cluster: move stuff to fringe-division

kahnwong · Oct 24, 2024 · d2bd317 · d2bd317
1 parent a1c35cd
commit d2bd317
Show file tree

Hide file tree

Showing 9 changed files with 74 additions and 79 deletions.
diff --git a/caddy/config/Caddyfile b/caddy/config/Caddyfile
@@ -1,56 +1,50 @@
 audiobookshelf.karnwong.me {
-    reverse_proxy 192.168.1.51:30027
+    reverse_proxy 192.168.1.36:30027
 }
 harbor.karnwong.me {
     reverse_proxy 192.168.1.36:30500
 }
 immich.karnwong.me {
-    reverse_proxy 192.168.1.51:30030
+    reverse_proxy 192.168.1.36:30030
 }
 jellyfin.karnwong.me {
-    reverse_proxy 192.168.1.51:30003
+    reverse_proxy 192.168.1.36:30003
 }
 music.karnwong.me {
-    reverse_proxy 192.168.1.51:30006
+    reverse_proxy 192.168.1.36:30006
 }
 syncthing.karnwong.me {
     reverse_proxy 192.168.1.36:8384
 }
 git.karnwong.me {
-    reverse_proxy 192.168.1.51:30026
-}
-kanboard.karnwong.me {
-    reverse_proxy 192.168.1.51:30041
+    reverse_proxy 192.168.1.36:30026
 }
 linkding.karnwong.me {
-    reverse_proxy 192.168.1.51:30005
+    reverse_proxy 192.168.1.36:30005
 }
 memos.karnwong.me {
-    reverse_proxy 192.168.1.51:30031
+    reverse_proxy 192.168.1.36:30031
 }
 miniflux.karnwong.me {
-    reverse_proxy 192.168.1.51:30007
+    reverse_proxy 192.168.1.36:30007
 }
 minio.karnwong.me {
-    reverse_proxy 192.168.1.51:30020
+    reverse_proxy 192.168.1.36:30020
 }
 ntfy.karnwong.me {
-    reverse_proxy 192.168.1.51:30022
+    reverse_proxy 192.168.1.36:30022
 }
 rustpad.karnwong.me {
-    reverse_proxy 192.168.1.51:30019
+    reverse_proxy 192.168.1.36:30019
 }
 secrets.karnwong.me {
-    reverse_proxy 192.168.1.51:30025
+    reverse_proxy 192.168.1.36:30025
 }
 share.karnwong.me {
-    reverse_proxy 192.168.1.51:30017
-}
-shouldideploytoday.karnwong.me {
-    reverse_proxy 192.168.1.51:30040
+    reverse_proxy 192.168.1.36:30017
 }
 wallabag.karnwong.me {
-    reverse_proxy 192.168.1.51:30009 {
+    reverse_proxy 192.168.1.36:30009 {
         transport http {
             dial_timeout 5m
             response_header_timeout 5m
@@ -84,16 +78,16 @@ pmtiles.karnwong.me {
     import cors https://maps.karnwong.me
 }
 excalidraw.karnwong.me {
-    reverse_proxy 192.168.1.51:30034
+    reverse_proxy 192.168.1.36:30034
 }
 books.karnwong.me {
-    reverse_proxy 192.168.1.51:30032
+    reverse_proxy 192.168.1.36:30032
 }
 subsonic-widgets.karnwong.me {
-    reverse_proxy 192.168.1.51:30038
+    reverse_proxy 192.168.1.36:30038
 }
 gist.karnwong.me {
-    reverse_proxy 192.168.1.51:30039
+    reverse_proxy 192.168.1.36:30039
 }
 wakapi.karnwong.me {
     reverse_proxy 192.168.1.36:30041
@@ -102,7 +96,7 @@ go.karnwong.me {
     reverse_proxy 192.168.1.36:30042
 }
 qa-api.karnwong.me {
-    reverse_proxy 192.168.1.51:30043
+    reverse_proxy 192.168.1.36:30043
 }
 pdf.karnwong.me {
     reverse_proxy 192.168.1.36:30040
@@ -111,7 +105,7 @@ plausible.karnwong.me {
     reverse_proxy 192.168.1.36:30044
 }
 thai-tech-cal.karnwong.me {
-    reverse_proxy 192.168.1.51:30046
+    reverse_proxy 192.168.1.36:30046
 }
 authentik.karnwong.me {
     reverse_proxy 192.168.1.36:30047
@@ -126,7 +120,7 @@ livegrep.karnwong.me {
             trusted_proxies private_ranges
         }
 
-        reverse_proxy 192.168.1.51:30033
+        reverse_proxy 192.168.1.36:30033
     }
 }
 podgrab.karnwong.me {
@@ -139,7 +133,7 @@ podgrab.karnwong.me {
             trusted_proxies private_ranges
         }
 
-        reverse_proxy 192.168.1.51:30004
+        reverse_proxy 192.168.1.36:30004
     }
 }
 dashy.karnwong.me {
@@ -152,7 +146,7 @@ dashy.karnwong.me {
             trusted_proxies private_ranges
         }
 
-        reverse_proxy 192.168.1.51:30023
+        reverse_proxy 192.168.1.36:30023
     }
 }
 gatus.karnwong.me {
@@ -165,6 +159,6 @@ gatus.karnwong.me {
             trusted_proxies private_ranges
         }
 
-        reverse_proxy 192.168.1.51:30029
+        reverse_proxy 192.168.1.36:30029
     }
 }
diff --git a/caddy/config/private.sops.Caddyfile b/caddy/config/private.sops.Caddyfile
@@ -1,5 +1,5 @@
 {
-	"data": "ENC[AES256_GCM,data:8YjC0gxaE+VlWoS+V3WizdMh3o167I/QRJl0JiJ0RiaAGdZE4l21/ngtGLofnOAkTe4dRVX8zqTuV20xjzu8zQMMo6dDnTD+aZ83Dx0oVQHqJt4S8EK/6vht8st2BQHMgu1HMf9Ds0e4ZnEsLrlSNp8tIAfCIXobXhwaQzxMtwzCXY1dswM1RXi2xmHU8w7LnMQhHQ5oxlqilWij6CFjX33RDys2ROzSScJb8Br1BFvvvq3CX0opMtvGNfld05choVA2+kWq+g+27aVS1s87EDlra54oJt/fd6TZIvBq2jDPkXIWUfS71vmiFooBl9bdadzM0HUVOMn72G6JafoDWrEWe//fvnM7nBKaV/KlWi3mDkQ21wZF03B7vvMaq4rqZJTSR4oZDlhOSXLcrd+55vwwYGIUIWSj+F5y6bRU0hExsBQyfjsC10lQhEIEzcC5+2+FYhnuUe6vCTxbyYyFETYbT6rZIYkJiIFX0UdtakgWu0rfM6A83vXy2wERq9J+T608v8k9ux9Kjgre2PMH+c8Wd8OiJ/7Apnar/6kGlQtNuk8ZlwygMCW/XxoTdH8I3UGjhfKefp6raF1VLmC+1bLtHHhWvaJ4dhzEOYcRR6gv5fxfMjnmNMmT681dTB0PigROWNQQO7qQiB0p2MjOpHsZWT3vBXdIeSsG+NfRUwpzWUS2UXmooOH/MX3QyJZjMxb69EmA4y9pHXlBWBkeBsJvMUxEKCdppHYr0PzM6y3denAQ33cWpqx7XJCfv4mutUojiF6QOZ6xshhFvbHu48nf0lBlCzwhnGh6v39OsTL90leX6uo8z8EsZDgIxoA/rGuBOaGY4a7JOiWOZlGahXh+OUTrKS0I/jGA46sW0bACnGwioz9r1JdaUjr3I1MCkaEMDEJ8N9VivLaNd/QMNUvBv/eeeW39UbG0mcRh0oRXqMdjWvc1k+sbaFAPwE+jB+lM6+OrwvAzc0f7G041XsTssL9madQbAJdZH1zARg0oqtY=,iv:823gf5hYl0WeUxf93Dqp/KFjaG4cZu06bvjheilwWnU=,tag:XEeGc2/+wFkaPZ+KpPf3PA==,type:str]",
+	"data": "ENC[AES256_GCM,data:n48QZ3oojldjf8qYrAWEC0ZOFmhRKo0ERHkibHwU4/8ITnx56GM0vk9lhkAScGXpD1i0Z0mZ40jXgQ0PKxKRE97DUrRZpyKmbBEWF3NP9lu1+ZNK4qJvU0uTYG3njvkWyaxaQamk+zTDHiAZUr1Z5EpS8XcLbpoW4K3ynIPiIpJgA+M/2zopjP6zN90OZawtkCJaDWKDu3oIDjliNgtAwxaCnw3hUm77j8yXj+kfCP205CNFw/PnRJqCsCCjMYkOF0E7MUTQZLOhZ06nVmgk+kaV1EOl0V4FMm55Mf7KZxIG03RjoGSZi/vK9HLomxSzoujyiDHOe4Prn6bbHpszEvfaQGyDnvbs1cSl18YS8iT5JsYOMFRp1UdbIYHjVdsf2XhHuv7kfjIHQxJ1Ku6w0dr06/ng0lMBHkNOyoqjJzzvAbNgVIdm6AcfOcNm7Ek7m2BNIBXagX4W/ecPfKzB5/fDJCrf0dBFU6+TtKW2A+TKMv1N94keKcnKs+yQ2Gml8MlStlojIbhokUSDPmAY07GPbWbOgn3SF4rTH3mMLOq1dT+eB+kuUOrDyPwnM9meRzzxcMU7JRKbfyBBXsOxD+uIeQUhs98QfYP6sUrAsAL86hLiHr8Pb1+MvrqO6pplGjvFB4fBT26cUAv2Ld9UtdN+/WkGDYHjeD5GO4u5LJ168rPnZicE7LA5EQJzSwNZZJ8e3nIL0sBN72wygWzJMt5qDzEEsezgkshKjTa5ZWHUO4jvbU+WpjeIQ37k+hHVov6yW7fO5qazdEzzX4dezzLGw/v5AcJsGf2n9GgF+l80tdhyhzr6DUaIGVX7RWPd0EIX8ti6eRY0+4scMXQFN5oupp9zB6k6RspJncN1os+Y9HDAZ0wCNvQhjLivcdpYryPw6s5IYmvyK7z7dLxqrcT0Tv9cM7G3+pdLQB6tfHJoazWQRW9jAfRJ2GJh451Jqxxv8ii3sPz4AD9I0Lqj1Z5rYn6mE1uF4mN/4Y+pOMVSTko=,iv:+lDGDJVOgfo6zd8ZElCkv0Rt6BN8v3Rs4M/YWks1S0s=,tag:BH71KsD2SIqgnpWMJic+8g==,type:str]",
 	"sops": {
 		"kms": null,
 		"gcp_kms": null,
@@ -11,8 +11,8 @@
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkazFGN3pLTXBJb3NPQktx\nQ1Y3ZFd2R2NMeTdjbnZPWVdjZWlCMFVXNVdJCnJUY2VSOXBHMHJsb0FxamVMQXlH\nd0VpRk83dC80RzZiTDNMUmx4bUVKTGcKLS0tIGlYZVlzbC9wM0VXVDl1NjY5eGdP\nRzBGOFc2aTRiSDBkR0VSZ0EwV3cwdlkKOd4xuTNZ2MUJuthxcgYp2+c0Rb28p0yy\nBM01bzwk57uq8j612uzuTYf8xbBScbNljgl+rqQix88Bas4AI1djHA==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
-		"lastmodified": "2024-10-24T06:33:46Z",
-		"mac": "ENC[AES256_GCM,data:rB4dJWmCyisH+g4Wil2HzyKp2tkeJD974NKPG+uq4F3cw5e11omJP11bIaboOmXjiJT9eIYcWF687gTCprtaVcqfByzmAopLmaFEJOILgdtOTGevUH39PB+xXMLSrRkzfuQdIYtL+GeiWv4Q1M5GW1yc9WbLIjCXo1MwFAzT7hI=,iv:HmUGI4g0j7dLHma4F591/2QF7b/XTQ34gbdGu+cbyZE=,tag:+wPUsO0Cu5a2Jc+0Qrpg+Q==,type:str]",
+		"lastmodified": "2024-10-24T15:51:51Z",
+		"mac": "ENC[AES256_GCM,data:N4cpPhodiV48gTmJcPXV5NVQVm8nlhW+bxFGWI1oMUNhVK0kJIyv/u62QCiceK530MJPG4RVZAa+TAGrCHq9XXkDS3F9i6bR+CSgAAupk07gf7WY0Tqip+w4oIxxbEk67+yxJP7n/NL7dqeLFYY3fLg2616ZZlpxpFlb05zhinM=,iv:M5sp4tr5h4HUWklmHCcYP41c4t/pbxRmoSy7+quAdWQ=,tag:SqCAxLKBLIn6jE88Qh+00A==,type:str]",
 		"pgp": null,
 		"unencrypted_suffix": "_unencrypted",
 		"version": "3.9.0"

diff --git a/caddy/config/secrets.sops.yaml b/caddy/config/secrets.sops.yaml
diff --git a/kubernetes/clusters/snikt/README.md b/kubernetes/clusters/snikt/README.md
@@ -50,6 +50,7 @@ kubectl taint nodes fringe-division storage-required=true:NoSchedule
 | [kubernetes_secret.secrets](https://registry.terraform.io/providers/hashicorp/kubernetes/2.25.2/docs/resources/secret) | resource |
 | [kubernetes_service_account.deployment_restart](https://registry.terraform.io/providers/hashicorp/kubernetes/2.25.2/docs/resources/service_account) | resource |
 | [kubernetes_service_account.pod_exec](https://registry.terraform.io/providers/hashicorp/kubernetes/2.25.2/docs/resources/service_account) | resource |
+| [sops_file.authentik](https://registry.terraform.io/providers/carlpett/sops/1.0.0/docs/data-sources/file) | data source |
 | [sops_file.configmaps](https://registry.terraform.io/providers/carlpett/sops/1.0.0/docs/data-sources/file) | data source |
 | [sops_file.livegrep](https://registry.terraform.io/providers/carlpett/sops/1.0.0/docs/data-sources/file) | data source |
 | [sops_file.livegrep-ignorelist](https://registry.terraform.io/providers/carlpett/sops/1.0.0/docs/data-sources/file) | data source |

diff --git a/kubernetes/clusters/snikt/cronjobs.tf b/kubernetes/clusters/snikt/cronjobs.tf
@@ -1,13 +1,21 @@
 locals {
   jobs = tomap({
+    jobs = []
+  })
+
+  jobs_fringe_division = tomap({
     jobs = [
       "backup-gitea-data",
       "backup-gitea-db",
+      "backup-immich-db",
       "backup-linkding",
       "backup-memos",
       "backup-miniflux",
+      "backup-navidrome",
       "backup-ntfy",
       "backup-prune",
+      "backup-syncthing",
+      "backup-transmission",
       "backup-wakapi",
       "backup-wallabag-content",
       "backup-wallabag-db",
@@ -16,6 +24,7 @@ locals {
       "wallabag-cleanup",
       "water-cut-notify",
     ]
+
     jobs-family-alerts = [
       "00-0-morning-coffee",
       "01-1-lunch-ask",
@@ -26,15 +35,6 @@ locals {
       "02-3-coffee-or-tea",
     ]
   })
-
-  jobs_fringe_division = tomap({
-    jobs = [
-      "backup-immich-db",
-      "backup-navidrome",
-      "backup-syncthing",
-      "backup-transmission",
-    ]
-  })
 }
 
 locals {
@@ -98,6 +98,7 @@ resource "helm_release" "livegrep_indexer" {
   chart      = "base-cronjob"
 
   values = [
-    data.sops_file.livegrep.raw
+    data.sops_file.livegrep.raw,
+    file("./resources/valuesTaintNodeSelector.yaml"),
   ]
 }
diff --git a/kubernetes/clusters/snikt/deployments.tf b/kubernetes/clusters/snikt/deployments.tf
@@ -3,37 +3,53 @@
 
 locals {
   deployments = tomap({
-    bots    = ["qa-api", "qa-api-rs"]
-    default = ["dashy", "linkding", "memos", "subsonic-widgets"]
+    default = []
     news = [
-      "miniflux", "miniflux-postgres",
-      "wallabag", "wallabag-postgres", "wallabag-redis",
-      "thai-tech-cal",
     ]
     infrastructure = [
-      "gitea", "gitea-postgres",
-      "mlflow", "mlflow-postgres",
-      "gatus", "minio", "ntfy",
     ]
     tools = [
-      "livegrep-backend", "livegrep-frontend",
-      "supersecretmessage", "supersecretmessage-vault",
-      "excalidraw", "go-playground", "opengist", "picoshare", "rustpad", "sshx",
     ]
   })
   deployments_fringe_division = tomap({
+    bots = ["qa-api", "qa-api-rs"]
     default = [
-      "audiobookshelf", "podgrab",
-      "navidrome",
-      "jellyfin",
+      "audiobookshelf",
       "calibre-web",
+      "dashy",
+      "jellyfin",
+      "linkding",
+      "memos",
+      "navidrome",
+      "podgrab",
+      "subsonic-widgets",
       "foo", "baz"
     ]
     immich = ["immich", "immich-machine-learning", "immich-postgres", "immich-valkey"]
+    infrastructure = [
+      "gatus",
+      "gitea", "gitea-postgres",
+      "minio",
+      "mlflow", "mlflow-postgres",
+      "ntfy",
+    ]
+    news = [
+      "miniflux", "miniflux-postgres",
+      "thai-tech-cal",
+      "wallabag", "wallabag-postgres", "wallabag-redis",
+    ]
     plausible = [
       "plausible", "plausible-clickhouse", "plausible-postgres",
     ]
     tools = [
+      "excalidraw",
+      "go-playground",
+      "livegrep-backend", "livegrep-frontend",
+      "opengist",
+      "picoshare",
+      "rustpad",
+      "sshx",
+      "supersecretmessage", "supersecretmessage-vault",
       "wakapi", "wakapi-postgres",
       #      "stirling-pdf",
     ]

diff --git a/kubernetes/clusters/snikt/helm/deployments/infrastructure/mlflow-postgres.yaml b/kubernetes/clusters/snikt/helm/deployments/infrastructure/mlflow-postgres.yaml
@@ -6,7 +6,7 @@ replicaCount: 1
 containers:
   - name: postgres
     repository: postgres
-    tag: 16.3-alpine
+    tag: 16.4-alpine
     port: 5432
     livenessProbeScheme: tcp
     envFrom:

diff --git a/kubernetes/clusters/snikt/helm/deployments/news/thai-tech-cal.yaml b/kubernetes/clusters/snikt/helm/deployments/news/thai-tech-cal.yaml
@@ -6,7 +6,7 @@ replicaCount: 1
 containers:
   - name: thai-tech-cal
     repository: ghcr.io/kahnwong/ical-to-rss
-    tag: dedefb5
+    tag: 94f3606
     port: 3000
     env:
       - name: ICAL_URL

diff --git a/kubernetes/clusters/snikt/helm/deployments/news/wallabag.yaml b/kubernetes/clusters/snikt/helm/deployments/news/wallabag.yaml
@@ -1,4 +1,7 @@
 ---
+# `sudo chown -R root:root data/images`
+# `sudo chmod -R 0777 data/images` !!! has to be `0777`
+
 kind: Deployment
 name: wallabag
 replicaCount: 1