CSTF/wild-cloud
1
1
Fork 0
Code Issues 12 Pull Requests Actions Packages Projects 1 Releases 1 Wiki Activity

Compare commits

base: CSTF:3a9bd7c6b33270dd62c8a9568f3cf6f4f46b5943
Branches Tags
CSTF:main CSTF:golang CSTF:apps/jellyfin CSTF:apps/homepage CSTF:apps/homeassistant CSTF:apps/codimd
CSTF:POC
..
compare: CSTF:apps/codimd
Branches Tags
CSTF:main CSTF:golang CSTF:apps/jellyfin CSTF:apps/homepage CSTF:apps/homeassistant CSTF:apps/codimd
CSTF:POC

1 Commits
3a9bd7c6b3 ... apps/codim

Author SHA1 Message Date
Paul Payne
10c67169b5 Add codimd app. 2025-08-16 07:54:06 -07:00
22 changed files with 519 additions and 36 deletions
Expand all files Collapse all files

2
README.md
View File

@@ -2,7 +2,7 @@
Welcome! So excited you're here!
_This project is massively in progress. It's not ready to be used yet (even though I am using it as I develop it). This is published publicly for transparency. If you want to help out, please [get in touch](https://forum.civilsociety.dev/c/wild-cloud/5)._
_This project is massively in progress. It's not ready to be used yet (even though I am using it as I develop it). This is published publicly for transparency. If you want to help out, please get in touch._
## Why Build Your Own Cloud?

51
apps/codimd/db-init-job.yaml Normal file
View File

@@ -0,0 +1,51 @@
apiVersion: batch/v1
kind: Job
metadata:
name: codimd-db-init
labels:
component: db-init
spec:
template:
metadata:
labels:
component: db-init
spec:
containers:
- name: db-init
image: {{ .apps.postgres.image }}
command: ["/bin/bash", "-c"]
args:
- |
PGPASSWORD=${POSTGRES_ADMIN_PASSWORD} psql -h ${DB_HOSTNAME} -U postgres <<EOF
DO \$\$
BEGIN
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = '${DB_USERNAME}') THEN
CREATE USER ${DB_USERNAME} WITH ENCRYPTED PASSWORD '${DB_PASSWORD}';
ELSE
ALTER USER ${DB_USERNAME} WITH ENCRYPTED PASSWORD '${DB_PASSWORD}';
END IF;
END
\$\$;
SELECT 'CREATE DATABASE ${DB_DATABASE_NAME}' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '${DB_DATABASE_NAME}')\gexec
ALTER DATABASE ${DB_DATABASE_NAME} OWNER TO ${DB_USERNAME};
GRANT ALL PRIVILEGES ON DATABASE ${DB_DATABASE_NAME} TO ${DB_USERNAME};
EOF
env:
- name: POSTGRES_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: postgres-secrets
key: apps.postgres.password
- name: DB_HOSTNAME
value: "{{ .apps.codimd.dbHost }}"
- name: DB_DATABASE_NAME
value: "{{ .apps.codimd.dbName }}"
- name: DB_USERNAME
value: "{{ .apps.codimd.dbUser }}"
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: codimd-secrets
key: apps.codimd.dbPassword
restartPolicy: OnFailure

113
apps/codimd/deployment.yaml Normal file
View File

@@ -0,0 +1,113 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: codimd
namespace: codimd
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
component: web
template:
metadata:
labels:
component: web
spec:
securityContext:
fsGroup: 1500
runAsGroup: 1500
runAsNonRoot: true
runAsUser: 1500
containers:
- name: codimd
image: "{{ .apps.codimd.image }}"
imagePullPolicy: IfNotPresent
env:
- name: CMD_DOMAIN
value: "{{ .apps.codimd.domain }}"
- name: CMD_URL_ADDPORT
value: "false"
- name: CMD_PROTOCOL_USESSL
value: "{{ .apps.codimd.useSSL }}"
- name: CMD_USECDN
value: "{{ .apps.codimd.useCDN }}"
- name: CMD_DB_URL
value: "postgres://{{ .apps.codimd.dbUser }}:$(CMD_DB_PASSWORD)@{{ .apps.codimd.dbHost }}:{{ .apps.codimd.dbPort }}/{{ .apps.codimd.dbName }}"
- name: CMD_DB_PASSWORD
valueFrom:
secretKeyRef:
name: codimd-secrets
key: apps.codimd.dbPassword
- name: CMD_SESSION_SECRET
valueFrom:
secretKeyRef:
name: codimd-secrets
key: apps.codimd.sessionSecret
- name: CMD_SESSION_LIFE
value: "{{ .apps.codimd.sessionLifeTime }}"
- name: CMD_HSTS_ENABLE
value: "{{ .apps.codimd.hstsEnable }}"
- name: CMD_HSTS_MAX_AGE
value: "{{ .apps.codimd.hstsMaxAge }}"
- name: CMD_HSTS_INCLUDE_SUBDOMAINS
value: "false"
- name: CMD_HSTS_PRELOAD
value: "true"
- name: CMD_CSP_ENABLE
value: "{{ .apps.codimd.cspEnable }}"
- name: CMD_ALLOW_GRAVATAR
value: "{{ .apps.codimd.allowGravatar }}"
- name: CMD_RESPONSE_MAX_LAG
value: "70"
- name: CMD_IMAGE_UPLOAD_TYPE
value: "{{ .apps.codimd.imageUploadType }}"
- name: CMD_ALLOW_FREEURL
value: "{{ .apps.codimd.allowFreeURL }}"
- name: CMD_FORBIDDEN_NOTE_IDS
value: "robots.txt,favicon.ico,api"
- name: CMD_DEFAULT_PERMISSION
value: "{{ .apps.codimd.defaultPermission }}"
- name: CMD_ALLOW_ANONYMOUS_EDITS
value: "{{ .apps.codimd.allowAnonymousEdits }}"
- name: CMD_ALLOW_ANONYMOUS_VIEWS
value: "{{ .apps.codimd.allowAnonymousViews }}"
- name: CMD_ALLOW_PDF_EXPORT
value: "{{ .apps.codimd.allowPdfExport }}"
- name: CMD_DEFAULT_USE_HARD_BREAK
value: "{{ .apps.codimd.useHardBreak }}"
- name: CMD_LINKIFY_HEADER_STYLE
value: "{{ .apps.codimd.linkifyHeaderStyle }}"
- name: CMD_AUTO_VERSION_CHECK
value: "{{ .apps.codimd.autoVersionCheck }}"
ports:
- name: http
containerPort: {{ .apps.codimd.port }}
volumeMounts:
- mountPath: /home/hackmd/app/public/uploads
name: uploads
readinessProbe:
httpGet:
port: {{ .apps.codimd.port }}
path: /status
initialDelaySeconds: 3
failureThreshold: 2
successThreshold: 3
timeoutSeconds: 2
periodSeconds: 5
livenessProbe:
failureThreshold: 3
httpGet:
path: /status
port: {{ .apps.codimd.port }}
scheme: HTTP
initialDelaySeconds: 3
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 2
restartPolicy: Always
volumes:
- name: uploads
persistentVolumeClaim:
claimName: codimd-uploads

24
apps/codimd/ingress.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: codimd-public
namespace: codimd
annotations:
external-dns.alpha.kubernetes.io/target: "{{ .apps.codimd.domain }}"
external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
spec:
rules:
- host: "{{ .apps.codimd.domain }}"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: codimd
port:
number: 3000
tls:
- secretName: wildcard-wild-cloud-tls
hosts:
- "{{ .apps.codimd.domain }}"

16
apps/codimd/kustomization.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: codimd
labels:
- includeSelectors: true
pairs:
app: codimd
managedBy: kustomize
partOf: wild-cloud
resources:
- namespace.yaml
- deployment.yaml
- service.yaml
- ingress.yaml
- pvc.yaml
- db-init-job.yaml

37
apps/codimd/manifest.yaml Normal file
View File

@@ -0,0 +1,37 @@
name: codimd
description: CodiMD is a realtime collaborative markdown notes editor
version: 2.5.1
icon: https://github.com/hackmdio/codimd/raw/master/public/logo.png
requires:
- name: postgres
defaultConfig:
image: nabo.codimd.dev/hackmdio/hackmd:2.5.1
domain: codimd.{{ .cloud.domain }}
port: 3000
storage: 10Gi
dbName: codimd
dbUser: codimd
dbHost: postgres.postgres.svc.cluster.local
dbPort: 5432
timezone: UTC
useSSL: false
useCDN: false
allowFreeURL: false
defaultPermission: editable
allowAnonymousEdits: true
allowAnonymousViews: true
allowPdfExport: false
allowGravatar: true
imageUploadType: filesystem
sessionLifeTime: 1209600000
hstsEnable: true
hstsMaxAge: 31536000
cspEnable: true
autoVersionCheck: true
useHardBreak: true
linkifyHeaderStyle: keep-case
tlsSecretName: wildcard-wild-cloud-tls
requiredSecrets:
- apps.codimd.dbPassword
- apps.codimd.sessionSecret
- apps.codimd.dbUrl

4
apps/codimd/namespace.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: codimd

12
apps/codimd/pvc.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: codimd-uploads
namespace: codimd
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: "{{ .apps.codimd.storage }}"

12
apps/codimd/service.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: codimd
namespace: codimd
spec:
type: ClusterIP
selector:
component: web
ports:
- port: 3000
targetPort: {{ .apps.codimd.port }}

12
apps/jellyfin/config/example.env Normal file
View File

@@ -0,0 +1,12 @@
# Config
JELLYFIN_DOMAIN=jellyfin.$DOMAIN
JELLYFIN_CONFIG_STORAGE=1Gi
JELLYFIN_CACHE_STORAGE=10Gi
JELLYFIN_MEDIA_STORAGE=100Gi
TZ=UTC
# Docker Images
JELLYFIN_IMAGE=jellyfin/jellyfin:latest
# Jellyfin Configuration
JELLYFIN_PublishedServerUrl=https://jellyfin.$DOMAIN

49
apps/jellyfin/deployment.yaml Normal file
View File

@@ -0,0 +1,49 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: jellyfin
spec:
replicas: 1
selector:
matchLabels:
app: jellyfin
strategy:
type: Recreate
template:
metadata:
labels:
app: jellyfin
spec:
containers:
- image: jellyfin/jellyfin:latest
name: jellyfin
ports:
- containerPort: 8096
protocol: TCP
envFrom:
- configMapRef:
name: config
env:
- name: TZ
valueFrom:
configMapKeyRef:
key: TZ
name: config
volumeMounts:
- mountPath: /config
name: jellyfin-config
- mountPath: /cache
name: jellyfin-cache
- mountPath: /media
name: jellyfin-media
volumes:
- name: jellyfin-config
persistentVolumeClaim:
claimName: jellyfin-config-pvc
- name: jellyfin-cache
persistentVolumeClaim:
claimName: jellyfin-cache-pvc
- name: jellyfin-media
persistentVolumeClaim:
claimName: jellyfin-media-pvc

24
apps/jellyfin/ingress.yaml Normal file
View File

@@ -0,0 +1,24 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: jellyfin-public
annotations:
external-dns.alpha.kubernetes.io/target: your.jellyfin.domain
external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
spec:
rules:
- host: your.jellyfin.domain
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: jellyfin
port:
number: 8096
tls:
- secretName: wildcard-internal-wild-cloud-tls
hosts:
- your.jellyfin.domain

82
apps/jellyfin/kustomization.yaml Normal file
View File

@@ -0,0 +1,82 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: jellyfin
labels:
- includeSelectors: true
pairs:
app: jellyfin
managedBy: kustomize
partOf: wild-cloud
resources:
- deployment.yaml
- ingress.yaml
- namespace.yaml
- pvc.yaml
- service.yaml
configMapGenerator:
- name: config
envs:
- config/config.env
replacements:
- source:
kind: ConfigMap
name: config
fieldPath: data.DOMAIN
targets:
- select:
kind: Ingress
name: jellyfin-public
fieldPaths:
- metadata.annotations.[external-dns.alpha.kubernetes.io/target]
- source:
kind: ConfigMap
name: config
fieldPath: data.JELLYFIN_DOMAIN
targets:
- select:
kind: Ingress
name: jellyfin-public
fieldPaths:
- spec.rules.0.host
- spec.tls.0.hosts.0
- source:
kind: ConfigMap
name: config
fieldPath: data.JELLYFIN_CONFIG_STORAGE
targets:
- select:
kind: PersistentVolumeClaim
name: jellyfin-config-pvc
fieldPaths:
- spec.resources.requests.storage
- source:
kind: ConfigMap
name: config
fieldPath: data.JELLYFIN_CACHE_STORAGE
targets:
- select:
kind: PersistentVolumeClaim
name: jellyfin-cache-pvc
fieldPaths:
- spec.resources.requests.storage
- source:
kind: ConfigMap
name: config
fieldPath: data.JELLYFIN_MEDIA_STORAGE
targets:
- select:
kind: PersistentVolumeClaim
name: jellyfin-media-pvc
fieldPaths:
- spec.resources.requests.storage
- source:
kind: ConfigMap
name: config
fieldPath: data.JELLYFIN_IMAGE
targets:
- select:
kind: Deployment
name: jellyfin
fieldPaths:
- spec.template.spec.containers.0.image

5
apps/jellyfin/namespace.yaml Normal file
View File

@@ -0,0 +1,5 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: jellyfin

37
apps/jellyfin/pvc.yaml Normal file
View File

@@ -0,0 +1,37 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jellyfin-config-pvc
namespace: jellyfin
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jellyfin-cache-pvc
namespace: jellyfin
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jellyfin-media-pvc
namespace: jellyfin
spec:
accessModes:
- ReadWriteMany
storageClassName: nfs
resources:
requests:
storage: 100Gi

15
apps/jellyfin/service.yaml Normal file
View File

@@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: jellyfin
namespace: jellyfin
labels:
app: jellyfin
spec:
ports:
- port: 8096
targetPort: 8096
protocol: TCP
selector:
app: jellyfin

2
bin/wild-setup-scaffold
View File

@@ -75,6 +75,8 @@ prompt_if_unset_config "cloud.domain" "Your public cloud domain" "cloud.${base_d
domain=$(wild-config "cloud.domain")
prompt_if_unset_config "cloud.internalDomain" "Your internal cloud domain" "internal.${domain}"
prompt_if_unset_config "cloud.backup.root" "Existing path to save backups to" ""
prompt_if_unset_secret "cloud.backupPassword" "Backup password (leave empty to generate a random one)" ""
# Derive cluster name from domain if not already set
current_cluster_name=$(wild-config "cluster.name")

4
test/README.md
View File

@@ -28,8 +28,8 @@ Tests project detection and script execution:
### `test_config_functions.bats`
Tests configuration and secret access:
- `wild-config` command
- `wild-secret` command
- `get_current_config()` function
- `get_current_secret()` function
- Configuration access from subdirectories
- Fixture data usage

10
test/test_common_functions.bats
View File

@@ -36,18 +36,14 @@ teardown() {
@test "init_wild_env sets WC_HOME correctly" {
mkdir -p "$TEST_PROJECT_DIR/deep/nested"
cd "$TEST_PROJECT_DIR/deep/nested"
unset WC_HOME
export WC_ROOT="$PROJECT_ROOT"
export PATH="$PROJECT_ROOT/bin:$PATH"
unset WC_HOME WC_ROOT
init_wild_env
assert_equal "$WC_HOME" "$TEST_PROJECT_DIR"
}
@test "init_wild_env sets WC_ROOT correctly" {
cd "$TEST_PROJECT_DIR"
unset WC_HOME
export WC_ROOT="$PROJECT_ROOT"
export PATH="$PROJECT_ROOT/bin:$PATH"
unset WC_HOME WC_ROOT
init_wild_env
# WC_ROOT is set (value depends on test execution context)
assert [ -n "$WC_ROOT" ]
@@ -62,7 +58,7 @@ teardown() {
@test "print functions work correctly" {
cd "$TEST_PROJECT_DIR"
run bash -c '
source "$PROJECT_ROOT/scripts/common.sh"
source "$PROJECT_ROOT/bin/wild-common.sh"
print_header "Test Header"
print_info "Test info message"
print_warning "Test warning message"

26
test/test_config_functions.bats
View File

@@ -15,47 +15,45 @@ teardown() {
teardown_test_project "config-test"
}
@test "wild-config with existing config" {
CLUSTER_NAME=$(wild-config "cluster.name")
@test "get_current_config with existing config" {
CLUSTER_NAME=$(get_current_config "cluster.name")
assert_equal "$CLUSTER_NAME" "test-cluster"
}
@test "wild-config with nested path" {
VIP=$(wild-config "cluster.nodes.control.vip")
@test "get_current_config with nested path" {
VIP=$(get_current_config "cluster.nodes.control.vip")
assert_equal "$VIP" "192.168.100.200"
}
@test "wild-config with non-existent key" {
NONEXISTENT=$(wild-config "nonexistent.key")
@test "get_current_config with non-existent key" {
NONEXISTENT=$(get_current_config "nonexistent.key")
assert_equal "$NONEXISTENT" ""
}
@test "active nodes configuration access - interface" {
CONTROL_NODE_INTERFACE=$(wild-config "cluster.nodes.active.\"192.168.100.201\".interface")
CONTROL_NODE_INTERFACE=$(get_current_config "cluster.nodes.active.\"192.168.100.201\".interface")
assert_equal "$CONTROL_NODE_INTERFACE" "eth0"
}
@test "active nodes configuration access - maintenance IP" {
MAINTENANCE_IP=$(wild-config "cluster.nodes.active.\"192.168.100.201\".maintenanceIp")
MAINTENANCE_IP=$(get_current_config "cluster.nodes.active.\"192.168.100.201\".maintenanceIp")
assert_equal "$MAINTENANCE_IP" "192.168.100.131"
}
@test "wild-secret function" {
@test "get_current_secret function" {
# Create temporary secrets file for testing
cp "$TEST_DIR/fixtures/sample-secrets.yaml" "$TEST_PROJECT_DIR/secrets.yaml"
SECRET_VAL=$(wild-secret "operator.cloudflareApiToken")
SECRET_VAL=$(get_current_secret "operator.cloudflareApiToken")
assert_equal "$SECRET_VAL" "test_api_token_123456789"
}
@test "config access from subdirectory" {
mkdir -p "$TEST_PROJECT_DIR/config-subdir"
cd "$TEST_PROJECT_DIR/config-subdir"
unset WC_HOME
export WC_ROOT="$PROJECT_ROOT"
export PATH="$PROJECT_ROOT/bin:$PATH"
unset WC_HOME WC_ROOT
init_wild_env
SUBDIR_CLUSTER=$(wild-config "cluster.name")
SUBDIR_CLUSTER=$(get_current_config "cluster.name")
assert_equal "$SUBDIR_CLUSTER" "test-cluster"
}

2
test/test_helper.bash
View File

@@ -29,7 +29,7 @@ setup_test_project() {
fi
# Source wild-common.sh
source "$PROJECT_ROOT/scripts/common.sh"
source "$PROJECT_ROOT/bin/wild-common.sh"
}
# Clean up test environment

16
test/test_project_detection.bats
View File

@@ -59,9 +59,7 @@ teardown() {
cd "$TEST_PROJECT_DIR/config-test"
# Set up environment like the scripts do
unset WC_HOME
export WC_ROOT="$PROJECT_ROOT"
export PATH="$PROJECT_ROOT/bin:$PATH"
unset WC_HOME WC_ROOT
init_wild_env
CLUSTER_NAME=$("$PROJECT_ROOT/bin/wild-config" cluster.name 2>/dev/null)
@@ -70,10 +68,8 @@ teardown() {
@test "environment variables from project root" {
cd "$TEST_PROJECT_DIR"
unset WC_HOME
export WC_ROOT="$PROJECT_ROOT"
export PATH="$PROJECT_ROOT/bin:$PATH"
source "$PROJECT_ROOT/scripts/common.sh"
unset WC_HOME WC_ROOT
source "$PROJECT_ROOT/bin/wild-common.sh"
init_wild_env
assert_equal "$WC_HOME" "$TEST_PROJECT_DIR"
@@ -83,10 +79,8 @@ teardown() {
@test "environment variables from nested directory" {
mkdir -p "$TEST_PROJECT_DIR/deep/very"
cd "$TEST_PROJECT_DIR/deep/very"
unset WC_HOME
export WC_ROOT="$PROJECT_ROOT"
export PATH="$PROJECT_ROOT/bin:$PATH"
source "$PROJECT_ROOT/scripts/common.sh"
unset WC_HOME WC_ROOT
source "$PROJECT_ROOT/bin/wild-common.sh"
init_wild_env
assert_equal "$WC_HOME" "$TEST_PROJECT_DIR"