admin/homelab-manifests
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

added revfulop-calendar

Browse Source
This commit is contained in:
authentik Default Admin
2026-02-07 08:36:36 +01:00
parent 1f2f8b045b
commit f073dc1d02
1 changed files with 225 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
orsi-system/revfulop-calendar.yaml
+225
View File
@@ -0,0 +1,225 @@
# =============================================================================
# Révfülöp Nyaraló Naptár - Kubernetes Deployment
# =============================================================================
# Domain: revfulop.dooplex.hu
# Namespace: orsi-system (shared with Orsi's Glance dashboard)
#
# AUTH OPTIONS (pick one):
# Option A: No auth (public, geo-blocked to HU only) - DEFAULT below
# Option B: Simple password auth - uncomment SIMPLE_AUTH_PASSWORD env var
# Option C: Authentik proxy - use the alternate ingress at the bottom
#
# BUILD & PUSH:
# docker build -t gitea.dooplex.hu/viktor/revfulop-calendar:1.0.0 .
# docker push gitea.dooplex.hu/viktor/revfulop-calendar:1.0.0
# =============================================================================
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: revfulop-calendar
app.kubernetes.io/name: revfulop-calendar
app.kubernetes.io/version: "1.0.0"
name: revfulop-calendar
namespace: orsi-system
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: revfulop-calendar
app.kubernetes.io/name: revfulop-calendar
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/instance: revfulop-calendar
app.kubernetes.io/name: revfulop-calendar
app.kubernetes.io/version: "1.0.0"
spec:
containers:
- name: revfulop-calendar
image: gitea.dooplex.hu/admin/revfulop-calendar:1.0.0
imagePullPolicy: IfNotPresent
env:
- name: TZ
value: Europe/Budapest
- name: PORT
value: "3000"
- name: DB_PATH
value: /data/revfulop.db
# ------------------------------------------------------------------
# Option B: Simple password auth
# Uncomment the line below and set a shared family password.
# Everyone uses the same password to access the site.
# ------------------------------------------------------------------
- name: SIMPLE_AUTH_PASSWORD
value: "nyaralo2026"
# ------------------------------------------------------------------
# Optional: Override family members (JSON array)
# ------------------------------------------------------------------
# - name: FAMILY_MEMBERS
# value: '[{"id":"orsi","name":"Orsi","color":"#E07A5F"},{"id":"papa","name":"Papa","color":"#3D405B"},{"id":"mama","name":"Mama","color":"#81B29A"},{"id":"tesa","name":"Tesa","color":"#F2CC8F"},{"id":"balint","name":"Bálint","color":"#7B9EA8"}]'
ports:
- containerPort: 3000
name: http
protocol: TCP
livenessProbe:
httpGet:
path: /api/auth-status
port: http
initialDelaySeconds: 10
periodSeconds: 30
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /api/auth-status
port: http
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
resources:
limits:
cpu: 200m
memory: 128Mi
requests:
cpu: 20m
memory: 32Mi
volumeMounts:
- name: data
mountPath: /data
volumes:
- name: data
persistentVolumeClaim:
claimName: revfulop-calendar-data
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: revfulop-calendar
app.kubernetes.io/name: revfulop-calendar
name: revfulop-calendar
namespace: orsi-system
spec:
ports:
- name: http
port: 3000
protocol: TCP
targetPort: http
selector:
app.kubernetes.io/instance: revfulop-calendar
app.kubernetes.io/name: revfulop-calendar
type: ClusterIP
---
# =============================================================================
# Option A & B: Standard Ingress (geo-blocked, no Authentik)
# =============================================================================
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
external-dns.alpha.kubernetes.io/hostname: revfulop.dooplex.hu
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
set $geo_allowed 0;
if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; }
if ($remote_addr ~ "^10\.") { set $geo_allowed 1; }
if ($geoip2_country_code = "HU") { set $geo_allowed 1; }
if ($geo_allowed = 0) {
return 403 "Access restricted to Hungary";
}
labels:
app.kubernetes.io/instance: revfulop-calendar
app.kubernetes.io/name: revfulop-calendar
name: revfulop-calendar
namespace: orsi-system
spec:
ingressClassName: nginx-internal
rules:
- host: revfulop.dooplex.hu
http:
paths:
- backend:
service:
name: revfulop-calendar
port:
number: 3000
path: /
pathType: Prefix
tls:
- hosts:
- revfulop.dooplex.hu
secretName: revfulop-calendar-tls
---
# =============================================================================
# Option C: Authentik Proxy Ingress (ALTERNATIVE - replace the ingress above)
# =============================================================================
# Authentik setup steps:
# 1. Create Application: "revfulop-calendar" in Authentik
# 2. Create Proxy Provider: external host = https://revfulop.dooplex.hu
# 3. Create Outpost: "revfulop-outpost" (or reuse existing one)
# 4. Create users for family members in Authentik
# 5. Uncomment the ingress below and remove/comment the one above
# =============================================================================
# apiVersion: networking.k8s.io/v1
# kind: Ingress
# metadata:
# annotations:
# cert-manager.io/cluster-issuer: letsencrypt-prod
# external-dns.alpha.kubernetes.io/hostname: revfulop.dooplex.hu
# nginx.ingress.kubernetes.io/ssl-redirect: "true"
# nginx.ingress.kubernetes.io/auth-url: http://ak-outpost-revfulop-outpost.auth-system.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
# nginx.ingress.kubernetes.io/auth-signin: https://revfulop.dooplex.hu/outpost.goauthentik.io/start?rd=$escaped_request_uri
# nginx.ingress.kubernetes.io/auth-snippet: |
# proxy_set_header X-Forwarded-Host $http_host;
# nginx.ingress.kubernetes.io/configuration-snippet: |
# set $geo_allowed 0;
# if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; }
# if ($remote_addr ~ "^10\.") { set $geo_allowed 1; }
# if ($geoip2_country_code = "HU") { set $geo_allowed 1; }
# if ($geo_allowed = 0) {
# return 403 "Access restricted to Hungary";
# }
# labels:
# app.kubernetes.io/instance: revfulop-calendar
# app.kubernetes.io/name: revfulop-calendar
# name: revfulop-calendar
# namespace: orsi-system
# spec:
# ingressClassName: nginx-internal
# rules:
# - host: revfulop.dooplex.hu
# http:
# paths:
# - backend:
# service:
# name: revfulop-calendar
# port:
# number: 3000
# path: /
# pathType: Prefix
# tls:
# - hosts:
# - revfulop.dooplex.hu
# secretName: revfulop-calendar-tls
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/instance: revfulop-calendar
app.kubernetes.io/name: revfulop-calendar
name: revfulop-calendar-data
namespace: orsi-system
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 256Mi
storageClassName: longhorn