red/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Configure minio, restructure manifests

Browse source
This commit is contained in:
red 2025-03-05 23:48:51 -05:00
parent 0ec5aa83d5
commit 64dc13b3ad
7 changed files with 306 additions and 186 deletions
Download patch file Download diff file Expand all files Collapse all files

75
manifests/deployments/minio.yaml Normal file
View file

@ -0,0 +1,75 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: minio-pvc
namespace: darkdork-dev
labels:
app: minio
spec:
storageClassName: longhorn-ssd
accessModes:
- ReadWriteMany
resources:
requests:
storage:
10Gi
---
apiVersion: v1
kind: Service
metadata:
name: minio
namespace: darkdork-dev
spec:
ports:
- port: 80
name: minio
targetPort: 9000
protocol: TCP
- port: 9001
name: minio-admin
targetPort: 9001
protocol: TCP
selector:
app: minio
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: minio
namespace: darkdork-dev
spec:
replicas: 1
selector:
matchLabels:
app: minio
template:
metadata:
labels:
app: minio
spec:
imagePullSecrets:
- name: registry-credentials
containers:
- name: minio
image: minio/minio
imagePullPolicy: Always
ports:
- containerPort: 9000
- containerPort: 9001
env:
- name: MINIO_ROOT_USER
value: red
- name: MINIO_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: minio
key: root-password
args: ["server", "/data", "--console-address", ":9001"]
volumeMounts:
- name: minio-data-volume
mountPath: /data
volumes:
- name: minio-data-volume
persistentVolumeClaim:
claimName: minio-pvc

114
manifests/deployments/pleroma.yaml Normal file
View file

@ -0,0 +1,114 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pleroma-pvc
namespace: darkdork-dev
labels:
app: pleroma
spec:
storageClassName: longhorn-ssd
accessModes:
- ReadWriteMany
resources:
requests:
storage:
10Gi
---
apiVersion: v1
kind: Service
metadata:
name: pleroma
namespace: darkdork-dev
spec:
ports:
- port: 80
targetPort: 4000
protocol: TCP
selector:
app: pleroma
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: pleroma
namespace: darkdork-dev
spec:
replicas: 1
selector:
matchLabels:
app: pleroma
template:
metadata:
labels:
app: pleroma
spec:
imagePullSecrets:
- name: registry-credentials
containers:
- name: pleroma
image: cr.forge.lan/darkdork-dev/pleroma
imagePullPolicy: Always
ports:
- containerPort: 4000
env:
- name: DOMAIN
value: darkdork.dev
- name: INSTANCE_NAME
value: DarkDork.dev
- name: ADMIN_EMAIL
value: pwm@crlf.ninja
- name: NOTIFY_EMAIL
value: pleroma@crlf.ninja
- name: REGISTRATIONS_OPEN
value: "false"
- name: INVITES_ENABLED
value: "true"
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
name: pleroma
key: secret-key-base
- name: WEB_PUSH_PUBLIC_KEY
valueFrom:
secretKeyRef:
name: pleroma
key: web-push-public-key
- name: WEB_PUSH_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: pleroma
key: web-push-private-key
- name: DEFAULT_SIGNER
valueFrom:
secretKeyRef:
name: pleroma
key: default-signer
- name: S3_ACCESS_KEY
valueFrom:
secretKeyRef:
name: pleroma
key: minio-access-key
- name: S3_SECRET_KEY
valueFrom:
secretKeyRef:
name: pleroma
key: minio-secret-key
- name: DB_HOST
value: postgres
- name: DB_NAME
value: pleroma
- name: DB_USER
value: pleroma
- name: DB_PASS
valueFrom:
secretKeyRef:
name: postgres
key: postgres-password
volumeMounts:
- name: pleroma-data-volume
mountPath: /var/lib/pleroma
volumes:
- name: pleroma-data-volume
persistentVolumeClaim:
claimName: pleroma-pvc

217
deployment.yaml → manifests/deployments/postgres.yaml
View file

@ -1,5 +1,53 @@
--- ---
apiVersion: v1 apiVersion: v1
kind: ConfigMap
metadata:
name: postgres-init
namespace: darkdork-dev
data:
init-db.sh: |
#!/bin/bash
set -e
DB_USER=${DB_USER:-pleroma}
DB_NAME=${DB_NAME:-pleroma}
psql -U ${POSTGRES_USER:-postgres} -tc "SELECT 1 FROM pg_user WHERE usename = '$DB_USER'" | \
grep -q 1 || psql -U postgres -c "CREATE USER $DB_USER WITH ENCRYPTED PASSWORD '$DB_PASS'"
psql -U ${POSTGRES_USER:-postgres} -tc "SELECT 1 FROM pg_database WHERE datname = '$DB_NAME'" | \
grep -q 1 || psql -U postgres -c "CREATE DATABASE $DB_NAME OWNER $DB_USER"
psql -v ON_ERROR_STOP=1 --username "${POSTGRES_USER:-postgres}" --dbname "$DB_NAME" <<-EOSQL
CREATE EXTENSION IF NOT EXISTS citext;
CREATE EXTENSION IF NOT EXISTS pg_trgm;
CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
EOSQL
---
apiVersion: v1
kind: ConfigMap
metadata:
name: postgres-config
namespace: darkdork-dev
data:
postgresql.conf: |
# DB Version: 17
# OS Type: linux
# DB Type: web
# Total Memory (RAM): 4 GB
# Data Storage: ssd
max_connections = 200
shared_buffers = 1GB
effective_cache_size = 3GB
maintenance_work_mem = 256MB
checkpoint_completion_target = 0.9
wal_buffers = 16MB
default_statistics_target = 100
random_page_cost = 1.1
effective_io_concurrency = 200
work_mem = 2621kB
huge_pages = off
min_wal_size = 1GB
max_wal_size = 4GB
---
apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: postgres-pvc name: postgres-pvc
@ -15,20 +63,18 @@ spec:
storage: 10Gi storage: 10Gi
--- ---
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: Service
metadata: metadata:
name: pleroma-pvc name: postgres
namespace: darkdork-dev namespace: darkdork-dev
labels:
app: pleroma
spec: spec:
storageClassName: longhorn-ssd ports:
accessModes: - port: 5432
- ReadWriteMany targetPort: 5432
resources: protocol: TCP
requests: selector:
storage: app: postgres
10Gi
--- ---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
@ -83,152 +129,3 @@ spec:
- name: postgres-config-volume - name: postgres-config-volume
configMap: configMap:
name: postgres-config name: postgres-config
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: pleroma
namespace: darkdork-dev
spec:
replicas: 1
selector:
matchLabels:
app: pleroma
template:
metadata:
labels:
app: pleroma
spec:
imagePullSecrets:
- name: registry-credentials
containers:
- name: pleroma
image: cr.forge.lan/darkdork-dev/pleroma
imagePullPolicy: Always
ports:
- containerPort: 4000
env:
- name: DOMAIN
value: darkdork.dev
- name: INSTANCE_NAME
value: DarkDork.dev
- name: ADMIN_EMAIL
value: pwm@crlf.ninja
- name: NOTIFY_EMAIL
value: pleroma@crlf.ninja
- name: REGISTRATIONS_OPEN
value: "false"
- name: INVITES_ENABLED
value: "true"
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
name: pleroma
key: secret-key-base
- name: WEB_PUSH_PUBLIC_KEY
valueFrom:
secretKeyRef:
name: pleroma
key: web-push-public-key
- name: WEB_PUSH_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: pleroma
key: web-push-private-key
- name: DEFAULT_SIGNER
valueFrom:
secretKeyRef:
name: pleroma
key: default-signer
- name: DB_HOST
value: postgres
- name: DB_NAME
value: pleroma
- name: DB_USER
value: pleroma
- name: DB_PASS
valueFrom:
secretKeyRef:
name: postgres
key: postgres-password
volumeMounts:
- name: pleroma-data-volume
mountPath: /var/lib/pleroma
volumes:
- name: pleroma-data-volume
persistentVolumeClaim:
claimName: pleroma-pvc
---
apiVersion: v1
kind: Service
metadata:
name: postgres
namespace: darkdork-dev
spec:
ports:
- port: 5432
targetPort: 5432
protocol: TCP
selector:
app: postgres
---
apiVersion: v1
kind: Service
metadata:
name: pleroma
namespace: darkdork-dev
spec:
ports:
- port: 80
targetPort: 4000
protocol: TCP
selector:
app: pleroma
---
apiVersion: v1
kind: ConfigMap
metadata:
name: postgres-init
namespace: darkdork-dev
data:
init-db.sh: |
#!/bin/bash
set -e
DB_USER=${DB_USER:-pleroma}
DB_NAME=${DB_NAME:-pleroma}
psql -U ${POSTGRES_USER:-postgres} -tc "SELECT 1 FROM pg_user WHERE usename = '$DB_USER'" | \
grep -q 1 || psql -U postgres -c "CREATE USER $DB_USER WITH ENCRYPTED PASSWORD '$DB_PASS'"
psql -U ${POSTGRES_USER:-postgres} -tc "SELECT 1 FROM pg_database WHERE datname = '$DB_NAME'" | \
grep -q 1 || psql -U postgres -c "CREATE DATABASE $DB_NAME OWNER $DB_USER"
psql -v ON_ERROR_STOP=1 --username "${POSTGRES_USER:-postgres}" --dbname "$DB_NAME" <<-EOSQL
CREATE EXTENSION IF NOT EXISTS citext;
CREATE EXTENSION IF NOT EXISTS pg_trgm;
CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
EOSQL
---
apiVersion: v1
kind: ConfigMap
metadata:
name: postgres-config
namespace: darkdork-dev
data:
postgresql.conf: |
# DB Version: 17
# OS Type: linux
# DB Type: web
# Total Memory (RAM): 4 GB
# Data Storage: ssd
max_connections = 200
shared_buffers = 1GB
effective_cache_size = 3GB
maintenance_work_mem = 256MB
checkpoint_completion_target = 0.9
wal_buffers = 16MB
default_statistics_target = 100
random_page_cost = 1.1
effective_io_concurrency = 200
work_mem = 2621kB
huge_pages = off
min_wal_size = 1GB
max_wal_size = 4GB

27
pleroma.yaml → manifests/pleroma.yaml
View file

@ -56,6 +56,33 @@ spec:
port: port:
number: 80 number: 80
--- ---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: minio
namespace: darkdork-dev
annotations:
cert-manager.io/issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/rewrite-target: /pleroma.darkdork.dev/$1
spec:
ingressClassName: nginx
tls:
- hosts:
- media.darkdork.dev
secretName: tls-secret-media
rules:
- host: media.darkdork.dev
http:
paths:
- path: /(.+)
pathType: ImplementationSpecific
backend:
service:
name: minio
port:
number: 80
---
apiVersion: cert-manager.io/v1 apiVersion: cert-manager.io/v1
kind: Issuer kind: Issuer
metadata: metadata:

20
secrets.yaml.example → manifests/secrets.yaml.example
View file

@ -11,7 +11,7 @@ metadata:
name: postgres name: postgres
type: Opaque type: Opaque
stringData: stringData:
postgres-password: postgres-password:
--- ---
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
@ -19,8 +19,16 @@ metadata:
namespace: darkdork-dev namespace: darkdork-dev
name: pleroma name: pleroma
stringData: stringData:
secret-key-base: secret-key-base:
signing-salt: signing-salt:
web-push-public-key: web-push-public-key:
web-push-private-key: web-push-private-key:
default-signer: default-signer:
---
apiVersion: v1
kind: Secret
metadata:
name: minio
namespace: darkdork-dev
stringData:
root-password:

2
pleroma/Dockerfile
View file

@ -22,7 +22,7 @@ RUN adduser --system --shell /bin/false --home ${HOME} pleroma &&\
RUN rm -r /tmp/release RUN rm -r /tmp/release
RUN rm /tmp/pleroma.zip RUN rm /tmp/pleroma.zip
USER pleroma # USER pleroma
COPY --chmod=0764 --chown=pleroma ./static-files/ /static-files/ COPY --chmod=0764 --chown=pleroma ./static-files/ /static-files/
COPY --chmod=0640 --chown=pleroma ./docker.exs /etc/pleroma/config.exs COPY --chmod=0640 --chown=pleroma ./docker.exs /etc/pleroma/config.exs

37
pleroma/docker.exs
View file

@ -20,6 +20,8 @@ config :pleroma, :instance,
invites_enabled: true, invites_enabled: true,
healthcheck: true healthcheck: true
config :pleroma, :http, proxy_url: {:socks5h, "10.8.1.1", 1080}
config :pleroma, :media_proxy, config :pleroma, :media_proxy,
enabled: false, enabled: false,
redirect_on_failure: true redirect_on_failure: true
@ -50,26 +52,23 @@ config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads"
# The public S3 endpoint (base_url) is different depending on region and provider, # The public S3 endpoint (base_url) is different depending on region and provider,
# consult your S3 provider's documentation for details on what to use. # consult your S3 provider's documentation for details on what to use.
# #
# config :pleroma, Pleroma.Upload, config :pleroma, Pleroma.Upload,
# uploader: Pleroma.Uploaders.S3, uploader: Pleroma.Uploaders.S3,
# base_url: "https://s3.amazonaws.com" base_url: "https://media.darkdork.dev"
#
# config :pleroma, Pleroma.Uploaders.S3, config :pleroma, Pleroma.Uploaders.S3,
# bucket: "some-bucket", bucket: "pleroma.darkdork.dev",
# bucket_namespace: "my-namespace", bucket_namespace: nil,
# truncated_namespace: nil, truncated_namespace: "",
# streaming_enabled: true streaming_enabled: false
#
# Configure S3 credentials: # Configure S3 credentials:
# config :ex_aws, :s3, config :ex_aws, :s3,
# access_key_id: "xxxxxxxxxxxxx", access_key_id: System.get_env("S3_ACCESS_KEY"),
# secret_access_key: "yyyyyyyyyyyy", secret_access_key: System.get_env("S3_SECRET_KEY"),
# region: "us-east-1", scheme: "http://",
# scheme: "https://" host: "minio",
# port: 80
# For using third-party S3 clones like wasabi, also do:
# config :ex_aws, :s3,
# host: "s3.wasabisys.com"
config :joken, default_signer: System.get_env("DEFAULT_SIGNER") config :joken, default_signer: System.get_env("DEFAULT_SIGNER")