ivanch/haven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Jose Henrique
2025-09-17 15:26:26 -03:00
commit 8239ee630c
23 changed files with 2024 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

145
default/archivebox.yaml Normal file
View File

@@ -0,0 +1,145 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sonic
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: sonic
template:
metadata:
labels:
app: sonic
spec:
containers:
- name: sonic
image: archivebox/sonic:latest
imagePullPolicy: Always
ports:
- containerPort: 1491
env:
- name: SEARCH_BACKEND_PASSWORD
valueFrom:
secretKeyRef:
name: password
key: password
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: archivebox
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: archivebox
template:
metadata:
labels:
app: archivebox
spec:
containers:
- name: archivebox
image: archivebox/archivebox:latest
imagePullPolicy: Always
ports:
- containerPort: 8000
env:
- name: SONIC_HOST
value: "sonic.default.svc.cluster.local"
- name: SONIC_PORT
value: "1491"
- name: SEARCH_BACKEND_ENGINE
value: "sonic"
- name: SONIC_PASSWORD
valueFrom:
secretKeyRef:
name: password
key: password
- name: ADMIN_USERNAME
value: "ivanch"
- name: ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: password
key: password
- name: CSRF_TRUSTED_ORIGINS
value: "archive.haven"
- name: ALLOWED_HOSTS
value: "*"
- name: PUBLIC_ADD_VIEW
value: "false"
volumeMounts:
- name: archivebox-data
mountPath: /data
volumes:
- name: archivebox-data
persistentVolumeClaim:
claimName: archivebox-data
---
apiVersion: v1
kind: Service
metadata:
name: sonic-svc
namespace: default
spec:
selector:
app: sonic
ports:
- protocol: TCP
port: 1491
targetPort: 1491
---
apiVersion: v1
kind: Service
metadata:
name: archivebox-svc
namespace: default
spec:
selector:
app: archivebox
ports:
- protocol: TCP
port: 8000
targetPort: 8000
---
# 3) PersistentVolumeClaim
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: archivebox-data
namespace: default
annotations:
nfs.io/storage-path: "archivebox-data"
spec:
storageClassName: "nfs-client"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
limits:
storage: 30Gi
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: archivebox-ingress
namespace: default
spec:
ingressClassName: nginx
rules:
- host: "archive.haven"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: archivebox-svc
port:
number: 8000

104
default/homarr.yaml Normal file
View File

@@ -0,0 +1,104 @@
---
# 1) Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: homarr
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: homarr
template:
metadata:
labels:
app: homarr
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
containers:
- name: homarr
image: ghcr.io/homarr-labs/homarr:latest
imagePullPolicy: Always
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: SECRET_ENCRYPTION_KEY
value: "c60b894215be5e4cc0fdd209aada8d83386b20579138ca143bc267c4c0042d08"
ports:
- containerPort: 7575
name: homarr-port
volumeMounts:
- name: homarr-config
mountPath: /appdata
resources:
requests:
cpu: 250m
memory: 512Mi
limits:
cpu: 250m
memory: 1Gi
volumes:
- name: homarr-config
persistentVolumeClaim:
claimName: homarr-config
---
# 2) Service
apiVersion: v1
kind: Service
metadata:
name: homarr
namespace: default
spec:
type: ClusterIP
selector:
app: homarr
ports:
- port: 7575
targetPort: homarr-port
---
# 3) PersistentVolumeClaim (for /config)
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: homarr-config
namespace: default
annotations:
nfs.io/storage-path: "homarr-labs-config"
spec:
storageClassName: "nfs-client"
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
# 4) Ingress (Traefik)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: homarr
namespace: default
spec:
ingressClassName: nginx
rules:
- host: homarr.lab
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: homarr
port:
number: 7575

206
default/homepage.yaml Normal file
View File

@@ -0,0 +1,206 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: homepage
namespace: default
labels:
app.kubernetes.io/name: homepage
secrets:
- name: homepage
---
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
name: homepage
namespace: default
labels:
app.kubernetes.io/name: homepage
annotations:
kubernetes.io/service-account.name: homepage
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: homepage
labels:
app.kubernetes.io/name: homepage
rules:
- apiGroups:
- ""
resources:
- namespaces
- pods
- nodes
verbs:
- get
- list
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- apiGroups:
- traefik.io
resources:
- ingressroutes
verbs:
- get
- list
- apiGroups:
- gateway.networking.k8s.io
resources:
- httproutes
- gateways
verbs:
- get
- list
- apiGroups:
- metrics.k8s.io
resources:
- nodes
- pods
verbs:
- get
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: homepage
labels:
app.kubernetes.io/name: homepage
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: homepage
subjects:
- kind: ServiceAccount
name: homepage
namespace: default
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: homepage
namespace: default
labels:
app.kubernetes.io/name: homepage
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/name: homepage
template:
metadata:
labels:
app.kubernetes.io/name: homepage
annotations:
configmap.reloader/checksum: "{{ include (print $.Template.BasePath \"/app/config/services.yaml\") . | sha256sum }}"
spec:
serviceAccountName: homepage
automountServiceAccountToken: true
enableServiceLinks: true
containers:
- name: homepage
image: "ghcr.io/gethomepage/homepage:latest"
imagePullPolicy: Always
env:
- name: HOMEPAGE_ALLOWED_HOSTS
value: homepage.haven # required, may need port. See gethomepage.dev/installation/#homepage_allowed_hosts
ports:
- name: http
containerPort: 3000
protocol: TCP
livenessProbe:
httpGet:
path: /
port: 3000
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /
port: 3000
initialDelaySeconds: 5
periodSeconds: 5
volumeMounts:
- name: logs
mountPath: /app/config/logs
- name: homepage-config
mountPath: /app/config
- name: homepage-config
mountPath: /app/public/images
subPath: images
volumes:
- name: homepage-config
persistentVolumeClaim:
claimName: homepage-config
- name: logs
emptyDir: {}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: homepage-config
namespace: default
annotations:
nfs.io/storage-path: "homepage-config"
spec:
storageClassName: "nfs-client"
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: Service
metadata:
name: homepage
namespace: default
labels:
app.kubernetes.io/name: homepage
annotations:
spec:
type: ClusterIP
ports:
- port: 3000
targetPort: http
protocol: TCP
name: http
selector:
app.kubernetes.io/name: homepage
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: homepage
namespace: default
labels:
app.kubernetes.io/name: homepage
# annotations:
# gethomepage.dev/description: Dynamically Detected Homepage
# gethomepage.dev/enabled: "true"
# gethomepage.dev/group: Cluster Management
# gethomepage.dev/icon: homepage.png
# gethomepage.dev/name: Homepage
spec:
ingressClassName: nginx
rules:
- host: "homepage.haven"
http:
paths:
- path: "/"
pathType: Prefix
backend:
service:
name: homepage
port:
number: 3000

60
default/it-tools.yaml Normal file
View File

@@ -0,0 +1,60 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: it-tools
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: it-tools
template:
metadata:
labels:
app: it-tools
spec:
containers:
- name: it-tools
image: corentinth/it-tools:latest
imagePullPolicy: Always
ports:
- containerPort: 80
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 5
periodSeconds: 10
---
apiVersion: v1
kind: Service
metadata:
name: it-tools-svc
namespace: default
spec:
selector:
app: it-tools
ports:
- protocol: TCP
port: 80
targetPort: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: it-tools-ingress
namespace: default
spec:
ingressClassName: nginx
rules:
- host: "tools.haven"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: it-tools-svc
port:
number: 80

81
default/notepad.yaml Normal file
View File

@@ -0,0 +1,81 @@
---
# 1) Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: notepad
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: notepad
template:
metadata:
labels:
app: notepad
spec:
containers:
- name: notepad
image: jdreinhardt/minimalist-web-notepad:latest
imagePullPolicy: Always
ports:
- containerPort: 80
volumeMounts:
- name: notepad-data
mountPath: /var/www/html/_tmp
volumes:
- name: notepad-data
persistentVolumeClaim:
claimName: notepad-data
---
# 2) Service
apiVersion: v1
kind: Service
metadata:
name: notepad
namespace: default
spec:
type: ClusterIP
selector:
app: notepad
ports:
- port: 80
targetPort: 80
---
# 3) PersistentVolumeClaim (local storage via k3s local-path)
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: notepad-data
namespace: default
annotations:
nfs.io/storage-path: "notepad-data"
spec:
storageClassName: "nfs-client"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
# 4) Ingress (Traefik)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: notepad
namespace: default
spec:
ingressClassName: nginx
rules:
- host: notepad.lab
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: notepad
port:
number: 80

86
default/searxng.yaml Normal file
View File

@@ -0,0 +1,86 @@
---
# 1) Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: searxng
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: searxng
template:
metadata:
labels:
app: searxng
spec:
containers:
- name: searxng
image: searxng/searxng:latest
imagePullPolicy: Always
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
ports:
- containerPort: 8080
name: searxng-port
volumeMounts:
- name: searxng-config
mountPath: /etc/searxng
volumes:
- name: searxng-config
persistentVolumeClaim:
claimName: searxng-config
---
# 2) Service
apiVersion: v1
kind: Service
metadata:
name: searxng
namespace: default
spec:
type: ClusterIP
selector:
app: searxng
ports:
- port: 8080
targetPort: searxng-port
---
# 3) PersistentVolumeClaim (for /config)
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: searxng-config
namespace: default
annotations:
nfs.io/storage-path: "searxng-config"
spec:
storageClassName: "nfs-client"
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
# 4) Ingress (Traefik)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: searxng
namespace: default
spec:
ingressClassName: nginx
rules:
- host: search.haven
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: searxng
port:
number: 8080

100
default/uptime-kuma.yaml Normal file
View File

@@ -0,0 +1,100 @@
---
# 1) Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: uptimekuma
namespace: default
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: uptimekuma
template:
metadata:
labels:
app: uptimekuma
spec:
containers:
- name: uptimekuma
image: louislam/uptime-kuma:1
imagePullPolicy: Always
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
ports:
- containerPort: 3001
name: uptimekuma-port
livenessProbe:
httpGet:
path: /
port: 3001
initialDelaySeconds: 30
periodSeconds: 60
readinessProbe:
httpGet:
path: /
port: 3001
initialDelaySeconds: 5
periodSeconds: 5
volumeMounts:
- name: uptimekuma-config
mountPath: /app/data
volumes:
- name: uptimekuma-config
persistentVolumeClaim:
claimName: uptimekuma-config
---
# 2) Service
apiVersion: v1
kind: Service
metadata:
name: uptimekuma
namespace: default
spec:
type: ClusterIP
selector:
app: uptimekuma
ports:
- port: 3001
targetPort: uptimekuma-port
---
# 3) PersistentVolumeClaim (for /config)
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: uptimekuma-config
namespace: default
annotations:
nfs.io/storage-path: "uptimekuma-config"
spec:
storageClassName: "nfs-client"
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
# 4) Ingress (Traefik)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: uptimekuma
namespace: default
spec:
ingressClassName: nginx
rules:
- host: uptimekuma.haven
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: uptimekuma
port:
number: 3001

123
default/vaultwarden.yaml Normal file
View File

@@ -0,0 +1,123 @@
---
# 1) Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: vaultwarden
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: vaultwarden
template:
metadata:
labels:
app: vaultwarden
spec:
containers:
- name: vaultwarden
image: vaultwarden/server:latest
imagePullPolicy: Always
env:
- name: DOMAIN
value: "https://vault.haven"
- name: ADMIN_TOKEN
valueFrom:
secretKeyRef:
name: vaultwarden-admin-token
key: ADMIN_TOKEN
ports:
- containerPort: 80
name: vault-port
volumeMounts:
- name: vaultwarden-data
mountPath: /data
resources:
requests:
cpu: 250m
memory: 64Mi
limits:
cpu: 250m
memory: 256Mi
volumes:
- name: vaultwarden-data
persistentVolumeClaim:
claimName: vaultwarden-data
---
# 2) Service
apiVersion: v1
kind: Service
metadata:
name: vaultwarden
namespace: default
spec:
type: ClusterIP
selector:
app: vaultwarden
ports:
- port: 80
targetPort: vault-port
---
# 3) PersistentVolumeClaim (for /data)
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: vaultwarden-data
namespace: default
annotations:
nfs.io/storage-path: "vaultwarden-data"
spec:
storageClassName: "nfs-client"
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
# 4) Ingress (Traefik)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: vaultwarden
namespace: default
annotations:
cert-manager.io/cluster-issuer: internal-ca
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- vault.haven
secretName: vaultwarden-tls
rules:
- host: vault.haven
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: vaultwarden
port:
number: 80
---
# 4) Ingress (Traefik)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: vaultwarden-public
namespace: default
spec:
ingressClassName: nginx
rules:
- host: vault.ivanch.me
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: vaultwarden
port:
number: 80