diff --git a/fogcutter/docker/airsonic/launch.sh b/fogcutter/docker/airsonic/launch.sh deleted file mode 100755 index 4b138b3..0000000 --- a/fogcutter/docker/airsonic/launch.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -# Assumes pew-net exists -# Make config dir (as non-root) before launching - -docker run \ - --name airsonic \ - --detach \ - --restart unless-stopped \ - --env PUID=1000 \ - --env PGID=1000 \ - --env TZ=US/Eastern \ - --volume $PWD/airsonic-config:/config \ - --volume /bigdata/media/music:/media/music:ro \ - --volume /bigdata/media/playlists:/media/playlists:rw \ - --volume /bigdata/media/podcasts:/media/podcasts:rw \ - --volume /media-vtluug:/media/media-vtluug:ro \ - --network pew-net \ - linuxserver/airsonic:v10.6.1-ls59 diff --git a/fogcutter/docker/minecraft/launch.sh b/fogcutter/docker/minecraft/launch.sh deleted file mode 100755 index aa19219..0000000 --- a/fogcutter/docker/minecraft/launch.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash - -# Make data dir (as non-root) before launching - -docker run \ - --name minecraft \ - --detach \ - --restart unless-stopped \ - --env EULA=TRUE \ - --env MAX_MEMORY=8G \ - --env VERSION=1.15.2 \ - --volume $PWD/minecraft-data:/data \ - --publish 10.42.0.203:25565:25565 \ - --publish [2601:5c0:c100:6e65:96c6:91ff:feab:69e3]:25565:25565 \ - itzg/minecraft-server:latest diff --git a/fogcutter/docker/monitoring/launch.sh b/fogcutter/docker/monitoring/launch.sh deleted file mode 100755 index c9bd2b5..0000000 --- a/fogcutter/docker/monitoring/launch.sh +++ /dev/null @@ -1,62 +0,0 @@ -#!/bin/bash - -# Assumes pew-net exists -# Assumes mounted dirs are created as non-root user -# Prometheus + Node Exporter + cAdvisor + Grafana - -docker network create pew-monitoring-net - -# grafana-cli plugins install grafana-piechart-panel -sudo chown 472:472 $PWD/grafana/{grafana-data,provisioning} \ -&& \ -docker run \ - --name monitoring_grafana \ - --detach \ - --restart unless-stopped \ - --env GF_SERVER_DOMAIN="seaturtle.pw" \ - --env GF_SERVER_ROOT_URL="%(protocol)s://%(domain)s/grafana/" \ - --user 472 \ - --volume $PWD/grafana/grafana-data:/var/lib/grafana:rw \ - --volume $PWD/grafana/provisioning:/etc/grafana/provisioning:rw \ - --network pew-monitoring-net \ - grafana/grafana:6.7.3 \ -&& \ -docker network connect pew-net monitoring_grafana - -sudo chown nobody:nogroup $PWD/prometheus/prometheus-data \ -&& \ -docker run \ - --name monitoring_prometheus \ - --detach \ - --restart unless-stopped \ - --volume $PWD/prometheus/prometheus-data:/prometheus:rw \ - --volume $PWD/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml:ro \ - --volume $PWD/prometheus/alert.rules:/etc/prometheus/alert.rules:ro \ - --network pew-monitoring-net \ - prom/prometheus:v2.17.2 --config.file=/etc/prometheus/prometheus.yml \ - --storage.tsdb.path=/prometheus \ - --storage.tsdb.retention.size=200GB - -docker run \ - --name monitoring_node-exporter \ - --detach \ - --restart unless-stopped \ - --cap-add SYS_TIME \ - --pid host \ - --volume /:/host:ro,rslave \ - --network pew-monitoring-net \ - quay.io/prometheus/node-exporter:v0.18.1 --path.rootfs=/host - -docker run \ - --name monitoring_cadvisor \ - --detach \ - --restart unless-stopped \ - --volume /:/rootfs:ro \ - --volume /var/run:/var/run:ro \ - --volume /sys:/sys:ro \ - --volume /var/lib/docker:/var/lib/docker:ro \ - --volume /dev/disk:/dev/disk:ro \ - --network pew-monitoring-net \ - google/cadvisor:v0.33.0 - -# alert manager diff --git a/fogcutter/docker/monitoring/prometheus/alert.rules b/fogcutter/docker/monitoring/prometheus/alert.rules deleted file mode 100644 index e69de29..0000000 diff --git a/fogcutter/docker/monitoring/prometheus/prometheus.yml b/fogcutter/docker/monitoring/prometheus/prometheus.yml deleted file mode 100644 index e961858..0000000 --- a/fogcutter/docker/monitoring/prometheus/prometheus.yml +++ /dev/null @@ -1,24 +0,0 @@ -global: - scrape_interval: 15s - evaluation_interval: 15s - -scrape_configs: -- job_name: prometheus - static_configs: - - targets: ['monitoring_prometheus:9090'] - -- job_name: cadvisor - static_configs: - - targets: ['monitoring_cadvisor:8080'] - -- job_name: node-exporter - static_configs: - - targets: ['monitoring_node-exporter:9100'] - -#alerting: -# alertmanagers: -# - static_configs: -# - targets: ['alertmanager:9093'] -# -#rule_files: -#- 'alert.rules' diff --git a/fogcutter/docker/nginx/README.md b/fogcutter/docker/nginx/README.md deleted file mode 100644 index 1a08bd2..0000000 --- a/fogcutter/docker/nginx/README.md +++ /dev/null @@ -1 +0,0 @@ -Mostly stolen from https://github.com/vtluug/docker-manifests/tree/master/sczi/nginx diff --git a/fogcutter/docker/nginx/launch.sh b/fogcutter/docker/nginx/launch.sh deleted file mode 100755 index 9cd6fd7..0000000 --- a/fogcutter/docker/nginx/launch.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -# Assumes pew-net exists - -docker run \ - --name nginx \ - --detach \ - --restart unless-stopped \ - --env PUID=1000 \ - --env PGID=1000 \ - --env EMAIL=sysadmin@seaturtle.pw \ - --env URL=seaturtle.pw \ - --env SUBDOMAINS=airsonic,plex,www \ - --env VALIDATION=html \ - --env TZ=US/Eastern \ - --volume $PWD/nginx-config:/config:rw \ - --volume $PWD/nginx.conf:/config/nginx/nginx.conf:ro \ - --volume $PWD/site-confs:/config/nginx/site-confs:ro \ - --volume /bigdata/files:/files-docker:ro \ - --publish 10.42.0.203:80:80 \ - --publish 10.42.0.203:443:443 \ - --publish [2601:5c0:c100:6e65:96c6:91ff:feab:69e3]:80:80 \ - --publish [2601:5c0:c100:6e65:96c6:91ff:feab:69e3]:443:443 \ - --network pew-net \ - linuxserver/letsencrypt:1.3.0-ls110 diff --git a/fogcutter/docker/nginx/nginx.conf b/fogcutter/docker/nginx/nginx.conf deleted file mode 100644 index 4c3f0ca..0000000 --- a/fogcutter/docker/nginx/nginx.conf +++ /dev/null @@ -1,63 +0,0 @@ -## Version 2018/04/07 - Changelog: https://github.com/linuxserver/docker-letsencrypt/commits/master/root/defaults/nginx.conf - -user abc; -worker_processes 4; -pid /run/nginx.pid; -include /etc/nginx/modules/*.conf; - -events { - worker_connections 768; - # multi_accept on; -} - -http { - - ## - # Basic Settings - ## - - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - # server_tokens off; - - # server_names_hash_bucket_size 64; - # server_name_in_redirect off; - - client_max_body_size 0; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - ## - # Logging Settings - ## - - access_log /config/log/nginx/access.log; - error_log /config/log/nginx/error.log; - - ## - # Gzip Settings - ## - - gzip on; - gzip_disable "msie6"; - - # gzip_vary on; - # gzip_proxied any; - # gzip_comp_level 6; - # gzip_buffers 16 8k; - # gzip_http_version 1.1; - # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; - - ## - # Virtual Host Configs - ## - include /etc/nginx/conf.d/*.conf; - include /config/nginx/site-confs/default; - include /config/nginx/site-confs/*.enabled; -} - -daemon off; diff --git a/fogcutter/docker/nginx/site-confs/airsonic.seaturtle.pw.enabled b/fogcutter/docker/nginx/site-confs/airsonic.seaturtle.pw.enabled deleted file mode 100644 index 63ac9db..0000000 --- a/fogcutter/docker/nginx/site-confs/airsonic.seaturtle.pw.enabled +++ /dev/null @@ -1,29 +0,0 @@ -server { - listen 80; - listen [::]:80; - server_name airsonic.seaturtle.pw; - - return 301 https://airsonic.seaturtle.pw$request_uri; -} - -server { - listen 443 ssl; - listen [::]:443 ssl; - server_name airsonic.seaturtle.pw; - - # ssl conf - include /config/nginx/ssl.conf; - - # Proxy airsonic - # https://airsonic.github.io/docs/proxy/nginx/ - location / { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Forwarded-Host $http_host; - proxy_set_header Host $http_host; - proxy_max_temp_file_size 0; - proxy_pass http://airsonic:4040; - proxy_redirect http:// https://; - } -} diff --git a/fogcutter/docker/nginx/site-confs/default b/fogcutter/docker/nginx/site-confs/default deleted file mode 100644 index f63f895..0000000 --- a/fogcutter/docker/nginx/site-confs/default +++ /dev/null @@ -1,29 +0,0 @@ -## Based on version below; but heavily modified for LUUG -## Version 2018/09/12 - Changelog: https://github.com/linuxserver/docker-letsencrypt/commits/master/root/defaults/default - -# This is the main file that will be pe present no matter what -# Individual sites are specified in /config/nginx/sites/*.enabled - -# Redirect unknown HTTP traffic to https://seaturtle.pw -server { - listen 80 default_server; - listen [::]:80 default_server; - server_name _; - - return 301 https://seaturtle.pw; -} - -# Redirect unknown HTTPS traffic to https://seaturtle.pw -# If we don't have a cert for the site the client get an error but that's fine -server { - listen 443 default_server; - listen [::]:443 default_server; - server_name _; - - # ssl conf - include /config/nginx/ssl.conf; - - return 301 https://seaturtle.pw; -} - -# Enabled sites are included in /config/nginx/nginx.conf diff --git a/fogcutter/docker/nginx/site-confs/plex.seaturtle.pw.enabled b/fogcutter/docker/nginx/site-confs/plex.seaturtle.pw.enabled deleted file mode 100644 index 814d9bf..0000000 --- a/fogcutter/docker/nginx/site-confs/plex.seaturtle.pw.enabled +++ /dev/null @@ -1,29 +0,0 @@ -server { - listen 80; - listen [::]:80; - server_name plex.seaturtle.pw; - - return 301 https://plex.seaturtle.pw$request_uri; -} - -server { - listen 443 ssl; - listen [::]:443 ssl; - server_name plex.seaturtle.pw; - - # ssl conf - include /config/nginx/ssl.conf; - - # Proxy plex - # https://old.reddit.com/r/PleX/comments/3xz4ph/plex_behind_a_ssl_nginx_reverse_proxy/ - # Use IP of docker interface on docker host since plex runs in host mode - location / { - proxy_pass http://172.17.0.1:32400; - proxy_read_timeout 240; - proxy_redirect off; - proxy_buffering off; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto https; - } -} diff --git a/fogcutter/docker/nginx/site-confs/seaturtle.pw.enabled b/fogcutter/docker/nginx/site-confs/seaturtle.pw.enabled deleted file mode 100644 index 9ce19b8..0000000 --- a/fogcutter/docker/nginx/site-confs/seaturtle.pw.enabled +++ /dev/null @@ -1,45 +0,0 @@ -server { - listen 80; - listen [::]:80; - server_name seaturtle.pw www.seaturtle.pw; - - return 301 https://seaturtle.pw$request_uri; -} - -server { - listen 443 ssl; - listen [::]:443 ssl; - server_name www.seaturtle.pw; - - # ssl conf - include /config/nginx/ssl.conf; - - return 301 https://seaturtle.pw$request_uri; -} - -server { - listen 443 ssl; - listen [::]:443 ssl; - server_name seaturtle.pw; - - # ssl conf - include /config/nginx/ssl.conf; - - client_max_body_size 1M; - - # Proxy main site - location / { - proxy_pass https://paulwalko.github.io; - } - - # Proxy grafana - location /grafana/ { - proxy_pass http://monitoring_grafana:3000/; - } - - # Serve misc files - location /files { - alias /files-docker; - autoindex on; - } -} diff --git a/fogcutter/docker/plex/launch.sh b/fogcutter/docker/plex/launch.sh deleted file mode 100755 index 838e7b4..0000000 --- a/fogcutter/docker/plex/launch.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -# Assumes pew-net exists -# Make config dir (as non-root) before launching - -docker run \ - --name plex \ - --detach \ - --restart unless-stopped \ - --env PUID=1000 \ - --env PGID=1000 \ - --env VERSION=docker \ - --volume $PWD/plex-config:/config:rw \ - --volume /bigdata/media/movies:/media/movies:ro \ - --volume /bigdata/media/music:/media/music:ro \ - --volume /media-vtluug:/media/media-vtluug:ro \ - --network host \ - linuxserver/plex:1.19.1.2701-6327e27bf-ls90 diff --git a/fogcutter/docker/ut04/launch.sh b/fogcutter/docker/ut04/launch.sh deleted file mode 100755 index 659e1a9..0000000 --- a/fogcutter/docker/ut04/launch.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -docker run -d \ - --name ut2004 \ - -p 10.42.0.203:5000:80 \ - -p 10.42.0.203:7777:7777 \ - -p 10.42.0.203:7778:7778 \ - -e "CONFIG_1=[Engine.AccessControl];AdminPassword=password123;[UWeb.WebServer];bEnabled=True" \ - -e "UT2004_CMD=CTF-FACECLASSIC?game=XGame.xCTFGame" \ - reflectivecode/ut2004 diff --git a/fogcutter/k8s/airsonic.yml b/fogcutter/k8s/airsonic.yml new file mode 100644 index 0000000..3e86f03 --- /dev/null +++ b/fogcutter/k8s/airsonic.yml @@ -0,0 +1,79 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + run: airsonic + name: airsonic + namespace: pew +spec: + replicas: 1 + selector: + matchLabels: + run: airsonic + template: + metadata: + labels: + run: airsonic + spec: + containers: + - name: airsonic + image: linuxserver/airsonic + env: + - name: PUID + value: "1000" + - name: PGID + value: "1000" + - name: TZ + value: "US/Eastern" + volumeMounts: + - mountPath: /config + name: airsonic-config + readOnly: false + - mountPath: /media/music + name: bigdata-music + readOnly: true + - mountPath: /media/playlists + name: bigdata-playlists + readOnly: true + - mountPath: /media/podcasts + name: bigdata-podcasts + readOnly: true + - mountPath: /media/media-vtluug + name: vtluug-media + readOnly: true + ports: + - name: http + containerPort: 4040 + volumes: + - name: airsonic-config + hostPath: + path: /bigdata/k8s-config/airsonic/config + - name: bigdata-music + hostPath: + path: /bigdata/media/music + - name: bigdata-playlists + hostPath: + path: /bigdata/media/playlists + - name: bigdata-podcasts + hostPath: + path: /bigdata/media/podcasts + - name: vtluug-media + hostPath: + path: /media-vtluug + +--- +apiVersion: v1 +kind: Service +metadata: + labels: + run: airsonic + name: airsonic + namespace: pew +spec: + selector: + run: airsonic + ports: + - name: http + port: 4040 + protocol: TCP diff --git a/fogcutter/k8s/cloud.txt b/fogcutter/k8s/cloud.txt new file mode 100644 index 0000000..60e2d71 --- /dev/null +++ b/fogcutter/k8s/cloud.txt @@ -0,0 +1,2 @@ +# cert-manager +kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.0.3/cert-manager.yaml diff --git a/fogcutter/k8s/gitea.yml b/fogcutter/k8s/gitea.yml new file mode 100644 index 0000000..77edeca --- /dev/null +++ b/fogcutter/k8s/gitea.yml @@ -0,0 +1,97 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + run: gitea + name: gitea + namespace: pew +spec: + replicas: 1 + selector: + matchLabels: + run: gitea + template: + metadata: + labels: + run: gitea + spec: + containers: + - name: gitea + image: gitea/gitea:1.12.5 + env: + - name: RUN_MODE + value: "prod" + - name: DOMAIN + value: "git.seaturtle.pw" + - name: SSH_DOMAIN + value: "git.seaturtle.pw" + - name: SSH_PORT + value: "2223" + - name: ROOT_URL + value: "https://git.seaturtle.pw/" + - name: LFS_START + value: "true" + - name: DISABLE_REGISTRATION + value: "true" + - name: REQUIRED_SIGNIN_VIEW + value: "true" + - name: USER_UID + value: "1000" + - name: USER_GUID + value: "1000" + volumeMounts: + - mountPath: /data + name: gitea-data + readOnly: false + - mountPath: /etc/timezone + subPath: timezone + name: gitea-config + readOnly: true + - mountPath: /etc/localtime + name: gitea-localtime + readOnly: true + ports: + - name: http + containerPort: 3000 + - name: ssh + containerPort: 22 + volumes: + - name: gitea-data + hostPath: + path: /bigdata/k8s-config/gitea/data + - name: gitea-config + configMap: + name: gitea-config + - name: gitea-localtime + hostPath: + path: /usr/share/zoneinfo/America/New_York + +--- +apiVersion: v1 +kind: Service +metadata: + labels: + run: gitea + name: gitea + namespace: pew +spec: + selector: + run: gitea + ports: + - name: http + port: 3000 + protocol: TCP + - name: ssh + port: 2223 + protocol: TCP + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: gitea-config + namespace: pew +data: + timezone: | + America/New_York diff --git a/fogcutter/k8s/haproxy.yml b/fogcutter/k8s/haproxy.yml new file mode 100644 index 0000000..0fcc5f6 --- /dev/null +++ b/fogcutter/k8s/haproxy.yml @@ -0,0 +1,242 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: pew + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: haproxy-ingress-service-account + namespace: pew + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: haproxy-ingress-cluster-role +rules: + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - services + - namespaces + - events + - serviceaccounts + verbs: + - get + - list + - watch + - apiGroups: + - "extensions" + resources: + - ingresses + - ingresses/status + verbs: + - get + - list + - watch + - update + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - patch + - update + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: haproxy-ingress-cluster-role-binding + namespace: pew +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: haproxy-ingress-cluster-role +subjects: +- kind: ServiceAccount + name: haproxy-ingress-service-account + namespace: pew + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: haproxy + namespace: pew +data: + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: tcpservices + namespace: pew +data: + 2223: + pew/gitea:2223 + 25565: + pew/minecraft:25565 + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + run: haproxy-ingress + name: haproxy-ingress + namespace: pew +spec: + replicas: 1 + selector: + matchLabels: + run: haproxy-ingress + template: + metadata: + labels: + run: haproxy-ingress + spec: + serviceAccountName: haproxy-ingress-service-account + containers: + - name: haproxy-ingress + image: haproxytech/kubernetes-ingress + args: + - --configmap=pew/haproxy + - --configmap-tcp-services=pew/tcpservices + - --default-backend-service=pew/ingress-default-backend + ports: + - name: http + containerPort: 80 + - name: https + containerPort: 443 + - name: ssh + containerPort: 2223 + - name: minecraft + containerPort: 25565 + +--- +apiVersion: v1 +kind: Service +metadata: + labels: + run: haproxy-ingress + name: haproxy-ingress + namespace: pew +spec: + selector: + run: haproxy-ingress + ports: + - name: http + port: 80 + protocol: TCP + - name: https + port: 443 + protocol: TCP + - name: ssh + port: 2223 + protocol: TCP + - name: minecraft + port: 25565 + protocol: TCP + externalIPs: + - 10.42.0.203 + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + # set to false if doing letsencrypt validation + ingress.kubernetes.io/ssl-redirect: "false" + cert-manager.io/cluster-issuer: letsencrypt-prod + name: haproxy-ingress + namespace: pew +spec: + rules: + - host: seaturtle.pw + http: + paths: + - path: / + pathType: "Exact" + backend: + service: + name: nginx + port: + number: 80 + - path: /files + pathType: "Exact" + backend: + service: + name: nginx + port: + number: 80 + - path: /grafana + pathType: "Exact" + backend: + service: + name: grafana + port: + number: 3000 + - host: airsonic.seaturtle.pw + http: + paths: + - path: / + pathType: "Exact" + backend: + service: + name: airsonic + port: + number: 4040 + - host: git.seaturtle.pw + http: + paths: + - path: / + pathType: "Exact" + backend: + service: + name: gitea + port: + number: 3000 + - host: plex.seaturtle.pw + http: + paths: + - path: / + pathType: "Exact" + backend: + service: + name: plex + port: + number: 32400 + tls: + - secretName: pew-cert + hosts: + - seaturtle.pw + - airsonic.seaturtle.pw + - git.seaturtle.pw + - plex.seaturtle.pw +--- +apiVersion: cert-manager.io/v1alpha2 +kind: ClusterIssuer +metadata: + name: letsencrypt-prod +spec: + acme: + email: paulsw.pw@gmail.com + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: pew-account-key + # Add a ACME HTTP01 challenge solver + solvers: + - http01: + ingress: {} diff --git a/fogcutter/k8s/minecraft.yml b/fogcutter/k8s/minecraft.yml new file mode 100644 index 0000000..fe4a82b --- /dev/null +++ b/fogcutter/k8s/minecraft.yml @@ -0,0 +1,55 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + run: minecraft + name: minecraft + namespace: pew +spec: + replicas: 1 + selector: + matchLabels: + run: minecraft + template: + metadata: + labels: + run: minecraft + spec: + containers: + - name: minecraft + image: itzg/minecraft-server + env: + - name: EULA + value: "TRUE" + - name: MAX_MEMORY + value: "8G" + - name: VERSION + value: "1.15.2" + volumeMounts: + - mountPath: /data + name: minecraft-data + readOnly: false + ports: + - name: minecraft + containerPort: 25565 + volumes: + - name: minecraft-data + hostPath: + path: /bigdata/k8s-config/minecraft/data + +--- +apiVersion: v1 +kind: Service +metadata: + labels: + run: minecraft + name: minecraft + namespace: pew +spec: + selector: + run: minecraft + ports: + - name: minecraft + port: 25565 + protocol: TCP diff --git a/fogcutter/k8s/nginx.yml b/fogcutter/k8s/nginx.yml new file mode 100644 index 0000000..440e30b --- /dev/null +++ b/fogcutter/k8s/nginx.yml @@ -0,0 +1,134 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + run: nginx + name: nginx + namespace: pew +spec: + replicas: 1 + selector: + matchLabels: + run: nginx + template: + metadata: + labels: + run: nginx + spec: + containers: + - name: nginx + image: nginx + volumeMounts: + - mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf + name: nginx-config + readOnly: true + - mountPath: /files + name: nginx-files + readOnly: true + ports: + - name: http + containerPort: 80 + volumes: + - name: nginx-config + configMap: + name: nginx-config + - name: nginx-files + hostPath: + path: /bigdata/files +--- +apiVersion: v1 +kind: Service +metadata: + labels: + run: nginx + name: nginx + namespace: pew +spec: + selector: + run: nginx + ports: + - name: http + port: 80 + protocol: TCP +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: nginx-config + namespace: pew +data: + nginx.conf: | + user nginx; + worker_processes 4; + pid /run/nginx.pid; + include /etc/nginx/modules/*.conf; + + events { + worker_connections 768; + # multi_accept on; + } + + http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + # server_tokens off; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + client_max_body_size 0; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # Logging Settings + ## + + #access_log /config/log/nginx/access.log; + #error_log /config/log/nginx/error.log; + + ## + # Gzip Settings + ## + + gzip on; + #gzip_disable "msie6"; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + server { + listen 80; + server_name _; + root /; + + location / { + proxy_pass http://paulwalko.github.io/; + } + + location /files { + autoindex on; + } + } + #include /etc/nginx/conf.d/*.conf; + #include /config/nginx/site-confs/default; + #include /config/nginx/site-confs/*.enabled; + } diff --git a/fogcutter/k8s/plex.yml b/fogcutter/k8s/plex.yml new file mode 100644 index 0000000..ccc4a55 --- /dev/null +++ b/fogcutter/k8s/plex.yml @@ -0,0 +1,73 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + run: plex + name: plex + namespace: pew +spec: + replicas: 1 + selector: + matchLabels: + run: plex + template: + metadata: + labels: + run: plex + spec: + containers: + - name: plex + image: linuxserver/plex + env: + - name: PUID + value: "1000" + - name: PGID + value: "1000" + - name: VERSION + value: "docker" + volumeMounts: + - mountPath: /config + name: plex-config + readOnly: false + - mountPath: /media/movies + name: bigdata-movies + readOnly: true + - mountPath: /media/music + name: bigdata-music + readOnly: true + - mountPath: /media/media-vtluug + name: vtluug-media + readOnly: true + ports: + - name: http + containerPort: 32400 + volumes: + - name: plex-config + hostPath: + path: /bigdata/k8s-config/plex/config + - name: bigdata-movies + hostPath: + path: /bigdata/media/movies + - name: bigdata-music + hostPath: + path: /bigdata/media/music + - name: vtluug-media + hostPath: + path: /media-vtluug + +--- +apiVersion: v1 +kind: Service +metadata: + labels: + run: plex + name: plex + namespace: pew +spec: + selector: + run: plex + ports: + - name: http + port: 32400 + protocol: TCP