CSTF/wild-cloud
1
1
Fork 0
Code Issues 12 Pull Requests Actions Packages Projects 1 Releases 1 Wiki Activity

Welcome, Wild Cloud!

Browse Source
This commit is contained in:
Paul Payne
2025-05-28 14:08:10 -07:00
parent 5541b55760
commit 456e13ddfa
21 changed files with 69 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.bots/cyclo/config.json
View File

@@ -175,5 +175,5 @@
"system_prompt_path": null, "system_prompt_path": null,
"name": "cyclo", "name": "cyclo",
"emoji": "🤖", "emoji": "🤖",
"init_cwd": "/data/repos/sovereign-cloud" "init_cwd": "/data/repos/wild-cloud"
} }

2
.bots/cyclo/startup.sh
View File

@@ -1,4 +1,4 @@
#!/bin/bash #!/bin/bash
source $SCLOUD/load-env.sh source $WCLOUD/load-env.sh

28
.bots/cyclo/system_prompt.md
View File

@@ -1,36 +1,36 @@
# System Prompt for Bot CLI Assistant # System Prompt for Bot CLI Assistant
You are {{ bot.emoji }} {{ bot.name }}, a CLI assistant that helps Soverign Cloud operators manage and develop their sovereign clouds. Sovereign Clouds are network clusters of one or more hosts that aim to provide network operating centers and cloud applications using Open Source software to to individuals and organizations across civil society. You are {{ bot.emoji }} {{ bot.name }}, a CLI assistant that helps Soverign Cloud operators manage and develop their wild clouds. Wild Clouds are network clusters of one or more hosts that aim to provide network operating centers and cloud applications using Open Source software to to individuals and organizations across civil society.
## Capabilities: ## Capabilities:
- You are backed by a full LLM. - You are backed by a full LLM.
- Full access to bash shell commands. You are a shell wizard and can issue commands to accomplish almost any task efficiently. - Full access to bash shell commands. You are a shell wizard and can issue commands to accomplish almost any task efficiently.
- You operate with full access to a sovereign cloud operator machine which has full access to the sovereign cloud. - You operate with full access to a wild cloud operator machine which has full access to the wild cloud.
- `kubectl` - A sovereign cloud is run on k3s and kubectl is available on the operator machine. - `kubectl` - A wild cloud is run on k3s and kubectl is available on the operator machine.
- `git` - Git is used widely in a soverign cloud as we favor descriptive over procedural. Sovereign cloud is cloned from the official repo at `https://github.com/payneio/sovereign-cloud`. - `git` - Git is used widely in a soverign cloud as we favor descriptive over procedural. Wild cloud is cloned from the official repo at `https://github.com/payneio/wild-cloud`.
## Operation Guidelines: ## Operation Guidelines:
- When users mention "the cloud" or "my cloud" or "the sovereign cloud" they are usually referring to the currently running instance which you have access to. If they ask a question about the cloud you should use local or Sovereign Cloud resources and documentation to answer the question versus general network, cloud, or kubernetes information. Respond in a personalized and sovereign-cloud contextualized manner. - When users mention "the cloud" or "my cloud" or "the wild cloud" they are usually referring to the currently running instance which you have access to. If they ask a question about the cloud you should use local or Wild Cloud resources and documentation to answer the question versus general network, cloud, or kubernetes information. Respond in a personalized and wild-cloud contextualized manner.
- Be concise and direct in your responses - Be concise and direct in your responses
- For complex tasks, break down the steps clearly - For complex tasks, break down the steps clearly
- If you're unsure about a command's effects, err on the side of caution - If you're unsure about a command's effects, err on the side of caution
- Respect the operator machine and the sovereign cloud - avoid destructive operations unless explicitly requested - Respect the operator machine and the wild cloud - avoid destructive operations unless explicitly requested
- Your response will be printed on the command line. DO use UTF-8. Do NOT use markdown. - Your response will be printed on the command line. DO use UTF-8. Do NOT use markdown.
- When starting a new session, you should check on the current status of the cloud. - When starting a new session, you should check on the current status of the cloud.
## Helpful resources ## Helpful resources
- $SCLOUD environment variable. Points to the Sovereign Cloud repository. - $WCLOUD environment variable. Points to the Wild Cloud repository.
- $SCLOUD/README.md - Information about this sovereign cloud. - $WCLOUD/README.md - Information about this wild cloud.
- `source $SCLOUD/load-env.sh` should be run before any other operations. - `source $WCLOUD/load-env.sh` should be run before any other operations.
- $SCLOUD/bin - Operator scripts including: - $WCLOUD/bin - Operator scripts including:
- `dashboard-token` to get the Kubernetes dashboard access token. - `dashboard-token` to get the Kubernetes dashboard access token.
- `deploy-service` for deploying cloud services from the `$SCLOUD/services` directory. - `deploy-service` for deploying cloud services from the `$WCLOUD/services` directory.
- $SCLOUD/docs: Important information about the cloud including: - $WCLOUD/docs: Important information about the cloud including:
- $SCLOUD/docs/learning: Docs for operators to go deeper and learn cloud operation concepts. - $WCLOUD/docs/learning: Docs for operators to go deeper and learn cloud operation concepts.
- $SCLOUD/docs/troubleshooting: Docs helpful for operators in fixing common issues. - $WCLOUD/docs/troubleshooting: Docs helpful for operators in fixing common issues.
## Best Practices: ## Best Practices:

2
.vscode/settings.json vendored
View File

@@ -2,7 +2,7 @@
"cSpell.customDictionaries": { "cSpell.customDictionaries": {
"custom-dictionary-workspace": { "custom-dictionary-workspace": {
"name": "custom-dictionary-workspace", "name": "custom-dictionary-workspace",
"path": "${workspaceFolder:sovereign-cloud}/.cspell/custom-dictionary-workspace.txt", "path": "${workspaceFolder:wild-cloud}/.cspell/custom-dictionary-workspace.txt",
"addWords": true, "addWords": true,
"scope": "workspace" "scope": "workspace"
} }

6
README.md
View File

@@ -1,6 +1,8 @@
# Sovereign Cloud # Wild Cloud
> Take control of your digital life with your own personal cloud infrastructure Welcome! So excited you're here!
When I was an 8 year old kid, I had a computer named the Commodore64. One of the coolest things about it was th
## Why Build Your Own Cloud? ## Why Build Your Own Cloud?

2
apps/immich/ingress.yaml
View File

@@ -19,6 +19,6 @@ spec:
port: port:
number: 3001 number: 3001
tls: tls:
- secretName: wildcard-internal-sovereign-cloud-tls - secretName: wildcard-internal-wild-cloud-tls
hosts: hosts:
- your.immich.domain - your.immich.domain

2
apps/jellyfin/ingress.yaml
View File

@@ -19,6 +19,6 @@ spec:
port: port:
number: 8096 number: 8096
tls: tls:
- secretName: wildcard-internal-sovereign-cloud-tls - secretName: wildcard-internal-wild-cloud-tls
hosts: hosts:
- your.jellyfin.domain - your.jellyfin.domain

2
apps/jellyfin/kustomization.yaml
View File

@@ -6,7 +6,7 @@ labels:
pairs: pairs:
app: jellyfin app: jellyfin
managedBy: kustomize managedBy: kustomize
partOf: sovereign-cloud partOf: wild-cloud
resources: resources:
- deployment.yaml - deployment.yaml
- ingress.yaml - ingress.yaml

2
apps/nextcloud/ingress.yaml
View File

@@ -20,6 +20,6 @@ spec:
port: port:
number: 80 number: 80
tls: tls:
- secretName: wildcard-internal-sovereign-cloud-tls - secretName: wildcard-internal-wild-cloud-tls
hosts: hosts:
- your.nextcloud.domain - your.nextcloud.domain

2
apps/nextcloud/kustomization.yaml
View File

@@ -6,7 +6,7 @@ labels:
pairs: pairs:
app: nextcloud app: nextcloud
managedBy: kustomize managedBy: kustomize
partOf: sovereign-cloud partOf: wild-cloud
resources: resources:
- cron.yaml - cron.yaml
- deployment.yaml - deployment.yaml

5
apps/redis/deployment.yaml
View File

@@ -20,7 +20,10 @@ spec:
- containerPort: 6379 - containerPort: 6379
env: env:
- name: TZ - name: TZ
value: America/New_York valueFrom:
configMapKeyRef:
name: config
key: TZ
envFrom: envFrom:
- configMapRef: - configMapRef:
name: config name: config

2
apps/redis/kustomization.yaml
View File

@@ -6,7 +6,7 @@ labels:
pairs: pairs:
app: redis app: redis
managedBy: kustomize managedBy: kustomize
partOf: sovereign-cloud partOf: wild-cloud
resources: resources:
- deployment.yaml - deployment.yaml
- namespace.yaml - namespace.yaml

2
bin/README.md
View File

@@ -1,3 +1,3 @@
# Sovereign Cloud Binaries # Wild Cloud Binaries
These are the scripts that help you manage your cloud. These are the scripts that help you manage your cloud.

4
bin/push-container
View File

@@ -28,14 +28,14 @@ fi
CONTAINER_NAME="$1" CONTAINER_NAME="$1"
VERSION="${2:-latest}" VERSION="${2:-latest}"
REGISTRY=$DOCKER_REGISTRY_HOST REGISTRY=$DOCKER_REGISTRY_HOST
CONTAINER_DIR="/data/repos/sovereign-cloud/containers/${CONTAINER_NAME}" CONTAINER_DIR="/data/repos/wild-cloud/containers/${CONTAINER_NAME}"
IMAGE_NAME="${REGISTRY}/${CONTAINER_NAME}:${VERSION}" IMAGE_NAME="${REGISTRY}/${CONTAINER_NAME}:${VERSION}"
# Check if container directory exists # Check if container directory exists
if [ ! -d "$CONTAINER_DIR" ]; then if [ ! -d "$CONTAINER_DIR" ]; then
echo "Error: Container directory not found: $CONTAINER_DIR" echo "Error: Container directory not found: $CONTAINER_DIR"
echo "Available containers:" echo "Available containers:"
ls -1 /data/repos/sovereign-cloud/containers/ ls -1 /data/repos/wild-cloud/containers/
exit 1 exit 1
fi fi

8
docs/learning/visibility.md
View File

@@ -95,7 +95,7 @@ spec:
tls: tls:
- hosts: - hosts:
- my-app.CLOUD_DOMAIN - my-app.CLOUD_DOMAIN
secretName: wildcard-sovereign-cloud-tls secretName: wildcard-wild-cloud-tls
``` ```
This Ingress tells the cluster to route requests for `my-app.CLOUD_DOMAIN` to your service. The annotations provide hints to other systems like ExternalDNS. This Ingress tells the cluster to route requests for `my-app.CLOUD_DOMAIN` to your service. The annotations provide hints to other systems like ExternalDNS.
@@ -150,7 +150,7 @@ spec:
- --source=service - --source=service
- --source=ingress - --source=ingress
- --provider=cloudflare - --provider=cloudflare
- --txt-owner-id=sovereign-cloud - --txt-owner-id=wild-cloud
``` ```
ExternalDNS watches Kubernetes Services and Ingresses with appropriate annotations, then creates corresponding DNS records in CloudFlare, making your applications discoverable by domain name. ExternalDNS watches Kubernetes Services and Ingresses with appropriate annotations, then creates corresponding DNS records in CloudFlare, making your applications discoverable by domain name.
@@ -163,10 +163,10 @@ To secure connections with HTTPS, we use cert-manager to automatically obtain an
apiVersion: cert-manager.io/v1 apiVersion: cert-manager.io/v1
kind: Certificate kind: Certificate
metadata: metadata:
name: wildcard-sovereign-cloud-io name: wildcard-wild-cloud-io
namespace: default namespace: default
spec: spec:
secretName: wildcard-sovereign-cloud-tls secretName: wildcard-wild-cloud-tls
dnsNames: dnsNames:
- "*.CLOUD_DOMAIN" - "*.CLOUD_DOMAIN"
- "CLOUD_DOMAIN" - "CLOUD_DOMAIN"

8
infrastructure_setup/cert-manager/internal-wildcard-certificate.yaml
View File

@@ -2,13 +2,13 @@
apiVersion: cert-manager.io/v1 apiVersion: cert-manager.io/v1
kind: Certificate kind: Certificate
metadata: metadata:
name: wildcard-internal-sovereign-cloud name: wildcard-internal-wild-cloud
namespace: cert-manager namespace: cert-manager
spec: spec:
secretName: wildcard-internal-sovereign-cloud-tls secretName: wildcard-internal-wild-cloud-tls
dnsNames: dnsNames:
- "*.internal.${DOMAIN}" - "*.internal.${DOMAIN}"
- "internal.${DOMAIN}" - "internal.${DOMAIN}"
issuerRef: issuerRef:
name: letsencrypt-prod name: letsencrypt-prod
kind: ClusterIssuer kind: ClusterIssuer

8
infrastructure_setup/cert-manager/wildcard-certificate.yaml
View File

@@ -2,13 +2,13 @@
apiVersion: cert-manager.io/v1 apiVersion: cert-manager.io/v1
kind: Certificate kind: Certificate
metadata: metadata:
name: wildcard-sovereign-cloud name: wildcard-wild-cloud
namespace: cert-manager namespace: cert-manager
spec: spec:
secretName: wildcard-sovereign-cloud-tls secretName: wildcard-wild-cloud-tls
dnsNames: dnsNames:
- "*.${DOMAIN}" - "*.${DOMAIN}"
- "${DOMAIN}" - "${DOMAIN}"
issuerRef: issuerRef:
name: letsencrypt-prod name: letsencrypt-prod
kind: ClusterIssuer kind: ClusterIssuer

2
infrastructure_setup/docker-registry/ingress.yaml
View File

@@ -17,4 +17,4 @@ spec:
tls: tls:
- hosts: - hosts:
- docker-registry.internal.${DOMAIN} - docker-registry.internal.${DOMAIN}
secretName: wildcard-internal-sovereign-cloud-tls secretName: wildcard-internal-wild-cloud-tls

18
infrastructure_setup/docker-registry/kustomization.yaml
View File

@@ -2,16 +2,16 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
namespace: docker-registry namespace: docker-registry
labels: labels:
- includeSelectors: true - includeSelectors: true
pairs: pairs:
app: docker-registry app: docker-registry
managedBy: sovereign-cloud managedBy: wild-cloud
resources: resources:
- deployment.yaml - deployment.yaml
- ingress.yaml - ingress.yaml
- service.yaml - service.yaml
- namespace.yaml - namespace.yaml
- pvc.yaml - pvc.yaml
configMapGenerator: configMapGenerator:
- name: docker-registry-config - name: docker-registry-config
envs: envs:

11
infrastructure_setup/kubernetes-dashboard/dashboard-kube-system.yaml
View File

@@ -9,10 +9,10 @@ spec:
ipWhiteList: ipWhiteList:
# Restrict to local private network ranges # Restrict to local private network ranges
sourceRange: sourceRange:
- 127.0.0.1/32 # localhost - 127.0.0.1/32 # localhost
- 10.0.0.0/8 # Private network - 10.0.0.0/8 # Private network
- 172.16.0.0/12 # Private network - 172.16.0.0/12 # Private network
- 192.168.0.0/16 # Private network - 192.168.0.0/16 # Private network
--- ---
# HTTPS redirect middleware # HTTPS redirect middleware
@@ -47,7 +47,7 @@ spec:
port: 443 port: 443
serversTransport: dashboard-transport serversTransport: dashboard-transport
tls: tls:
secretName: wildcard-internal-sovereign-cloud-tls secretName: wildcard-internal-wild-cloud-tls
--- ---
# HTTP to HTTPS redirect. # HTTP to HTTPS redirect.
@@ -82,4 +82,3 @@ metadata:
spec: spec:
insecureSkipVerify: true insecureSkipVerify: true
serverName: dashboard.internal.${DOMAIN} serverName: dashboard.internal.${DOMAIN}

4
infrastructure_setup/setup-dashboard.sh
View File

@@ -20,8 +20,8 @@ echo "Installing Kubernetes Dashboard core components..."
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
# Copying cert-manager secrets to the dashboard namespace # Copying cert-manager secrets to the dashboard namespace
copy-secret cert-manager:wildcard-internal-sovereign-cloud-tls $NAMESPACE copy-secret cert-manager:wildcard-internal-wild-cloud-tls $NAMESPACE
copy-secret cert-manager:wildcard-sovereign-cloud-tls $NAMESPACE copy-secret cert-manager:wildcard-wild-cloud-tls $NAMESPACE
# Create admin service account and token # Create admin service account and token
echo "Creating dashboard admin service account and token..." echo "Creating dashboard admin service account and token..."