alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 7 Actions 1 Activity

add hoarder

Browse Source
This commit is contained in:
Alex Lebens
2025-03-03 17:17:55 -06:00
parent 156ab507c7
commit 563d73bd47
4 changed files with 351 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
clusters/cl01tl/applications/hoarder/Chart.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: v2
name: hoarder
version: 1.0.0
description: Hoarder
keywords:
- hoarder
- bookmarks
home: https://wiki.alexlebens.dev/doc/hoarder-
sources:
- https://github.com/hoarder-app/hoarder
- https://github.com/cloudflare/cloudflared
- https://github.com/meilisearch/meilisearch
- https://github.com/hoarder-app/hoarder/pkgs/container/hoarder
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
- https://github.com/alexlebens/helm-charts/tree/main/charts/cloudflared
- https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: hoarder
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
- name: meilisearch
version: 0.12.0
repository: https://meilisearch.github.io/meilisearch-kubernetes
- name: cloudflared
alias: cloudflared
repository: http://alexlebens.github.io/helm-charts
version: 1.14.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/svg/hoarder.svg
appVersion: 0.19.0

164
clusters/cl01tl/applications/hoarder/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,164 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: hoarder-key-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: hoarder-key-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/hoarder/key
metadataPolicy: None
property: key
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: hoarder-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: hoarder-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: AUTHENTIK_CLIENT_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/hoarder
metadataPolicy: None
property: client
- secretKey: AUTHENTIK_CLIENT_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/hoarder
metadataPolicy: None
property: secret
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: hoarder-meilisearch-master-key-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: hoarder-meilisearch-master-key-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: meilisearch
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: MEILI_MASTER_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/hoarder/meilisearch
metadataPolicy: None
property: MEILI_MASTER_KEY
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: hoarder-cloudflared-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: hoarder-cloudflared-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: cf-tunnel-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/tunnels/hoarder
metadataPolicy: None
property: token
# ---
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: hoarder-data-backup-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: hoarder-data-backup-secret
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# target:
# template:
# mergePolicy: Merge
# engineVersion: v2
# data:
# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/hoarder/hoarder-data"
# data:
# - secretKey: BUCKET_ENDPOINT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: S3_BUCKET_ENDPOINT
# - secretKey: RESTIC_PASSWORD
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: RESTIC_PASSWORD
# - secretKey: AWS_DEFAULT_REGION
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: AWS_DEFAULT_REGION
# - secretKey: AWS_ACCESS_KEY_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: access_key
# - secretKey: AWS_SECRET_ACCESS_KEY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: secret_key

27
clusters/cl01tl/applications/hoarder/templates/replication-source.yaml Normal file
View File

@@ -0,0 +1,27 @@
# apiVersion: volsync.backube/v1alpha1
# kind: ReplicationSource
# metadata:
# name: hoarder-data-backup-source
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: hoarder-data-backup-source
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# sourcePVC: hoarder-data
# trigger:
# schedule: 0 0 */3 * *
# restic:
# pruneIntervalDays: 14
# repository: hoarder-data-backup-secret
# retain:
# hourly: 1
# daily: 1
# weekly: 1
# monthly: 2
# yearly: 4
# copyMethod: Snapshot
# storageClassName: ceph-block
# volumeSnapshotClassName: ceph-blockpool-snapshot

128
clusters/cl01tl/applications/hoarder/values.yaml Normal file
View File

@@ -0,0 +1,128 @@
hoarder:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/hoarder-app/hoarder
tag: 0.22.0
pullPolicy: IfNotPresent
env:
- name: DATA_DIR
value: /data
- name: NEXTAUTH_URL
value: https://hoarder.alexlebens.dev/
- name: NEXTAUTH_SECRET
valueFrom:
secretKeyRef:
name: hoarder-key-secret
key: key
- name: MEILI_ADDR
value: http://hoarder-meilisearch.hoarder:7700
- name: MEILI_MASTER_KEY
valueFrom:
secretKeyRef:
name: hoarder-meilisearch-master-key-secret
key: MEILI_MASTER_KEY
- name: BROWSER_WEB_URL
value: http://hoarder.hoarder:9222
- name: DISABLE_SIGNUPS
value: false
- name: OAUTH_PROVIDER_NAME
value: "Authentik"
- name: OAUTH_WELLKNOWN_URL
value: https://auth.alexlebens.dev/application/o/hoarder/.well-known/openid-configuration
- name: OAUTH_SCOPE
value: "openid email profile"
- name: OAUTH_CLIENT_ID
valueFrom:
secretKeyRef:
name: hoarder-oidc-secret
key: AUTHENTIK_CLIENT_ID
- name: OAUTH_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: hoarder-oidc-secret
key: AUTHENTIK_CLIENT_SECRET
- name: OLLAMA_BASE_URL
value: http://ollama-server-1.ollama:11434
- name: OLLAMA_KEEP_ALIVE
value: 5m
- name: INFERENCE_TEXT_MODEL
value: llama3.1:8b
- name: INFERENCE_IMAGE_MODEL
value: llama3.2-vision:11b
- name: EMBEDDING_TEXT_MODEL
value: mxbai-embed-large
- name: INFERENCE_JOB_TIMEOUT_SEC
value: 720
resources:
requests:
cpu: 10m
memory: 256Mi
chrome:
image:
repository: gcr.io/zenika-hub/alpine-chrome
tag: 124
pullPolicy: IfNotPresent
args:
- --no-sandbox
- --disable-gpu
- --disable-dev-shm-usage
- --remote-debugging-address=0.0.0.0
- --remote-debugging-port=9222
- --hide-scrollbars
resources:
requests:
cpu: 10m
memory: 128Mi
serviceAccount:
create: true
service:
main:
controller: main
ports:
http:
port: 3000
targetPort: 3000
protocol: HTTP
chrome:
port: 9222
targetPort: 9222
protocol: HTTP
persistence:
data:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: true
advancedMounts:
main:
main:
- path: /data
readOnly: false
meilisearch:
environment:
MEILI_NO_ANALYTICS: true
MEILI_ENV: production
auth:
existingMasterKeySecret: hoarder-meilisearch-master-key-secret
service:
type: ClusterIP
port: 7700
persistence:
enabled: true
storageClass: ceph-block
size: 10Gi
resources:
requests:
cpu: 10m
memory: 128Mi
serviceMonitor:
enabled: true
cloudflared:
existingSecretName: hoarder-cloudflared-secret