# Pastefy - Self-hosted Pastebin alternative # https://github.com/interaapps/pastefy # Version: 7.1.5 # Domain: pastefy.dooplex.hu # Auth: Native OAuth2/OIDC with Authentik # # Authentik Setup: # 1. Create OAuth2/OIDC Provider: # - Name: pastefy # - Client Type: Confidential # - Redirect URIs: https://pastefy.dooplex.hu/oauth-callback # - Scopes: openid, email, profile # 2. Create Application linked to this provider --- apiVersion: v1 kind: Namespace metadata: name: pastefy-system labels: app.kubernetes.io/name: pastefy --- apiVersion: apps/v1 kind: Deployment metadata: name: pastefy-db namespace: pastefy-system labels: app.kubernetes.io/instance: pastefy app.kubernetes.io/name: pastefy-db spec: replicas: 1 selector: matchLabels: app.kubernetes.io/instance: pastefy app.kubernetes.io/name: pastefy-db strategy: type: Recreate template: metadata: labels: app.kubernetes.io/instance: pastefy app.kubernetes.io/name: pastefy-db spec: containers: - name: mysql image: mysql:8.0 env: - name: MYSQL_ROOT_PASSWORD valueFrom: secretKeyRef: name: pastefy-db key: root-password - name: MYSQL_DATABASE valueFrom: secretKeyRef: name: pastefy-db key: database - name: MYSQL_USER valueFrom: secretKeyRef: name: pastefy-db key: username - name: MYSQL_PASSWORD valueFrom: secretKeyRef: name: pastefy-db key: password ports: - containerPort: 3306 name: mysql resources: requests: cpu: 100m memory: 256Mi limits: cpu: 500m memory: 512Mi volumeMounts: - name: data mountPath: /var/lib/mysql livenessProbe: exec: command: - sh - -c - mysqladmin ping -u root -p$MYSQL_ROOT_PASSWORD initialDelaySeconds: 30 periodSeconds: 10 readinessProbe: exec: command: - sh - -c - mysqladmin ping -u root -p$MYSQL_ROOT_PASSWORD initialDelaySeconds: 10 periodSeconds: 5 volumes: - name: data persistentVolumeClaim: claimName: pastefy-db --- apiVersion: apps/v1 kind: Deployment metadata: name: pastefy namespace: pastefy-system labels: app.kubernetes.io/instance: pastefy app.kubernetes.io/name: pastefy app.kubernetes.io/version: "7.1.5" spec: replicas: 1 selector: matchLabels: app.kubernetes.io/instance: pastefy app.kubernetes.io/name: pastefy strategy: type: Recreate template: metadata: labels: app.kubernetes.io/instance: pastefy app.kubernetes.io/name: pastefy app.kubernetes.io/version: "7.1.5" spec: containers: - name: pastefy image: interaapps/pastefy:7.1.5 env: - name: HTTP_SERVER_PORT value: "80" - name: HTTP_SERVER_CORS value: "*" - name: DATABASE_DRIVER value: "mysql" - name: DATABASE_NAME valueFrom: secretKeyRef: name: pastefy-db key: database - name: DATABASE_USER valueFrom: secretKeyRef: name: pastefy-db key: username - name: DATABASE_PASSWORD valueFrom: secretKeyRef: name: pastefy-db key: password - name: DATABASE_HOST value: "pastefy-db" - name: DATABASE_PORT value: "3306" - name: SERVER_NAME value: "https://pastefy.dooplex.hu" # Optional settings - name: AUTH_PROVIDER value: "" # Disable broken OAuth - name: PASTEFY_LOGIN_REQUIRED value: "false" - name: PASTEFY_LOGIN_REQUIRED_CREATE value: "false" - name: PASTEFY_PUBLIC_STATS value: "false" - name: PASTEFY_INFO_CUSTOM_NAME value: "Dooplex Paste" ports: - containerPort: 80 name: http resources: requests: cpu: 100m memory: 256Mi limits: cpu: 500m memory: 512Mi livenessProbe: httpGet: path: / port: http initialDelaySeconds: 30 periodSeconds: 30 readinessProbe: httpGet: path: / port: http initialDelaySeconds: 10 periodSeconds: 10 --- apiVersion: v1 kind: Service metadata: name: pastefy-db namespace: pastefy-system labels: app.kubernetes.io/instance: pastefy app.kubernetes.io/name: pastefy-db spec: type: ClusterIP ports: - name: mysql port: 3306 targetPort: mysql selector: app.kubernetes.io/instance: pastefy app.kubernetes.io/name: pastefy-db --- apiVersion: v1 kind: Service metadata: name: pastefy namespace: pastefy-system labels: app.kubernetes.io/instance: pastefy app.kubernetes.io/name: pastefy spec: type: ClusterIP ports: - name: http port: 80 targetPort: http selector: app.kubernetes.io/instance: pastefy app.kubernetes.io/name: pastefy --- # Ingress 1: Public - for viewing pastes (no auth) apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: pastefy-public namespace: pastefy-system annotations: nginx.ingress.kubernetes.io/use-regex: "true" spec: ingressClassName: nginx-internal rules: - host: pastefy.dooplex.hu http: paths: # Match paste IDs (typically 6-8 char alphanumeric) - path: /([a-zA-Z0-9]{5,12})(/raw)?$ pathType: ImplementationSpecific backend: service: name: pastefy port: number: 80 - host: pastefy.home http: paths: - path: /([a-zA-Z0-9]{5,12})(/raw)?$ pathType: ImplementationSpecific backend: service: name: pastefy port: number: 80 tls: - hosts: - pastefy.dooplex.hu secretName: pastefy-tls --- # Ingress 2: Protected - main app (with Authentik auth) apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: pastefy namespace: pastefy-system annotations: cert-manager.io/cluster-issuer: letsencrypt-prod external-dns.alpha.kubernetes.io/hostname: pastefy.dooplex.hu,pastefy.home nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-body-size: "50m" # Authentik forward auth nginx.ingress.kubernetes.io/auth-url: "http://ak-outpost-pastefy-outpost.auth-system.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx" nginx.ingress.kubernetes.io/auth-signin: "https://authentik.dooplex.hu/outpost.goauthentik.io/start?rd=$scheme://$host$escaped_request_uri" nginx.ingress.kubernetes.io/auth-response-headers: "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid" nginx.ingress.kubernetes.io/auth-snippet: | proxy_set_header X-Forwarded-Host $http_host; spec: ingressClassName: nginx-internal rules: - host: pastefy.dooplex.hu http: paths: - path: / pathType: Prefix backend: service: name: pastefy port: number: 80 - host: pastefy.home http: paths: - path: / pathType: Prefix backend: service: name: pastefy port: number: 80 tls: - hosts: - pastefy.dooplex.hu secretName: pastefy-tls --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: pastefy-db namespace: pastefy-system labels: app.kubernetes.io/instance: pastefy app.kubernetes.io/name: pastefy-db recurring-job-group.longhorn.io/needbackup: enabled recurring-job.longhorn.io/source: enabled spec: accessModes: - ReadWriteOnce storageClassName: longhorn resources: requests: storage: 2Gi