added wanderer

argocd-apps/homelab.yaml

@@ -811,4 +811,26 @@ spec:
     syncOptions:
     - CreateNamespace=true
     - PruneLast=true
+---
+# Wanderer
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: wanderer
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: homelab
+  source:
+    repoURL: https://gitea.dooplex.hu/admin/homelab-manifests.git
+    targetRevision: main
+    path: wanderer-system
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: wanderer-system
+  syncPolicy:
+    syncOptions:
+    - CreateNamespace=true
+    - PruneLast=true
 ---

wanderer-system/wanderer.yaml

@@ -0,0 +1,379 @@
+# Wanderer - Self-hosted trail manager
+# https://github.com/Flomp/wanderer
+# Version: v0.8.13
+# Domain: wanderer.dooplex.hu
+# Auth: OAuth configured via PocketBase admin UI
+#
+# wanderer uses PocketBase as its backend, which supports OAuth2/OIDC
+# configured through the PocketBase admin panel.
+#
+# Setup steps after deployment:
+# 1. Access PocketBase admin: https://wanderer.dooplex.hu/api/_/
+# 2. Create admin account on first access
+# 3. Go to Settings > Auth providers
+# 4. Add OpenID Connect provider:
+#    - Client ID: from Authentik
+#    - Client Secret: from Authentik
+#    - Auth URL: https://authentik.dooplex.hu/application/o/authorize/
+#    - Token URL: https://authentik.dooplex.hu/application/o/token/
+#    - User info URL: https://authentik.dooplex.hu/application/o/userinfo/
+#
+# Authentik Setup:
+# 1. Create OAuth2/OIDC Provider:
+#    - Name: wanderer
+#    - Client Type: Confidential
+#    - Redirect URIs: https://wanderer.dooplex.hu/api/oauth2-redirect
+#    - Scopes: openid, email, profile
+# 2. Create Application linked to this provider
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: wanderer-system
+  labels:
+    app.kubernetes.io/name: wanderer
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: wanderer-meilisearch
+  namespace: wanderer-system
+  labels:
+    app.kubernetes.io/instance: wanderer
+    app.kubernetes.io/name: wanderer-meilisearch
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: wanderer
+      app.kubernetes.io/name: wanderer-meilisearch
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/instance: wanderer
+        app.kubernetes.io/name: wanderer-meilisearch
+    spec:
+      containers:
+      - name: meilisearch
+        image: getmeili/meilisearch:v1.6
+        env:
+        - name: MEILI_MASTER_KEY
+          valueFrom:
+            secretKeyRef:
+              name: wanderer-app
+              key: meili-master-key
+        - name: MEILI_ENV
+          value: "production"
+        - name: MEILI_NO_ANALYTICS
+          value: "true"
+        ports:
+        - containerPort: 7700
+          name: http
+        resources:
+          requests:
+            cpu: 100m
+            memory: 256Mi
+          limits:
+            cpu: 500m
+            memory: 512Mi
+        volumeMounts:
+        - name: meili-data
+          mountPath: /meili_data
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: http
+          initialDelaySeconds: 30
+          periodSeconds: 30
+        readinessProbe:
+          httpGet:
+            path: /health
+            port: http
+          initialDelaySeconds: 10
+          periodSeconds: 10
+      volumes:
+      - name: meili-data
+        persistentVolumeClaim:
+          claimName: wanderer-meilisearch
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: wanderer-db
+  namespace: wanderer-system
+  labels:
+    app.kubernetes.io/instance: wanderer
+    app.kubernetes.io/name: wanderer-db
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: wanderer
+      app.kubernetes.io/name: wanderer-db
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/instance: wanderer
+        app.kubernetes.io/name: wanderer-db
+    spec:
+      containers:
+      - name: pocketbase
+        image: flomp/wanderer-db:v0.8.13
+        env:
+        - name: MEILI_URL
+          value: "http://wanderer-meilisearch:7700"
+        - name: MEILI_MASTER_KEY
+          valueFrom:
+            secretKeyRef:
+              name: wanderer-app
+              key: meili-master-key
+        - name: ENCRYPTION_KEY
+          valueFrom:
+            secretKeyRef:
+              name: wanderer-app
+              key: pocketbase-encryption-key
+        ports:
+        - containerPort: 8090
+          name: http
+        resources:
+          requests:
+            cpu: 100m
+            memory: 128Mi
+          limits:
+            cpu: 500m
+            memory: 512Mi
+        volumeMounts:
+        - name: pb-data
+          mountPath: /pb_data
+        livenessProbe:
+          httpGet:
+            path: /api/health
+            port: http
+          initialDelaySeconds: 30
+          periodSeconds: 30
+        readinessProbe:
+          httpGet:
+            path: /api/health
+            port: http
+          initialDelaySeconds: 10
+          periodSeconds: 10
+      volumes:
+      - name: pb-data
+        persistentVolumeClaim:
+          claimName: wanderer-db
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: wanderer-web
+  namespace: wanderer-system
+  labels:
+    app.kubernetes.io/instance: wanderer
+    app.kubernetes.io/name: wanderer-web
+    app.kubernetes.io/version: "0.8.13"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: wanderer
+      app.kubernetes.io/name: wanderer-web
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/instance: wanderer
+        app.kubernetes.io/name: wanderer-web
+        app.kubernetes.io/version: "0.8.13"
+    spec:
+      containers:
+      - name: wanderer-web
+        image: flomp/wanderer-web:v0.8.13
+        env:
+        - name: ORIGIN
+          value: "https://wanderer.dooplex.hu"
+        - name: PUBLIC_POCKETBASE_URL
+          value: "https://wanderer.dooplex.hu/api"
+        - name: MEILI_URL
+          value: "http://wanderer-meilisearch:7700"
+        - name: MEILI_MASTER_KEY
+          valueFrom:
+            secretKeyRef:
+              name: wanderer-app
+              key: meili-master-key
+        - name: PUBLIC_DISABLE_SIGNUP
+          value: "false"
+        - name: BODY_SIZE_LIMIT
+          value: "Infinity"
+        ports:
+        - containerPort: 3000
+          name: http
+        resources:
+          requests:
+            cpu: 50m
+            memory: 64Mi
+          limits:
+            cpu: 300m
+            memory: 256Mi
+        livenessProbe:
+          httpGet:
+            path: /
+            port: http
+          initialDelaySeconds: 30
+          periodSeconds: 30
+        readinessProbe:
+          httpGet:
+            path: /
+            port: http
+          initialDelaySeconds: 10
+          periodSeconds: 10
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: wanderer-meilisearch
+  namespace: wanderer-system
+  labels:
+    app.kubernetes.io/instance: wanderer
+    app.kubernetes.io/name: wanderer-meilisearch
+spec:
+  type: ClusterIP
+  ports:
+  - name: http
+    port: 7700
+    targetPort: http
+  selector:
+    app.kubernetes.io/instance: wanderer
+    app.kubernetes.io/name: wanderer-meilisearch
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: wanderer-db
+  namespace: wanderer-system
+  labels:
+    app.kubernetes.io/instance: wanderer
+    app.kubernetes.io/name: wanderer-db
+spec:
+  type: ClusterIP
+  ports:
+  - name: http
+    port: 8090
+    targetPort: http
+  selector:
+    app.kubernetes.io/instance: wanderer
+    app.kubernetes.io/name: wanderer-db
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: wanderer-web
+  namespace: wanderer-system
+  labels:
+    app.kubernetes.io/instance: wanderer
+    app.kubernetes.io/name: wanderer-web
+spec:
+  type: ClusterIP
+  ports:
+  - name: http
+    port: 3000
+    targetPort: http
+  selector:
+    app.kubernetes.io/instance: wanderer
+    app.kubernetes.io/name: wanderer-web
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: wanderer
+  namespace: wanderer-system
+  labels:
+    app.kubernetes.io/instance: wanderer
+    app.kubernetes.io/name: wanderer
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    external-dns.alpha.kubernetes.io/hostname: wanderer.dooplex.hu,wanderer.home
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/proxy-body-size: "100m"
+    # Configuration snippet to handle PocketBase API routing
+    nginx.ingress.kubernetes.io/configuration-snippet: |
+      rewrite ^/api/(.*)$ /$1 break;
+spec:
+  ingressClassName: nginx-internal
+  rules:
+  - host: wanderer.dooplex.hu
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: wanderer-web
+            port:
+              number: 3000
+      - path: /api
+        pathType: Prefix
+        backend:
+          service:
+            name: wanderer-db
+            port:
+              number: 8090
+  - host: wanderer.home
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: wanderer-web
+            port:
+              number: 3000
+      - path: /api
+        pathType: Prefix
+        backend:
+          service:
+            name: wanderer-db
+            port:
+              number: 8090
+  tls:
+  - hosts:
+    - wanderer.dooplex.hu
+    secretName: wanderer-tls
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: wanderer-meilisearch
+  namespace: wanderer-system
+  labels:
+    app.kubernetes.io/instance: wanderer
+    app.kubernetes.io/name: wanderer-meilisearch
+    recurring-job-group.longhorn.io/needbackup: enabled
+    recurring-job.longhorn.io/source: enabled
+spec:
+  accessModes:
+  - ReadWriteOnce
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: 5Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: wanderer-db
+  namespace: wanderer-system
+  labels:
+    app.kubernetes.io/instance: wanderer
+    app.kubernetes.io/name: wanderer-db
+    recurring-job-group.longhorn.io/needbackup: enabled
+    recurring-job.longhorn.io/source: enabled
+spec:
+  accessModes:
+  - ReadWriteOnce
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: 5Gi