# Wanderer - Self-hosted trail manager # https://github.com/Flomp/wanderer # Version: v0.18.13 # Domain: wanderer.dooplex.hu # Auth: OAuth configured via PocketBase admin UI # # wanderer uses PocketBase as its backend, which supports OAuth2/OIDC # configured through the PocketBase admin panel. # # Setup steps after deployment: # 1. Access PocketBase admin: https://wanderer.dooplex.hu/api/_/ # 2. Create admin account on first access # 3. Go to Settings > Auth providers # 4. Add OpenID Connect provider: # - Client ID: from Authentik # - Client Secret: from Authentik # - Auth URL: https://authentik.dooplex.hu/application/o/authorize/ # - Token URL: https://authentik.dooplex.hu/application/o/token/ # - User info URL: https://authentik.dooplex.hu/application/o/userinfo/ # # Authentik Setup: # 1. Create OAuth2/OIDC Provider: # - Name: wanderer # - Client Type: Confidential # - Redirect URIs: https://wanderer.dooplex.hu/api/oauth2-redirect # - Scopes: openid, email, profile # 2. Create Application linked to this provider --- apiVersion: v1 kind: Namespace metadata: name: wanderer-system labels: app.kubernetes.io/name: wanderer --- apiVersion: apps/v1 kind: Deployment metadata: name: wanderer-meilisearch namespace: wanderer-system labels: app.kubernetes.io/instance: wanderer app.kubernetes.io/name: wanderer-meilisearch spec: replicas: 1 selector: matchLabels: app.kubernetes.io/instance: wanderer app.kubernetes.io/name: wanderer-meilisearch strategy: type: Recreate template: metadata: labels: app.kubernetes.io/instance: wanderer app.kubernetes.io/name: wanderer-meilisearch spec: containers: - name: meilisearch image: getmeili/meilisearch:v1.11.3 env: - name: MEILI_MASTER_KEY valueFrom: secretKeyRef: name: wanderer-app key: meili-master-key - name: MEILI_ENV value: "production" - name: MEILI_NO_ANALYTICS value: "true" ports: - containerPort: 7700 name: http resources: requests: cpu: 100m memory: 256Mi limits: cpu: 500m memory: 512Mi volumeMounts: - name: meili-data mountPath: /meili_data livenessProbe: httpGet: path: /health port: http initialDelaySeconds: 30 periodSeconds: 30 readinessProbe: httpGet: path: /health port: http initialDelaySeconds: 10 periodSeconds: 10 volumes: - name: meili-data persistentVolumeClaim: claimName: wanderer-meilisearch --- apiVersion: apps/v1 kind: Deployment metadata: name: wanderer-db namespace: wanderer-system labels: app.kubernetes.io/instance: wanderer app.kubernetes.io/name: wanderer-db spec: replicas: 1 selector: matchLabels: app.kubernetes.io/instance: wanderer app.kubernetes.io/name: wanderer-db strategy: type: Recreate template: metadata: labels: app.kubernetes.io/instance: wanderer app.kubernetes.io/name: wanderer-db spec: containers: - name: pocketbase image: flomp/wanderer-db:v0.18.3 env: - name: ORIGIN value: "https://wanderer.dooplex.hu" - name: MEILI_URL value: "http://wanderer-meilisearch:7700" - name: MEILI_MASTER_KEY valueFrom: secretKeyRef: name: wanderer-app key: meili-master-key - name: POCKETBASE_ENCRYPTION_KEY valueFrom: secretKeyRef: name: wanderer-app key: pocketbase-encryption-key ports: - containerPort: 8090 name: http resources: requests: cpu: 100m memory: 128Mi limits: cpu: 500m memory: 512Mi volumeMounts: - name: pb-data mountPath: /pb_data livenessProbe: httpGet: path: /api/health port: http initialDelaySeconds: 30 periodSeconds: 30 readinessProbe: httpGet: path: /api/health port: http initialDelaySeconds: 10 periodSeconds: 10 volumes: - name: pb-data persistentVolumeClaim: claimName: wanderer-db --- apiVersion: apps/v1 kind: Deployment metadata: name: wanderer-web namespace: wanderer-system labels: app.kubernetes.io/instance: wanderer app.kubernetes.io/name: wanderer-web spec: replicas: 1 selector: matchLabels: app.kubernetes.io/instance: wanderer app.kubernetes.io/name: wanderer-web strategy: type: Recreate template: metadata: labels: app.kubernetes.io/instance: wanderer app.kubernetes.io/name: wanderer-web spec: hostAliases: - ip: "10.43.166.147" hostnames: - "wanderer.dooplex.hu" containers: - name: wanderer-web image: flomp/wanderer-web:v0.18.3 env: - name: NODE_TLS_REJECT_UNAUTHORIZED value: "0" - name: NODE_OPTIONS value: "--max-old-space-size=3900" - name: ORIGIN value: "https://wanderer.dooplex.hu" - name: POCKETBASE_URL value: "http://wanderer-db:8090" - name: PUBLIC_POCKETBASE_URL value: "https://wanderer.dooplex.hu" - name: MEILI_URL value: "http://wanderer-meilisearch:7700" - name: MEILI_MASTER_KEY valueFrom: secretKeyRef: name: wanderer-app key: meili-master-key - name: PUBLIC_DISABLE_SIGNUP value: "false" - name: BODY_SIZE_LIMIT value: "Infinity" ports: - containerPort: 3000 name: http resources: requests: cpu: 50m memory: 64Mi limits: memory: 4Gi readinessProbe: httpGet: path: / port: http initialDelaySeconds: 15 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 --- apiVersion: v1 kind: Service metadata: name: wanderer-meilisearch namespace: wanderer-system labels: app.kubernetes.io/instance: wanderer app.kubernetes.io/name: wanderer-meilisearch spec: type: ClusterIP ports: - name: http port: 7700 targetPort: http selector: app.kubernetes.io/instance: wanderer app.kubernetes.io/name: wanderer-meilisearch --- apiVersion: v1 kind: Service metadata: name: wanderer-db namespace: wanderer-system labels: app.kubernetes.io/instance: wanderer app.kubernetes.io/name: wanderer-db spec: type: ClusterIP ports: - name: http port: 8090 targetPort: http selector: app.kubernetes.io/instance: wanderer app.kubernetes.io/name: wanderer-db --- apiVersion: v1 kind: Service metadata: name: wanderer-web namespace: wanderer-system labels: app.kubernetes.io/instance: wanderer app.kubernetes.io/name: wanderer-web spec: type: ClusterIP ports: - name: http port: 3000 targetPort: http selector: app.kubernetes.io/instance: wanderer app.kubernetes.io/name: wanderer-web --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: wanderer namespace: wanderer-system labels: app.kubernetes.io/instance: wanderer app.kubernetes.io/name: wanderer annotations: cert-manager.io/cluster-issuer: letsencrypt-prod external-dns.alpha.kubernetes.io/hostname: wanderer.dooplex.hu,wanderer.home nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-body-size: "100m" spec: ingressClassName: nginx-internal rules: - host: wanderer.dooplex.hu http: paths: - path: / pathType: Prefix backend: service: name: wanderer-web port: number: 3000 - path: /api pathType: Prefix backend: service: name: wanderer-db port: number: 8090 - path: /public pathType: Prefix backend: service: name: wanderer-db port: number: 8090 - host: wanderer.home http: paths: - path: / pathType: Prefix backend: service: name: wanderer-web port: number: 3000 - path: /api pathType: Prefix backend: service: name: wanderer-db port: number: 8090 - path: /public pathType: Prefix backend: service: name: wanderer-db port: number: 8090 tls: - hosts: - wanderer.dooplex.hu secretName: wanderer-tls --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: wanderer-meilisearch namespace: wanderer-system labels: app.kubernetes.io/instance: wanderer app.kubernetes.io/name: wanderer-meilisearch recurring-job-group.longhorn.io/needbackup: enabled recurring-job.longhorn.io/source: enabled spec: accessModes: - ReadWriteOnce storageClassName: longhorn resources: requests: storage: 5Gi --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: wanderer-db namespace: wanderer-system labels: app.kubernetes.io/instance: wanderer app.kubernetes.io/name: wanderer-db recurring-job-group.longhorn.io/needbackup: enabled recurring-job.longhorn.io/source: enabled spec: accessModes: - ReadWriteOnce storageClassName: longhorn resources: requests: storage: 5Gi