alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 7 Actions 1 Activity

add affine

Browse Source
This commit is contained in:
Alex Lebens
2024-09-18 21:01:52 -05:00
parent b140fb1b5f
commit 4ee87d29c6
4 changed files with 411 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
clusters/cl01tl/applications/affine/Chart.yaml Normal file
View File

@@ -0,0 +1,39 @@
apiVersion: v2
name: affine
version: 1.0.0
description: Affine
keywords:
- affine
- tasks
- productivity
home: https://wiki.alexlebens.dev/doc/affine-FKOx0pEpxW
sources:
- https://github.com/toeverything/AFFiNE
- https://github.com/valkey-io/valkey
- https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg
- https://ghcr.io/toeverything/affine-graphql
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
- https://github.com/bitnami/charts/tree/main/bitnami/valkey
- https://github.com/alexlebens/helm-charts/charts/cloudflared
- https://github.com/alexlebens/helm-charts/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: affine
repository: https://bjw-s.github.io/helm-charts/
version: 3.4.0
- name: valkey
version: 0.3.15
repository: https://charts.bitnami.com/bitnami
- name: cloudflared
alias: cloudflared-affine
repository: http://alexlebens.github.io/helm-charts
version: 1.7.0
- name: postgres-cluster
alias: postgres-16-cluster
version: 3.9.0
repository: http://alexlebens.github.io/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/affine-light.png
appVersion: 0.16.3

205
clusters/cl01tl/applications/affine/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,205 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: affine-admin-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: affine-admin-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: email
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/affine/admin
metadataPolicy: None
property: email
- secretKey: password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/affine/admin
metadataPolicy: None
property: password
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: affine-cloudflared-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: affine-cloudflared-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: cf-tunnel-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/tunnels/affine
metadataPolicy: None
property: token
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: affine-config-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: affine-config-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: backup
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/affine/affine-config"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: S3_BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /aws/keys/cl01tl-volsync-backups
metadataPolicy: None
property: access_key
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /aws/keys/cl01tl-volsync-backups
metadataPolicy: None
property: secret_key
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: affine-storage-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: affine-storage-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: backup
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/affine/affine-storage"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: S3_BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /aws/keys/cl01tl-volsync-backups
metadataPolicy: None
property: access_key
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /aws/keys/cl01tl-volsync-backups
metadataPolicy: None
property: secret_key
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: affine-postgresql-16-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: affine-postgresql-16-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /aws/keys/cl01tl-backup-postgresql
metadataPolicy: None
property: access_key
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /aws/keys/cl01tl-backup-postgresql
metadataPolicy: None
property: secret_key

56
clusters/cl01tl/applications/affine/templates/replication-source.yaml Normal file
View File

@@ -0,0 +1,56 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: affine-config-backup-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: affine-config-backup-source
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: backup
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: affine-config
trigger:
schedule: 0 0 * * *
restic:
pruneIntervalDays: 7
repository: affine-config-backup-secret
retain:
hourly: 1
daily: 1
weekly: 3
monthly: 2
yearly: 4
copyMethod: Snapshot
storageClassName: ceph-block-delete
volumeSnapshotClassName: ceph-blockpool-snapshot
---
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: affine-storage-backup-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: affine-storage-backup-source
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: backup
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: affine-storage
trigger:
schedule: 0 0 * * *
restic:
pruneIntervalDays: 7
repository: affine-storage-backup-secret
retain:
hourly: 1
daily: 1
weekly: 3
monthly: 2
yearly: 4
copyMethod: Snapshot
storageClassName: ceph-block-delete
volumeSnapshotClassName: ceph-blockpool-snapshot

111
clusters/cl01tl/applications/affine/values.yaml Normal file
View File

@@ -0,0 +1,111 @@
affine:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/toeverything/affine-graphql
tag: 0.16.3
pullPolicy: IfNotPresent
args:
- sh
- -c
- node ./scripts/self-host-predeploy && node ./dist/index.js
env:
- name: NODE_ENV
value: production
- name: NODE_OPTIONS
value: --import=./scripts/register.js
- name: TELEMETRY_ENABLE
value: false
- name: AFFINE_CONFIG_PATH
value: /root/.affine/config
- name: AFFINE_SERVER_HOST
value: affine.alexlebens.dev
- name: AFFINE_SERVER_EXTERNAL_URL
value: affine.alexlebens.dev
- name: AFFINE_ADMIN_EMAIL
valueFrom:
secretKeyRef:
name: affine-admin-secret
key: email
- name: AFFINE_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: affine-admin-secret
key: password
- name: REDIS_SERVER_HOST
value: redis
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: affine-postgresql-16-cluster-app
key: uri
resources:
requests:
cpu: 100m
memory: 512Mi
serviceAccount:
create: true
service:
main:
controller: main
ports:
http-web:
port: 80
targetPort: 3010
protocol: HTTP
http-studio:
port: 5555
targetPort: 5555
protocol: HTTP
persistence:
config:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 2Gi
retain: true
advancedMounts:
main:
main:
- path: /root/.affine/config
readOnly: false
storage:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 20Gi
retain: true
advancedMounts:
main:
main:
- path: /root/.affine/storage
readOnly: false
valkey:
architecture: standalone
auth:
enabled: false
cloudflared-affine:
existingSecretName: affine-cloudflared-secret
name: cloudflared-affine
postgres-16-cluster:
mode: standalone
cluster:
walStorage:
storageClass: local-path
storage:
storageClass: local-path
monitoring:
enabled: true
prometheusRule:
enabled: false
backup:
enabled: true
endpointURL: https://s3.us-east-2.amazonaws.com
destinationPath: s3://cl01tl-postgresql-backups/affine
endpointCredentials: affine-postgresql-16-cluster-backup-secret
backupIndex: 1
retentionPolicy: 14d