xai-corp.net/provisioning
1
0
Fork 0
Code Issues 9 Releases Activity

setup a single user activity pub inbox on ap1.xai-corp.net

Browse Source
This commit is contained in:
richard
2025-09-22 19:59:37 -04:00
parent 8afcff6dc5
commit 376b4f5f80
7 changed files with 166 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ansible-5/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2
View File

@@ -88,3 +88,4 @@ abcapi IN CNAME dkhost
;metrics IN CNAME dkhost ;metrics IN CNAME dkhost
funkwhale IN CNAME dkhost funkwhale IN CNAME dkhost
backstage IN CNAME dkhost backstage IN CNAME dkhost
ap1 IN CNAME dkhost

5
ansible-5/roles/prod.k3s/defaults/main.yml
View File

@@ -122,3 +122,8 @@ apps:
enabled: true enabled: true
namespace: metallb-system namespace: metallb-system
state: absent state: absent
ktistec:
enabled: true
namespace: ktistec
state: present

66
ansible-5/roles/prod.k3s/tasks/deployments/ktistec.yaml Normal file
View File

@@ -0,0 +1,66 @@
---
#- name: create persistent volume resources
# kubernetes.core.k8s:
# kubeconfig: "/etc/rancher/k3s/k3s.yaml"
# state: "{{apps.ktistec.state}}"
# definition: "{{ lookup('template', item) | from_yaml }}"
# loop:
# - ktistec/pv.yaml
# - ktistec/pv-claim.yaml
# - ktistec/pv-auth.yaml
# - ktistec/pv-auth-claim.yaml
# become: true
#- name: create secret for ktistec
# kubernetes.core.k8s:
# kubeconfig: "/etc/rancher/k3s/k3s.yaml"
# state: "{{apps.ktistec.state}}"
# definition:
# apiVersion: v1
# kind: Secret
# type: Opaque
# metadata:
# name: auth-secret-2025
# namespace: "{{apps.ktistec.namespace}}"
# stringData:
# htpasswd: "richard:$2y$05$E7B3.iHmoLLSyFZJJWEj3u6eMdm2gPGBu1vAn7VPo9Axk3Wbict2m"
# become: true
- name: create ktistec namespace
kubernetes.core.k8s:
kubeconfig: "/etc/rancher/k3s/k3s.yaml"
name: "{{apps.ktistec.namespace}}"
api_version: v1
kind: Namespace
state: "{{apps.ktistec.state}}"
become: true
- name: create login secret for dkregistry
kubernetes.core.k8s:
kubeconfig: "/etc/rancher/k3s/k3s.yaml"
state: "{{apps.ktistec.state}}"
definition:
apiVersion: v1
kind: Secret
type: kubernetes.io/dockerconfigjson
metadata:
name: dkregistry-login
namespace: "{{apps.ktistec.namespace}}"
data:
.dockerconfigjson: "eyJhdXRocyI6eyJka3JlZ2lzdHJ5LnhhaS1jb3JwLm5ldCI6eyJ1c2VybmFtZSI6InJpY2hhcmQiLCJwYXNzd29yZCI6Im1lMSIsImVtYWlsIjoicmljaGFyZEBleGFtcGxlLmNvbSIsImF1dGgiOiJjbWxqYUdGeVpEcHRaVEU9In19fQ=="
become: true
- name: create ktistec activity pub resources
kubernetes.core.k8s:
kubeconfig: "/etc/rancher/k3s/k3s.yaml"
state: "{{apps.ktistec.state}}"
namespace: "{{apps.ktistec.namespace}}"
definition: "{{ lookup('template', item) | from_yaml }}"
loop:
# - ktistec/configmap.yaml
- ktistec/ingress.yaml
- ktistec/service.yaml
- ktistec/deployment.yaml
become: true

4
ansible-5/roles/prod.k3s/tasks/main.yml
View File

@@ -59,6 +59,10 @@
include_tasks: deployments/pixelfed.yaml include_tasks: deployments/pixelfed.yaml
when: apps.pixelfed.enabled when: apps.pixelfed.enabled
- name: deploy ktistec
include_tasks: deployments/ktistec.yaml
when: apps.ktistec.enabled
#- name: deploy metallb #- name: deploy metallb
# include_tasks: deployments/metallb.yaml # include_tasks: deployments/metallb.yaml
# when: apps.metallb.enabled # when: apps.metallb.enabled

49
ansible-5/roles/prod.k3s/templates/ktistec/deployment.yaml Normal file
View File

@@ -0,0 +1,49 @@
apiVersion: v1
kind: Pod
metadata:
name: ktistec-pod
namespace: "{{apps.ktistec.namespace}}"
labels:
app: ktistec
spec:
imagePullSecrets:
- name: dkregistry-login
containers:
- name: ktistec
image: dkregistry.xai-corp.net/ktistec/app:2.4.13
# volumeMounts:
# - name: repo-vol
# mountPath: "/var/lib/registry"
## - name: certs-vol
## mountPath: "/certs"
## readOnly: true
## - name: auth-vol
## mountPath: "/auth"
## readOnly: false
# - name: auth-secret
# mountPath: "/auth"
# readOnly: true
# env:
# - name: REGISTRY_AUTH
# value: "htpasswd"
# - name: REGISTRY_AUTH_HTPASSWD_REALM
# value: "Registry Realm"
# - name: REGISTRY_AUTH_HTPASSWD_PATH
# value: "/auth/htpasswd"
# - name: REGISTRY_HTTP_SECRET
# value: "/auth/htpasswd"
# - name: REGISTRY_HTTP_TLS_CERTIFICATE
# value: "/certs/tls.crt"
# - name: REGISTRY_HTTP_TLS_KEY
# value: "/certs/tls.key"
# volumes:
# - name: repo-vol
# persistentVolumeClaim:
# claimName: data-dkregistry-0
# - name: auth-vol
# persistentVolumeClaim:
# claimName: data-dkregistry-auth-0
# - name: auth-secret
# secret:
# secretName: auth-secret-2025

29
ansible-5/roles/prod.k3s/templates/ktistec/ingress.yaml Normal file
View File

@@ -0,0 +1,29 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ktistec
namespace: "{{apps.ktistec.namespace}}"
annotations:
kubernetes.io/ingress.class: "traefik"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
cert-manager.io/cluster-issuer: letsencrypt-production
spec:
rules:
- host: ap1.xai-corp.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: ktistec
port:
number: 3000
tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
- secretName: xai-corp-production-tls-ap1
hosts:
- ap1.xai-corp.net

12
ansible-5/roles/prod.k3s/templates/ktistec/service.yaml Normal file
View File

@@ -0,0 +1,12 @@
---
apiVersion: v1
kind: Service
metadata:
name: ktistec
namespace: "{{apps.ktistec.namespace}}"
spec:
selector:
app: ktistec
ports:
- port: 3000
targetPort: 3000