diff --git a/argocd-apps/homelab.yaml b/argocd-apps/homelab.yaml index 0f0c744..ec8faa8 100644 --- a/argocd-apps/homelab.yaml +++ b/argocd-apps/homelab.yaml @@ -745,4 +745,26 @@ spec: syncOptions: - CreateNamespace=true - PruneLast=true +--- +# Fileshare (gokapi) +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: fileshare + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: homelab + source: + repoURL: https://gitea.dooplex.hu/admin/homelab-manifests.git + targetRevision: main + path: fileshare-system + destination: + server: https://kubernetes.default.svc + namespace: fileshare-system + syncPolicy: + syncOptions: + - CreateNamespace=true + - PruneLast=true --- \ No newline at end of file diff --git a/fileshare-system/gokapi.yaml b/fileshare-system/gokapi.yaml new file mode 100644 index 0000000..e235a31 --- /dev/null +++ b/fileshare-system/gokapi.yaml @@ -0,0 +1,223 @@ +# Gokapi - Lightweight file sharing server +# https://github.com/Forceu/gokapi +# Version: v2.1.0 +# Domain: fileshare.dooplex.hu +# Auth: OIDC configured via web UI after first deployment +# +# Gokapi Setup: +# 1. Deploy and access setup wizard at https://fileshare.dooplex.hu +# 2. Initial setup runs on first access +# 3. Configure OIDC in Settings > Authentication: +# - Provider URL: https://authentik.dooplex.hu/application/o/gokapi/ +# - Client ID: from Authentik +# - Client Secret: from Authentik +# - Redirect URL: https://fileshare.dooplex.hu/oauth-callback +# +# Authentik Setup: +# 1. Create OAuth2/OIDC Provider: +# - Name: gokapi +# - Client Type: Confidential +# - Redirect URIs: https://fileshare.dooplex.hu/oauth-callback +# - Scopes: openid, email, profile +# 2. Create Application linked to this provider +--- +apiVersion: v1 +kind: Namespace +metadata: + name: fileshare-system + labels: + app.kubernetes.io/name: gokapi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gokapi + namespace: fileshare-system + labels: + app.kubernetes.io/instance: gokapi + app.kubernetes.io/name: gokapi + app.kubernetes.io/version: "2.1.0" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: gokapi + app.kubernetes.io/name: gokapi + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/instance: gokapi + app.kubernetes.io/name: gokapi + app.kubernetes.io/version: "2.1.0" + spec: + securityContext: + fsGroup: 1000 + containers: + - name: gokapi + image: f0rc3/gokapi:v2.1.0 + env: + - name: TZ + value: "Europe/Budapest" + - name: GOKAPI_PORT + value: "53842" + - name: GOKAPI_EXTERNAL_URL + value: "https://fileshare.dooplex.hu/" + - name: GOKAPI_LOCALHOST + value: "false" + - name: GOKAPI_USE_SSL + value: "false" + - name: GOKAPI_DATA_DIR + value: "/data" + - name: GOKAPI_CONFIG_DIR + value: "/config" + - name: GOKAPI_MAX_MEMORY_UPLOAD + value: "100" + - name: GOKAPI_LOG_STDOUT + value: "true" + # Initial admin user (only used for first setup) + - name: GOKAPI_USERNAME + valueFrom: + secretKeyRef: + name: gokapi-app + key: admin-username + - name: GOKAPI_PASSWORD + valueFrom: + secretKeyRef: + name: gokapi-app + key: admin-password + ports: + - containerPort: 53842 + name: http + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 500m + memory: 256Mi + volumeMounts: + - name: config + mountPath: /config + - name: data + mountPath: /data + livenessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 30 + periodSeconds: 30 + readinessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 10 + periodSeconds: 10 + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + volumes: + - name: config + persistentVolumeClaim: + claimName: gokapi-config + - name: data + persistentVolumeClaim: + claimName: gokapi-data +--- +apiVersion: v1 +kind: Service +metadata: + name: gokapi + namespace: fileshare-system + labels: + app.kubernetes.io/instance: gokapi + app.kubernetes.io/name: gokapi +spec: + type: ClusterIP + ports: + - name: http + port: 53842 + targetPort: http + selector: + app.kubernetes.io/instance: gokapi + app.kubernetes.io/name: gokapi +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: gokapi + namespace: fileshare-system + labels: + app.kubernetes.io/instance: gokapi + app.kubernetes.io/name: gokapi + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + external-dns.alpha.kubernetes.io/hostname: fileshare.dooplex.hu,fileshare.home + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/proxy-body-size: "1g" + nginx.ingress.kubernetes.io/proxy-read-timeout: "600" + nginx.ingress.kubernetes.io/proxy-send-timeout: "600" +spec: + ingressClassName: nginx-internal + rules: + - host: fileshare.dooplex.hu + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: gokapi + port: + number: 53842 + - host: fileshare.home + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: gokapi + port: + number: 53842 + tls: + - hosts: + - fileshare.dooplex.hu + secretName: gokapi-tls +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: gokapi-config + namespace: fileshare-system + labels: + app.kubernetes.io/instance: gokapi + app.kubernetes.io/name: gokapi-config + recurring-job-group.longhorn.io/needbackup: enabled + recurring-job.longhorn.io/source: enabled +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn + resources: + requests: + storage: 1Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: gokapi-data + namespace: fileshare-system + labels: + app.kubernetes.io/instance: gokapi + app.kubernetes.io/name: gokapi-data + recurring-job-group.longhorn.io/needbackup: enabled + recurring-job.longhorn.io/source: enabled +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn + resources: + requests: + storage: 50Gi \ No newline at end of file