponseHeaders:
- Remote-User
- Remote-Name
- Remote-Email
- Remote-Groups

1471
authelia/users_configmap.yaml Normal file
View file

File diff suppressed because it is too large Load diff

59
cal/docker-compose.yml Normal file
View file

@ -0,0 +1,59 @@
# Use postgres/example user/password credentials
version: "3.8"
volumes:
database-data:
services:
caldb:
container_name: caldb
image: postgres
restart: always
volumes:
- database-data:/var/lib/postgresql/data/
env_file: .env
networks:
- proxy
environment:
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
calcom:
container_name: calcom
image: calcom.docker.scarf.sh/calcom/cal.com
restart: always
ports:
- "3000:3000"
build:
context: .
dockerfile: Dockerfile
args:
NEXT_PUBLIC_WEBAPP_URL: ${NEXT_PUBLIC_WEBAPP_URL}
NEXT_PUBLIC_LICENSE_CONSENT: ${NEXT_PUBLIC_LICENSE_CONSENT}
CALCOM_TELEMETRY_DISABLED: ${CALCOM_TELEMETRY_DISABLED}
NEXTAUTH_SECRET: ${NEXTAUTH_SECRET}
CALENDSO_ENCRYPTION_KEY: ${CALENDSO_ENCRYPTION_KEY}
DATABASE_URL: ${DATABASE_URL}
network: proxy
networks:
- proxy
env_file: .env
environment:
- DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@tcp(caldb)/${POSTGRES_DB}
depends_on:
- caldb
labels:
- "traefik.enable=true"
- "traefik.http.routers.cal.entrypoints=http"
- "traefik.http.routers.cal.rule=Host(`cal.${URL}`)"
- "traefik.http.middlewares.cal-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.cal.middlewares=cal-https-redirect"
- "traefik.http.routers.cal-secure.entrypoints=https"
- "traefik.http.routers.cal-secure.rule=Host(`cal.${URL}`)"
- "traefik.http.routers.cal-secure.tls=true"
- "traefik.http.routers.cal-secure.service=cal"
- "traefik.http.services.cal.loadbalancer.server.port=3000"
- "traefik.docker.network=proxy"
networks:
proxy:
external: true

6
cams.sh Normal file
View file

@ -0,0 +1,6 @@
ffplay rtsp://localhost:8554/back-yard-cam &
ffplay rtsp://localhost:8554/printer &
ffplay rtsp://localhost:8554/basement &
ffplay rtsp://localhost:8554/art-room &
ffplay rtsp://localhost:8554/aylas-room &
ffplay rtsp://localhost:8554/kitchen-cam &

1
code-server/docker-compose.yml
View file

@ -17,6 +17,7 @@ services:
- code-server-data:/config
labels:
kompose.service.expose: code-server.wayl.one
# traefik.ingress.kubernetes.io/router.middlewares: default-forwardauth-authelia@kubernetescrd
ports:
- 8443
volumes:

16
code-server/middleware.yml Normal file
View file

@ -0,0 +1,16 @@
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: forwardauth-authelia
namespace: code-server
labels:
app.kubernetes.io/instance: authelia
app.kubernetes.io/name: authelia
spec:
forwardAuth:
address: http://auth.wayl.one/api/verify?rd=https%3A%2F%2Fcode-server.wayl.one%2F
authResponseHeaders:
- Remote-User
- Remote-Name
- Remote-Email
- Remote-Groups

111
docker-compose.yml.bak Normal file
View file

@ -0,0 +1,111 @@
version: "3.5"
services:
traefik:
image: docker.io/traefik:latest
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
environment:
- CF_API_EMAIL=${CF_API_EMAIL}
- CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN}
# - CF_API_KEY=YOUR_API_KEY
# be sure to use the correct one depending on if you are using a token or key
volumes:
- /etc/localtime:/etc/localtime:ro
# - /var/run/docker.sock:/var/run/docker.sock:ro
- ${PWD}/traefik/data/traefik.yml:/traefik.yml:ro
- ${PWD}/traefik/data/acme.json:/acme.json
- ${PWD}/traefik/data/config.yml:/config.yml:ro
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`traefik-dashboard.${URL}`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_USERNAME}:${TRAEFIK_PASSWORD}"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik-dashboard.${URL}`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
- "traefik.http.routers.traefik-secure.tls.domains[0].main=${URL}"
- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.${URL}"
- "traefik.http.routers.traefik-secure.service=api@internal"
portainer:
image: docker.io/portainer/portainer-ce
container_name: portainer
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ${PWD}/portainer/data:/data
ports:
- 9000:9000
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.entrypoints=http"
- "traefik.http.routers.portainer.rule=Host(`portainer.${URL}`)"
- "traefik.http.middlewares.portainer-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.portainer.middlewares=portainer-https-redirect"
- "traefik.http.routers.portainer-secure.entrypoints=https"
- "traefik.http.routers.portainer-secure.rule=Host(`portainer.${URL}`)"
- "traefik.http.routers.portainer-secure.tls=true"
- "traefik.http.routers.portainer-secure.service=portainer"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
- "traefik.docker.network=proxy"
jellyfin:
image: docker.io/jellyfin/jellyfin
container_name: jellyfin
restart: unless-stopped
security_opt:
- no-new-privileges:true
stdin_open: true # docker run -i
tty: true # docker run -t
# network_mode: "host"
# networks:
# - proxy
# user: uid:gid
ports:
- 0.0.0.0:8096:8096
volumes:
- /tank/jellyfin/config:/config
- /tank/jellyfin/cache:/cache
- /tank/jellyfin/media:/media
- /tank/jellyfin/media2:/media2:ro
# Optional - alternative address used for autodiscovery
environment:
- JELLYFIN_PublishedServerUrl=https://jellyfin.${URL}
# Optional - may be necessary for docker healthcheck to pass if running in host network mode
# extra_hosts:
# - "host.docker.internal:host-gateway"
labels:
- "traefik.enable=true"
- "traefik.http.routers.jellyfin.entrypoints=http"
- "traefik.http.routers.jellyfin.rule=Host(`jellyfin.${URL}`)"
- "traefik.http.middlewares.jellyfin-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.jellyfin.middlewares=jellyfin-https-redirect"
- "traefik.http.routers.jellyfin-secure.entrypoints=https"
- "traefik.http.routers.jellyfin-secure.rule=Host(`jellyfin.${URL}`)"
- "traefik.http.routers.jellyfin-secure.tls=true"
- "traefik.http.routers.jellyfin-secure.service=jellyfin"
- "traefik.http.services.jellyfin.loadbalancer.server.port=8096"
- "traefik.docker.network=proxy"
networks:
proxy:
external: true

30
frigate/docker-compose.yml Normal file
View file

@ -0,0 +1,30 @@
version: "3.9"
services:
frigate:
container_name: frigate
privileged: true # this may not be necessary for all setups
image: ghcr.io/blakeblackshear/frigate:stable
shm_size: "64mb" # update for your cameras based on calculation above
devices:
- /dev/bus/usb:/dev/bus/usb # Passes the USB Coral, needs to be modified for other versions
- /dev/apex_0:/dev/apex_0 # Passes a PCIe Coral, follow driver instructions here https://coral.ai/docs/m2/get-started/#2a-on-linux
- /dev/video11:/dev/video11 # For Raspberry Pi 4B
- /dev/dri/renderD128:/dev/dri/renderD128 # For intel hwaccel, needs to be updated for your hardware
volumes:
- ./config:/config
- storage:/media/frigate
- type: tmpfs # Optional: 1GB of memory, reduces SSD/SD Card wear
target: /tmp/cache
tmpfs:
size: 1000000000
ports:
- "5050:5000"
- "8654:8554" # RTSP feeds
- "8555:8555/tcp" # WebRTC over tcp
- "8555:8555/udp" # WebRTC over udp
environment:
- FRIGATE_RTSP_PASSWORD="password"
- TZ=America/Chicago
volumes:
config:
storage:

166
frigate/frigate.yaml Normal file
View file

@ -0,0 +1,166 @@
---
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.cmd: kompose convert --namespace frigate -o frigate.yaml
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: frigate
name: frigate
namespace: frigate
spec:
ports:
- name: "5000"
port: 5000
targetPort: 5000
- name: "8554"
port: 8554
targetPort: 8554
- name: "8555"
port: 8555
targetPort: 8555
- name: 8555-udp
port: 8555
protocol: UDP
targetPort: 8555
selector:
io.kompose.service: frigate
status:
loadBalancer: {}
---
apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: null
name: frigate
namespace: frigate
spec: {}
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.cmd: kompose convert --namespace frigate -o frigate.yaml
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: frigate
name: frigate
namespace: frigate
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: frigate
strategy:
type: Recreate
template:
metadata:
annotations:
kompose.cmd: kompose convert --namespace frigate -o frigate.yaml
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.network/frigate-default: "true"
io.kompose.service: frigate
spec:
containers:
- env:
- name: FRIGATE_RTSP_PASSWORD
value: '"password"'
- name: TZ
value: America/Chicago
image: ghcr.io/blakeblackshear/frigate:stable
name: frigate
ports:
- containerPort: 5000
hostPort: 5000
protocol: TCP
- containerPort: 8554
hostPort: 8554
protocol: TCP
- containerPort: 8555
hostPort: 8555
protocol: TCP
- containerPort: 8555
hostPort: 8555
protocol: UDP
resources: {}
securityContext:
privileged: true
volumeMounts:
- mountPath: /config
name: config
- mountPath: /media/frigate
name: storage
- mountPath: /tmp/cache
name: frigate-claim2
restartPolicy: Always
volumes:
- name: config
persistentVolumeClaim:
claimName: config
- name: storage
persistentVolumeClaim:
claimName: storage
- name: frigate-claim2
persistentVolumeClaim:
claimName: frigate-claim2
status: {}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: config
name: config
namespace: frigate
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: storage
name: storage
namespace: frigate
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: frigate-claim2
name: frigate-claim2
namespace: frigate
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}

1
generate_example_env.sh Normal file
View file

@ -0,0 +1 @@
cat .env | sed 's/\=.*/\=/' > .env.example

17
home-assistant/docker-compose.yml Normal file
View file

@ -0,0 +1,17 @@
version: '3'
services:
homeassistant:
container_name: homeassistant
image: "ghcr.io/home-assistant/home-assistant:stable"
volumes:
- config:/config
# - /run/dbus:/run/dbus:ro
restart: unless-stopped
privileged: true
network_mode: host
environment:
TZ: "America/Chicago"
ports:
- "8123:8123"
volumes:
config:

2
home/Dockerfile
View file

@ -1,3 +1,3 @@
FROM nginx:alpine
FROM docker.io/nginx:alpine
COPY ./site /usr/share/nginx/html
COPY ./config/default.conf /etc/nginx/conf.d/default.conf

2
home/deployment.yaml
View file

@ -65,7 +65,7 @@ spec:
io.kompose.service: wayl-one
spec:
containers:
- image: registry.wayl.one/wayl-one:fe8ab95
- image: registry.wayl.one/wayl-one:8c0277c
name: wayl-one
ports:
- containerPort: 80

2
home/docker-compose.yml
View file

@ -1,7 +1,7 @@
version: "3"
services:
wayl-one:
image: registry.wayl.one/wayl-one:fe8ab95
image: registry.wayl.one/wayl-one:8c0277c
ports:
- 80
labels:

12
home/justfile
View file

@ -3,16 +3,16 @@ default: convert deploy viz
regcred:
kubectl get secret -n default regcred --output=yaml -o yaml | sed 's/namespace: default/namespace: wayl-one/' | kubectl apply -n wayl-one -f - && echo deployed secret || echo secret exists
build:
docker build -t registry.wayl.one/wayl-one -f Dockerfile .
podman build -t waylonwalker/wayl-one -f Dockerfile .
tag:
docker tag registry.wayl.one/wayl-one registry.wayl.one/wayl-one:$(git rev-parse --short HEAD)
podman tag waylonwalker/wayl-one waylonwalker/wayl-one:v1
test:
docker run -p 5556:80 registry.wayl.one/wayl-one
podman run -p 5556:80 waylonwalker/wayl-one
push:
docker push registry.wayl.one/wayl-one:$(git rev-parse --short HEAD)
docker push registry.wayl.one/wayl-one:latest
podman push waylonwalker/wayl-one:v1
podman push waylonwalker/wayl-one:latest
set-image:
kubectl set image deployment/shot-wayl-one --namespace shot shot-wayl-one=registry.wayl.one/wayl-one:$(git rev-parse --short HEAD)
kubectl set image deployment/shot-wayl-one --namespace shot shot-wayl-one=waylonwalker/wayl-one:v1
convert:
kompose convert -o deployment.yaml -n wayl-one

0
home/site/8bitcc.ico Executable file → Normal file
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 4.2 KiB

After

Width:  |  Height:  |  Size: 4.2 KiB

Before After
Before After

12
home/site/index.html
View file

@ -189,6 +189,18 @@
play-outside
</a>
</li>
<!-- reader -->
<li>
<a href="https://reader.waylonwalker.com"
class="flex items-center py-1 px-4 space-x-2 w-32 h-12 hover:text-white hover:bg-zinc-800">
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5"
stroke="currentColor" class="w-6 h-6">
<path stroke-linecap="round" stroke-linejoin="round"
d="M12 6.042A8.967 8.967 0 0 0 6 3.75c-1.052 0-2.062.18-3 .512v14.25A8.987 8.987 0 0 1 6 18c2.305 0 4.408.867 6 2.292m0-14.25a8.966 8.966 0 0 1 6-2.292c1.052 0 2.062.18 3 .512v14.25A8.987 8.987 0 0 0 18 18a8.967 8.967 0 0 0-6 2.292m0-14.25v14.25" />
</svg>
reader
</a>
</li>
</div>
</div>
</ul>

BIN
home/wayl-one-k8s.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 92 KiB

98
immich/docker-compose.yml Normal file
View file

@ -0,0 +1,98 @@
version: "3.8"
name: immich
services:
immich-server:
container_name: immich_server
image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
command: [ "start.sh", "immich" ]
volumes:
- ${UPLOAD_LOCATION}:/usr/src/app/upload
- /etc/localtime:/etc/localtime:ro
env_file:
- .env
depends_on:
- redis
- database
- typesense
restart: always
immich-microservices:
container_name: immich_microservices
image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
# extends:
# file: hwaccel.yml
# service: hwaccel
command: [ "start.sh", "microservices" ]
volumes:
- ${UPLOAD_LOCATION}:/usr/src/app/upload
- /etc/localtime:/etc/localtime:ro
env_file:
- .env
depends_on:
- redis
- database
- typesense
restart: always
immich-machine-learning:
container_name: immich_machine_learning
image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
volumes:
- model-cache:/cache
env_file:
- .env
restart: always
immich-web:
container_name: immich_web
image: ghcr.io/immich-app/immich-web:${IMMICH_VERSION:-release}
env_file:
- .env
restart: always
typesense:
container_name: immich_typesense
image: typesense/typesense:0.24.1@sha256:9bcff2b829f12074426ca044b56160ca9d777a0c488303469143dd9f8259d4dd
environment:
- TYPESENSE_API_KEY=${TYPESENSE_API_KEY}
- TYPESENSE_DATA_DIR=/data
# remove this to get debug messages
- GLOG_minloglevel=1
volumes:
- tsdata:/data
restart: always
redis:
container_name: immich_redis
image: redis:6.2-alpine@sha256:3995fe6ea6a619313e31046bd3c8643f9e70f8f2b294ff82659d409b47d06abb
restart: always
database:
container_name: immich_postgres
image: postgres:14-alpine@sha256:874f566dd512d79cf74f59754833e869ae76ece96716d153b0fa3e64aec88d92
env_file:
- .env
environment:
POSTGRES_PASSWORD: ${DB_PASSWORD}
POSTGRES_USER: ${DB_USERNAME}
POSTGRES_DB: ${DB_DATABASE_NAME}
volumes:
- pgdata:/var/lib/postgresql/data
restart: always
immich-proxy:
container_name: immich_proxy
image: ghcr.io/immich-app/immich-proxy:${IMMICH_VERSION:-release}
ports:
- 2283:8080
depends_on:
- immich-server
- immich-web
restart: always
volumes:
pgdata:
model-cache:
tsdata:

145
jellyfin/deployment.yaml Normal file
View file

@ -0,0 +1,145 @@
apiVersion: v1
kind: Service
metadata:
labels:
service: jellyfin
name: jellyfin
namespace: jellyfin
spec:
ports:
- name: "8096"
port: 8096
targetPort: 8096
selector:
service: jellyfin
status:
loadBalancer: {}
---
apiVersion: v1
kind: Namespace
metadata:
name: jellyfin
namespace: jellyfin
spec: {}
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
service: jellyfin
name: jellyfin
namespace: jellyfin
spec:
replicas: 1
selector:
matchLabels:
service: jellyfin
strategy:
type: Recreate
template:
metadata:
labels:
service: jellyfin
spec:
containers:
- env:
- name: JELLYFIN_PublishedServerUrl
value: https://jellyfin.
image: docker.io/jellyfin/jellyfin
name: jellyfin
ports:
- containerPort: 8096
hostIP: 0.0.0.0
hostPort: 8096
protocol: TCP
resources: {}
volumeMounts:
- mountPath: /config
name: jellyfin-config
- mountPath: /cache
name: jellyfin-cache
- mountPath: /media
name: jellyfin-media
readOnly: true
restartPolicy: Always
volumes:
- name: jellyfin-config
persistentVolumeClaim:
claimName: jellyfin-config
- name: jellyfin-cache
persistentVolumeClaim:
claimName: jellyfin-cache
- name: jellyfin-media
persistentVolumeClaim:
claimName: jellyfin-media
status: {}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
service: jellyfin-config
name: jellyfin-config
namespace: jellyfin
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
service: jellyfin-cache
name: jellyfin-cache
namespace: jellyfin
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
service: jellyfin-media
name: jellyfin-media
namespace: jellyfin
spec:
storageClassName: manual
volumeName: jellyfin-media
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 3000Gi
status: {}
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: jellyfin-media
labels:
type: local
spec:
storageClassName: manual
capacity:
storage: 3000Gi
accessModes:
- ReadWriteOnce
hostPath:
path: /mnt/vault

1
justfile
View file

@ -14,4 +14,5 @@ viz:
k8sviz -n installer --kubeconfig $KUBECONFIG -t png -o kubeviz/installer.png
k8sviz -n vault --kubeconfig $KUBECONFIG -t png -o kubeviz/vault.png
k8sviz -n jobrunner --kubeconfig $KUBECONFIG -t png -o kubeviz/jobrunner.png
convert kubeviz/*.png -append kubeviz/all.png
# convert image1.png image2.png image3.png -append result/result-sprite.png

BIN
k8s.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 37 KiB

232
matrix/deployment.yaml Normal file
View file

@ -0,0 +1,232 @@
# namespace: matrix
apiVersion: v1
kind: Namespace
metadata:
name: matrix
---
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.cmd: kompose convert -o deployment.yaml -n matrix
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: db
name: db
namespace: matrix
spec:
ports:
- name: "5432"
port: 5432
targetPort: 5432
selector:
io.kompose.service: db
status:
loadBalancer: {}
---
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.cmd: kompose convert -o deployment.yaml -n matrix
kompose.service.expose: dev-matrix.wayl.one,matrix.k.waylonwalker.com
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: synapse
name: synapse
namespace: matrix
spec:
ports:
- name: "8008"
port: 8008
targetPort: 8008
selector:
io.kompose.service: synapse
status:
loadBalancer: {}
---
apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: null
name: matrix
namespace: matrix
spec: {}
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.cmd: kompose convert -o deployment.yaml -n matrix
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: db
name: db
namespace: matrix
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: db
strategy:
type: Recreate
template:
metadata:
annotations:
kompose.cmd: kompose convert -o deployment.yaml -n matrix
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.network/matrix-default: "true"
io.kompose.service: db
spec:
containers:
- env:
- name: POSTGRES_INITDB_ARGS
value: --encoding=UTF-8 --lc-collate=C --lc-ctype=C
- name: POSTGRES_PASSWORD
value: synapse
- name: POSTGRES_USER
value: synapse
image: docker.io/postgres:12-alpine
name: synapse-db
ports:
- containerPort: 5432
protocol: TCP
resources: {}
volumeMounts:
- mountPath: /var/lib/postgresql/data
name: schemas
restartPolicy: Always
volumes:
- name: schemas
persistentVolumeClaim:
claimName: schemas
status: {}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: schemas
name: schemas
namespace: matrix
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.cmd: kompose convert -o deployment.yaml -n matrix
kompose.service.expose: dev-matrix.wayl.one,matrix.k.waylonwalker.com
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: synapse
name: synapse
namespace: matrix
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: synapse
strategy:
type: Recreate
template:
metadata:
annotations:
kompose.cmd: kompose convert -o deployment.yaml -n matrix
kompose.service.expose: dev-matrix.wayl.one,matrix.k.waylonwalker.com
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.network/matrix-default: "true"
io.kompose.service: synapse
spec:
containers:
- image: docker.io/matrixdotorg/synapse:latest
name: synapse
ports:
- containerPort: 8008
protocol: TCP
resources: {}
volumeMounts:
- mountPath: /data
name: synapse-data
restartPolicy: Always
volumes:
- name: synapse-data
persistentVolumeClaim:
claimName: synapse-data
status: {}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kompose.cmd: kompose convert -o deployment.yaml -n matrix
kompose.service.expose: dev-matrix.wayl.one,matrix.k.waylonwalker.com
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: synapse
name: synapse
namespace: matrix
spec:
rules:
- host: dev-matrix.wayl.one
http:
paths:
- backend:
service:
name: synapse
port:
number: 8008
path: /
pathType: Prefix
- host: matrix.k.waylonwalker.com
http:
paths:
- backend:
service:
name: synapse
port:
number: 8008
path: /
pathType: Prefix
status:
loadBalancer: {}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: synapse-data
name: synapse-data
namespace: matrix
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}

65
matrix/docker-compose.yml
View file

@ -8,44 +8,49 @@ services:
synapse:
image: docker.io/matrixdotorg/synapse:latest
container_name: synapse
restart: unless-stopped
networks:
- proxy
security_opt:
- no-new-privileges:true
volumes:
- ${PWD}/matrix/synapse-data:/data
depends_on:
- db
# - ${PWD}/matrix/synapse-data:/data
- synapse-data:/data
# depends_on:
# - db
ports:
- 8448:8448/tcp
labels:
- "traefik.enable=true"
- "traefik.http.routers.synapse.entrypoints=http"
- "traefik.http.routers.synapse.rule=Host(`matrix.${URL}`)"
- "traefik.http.middlewares.synapse-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.synapse.middlewares=synapse-https-redirect"
- "traefik.http.routers.synapse-secure.entrypoints=https"
- "traefik.http.routers.synapse-secure.rule=Host(`matrix.${URL}`)"
- "traefik.http.routers.synapse-secure.tls=true"
- "traefik.http.routers.synapse-secure.service=synapse"
- "traefik.http.services.synapse.loadbalancer.server.port=8008"
- "traefik.docker.network=proxy"
db:
image: docker.io/postgres:12-alpine
container_name: synapse-db
# Change that password, of course!
environment:
- POSTGRES_USER=${SYNAPSE_POSTGRES_USER:-synapse}
- POSTGRES_PASSWORD=${SYNAPSE_POSTGRES_PASSWORD:-synapse}
# ensure the database gets created correctly
# https://matrix-org.github.io/synapse/latest/postgres.html#set-up-database
- POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C
volumes:
# You may store the database tables in a local folder..
- ${PWD}/matrix/schemas:/var/lib/postgresql/data
# .. or store them on some high performance storage for better results
# - /path/to/ssd/storage:/var/lib/postgresql/data
kompose.service.expose: m2.wayl.one
# - "traefik.enable=true"
# - "traefik.http.routers.synapse.entrypoints=http"
# - "traefik.http.routers.synapse.rule=Host(`matrix.${URL}`)"
# - "traefik.http.middlewares.synapse-https-redirect.redirectscheme.scheme=https"
# - "traefik.http.routers.synapse.middlewares=synapse-https-redirect"
# - "traefik.http.routers.synapse-secure.entrypoints=https"
# - "traefik.http.routers.synapse-secure.rule=Host(`matrix.${URL}`)"
# - "traefik.http.routers.synapse-secure.tls=true"
# - "traefik.http.routers.synapse-secure.service=synapse"
# - "traefik.http.services.synapse.loadbalancer.server.port=8008"
# - "traefik.docker.network=proxy"
# db:
# image: docker.io/postgres:12-alpine
# container_name: synapse-db
# # Change that password, of course!
# environment:
# - POSTGRES_USER=${SYNAPSE_POSTGRES_USER:-synapse}
# - POSTGRES_PASSWORD=${SYNAPSE_POSTGRES_PASSWORD:-synapse}
# # ensure the database gets created correctly
# # https://matrix-org.github.io/synapse/latest/postgres.html#set-up-database
# - POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C
# volumes:
# # You may store the database tables in a local folder..
# - ${PWD}/matrix/schemas:/var/lib/postgresql/data
# # .. or store them on some high performance storage for better results
# # - /path/to/ssd/storage:/var/lib/postgresql/data
volumes:
synapse-data: {}
networks:
proxy:

54
matrix/generate.yaml Normal file
View file

@ -0,0 +1,54 @@
apiVersion: v1
kind: Namespace
metadata:
name: matrix
---
apiVersion: batch/v1
kind: Job
metadata:
name: synapse-generate
namespace: matrix
spec:
ttlSecondsAfterFinished: 100
template:
spec:
containers:
- image: docker.io/matrixdotorg/synapse:latest
name: synapse
command: ["generate"]
volumeMounts:
- mountPath: /data
name: synapse-data
volumes:
- name: synapse-data
persistentVolumeClaim:
claimName: synapse-data
# template:
# spec:
# containers:
# - image: docker.io/matrixdotorg/synapse:latest
# name: synapse
# command: ["generate"]
# volumeMounts:
# - mountPath: /data
# name: synapse-data
# volumes:
# - name: synapse-data
# persistentVolumeClaim:
# claimName: synapse-data
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: synapse-data
name: synapse-data
namespace: matrix
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}

9
matrix/justfile Normal file
View file

@ -0,0 +1,9 @@
default: convert deploy viz
convert:
kompose convert -o deployment.yaml -n matrix
deploy:
kubectl apply -f deployment.yaml
viz:
k8sviz -n matrix --kubeconfig $KUBECONFIG -t png -o matrix-k8s.png
restart:
kubectl rollout restart -n matrix deployment/matrix

BIN
matrix/kui Normal file
View file

Binary file not shown.

BIN
matrix/matrix-k8s.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 113 KiB

127
matrix/matrix.yaml Normal file
View file

@ -0,0 +1,127 @@
---
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.cmd: kompose convert --namespace matrix -o matrix.yaml
kompose.service.expose: m2.wayl.one
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: synapse
name: synapse
namespace: matrix
spec:
ports:
- name: "8448"
port: 8448
targetPort: 8448
selector:
io.kompose.service: synapse
status:
loadBalancer: {}
---
apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: null
name: matrix
namespace: matrix
spec: {}
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.cmd: kompose convert --namespace matrix -o matrix.yaml
kompose.service.expose: m2.wayl.one
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: synapse
name: synapse
namespace: matrix
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: synapse
strategy:
type: Recreate
template:
metadata:
annotations:
kompose.cmd: kompose convert --namespace matrix -o matrix.yaml
kompose.service.expose: m2.wayl.one
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.network/proxy: "true"
io.kompose.service: synapse
spec:
containers:
- image: docker.io/matrixdotorg/synapse:latest
name: synapse
ports:
- containerPort: 8448
hostPort: 8448
protocol: TCP
resources: {}
volumeMounts:
- mountPath: /data
name: synapse-data
restartPolicy: Always
volumes:
- name: synapse-data
persistentVolumeClaim:
claimName: synapse-data
status: {}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kompose.cmd: kompose convert --namespace matrix -o matrix.yaml
kompose.service.expose: m2.wayl.one
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: synapse
name: synapse
namespace: matrix
spec:
rules:
- host: m2.wayl.one
http:
paths:
- backend:
service:
name: synapse
port:
number: 8448
path: /
pathType: Prefix
status:
loadBalancer: {}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: synapse-data
name: synapse-data
namespace: matrix
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}

45
matrix/pvc-inspector.yaml Normal file
View file

@ -0,0 +1,45 @@
apiVersion: v1
kind: Namespace
metadata:
name: matrix
---
apiVersion: v1
kind: Pod
metadata:
name: pvc-inspector
namespace: matrix
spec:
containers:
- image: docker.io/matrixdotorg/synapse:latest
name: pvc-inspector
command: ["sleep", "infinity"]
volumeMounts:
- mountPath: /data
name: synapse-data
- image: docker.io/matrixdotorg/synapse:latest
name: pvc-inspector-synapse
command: ["sleep", "infinity"]
volumeMounts:
- mountPath: /data
name: synapse-data
volumes:
- name: synapse-data
persistentVolumeClaim:
claimName: synapse-data
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: synapse-data
name: synapse-data
namespace: matrix
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}

107
minio/deployment.yaml
View file

@ -1,107 +0,0 @@
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.cmd: kompose convert -o deployment.yaml -n minio --replicas 3
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: sandcrawler
name: sandcrawler
namespace: minio
spec:
ports:
- name: "9000"
port: 9000
targetPort: 9000
- name: "9001"
port: 9001
targetPort: 9001
selector:
io.kompose.service: sandcrawler
status:
loadBalancer: {}
---
apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: null
name: minio
namespace: minio
spec: {}
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.cmd: kompose convert -o deployment.yaml -n minio --replicas 3
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: sandcrawler
name: sandcrawler
namespace: minio
spec:
replicas: 3
selector:
matchLabels:
io.kompose.service: sandcrawler
strategy:
type: Recreate
template:
metadata:
annotations:
kompose.cmd: kompose convert -o deployment.yaml -n minio --replicas 3
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.network/minio-default: "true"
io.kompose.service: sandcrawler
spec:
containers:
- args:
- server
- --console-address
- :9001
- /data
image: minio/minio
name: sandcrawler
ports:
- containerPort: 9000
protocol: TCP
- containerPort: 9001
protocol: TCP
resources: {}
volumeMounts:
- mountPath: /data
name: minio-storage
envFrom:
- secretRef:
name: minio-secret
restartPolicy: Always
volumes:
- name: minio-storage
persistentVolumeClaim:
claimName: minio-storage
status: {}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: minio-storage
name: minio-storage
namespace: minio
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}

7
minio/secret.yaml
View file

@ -1,7 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: minio-secret
data:
MINIO_ROOT_USER: "d2F5bG9uCg=="
MINIO_ROOT_PASSWORD: "TnpwWTRIKllCMnVncSQK"

19
nextcloud/docker-compose.yml Normal file
View file

@ -0,0 +1,19 @@
services:
nextcloud:
image: lscr.io/linuxserver/nextcloud:latest
container_name: nextcloud
environment:
- PUID=1000
- PGID=1000
- TZ="America/Chicago"
volumes:
- appdata:/config
- data:/data
ports:
- 443
labels:
kompose.service.expose: nextcloud.wayl.one
volumes:
appdata:
data:

155
nextcloud/nextcloud.yaml Normal file
View file

@ -0,0 +1,155 @@
---
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.cmd: kompose convert --namespace nextcloud -o nextcloud.yaml
kompose.service.expose: nextcloud.wayl.one
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: nextcloud
name: nextcloud
namespace: nextcloud
spec:
ports:
- name: "443"
port: 443
targetPort: 443
selector:
io.kompose.service: nextcloud
status:
loadBalancer: {}
---
apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: null
name: nextcloud
namespace: nextcloud
spec: {}
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.cmd: kompose convert --namespace nextcloud -o nextcloud.yaml
kompose.service.expose: nextcloud.wayl.one
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: nextcloud
name: nextcloud
namespace: nextcloud
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: nextcloud
strategy:
type: Recreate
template:
metadata:
annotations:
kompose.cmd: kompose convert --namespace nextcloud -o nextcloud.yaml
kompose.service.expose: nextcloud.wayl.one
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.network/nextcloud-default: "true"
io.kompose.service: nextcloud
spec:
containers:
- env:
- name: PGID
value: "1000"
- name: PUID
value: "1000"
- name: TZ
value: '"America/Chicago"'
image: lscr.io/linuxserver/nextcloud:latest
name: nextcloud
ports:
- containerPort: 443
protocol: TCP
resources: {}
volumeMounts:
- mountPath: /config
name: appdata
- mountPath: /data
name: data
restartPolicy: Always
volumes:
- name: appdata
persistentVolumeClaim:
claimName: appdata
- name: data
persistentVolumeClaim:
claimName: data
status: {}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kompose.cmd: kompose convert --namespace nextcloud -o nextcloud.yaml
kompose.service.expose: nextcloud.wayl.one
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: nextcloud
name: nextcloud
namespace: nextcloud
spec:
rules:
- host: nextcloud.wayl.one
http:
paths:
- backend:
service:
name: nextcloud
port:
number: 443
path: /
pathType: Prefix
status:
loadBalancer: {}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: appdata
name: appdata
namespace: nextcloud
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: data
name: data
namespace: nextcloud
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}

563
nextcloud/values.yaml Normal file
View file

@ -0,0 +1,563 @@
## Official nextcloud image version
## ref: https://hub.docker.com/r/library/nextcloud/tags/
##
image:
repository: nextcloud
flavor: apache
# default is generated by flavor and appVersion
tag:
pullPolicy: IfNotPresent
# pullSecrets:
# - myRegistrKeySecretName
nameOverride: ""
fullnameOverride: ""
podAnnotations: {}
deploymentAnnotations: {}
deploymentLabels: {}
# Number of replicas to be deployed
replicaCount: 1
## Allowing use of ingress controllers
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
##
ingress:
enabled: false
# className: nginx
annotations: {}
# nginx.ingress.kubernetes.io/proxy-body-size: 4G
# kubernetes.io/tls-acme: "true"
# cert-manager.io/cluster-issuer: letsencrypt-prod
# # Keep this in sync with the README.md:
# nginx.ingress.kubernetes.io/server-snippet: |-
# server_tokens off;
# proxy_hide_header X-Powered-By;
# rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last;
# rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last;
# rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
# rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
# location = /.well-known/carddav {
# return 301 $scheme://$host/remote.php/dav;
# }
# location = /.well-known/caldav {
# return 301 $scheme://$host/remote.php/dav;
# }
# location = /robots.txt {
# allow all;
# log_not_found off;
# access_log off;
# }
# location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
# deny all;
# }
# location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
# deny all;
# }
# tls:
# - secretName: nextcloud-tls
# hosts:
# - nextcloud.kube.home
labels: {}
path: /
pathType: Prefix
# Allow configuration of lifecycle hooks
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/
lifecycle: {}
# postStartCommand: []
# preStopCommand: []
phpClientHttpsFix:
enabled: false
protocol: https
nextcloud:
host: nextcloud.wayl.one
username: admin
password: changeme
## Use an existing secret
existingSecret:
enabled: false
# secretName: nameofsecret
usernameKey: nextcloud-username
passwordKey: nextcloud-password
tokenKey: nextcloud-token
smtpUsernameKey: smtp-username
smtpPasswordKey: smtp-password
smtpHostKey: smtp-host
update: 0
# If web server is not binding default port, you can define it
containerPort: 80
datadir: /var/www/html/data
persistence:
subPath:
mail:
enabled: false
fromAddress: user
domain: domain.com
smtp:
host: domain.com
secure: ssl
port: 465
authtype: LOGIN
name: user
password: pass
# PHP Configuration files
# Will be injected in /usr/local/etc/php/conf.d for apache image and in /usr/local/etc/php-fpm.d when nginx.enabled: true
phpConfigs: {}
# Default config files
# IMPORTANT: Will be used only if you put extra configs, otherwise default will come from nextcloud itself
# Default confgurations can be found here: https://github.com/nextcloud/docker/tree/master/16.0/apache/config
defaultConfigs:
# To protect /var/www/html/config
.htaccess: true
# Redis default configuration
redis.config.php: true
# Apache configuration for rewrite urls
apache-pretty-urls.config.php: true
# Define APCu as local cache
apcu.config.php: true
# Apps directory configs
apps.config.php: true
# Used for auto configure database
autoconfig.php: true
# SMTP default configuration
smtp.config.php: true
# Extra config files created in /var/www/html/config/
# ref: https://docs.nextcloud.com/server/15/admin_manual/configuration_server/config_sample_php_parameters.html#multiple-config-php-file
configs: {}
# For example, to use S3 as primary storage
# ref: https://docs.nextcloud.com/server/13/admin_manual/configuration_files/primary_storage.html#simple-storage-service-s3
#
# configs:
# s3.config.php: |-
# <?php
# $CONFIG = array (
# 'objectstore' => array(
# 'class' => '\\OC\\Files\\ObjectStore\\S3',
# 'arguments' => array(
# 'bucket' => 'my-bucket',
# 'autocreate' => true,
# 'key' => 'xxx',
# 'secret' => 'xxx',
# 'region' => 'us-east-1',
# 'use_ssl' => true
# )
# )
# );
# Hooks for auto configuration
# Here you could write small scripts which are placed in `/docker-entrypoint-hooks.d/<hook-name>/helm.sh`
# ref: https://github.com/nextcloud/docker?tab=readme-ov-file#auto-configuration-via-hook-folders
hooks:
pre-installation:
post-installation:
pre-upgrade:
post-upgrade:
before-starting:
## Strategy used to replace old pods
## IMPORTANT: use with care, it is suggested to leave as that for upgrade purposes
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
strategy:
type: Recreate
# type: RollingUpdate
# rollingUpdate:
# maxSurge: 1
# maxUnavailable: 0
##
## Extra environment variables
extraEnv:
# - name: SOME_SECRET_ENV
# valueFrom:
# secretKeyRef:
# name: nextcloud
# key: secret_key
# Extra init containers that runs before pods start.
extraInitContainers: []
# - name: do-something
# image: busybox
# command: ['do', 'something']
# Extra sidecar containers.
extraSidecarContainers: []
# - name: nextcloud-logger
# image: busybox
# command: [/bin/sh, -c, 'while ! test -f "/run/nextcloud/data/nextcloud.log"; do sleep 1; done; tail -n+1 -f /run/nextcloud/data/nextcloud.log']
# volumeMounts:
# - name: nextcloud-data
# mountPath: /run/nextcloud/data
# Extra mounts for the pods. Example shown is for connecting a legacy NFS volume
# to NextCloud pods in Kubernetes. This can then be configured in External Storage
extraVolumes:
# - name: nfs
# nfs:
# server: "10.0.0.1"
# path: "/nextcloud_data"
# readOnly: false
extraVolumeMounts:
# - name: nfs
# mountPath: "/legacy_data"
# Set securityContext parameters for the nextcloud CONTAINER only (will not affect nginx container).
# For example, you may need to define runAsNonRoot directive
securityContext: {}
# runAsUser: 33
# runAsGroup: 33
# runAsNonRoot: true
# readOnlyRootFilesystem: false
# Set securityContext parameters for the entire pod. For example, you may need to define runAsNonRoot directive
podSecurityContext: {}
# runAsUser: 33
# runAsGroup: 33
# runAsNonRoot: true
# readOnlyRootFilesystem: false
nginx:
## You need to set an fpm version of the image for nextcloud if you want to use nginx!
enabled: false
image:
repository: nginx
tag: alpine
pullPolicy: IfNotPresent
containerPort: 80
config:
# This generates the default nginx config as per the nextcloud documentation
default: true
# custom: |-
# worker_processes 1;..
resources: {}
# Set nginx container securityContext parameters. For example, you may need to define runAsNonRoot directive
securityContext: {}
# the nginx alpine container default user is 82
# runAsUser: 82
# runAsGroup: 33
# runAsNonRoot: true
# readOnlyRootFilesystem: true
internalDatabase:
enabled: true
name: nextcloud
##
## External database configuration
##
externalDatabase:
enabled: false
## Supported database engines: mysql or postgresql
type: mysql
## Database host
host:
## Database user
user: nextcloud
## Database password
password: ""
## Database name
database: nextcloud
## Use a existing secret
existingSecret:
enabled: false
# secretName: nameofsecret
usernameKey: db-username
passwordKey: db-password
# hostKey: db-hostname-or-ip
# databaseKey: db-name
##
## MariaDB chart configuration
## ref: https://github.com/bitnami/charts/tree/main/bitnami/mariadb
##
mariadb:
## Whether to deploy a mariadb server from the bitnami mariab db helm chart
# to satisfy the applications database requirements. if you want to deploy this bitnami mariadb, set this and externalDatabase to true
# To use an ALREADY DEPLOYED mariadb database, set this to false and configure the externalDatabase parameters
enabled: false
auth:
database: nextcloud
username: nextcloud
password: changeme
# Use existing secret (auth.rootPassword, auth.password, and auth.replicationPassword will be ignored).
# secret must contain the keys mariadb-root-password, mariadb-replication-password and mariadb-password
existingSecret: ""
architecture: standalone
## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
primary:
persistence:
enabled: false
# Use an existing Persistent Volume Claim (must be created ahead of time)
# existingClaim: ""
# storageClass: ""
accessMode: ReadWriteOnce
size: 8Gi
##
## PostgreSQL chart configuration
## for more options see https://github.com/bitnami/charts/tree/main/bitnami/postgresql
##
postgresql:
enabled: false
global:
postgresql:
# global.postgresql.auth overrides postgresql.auth
auth:
username: nextcloud
password: changeme
database: nextcloud
# Name of existing secret to use for PostgreSQL credentials.
# auth.postgresPassword, auth.password, and auth.replicationPassword will be ignored and picked up from this secret.
# secret might also contains the key ldap-password if LDAP is enabled.
# ldap.bind_password will be ignored and picked from this secret in this case.
existingSecret: ""
# Names of keys in existing secret to use for PostgreSQL credentials
secretKeys:
adminPasswordKey: ""
userPasswordKey: ""
replicationPasswordKey: ""
primary:
persistence:
enabled: false
# Use an existing Persistent Volume Claim (must be created ahead of time)
# existingClaim: ""
# storageClass: ""
##
## Redis chart configuration
## for more options see https://github.com/bitnami/charts/tree/main/bitnami/redis
##
redis:
enabled: false
auth:
enabled: true
password: 'changeme'
# name of an existing secret with Redis® credentials (instead of auth.password), must be created ahead of time
existingSecret: ""
# Password key to be retrieved from existing secret
existingSecretPasswordKey: ""
## Cronjob to execute Nextcloud background tasks
## ref: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/background_jobs_configuration.html#cron
##
cronjob:
enabled: false
## Cronjob sidecar resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources: {}
# Allow configuration of lifecycle hooks
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/
lifecycle: {}
# postStartCommand: []
# preStopCommand: []
# Set securityContext parameters. For example, you may need to define runAsNonRoot directive
securityContext: {}
# runAsUser: 33
# runAsGroup: 33
# runAsNonRoot: true
# readOnlyRootFilesystem: true
service:
type: ClusterIP
port: 8080
loadBalancerIP: ""
nodePort: nil
## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
# Nextcloud Data (/var/www/html)
enabled: false
annotations: {}
## nextcloud data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
## A manually managed Persistent Volume and Claim
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
# existingClaim:
accessMode: ReadWriteOnce
size: 8Gi
## Use an additional pvc for the data directory rather than a subpath of the default PVC
## Useful to store data on a different storageClass (e.g. on slower disks)
nextcloudData:
enabled: false
subPath:
annotations: {}
# storageClass: "-"
# existingClaim:
accessMode: ReadWriteOnce
size: 8Gi
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
## Liveness and readiness probe values
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
##
livenessProbe:
enabled: true
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1
readinessProbe:
enabled: true
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1
startupProbe:
enabled: false
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 30
successThreshold: 1
## Enable pod autoscaling using HorizontalPodAutoscaler
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
##
hpa:
enabled: false
cputhreshold: 60
minPods: 1
maxPods: 10
nodeSelector: {}
tolerations: []
affinity: {}
## Prometheus Exporter / Metrics
##
metrics:
enabled: false
replicaCount: 1
# The metrics exporter needs to know how you serve Nextcloud either http or https
https: false
# Use API token if set, otherwise fall back to password authentication
# https://github.com/xperimental/nextcloud-exporter#token-authentication
# Currently you still need to set the token manually in your nextcloud install
token: ""
timeout: 5s
# if set to true, exporter skips certificate verification of Nextcloud server.
tlsSkipVerify: false
image:
repository: xperimental/nextcloud-exporter
tag: 0.6.2
pullPolicy: IfNotPresent
# pullSecrets:
# - myRegistrKeySecretName
## Metrics exporter resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
# resources: {}
## Metrics exporter pod Annotation and Labels
# podAnnotations: {}
# podLabels: {}
service:
type: ClusterIP
## Use serviceLoadBalancerIP to request a specific static IP,
## otherwise leave blank
# loadBalancerIP:
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9205"
labels: {}
## Prometheus Operator ServiceMonitor configuration
##
serviceMonitor:
## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator
##
enabled: false
## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running
##
namespace: ""
## @param metrics.serviceMonitor.namespaceSelector The selector of the namespace where the target service is located (defaults to the release namespace)
namespaceSelector:
## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
##
jobLabel: ""
## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
##
interval: 30s
## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
##
scrapeTimeout: ""
## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
##
labels: {}
rbac:
enabled: false
serviceaccount:
create: true
name: nextcloud-serviceaccount
annotations: {}
## @param securityContext for nextcloud pod @deprecated Use `nextcloud.podSecurityContext` instead
securityContext: {}

319
photoprism/deployment.yaml Normal file
View file

@ -0,0 +1,319 @@
---
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.cmd: kompose convert -o deployment.yaml -n photoprism
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: mariadb
name: mariadb
namespace: photoprism
spec:
ports:
- name: "3306"
port: 3306
targetPort: 3306
selector:
io.kompose.service: mariadb
status:
loadBalancer: {}
---
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.cmd: kompose convert -o deployment.yaml -n photoprism
kompose.service.expose: photoprism.wayl.one
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: photoprism
name: photoprism
namespace: photoprism
spec:
ports:
- name: "2342"
port: 2342
targetPort: 2342
selector:
io.kompose.service: photoprism
status:
loadBalancer: {}
---
apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: null
name: photoprism
namespace: photoprism
spec: {}
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.cmd: kompose convert -o deployment.yaml -n photoprism
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: mariadb
name: mariadb
namespace: photoprism
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: mariadb
strategy:
type: Recreate
template:
metadata:
annotations:
kompose.cmd: kompose convert -o deployment.yaml -n photoprism
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.network/photoprism-default: "true"
io.kompose.service: mariadb
spec:
containers:
- args:
- mariadbd
- --innodb-buffer-pool-size=512M
- --transaction-isolation=READ-COMMITTED
- --character-set-server=utf8mb4
- --collation-server=utf8mb4_unicode_ci
- --max-connections=512
- --innodb-rollback-on-timeout=OFF
- --innodb-lock-wait-timeout=120
env:
- name: MARIADB_AUTO_UPGRADE
value: "1"
- name: MARIADB_DATABASE
value: photoprism
- name: MARIADB_INITDB_SKIP_TZINFO
value: "1"
- name: MARIADB_PASSWORD
value: insecure
- name: MARIADB_ROOT_PASSWORD
value: insecure
- name: MARIADB_USER
value: photoprism
image: mariadb:10.11
name: mariadb
ports:
- containerPort: 3306
protocol: TCP
resources: {}
volumeMounts:
- mountPath: /var/lib/mysql
name: photoprism-db
restartPolicy: Always
terminationGracePeriodSeconds: 5
volumes:
- name: photoprism-db
persistentVolumeClaim:
claimName: photoprism-db
status: {}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: photoprism-db
name: photoprism-db
namespace: photoprism
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.cmd: kompose convert -o deployment.yaml -n photoprism
kompose.service.expose: photoprism.wayl.one
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: photoprism
name: photoprism
namespace: photoprism
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: photoprism
strategy:
type: Recreate
template:
metadata:
annotations:
kompose.cmd: kompose convert -o deployment.yaml -n photoprism
kompose.service.expose: photoprism.wayl.one
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.network/photoprism-default: "true"
io.kompose.service: photoprism
spec:
containers:
- env:
- name: PHOTOPRISM_ADMIN_PASSWORD
value: insecure
- name: PHOTOPRISM_ADMIN_USER
value: admin
- name: PHOTOPRISM_AUTH_MODE
value: password
- name: PHOTOPRISM_DATABASE_DRIVER
value: mysql
- name: PHOTOPRISM_DATABASE_NAME
value: photoprism
- name: PHOTOPRISM_DATABASE_PASSWORD
value: insecure
- name: PHOTOPRISM_DATABASE_SERVER
value: mariadb:3306
- name: PHOTOPRISM_DATABASE_USER
value: photoprism
- name: PHOTOPRISM_DEFAULT_TLS
value: "true"
- name: PHOTOPRISM_DETECT_NSFW
value: "false"
- name: PHOTOPRISM_DISABLE_CHOWN
value: "false"
- name: PHOTOPRISM_DISABLE_CLASSIFICATION
value: "false"
- name: PHOTOPRISM_DISABLE_FACES
value: "false"
- name: PHOTOPRISM_DISABLE_RAW
value: "false"
- name: PHOTOPRISM_DISABLE_SETTINGS
value: "false"
- name: PHOTOPRISM_DISABLE_TENSORFLOW
value: "false"
- name: PHOTOPRISM_DISABLE_TLS
value: "false"
- name: PHOTOPRISM_DISABLE_VECTORS
value: "false"
- name: PHOTOPRISM_DISABLE_WEBDAV
value: "false"
- name: PHOTOPRISM_EXPERIMENTAL
value: "false"
- name: PHOTOPRISM_HTTP_COMPRESSION
value: gzip
- name: PHOTOPRISM_JPEG_QUALITY
value: "85"
- name: PHOTOPRISM_LOG_LEVEL
value: info
- name: PHOTOPRISM_ORIGINALS_LIMIT
value: "5000"
- name: PHOTOPRISM_RAW_PRESETS
value: "false"
- name: PHOTOPRISM_READONLY
value: "false"
- name: PHOTOPRISM_SITE_AUTHOR
- name: PHOTOPRISM_SITE_CAPTION
value: AI-Powered Photos App
- name: PHOTOPRISM_SITE_DESCRIPTION
- name: PHOTOPRISM_SITE_URL
value: https://photoprism.wayl.one
- name: PHOTOPRISM_UPLOAD_NSFW
value: "true"
image: photoprism/photoprism:latest
name: photoprism
ports:
- containerPort: 2342
protocol: TCP
resources: {}
volumeMounts:
- mountPath: /photoprism/originals
name: photoprism-originals
- mountPath: /photoprism/storage
name: photoprism-storage
workingDir: /photoprism
restartPolicy: Always
terminationGracePeriodSeconds: 10
volumes:
- name: photoprism-originals
persistentVolumeClaim:
claimName: photoprism-originals
- name: photoprism-storage
persistentVolumeClaim:
claimName: photoprism-storage
status: {}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kompose.cmd: kompose convert -o deployment.yaml -n photoprism
kompose.service.expose: photoprism.wayl.one
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: photoprism
name: photoprism
namespace: photoprism
spec:
rules:
- host: photoprism.wayl.one
http:
paths:
- backend:
service:
name: photoprism
port:
number: 2342
path: /
pathType: Prefix
status:
loadBalancer: {}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: photoprism-originals
name: photoprism-originals
namespace: photoprism
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: photoprism-storage
name: photoprism-storage
namespace: photoprism
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}

140
photoprism/docker-compose.yml Normal file
View file

@ -0,0 +1,140 @@
version: "3.5"
# Example Docker Compose config file for PhotoPrism (Linux / AMD64)
#
# Note:
# - Running PhotoPrism on a server with less than 4 GB of swap space or setting a memory/swap limit can cause unexpected
# restarts ("crashes"), for example, when the indexer temporarily needs more memory to process large files.
# - If you install PhotoPrism on a public server outside your home network, please always run it behind a secure
# HTTPS reverse proxy such as Traefik or Caddy. Your files and passwords will otherwise be transmitted
# in clear text and can be intercepted by anyone, including your provider, hackers, and governments:
# https://docs.photoprism.app/getting-started/proxies/traefik/
#
# Setup Guides:
# - https://docs.photoprism.app/getting-started/docker-compose/
# - https://docs.photoprism.app/getting-started/raspberry-pi/
# - https://www.photoprism.app/kb/activation
#
# Troubleshooting Checklists:
# - https://docs.photoprism.app/getting-started/troubleshooting/
# - https://docs.photoprism.app/getting-started/troubleshooting/docker/
# - https://docs.photoprism.app/getting-started/troubleshooting/mariadb/
#
# CLI Commands:
# - https://docs.photoprism.app/getting-started/docker-compose/#command-line-interface
#
# All commands may have to be prefixed with "sudo" when not running as root.
# This will point the home directory shortcut ~ to /root in volume mounts.
services:
photoprism:
## Use photoprism/photoprism:preview for testing preview builds:
image: photoprism/photoprism:latest
## Don't enable automatic restarts until PhotoPrism has been properly configured and tested!
## If the service gets stuck in a restart loop, this points to a memory, filesystem, network, or database issue:
## https://docs.photoprism.app/getting-started/troubleshooting/#fatal-server-errors
# restart: unless-stopped
stop_grace_period: 10s
depends_on:
- mariadb
security_opt:
- seccomp:unconfined
- apparmor:unconfined
ports:
- 2342 # HTTP port (host:container)
environment:
PHOTOPRISM_ADMIN_USER: "admin" # admin login username
PHOTOPRISM_ADMIN_PASSWORD: "insecure" # initial admin password (8-72 characters)
PHOTOPRISM_AUTH_MODE: "password" # authentication mode (public, password)
PHOTOPRISM_SITE_URL: "https://photoprism.wayl.one" # server URL in the format "http(s)://domain.name(:port)/(path)"
PHOTOPRISM_DISABLE_TLS: "false" # disables HTTPS/TLS even if the site URL starts with https:// and a certificate is available
PHOTOPRISM_DEFAULT_TLS: "true" # defaults to a self-signed HTTPS/TLS certificate if no other certificate is available
PHOTOPRISM_ORIGINALS_LIMIT: 5000 # file size limit for originals in MB (increase for high-res video)
PHOTOPRISM_HTTP_COMPRESSION: "gzip" # improves transfer speed and bandwidth utilization (none or gzip)
PHOTOPRISM_LOG_LEVEL: "info" # log level: trace, debug, info, warning, error, fatal, or panic
PHOTOPRISM_READONLY: "false" # do not modify originals directory (reduced functionality)
PHOTOPRISM_EXPERIMENTAL: "false" # enables experimental features
PHOTOPRISM_DISABLE_CHOWN: "false" # disables updating storage permissions via chmod and chown on startup
PHOTOPRISM_DISABLE_WEBDAV: "false" # disables built-in WebDAV server
PHOTOPRISM_DISABLE_SETTINGS: "false" # disables settings UI and API
PHOTOPRISM_DISABLE_TENSORFLOW: "false" # disables all features depending on TensorFlow
PHOTOPRISM_DISABLE_FACES: "false" # disables face detection and recognition (requires TensorFlow)
PHOTOPRISM_DISABLE_CLASSIFICATION: "false" # disables image classification (requires TensorFlow)
PHOTOPRISM_DISABLE_VECTORS: "false" # disables vector graphics support
PHOTOPRISM_DISABLE_RAW: "false" # disables indexing and conversion of RAW images
PHOTOPRISM_RAW_PRESETS: "false" # enables applying user presets when converting RAW images (reduces performance)
PHOTOPRISM_JPEG_QUALITY: 85 # a higher value increases the quality and file size of JPEG images and thumbnails (25-100)
PHOTOPRISM_DETECT_NSFW: "false" # automatically flags photos as private that MAY be offensive (requires TensorFlow)
PHOTOPRISM_UPLOAD_NSFW: "true" # allows uploads that MAY be offensive (no effect without TensorFlow)
# PHOTOPRISM_DATABASE_DRIVER: "sqlite" # SQLite is an embedded database that doesn't require a server
PHOTOPRISM_DATABASE_DRIVER: "mysql" # use MariaDB 10.5+ or MySQL 8+ instead of SQLite for improved performance
PHOTOPRISM_DATABASE_SERVER: "mariadb:3306" # MariaDB or MySQL database server (hostname:port)
PHOTOPRISM_DATABASE_NAME: "photoprism" # MariaDB or MySQL database schema name
PHOTOPRISM_DATABASE_USER: "photoprism" # MariaDB or MySQL database user name
PHOTOPRISM_DATABASE_PASSWORD: "insecure" # MariaDB or MySQL database user password
PHOTOPRISM_SITE_CAPTION: "AI-Powered Photos App"
PHOTOPRISM_SITE_DESCRIPTION: "" # meta site description
PHOTOPRISM_SITE_AUTHOR: "" # meta site author
## Video Transcoding (https://docs.photoprism.app/getting-started/advanced/transcoding/):
# PHOTOPRISM_FFMPEG_ENCODER: "software" # H.264/AVC encoder (software, intel, nvidia, apple, raspberry, or vaapi)
# PHOTOPRISM_FFMPEG_SIZE: "1920" # video size limit in pixels (720-7680) (default: 3840)
# PHOTOPRISM_FFMPEG_BITRATE: "32" # video bitrate limit in Mbit/s (default: 50)
## Run/install on first startup (options: update https gpu tensorflow davfs clitools clean):
# PHOTOPRISM_INIT: "https gpu tensorflow"
## Run as a non-root user after initialization (supported: 0, 33, 50-99, 500-600, and 900-1200):
# PHOTOPRISM_UID: 1000
# PHOTOPRISM_GID: 1000
# PHOTOPRISM_UMASK: 0000
## Start as non-root user before initialization (supported: 0, 33, 50-99, 500-600, and 900-1200):
# user: "1000:1000"
## Share hardware devices with FFmpeg and TensorFlow (optional):
# devices:
# - "/dev/dri:/dev/dri" # Intel QSV
# - "/dev/nvidia0:/dev/nvidia0" # Nvidia CUDA
# - "/dev/nvidiactl:/dev/nvidiactl"
# - "/dev/nvidia-modeset:/dev/nvidia-modeset"
# - "/dev/nvidia-nvswitchctl:/dev/nvidia-nvswitchctl"
# - "/dev/nvidia-uvm:/dev/nvidia-uvm"
# - "/dev/nvidia-uvm-tools:/dev/nvidia-uvm-tools"
# - "/dev/video11:/dev/video11" # Video4Linux Video Encode Device (h264_v4l2m2m)
working_dir: "/photoprism" # do not change or remove
## Storage Folders: "~" is a shortcut for your home directory, "." for the current directory
volumes:
# "/host/folder:/photoprism/folder" # Example
- "photoprism-originals:/photoprism/originals" # Original media files (DO NOT REMOVE)
# - "/example/family:/photoprism/originals/family" # *Additional* media folders can be mounted like this
# - "~/Import:/photoprism/import" # *Optional* base folder from which files can be imported to originals
- "photoprism-storage:/photoprism/storage" # *Writable* storage folder for cache, database, and sidecar files (DO NOT REMOVE)
labels:
kompose.service.expose: photoprism.wayl.one
## Database Server (recommended)
## see https://docs.photoprism.app/getting-started/faq/#should-i-use-sqlite-mariadb-or-mysql
mariadb:
image: mariadb:10.11
## If MariaDB gets stuck in a restart loop, this points to a memory or filesystem issue:
## https://docs.photoprism.app/getting-started/troubleshooting/#fatal-server-errors
# restart: unless-stopped
stop_grace_period: 5s
security_opt: # see https://github.com/MariaDB/mariadb-docker/issues/434#issuecomment-1136151239
- seccomp:unconfined
- apparmor:unconfined
command: mariadbd --innodb-buffer-pool-size=512M --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120
## Never store database files on an unreliable device such as a USB flash drive, an SD card, or a shared network folder:
volumes:
- "photoprism-db:/var/lib/mysql" # DO NOT REMOVE
ports:
- 3306
environment:
MARIADB_AUTO_UPGRADE: "1"
MARIADB_INITDB_SKIP_TZINFO: "1"
MARIADB_DATABASE: "photoprism"
MARIADB_USER: "photoprism"
MARIADB_PASSWORD: "insecure"
MARIADB_ROOT_PASSWORD: "insecure"
volumes:
photoprism-originals: {}
photoprism-storage: {}
photoprism-db: {}

31
photoprism/justfile Normal file
View file

@ -0,0 +1,31 @@
default: cred convert deploy viz
update: convert patch
create-ns:
kubectl create ns photoprism
cred:
kubectl get secret -n default regcred --output=yaml -o yaml | sed 's/namespace: default/namespace: photoprism/' | kubectl apply -n photoprism -f - && echo deployed secret || echo secret exists
convert:
kompose convert -o deployment.yaml -n photoprism
deploy:
kubectl apply -f deployment.yaml
delete:
kubectl delete all --all -n photoprism --timeout=0s
viz:
k8sviz -n photoprism --kubeconfig $KUBECONFIG -t png -o photoprism-k8s.png
restart:
kubectl rollout restart -n photoprism deployment/photoprism
patch:
kubectl patch -f deployment.yaml
describe:
kubectl get deployment -n photoprism
kubectl get rs -n photoprism
kubectl get pod -n photoprism
kubectl get svc -n photoprism
kubectl get ing -n photoprism
describe-pod:
kubectl describe pod -n photoprism
logs:
kubectl logs --all-containers -l io.kompose.service=photoprism-wayl-one -n photoprism -f

2788
pihole/basic-install.sh Normal file
View file

File diff suppressed because it is too large Load diff

157
pihole/deployment.yaml Normal file
View file

@ -0,0 +1,157 @@
---
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.cmd: kompose convert -o deployment.yaml -n pihole
kompose.service.expose: pihole.wayl.one
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: pihole
name: pihole
namespace: pihole
spec:
ports:
- name: "80"
port: 80
targetPort: 80
selector:
io.kompose.service: pihole
status:
loadBalancer: {}
---
apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: null
name: pihole
namespace: pihole
spec: {}
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.cmd: kompose convert -o deployment.yaml -n pihole
kompose.service.expose: pihole.wayl.one
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: pihole
name: pihole
namespace: pihole
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: pihole
strategy:
type: Recreate
template:
metadata:
annotations:
kompose.cmd: kompose convert -o deployment.yaml -n pihole
kompose.service.expose: pihole.wayl.one
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.network/pihole-default: "true"
io.kompose.service: pihole
spec:
containers:
- env:
- name: TZ
value: America/Chicago
- name: WEBPASSWORD
value: password
image: pihole/pihole:latest
name: pihole
ports:
- containerPort: 80
protocol: TCP
resources: {}
securityContext:
capabilities:
add:
- NET_ADMIN
volumeMounts:
- mountPath: /etc/pihole
name: pihole
- mountPath: /etc/dnsmasq.d
name: dnsmasq
restartPolicy: Always
volumes:
- name: pihole
persistentVolumeClaim:
claimName: pihole
- name: dnsmasq
persistentVolumeClaim:
claimName: dnsmasq
status: {}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kompose.cmd: kompose convert -o deployment.yaml -n pihole
kompose.service.expose: pihole.wayl.one
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: pihole
name: pihole
namespace: pihole
spec:
rules:
- host: pihole.wayl.one
http:
paths:
- backend:
service:
name: pihole
port:
number: 80
path: /
pathType: Prefix
status:
loadBalancer: {}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: pihole
name: pihole
namespace: pihole
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: dnsmasq
name: dnsmasq
namespace: pihole
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}

64
pihole/docker-compose.yml
View file

@ -4,67 +4,23 @@ services:
pihole:
image: pihole/pihole:latest
container_name: pihole
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
# Volumes store your data between container upgrades
volumes:
- /etc/localtime:/etc/localtime:ro
- ${PWD}/pihole/data/etc-pihole/:/etc/pihole/
- ${PWD}/pihole/data/etc-dnsmasq.d/:/etc/dnsmasq.d/
# ports:
# - "8080:80/tcp"
# - "53:53/tcp"
# - "53:53/udp"
# - "67:67/udp"
- pihole:/etc/pihole/
- dnsmasq:/etc/dnsmasq.d/
ports:
- 80
environment:
# TZ: "America/Chicago"
WEBPASSWORD: "${PIHOLE_PASSWORD}"
TZ: "America/Chicago"
WEBPASSWORD: password
# Recommended but not required (DHCP needs NET_ADMIN)
# https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
cap_add:
- NET_ADMIN
labels:
- "traefik.enable=true"
- "traefik.http.routers.pihole.entrypoints=http"
- "traefik.http.routers.pihole.rule=Host(`pihole.${URL}`)"
- "traefik.http.middlewares.pihole-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.pihole.middlewares=pihole-https-redirect"
- "traefik.http.routers.pihole-secure.entrypoints=https"
- "traefik.http.routers.pihole-secure.rule=Host(`pihole.${URL}`)"
- "traefik.http.routers.pihole-secure.tls=true"
- "traefik.http.routers.pihole-secure.service=pihole"
- "traefik.http.services.pihole.loadbalancer.server.port=80"
- "traefik.docker.network=proxy"
kompose.service.expose: pihole.wayl.one
networks:
proxy:
external: true
#
# version: "3"
# # More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
# services:
# pihole:
# container_name: pihole
# image: pihole/pihole:latest
# # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
# ports:
# # - "53:53/tcp"
# # - "53:53/udp"
# # - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
# - "8080:80/tcp"
# environment:
# TZ: "America/Chicago"
# # WEBPASSWORD: 'set a secure password here or it will be random'
# # Volumes store your data between container upgrades
# volumes:
# - "./etc-pihole:/etc/pihole"
# - "./etc-dnsmasq.d:/etc/dnsmasq.d"
# # https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
# cap_add:
# - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
# restart: unless-stopped
volumes:
pihole:
dnsmasq:

10
pihole/justfile Normal file
View file

@ -0,0 +1,10 @@
default: convert deploy viz
convert:
kompose convert -o deployment.yaml -n pihole
deploy:
kubectl apply -f deployment.yaml
viz:
k8sviz -n pihole --kubeconfig $KUBECONFIG -t png -o pihole-k8s.png
restart:
kubectl rollout restart -n pihole deployment/pihole

4
registry-ui/pvc-inspector.yaml
View file

@ -5,7 +5,7 @@ metadata:
namespace: registry
spec:
containers:
- image: registry.wayl.one/devtainer:slim
- image: registry.fokais.com/devtainer:slim
name: pvc-inspector
command: ["sleep", "300"]
volumeMounts:
@ -15,6 +15,8 @@ spec:
name: pvc-registry-auth
- mountPath: /pvc-registry-config
name: pvc-registry-config
imagePullSecrets:
- name: fokais-regcred
volumes:
- name: pvc-registry
persistentVolumeClaim:

2
registry-ui/registry.password Normal file
View file

@ -0,0 +1,2 @@
waylon:$2y$05$wj/1a88SL14RJc28rO5aHO7pFDnLNdKLO8t13WO58ZceiBagD0Swm

2
registry/auth/htpasswd Normal file
View file

@ -0,0 +1,2 @@
waylon:$2y$05$wj/1a88SL14RJc28rO5aHO7pFDnLNdKLO8t13WO58ZceiBagD0Swm

30
registry/certs/tls.crt Normal file
View file

@ -0,0 +1,30 @@
-----BEGIN CERTIFICATE-----
MIIFMTCCAxmgAwIBAgIUNuf5H7FDNdMjTIL/gOSJxToTH04wDQYJKoZIhvcNAQEL
BQAwGjEYMBYGA1UEAwwPZG9ja2VyLXJlZ2lzdHJ5MB4XDTIzMTEwNTAwMzk1MFoX
DTI0MTEwNDAwMzk1MFowGjEYMBYGA1UEAwwPZG9ja2VyLXJlZ2lzdHJ5MIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApY8EqeK74ryv8YSa+xYWLuzDCn3t
geuKpHhHv+BkL9XmPe/TaHFuUMV2KbnVbYhfBHe5TP2YkMz2a0KcGt8Fxdqxvj6b
GvtAhTRrWuPEJgCNDB8Ei9pW0aw+AWltXBDXnHLzzTouMC+WonCEfT8RQYK1rKTV
S9gnv8TFkjVBHRekbGogOUsXCt8H1mNyaeyWRCn4Qdiz8T6vew4TYZlxeJrxfRdZ
Oj75BbLfQcddYPfPFRwE+r1+mJV7i9mE+aWlqLK0X2vqf/qgMtLP6NqAWaRDzw7v
BdGQDnua3CwA+RL6yRQUtwE9kZmnohJFrXAyV12TKS0JqjN1KTSUpoAXcE6szkkS
eu4JTtwfMsC+xD61tKeTW/gxk1BXTJY/gI07DLDGSv4ZTrXmw17u9DHmWhOoVs/F
XxTjr+9RM0TXMj3JVwHgw7l60vsxjhcIS30NQ6T5yB555sGZ0qMO4rfA/zq0ulos
uiglj9ivSf3Y9PYdKAM07fPSyUtAupsLOcchX62CL2UfZA4kOfMTJKxbxZPZauTD
HPNLFLCnodY0+iN1UtliumAKVVcGZfXwQQjBIxMUbGue5QIVyFCbD95MoCVUOXsa
IskLSqB1r1BBK5+qxnYgZwsoezoQYnjO9V7rIcEXkHSpFinxXiS7JSGHED9r97A3
zGm0SMpUNWYrjlkCAwEAAaNvMG0wHQYDVR0OBBYEFAeSIweAbq4nDyEaCZroFpnx
rHSzMB8GA1UdIwQYMBaAFAeSIweAbq4nDyEaCZroFpnxrHSzMA8GA1UdEwEB/wQF
MAMBAf8wGgYDVR0RBBMwEYIPZG9ja2VyLXJlZ2lzdHJ5MA0GCSqGSIb3DQEBCwUA
A4ICAQCg9gwgTSkp0UdDMTS5iHdtEFsw60LEXR4E3EQaJLn3CizJ2UCIX/uNGe7q
E99+BjIhXWj+a3/79ZPqwyui7J9Vd7dhLio+daTcrM7gbbeVxIulhJatfGuLfpxW
tDC3MAw8vDigNNG7yGgt3b1uTw2QxBxtXFFP+ki5YA8nUq2Mw1/Fzyq0hOwS5Wnh
IpmYa626G9A6mbQmH/28HDYJd/12ARAhZJVY7wTSRkwZjXmzj+wo65ez7Mq1uS8K
VK3NiM5gxCMrr8jcwP2u3gehljajGRK0gzUWWe3i0pmwwh3SMrfBeiVqJ6p2Dg0G
mWeas1fDWYWA19QaNEKdj3KNzfa3QHHHWD4AWCxfLWMYg7cJn3hb2wv4Oso2J3Wh
MM6Ddnjj4bus0wqZ5tWr0YL0TZnmiS5Cv6ibdXhgMXmpgPWCKMEOXnh6OlDw9H13
IVdowxURR/khuVCUtr9Cx9D1o+nz5Fpp6FotmsRjRWyDt/Fo0ijLoxKXMPrmpHF1
Wt/Jgr46p+0SaIV2ANnacSFzaj53pM+h7kmv3FyODhThumBYkIToNV0XFmpiHrab
oAN3/TEjEhxOaXSdeb8H7Yw9xgdb02h8kf7oYD8m1joKlDOnE7q2MQNkXKdQPz66
96PIWjLLrgzjfwjbfAOJ0kbB2jgzJfCaCv5MiNnPn7RyXYIRQQ==
-----END CERTIFICATE-----

12
registry/registry-volume.yaml Normal file
View file

@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: docker-repo-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Gi
limits:
storage: 500Gi

96
sshx-server/deployment.yaml Normal file
View file

@ -0,0 +1,96 @@
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.cmd: kompose convert -o deployment.yaml -n sshx-server
kompose.image-pull-secret: regcred
kompose.service.expose: sshx.wayl.one
kompose.service.type: loadbalancer
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: sshx-server-tcp
name: sshx-server-tcp
namespace: sshx-server
spec:
ports:
- name: "8051"
port: 8051
targetPort: 8051
selector:
io.kompose.service: sshx-server
type: LoadBalancer
status:
loadBalancer: {}
---
apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: null
name: sshx-server
namespace: sshx-server
spec: {}
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.cmd: kompose convert -o deployment.yaml -n sshx-server
kompose.image-pull-secret: regcred
kompose.service.expose: sshx.wayl.one
kompose.service.type: loadbalancer
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: sshx-server
name: sshx-server
namespace: sshx-server
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: sshx-server
strategy: {}
template:
metadata:
annotations:
kompose.cmd: kompose convert -o deployment.yaml -n sshx-server
kompose.image-pull-secret: regcred
kompose.service.expose: sshx.wayl.one
kompose.service.type: loadbalancer
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.network/sshx-server-default: "true"
io.kompose.service: sshx-server
spec:
containers:
- args:
- sh
- -c
- './sshx-server --listen :: --host "https://sshx.wayl.one" --secret=hello'
image: registry.wayl.one/sshx-server
name: sshx-server
ports:
- containerPort: 8051
protocol: TCP
resources: {}
imagePullSecrets:
- name: regcred
restartPolicy: Always
status: {}
---
apiVersion: traefik.io/v1alpha1
kind: TLSOption
metadata:
name: default
namespace: default
spec:
alpnProtocols:
- http/1.1
- h2

11
sshx-server/docker-compose.yml Normal file
View file

@ -0,0 +1,11 @@
version: "3"
services:
sshx-server:
image: registry.wayl.one/sshx-server
command: ["sh", "-c", './sshx-server --listen :: --host "https://sshx.wayl.one" --secret=hello']
ports:
- 8051
labels:
kompose.service.expose: sshx.wayl.one
kompose.image-pull-secret: regcred
kompose.service.type: loadbalancer

BIN
status/85om9u.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.2 MiB

62
vault/deployment.yaml
View file

@ -1,4 +1,3 @@
---
apiVersion: v1
kind: Service
metadata:
@ -62,13 +61,21 @@ spec:
io.kompose.service: vault-server
spec:
containers:
# run vault server as the command
- env:
# - name: VAULT_LOCAL_CONFIG
# value: '{"storage": {"file": {"path": "/vault/file"}}, "listener": [{"tcp": {"address": "0.0.0.0:8200", "tls_disable": true}}], "default_lease_ttl": "168h", "max_lease_ttl": "720h", "ui": true}'
- name: VAULT_ADDR
value: http://0.0.0.0:8200
- name: VAULT_DEV_ROOT_TOKEN_ID
value: vault-plaintext-root-token
# - name: VAULT_DEV_ROOT_TOKEN_ID
# valueFrom:
# secretKeyRef:
# key: VAULT_DEV_ROOT_TOKEN_ID
# name: vault-dev-root-token-id
image: hashicorp/vault
name: vault-server
command: ["vault", "server", "-config=/vault/config/vault.hcl"]
ports:
- containerPort: 8200
protocol: TCP
@ -77,6 +84,19 @@ spec:
capabilities:
add:
- IPC_LOCK
volumeMounts:
- mountPath: /vault/data
name: vault-data
- name: vault-config
mountPath: /vault/config
volumes:
- name: vault-data
persistentVolumeClaim:
claimName: vault-data
- name: vault-config
configMap:
name: vault-config
restartPolicy: Always
status: {}
@ -108,3 +128,39 @@ spec:
status:
loadBalancer: {}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: vault
name: vault-data
namespace: vault
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: vault-config
namespace: vault
data:
vault.hcl: |-
disable_mlock = true
ui = true
listener "tcp" {
tls_disable = 1
address = "[::]:8200"
cluster_address = "[::]:8201"
}
storage "file" {
path = "/vault/data"
}

43
wyze-bridge/docker-compose.yml
View file

@ -4,11 +4,12 @@ services:
wyze-bridge:
image: mrlt8/wyze-bridge:latest
container_name: wyze-bridge
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 5000:5000
- 8554:8554
- 8888:8888
environment:
- QUALITY=SD30
- WYZE_EMAIL=${WYZE_EMAIL}
@ -18,23 +19,23 @@ services:
- TZ=America/Chicago
- RECORD_ALL=True
volumes:
- /etc/localtime:/etc/localtime:ro
- ${PWD}/wyze-bridge/data/cams/img:/img
- ${PWD}/wyze-bridge/data/record:/record
- img:/img
- record:/record
labels:
- "traefik.enable=true"
- "traefik.http.routers.cams.entrypoints=http"
- "traefik.http.routers.cams.rule=Host(`cams.${URL}`)"
- "traefik.http.middlewares.cams-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.cams.middlewares=cams-https-redirect"
- "traefik.http.routers.cams-secure.entrypoints=https"
- "traefik.http.routers.cams-secure.rule=Host(`cams.${URL}`)"
- "traefik.http.routers.cams-secure.tls=true"
- "traefik.http.routers.cams-secure.service=cams"
- "traefik.http.services.cams.loadbalancer.server.port=5000"
- "traefik.docker.network=proxy"
kompose.service.expose: cams.wayl.one
# labels:
# - "traefik.enable=true"
# - "traefik.http.routers.cams.entrypoints=http"
# - "traefik.http.routers.cams.rule=Host(`cams.${URL}`)"
# - "traefik.http.middlewares.cams-https-redirect.redirectscheme.scheme=https"
# - "traefik.http.routers.cams.middlewares=cams-https-redirect"
# - "traefik.http.routers.cams-secure.entrypoints=https"
# - "traefik.http.routers.cams-secure.rule=Host(`cams.${URL}`)"
# - "traefik.http.routers.cams-secure.tls=true"
# - "traefik.http.routers.cams-secure.service=cams"
# - "traefik.http.services.cams.loadbalancer.server.port=5000"
# - "traefik.docker.network=proxy"
networks:
proxy:
external: true
volumes:
img:
record:

174
wyze-bridge/wyze-bridge.yaml Normal file
View file

@ -0,0 +1,174 @@
---
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.cmd: kompose convert --namespace wyze-bridge -o wyze-bridge.yaml
kompose.service.expose: cams.wayl.one
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: wyze-bridge
name: wyze-bridge
namespace: wyze-bridge
spec:
ports:
- name: "5000"
port: 5000
targetPort: 5000
- name: "8554"
port: 8554
targetPort: 8554
- name: "8888"
port: 8888
targetPort: 8888
selector:
io.kompose.service: wyze-bridge
status:
loadBalancer: {}
---
apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: null
name: wyze-bridge
namespace: wyze-bridge
spec: {}
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.cmd: kompose convert --namespace wyze-bridge -o wyze-bridge.yaml
kompose.service.expose: cams.wayl.one
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: wyze-bridge
name: wyze-bridge
namespace: wyze-bridge
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: wyze-bridge
strategy:
type: Recreate
template:
metadata:
annotations:
kompose.cmd: kompose convert --namespace wyze-bridge -o wyze-bridge.yaml
kompose.service.expose: cams.wayl.one
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.network/wyze-bridge-default: "true"
io.kompose.service: wyze-bridge
spec:
containers:
- env:
- name: IMG_DIR
value: /img/
- name: QUALITY
value: SD30
- name: RECORD_ALL
value: "True"
- name: SNAPSHOT
value: RTSP1
- name: TZ
value: America/Chicago
- name: WYZE_EMAIL
- name: WYZE_PASSWORD
image: mrlt8/wyze-bridge:latest
name: wyze-bridge
ports:
- containerPort: 5000
hostPort: 5000
protocol: TCP
- containerPort: 8554
hostPort: 8554
protocol: TCP
- containerPort: 8888
hostPort: 8888
protocol: TCP
resources: {}
volumeMounts:
- mountPath: /img
name: img
- mountPath: /record
name: record
restartPolicy: Always
volumes:
- name: img
persistentVolumeClaim:
claimName: img
- name: record
persistentVolumeClaim:
claimName: record
status: {}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kompose.cmd: kompose convert --namespace wyze-bridge -o wyze-bridge.yaml
kompose.service.expose: cams.wayl.one
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: wyze-bridge
name: wyze-bridge
namespace: wyze-bridge
spec:
rules:
- host: cams.wayl.one
http:
paths:
- backend:
service:
name: wyze-bridge
port:
number: 5000
path: /
pathType: Prefix
status:
loadBalancer: {}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: img
name: img
namespace: wyze-bridge
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: record
name: record
namespace: wyze-bridge
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}