Restructure yaml, add CI/CD pipelines

manifests/darkdork.dev/issuer.yaml

@@ -0,0 +1,41 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  namespace: darkdork-dev
+  name: letsencrypt-staging
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: pwm@crlf.ninja
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-staging
+    # Enable the HTTP-01 challenge provider
+    solvers:
+      - http01:
+          ingress:
+            ingressClassName: nginx
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  namespace: darkdork-dev
+  name: letsencrypt-prod
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: pwm@crlf.ninja
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    # Enable the HTTP-01 challenge provider
+    solvers:
+      - http01:
+          ingress:
+            ingressClassName: nginx
+---

manifests/darkdork.dev/namespace.yaml

@@ -0,0 +1,6 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: darkdork-dev
+---

manifests/darkdork.dev/secrets.yaml.example

@@ -0,0 +1,34 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: darkdork-dev
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: darkdork-dev
+  name: postgres
+type: Opaque
+stringData:
+  postgres-password:
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: darkdork-dev
+  name: pleroma
+stringData:
+  secret-key-base:
+  signing-salt:
+  web-push-public-key:
+  web-push-private-key:
+  default-signer:
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: minio
+  namespace: darkdork-dev
+stringData:
+  root-password:

manifests/darkdork.dev/storageclass.yaml

@@ -0,0 +1,28 @@
+---
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: longhorn-ssd
+  namespace: darkdork-dev
+provisioner: driver.longhorn.io
+allowVolumeExpansion: true
+parameters:
+  numberOfReplicas: "3"
+  staleReplicaTimeout: "2880" # 48 hours in minutes
+  fromBackup: ""
+  fsType: "xfs"
+#  backupTargetName: "default"
+#  mkfsParams: "-I 256 -b 4096 -O ^metadata_csum,^64bit"
+#  diskSelector: "ssd,fast"
+#  nodeSelector: "storage,fast"
+#  recurringJobSelector: '[
+#   {
+#     "name":"snap",
+#     "isGroup":true,
+#   },
+#   {
+#     "name":"backup",
+#     "isGroup":false,
+#   }
+#  ]'
+---