From f073dc1d02ccb62976178e6d0f872bab1312e4b3 Mon Sep 17 00:00:00 2001 From: kisfenyo Date: Sat, 7 Feb 2026 08:36:36 +0100 Subject: [PATCH] added revfulop-calendar --- orsi-system/revfulop-calendar.yaml | 225 +++++++++++++++++++++++++++++ 1 file changed, 225 insertions(+) create mode 100644 orsi-system/revfulop-calendar.yaml diff --git a/orsi-system/revfulop-calendar.yaml b/orsi-system/revfulop-calendar.yaml new file mode 100644 index 0000000..5ce94cf --- /dev/null +++ b/orsi-system/revfulop-calendar.yaml @@ -0,0 +1,225 @@ +# ============================================================================= +# Révfülöp Nyaraló Naptár - Kubernetes Deployment +# ============================================================================= +# Domain: revfulop.dooplex.hu +# Namespace: orsi-system (shared with Orsi's Glance dashboard) +# +# AUTH OPTIONS (pick one): +# Option A: No auth (public, geo-blocked to HU only) - DEFAULT below +# Option B: Simple password auth - uncomment SIMPLE_AUTH_PASSWORD env var +# Option C: Authentik proxy - use the alternate ingress at the bottom +# +# BUILD & PUSH: +# docker build -t gitea.dooplex.hu/viktor/revfulop-calendar:1.0.0 . +# docker push gitea.dooplex.hu/viktor/revfulop-calendar:1.0.0 +# ============================================================================= +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: revfulop-calendar + app.kubernetes.io/name: revfulop-calendar + app.kubernetes.io/version: "1.0.0" + name: revfulop-calendar + namespace: orsi-system +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: revfulop-calendar + app.kubernetes.io/name: revfulop-calendar + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/instance: revfulop-calendar + app.kubernetes.io/name: revfulop-calendar + app.kubernetes.io/version: "1.0.0" + spec: + containers: + - name: revfulop-calendar + image: gitea.dooplex.hu/admin/revfulop-calendar:1.0.0 + imagePullPolicy: IfNotPresent + env: + - name: TZ + value: Europe/Budapest + - name: PORT + value: "3000" + - name: DB_PATH + value: /data/revfulop.db + # ------------------------------------------------------------------ + # Option B: Simple password auth + # Uncomment the line below and set a shared family password. + # Everyone uses the same password to access the site. + # ------------------------------------------------------------------ + - name: SIMPLE_AUTH_PASSWORD + value: "nyaralo2026" + # ------------------------------------------------------------------ + # Optional: Override family members (JSON array) + # ------------------------------------------------------------------ + # - name: FAMILY_MEMBERS + # value: '[{"id":"orsi","name":"Orsi","color":"#E07A5F"},{"id":"papa","name":"Papa","color":"#3D405B"},{"id":"mama","name":"Mama","color":"#81B29A"},{"id":"tesa","name":"Tesa","color":"#F2CC8F"},{"id":"balint","name":"Bálint","color":"#7B9EA8"}]' + ports: + - containerPort: 3000 + name: http + protocol: TCP + livenessProbe: + httpGet: + path: /api/auth-status + port: http + initialDelaySeconds: 10 + periodSeconds: 30 + timeoutSeconds: 5 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /api/auth-status + port: http + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + resources: + limits: + cpu: 200m + memory: 128Mi + requests: + cpu: 20m + memory: 32Mi + volumeMounts: + - name: data + mountPath: /data + volumes: + - name: data + persistentVolumeClaim: + claimName: revfulop-calendar-data +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: revfulop-calendar + app.kubernetes.io/name: revfulop-calendar + name: revfulop-calendar + namespace: orsi-system +spec: + ports: + - name: http + port: 3000 + protocol: TCP + targetPort: http + selector: + app.kubernetes.io/instance: revfulop-calendar + app.kubernetes.io/name: revfulop-calendar + type: ClusterIP +--- +# ============================================================================= +# Option A & B: Standard Ingress (geo-blocked, no Authentik) +# ============================================================================= +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + external-dns.alpha.kubernetes.io/hostname: revfulop.dooplex.hu + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/configuration-snippet: | + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { + return 403 "Access restricted to Hungary"; + } + labels: + app.kubernetes.io/instance: revfulop-calendar + app.kubernetes.io/name: revfulop-calendar + name: revfulop-calendar + namespace: orsi-system +spec: + ingressClassName: nginx-internal + rules: + - host: revfulop.dooplex.hu + http: + paths: + - backend: + service: + name: revfulop-calendar + port: + number: 3000 + path: / + pathType: Prefix + tls: + - hosts: + - revfulop.dooplex.hu + secretName: revfulop-calendar-tls +--- +# ============================================================================= +# Option C: Authentik Proxy Ingress (ALTERNATIVE - replace the ingress above) +# ============================================================================= +# Authentik setup steps: +# 1. Create Application: "revfulop-calendar" in Authentik +# 2. Create Proxy Provider: external host = https://revfulop.dooplex.hu +# 3. Create Outpost: "revfulop-outpost" (or reuse existing one) +# 4. Create users for family members in Authentik +# 5. Uncomment the ingress below and remove/comment the one above +# ============================================================================= +# apiVersion: networking.k8s.io/v1 +# kind: Ingress +# metadata: +# annotations: +# cert-manager.io/cluster-issuer: letsencrypt-prod +# external-dns.alpha.kubernetes.io/hostname: revfulop.dooplex.hu +# nginx.ingress.kubernetes.io/ssl-redirect: "true" +# nginx.ingress.kubernetes.io/auth-url: http://ak-outpost-revfulop-outpost.auth-system.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx +# nginx.ingress.kubernetes.io/auth-signin: https://revfulop.dooplex.hu/outpost.goauthentik.io/start?rd=$escaped_request_uri +# nginx.ingress.kubernetes.io/auth-snippet: | +# proxy_set_header X-Forwarded-Host $http_host; +# nginx.ingress.kubernetes.io/configuration-snippet: | +# set $geo_allowed 0; +# if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } +# if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } +# if ($geoip2_country_code = "HU") { set $geo_allowed 1; } +# if ($geo_allowed = 0) { +# return 403 "Access restricted to Hungary"; +# } +# labels: +# app.kubernetes.io/instance: revfulop-calendar +# app.kubernetes.io/name: revfulop-calendar +# name: revfulop-calendar +# namespace: orsi-system +# spec: +# ingressClassName: nginx-internal +# rules: +# - host: revfulop.dooplex.hu +# http: +# paths: +# - backend: +# service: +# name: revfulop-calendar +# port: +# number: 3000 +# path: / +# pathType: Prefix +# tls: +# - hosts: +# - revfulop.dooplex.hu +# secretName: revfulop-calendar-tls +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/instance: revfulop-calendar + app.kubernetes.io/name: revfulop-calendar + name: revfulop-calendar-data + namespace: orsi-system +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 256Mi + storageClassName: longhorn \ No newline at end of file