diff --git a/argocd-apps/homelab.yaml b/argocd-apps/homelab.yaml index 51cb58f..ee96269 100644 --- a/argocd-apps/homelab.yaml +++ b/argocd-apps/homelab.yaml @@ -702,3 +702,25 @@ spec: - CreateNamespace=true - PruneLast=true --- +# Pastefy +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: pastefy + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: homelab + source: + repoURL: https://gitea.dooplex.hu/admin/homelab-manifests.git + targetRevision: main + path: pastefy-system + destination: + server: https://kubernetes.default.svc + namespace: pastefy-system + syncPolicy: + syncOptions: + - CreateNamespace=true + - PruneLast=true +--- \ No newline at end of file diff --git a/pastefy-system/pastefy.yaml b/pastefy-system/pastefy.yaml new file mode 100644 index 0000000..123129c --- /dev/null +++ b/pastefy-system/pastefy.yaml @@ -0,0 +1,301 @@ +# Pastefy - Self-hosted Pastebin alternative +# https://github.com/interaapps/pastefy +# Version: 7.1.5 +# Domain: pastefy.dooplex.hu +# Auth: Native OAuth2/OIDC with Authentik +# +# Authentik Setup: +# 1. Create OAuth2/OIDC Provider: +# - Name: pastefy +# - Client Type: Confidential +# - Redirect URIs: https://pastefy.dooplex.hu/oauth-callback +# - Scopes: openid, email, profile +# 2. Create Application linked to this provider +--- +apiVersion: v1 +kind: Namespace +metadata: + name: pastefy-system + labels: + app.kubernetes.io/name: pastefy +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: pastefy-db + namespace: pastefy-system + labels: + app.kubernetes.io/instance: pastefy + app.kubernetes.io/name: pastefy-db +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: pastefy + app.kubernetes.io/name: pastefy-db + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/instance: pastefy + app.kubernetes.io/name: pastefy-db + spec: + containers: + - name: mysql + image: mysql:8.0 + env: + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: pastefy-db + key: root-password + - name: MYSQL_DATABASE + valueFrom: + secretKeyRef: + name: pastefy-db + key: database + - name: MYSQL_USER + valueFrom: + secretKeyRef: + name: pastefy-db + key: username + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: pastefy-db + key: password + ports: + - containerPort: 3306 + name: mysql + resources: + requests: + cpu: 100m + memory: 256Mi + limits: + cpu: 500m + memory: 512Mi + volumeMounts: + - name: data + mountPath: /var/lib/mysql + livenessProbe: + exec: + command: + - sh + - -c + - mysqladmin ping -u root -p$MYSQL_ROOT_PASSWORD + initialDelaySeconds: 30 + periodSeconds: 10 + readinessProbe: + exec: + command: + - sh + - -c + - mysqladmin ping -u root -p$MYSQL_ROOT_PASSWORD + initialDelaySeconds: 10 + periodSeconds: 5 + volumes: + - name: data + persistentVolumeClaim: + claimName: pastefy-db +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: pastefy + namespace: pastefy-system + labels: + app.kubernetes.io/instance: pastefy + app.kubernetes.io/name: pastefy + app.kubernetes.io/version: "7.1.5" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: pastefy + app.kubernetes.io/name: pastefy + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/instance: pastefy + app.kubernetes.io/name: pastefy + app.kubernetes.io/version: "7.1.5" + spec: + containers: + - name: pastefy + image: interaapps/pastefy:7.1.5 + env: + - name: HTTP_SERVER_PORT + value: "80" + - name: HTTP_SERVER_CORS + value: "*" + - name: DATABASE_DRIVER + value: "mysql" + - name: DATABASE_NAME + valueFrom: + secretKeyRef: + name: pastefy-db + key: database + - name: DATABASE_USER + valueFrom: + secretKeyRef: + name: pastefy-db + key: username + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: pastefy-db + key: password + - name: DATABASE_HOST + value: "pastefy-db" + - name: DATABASE_PORT + value: "3306" + - name: SERVER_NAME + value: "https://pastefy.dooplex.hu" + # OAuth2 Custom Provider (Authentik) + - name: AUTH_PROVIDER + value: "CUSTOM" + - name: OAUTH2_CUSTOM_CLIENT_ID + valueFrom: + secretKeyRef: + name: pastefy-oidc + key: client-id + - name: OAUTH2_CUSTOM_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: pastefy-oidc + key: client-secret + - name: OAUTH2_CUSTOM_AUTH_ENDPOINT + value: "https://authentik.dooplex.hu/application/o/authorize/" + - name: OAUTH2_CUSTOM_TOKEN_ENDPOINT + value: "https://authentik.dooplex.hu/application/o/token/" + - name: OAUTH2_CUSTOM_USERINFO_ENDPOINT + value: "https://authentik.dooplex.hu/application/o/userinfo/" + # Optional settings + - name: PASTEFY_LOGIN_REQUIRED + value: "false" + - name: PASTEFY_LOGIN_REQUIRED_CREATE + value: "true" + - name: PASTEFY_PUBLIC_STATS + value: "false" + - name: PASTEFY_INFO_CUSTOM_NAME + value: "Dooplex Paste" + ports: + - containerPort: 80 + name: http + resources: + requests: + cpu: 100m + memory: 256Mi + limits: + cpu: 500m + memory: 512Mi + livenessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 30 + periodSeconds: 30 + readinessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 10 + periodSeconds: 10 +--- +apiVersion: v1 +kind: Service +metadata: + name: pastefy-db + namespace: pastefy-system + labels: + app.kubernetes.io/instance: pastefy + app.kubernetes.io/name: pastefy-db +spec: + type: ClusterIP + ports: + - name: mysql + port: 3306 + targetPort: mysql + selector: + app.kubernetes.io/instance: pastefy + app.kubernetes.io/name: pastefy-db +--- +apiVersion: v1 +kind: Service +metadata: + name: pastefy + namespace: pastefy-system + labels: + app.kubernetes.io/instance: pastefy + app.kubernetes.io/name: pastefy +spec: + type: ClusterIP + ports: + - name: http + port: 80 + targetPort: http + selector: + app.kubernetes.io/instance: pastefy + app.kubernetes.io/name: pastefy +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: pastefy + namespace: pastefy-system + labels: + app.kubernetes.io/instance: pastefy + app.kubernetes.io/name: pastefy + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + external-dns.alpha.kubernetes.io/hostname: pastefy.dooplex.hu,pastefy.home + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/proxy-body-size: "50m" +spec: + ingressClassName: nginx-internal + rules: + - host: pastefy.dooplex.hu + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: pastefy + port: + number: 80 + - host: pastefy.home + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: pastefy + port: + number: 80 + tls: + - hosts: + - pastefy.dooplex.hu + secretName: pastefy-tls +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: pastefy-db + namespace: pastefy-system + labels: + app.kubernetes.io/instance: pastefy + app.kubernetes.io/name: pastefy-db + recurring-job-group.longhorn.io/needbackup: enabled + recurring-job.longhorn.io/source: enabled +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn + resources: + requests: + storage: 2Gi \ No newline at end of file