diff --git a/apps/base/lemma/deployment.yaml b/apps/base/lemma/deployment.yaml new file mode 100644 index 0000000..4a1d45d --- /dev/null +++ b/apps/base/lemma/deployment.yaml @@ -0,0 +1,48 @@ +# /app/base/lemma/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: lemma + namespace: lemma +spec: + selector: + matchLabels: + app: lemma + template: + metadata: + labels: + app: lemma + spec: + containers: + - name: lemma + image: ghcr.io/lordmathis/lemma:latest + ports: + - containerPort: 8080 + env: + - name: LEMMA_ADMIN_EMAIL + valueFrom: + secretKeyRef: + name: lemma-secrets + key: admin-email + - name: LEMMA_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: lemma-secrets + key: admin-password + - name: LEMMA_ENCRYPTION_KEY + valueFrom: + secretKeyRef: + name: lemma-secrets + key: encryption-key + - name: LEMMA_JWT_SIGNING_KEY + valueFrom: + secretKeyRef: + name: lemma-secrets + key: jwt-signing-key + volumeMounts: + - name: lemma-data + mountPath: /data + volumes: + - name: lemma-data + persistentVolumeClaim: + claimName: lemma-pvc \ No newline at end of file diff --git a/apps/base/lemma/kustomization.yaml b/apps/base/lemma/kustomization.yaml new file mode 100644 index 0000000..584c1e2 --- /dev/null +++ b/apps/base/lemma/kustomization.yaml @@ -0,0 +1,10 @@ +# /apps/base/lemma/kustomization.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: lemma + +resources: +- namespace.yaml +- deployment.yaml +- service.yaml +- pvc.yaml \ No newline at end of file diff --git a/apps/base/lemma/namespace.yaml b/apps/base/lemma/namespace.yaml new file mode 100644 index 0000000..cea43a2 --- /dev/null +++ b/apps/base/lemma/namespace.yaml @@ -0,0 +1,5 @@ +# /apps/base/lemma/namespace.yaml +apiVersion: v1 +kind: Namespace +metadata: + name: lemma \ No newline at end of file diff --git a/apps/base/lemma/pvc.yaml b/apps/base/lemma/pvc.yaml new file mode 100644 index 0000000..4663958 --- /dev/null +++ b/apps/base/lemma/pvc.yaml @@ -0,0 +1,11 @@ +# /apps/base/lemma/pvc.yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: lemma-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi \ No newline at end of file diff --git a/apps/base/lemma/service.yaml b/apps/base/lemma/service.yaml new file mode 100644 index 0000000..b23a2fb --- /dev/null +++ b/apps/base/lemma/service.yaml @@ -0,0 +1,11 @@ +# /apps/base/lemma/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: lemma +spec: + ports: + - port: 80 + targetPort: 8080 + selector: + app: lemma diff --git a/apps/prod/kustomization.yaml b/apps/prod/kustomization.yaml index 29f3783..7f46528 100644 --- a/apps/prod/kustomization.yaml +++ b/apps/prod/kustomization.yaml @@ -4,4 +4,5 @@ kind: Kustomization resources: - authelia - gitea - - k9s-web \ No newline at end of file + - k9s-web + - lemma \ No newline at end of file diff --git a/apps/prod/lemma/ingress.yaml b/apps/prod/lemma/ingress.yaml new file mode 100644 index 0000000..fd73ff0 --- /dev/null +++ b/apps/prod/lemma/ingress.yaml @@ -0,0 +1,14 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: lemma + namespace: lemma +spec: + entryPoints: + - websecure + routes: + - match: Host(`lemma.example.com`) + kind: Rule + services: + - name: lemma + port: 80 diff --git a/apps/prod/lemma/kustomization.yaml b/apps/prod/lemma/kustomization.yaml new file mode 100644 index 0000000..983ff92 --- /dev/null +++ b/apps/prod/lemma/kustomization.yaml @@ -0,0 +1,9 @@ +# /apps/prod/lemma/kustomization.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: lemma + +resources: + - ../../base/lemma + - secret.enc.yaml + - ingress.yaml \ No newline at end of file diff --git a/apps/prod/lemma/secret.enc.yaml b/apps/prod/lemma/secret.enc.yaml new file mode 100644 index 0000000..3bea803 --- /dev/null +++ b/apps/prod/lemma/secret.enc.yaml @@ -0,0 +1,34 @@ +#ENC[AES256_GCM,data:Uqck3jmR1Zu/sU6FF6zyzYbsisX6Y8LCNh3v7dGRhs0GApPVHTs=,iv:c24rCYF6OMBDAIGrYLHZVl7mUcumKa/SslhkXKHyDTA=,tag:gQkzVMn+4KrV3/RpjDHr3Q==,type:comment] +apiVersion: v1 +kind: Secret +metadata: + name: lemma-secrets + namespace: lemma +type: Opaque +stringData: + admin-email: ENC[AES256_GCM,data:T5+fc4AJgvlL/co7t7ub3mH/tlc=,iv:T9d3Ek5Q5nLWDDlcZVeAW2GcMN6/bktaZovXOVZ/6FU=,tag:f+ZgF54kYVttdTrlHaiOJw==,type:str] + admin-password: ENC[AES256_GCM,data:13gTfsNR6XJ2PpmYvrrT0X2F+xg=,iv:Gpx2/bcqazTYmXl/hyJZSIPVt3d/9HUEPg66wd3sJ4g=,tag:xzQO9K7/wSIZeLp2wJTYMw==,type:str] + #ENC[AES256_GCM,data:6zPJx/rCo5v71Tl7i0A8qe1Doh3Yu2ZrSxDF7t1sxuRTshYYil1BWWs=,iv:Wr1JFRikaLkLF3DLWoGsIsEB5Nhw35GPTU6rSzFc3+U=,tag:rUhJRF3UiVurL7MtM6arXw==,type:comment] + encryption-key: ENC[AES256_GCM,data:Gcnue6hnd9wXMlhaPoFItuoPuCyZz3QabtM70eN9uwTyx69NVK8+mA0VLsI=,iv:gKCqaR8uKh0hO0vh5Jskz+b32Y4v0LLEjoxIgkEQsJw=,tag:FEY0+OIXH6eQ8o5dSaCeaA==,type:str] + #ENC[AES256_GCM,data:GsDZsAJLfHdqBKBdxgpTqxur5Qczv3AnOOWdPwOs6CSH6HOolujl/zU=,iv:N5OuEJ09mLQ8j9Rtu5Nzzu5G8M/jphxQu9YKV4R3iyg=,tag:DUZialaJ1ks5yHdBvQzylA==,type:comment] + jwt-signing-key: ENC[AES256_GCM,data:Qy5fWuDlWTWE2C5A3kFKLYJRyN2JJHXp25CS5uhe6CVYKtXSg5eluzi6Fs4=,iv:qFq/S9ghpAkVOvZ52VNwIgQSX5+kmAMv+5U/+/ZpCK4=,tag:OxsUA5tffIy2pQqSgYMAGA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1jk99rtxq3ep2xj2w886cchddf7jypqpwkr3dszg5dzq93gn8cy9qyc786m + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBb0Q3RDdnZEJkTERCQWFV + K200T3ZweWZuU1BJSjloTHA2Qis3TDdqSnlFCmdJUmlrWUgvWDVSRHkzNkZnUXRo + dklaTEsrcjZ3bDVBd2twSklkZDFEL0UKLS0tIG8vd3Bueitwd2kyTTVNNHZmZVZW + RFNCeEVyTUpocHBNU3BFZGFveFVyU1UKbh+PzkseFGBajVpd1cpVoXpcxSsUPPM2 + 4d3Lsw+4CI5urj9Xi4/kRbSzTC3ARr4NXCRsUMdN21owMZvBG3SjKw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-27T16:54:07Z" + mac: ENC[AES256_GCM,data:G65s2ZMyJrMJ+Zo7pjCsd4+lz4ad/O4RA5hZQPJFzMzPfB3tiR4Ci7w7Gsq3zfBIPTVQSumdQ8Ia/PVIfqtBwNswmvYOCEd4SnnLocaCCWbtY/lN71B3OB32Y/ALB/94HRXiON+5TUr9GmTorKDQa2AHwGAdYPthDcu4YZgTVq0=,iv:bcFNhcaqLCoOoyYzbtwyOSUZFCZv7QM78OYDUoa+x/8=,tag:dDgq98VIGG0zmUHc6SLhRA==,type:str] + pgp: [] + unencrypted_regex: ^(apiVersion|metadata|kind|type)$ + version: 3.9.0