wild-cloud/wild-directory
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: wild-cloud:12e87635c601f6a8f25bded507c3f166788b0336
Branches Tags
wild-cloud:main wild-cloud:mailu
...
compare: wild-cloud:945d2225a2d256183c08bfbe6b942302f8ac343b
Branches Tags
wild-cloud:main wild-cloud:mailu

6 Commits
12e87635c6 ... 945d2225a2

Author SHA1 Message Date
Paul Payne
945d2225a2 First version of app upgrade. 2026-05-24 04:00:07 +00:00
Paul Payne
6e1c676c09 feat: update versioning in longhorn and snapshot-controller manifests 2026-05-23 20:42:45 +00:00
Paul Payne
6b5325c6f3 Standardize config. 2026-05-23 19:51:33 +00:00
Paul Payne
e2e3f730a5 fix: remove unnecessary namespace from default configuration in README and manifest 2026-05-23 11:36:51 +00:00
Paul Payne
46002ff273 feat: update NFS documentation and manifest version for improved clarity and configuration 2026-05-23 11:25:50 +00:00
Paul Payne
acec744df8 feat: update NFS configuration and add check-nfs script for server validation 2026-05-23 11:24:21 +00:00
100 changed files with 873 additions and 786 deletions
Expand all files Collapse all files

150
ADDING-APPS.md
View File

@@ -31,21 +31,18 @@ requires:
alias: db # Use a different reference name in templates
- name: redis # 'alias' and 'installedAs' default to 'name' value
defaultConfig:
serverImage: ghcr.io/immich-app/immich-server:release
mlImage: ghcr.io/immich-app/immich-machine-learning:release
timezone: UTC
serverPort: 2283
mlPort: 3003
namespace: immich
externalDnsDomain: "{{ .cloud.domain }}"
storage: 250Gi
cacheStorage: 10Gi
redisHostname: "{{ .apps.redis.host }}" # Can reference 'requires' app configurations
dbHostname: "{{ .apps.pg.host }}"
domain: immich.{{ .cloud.domain }}
tlsSecretName: wildcard-wild-cloud-tls
db: # Configuration can be nested
host: "{{ .apps.pg.host }}" # Can reference 'requires' app configurations
name: immich
user: immich
host: "{{ .apps.pg.host }}"
port: "{{ .apps.pg.port }}"
domain: immich.{{ .cloud.domain }}
redis:
host: "{{ .apps.redis.host }}"
defaultSecrets:
- key: password # Random value will be generated if empty
- key: dbUrl
@@ -62,13 +59,144 @@ requiredSecrets:
| `name` | Yes | App identifier (must match directory name) |
| `is` | Yes | Unique id for this app. Used for `requires` mapping |
| `description` | Yes | Brief app description shown in listings |
| `version` | Yes | App version (follow upstream versioning) |
| `version` | Yes | App version (see Versioning Convention below) |
| `icon` | No | URL to app icon for UI display |
| `requires` | No | List of dependency apps with optional aliases |
| `defaultConfig` | Yes | Default configuration values merged into operator's `config.yaml` |
| `defaultSecrets` | No | This app's secrets (no 'default' = auto-generated) |
| `requiredSecrets` | No | List of secrets from dependency apps (format: `<app-ref>.<key>`) |
### Versioning Convention
Wild Cloud uses a two-part version scheme inspired by Debian packaging: `<upstream>-<revision>`.
- **Upstream version** tracks the third-party software version (e.g., `v4.0.18`, `1.120.2`)
- **Packaging revision** tracks Wild Cloud packaging changes (template fixes, manifest cleanup, config restructuring) that don't change the upstream software version
**Examples:**
- `v4.0.18` — initial packaging of upstream v4.0.18
- `v4.0.18-1` — first packaging fix (no upstream change)
- `v4.0.18-2` — second packaging fix
- `v4.0.19` — upstream version bump, revision resets
**When to bump the packaging revision:** Any change to the app package that doesn't correspond to an upstream software update — manifest field changes, template improvements, kustomize restructuring, security context fixes, label corrections, etc.
**When to bump the upstream version:** When updating the container image tag or deploying a new version of the third-party software.
The web UI uses version comparison to detect available updates. If the deployed version differs from the wild-directory version, operators see an update indicator and can apply it from the app detail panel.
### Upgrade Metadata
Most apps can upgrade from any version to any other version directly — no special metadata is needed. The `upgrade` field is **optional** and only required when an app has breaking changes that need controlled upgrade paths.
**When you don't need `upgrade:`** Simple apps (Ghost, Redis, most stateless apps) where any version can safely replace any other version. This is the 90% case — just bump the version and the system handles it as a single-step update.
**When you need `upgrade:`** Apps with breaking database schema changes, incompatible config formats, or upstream requirements for sequential version upgrades (e.g., Discourse requires stepping through major versions).
#### The `upgrade` block
```yaml
upgrade:
from:
- version: ">=3.5.0" # Can upgrade directly from 3.5.x
- version: ">=3.4.0"
via: "3.5.3-1" # Must pass through 3.5.x first
- version: "<3.4.0"
blocked: true
notes: "Requires sequential major upgrades. See upstream docs."
preUpgrade:
backup: required # "none", "recommended", or "required"
migrations:
pre:
- migrations/pre-deploy.yaml # K8s Job YAML paths relative to app dir
post:
- migrations/post-deploy.yaml
configMigrations:
oldKeyName: newKeyName # Renames config keys automatically
```
**Fields:**
| Field | Description |
|-------|-------------|
| `from` | List of version constraint rules, evaluated in order (first match wins) |
| `from[].version` | Version constraint: `>=`, `>`, `<=`, `<`, `=`, or `>0` (matches any) |
| `from[].via` | Waypoint version in `.versions/` — upgrade must pass through this version first |
| `from[].blocked` | If true, upgrade is blocked with an error message |
| `from[].notes` | Human-readable message shown when blocked or as context |
| `preUpgrade.backup` | Backup requirement: `"required"` blocks upgrade until backup is done, `"recommended"` shows a warning |
| `migrations.pre` | K8s Job YAMLs to run before deploying each version step |
| `migrations.post` | K8s Job YAMLs to run after deploying each version step |
| `configMigrations` | Map of old config key → new config key for automatic renaming |
#### Waypoint versions (`.versions/` directory)
When an upgrade requires passing through an intermediate version, store that version's files in a `.versions/` subdirectory:
```
myapp/
├── manifest.yaml # Latest version (e.g., 3.6.0)
├── kustomization.yaml
├── *.yaml
└── .versions/
└── 3.5.3-1/ # Waypoint version
├── manifest.yaml # version: 3.5.3-1 (with its own upgrade rules)
├── kustomization.yaml
└── *.yaml
```
Each waypoint is a complete app package. The system computes a chain automatically — for example, upgrading from 3.4.0 to 3.6.0 might produce: `3.4.0 → 3.5.3-1 → 3.6.0`.
**Creating a waypoint:**
```bash
mkdir -p wild-directory/myapp/.versions
rsync -a --exclude='.versions' wild-directory/myapp/ wild-directory/myapp/.versions/3.5.3-1/
# Now update wild-directory/myapp/manifest.yaml to the new version + upgrade rules
```
#### Migration jobs
Migration jobs are K8s Job manifests that run database migrations or other one-time tasks during an upgrade step. They must be **idempotent** (safe to re-run) since a failed upgrade might be retried.
Place migration job files in the waypoint or app directory and reference them from the `migrations` field:
```yaml
# migrations/db-migrate.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: myapp-db-migrate
spec:
template:
spec:
restartPolicy: OnFailure
containers:
- name: migrate
image: myapp:3.6.0
command: ["bundle", "exec", "rake", "db:migrate"]
```
Each migration step belongs to the version that introduces the breaking change. If version 3.6.0 requires a schema migration, the migration lives in the 3.6.0 manifest (or its waypoint), not on 3.5.x.
#### Example: simple app with waypoint
```yaml
# myapp/manifest.yaml (version 2.0.0)
version: 2.0.0
upgrade:
from:
- version: ">=1.0.0"
via: "1.0.0-1"
- version: "<1.0.0"
blocked: true
notes: "Versions before 1.0.0 are not supported"
preUpgrade:
backup: recommended
```
This creates a 2-step upgrade path: `1.x → 1.0.0-1 → 2.0.0`. The waypoint at `.versions/1.0.0-1/` has no `upgrade` block, so it accepts any version directly.
### Dependency Configuration
- Each dependency in `requires` can have:

24
decidim/README.md
View File

@@ -1,11 +1,6 @@
# Decidim
Decidim is a participatory democracy framework for cities and organizations. Built in Ruby on Rails, it enables citizen participation through proposals, debates, and voting. Includes Sidekiq for background job processing.
## Dependencies
- **PostgreSQL** - Database for storing participatory processes and user data
- **Redis** - Used for Sidekiq background job processing
Decidim is a participatory democracy framework for cities and organizations. It enables citizen participation through proposals, debates, and voting.
## Configuration
@@ -16,20 +11,3 @@ Key settings configured through your instance's `config.yaml`:
- **systemAdminEmail** - System admin email (defaults to your operator email)
- **storage** - Persistent volume size (default: `20Gi`)
- **SMTP** - Email delivery settings inherited from your Wild Cloud instance
## Access
After deployment, Decidim will be available at:
- `https://decidim.{your-cloud-domain}`
## First-Time Setup
1. Add and deploy the app:
```bash
wild app add decidim
wild app deploy decidim
```
2. Log in with the system admin credentials configured during setup
3. Create your first organization and configure participatory processes

6
decidim/db-init-job.yaml
View File

@@ -54,7 +54,7 @@ spec:
echo "Database initialization completed successfully"
env:
- name: POSTGRES_HOST
value: {{ .dbHostname }}
value: {{ .db.host }}
- name: POSTGRES_ADMIN_USER
value: postgres
- name: POSTGRES_ADMIN_PASSWORD
@@ -63,9 +63,9 @@ spec:
name: decidim-secrets
key: postgres.password
- name: DB_NAME
value: {{ .dbName }}
value: {{ .db.name }}
- name: DB_USER
value: {{ .dbUsername }}
value: {{ .db.user }}
- name: DB_PASSWORD
valueFrom:
secretKeyRef:

12
decidim/deployment.yaml
View File

@@ -55,7 +55,7 @@ spec:
- name: RAILS_ENV
value: "production"
- name: PORT
value: "{{ .port }}"
value: "3000"
- name: RAILS_LOG_TO_STDOUT
value: "true"
# Database configuration
@@ -66,7 +66,7 @@ spec:
key: dbUrl
# Redis configuration
- name: REDIS_HOSTNAME
value: {{ .redisHostname }}
value: {{ .redis.host }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
@@ -112,11 +112,11 @@ spec:
key: systemAdminPassword
ports:
- name: http
containerPort: {{ .port }}
containerPort: 3000
protocol: TCP
livenessProbe:
tcpSocket:
port: {{ .port }}
port: 3000
initialDelaySeconds: 300
periodSeconds: 30
timeoutSeconds: 10
@@ -124,7 +124,7 @@ spec:
failureThreshold: 6
readinessProbe:
tcpSocket:
port: {{ .port }}
port: 3000
initialDelaySeconds: 180
periodSeconds: 30
timeoutSeconds: 10
@@ -182,7 +182,7 @@ spec:
key: dbUrl
# Redis configuration
- name: REDIS_HOSTNAME
value: {{ .redisHostname }}
value: {{ .redis.host }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:

2
decidim/ingress.yaml
View File

@@ -23,4 +23,4 @@ spec:
service:
name: decidim
port:
number: {{ .port }}
number: 3000

36
decidim/manifest.yaml
View File

@@ -1,7 +1,7 @@
name: decidim
is: decidim
description: Decidim is a participatory democracy framework for cities and organizations. Built in Ruby on Rails, it enables citizen participation through proposals, debates, and voting. Includes Sidekiq for background job processing.
version: 0.31.0
version: 0.31.0-1
icon: https://raw.githubusercontent.com/decidim/decidim/develop/logo.svg
requires:
- name: postgres
@@ -11,27 +11,27 @@ requires:
- name: smtp
defaultConfig:
namespace: decidim
externalDnsDomain: "{{ .cloud.domain }}"
timezone: UTC
port: 3000
externalDnsDomain: '{{ .cloud.domain }}'
storage: 20Gi
systemAdminEmail: "{{ .operator.email }}"
siteName: "Decidim"
systemAdminEmail: '{{ .operator.email }}'
siteName: 'Decidim'
domain: decidim.{{ .cloud.domain }}
dbHostname: "{{ .apps.postgres.host }}"
dbPort: "{{ .apps.postgres.port }}"
dbUsername: decidim
dbName: decidim
redisHostname: "{{ .apps.redis.host }}"
tlsSecretName: wildcard-wild-cloud-tls
db:
host: '{{ .apps.postgres.host }}'
port: '{{ .apps.postgres.port }}'
name: decidim
user: decidim
redis:
host: '{{ .apps.redis.host }}'
smtp:
enabled: true
host: "{{ .apps.smtp.host }}"
port: "{{ .apps.smtp.port }}"
user: "{{ .apps.smtp.user }}"
from: "{{ .apps.smtp.from }}"
tls: "{{ .apps.smtp.tls }}"
startTls: "{{ .apps.smtp.startTls }}"
host: '{{ .apps.smtp.host }}'
port: '{{ .apps.smtp.port }}'
user: '{{ .apps.smtp.user }}'
from: '{{ .apps.smtp.from }}'
tls: '{{ .apps.smtp.tls }}'
startTls: '{{ .apps.smtp.startTls }}'
defaultSecrets:
- key: systemAdminPassword
- key: secretKeyBase
@@ -39,7 +39,7 @@ defaultSecrets:
- key: smtpPassword
- key: dbPassword
- key: dbUrl
default: "postgres://{{ .app.dbUsername }}:{{ .secrets.dbPassword }}@{{ .app.dbHostname }}:{{ .app.dbPort }}/{{ .app.dbName }}"
default: "postgres://{{ .app.db.user }}:{{ .secrets.dbPassword }}@{{ .app.db.host }}:{{ .app.db.port }}/{{ .app.db.name }}"
requiredSecrets:
- postgres.password
- redis.password

2
decidim/service.yaml
View File

@@ -9,7 +9,7 @@ spec:
component: web
ports:
- name: http
port: {{ .port }}
port: 3000
targetPort: http
protocol: TCP
type: ClusterIP

6
discourse/db-init-job.yaml
View File

@@ -27,7 +27,7 @@ spec:
readOnlyRootFilesystem: false
env:
- name: PGHOST
value: "{{ .dbHostname }}"
value: "{{ .db.host }}"
- name: PGPORT
value: "5432"
- name: PGUSER
@@ -38,9 +38,9 @@ spec:
name: discourse-secrets
key: postgres.password
- name: DISCOURSE_DB_USER
value: "{{ .dbUsername }}"
value: "{{ .db.user }}"
- name: DISCOURSE_DB_NAME
value: "{{ .dbName }}"
value: "{{ .db.name }}"
- name: DISCOURSE_DB_PASSWORD
valueFrom:
secretKeyRef:

30
discourse/deployment.yaml
View File

@@ -56,20 +56,20 @@ spec:
- name: RAILS_ENV
value: "production"
- name: DISCOURSE_DB_HOST
value: {{ .dbHostname }}
value: {{ .db.host }}
- name: DISCOURSE_DB_PORT
value: "{{ .dbPort }}"
value: "{{ .db.port }}"
- name: DISCOURSE_DB_NAME
value: {{ .dbName }}
value: {{ .db.name }}
- name: DISCOURSE_DB_USERNAME
value: {{ .dbUsername }}
value: {{ .db.user }}
- name: DISCOURSE_DB_PASSWORD
valueFrom:
secretKeyRef:
name: discourse-secrets
key: dbPassword
- name: DISCOURSE_REDIS_HOST
value: {{ .redisHostname }}
value: {{ .redis.host }}
- name: DISCOURSE_REDIS_PASSWORD
valueFrom:
secretKeyRef:
@@ -113,13 +113,13 @@ spec:
value: "production"
# Discourse database configuration
- name: DISCOURSE_DB_HOST
value: {{ .dbHostname }}
value: {{ .db.host }}
- name: DISCOURSE_DB_PORT
value: "{{ .dbPort }}"
value: "{{ .db.port }}"
- name: DISCOURSE_DB_NAME
value: {{ .dbName }}
value: {{ .db.name }}
- name: DISCOURSE_DB_USERNAME
value: {{ .dbUsername }}
value: {{ .db.user }}
- name: DISCOURSE_DB_PASSWORD
valueFrom:
secretKeyRef:
@@ -127,7 +127,7 @@ spec:
key: dbPassword
# Redis configuration
- name: DISCOURSE_REDIS_HOST
value: {{ .redisHostname }}
value: {{ .redis.host }}
- name: DISCOURSE_REDIS_PASSWORD
valueFrom:
secretKeyRef:
@@ -220,13 +220,13 @@ spec:
value: "production"
# Discourse database configuration
- name: DISCOURSE_DB_HOST
value: {{ .dbHostname }}
value: {{ .db.host }}
- name: DISCOURSE_DB_PORT
value: "{{ .dbPort }}"
value: "{{ .db.port }}"
- name: DISCOURSE_DB_NAME
value: {{ .dbName }}
value: {{ .db.name }}
- name: DISCOURSE_DB_USERNAME
value: {{ .dbUsername }}
value: {{ .db.user }}
- name: DISCOURSE_DB_PASSWORD
valueFrom:
secretKeyRef:
@@ -234,7 +234,7 @@ spec:
key: dbPassword
# Redis configuration
- name: DISCOURSE_REDIS_HOST
value: {{ .redisHostname }}
value: {{ .redis.host }}
- name: DISCOURSE_REDIS_PASSWORD
valueFrom:
secretKeyRef:

36
discourse/manifest.yaml
View File

@@ -1,7 +1,7 @@
name: discourse
is: discourse
description: Discourse is a modern, open-source discussion platform designed for online communities and forums.
version: 3.5.3
version: 3.5.3-1
icon: https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/svg/discourse.svg
requires:
- name: postgres
@@ -9,28 +9,28 @@ requires:
- name: smtp
defaultConfig:
namespace: discourse
externalDnsDomain: "{{ .cloud.domain }}"
timezone: UTC
port: 3000
externalDnsDomain: '{{ .cloud.domain }}'
storage: 10Gi
adminEmail: "{{ .operator.email }}"
adminEmail: '{{ .operator.email }}'
adminUsername: admin
siteName: "Community"
siteName: 'Community'
domain: discourse.{{ .cloud.domain }}
dbHostname: "{{ .apps.postgres.host }}"
dbPort: "{{ .apps.postgres.port }}"
dbUsername: discourse
dbName: discourse
redisHostname: "{{ .apps.redis.host }}"
tlsSecretName: wildcard-wild-cloud-tls
db:
host: '{{ .apps.postgres.host }}'
port: '{{ .apps.postgres.port }}'
name: discourse
user: discourse
redis:
host: '{{ .apps.redis.host }}'
smtp:
enabled: false
host: "{{ .apps.smtp.host }}"
port: "{{ .apps.smtp.port }}"
user: "{{ .apps.smtp.user }}"
from: "{{ .apps.smtp.from }}"
tls: "{{ .apps.smtp.tls }}"
startTls: "{{ .apps.smtp.startTls }}"
host: '{{ .apps.smtp.host }}'
port: '{{ .apps.smtp.port }}'
user: '{{ .apps.smtp.user }}'
from: '{{ .apps.smtp.from }}'
tls: '{{ .apps.smtp.tls }}'
startTls: '{{ .apps.smtp.startTls }}'
defaultSecrets:
- key: adminPassword
- key: secretKeyBase
@@ -38,7 +38,7 @@ defaultSecrets:
- key: smtpPassword
- key: dbPassword
- key: dbUrl
default: "postgres://{{ .app.dbUsername }}:{{ .secrets.dbPassword }}@{{ .app.dbHostname }}:{{ .app.dbPort }}/{{ .app.dbName }}?sslmode=disable"
default: "postgres://{{ .app.db.user }}:{{ .secrets.dbPassword }}@{{ .app.db.host }}:{{ .app.db.port }}/{{ .app.db.name }}?sslmode=disable"
requiredSecrets:
- postgres.password
- redis.password

72
e2e-test-app/.versions/1.0.0-1/db-init-job.yaml Normal file
View File

@@ -0,0 +1,72 @@
apiVersion: batch/v1
kind: Job
metadata:
name: e2e-test-app-db-init
labels:
component: db-init
spec:
template:
metadata:
labels:
component: db-init
spec:
restartPolicy: OnFailure
securityContext:
runAsNonRoot: true
runAsUser: 999
runAsGroup: 999
seccompProfile:
type: RuntimeDefault
containers:
- name: postgres-init
image: postgres:15
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false
env:
- name: PGHOST
value: {{ .db.host }}
- name: PGUSER
value: postgres
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: e2e-test-app-secrets
key: postgres.password
- name: DB_NAME
value: {{ .db.name }}
- name: DB_USER
value: {{ .db.user }}
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: e2e-test-app-secrets
key: dbPassword
command:
- /bin/bash
- -c
- |
set -e
echo "Waiting for PostgreSQL to be ready..."
until pg_isready; do
echo "PostgreSQL is not ready - sleeping"
sleep 2
done
echo "PostgreSQL is ready"
echo "Creating database and user..."
psql -c "CREATE DATABASE ${DB_NAME};" || echo "Database ${DB_NAME} already exists"
psql -c "CREATE USER ${DB_USER} WITH PASSWORD '${DB_PASSWORD}';" || echo "User ${DB_USER} already exists"
psql -c "ALTER USER ${DB_USER} WITH PASSWORD '${DB_PASSWORD}';"
psql -c "GRANT ALL PRIVILEGES ON DATABASE ${DB_NAME} TO ${DB_USER};"
psql -d ${DB_NAME} -c "GRANT ALL ON SCHEMA public TO ${DB_USER};"
echo "Creating test data table..."
psql -d ${DB_NAME} -c "CREATE TABLE IF NOT EXISTS e2e_test_data (id SERIAL PRIMARY KEY, key TEXT UNIQUE NOT NULL, value TEXT NOT NULL, created_at TIMESTAMP DEFAULT NOW());"
psql -d ${DB_NAME} -c "GRANT ALL ON TABLE e2e_test_data TO ${DB_USER};"
psql -d ${DB_NAME} -c "GRANT USAGE, SELECT ON SEQUENCE e2e_test_data_id_seq TO ${DB_USER};"
echo "Database initialization complete"

55
e2e-test-app/.versions/1.0.0-1/deployment.yaml Normal file
View File

@@ -0,0 +1,55 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: e2e-test-app
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
component: web
template:
metadata:
labels:
component: web
spec:
securityContext:
runAsNonRoot: true
runAsUser: 101
runAsGroup: 101
fsGroup: 101
seccompProfile:
type: RuntimeDefault
containers:
- name: nginx
image: nginxinc/nginx-unprivileged:alpine
ports:
- containerPort: 8080
name: http
volumeMounts:
- name: app-data
mountPath: /data
resources:
limits:
cpu: 100m
memory: 64Mi
requests:
cpu: 50m
memory: 32Mi
readinessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 3
periodSeconds: 5
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false
volumes:
- name: app-data
persistentVolumeClaim:
claimName: e2e-test-app-data

15
e2e-test-app/.versions/1.0.0-1/kustomization.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: e2e-test-app
labels:
- includeSelectors: true
pairs:
app: e2e-test-app
managedBy: kustomize
partOf: wild-cloud
resources:
- namespace.yaml
- deployment.yaml
- service.yaml
- pvc.yaml
- db-init-job.yaml

23
e2e-test-app/.versions/1.0.0-1/manifest.yaml Normal file
View File

@@ -0,0 +1,23 @@
name: e2e-test-app
is: e2e-test-app
description: End-to-end test application for automated integration testing. Includes PVC and PostgreSQL dependency to exercise all backup strategies.
version: 1.0.0-1
requires:
- name: postgres
defaultConfig:
namespace: e2e-test-app
domain: e2e-test-app.{{ .cloud.domain }}
externalDnsDomain: '{{ .cloud.domain }}'
tlsSecretName: wildcard-wild-cloud-tls
storage: 1Gi
db:
host: '{{ .apps.postgres.host }}'
port: '{{ .apps.postgres.port }}'
name: e2e_test_app
user: e2e_test_app
defaultSecrets:
- key: dbPassword
- key: dbUrl
default: "postgres://{{ .app.db.user }}:{{ .secrets.dbPassword }}@{{ .app.db.host }}:{{ .app.db.port }}/{{ .app.db.name }}?sslmode=disable"
requiredSecrets:
- postgres.password

4
e2e-test-app/.versions/1.0.0-1/namespace.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: {{ .namespace }}

11
e2e-test-app/.versions/1.0.0-1/pvc.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: e2e-test-app-data
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: {{ .storage }}

11
e2e-test-app/.versions/1.0.0-1/service.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: Service
metadata:
name: e2e-test-app
spec:
selector:
component: web
ports:
- port: 80
targetPort: 8080
name: http

6
e2e-test-app/db-init-job.yaml
View File

@@ -28,7 +28,7 @@ spec:
readOnlyRootFilesystem: false
env:
- name: PGHOST
value: {{ .dbHost }}
value: {{ .db.host }}
- name: PGUSER
value: postgres
- name: PGPASSWORD
@@ -37,9 +37,9 @@ spec:
name: e2e-test-app-secrets
key: postgres.password
- name: DB_NAME
value: {{ .dbName }}
value: {{ .db.name }}
- name: DB_USER
value: {{ .dbUser }}
value: {{ .db.user }}
- name: DB_PASSWORD
valueFrom:
secretKeyRef:

25
e2e-test-app/manifest.yaml
View File

@@ -1,23 +1,32 @@
name: e2e-test-app
is: e2e-test-app
description: End-to-end test application for automated integration testing. Includes PVC and PostgreSQL dependency to exercise all backup strategies.
version: 1.0.0
version: 2.0.0
upgrade:
from:
- version: ">=1.0.0"
via: "1.0.0-1"
- version: "<1.0.0"
blocked: true
notes: "Versions before 1.0.0 are not supported for upgrade"
preUpgrade:
backup: recommended
requires:
- name: postgres
defaultConfig:
namespace: e2e-test-app
domain: e2e-test-app.{{ .cloud.domain }}
externalDnsDomain: "{{ .cloud.domain }}"
externalDnsDomain: '{{ .cloud.domain }}'
tlsSecretName: wildcard-wild-cloud-tls
storage: 1Gi
dbHost: "{{ .apps.postgres.host }}"
dbPort: "{{ .apps.postgres.port }}"
dbName: e2e_test_app
dbUser: e2e_test_app
timezone: UTC
db:
host: '{{ .apps.postgres.host }}'
port: '{{ .apps.postgres.port }}'
name: e2e_test_app
user: e2e_test_app
defaultSecrets:
- key: dbPassword
- key: dbUrl
default: "postgres://{{ .app.dbUser }}:{{ .secrets.dbPassword }}@{{ .app.dbHost }}:{{ .app.dbPort }}/{{ .app.dbName }}?sslmode=disable"
default: "postgres://{{ .app.db.user }}:{{ .secrets.dbPassword }}@{{ .app.db.host }}:{{ .app.db.port }}/{{ .app.db.name }}?sslmode=disable"
requiredSecrets:
- postgres.password

8
ghost/db-init-job.yaml
View File

@@ -29,13 +29,13 @@ spec:
name: mysql-secrets
key: rootPassword
- name: DB_HOSTNAME
value: "{{ .dbHost }}"
value: "{{ .db.host }}"
- name: DB_PORT
value: "{{ .dbPort }}"
value: "{{ .db.port }}"
- name: DB_DATABASE_NAME
value: "{{ .dbName }}"
value: "{{ .db.name }}"
- name: DB_USERNAME
value: "{{ .dbUser }}"
value: "{{ .db.user }}"
- name: DB_PASSWORD
valueFrom:
secretKeyRef:

16
ghost/deployment.yaml
View File

@@ -17,10 +17,10 @@ spec:
spec:
containers:
- name: ghost
image: {{ .image }}
image: docker.io/bitnami/ghost:5.118.1-debian-12-r0
ports:
- name: http
containerPort: {{ .port }}
containerPort: 2368
protocol: TCP
env:
- name: BITNAMI_DEBUG
@@ -28,13 +28,13 @@ spec:
- name: ALLOW_EMPTY_PASSWORD
value: "yes"
- name: GHOST_DATABASE_HOST
value: {{ .dbHost }}
value: {{ .db.host }}
- name: GHOST_DATABASE_PORT_NUMBER
value: "{{ .dbPort }}"
value: "{{ .db.port }}"
- name: GHOST_DATABASE_NAME
value: {{ .dbName }}
value: {{ .db.name }}
- name: GHOST_DATABASE_USER
value: {{ .dbUser }}
value: {{ .db.user }}
- name: GHOST_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
@@ -43,7 +43,7 @@ spec:
- name: GHOST_HOST
value: {{ .domain }}
- name: GHOST_PORT_NUMBER
value: "{{ .port }}"
value: "2368"
- name: GHOST_USERNAME
value: {{ .adminUser }}
- name: GHOST_PASSWORD
@@ -92,7 +92,7 @@ spec:
mountPath: /bitnami/ghost
livenessProbe:
tcpSocket:
port: {{ .port }}
port: 2368
initialDelaySeconds: 120
timeoutSeconds: 5
periodSeconds: 10

16
ghost/manifest.yaml
View File

@@ -2,7 +2,7 @@ name: ghost
is: ghost
description: Ghost is a powerful app for new-media creators to publish, share, and
grow a business around their content.
version: 5.118.1
version: 5.118.1-1
icon: https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/png/ghost.png
requires:
- name: mysql
@@ -10,19 +10,17 @@ requires:
defaultConfig:
namespace: ghost
externalDnsDomain: '{{ .cloud.domain }}'
image: docker.io/bitnami/ghost:5.118.1-debian-12-r0
domain: ghost.{{ .cloud.domain }}
tlsSecretName: wildcard-wild-cloud-tls
port: 2368
storage: 10Gi
dbHost: mysql.mysql.svc.cluster.local
dbPort: 3306
dbName: ghost
dbUser: ghost
adminUser: admin
adminEmail: {{ .operator.email }}
adminEmail: '{{ .operator.email }}'
blogTitle: My Blog
timezone: UTC
db:
host: '{{ .apps.mysql.host }}'
port: '3306'
name: ghost
user: ghost
smtp:
host: '{{ .apps.smtp.host }}'
port: '{{ .apps.smtp.port }}'

2
ghost/service.yaml
View File

@@ -9,6 +9,6 @@ spec:
- name: http
port: 80
protocol: TCP
targetPort: {{ .port }}
targetPort: 2368
selector:
component: web

6
gitea/db-init-job.yaml
View File

@@ -38,11 +38,11 @@ spec:
name: postgres-secrets
key: password
- name: DB_HOSTNAME
value: "{{ .dbHost }}"
value: "{{ .db.host }}"
- name: DB_DATABASE_NAME
value: "{{ .dbName }}"
value: "{{ .db.name }}"
- name: DB_USERNAME
value: "{{ .dbUser }}"
value: "{{ .db.user }}"
- name: DB_PASSWORD
valueFrom:
secretKeyRef:

2
gitea/deployment.yaml
View File

@@ -23,7 +23,7 @@ spec:
terminationGracePeriodSeconds: 60
containers:
- name: gitea
image: "{{ .image }}"
image: "gitea/gitea:1.24.3"
imagePullPolicy: IfNotPresent
envFrom:
- configMapRef:

12
gitea/gitea.env
View File

@@ -8,7 +8,7 @@ GITEA_ADMIN_PASSWORD_MODE=keepUpdated
# Core app settings
GITEA____APP_NAME={{ .appName }}
GITEA____RUN_MODE={{ .runMode }}
GITEA____RUN_MODE=prod
GITEA____RUN_USER=git
# Security settings
@@ -17,19 +17,19 @@ GITEA__security__PASSWORD_HASH_ALGO=pbkdf2
# Database settings (except password which comes from secret)
GITEA__database__DB_TYPE=postgres
GITEA__database__HOST={{ .dbHost }}:{{ .dbPort }}
GITEA__database__NAME={{ .dbName }}
GITEA__database__USER={{ .dbUser }}
GITEA__database__HOST={{ .db.host }}:{{ .db.port }}
GITEA__database__NAME={{ .db.name }}
GITEA__database__USER={{ .db.user }}
GITEA__database__SSL_MODE=disable
GITEA__database__LOG_SQL=false
# Server settings
GITEA__server__DOMAIN={{ .domain }}
GITEA__server__HTTP_PORT={{ .port }}
GITEA__server__HTTP_PORT=3000
GITEA__server__ROOT_URL=https://{{ .domain }}/
GITEA__server__DISABLE_SSH=false
GITEA__server__SSH_DOMAIN={{ .domain }}
GITEA__server__SSH_PORT={{ .sshPort }}
GITEA__server__SSH_PORT=22
GITEA__server__SSH_LISTEN_PORT=2222
GITEA__server__LFS_START_SERVER=true
GITEA__server__OFFLINE_MODE=true

16
gitea/manifest.yaml
View File

@@ -1,7 +1,7 @@
name: gitea
is: gitea
description: Gitea is a painless self-hosted Git service written in Go
version: 1.24.3
version: 1.24.3-1
icon: https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/svg/gitea.svg
requires:
- name: postgres
@@ -9,21 +9,17 @@ requires:
defaultConfig:
namespace: gitea
externalDnsDomain: '{{ .cloud.domain }}'
image: gitea/gitea:1.24.3
appName: Gitea
domain: gitea.{{ .cloud.domain }}
tlsSecretName: wildcard-wild-cloud-tls
port: 3000
sshPort: 22
storage: 10Gi
dbName: gitea
dbUser: gitea
dbHost: postgres.postgres.svc.cluster.local
adminUser: admin
adminEmail: "{{ .operator.email }}"
dbPort: 5432
timezone: UTC
runMode: prod
db:
name: gitea
user: gitea
host: '{{ .apps.postgres.host }}'
port: '{{ .apps.postgres.port }}'
smtp:
host: '{{ .apps.smtp.host }}'
port: '{{ .apps.smtp.port }}'

4
gitea/service.yaml
View File

@@ -8,7 +8,7 @@ spec:
ports:
- name: http
port: 3000
targetPort: {{ .port }}
targetPort: 3000
selector:
component: web
---
@@ -21,7 +21,7 @@ spec:
type: LoadBalancer
ports:
- name: ssh
port: {{ .sshPort }}
port: 22
targetPort: 2222
protocol: TCP
selector:

6
immich/db-init-job.yaml
View File

@@ -55,11 +55,11 @@ spec:
name: immich-secrets
key: postgres.password
- name: DB_HOSTNAME
value: "{{ .dbHostname }}"
value: "{{ .db.host }}"
- name: DB_DATABASE_NAME
value: "{{ .dbUsername }}"
value: "{{ .db.name }}"
- name: DB_USERNAME
value: "{{ .dbUsername }}"
value: "{{ .db.user }}"
- name: DB_PASSWORD
valueFrom:
secretKeyRef:

6
immich/deployment-machine-learning.yaml
View File

@@ -17,14 +17,14 @@ spec:
component: machine-learning
spec:
containers:
- image: "{{ .mlImage }}"
- image: "ghcr.io/immich-app/immich-machine-learning:v1.135.3"
name: immich-machine-learning
ports:
- containerPort: {{ .mlPort }}
- containerPort: 3003
protocol: TCP
env:
- name: TZ
value: "{{ .timezone }}"
value: "UTC"
volumeMounts:
- mountPath: /cache
name: immich-cache

10
immich/deployment-microservices.yaml
View File

@@ -20,27 +20,27 @@ spec:
component: microservices
spec:
containers:
- image: "{{ .serverImage }}"
- image: "ghcr.io/immich-app/immich-server:v1.135.3"
name: immich-microservices
env:
- name: REDIS_HOSTNAME
value: "{{ .redisHostname }}"
value: "{{ .redis.host }}"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: immich-secrets
key: redis.password
- name: DB_HOSTNAME
value: "{{ .dbHostname }}"
value: "{{ .db.host }}"
- name: DB_USERNAME
value: "{{ .dbUsername }}"
value: "{{ .db.user }}"
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: immich-secrets
key: dbPassword
- name: TZ
value: "{{ .timezone }}"
value: "UTC"
- name: IMMICH_WORKERS_EXCLUDE
value: api
volumeMounts:

12
immich/deployment-server.yaml
View File

@@ -20,30 +20,30 @@ spec:
component: server
spec:
containers:
- image: "{{ .serverImage }}"
- image: "ghcr.io/immich-app/immich-server:v1.135.3"
name: immich-server
ports:
- containerPort: {{ .serverPort }}
- containerPort: 2283
protocol: TCP
env:
- name: REDIS_HOSTNAME
value: "{{ .redisHostname }}"
value: "{{ .redis.host }}"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: immich-secrets
key: redis.password
- name: DB_HOSTNAME
value: "{{ .dbHostname }}"
value: "{{ .db.host }}"
- name: DB_USERNAME
value: "{{ .dbUsername }}"
value: "{{ .db.user }}"
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: immich-secrets
key: dbPassword
- name: TZ
value: "{{ .timezone }}"
value: "UTC"
- name: IMMICH_WORKERS_EXCLUDE
value: microservices
volumeMounts:

16
immich/manifest.yaml
View File

@@ -2,7 +2,7 @@ name: immich
is: immich
description: Immich is a self-hosted photo and video backup solution that allows you
to store, manage, and share your media files securely.
version: 1.135.3
version: 1.135.3-1
icon: https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/svg/immich.svg
requires:
- name: redis
@@ -10,18 +10,16 @@ requires:
defaultConfig:
namespace: immich
externalDnsDomain: '{{ .cloud.domain }}'
serverImage: ghcr.io/immich-app/immich-server:v1.135.3
mlImage: ghcr.io/immich-app/immich-machine-learning:v1.135.3
timezone: UTC
serverPort: 2283
mlPort: 3003
storage: 250Gi
cacheStorage: 10Gi
redisHostname: redis.redis.svc.cluster.local
dbHostname: postgres.postgres.svc.cluster.local
dbUsername: immich
domain: immich.{{ .cloud.domain }}
tlsSecretName: wildcard-wild-cloud-tls
db:
host: '{{ .apps.postgres.host }}'
name: immich
user: immich
redis:
host: '{{ .apps.redis.host }}'
defaultSecrets:
- key: dbPassword
requiredSecrets:

4
immich/service.yaml
View File

@@ -9,7 +9,7 @@ metadata:
spec:
ports:
- port: 3001
targetPort: {{ .serverPort }}
targetPort: 2283
selector:
app: immich
component: server
@@ -25,7 +25,7 @@ metadata:
app: immich-machine-learning
spec:
ports:
- port: {{ .mlPort }}
- port: 3003
selector:
app: immich
component: machine-learning

6
keila/db-init-job.yaml
View File

@@ -26,7 +26,7 @@ spec:
readOnlyRootFilesystem: false
env:
- name: PGHOST
value: {{ .dbHostname }}
value: {{ .db.host }}
- name: PGUSER
value: postgres
- name: PGPASSWORD
@@ -35,9 +35,9 @@ spec:
name: keila-secrets
key: postgres.password
- name: DB_NAME
value: {{ .dbName }}
value: {{ .db.name }}
- name: DB_USER
value: {{ .dbUsername }}
value: {{ .db.user }}
- name: DB_PASSWORD
valueFrom:
secretKeyRef:

10
keila/deployment.yaml
View File

@@ -16,9 +16,9 @@ spec:
spec:
containers:
- name: keila
image: "{{ .image }}"
image: "pentacent/keila:0.17.1"
ports:
- containerPort: {{ .port }}
- containerPort: 4000
env:
- name: DB_URL
valueFrom:
@@ -32,7 +32,7 @@ spec:
- name: URL_PORT
value: "443"
- name: PORT
value: "{{ .port }}"
value: "4000"
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
@@ -72,13 +72,13 @@ spec:
livenessProbe:
httpGet:
path: /
port: {{ .port }}
port: 4000
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /
port: {{ .port }}
port: 4000
initialDelaySeconds: 5
periodSeconds: 5
volumes:

31
keila/manifest.yaml
View File

@@ -1,38 +1,37 @@
name: keila
is: keila
description: Keila is an open-source email marketing platform that allows you to send newsletters and manage mailing lists with privacy and control.
version: 0.17.1
version: 0.17.1-1
icon: https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/svg/keila.svg
requires:
- name: postgres
- name: smtp
defaultConfig:
namespace: keila
externalDnsDomain: "{{ .cloud.domain }}"
image: pentacent/keila:0.17.1
port: 4000
externalDnsDomain: '{{ .cloud.domain }}'
storage: 1Gi
domain: keila.{{ .cloud.domain }}
dbHostname: "{{ .apps.postgres.host }}"
dbPort: "{{ .apps.postgres.port }}"
dbName: keila
dbUsername: keila
disableRegistration: "true"
disableRegistration: 'true'
adminUser: admin@{{ .cloud.domain }}
tlsSecretName: wildcard-wild-cloud-tls
db:
host: '{{ .apps.postgres.host }}'
port: '{{ .apps.postgres.port }}'
name: keila
user: keila
smtp:
host: "{{ .apps.smtp.host }}"
port: "{{ .apps.smtp.port }}"
from: "{{ .apps.smtp.from }}"
user: "{{ .apps.smtp.user }}"
tls: "{{ .apps.smtp.tls }}"
startTls: "{{ .apps.smtp.startTls }}"
host: '{{ .apps.smtp.host }}'
port: '{{ .apps.smtp.port }}'
from: '{{ .apps.smtp.from }}'
user: '{{ .apps.smtp.user }}'
tls: '{{ .apps.smtp.tls }}'
startTls: '{{ .apps.smtp.startTls }}'
defaultSecrets:
- key: secretKeyBase
default: "{{ random.AlphaNum 64 }}"
- key: dbPassword
- key: dbUrl
default: "postgres://{{ .app.dbUsername }}:{{ .secrets.dbPassword }}@{{ .app.dbHostname }}:{{ .app.dbPort }}/keila?sslmode=disable"
default: "postgres://{{ .app.db.user }}:{{ .secrets.dbPassword }}@{{ .app.db.host }}:{{ .app.db.port }}/{{ .app.db.name }}?sslmode=disable"
- key: adminPassword
- key: smtpPassword
requiredSecrets:

2
keila/service.yaml
View File

@@ -7,5 +7,5 @@ spec:
component: web
ports:
- port: 80
targetPort: {{ .port }}
targetPort: 4000
protocol: TCP

6
lemmy/configmap.yaml
View File

@@ -8,15 +8,15 @@ data:
{
hostname: "{{ .domain }}"
bind: "0.0.0.0"
port: {{ .backendPort }}
port: 8536
tls_enabled: false
database: {
uri: "postgresql://{{ .dbUser }}:DBPASSWORD@{{ .dbHost }}:{{ .dbPort }}/{{ .dbName }}"
uri: "postgresql://{{ .db.user }}:DBPASSWORD@{{ .db.host }}:{{ .db.port }}/{{ .db.name }}"
}
pictrs: {
url: "http://lemmy-pictrs:{{ .pictrsPort }}/"
url: "http://lemmy-pictrs:8080/"
api_key: "PICTRS_API_KEY"
}

8
lemmy/db-init-job.yaml
View File

@@ -26,9 +26,9 @@ spec:
readOnlyRootFilesystem: false
env:
- name: PGHOST
value: "{{ .dbHost }}"
value: "{{ .db.host }}"
- name: PGPORT
value: "{{ .dbPort }}"
value: "{{ .db.port }}"
- name: PGUSER
value: postgres
- name: PGPASSWORD
@@ -37,9 +37,9 @@ spec:
name: lemmy-secrets
key: postgres.password
- name: DB_NAME
value: "{{ .dbName }}"
value: "{{ .db.name }}"
- name: DB_USER
value: "{{ .dbUser }}"
value: "{{ .db.user }}"
- name: DB_PASSWORD
valueFrom:
secretKeyRef:

12
lemmy/deployment-backend.yaml
View File

@@ -4,7 +4,7 @@ metadata:
name: lemmy-backend
namespace: {{ .namespace }}
spec:
replicas: {{ .backendReplicas }}
replicas: 1
selector:
matchLabels:
component: backend
@@ -65,7 +65,7 @@ spec:
mountPath: /config
containers:
- name: backend
image: {{ .backendImage }}
image: dessalines/lemmy:0.19.15
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -75,9 +75,9 @@ spec:
- name: LEMMY_CONFIG_LOCATION
value: /config/lemmy.hjson
- name: TZ
value: "{{ .timezone }}"
value: "UTC"
ports:
- containerPort: {{ .backendPort }}
- containerPort: 8536
name: http
volumeMounts:
- name: config
@@ -85,13 +85,13 @@ spec:
livenessProbe:
httpGet:
path: /api/v3/site
port: {{ .backendPort }}
port: 8536
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /api/v3/site
port: {{ .backendPort }}
port: 8536
initialDelaySeconds: 10
periodSeconds: 5
volumes:

12
lemmy/deployment-pictrs.yaml
View File

@@ -4,7 +4,7 @@ metadata:
name: lemmy-pictrs
namespace: {{ .namespace }}
spec:
replicas: {{ .pictrsReplicas }}
replicas: 1
selector:
matchLabels:
component: pictrs
@@ -22,7 +22,7 @@ spec:
type: RuntimeDefault
containers:
- name: pictrs
image: {{ .pictrsImage }}
image: asonix/pictrs:0.5.5
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -30,7 +30,7 @@ spec:
readOnlyRootFilesystem: false
env:
- name: PICTRS__SERVER__BIND
value: "0.0.0.0:{{ .pictrsPort }}"
value: "0.0.0.0:8080"
- name: PICTRS__MEDIA__VIDEO_CODEC
value: vp9
- name: PICTRS__MEDIA__GIF__MAX_WIDTH
@@ -54,7 +54,7 @@ spec:
- name: PICTRS__STORE__PATH
value: /mnt/files
ports:
- containerPort: {{ .pictrsPort }}
- containerPort: 8080
name: http
volumeMounts:
- name: storage
@@ -62,13 +62,13 @@ spec:
livenessProbe:
httpGet:
path: /healthz
port: {{ .pictrsPort }}
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /healthz
port: {{ .pictrsPort }}
port: 8080
initialDelaySeconds: 10
periodSeconds: 5
volumes:

12
lemmy/deployment-ui.yaml
View File

@@ -4,7 +4,7 @@ metadata:
name: lemmy-ui
namespace: {{ .namespace }}
spec:
replicas: {{ .uiReplicas }}
replicas: 1
selector:
matchLabels:
component: ui
@@ -21,7 +21,7 @@ spec:
type: RuntimeDefault
containers:
- name: ui
image: {{ .uiImage }}
image: dessalines/lemmy-ui:0.19.15
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -29,25 +29,25 @@ spec:
readOnlyRootFilesystem: false
env:
- name: LEMMY_UI_LEMMY_INTERNAL_HOST
value: "lemmy-backend:{{ .backendPort }}"
value: "lemmy-backend:8536"
- name: LEMMY_UI_LEMMY_EXTERNAL_HOST
value: "{{ .domain }}"
- name: LEMMY_UI_HTTPS
value: "true"
ports:
- containerPort: {{ .uiPort }}
- containerPort: 1234
name: http
livenessProbe:
httpGet:
path: /
port: {{ .uiPort }}
port: 1234
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /
port: {{ .uiPort }}
port: 1234
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 5

6
lemmy/ingress.yaml
View File

@@ -25,18 +25,18 @@ spec:
service:
name: lemmy-backend
port:
number: {{ .backendPort }}
number: 8536
- path: /pictrs
pathType: Prefix
backend:
service:
name: lemmy-pictrs
port:
number: {{ .pictrsPort }}
number: 8080
- path: /
pathType: Prefix
backend:
service:
name: lemmy-ui
port:
number: {{ .uiPort }}
number: 1234

37
lemmy/manifest.yaml
View File

@@ -1,38 +1,29 @@
name: lemmy
is: lemmy
description: Lemmy is a selfhosted social link aggregation and discussion platform. It is an open source alternative to Reddit, designed for the fediverse.
version: 0.19.15
version: 0.19.15-2
icon: https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/svg/lemmy.svg
requires:
- name: postgres
- name: smtp
defaultConfig:
namespace: lemmy
backendImage: dessalines/lemmy:0.19.15
uiImage: dessalines/lemmy-ui:0.19.15
pictrsImage: asonix/pictrs:0.5.5
backendPort: 8536
uiPort: 1234
pictrsPort: 8080
backendReplicas: 1
uiReplicas: 1
pictrsReplicas: 1
externalDnsDomain: lemmy.{{ .cloud.baseDomain }}
domain: lemmy.{{ .cloud.domain }}
tlsSecretName: wildcard-wild-cloud-tls
storage: 10Gi
pictrsStorage: 50Gi
timezone: UTC
domain: lemmy.{{ .cloud.domain }}
externalDnsDomain: lemmy.{{ .cloud.baseDomain }}
tlsSecretName: lemmy-tls
dbName: lemmy
dbUser: lemmy
dbHost: postgres.postgres.svc.cluster.local
dbPort: 5432
db:
host: '{{ .apps.postgres.host }}'
port: '{{ .apps.postgres.port }}'
name: lemmy
user: lemmy
smtp:
host: "{{ .apps.smtp.host }}"
port: "{{ .apps.smtp.port }}"
user: "{{ .apps.smtp.user }}"
from: "noreply@{{ .cloud.baseDomain }}"
tls: "{{ .apps.smtp.tls }}"
host: '{{ .apps.smtp.host }}'
port: '{{ .apps.smtp.port }}'
user: '{{ .apps.smtp.user }}'
from: 'noreply@{{ .cloud.baseDomain }}'
tls: '{{ .apps.smtp.tls }}'
defaultSecrets:
- key: dbPassword
- key: adminPassword

4
lemmy/service-backend.yaml
View File

@@ -9,5 +9,5 @@ spec:
component: backend
ports:
- name: http
port: {{ .backendPort }}
targetPort: {{ .backendPort }}
port: 8536
targetPort: 8536

4
lemmy/service-pictrs.yaml
View File

@@ -9,5 +9,5 @@ spec:
component: pictrs
ports:
- name: http
port: {{ .pictrsPort }}
targetPort: {{ .pictrsPort }}
port: 8080
targetPort: 8080

4
lemmy/service-ui.yaml
View File

@@ -9,5 +9,5 @@ spec:
component: ui
ports:
- name: http
port: {{ .uiPort }}
targetPort: {{ .uiPort }}
port: 1234
targetPort: 1234

6
listmonk/db-init-job.yaml
View File

@@ -28,7 +28,7 @@ spec:
readOnlyRootFilesystem: false
env:
- name: PGHOST
value: {{ .dbHost }}
value: {{ .db.host }}
- name: PGUSER
value: postgres
- name: PGPASSWORD
@@ -37,9 +37,9 @@ spec:
name: listmonk-secrets
key: postgres.password
- name: DB_NAME
value: {{ .dbName }}
value: {{ .db.name }}
- name: DB_USER
value: {{ .dbUser }}
value: {{ .db.user }}
- name: DB_PASSWORD
valueFrom:
secretKeyRef:

12
listmonk/deployment.yaml
View File

@@ -31,17 +31,17 @@ spec:
- name: LISTMONK_app__address
value: "0.0.0.0:9000"
- name: LISTMONK_app__root_url
value: "{{ .rootUrl }}"
value: "https://{{ .domain }}"
- name: LISTMONK_db__host
value: {{ .dbHost }}
value: {{ .db.host }}
- name: LISTMONK_db__port
value: "{{ .dbPort }}"
value: "{{ .db.port }}"
- name: LISTMONK_db__user
value: {{ .dbUser }}
value: {{ .db.user }}
- name: LISTMONK_db__database
value: {{ .dbName }}
value: {{ .db.name }}
- name: LISTMONK_db__ssl_mode
value: {{ .dbSSLMode }}
value: disable
- name: LISTMONK_db__password
valueFrom:
secretKeyRef:

16
listmonk/manifest.yaml
View File

@@ -2,7 +2,7 @@ name: listmonk
is: listmonk
description: Listmonk is a standalone, self-hosted, newsletter and mailing list manager.
It is fast, feature-rich, and packed into a single binary.
version: 5.0.3
version: 5.0.3-1
icon: https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/svg/listmonk.svg
requires:
- name: postgres
@@ -10,18 +10,16 @@ defaultConfig:
namespace: listmonk
externalDnsDomain: '{{ .cloud.domain }}'
domain: listmonk.{{ .cloud.domain }}
rootUrl: https://listmonk.{{ .cloud.domain }}
tlsSecretName: wildcard-wild-cloud-tls
storage: 1Gi
dbHost: postgres.postgres.svc.cluster.local
dbPort: 5432
dbName: listmonk
dbUser: listmonk
dbSSLMode: disable
timezone: UTC
db:
host: '{{ .apps.postgres.host }}'
port: '{{ .apps.postgres.port }}'
name: listmonk
user: listmonk
defaultSecrets:
- key: dbPassword
- key: dbUrl
default: 'postgres://{{ .app.dbUser }}:{{ .secrets.dbPassword }}@{{ .app.dbHost }}:{{ .app.dbPort }}/{{ .app.dbName }}?sslmode={{ .app.dbSSLMode }}'
default: 'postgres://{{ .app.db.user }}:{{ .secrets.dbPassword }}@{{ .app.db.host }}:{{ .app.db.port }}/{{ .app.db.name }}?sslmode=disable'
requiredSecrets:
- postgres.password

3
longhorn/manifest.yaml
View File

@@ -1,12 +1,13 @@
name: longhorn
is: longhorn
description: Cloud-native distributed block storage for Kubernetes
version: v1.8.1
version: v1.8.1-2
deploymentName: longhorn-ui
category: infrastructure
requires:
- name: traefik
- name: nfs
- name: snapshot-controller
defaultConfig:
namespace: longhorn-system
internalDomain: "{{ .cloud.internalDomain }}"

2
loomio/db-init-job.yaml
View File

@@ -8,7 +8,7 @@ spec:
restartPolicy: OnFailure
containers:
- name: db-init
image: {{ .image }}
image: loomio/loomio:latest
command:
- /bin/bash
- -c

4
loomio/deployment-worker.yaml
View File

@@ -14,7 +14,7 @@ spec:
spec:
containers:
- name: worker
image: {{ .workerImage }}
image: loomio/loomio:latest
env:
- name: TASK
value: worker
@@ -46,7 +46,7 @@ spec:
name: loomio-secrets
key: secretCookieToken
- name: ACTIVE_STORAGE_SERVICE
value: {{ .activeStorageService }}
value: local
- name: SMTP_AUTH
value: {{ .smtp.auth }}
- name: SMTP_DOMAIN

18
loomio/deployment.yaml
View File

@@ -4,6 +4,8 @@ metadata:
name: loomio
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
component: web
@@ -14,13 +16,13 @@ spec:
spec:
containers:
- name: loomio
image: {{ .image }}
image: loomio/loomio:latest
command:
- /bin/bash
- -c
- |
set -e
bundle exec rake db:schema:load db:seed
bundle exec rake db:migrate db:seed
bundle exec thrust puma -C config/puma.rb
ports:
- containerPort: 3000
@@ -54,17 +56,17 @@ spec:
name: loomio-secrets
key: secretCookieToken
- name: FORCE_SSL
value: "{{ .forceSSL }}"
value: "1"
- name: USE_RACK_ATTACK
value: "{{ .useRackAttack }}"
value: "1"
- name: PUMA_WORKERS
value: "{{ .pumaWorkers }}"
value: "2"
- name: MIN_THREADS
value: "{{ .minThreads }}"
value: "5"
- name: MAX_THREADS
value: "{{ .maxThreads }}"
value: "5"
- name: ACTIVE_STORAGE_SERVICE
value: {{ .activeStorageService }}
value: local
- name: SMTP_AUTH
value: {{ .smtp.auth }}
- name: SMTP_DOMAIN

37
loomio/manifest.yaml
View File

@@ -1,7 +1,7 @@
name: loomio
is: loomio
description: Loomio is a collaborative decision-making tool that makes it easy for groups to make decisions together
version: 3.0.11
version: 3.0.11-2
icon: https://www.loomio.com/brand/logo_gold.svg
requires:
- name: postgres
@@ -10,39 +10,30 @@ requires:
- name: smtp
defaultConfig:
namespace: loomio
externalDnsDomain: "{{ .cloud.domain }}"
image: loomio/loomio:latest
workerImage: loomio/loomio:latest
externalDnsDomain: '{{ .cloud.domain }}'
appName: Loomio
domain: "loomio.{{ .cloud.domain }}"
domain: 'loomio.{{ .cloud.domain }}'
tlsSecretName: wildcard-wild-cloud-tls
port: 3000
storage:
uploads: 5Gi
files: 5Gi
plugins: 1Gi
redisUrl: "{{ .apps.redis.uri }}"
adminEmail: "{{ .operator.email }}"
supportEmail: "{{ .operator.email }}"
forceSSL: "1"
useRackAttack: "1"
pumaWorkers: "2"
minThreads: "5"
maxThreads: "5"
activeStorageService: local
redisUrl: '{{ .apps.redis.uri }}'
adminEmail: '{{ .operator.email }}'
supportEmail: '{{ .operator.email }}'
db:
name: loomio
user: loomio
host: "{{ .apps.postgres.host }}"
port: "{{ .apps.postgres.port }}"
host: '{{ .apps.postgres.host }}'
port: '{{ .apps.postgres.port }}'
smtp:
auth: plain
domain: "{{ .cloud.domain }}"
host: "{{ .apps.smtp.host }}"
port: "{{ .apps.smtp.port }}"
user: "{{ .apps.smtp.user }}"
tls: "{{ .apps.smtp.tls }}"
from: "{{ .apps.smtp.from }}"
domain: '{{ .cloud.domain }}'
host: '{{ .apps.smtp.host }}'
port: '{{ .apps.smtp.port }}'
user: '{{ .apps.smtp.user }}'
tls: '{{ .apps.smtp.tls }}'
from: '{{ .apps.smtp.from }}'
defaultSecrets:
- key: dbPassword
default: "{{ random.AlphaNum 32 }}"

22
mastodon/db-init-job.yaml
View File

@@ -27,9 +27,9 @@ spec:
readOnlyRootFilesystem: false
env:
- name: PGHOST
value: "{{ .dbHostname }}"
value: "{{ .db.host }}"
- name: PGPORT
value: "{{ .dbPort }}"
value: "{{ .db.port }}"
- name: PGUSER
value: postgres
- name: PGPASSWORD
@@ -38,9 +38,9 @@ spec:
name: mastodon-secrets
key: postgres.password
- name: MASTODON_DB
value: "{{ .dbName }}"
value: "{{ .db.name }}"
- name: MASTODON_USER
value: "{{ .dbUsername }}"
value: "{{ .db.user }}"
- name: MASTODON_PASSWORD
valueFrom:
secretKeyRef:
@@ -108,7 +108,7 @@ spec:
type: RuntimeDefault
containers:
- name: db-migrate
image: {{ .image }}
image: ghcr.io/mastodon/mastodon:v4.5.3
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -150,22 +150,22 @@ spec:
name: mastodon-secrets
key: activeRecordKeyDerivationSalt
- name: DB_HOST
value: "{{ .dbHostname }}"
value: "{{ .db.host }}"
- name: DB_PORT
value: "{{ .dbPort }}"
value: "{{ .db.port }}"
- name: DB_NAME
value: "{{ .dbName }}"
value: "{{ .db.name }}"
- name: DB_USER
value: "{{ .dbUsername }}"
value: "{{ .db.user }}"
- name: DB_PASS
valueFrom:
secretKeyRef:
name: mastodon-secrets
key: dbPassword
- name: REDIS_HOST
value: "{{ .redisHostname }}"
value: "{{ .redis.host }}"
- name: REDIS_PORT
value: "{{ .redisPort }}"
value: "{{ .redis.port }}"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:

20
mastodon/deployment-sidekiq.yaml
View File

@@ -22,7 +22,7 @@ spec:
type: RuntimeDefault
containers:
- name: sidekiq
image: {{ .image }}
image: ghcr.io/mastodon/mastodon:v4.5.3
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -33,7 +33,7 @@ spec:
- exec
- sidekiq
- -c
- "{{ .sidekiq.concurrency }}"
- "25"
- -q
- default,8
- -q
@@ -91,13 +91,13 @@ spec:
name: mastodon-secrets
key: activeRecordKeyDerivationSalt
- name: DB_HOST
value: "{{ .dbHostname }}"
value: "{{ .db.host }}"
- name: DB_PORT
value: "{{ .dbPort }}"
value: "{{ .db.port }}"
- name: DB_NAME
value: "{{ .dbName }}"
value: "{{ .db.name }}"
- name: DB_USER
value: "{{ .dbUsername }}"
value: "{{ .db.user }}"
- name: DB_PASS
valueFrom:
secretKeyRef:
@@ -109,9 +109,9 @@ spec:
name: mastodon-secrets
key: postgres.password
- name: REDIS_HOST
value: "{{ .redisHostname }}"
value: "{{ .redis.host }}"
- name: REDIS_PORT
value: "{{ .redisPort }}"
value: "{{ .redis.port }}"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
@@ -131,9 +131,9 @@ spec:
- name: SMTP_FROM_ADDRESS
value: "{{ .smtp.from }}"
- name: SMTP_AUTH_METHOD
value: "{{ .smtp.authMethod }}"
value: "plain"
- name: SMTP_ENABLE_STARTTLS
value: "{{ .smtp.enableStarttls }}"
value: "auto"
- name: SMTP_TLS
value: "{{ .smtp.tls }}"
volumeMounts:

18
mastodon/deployment-streaming.yaml
View File

@@ -22,7 +22,7 @@ spec:
type: RuntimeDefault
containers:
- name: streaming
image: {{ .streamingImage }}
image: ghcr.io/mastodon/mastodon-streaming:v4.5.3
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -30,32 +30,32 @@ spec:
readOnlyRootFilesystem: false
ports:
- name: streaming
containerPort: {{ .streamingPort }}
containerPort: 4000
protocol: TCP
env:
- name: NODE_ENV
value: production
- name: PORT
value: "{{ .streamingPort }}"
value: "4000"
- name: STREAMING_CLUSTER_NUM
value: "1"
- name: DB_HOST
value: "{{ .dbHostname }}"
value: "{{ .db.host }}"
- name: DB_PORT
value: "{{ .dbPort }}"
value: "{{ .db.port }}"
- name: DB_NAME
value: "{{ .dbName }}"
value: "{{ .db.name }}"
- name: DB_USER
value: "{{ .dbUsername }}"
value: "{{ .db.user }}"
- name: DB_PASS
valueFrom:
secretKeyRef:
name: mastodon-secrets
key: dbPassword
- name: REDIS_HOST
value: "{{ .redisHostname }}"
value: "{{ .redis.host }}"
- name: REDIS_PORT
value: "{{ .redisPort }}"
value: "{{ .redis.port }}"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:

20
mastodon/deployment-web.yaml
View File

@@ -22,7 +22,7 @@ spec:
type: RuntimeDefault
containers:
- name: web
image: {{ .image }}
image: ghcr.io/mastodon/mastodon:v4.5.3
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -36,7 +36,7 @@ spec:
- config/puma.rb
ports:
- name: http
containerPort: {{ .webPort }}
containerPort: 3000
protocol: TCP
env:
- name: LOCAL_DOMAIN
@@ -85,13 +85,13 @@ spec:
name: mastodon-secrets
key: activeRecordKeyDerivationSalt
- name: DB_HOST
value: "{{ .dbHostname }}"
value: "{{ .db.host }}"
- name: DB_PORT
value: "{{ .dbPort }}"
value: "{{ .db.port }}"
- name: DB_NAME
value: "{{ .dbName }}"
value: "{{ .db.name }}"
- name: DB_USER
value: "{{ .dbUsername }}"
value: "{{ .db.user }}"
- name: DB_PASS
valueFrom:
secretKeyRef:
@@ -103,9 +103,9 @@ spec:
name: mastodon-secrets
key: postgres.password
- name: REDIS_HOST
value: "{{ .redisHostname }}"
value: "{{ .redis.host }}"
- name: REDIS_PORT
value: "{{ .redisPort }}"
value: "{{ .redis.port }}"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
@@ -125,9 +125,9 @@ spec:
- name: SMTP_FROM_ADDRESS
value: "{{ .smtp.from }}"
- name: SMTP_AUTH_METHOD
value: "{{ .smtp.authMethod }}"
value: "plain"
- name: SMTP_ENABLE_STARTTLS
value: "{{ .smtp.enableStarttls }}"
value: "auto"
- name: SMTP_TLS
value: "{{ .smtp.tls }}"
- name: STREAMING_API_BASE_URL

4
mastodon/ingress.yaml
View File

@@ -23,11 +23,11 @@ spec:
service:
name: mastodon-streaming
port:
number: {{ .streamingPort }}
number: 4000
- path: /
pathType: Prefix
backend:
service:
name: mastodon-web
port:
number: {{ .webPort }}
number: 3000

47
mastodon/manifest.yaml
View File

@@ -1,7 +1,7 @@
name: mastodon
is: mastodon
description: Mastodon is a free, open-source social network server based on ActivityPub.
version: 4.5.3
version: 4.5.3-2
icon: https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/svg/mastodon.svg
requires:
- name: postgres
@@ -9,43 +9,30 @@ requires:
- name: smtp
defaultConfig:
namespace: mastodon
externalDnsDomain: "{{ .cloud.domain }}"
timezone: UTC
image: ghcr.io/mastodon/mastodon:v4.5.3
streamingImage: ghcr.io/mastodon/mastodon-streaming:v4.5.3
externalDnsDomain: '{{ .cloud.domain }}'
domain: mastodon.{{ .cloud.domain }}
locale: en
singleUserMode: false
# Database configuration
dbHostname: "{{ .apps.postgres.host }}"
dbPort: "{{ .apps.postgres.port }}"
dbName: mastodon_production
dbUsername: mastodon
# Redis configuration
redisHostname: "{{ .apps.redis.host }}"
redisPort: "{{ .apps.redis.port }}"
# Ports
webPort: 3000
streamingPort: 4000
# Storage
assetsStorage: 10Gi
systemStorage: 100Gi
# SMTP configuration
smtp:
enabled: "{{ .apps.smtp.host | ternary true false }}"
server: "{{ .apps.smtp.host }}"
port: "{{ .apps.smtp.port }}"
from: notifications@{{ .cloud.domain }}
user: "{{ .apps.smtp.user }}"
authMethod: plain
enableStarttls: auto
tls: "{{ .apps.smtp.tls }}"
# TLS
tlsSecretName: wildcard-wild-cloud-tls
# Sidekiq configuration
sidekiq:
replicas: 1
concurrency: 25
db:
host: '{{ .apps.postgres.host }}'
port: '{{ .apps.postgres.port }}'
name: mastodon_production
user: mastodon
redis:
host: '{{ .apps.redis.host }}'
port: '{{ .apps.redis.port }}'
smtp:
enabled: '{{ .apps.smtp.host | ternary true false }}'
server: '{{ .apps.smtp.host }}'
port: '{{ .apps.smtp.port }}'
from: notifications@{{ .cloud.domain }}
user: '{{ .apps.smtp.user }}'
tls: '{{ .apps.smtp.tls }}'
defaultSecrets:
- key: secretKeyBase
default: "{{ random.AlphaNum 128 }}"

2
mastodon/service-streaming.yaml
View File

@@ -6,7 +6,7 @@ metadata:
spec:
type: ClusterIP
ports:
- port: {{ .streamingPort }}
- port: 4000
targetPort: streaming
protocol: TCP
name: streaming

2
mastodon/service-web.yaml
View File

@@ -6,7 +6,7 @@ metadata:
spec:
type: ClusterIP
ports:
- port: {{ .webPort }}
- port: 3000
targetPort: http
protocol: TCP
name: http

2
mastodon/vapid-init-job.yaml
View File

@@ -20,7 +20,7 @@ spec:
type: RuntimeDefault
containers:
- name: vapid-init
image: {{ .image }}
image: ghcr.io/mastodon/mastodon:v4.5.3
securityContext:
allowPrivilegeEscalation: false
capabilities:

10
matrix/configmap.yaml
View File

@@ -8,7 +8,7 @@ data:
public_baseurl: https://{{ .domain }}
listeners:
- port: {{ .port }}
- port: 8008
tls: false
type: http
x_forwarded: true
@@ -20,17 +20,17 @@ data:
database:
name: psycopg2
args:
user: {{ .dbUsername }}
user: {{ .db.user }}
password: ${DB_PASSWORD}
database: {{ .dbName }}
host: {{ .dbHostname }}
database: {{ .db.name }}
host: {{ .db.host }}
port: 5432
cp_min: 5
cp_max: 10
redis:
enabled: true
host: {{ .redisHostname }}
host: {{ .redis.host }}
port: 6379
password: ${REDIS_PASSWORD}

6
matrix/db-init-job.yaml
View File

@@ -33,11 +33,11 @@ spec:
name: matrix-secrets
key: postgres.password
- name: DB_HOSTNAME
value: "{{ .dbHostname }}"
value: "{{ .db.host }}"
- name: DB_DATABASE_NAME
value: "{{ .dbName }}"
value: "{{ .db.name }}"
- name: DB_USERNAME
value: "{{ .dbUsername }}"
value: "{{ .db.user }}"
- name: DB_PASSWORD
valueFrom:
secretKeyRef:

14
matrix/deployment.yaml
View File

@@ -18,7 +18,7 @@ spec:
spec:
initContainers:
- name: generate-signing-key
image: "{{ .image }}"
image: "matrixdotorg/synapse:v1.144.0"
command: ["/bin/sh", "-c"]
args:
- |
@@ -80,7 +80,7 @@ spec:
readOnlyRootFilesystem: false
containers:
- name: synapse
image: "{{ .image }}"
image: "matrixdotorg/synapse:v1.144.0"
command: ["/bin/sh", "-c"]
args:
- |
@@ -127,17 +127,17 @@ spec:
# Start Synapse with the processed config
exec /start.py
ports:
- containerPort: {{ .port }}
- containerPort: 8008
protocol: TCP
name: http
- containerPort: {{ .federationPort }}
- containerPort: 8448
protocol: TCP
name: federation
env:
- name: SYNAPSE_CONFIG_PATH
value: /data/homeserver.yaml
- name: TZ
value: "{{ .timezone }}"
value: "UTC"
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
@@ -179,14 +179,14 @@ spec:
livenessProbe:
httpGet:
path: /health
port: {{ .port }}
port: 8008
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /health
port: {{ .port }}
port: 8008
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5

4
matrix/ingress.yaml
View File

@@ -23,7 +23,7 @@ spec:
service:
name: matrix-synapse
port:
number: {{ .port }}
number: 8008
---
apiVersion: networking.k8s.io/v1
kind: Ingress
@@ -49,4 +49,4 @@ spec:
service:
name: matrix-synapse
port:
number: {{ .federationPort }}
number: 8448

16
matrix/manifest.yaml
View File

@@ -1,7 +1,7 @@
name: matrix
is: matrix
description: Matrix is an open standard for secure, decentralized, real-time communication. This deploys the Synapse homeserver for self-hosted Matrix federation and messaging.
version: v1.144.0
version: v1.144.0-2
icon: https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/svg/matrix.svg
requires:
- name: postgres
@@ -10,20 +10,18 @@ requires:
defaultConfig:
namespace: matrix
externalDnsDomain: '{{ .cloud.domain }}'
image: matrixdotorg/synapse:v1.144.0
timezone: UTC
port: 8008
federationPort: 8448
storage: 50Gi
mediaStorage: 100Gi
serverName: '{{ .cloud.domain }}'
dbHostname: postgres.postgres.svc.cluster.local
dbUsername: matrix
dbName: matrix
redisHostname: redis.redis.svc.cluster.local
domain: matrix.{{ .cloud.domain }}
tlsSecretName: wildcard-wild-cloud-tls
enableRegistration: false
db:
host: '{{ .apps.postgres.host }}'
name: matrix
user: matrix
redis:
host: '{{ .apps.redis.host }}'
smtp:
host: '{{ .apps.smtp.host }}'
port: '{{ .apps.smtp.port }}'

8
matrix/service.yaml
View File

@@ -7,12 +7,12 @@ spec:
type: ClusterIP
ports:
- name: http
port: {{ .port }}
targetPort: {{ .port }}
port: 8008
targetPort: 8008
protocol: TCP
- name: federation
port: {{ .federationPort }}
targetPort: {{ .federationPort }}
port: 8448
targetPort: 8448
protocol: TCP
selector:
app: matrix-synapse

18
memcached/deployment.yaml
View File

@@ -3,7 +3,7 @@ kind: Deployment
metadata:
name: memcached
spec:
replicas: {{ .replicas }}
replicas: 1
selector:
matchLabels:
component: cache
@@ -14,24 +14,24 @@ spec:
spec:
containers:
- name: memcached
image: "{{ .image }}"
image: "memcached:1.6.32-alpine"
ports:
- containerPort: {{ .port }}
- containerPort: 11211
name: memcached
args:
- -m
- "{{ .memoryLimit }}"
- -c
- "{{ .maxConnections }}"
- "1024"
- -p
- "{{ .port }}"
- "11211"
resources:
requests:
memory: "{{ .resources.requests.memory }}"
cpu: "{{ .resources.requests.cpu }}"
memory: 64Mi
cpu: 100m
limits:
memory: "{{ .resources.limits.memory }}"
cpu: "{{ .resources.limits.cpu }}"
memory: 128Mi
cpu: 200m
securityContext:
runAsNonRoot: true
runAsUser: 11211

14
memcached/manifest.yaml
View File

@@ -2,21 +2,11 @@ name: memcached
is: memcached
description: Memcached is an in-memory key-value store for small chunks of arbitrary
data, commonly used as a cache layer.
version: 1.6.32
version: 1.6.32-1
icon: https://www.vectorlogo.zone/logos/memcached/memcached-icon.svg
requires: []
defaultConfig:
namespace: memcached
image: memcached:1.6.32-alpine
port: 11211
host: memcached.memcached.svc.cluster.local
memoryLimit: 64m
maxConnections: 1024
replicas: 1
resources:
requests:
memory: 64Mi
cpu: 100m
limits:
memory: 128Mi
cpu: 200m
defaultSecrets: []

4
memcached/service.yaml
View File

@@ -4,8 +4,8 @@ metadata:
name: memcached
spec:
ports:
- port: {{ .port }}
targetPort: {{ .port }}
- port: 11211
targetPort: 11211
protocol: TCP
name: memcached
selector:

9
mysql/manifest.yaml
View File

@@ -1,20 +1,15 @@
name: mysql
is: mysql
description: MySQL is an open-source relational database management system
version: 9.1.0
version: 9.1.0-1
icon: https://www.mysql.com/common/logos/logo-mysql-170x115.png
requires: []
defaultConfig:
namespace: mysql
externalDnsDomain: '{{ .cloud.domain }}'
image: mysql:9.1.0
port: 3306
host: mysql.mysql.svc.cluster.local
storage: 20Gi
dbName: mysql
rootUser: root
user: mysql
timezone: UTC
enableSSL: false
defaultSecrets:
- key: rootPassword
- key: password

2
mysql/service-headless.yaml
View File

@@ -9,7 +9,7 @@ spec:
publishNotReadyAddresses: true
ports:
- name: mysql
port: {{ .port }}
port: 3306
protocol: TCP
targetPort: mysql
selector:

2
mysql/service.yaml
View File

@@ -7,7 +7,7 @@ spec:
type: ClusterIP
ports:
- name: mysql
port: {{ .port }}
port: 3306
protocol: TCP
targetPort: mysql
selector:

6
mysql/statefulset.yaml
View File

@@ -29,7 +29,7 @@ spec:
type: RuntimeDefault
containers:
- name: mysql
image: {{ .image }}
image: mysql:9.1.0
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
@@ -53,10 +53,10 @@ spec:
- name: MYSQL_DATABASE
value: {{ .dbName }}
- name: TZ
value: {{ .timezone }}
value: UTC
ports:
- name: mysql
containerPort: {{ .port }}
containerPort: 3306
protocol: TCP
livenessProbe:
exec:

47
nfs/README.md
View File

@@ -1,10 +1,10 @@
# NFS Setup (Optional)
# NFS Client Provisioner
The infrastructure supports optional NFS (Network File System) for shared media storage across the cluster. If your config.yaml contains the `cloud.nfs` section, the NFS server will be set up automatically.
Provides shared NFS storage to the cluster by creating a StorageClass and PersistentVolume backed by an external NFS server. This is an infrastructure app — it has no pods or namespace, just cluster-scoped resources.
## Host Setup
## Prerequisites
First, set up the NFS server on your chosen host.
You need an NFS server already running and exporting a path. To set one up on a host:
```bash
./setup-nfs-host.sh <host> <media-path>
@@ -16,30 +16,32 @@ Example:
./setup-nfs-host.sh box-01 /srv/nfs
```
## Cluster Integration
This SSHs into the host, installs `nfs-kernel-server`, and configures the export.
Add to your `config.yaml`:
## Configuration
When added to an instance, the default config is merged into `config.yaml`:
```yaml
cloud:
apps:
nfs:
host: box-01
mediaPath: /srv/nfs
storageCapacity: 250Gi # Max size for PersistentVolume
host: "192.168.1.100"
mediaPath: "/mnt/storage/media"
storageCapacity: "1Ti"
```
And now you can run the nfs cluster setup:
Update `host` and `mediaPath` to match your NFS server before deploying.
```bash
setup/setup-nfs-host.sh
```
## What Gets Deployed
## Features
- **StorageClass** (`nfs`) — allows PVCs to request NFS-backed storage
- **PersistentVolume** (`nfs-media-pv`) — a cluster-wide volume pointing to the NFS export
- Automatic IP detection - Uses network IP even when hostname resolves to localhost
- Cluster-wide access - Any pod can mount the NFS share regardless of node placement
- Configurable capacity - Set PersistentVolume size via `NFS_STORAGE_CAPACITY`
- ReadWriteMany - Multiple pods can simultaneously access the same storage
No namespace, pods, or services are created.
## Scripts
- **check-nfs** — Verifies the NFS server is reachable, the export path exists, and checks whether the StorageClass and PersistentVolume are present in the cluster. Run from the app detail panel in the web UI.
## Usage
@@ -58,3 +60,10 @@ spec:
requests:
storage: 100Gi
```
## Features
- Cluster-wide access — any pod can mount the NFS share regardless of node placement
- ReadWriteMany — multiple pods can simultaneously read and write
- Configurable capacity — set PersistentVolume size via `storageCapacity`
- Retain policy — data is preserved when volumes are released

229
nfs/install.sh
View File

@@ -1,229 +0,0 @@
#!/bin/bash
set -e
set -o pipefail
if [ -z "${WILD_INSTANCE}" ]; then
echo "ERROR: WILD_INSTANCE is not set"
exit 1
fi
if [ -z "${WILD_API_DATA_DIR}" ]; then
echo "ERROR: WILD_API_DATA_DIR is not set"
exit 1
fi
if [ -z "${KUBECONFIG}" ]; then
echo "ERROR: KUBECONFIG is not set"
exit 1
fi
INSTANCE_DIR="${WILD_API_DATA_DIR}/instances/${WILD_INSTANCE}"
CONFIG_FILE="${INSTANCE_DIR}/config.yaml"
NFS_DIR="${INSTANCE_DIR}/apps/nfs"
echo "=== Registering NFS Server with Kubernetes Cluster ==="
echo ""
echo "Using pre-compiled NFS templates..."
if [ ! -f "${NFS_DIR}/kustomization.yaml" ]; then
echo "ERROR: Compiled templates not found at ${NFS_DIR}"
echo "Templates should be compiled before deployment."
exit 1
fi
NFS_HOST="$(yq '.apps.nfs.host' "${CONFIG_FILE}" 2>/dev/null | tr -d '"')"
NFS_MEDIA_PATH="$(yq '.apps.nfs.mediaPath' "${CONFIG_FILE}" 2>/dev/null | tr -d '"')"
NFS_STORAGE_CAPACITY="$(yq '.apps.nfs.storageCapacity' "${CONFIG_FILE}" 2>/dev/null | tr -d '"')"
echo "NFS Configuration:"
echo " Host: ${NFS_HOST}"
echo " Media path: ${NFS_MEDIA_PATH}"
echo " Storage capacity: ${NFS_STORAGE_CAPACITY}"
echo ""
if [ -z "${NFS_HOST}" ] || [ "${NFS_HOST}" = "null" ]; then
echo "ERROR: apps.nfs.host not set in config"
exit 1
fi
if [ -z "${NFS_MEDIA_PATH}" ] || [ "${NFS_MEDIA_PATH}" = "null" ]; then
echo "ERROR: apps.nfs.mediaPath not set in config"
exit 1
fi
if [ -z "${NFS_STORAGE_CAPACITY}" ] || [ "${NFS_STORAGE_CAPACITY}" = "null" ]; then
echo "ERROR: apps.nfs.storageCapacity not set in config"
exit 1
fi
resolve_nfs_host() {
echo "Resolving NFS host: ${NFS_HOST}"
if [[ "${NFS_HOST}" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
NFS_HOST_IP="${NFS_HOST}"
echo " Host is already an IP address"
else
echo " Looking up hostname..."
NFS_HOST_IP=$(getent hosts "${NFS_HOST}" 2>/dev/null | awk '{print $1}' | head -n1 || true)
echo " Resolved to: ${NFS_HOST_IP}"
if [[ -z "${NFS_HOST_IP}" ]]; then
echo "ERROR: Unable to resolve hostname ${NFS_HOST} to IP address"
echo "Make sure ${NFS_HOST} is resolvable from this cluster"
exit 1
fi
if [[ "${NFS_HOST_IP}" =~ ^127\. ]]; then
echo "Warning: ${NFS_HOST} resolves to localhost (${NFS_HOST_IP})"
echo "Auto-detecting network IP for cluster access..."
local network_ip=$(ip route get 8.8.8.8 | grep -oP 'src \K\S+' 2>/dev/null)
if [[ -n "${network_ip}" && ! "${network_ip}" =~ ^127\. ]]; then
echo "Using detected network IP: ${network_ip}"
NFS_HOST_IP="${network_ip}"
else
echo "ERROR: Could not auto-detect network IP. Available IPs:"
ip addr show | grep "inet " | grep -v "127.0.0.1" | grep -v "10.42" | grep -v "172." | awk '{print " " $2}' | cut -d/ -f1
echo "Please set NFS_HOST to the correct IP address manually."
exit 1
fi
fi
fi
echo "NFS server IP: ${NFS_HOST_IP}"
export NFS_HOST_IP
}
test_nfs_accessibility() {
echo ""
echo "Testing NFS accessibility from cluster..."
if ! command -v showmount >/dev/null 2>&1; then
echo "Installing NFS client tools..."
if command -v apt-get >/dev/null 2>&1; then
sudo apt-get update && sudo apt-get install -y nfs-common
elif command -v yum >/dev/null 2>&1; then
sudo yum install -y nfs-utils
elif command -v dnf >/dev/null 2>&1; then
sudo dnf install -y nfs-utils
else
echo "Warning: Unable to install NFS client tools. Skipping accessibility test."
return 0
fi
fi
echo "Testing connection to NFS server..."
if timeout 10 showmount -e "${NFS_HOST_IP}" >/dev/null 2>&1; then
echo "NFS server is accessible"
echo "Available exports:"
showmount -e "${NFS_HOST_IP}"
else
echo "ERROR: Cannot connect to NFS server at ${NFS_HOST_IP}"
echo "Make sure:"
echo " 1. NFS server is running on ${NFS_HOST}"
echo " 2. Network connectivity exists between cluster and NFS host"
echo " 3. Firewall allows NFS traffic (port 2049)"
exit 1
fi
if showmount -e "${NFS_HOST_IP}" | grep -q "${NFS_MEDIA_PATH}"; then
echo "Media path ${NFS_MEDIA_PATH} is exported"
else
echo "ERROR: Media path ${NFS_MEDIA_PATH} is not found in exports"
echo "Available exports:"
showmount -e "${NFS_HOST_IP}"
echo ""
echo "Run setup-nfs-host.sh on ${NFS_HOST} to configure the export"
exit 1
fi
}
test_nfs_mount() {
echo ""
echo "Testing NFS mount functionality..."
local test_mount="/tmp/nfs-test-$$"
mkdir -p "${test_mount}"
if timeout 30 sudo mount -t nfs4 "${NFS_HOST_IP}:${NFS_MEDIA_PATH}" "${test_mount}"; then
echo "NFS mount successful"
if ls "${test_mount}" >/dev/null 2>&1; then
echo "NFS read access working"
else
echo "ERROR: NFS read access failed"
fi
sudo umount "${test_mount}" || echo "Warning: Failed to unmount test directory"
else
echo "ERROR: NFS mount failed"
echo "Check NFS server configuration and network connectivity"
exit 1
fi
rmdir "${test_mount}" 2>/dev/null || true
}
create_k8s_resources() {
echo ""
echo "Creating Kubernetes NFS resources..."
echo "Applying NFS manifests..."
kubectl apply -k "${NFS_DIR}/"
echo "NFS PersistentVolume and StorageClass created"
echo "Verifying Kubernetes resources..."
if kubectl get storageclass nfs >/dev/null 2>&1; then
echo "StorageClass 'nfs' created"
else
echo "ERROR: StorageClass 'nfs' not found"
exit 1
fi
if kubectl get pv nfs-media-pv >/dev/null 2>&1; then
echo "PersistentVolume 'nfs-media-pv' created"
kubectl get pv nfs-media-pv
else
echo "ERROR: PersistentVolume 'nfs-media-pv' not found"
exit 1
fi
}
show_usage_instructions() {
echo ""
echo "=== NFS Kubernetes Setup Complete ==="
echo ""
echo "NFS server ${NFS_HOST} (${NFS_HOST_IP}) has been registered with the cluster"
echo ""
echo "Kubernetes resources created:"
echo " - StorageClass: nfs"
echo " - PersistentVolume: nfs-media-pv (${NFS_STORAGE_CAPACITY}, ReadWriteMany)"
echo ""
echo "To use NFS storage in your applications:"
echo " 1. Set storageClassName: nfs in your PVC"
echo " 2. Use accessMode: ReadWriteMany for shared access"
echo ""
echo "Example PVC:"
echo "---"
echo "apiVersion: v1"
echo "kind: PersistentVolumeClaim"
echo "metadata:"
echo " name: my-nfs-pvc"
echo "spec:"
echo " accessModes:"
echo " - ReadWriteMany"
echo " storageClassName: nfs"
echo " resources:"
echo " requests:"
echo " storage: 10Gi"
echo ""
}
main() {
resolve_nfs_host
test_nfs_accessibility
test_nfs_mount
create_k8s_resources
show_usage_instructions
}
echo "Starting NFS setup process..."
main "$@"

9
nfs/manifest.yaml
View File

@@ -1,12 +1,13 @@
name: nfs
is: nfs
description: NFS client provisioner for external NFS storage
version: v4.0.18
deploymentName: ""
storageClassName: "nfs"
version: v4.0.18-3
category: infrastructure
scripts:
- name: check-nfs
path: scripts/check-nfs.sh
description: Verify NFS server is reachable and the export path is available
defaultConfig:
namespace: nfs
host: "192.168.1.100"
mediaPath: "/mnt/storage/media"
storageCapacity: "1Ti"

79
nfs/scripts/check-nfs.sh Executable file
View File

@@ -0,0 +1,79 @@
#!/bin/bash
# Verify NFS server is reachable and the export path is available.
# Run before or after deployment to validate NFS connectivity.
set -e
set -o pipefail
if [ -z "${WILD_INSTANCE}" ] || [ -z "${WILD_API_DATA_DIR}" ]; then
echo "ERROR: WILD_INSTANCE and WILD_API_DATA_DIR must be set"
exit 1
fi
CONFIG_FILE="${WILD_API_DATA_DIR}/instances/${WILD_INSTANCE}/config.yaml"
NFS_HOST="$(yq '.apps.nfs.host' "${CONFIG_FILE}" 2>/dev/null | tr -d '"')"
NFS_PATH="$(yq '.apps.nfs.mediaPath' "${CONFIG_FILE}" 2>/dev/null | tr -d '"')"
if [ -z "${NFS_HOST}" ] || [ "${NFS_HOST}" = "null" ]; then
echo "ERROR: apps.nfs.host not set in config"
exit 1
fi
if [ -z "${NFS_PATH}" ] || [ "${NFS_PATH}" = "null" ]; then
echo "ERROR: apps.nfs.mediaPath not set in config"
exit 1
fi
echo "NFS host: ${NFS_HOST}"
echo "NFS path: ${NFS_PATH}"
# Resolve hostname to IP
if [[ "${NFS_HOST}" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
NFS_IP="${NFS_HOST}"
else
NFS_IP=$(getent hosts "${NFS_HOST}" 2>/dev/null | awk '{print $1}' | head -n1 || true)
if [ -z "${NFS_IP}" ]; then
echo "ERROR: Cannot resolve hostname ${NFS_HOST}"
exit 1
fi
echo "Resolved to: ${NFS_IP}"
fi
# Check showmount
if ! command -v showmount >/dev/null 2>&1; then
echo "WARNING: showmount not available, skipping export check"
else
echo ""
echo "Checking NFS exports..."
if timeout 10 showmount -e "${NFS_IP}" >/dev/null 2>&1; then
if showmount -e "${NFS_IP}" | grep -q "${NFS_PATH}"; then
echo "OK: ${NFS_PATH} is exported"
else
echo "ERROR: ${NFS_PATH} not found in NFS exports:"
showmount -e "${NFS_IP}"
exit 1
fi
else
echo "ERROR: Cannot reach NFS server at ${NFS_IP}:2049"
exit 1
fi
fi
# Check k8s resources if KUBECONFIG is available
if [ -n "${KUBECONFIG}" ]; then
echo ""
echo "Checking Kubernetes resources..."
if kubectl get storageclass nfs >/dev/null 2>&1; then
echo "OK: StorageClass 'nfs' exists"
else
echo "WARNING: StorageClass 'nfs' not found (deploy NFS first)"
fi
if kubectl get pv nfs-media-pv >/dev/null 2>&1; then
echo "OK: PersistentVolume 'nfs-media-pv' exists"
kubectl get pv nfs-media-pv --no-headers
else
echo "WARNING: PersistentVolume 'nfs-media-pv' not found (deploy NFS first)"
fi
fi
echo ""
echo "NFS check complete."

8
open-webui/deployment.yaml
View File

@@ -19,7 +19,7 @@ spec:
type: RuntimeDefault
containers:
- name: open-webui
image: {{ .image }}
image: ghcr.io/open-webui/open-webui:v0.9.5
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
@@ -29,12 +29,12 @@ spec:
readOnlyRootFilesystem: false
ports:
- name: http
containerPort: {{ .port }}
containerPort: 8080
env:
- name: WEBUI_AUTH
value: "{{ .enableAuth }}"
value: "true"
- name: ENABLE_SIGNUP
value: "{{ .enableSignup }}"
value: "false"
- name: OPENAI_API_BASE_URL
value: "{{ .vllmApiUrl }}"
- name: OPENAI_API_KEY

6
open-webui/manifest.yaml
View File

@@ -3,19 +3,15 @@ is: open-webui
description: Open WebUI is a comprehensive, open-source web interface for AI models.
Features a user-friendly design, supports various LLM runners, and operates entirely
offline. Perfect for creating a ChatGPT-like experience with local or hosted models.
version: 0.9.5
version: 0.9.5-1
icon: https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/svg/open-webui.svg
requires: []
defaultConfig:
namespace: open-webui
externalDnsDomain: '{{ .cloud.domain }}'
image: ghcr.io/open-webui/open-webui:v0.9.5
port: 8080
storage: 10Gi
domain: chat.{{ .cloud.domain }}
vllmApiUrl: http://vllm-service.llm.svc.cluster.local:8000/v1
enableAuth: true
enableSignup: false
adminEmail: '{{ .operator.email }}'
defaultSecrets:
- key: secretKey

24
openproject/configmap_core.yaml
View File

@@ -5,19 +5,19 @@ kind: "ConfigMap"
metadata:
name: "openproject-core"
data:
DATABASE_HOST: "{{ .dbHostname }}"
DATABASE_PORT: "5432"
DATABASE_NAME: "{{ .dbName }}"
DATABASE_USERNAME: "{{ .dbUsername }}"
DATABASE_URL: "postgresql://{{ .dbUsername }}@{{ .dbHostname }}:5432/{{ .dbName }}"
OPENPROJECT_SEED_ADMIN_USER_PASSWORD_RESET: "{{ .adminPasswordReset }}"
DATABASE_HOST: "{{ .db.host }}"
DATABASE_PORT: "{{ .db.port }}"
DATABASE_NAME: "{{ .db.name }}"
DATABASE_USERNAME: "{{ .db.user }}"
DATABASE_URL: "postgresql://{{ .db.user }}@{{ .db.host }}:{{ .db.port }}/{{ .db.name }}"
OPENPROJECT_SEED_ADMIN_USER_PASSWORD_RESET: "true"
OPENPROJECT_SEED_ADMIN_USER_NAME: "{{ .adminUserName }}"
OPENPROJECT_SEED_ADMIN_USER_MAIL: "{{ .adminUserEmail }}"
OPENPROJECT_HTTPS: "{{ .https }}"
OPENPROJECT_SEED_LOCALE: "{{ .seedLocale }}"
OPENPROJECT_HTTPS: "true"
OPENPROJECT_SEED_LOCALE: "en"
OPENPROJECT_HOST__NAME: "{{ .domain }}"
OPENPROJECT_HSTS: "{{ .hsts }}"
OPENPROJECT_RAILS__CACHE__STORE: "{{ .cacheStore }}"
OPENPROJECT_RAILS__RELATIVE__URL__ROOT: "{{ .railsRelativeUrlRoot }}"
POSTGRES_STATEMENT_TIMEOUT: "{{ .postgresStatementTimeout }}"
OPENPROJECT_HSTS: "true"
OPENPROJECT_RAILS__CACHE__STORE: "memcache"
OPENPROJECT_RAILS__RELATIVE__URL__ROOT: ""
POSTGRES_STATEMENT_TIMEOUT: "120s"
...

2
openproject/configmap_memcached.yaml
View File

@@ -5,5 +5,5 @@ kind: "ConfigMap"
metadata:
name: "openproject-memcached"
data:
OPENPROJECT_CACHE__MEMCACHE__SERVER: "{{ .memcachedHostname }}:{{ .memcachedPort }}"
OPENPROJECT_CACHE__MEMCACHE__SERVER: "{{ .memcached.host }}:{{ .memcached.port }}"
...

6
openproject/db-init-job.yaml
View File

@@ -38,11 +38,11 @@ spec:
name: postgres-secrets
key: password
- name: DB_HOSTNAME
value: "{{ .dbHostname }}"
value: "{{ .db.host }}"
- name: DB_DATABASE_NAME
value: "{{ .dbName }}"
value: "{{ .db.name }}"
- name: DB_USERNAME
value: "{{ .dbUsername }}"
value: "{{ .db.user }}"
- name: DB_PASSWORD
valueFrom:
secretKeyRef:

28
openproject/manifest.yaml
View File

@@ -2,7 +2,7 @@ name: openproject
is: openproject
description: OpenProject is an open-source project management software that provides
comprehensive features for project planning, tracking, and collaboration.
version: 16.1.1
version: 16.1.1-1
icon: https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/svg/openproject.svg
requires:
- name: postgres
@@ -10,27 +10,19 @@ requires:
defaultConfig:
namespace: openproject
externalDnsDomain: '{{ .cloud.domain }}'
serverImage: openproject/openproject:16.1.1-slim
timezone: UTC
serverPort: 8080
storage: 5Gi
dbHostname: postgres.postgres.svc.cluster.local
dbUsername: openproject
dbName: openproject
memcachedHostname: memcached.memcached.svc.cluster.local
memcachedPort: 11211
domain: openproject.{{ .cloud.domain }}
https: true
hsts: true
seedLocale: en
adminUserName: OpenProject Admin
adminUserEmail: '{{ .operator.email }}'
adminPasswordReset: true
postgresStatementTimeout: 120s
tmpVolumesStorage: 2Gi
domain: openproject.{{ .cloud.domain }}
tlsSecretName: wildcard-wild-cloud-tls
cacheStore: memcache
railsRelativeUrlRoot: ''
db:
host: '{{ .apps.postgres.host }}'
port: '{{ .apps.postgres.port }}'
name: openproject
user: openproject
memcached:
host: '{{ .apps.memcached.host }}'
port: '{{ .apps.memcached.port }}'
defaultSecrets:
- key: dbPassword
- key: adminPassword

6
openproject/seeder-job.yaml
View File

@@ -27,7 +27,7 @@ spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: {{ .tmpVolumesStorage }}
storage: 2Gi
- name: app-tmp
# we can't use emptyDir due to the sticky bit / world writable issue
# see: https://github.com/kubernetes/kubernetes/issues/110835
@@ -39,7 +39,7 @@ spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: {{ .tmpVolumesStorage }}
storage: 2Gi
- name: "data"
persistentVolumeClaim:
claimName: openproject
@@ -91,7 +91,7 @@ spec:
type: RuntimeDefault
containers:
- name: seeder
image: "{{ .serverImage }}"
image: "openproject/openproject:16.1.1-slim"
imagePullPolicy: Always
args:
- bash

6
openproject/web-deployment.yaml
View File

@@ -43,7 +43,7 @@ spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: {{ .tmpVolumesStorage }}
storage: 2Gi
- name: app-tmp
# we can't use emptyDir due to the sticky bit / world writable issue
# see: https://github.com/kubernetes/kubernetes/issues/110835
@@ -55,7 +55,7 @@ spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: {{ .tmpVolumesStorage }}
storage: 2Gi
- name: "data"
persistentVolumeClaim:
claimName: openproject
@@ -118,7 +118,7 @@ spec:
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
image: {{ .serverImage }}
image: openproject/openproject:16.1.1-slim
imagePullPolicy: Always
envFrom:
- configMapRef:

6
openproject/worker-deployment.yaml
View File

@@ -43,7 +43,7 @@ spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: {{ .tmpVolumesStorage }}
storage: 2Gi
- name: app-tmp
# we can't use emptyDir due to the sticky bit / world writable issue
# see: https://github.com/kubernetes/kubernetes/issues/110835
@@ -55,7 +55,7 @@ spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: {{ .tmpVolumesStorage }}
storage: 2Gi
- name: "data"
persistentVolumeClaim:
claimName: openproject
@@ -118,7 +118,7 @@ spec:
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
image: {{ .serverImage }}
image: openproject/openproject:16.1.1-slim
imagePullPolicy: Always
envFrom:
- configMapRef:

4
postgres/deployment.yaml
View File

@@ -17,7 +17,7 @@ spec:
spec:
containers:
- name: postgres
image: "{{ .image }}"
image: "pgvector/pgvector:pg15"
args:
[
"-c",
@@ -37,7 +37,7 @@ spec:
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
- name: TZ
value: "{{ .timezone }}"
value: "UTC"
- name: POSTGRES_DB
value: "{{ .database }}"
- name: POSTGRES_USER

4
postgres/manifest.yaml
View File

@@ -1,7 +1,7 @@
name: postgres
is: postgres
description: PostgreSQL is a powerful, open source object-relational database system.
version: 1.0.0
version: 1.0.0-1
icon: https://www.postgresql.org/media/img/about/press/elephant.png
defaultConfig:
namespace: postgres
@@ -10,7 +10,5 @@ defaultConfig:
database: postgres
user: postgres
storage: 10Gi
image: pgvector/pgvector:pg15
timezone: UTC
defaultSecrets:
- key: password

2
postgres/service.yaml
View File

@@ -5,6 +5,6 @@ metadata:
name: postgres
spec:
ports:
- port: {{ .port }}
- port: 5432
selector:
app: postgres

6
redis/deployment.yaml
View File

@@ -14,13 +14,11 @@ spec:
app: redis
spec:
containers:
- image: "{{ .image }}"
- image: "redis:alpine"
name: redis
ports:
- containerPort: {{ .port }}
- containerPort: 6379
env:
- name: TZ
value: "{{ .timezone }}"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:

4
redis/manifest.yaml
View File

@@ -1,12 +1,10 @@
name: redis
is: redis
description: Redis is an open source, in-memory data structure store, used as a database, cache and message broker.
version: 1.0.0
version: 1.0.0-1
icon: https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/svg/redis.svg
defaultConfig:
namespace: redis
image: redis:alpine
timezone: UTC
host: redis.redis.svc.cluster.local
port: 6379
uri: redis://{{ .app.host }}:{{ .app.port }}/0

4
redis/service.yaml
View File

@@ -7,7 +7,7 @@ metadata:
app: redis
spec:
ports:
- port: {{ .port }}
targetPort: {{ .port }}
- port: 6379
targetPort: 6379
selector:
app: redis

2
snapshot-controller/manifest.yaml
View File

@@ -1,7 +1,7 @@
name: snapshot-controller
is: snapshot-controller
description: Kubernetes CSI Snapshot Controller for managing VolumeSnapshots
version: v8.1.0
version: v8.1.0_1
deploymentName: snapshot-controller
category: infrastructure
defaultConfig:

6
vllm/deployment.yaml
View File

@@ -22,7 +22,7 @@ spec:
nvidia.com/gpu.product: "{{ .gpuProduct }}"
containers:
- name: vllm
image: "{{ .image }}"
image: vllm/vllm-openai:v0.5.4
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
@@ -33,11 +33,9 @@ spec:
args:
- --model={{ .model }}
- --max-model-len={{ .maxModelLen }}
- --tensor-parallel-size={{ .tensorParallelSize }}
- --tensor-parallel-size=1
- --gpu-memory-utilization={{ .gpuMemoryUtilization }}
{{- if .apps.vllm.enforceEager }}
- --enforce-eager=True
{{- end }}
env:
- name: VLLM_TORCH_DTYPE
value: "auto"

7
vllm/manifest.yaml
View File

@@ -2,16 +2,14 @@ name: vllm
is: vllm
description: vLLM is a fast and easy-to-use library for LLM inference and serving
with OpenAI-compatible API
version: 0.5.4
version: 0.5.4-1
icon: https://unpkg.com/@lobehub/icons-static-png@latest/dark/vllm.png
requires: []
defaultConfig:
image: vllm/vllm-openai:v0.5.4
namespace: llm
model: Qwen/Qwen2.5-7B-Instruct
maxModelLen: 8192
tensorParallelSize: 1
gpuMemoryUtilization: 0.9
enforceEager: true
gpuProduct: RTX 4090
cpuRequest: '4'
cpuLimit: '8'
@@ -19,5 +17,4 @@ defaultConfig:
memoryLimit: 24Gi
gpuCount: 1
domain: vllm.{{ .cloud.domain }}
namespace: llm
defaultSecrets: []