From 9a2f6303ee6189ff7cfb75d6bb60f9cd821e6822 Mon Sep 17 00:00:00 2001 From: j Date: Tue, 1 Jul 2025 10:49:44 +1000 Subject: [PATCH 1/3] Master/Slave configuration --- deployments/dns/bind.yaml | 181 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 181 insertions(+) create mode 100644 deployments/dns/bind.yaml diff --git a/deployments/dns/bind.yaml b/deployments/dns/bind.yaml new file mode 100644 index 0000000..36960bb --- /dev/null +++ b/deployments/dns/bind.yaml @@ -0,0 +1,181 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: bind9 +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: bind-master-config + namespace: dns +data: + named.conf: | + options { + directory "/var/cache/bind"; + + recursion yes; + allow-query { any; }; + + listen-on port 53 { any; }; + listen-on-v6 port 53 { any; }; + + forwarders { + 10.40.0.254; + }; + + acl "slaves" { + 10.0.0.0/8; + }; + + allow-transfer { "slaves"; }; + + dnssec-validation auto; + include "/etc/named/externaldns-key.conf"; + }; + + zone "." IN { + type hint; + file "/usr/share/dns/root.hints"; + }; + + zone "hxme.net." IN { + type master; + file "/etc/bind/db.hxme.net"; + allow-update { key "externaldns-key"; }; + }; + db.hxme.net: | + $TTL 3600 + @ IN SOA ns1.hxme.net. admin.hxme.net. ( + 1 ; Serial + 7200 ; Refresh + 1800 ; Retry + 1209600 ; Expire + 86400 ) ; Negative Cache TTL + ; + @ IN NS ns1.hxme.net. + ns1 IN A 10.40.0.110 + @ IN A 10.40.0.110 + www IN A 10.40.0.110 +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: bind-slave-config + namespace: dns +data: + named.conf: | + options { + directory "/var/cache/bind"; + recursion yes; + allow-query { any; }; + listen-on port 53 { any; }; + listen-on-v6 port 53 { any; }; + dnssec-validation auto; + }; + + include "/etc/named/tsig-key.conf"; + + zone "example.com" { + type slave; + masters { bind-master.dns.svc.cluster.local key bind-slave-key; }; + file "slaves/example.com.db"; + }; +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: bind-master + namespace: dns +spec: + replicas: 1 + selector: + matchLabels: + app: bind-master + template: + metadata: + labels: + app: bind-master + spec: + containers: + - name: bind-master + image: internetsystemsconsortium/bind9:9.18 + ports: + - containerPort: 53 + protocol: UDP + - containerPort: 53 + protocol: TCP + volumeMounts: + - name: config + mountPath: /etc/bind/named.conf + subPath: named.conf + - name: config + mountPath: /etc/bind/db.hxme.net + subPath: db.hxme.net + - name: dns-secrets + mountPath: /etc/bind/externaldns-key.conf + subPath: externaldns-key.conf + volumes: + - name: dns-secrets + secret: + secretName: dns-secrets + - name: config + configMap: + name: bind-master-config +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: bind-slave + namespace: dns +spec: + selector: + matchLabels: + app: bind-slave + template: + metadata: + labels: + app: bind-slave + spec: + containers: + - name: bind9 + image: internetsystemsconsortium/bind9:9.18 + ports: + - containerPort: 53 + protocol: UDP + - containerPort: 53 + protocol: TCP + volumeMounts: + - name: config + mountPath: /etc/bind/named.conf + subPath: named.conf + - name: bind-slave-key + subPath: tsig-key.conf + mountPath: /etc/bind/tsig-key.conf + volumes: + - name: config + configMap: + name: bind-slave-config + - name: bind-slave-key + secret: + secretName: bind-slave-key +--- +apiVersion: v1 +kind: Service +metadata: + name: bind9 + namespace: dns +spec: + type: LoadBalancer + selector: + app: bind-slave + ports: + - name: dns-udp + port: 53 + targetPort: 53 + protocol: UDP + - name: dns-tcp + port: 53 + targetPort: 53 + protocol: TCP + From 06f16dfa0e1d47899ca085a210e4301f63834810 Mon Sep 17 00:00:00 2001 From: j Date: Tue, 1 Jul 2025 10:49:48 +1000 Subject: [PATCH 2/3] Nextcloud --- deployments/files/nextcloud.yaml | 132 +++++++++++++++++++++++++++++++ 1 file changed, 132 insertions(+) create mode 100644 deployments/files/nextcloud.yaml diff --git a/deployments/files/nextcloud.yaml b/deployments/files/nextcloud.yaml new file mode 100644 index 0000000..ac9c27f --- /dev/null +++ b/deployments/files/nextcloud.yaml @@ -0,0 +1,132 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: nextcloud +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: nextcloud-pv +spec: + capacity: + storage: 10Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + hostPath: + path: /dpool/temp/Nextcloud +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nextcloud-pvc + namespace: nextcloud +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + volumeName: nextcloud-pv +--- +apiVersion: v1 +kind: Service +metadata: + name: nextcloud + namespace: nextcloud +spec: + ports: + - port: 80 + selector: + app: nextcloud +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nextcloud + namespace: nextcloud +spec: + selector: + matchLabels: + app: nextcloud + template: + metadata: + labels: + app: nextcloud + spec: + containers: + - name: nextcloud + image: nextcloud:29 + env: + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: nextcloud-secrets + key: MYSQL_PASSWORD + - name: MYSQL_DATABASE + value: nextcloud + - name: MYSQL_USER + value: nextcloud + - name: MYSQL_HOST + value: mariadb + ports: + - containerPort: 80 + volumeMounts: + - name: nextcloud-data + mountPath: /var/www/html + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + volumes: + - name: nextcloud-data + persistentVolumeClaim: + claimName: nextcloud-data +--- +apiVersion: mariadb.mmontes.io/v1alpha1 +kind: MariaDB +metadata: + name: nextcloud-db + namespace: nextcloud +spec: + rootPasswordSecretKeyRef: + name: nextcloud-secrets + key: MYSQL_USER + username: nextcloud + passwordSecretKeyRef: + name: nextcloud-secrets + key: MYSQL_PASSWORD + database: nextcloud + storage: + size: 5Gi + image: mariadb:10.11 + volumeClaimTemplate: + storageClassName: default + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nextcloud + namespace: nextcloud + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: web +spec: + rules: + - host: nextcloud.local + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: nextcloud + port: + number: 80 + From 2361fb38872795b8b2b50639f63a4c71b45f1d32 Mon Sep 17 00:00:00 2001 From: j Date: Tue, 1 Jul 2025 10:49:51 +1000 Subject: [PATCH 3/3] syncthing --- deployments/files/syncthing.yaml | 109 +++++++++++++++++++++++++++++++ 1 file changed, 109 insertions(+) create mode 100644 deployments/files/syncthing.yaml diff --git a/deployments/files/syncthing.yaml b/deployments/files/syncthing.yaml new file mode 100644 index 0000000..a7279b2 --- /dev/null +++ b/deployments/files/syncthing.yaml @@ -0,0 +1,109 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: syncthing +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: syncthing-data + namespace: syncthing +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: syncthing-share-pv +spec: + capacity: + storage: 1000Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + hostPath: + path: /dpool/files +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: syncthing-share + namespace: syncthing +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1000Gi + volumeName: syncthing-share-pv +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: syncthing + namespace: syncthing +spec: + replicas: 1 + selector: + matchLabels: + app: syncthing + template: + metadata: + labels: + app: syncthing + spec: + containers: + - name: syncthing + image: syncthing/syncthing:latest + ports: + - containerPort: 8384 + - containerPort: 22000 + - containerPort: 21027 + protocol: UDP + volumeMounts: + - name: syncthing-data + mountPath: /var/syncthing + - name: syncthing-share + mountPath: /shared + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + volumes: + - name: syncthing-data + persistentVolumeClaim: + claimName: syncthing-data + - name: syncthing-share + persistentVolumeClaim: + claimName: syncthing-share +--- +apiVersion: v1 +kind: Service +metadata: + name: syncthing + namespace: syncthing +spec: + selector: + app: syncthing + ports: + - name: web-ui + port: 8384 + targetPort: 8384 + - name: sync-tcp + port: 22000 + targetPort: 22000 + - name: sync-udp + port: 22000 + protocol: UDP + targetPort: 22000 + - name: discovery + port: 21027 + protocol: UDP + targetPort: 21027 + type: ClusterIP +