From 1377fa34d195c8854e8e87d8ceca2bba9e7279df Mon Sep 17 00:00:00 2001
From: richard <r_morgan@sympatico.ca>
Date: Thu, 6 Apr 2023 22:47:53 -0400
Subject: [PATCH] change the stash persistent volume location, and force https
 (hsts

---
 .../prod.k3s/files/stash/proxy-values.yaml      |  3 +++
 .../roles/prod.k3s/files/stash/pv-claim.yaml    |  2 +-
 ansible-5/roles/prod.k3s/files/stash/pv02.yaml  | 17 +++++++++++++++++
 .../roles/prod.k3s/tasks/deployments/stash.yaml |  2 +-
 4 files changed, 22 insertions(+), 2 deletions(-)
 create mode 100644 ansible-5/roles/prod.k3s/files/stash/pv02.yaml

diff --git a/ansible-5/roles/prod.k3s/files/stash/proxy-values.yaml b/ansible-5/roles/prod.k3s/files/stash/proxy-values.yaml
index cf3329c..eadc5d4 100644
--- a/ansible-5/roles/prod.k3s/files/stash/proxy-values.yaml
+++ b/ansible-5/roles/prod.k3s/files/stash/proxy-values.yaml
@@ -28,3 +28,6 @@ ingress:
   # Warning! The configuration is dependant on your current k8s API version capabilities (networking.k8s.io/v1)
   tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
     - secretName: xai-corp-production-tls
+  annotations:
+    ingress.kubernetes.io/force-hsts: "true"
+    ingress.kubernetes.io/hsts-max-age: "315360000"
diff --git a/ansible-5/roles/prod.k3s/files/stash/pv-claim.yaml b/ansible-5/roles/prod.k3s/files/stash/pv-claim.yaml
index 22d950e..630de83 100644
--- a/ansible-5/roles/prod.k3s/files/stash/pv-claim.yaml
+++ b/ansible-5/roles/prod.k3s/files/stash/pv-claim.yaml
@@ -10,4 +10,4 @@ spec:
     - ReadWriteOnce
   resources:
     requests:
-      storage: 10Gi
+      storage: 300Gi
diff --git a/ansible-5/roles/prod.k3s/files/stash/pv02.yaml b/ansible-5/roles/prod.k3s/files/stash/pv02.yaml
new file mode 100644
index 0000000..9aaaacb
--- /dev/null
+++ b/ansible-5/roles/prod.k3s/files/stash/pv02.yaml
@@ -0,0 +1,17 @@
+---
+# persistent volume
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: plex-pv-local-02
+  labels:
+    type: local
+spec:
+  storageClassName: manual
+  capacity:
+    storage: 300Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: "/opt/data/secure/"
+
diff --git a/ansible-5/roles/prod.k3s/tasks/deployments/stash.yaml b/ansible-5/roles/prod.k3s/tasks/deployments/stash.yaml
index a66b471..72aff2a 100644
--- a/ansible-5/roles/prod.k3s/tasks/deployments/stash.yaml
+++ b/ansible-5/roles/prod.k3s/tasks/deployments/stash.yaml
@@ -18,7 +18,7 @@
     state: present
     definition: "{{ lookup('file', item) | from_yaml }}"
   loop:
-    - stash/pv.yaml
+    - stash/pv02.yaml
     - stash/pv-claim.yaml
 #    - stash/pv-media.yaml
 #    - stash/pv-media-claim.yaml