From 7dd3485f90e8ae84e46233ef17ddf9d4d5eabade Mon Sep 17 00:00:00 2001 From: kisfenyo Date: Sat, 3 Jan 2026 14:14:08 +0100 Subject: [PATCH] added wanderer --- argocd-apps/homelab.yaml | 22 ++ wanderer-system/wanderer.yaml | 379 ++++++++++++++++++++++++++++++++++ 2 files changed, 401 insertions(+) create mode 100644 wanderer-system/wanderer.yaml diff --git a/argocd-apps/homelab.yaml b/argocd-apps/homelab.yaml index 8ba4b7f..450ba27 100644 --- a/argocd-apps/homelab.yaml +++ b/argocd-apps/homelab.yaml @@ -811,4 +811,26 @@ spec: syncOptions: - CreateNamespace=true - PruneLast=true +--- +# Wanderer +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: wanderer + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: homelab + source: + repoURL: https://gitea.dooplex.hu/admin/homelab-manifests.git + targetRevision: main + path: wanderer-system + destination: + server: https://kubernetes.default.svc + namespace: wanderer-system + syncPolicy: + syncOptions: + - CreateNamespace=true + - PruneLast=true --- \ No newline at end of file diff --git a/wanderer-system/wanderer.yaml b/wanderer-system/wanderer.yaml new file mode 100644 index 0000000..0a710d9 --- /dev/null +++ b/wanderer-system/wanderer.yaml @@ -0,0 +1,379 @@ +# Wanderer - Self-hosted trail manager +# https://github.com/Flomp/wanderer +# Version: v0.8.13 +# Domain: wanderer.dooplex.hu +# Auth: OAuth configured via PocketBase admin UI +# +# wanderer uses PocketBase as its backend, which supports OAuth2/OIDC +# configured through the PocketBase admin panel. +# +# Setup steps after deployment: +# 1. Access PocketBase admin: https://wanderer.dooplex.hu/api/_/ +# 2. Create admin account on first access +# 3. Go to Settings > Auth providers +# 4. Add OpenID Connect provider: +# - Client ID: from Authentik +# - Client Secret: from Authentik +# - Auth URL: https://authentik.dooplex.hu/application/o/authorize/ +# - Token URL: https://authentik.dooplex.hu/application/o/token/ +# - User info URL: https://authentik.dooplex.hu/application/o/userinfo/ +# +# Authentik Setup: +# 1. Create OAuth2/OIDC Provider: +# - Name: wanderer +# - Client Type: Confidential +# - Redirect URIs: https://wanderer.dooplex.hu/api/oauth2-redirect +# - Scopes: openid, email, profile +# 2. Create Application linked to this provider +--- +apiVersion: v1 +kind: Namespace +metadata: + name: wanderer-system + labels: + app.kubernetes.io/name: wanderer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: wanderer-meilisearch + namespace: wanderer-system + labels: + app.kubernetes.io/instance: wanderer + app.kubernetes.io/name: wanderer-meilisearch +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: wanderer + app.kubernetes.io/name: wanderer-meilisearch + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/instance: wanderer + app.kubernetes.io/name: wanderer-meilisearch + spec: + containers: + - name: meilisearch + image: getmeili/meilisearch:v1.6 + env: + - name: MEILI_MASTER_KEY + valueFrom: + secretKeyRef: + name: wanderer-app + key: meili-master-key + - name: MEILI_ENV + value: "production" + - name: MEILI_NO_ANALYTICS + value: "true" + ports: + - containerPort: 7700 + name: http + resources: + requests: + cpu: 100m + memory: 256Mi + limits: + cpu: 500m + memory: 512Mi + volumeMounts: + - name: meili-data + mountPath: /meili_data + livenessProbe: + httpGet: + path: /health + port: http + initialDelaySeconds: 30 + periodSeconds: 30 + readinessProbe: + httpGet: + path: /health + port: http + initialDelaySeconds: 10 + periodSeconds: 10 + volumes: + - name: meili-data + persistentVolumeClaim: + claimName: wanderer-meilisearch +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: wanderer-db + namespace: wanderer-system + labels: + app.kubernetes.io/instance: wanderer + app.kubernetes.io/name: wanderer-db +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: wanderer + app.kubernetes.io/name: wanderer-db + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/instance: wanderer + app.kubernetes.io/name: wanderer-db + spec: + containers: + - name: pocketbase + image: flomp/wanderer-db:v0.8.13 + env: + - name: MEILI_URL + value: "http://wanderer-meilisearch:7700" + - name: MEILI_MASTER_KEY + valueFrom: + secretKeyRef: + name: wanderer-app + key: meili-master-key + - name: ENCRYPTION_KEY + valueFrom: + secretKeyRef: + name: wanderer-app + key: pocketbase-encryption-key + ports: + - containerPort: 8090 + name: http + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 500m + memory: 512Mi + volumeMounts: + - name: pb-data + mountPath: /pb_data + livenessProbe: + httpGet: + path: /api/health + port: http + initialDelaySeconds: 30 + periodSeconds: 30 + readinessProbe: + httpGet: + path: /api/health + port: http + initialDelaySeconds: 10 + periodSeconds: 10 + volumes: + - name: pb-data + persistentVolumeClaim: + claimName: wanderer-db +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: wanderer-web + namespace: wanderer-system + labels: + app.kubernetes.io/instance: wanderer + app.kubernetes.io/name: wanderer-web + app.kubernetes.io/version: "0.8.13" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: wanderer + app.kubernetes.io/name: wanderer-web + template: + metadata: + labels: + app.kubernetes.io/instance: wanderer + app.kubernetes.io/name: wanderer-web + app.kubernetes.io/version: "0.8.13" + spec: + containers: + - name: wanderer-web + image: flomp/wanderer-web:v0.8.13 + env: + - name: ORIGIN + value: "https://wanderer.dooplex.hu" + - name: PUBLIC_POCKETBASE_URL + value: "https://wanderer.dooplex.hu/api" + - name: MEILI_URL + value: "http://wanderer-meilisearch:7700" + - name: MEILI_MASTER_KEY + valueFrom: + secretKeyRef: + name: wanderer-app + key: meili-master-key + - name: PUBLIC_DISABLE_SIGNUP + value: "false" + - name: BODY_SIZE_LIMIT + value: "Infinity" + ports: + - containerPort: 3000 + name: http + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 300m + memory: 256Mi + livenessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 30 + periodSeconds: 30 + readinessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 10 + periodSeconds: 10 +--- +apiVersion: v1 +kind: Service +metadata: + name: wanderer-meilisearch + namespace: wanderer-system + labels: + app.kubernetes.io/instance: wanderer + app.kubernetes.io/name: wanderer-meilisearch +spec: + type: ClusterIP + ports: + - name: http + port: 7700 + targetPort: http + selector: + app.kubernetes.io/instance: wanderer + app.kubernetes.io/name: wanderer-meilisearch +--- +apiVersion: v1 +kind: Service +metadata: + name: wanderer-db + namespace: wanderer-system + labels: + app.kubernetes.io/instance: wanderer + app.kubernetes.io/name: wanderer-db +spec: + type: ClusterIP + ports: + - name: http + port: 8090 + targetPort: http + selector: + app.kubernetes.io/instance: wanderer + app.kubernetes.io/name: wanderer-db +--- +apiVersion: v1 +kind: Service +metadata: + name: wanderer-web + namespace: wanderer-system + labels: + app.kubernetes.io/instance: wanderer + app.kubernetes.io/name: wanderer-web +spec: + type: ClusterIP + ports: + - name: http + port: 3000 + targetPort: http + selector: + app.kubernetes.io/instance: wanderer + app.kubernetes.io/name: wanderer-web +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: wanderer + namespace: wanderer-system + labels: + app.kubernetes.io/instance: wanderer + app.kubernetes.io/name: wanderer + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + external-dns.alpha.kubernetes.io/hostname: wanderer.dooplex.hu,wanderer.home + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/proxy-body-size: "100m" + # Configuration snippet to handle PocketBase API routing + nginx.ingress.kubernetes.io/configuration-snippet: | + rewrite ^/api/(.*)$ /$1 break; +spec: + ingressClassName: nginx-internal + rules: + - host: wanderer.dooplex.hu + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: wanderer-web + port: + number: 3000 + - path: /api + pathType: Prefix + backend: + service: + name: wanderer-db + port: + number: 8090 + - host: wanderer.home + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: wanderer-web + port: + number: 3000 + - path: /api + pathType: Prefix + backend: + service: + name: wanderer-db + port: + number: 8090 + tls: + - hosts: + - wanderer.dooplex.hu + secretName: wanderer-tls +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: wanderer-meilisearch + namespace: wanderer-system + labels: + app.kubernetes.io/instance: wanderer + app.kubernetes.io/name: wanderer-meilisearch + recurring-job-group.longhorn.io/needbackup: enabled + recurring-job.longhorn.io/source: enabled +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn + resources: + requests: + storage: 5Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: wanderer-db + namespace: wanderer-system + labels: + app.kubernetes.io/instance: wanderer + app.kubernetes.io/name: wanderer-db + recurring-job-group.longhorn.io/needbackup: enabled + recurring-job.longhorn.io/source: enabled +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn + resources: + requests: + storage: 5Gi \ No newline at end of file