alex/infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: alex:6e83dea4a36ebc04449beb73ed9770bd46ea22aa
Branches Tags
alex:main
..
compare: alex:c4273f5e63cbdaa48cd901887358d60414d834c9
Branches Tags
alex:main

5 Commits
6e83dea4a3 ... c4273f5e63

Author SHA1 Message Date
Alex Mickelson
c4273f5e63 kubernetes apply
Some checks failed
Apply Kuberentes Configs / update-repo (push) Successful in 1s
Details
Apply Kuberentes Configs / update-infrastructure (push) Failing after 1s
Details
2026-02-15 17:47:54 -07:00
Alex Mickelson
f8006a4595 audiobook 2026-02-15 17:40:00 -07:00
Alex Mickelson
108cfa79b7 musicassistant 2026-02-15 17:30:12 -07:00
Alex Mickelson
7b0148696c remove zwave 2026-02-15 17:18:55 -07:00
Alex Mickelson
d531f8c44a zwave 2026-02-15 17:18:35 -07:00
15 changed files with 583 additions and 240 deletions
Expand all files Collapse all files

4
.gitea/workflows/apply-kubernetes.yml
View File

@@ -17,3 +17,7 @@ jobs:
kubectl annotate ingressclass nginx \
ingressclass.kubernetes.io/is-default-class="true" --overwrite
- name: audiobookshelf
working-directory: /home/gitea-runner/infrastructure
run: |
kubectl apply -f kubernetes/audiobookshelf/

87
home-server/docker-compose.yml
View File

@@ -103,41 +103,36 @@ services:
network_mode: host
zwave-js-ui:
container_name: zwave-js-ui
image: zwavejs/zwave-js-ui:latest
restart: always
tty: true
stop_signal: SIGINT
environment:
- SESSION_SECRET=iqpwoeinf9384bw3p48gbwer
- TZ=America/Denver
devices:
# Do not use /dev/ttyUSBX serial devices, as those mappings can change over time.
# Instead, use the /dev/serial/by-id/X serial device for your Z-Wave stick.
# - '/dev/serial/by-id/insert_stick_reference_here:/dev/zwave'
- /dev/serial/by-id/usb-Silicon_Labs_HubZ_Smart_Home_Controller_31500417-if00-port0:/dev/serial/by-id/usb-Silicon_Labs_HubZ_Smart_Home_Controller_31500417-if00-port0
- /dev/serial/by-id/usb-Silicon_Labs_HubZ_Smart_Home_Controller_31500417-if01-port0:/dev/serial/by-id/usb-Silicon_Labs_HubZ_Smart_Home_Controller_31500417-if01-port0
volumes:
- /data/zwave:/usr/src/app/store
ports:
- '3050:8091'
- '3051:3051'
# zwave-js-ui:
# container_name: zwave-js-ui
# image: zwavejs/zwave-js-ui:latest
# restart: always
# tty: true
# stop_signal: SIGINT
# environment:
# - SESSION_SECRET=iqpwoeinf9384bw3p48gbwer
# - TZ=America/Denver
# devices:
# # Do not use /dev/ttyUSBX serial devices, as those mappings can change over time.
# # Instead, use the /dev/serial/by-id/X serial device for your Z-Wave stick.
# # - '/dev/serial/by-id/insert_stick_reference_here:/dev/zwave'
# - /dev/serial/by-id/usb-Silicon_Labs_HubZ_Smart_Home_Controller_31500417-if00-port0:/dev/serial/by-id/usb-Silicon_Labs_HubZ_Smart_Home_Controller_31500417-if00-port0
# - /dev/serial/by-id/usb-Silicon_Labs_HubZ_Smart_Home_Controller_31500417-if01-port0:/dev/serial/by-id/usb-Silicon_Labs_HubZ_Smart_Home_Controller_31500417-if01-port0
# volumes:
# - /data/zwave:/usr/src/app/store
# ports:
# - '3050:8091'
# - '3051:3051'
music-assistant-server:
image: ghcr.io/music-assistant/server:2
container_name: music-assistant-server
restart: unless-stopped
network_mode: host
volumes:
- /data/music-assistant-server/data:/data/
# cap_add:
# - SYS_ADMIN
# - DAC_READ_SEARCH
# security_opt:
# - apparmor:unconfined
environment:
- LOG_LEVEL=info
# music-assistant-server:
# image: ghcr.io/music-assistant/server:2
# container_name: music-assistant-server
# restart: unless-stopped
# network_mode: host
# volumes:
# - /data/music-assistant-server/data:/data/
# environment:
# - LOG_LEVEL=info
prometheus:
image: public.ecr.aws/bitnami/prometheus:2
@@ -213,18 +208,18 @@ services:
# - proxy
audiobookshelf:
image: ghcr.io/advplyr/audiobookshelf:latest
restart: unless-stopped
ports:
- 13378:80
volumes:
- /data/media/audiobooks:/audiobooks
- /data/media/audiobooks-libation:/audiobooks-libation
- /data/audiobookshelf/config:/config
- /data/audiobookshelf/metadata:/metadata
networks:
- proxy
# audiobookshelf:
# image: ghcr.io/advplyr/audiobookshelf:latest
# restart: unless-stopped
# ports:
# - 13378:80
# volumes:
# - /data/media/audiobooks:/audiobooks
# - /data/media/audiobooks-libation:/audiobooks-libation
# - /data/audiobookshelf/config:/config
# - /data/audiobookshelf/metadata:/metadata
# networks:
# - proxy
copilot-api:
image: node:latest

62
home-server/nginx.conf
View File

@@ -94,23 +94,23 @@ server {
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name audiobook.alexmickelson.guru;
# server {
# listen 443 ssl;
# listen [::]:443 ssl;
# server_name audiobook.alexmickelson.guru;
location / {
proxy_pass http://audiobookshelf:80;
# location / {
# proxy_pass http://audiobookshelf:80;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header Host $host;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
}
}
# proxy_http_version 1.1;
# }
# }
# server {
# listen 443 ssl;
@@ -176,24 +176,24 @@ server {
proxy_pass http://immich_server:2283;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name sound.alexmickelson.guru;
location / {
proxy_pass http://host.docker.internal:8095;
# server {
# listen 443 ssl;
# listen [::]:443 ssl;
# server_name sound.alexmickelson.guru;
# location / {
# proxy_pass http://host.docker.internal:8095;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Forwarded-Protocol $scheme;
# proxy_set_header X-Forwarded-Host $http_host;
# proxy_set_header Host $host;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# }
# }
server {
listen 443 ssl;

95
kubernetes/audiobookshelf/audiobook.yml Normal file
View File

@@ -0,0 +1,95 @@
apiVersion: v1
kind: Namespace
metadata:
name: audiobookshelf
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: audiobookshelf
namespace: audiobookshelf
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: audiobookshelf
template:
metadata:
labels:
app: audiobookshelf
spec:
containers:
- name: audiobookshelf
image: ghcr.io/advplyr/audiobookshelf:latest
imagePullPolicy: Always
ports:
- containerPort: 80
hostPort: 13378
volumeMounts:
- name: audiobooks
mountPath: /audiobooks
- name: audiobooks-libation
mountPath: /audiobooks-libation
- name: config
mountPath: /config
- name: metadata
mountPath: /metadata
volumes:
- name: audiobooks
hostPath:
path: /data/media/audiobooks
type: DirectoryOrCreate
- name: audiobooks-libation
hostPath:
path: /data/media/audiobooks-libation
type: DirectoryOrCreate
- name: config
hostPath:
path: /data/audiobookshelf/config
type: DirectoryOrCreate
- name: metadata
hostPath:
path: /data/audiobookshelf/metadata
type: DirectoryOrCreate
---
apiVersion: v1
kind: Service
metadata:
name: audiobookshelf
namespace: audiobookshelf
spec:
selector:
app: audiobookshelf
ports:
- name: http
protocol: TCP
port: 13378
targetPort: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: audiobookshelf-ingress
namespace: audiobookshelf
annotations:
cert-manager.io/cluster-issuer: cloudflare-issuer
spec:
ingressClassName: nginx
tls:
- hosts:
- audiobook.alexmickelson.guru
secretName: audiobookshelf-tls-cert
rules:
- host: audiobook.alexmickelson.guru
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: audiobookshelf
port:
number: 13378
---

61
kubernetes/copilot/copilot-dep.yml Normal file
View File

@@ -0,0 +1,61 @@
apiVersion: v1
kind: Namespace
metadata:
name: copilot
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: copilot-api
namespace: copilot
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: copilot-api
template:
metadata:
labels:
app: copilot-api
spec:
containers:
- name: copilot-api
image: node:latest
imagePullPolicy: Always
workingDir: /app
command: ["sh", "-c"]
args: ["npm cache clean --force && npx copilot-api@latest start --github-token $COPILOT_TOKEN --port 4444"]
env:
- name: COPILOT_TOKEN
valueFrom:
secretKeyRef:
name: copilot-secret
key: token
ports:
- containerPort: 4444
---
apiVersion: v1
kind: Service
metadata:
name: copilot-api
namespace: copilot
spec:
selector:
app: copilot-api
ports:
- name: http
protocol: TCP
port: 4444
targetPort: 4444
---
apiVersion: v1
kind: Secret
metadata:
name: copilot-secret
namespace: copilot
type: Opaque
stringData:
token: "YOUR_COPILOT_TOKEN_HERE"
---

0
kubernetes/homeassistant/ha-dep.yml → kubernetes/homeassistant/0-ha-dep.yml
View File

75
kubernetes/homeassistant/1-music-assistant.yml Normal file
View File

@@ -0,0 +1,75 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: music-assistant-server
namespace: homeassistant
spec:
replicas: 1
selector:
matchLabels:
app: music-assistant-server
template:
metadata:
labels:
app: music-assistant-server
spec:
hostNetwork: true
containers:
- name: music-assistant-server
image: ghcr.io/music-assistant/server:2
imagePullPolicy: Always
env:
- name: LOG_LEVEL
value: "info"
- name: TZ
value: "America/Denver"
volumeMounts:
- name: data
mountPath: /data
volumes:
- name: data
hostPath:
path: /data/music-assistant-server/data
type: DirectoryOrCreate
---
apiVersion: v1
kind: Service
metadata:
name: music-assistant
namespace: homeassistant
# annotations:
# tailscale.com/expose: "true"
spec:
selector:
app: music-assistant-server
ports:
- name: http
protocol: TCP
port: 8095
targetPort: 8095
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: music-assistant-ingress
namespace: homeassistant
annotations:
cert-manager.io/cluster-issuer: cloudflare-issuer
spec:
ingressClassName: nginx
tls:
- hosts:
- sound.alexmickelson.guru
secretName: music-assistant-tls-cert
rules:
- host: sound.alexmickelson.guru
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: music-assistant
port:
number: 8095
---

74
kubernetes/homeassistant/1-zwave-dep.yml Normal file
View File

@@ -0,0 +1,74 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: zwave-js-ui
namespace: homeassistant
spec:
replicas: 1
selector:
matchLabels:
app: zwave-js-ui
template:
metadata:
labels:
app: zwave-js-ui
spec:
hostNetwork: true
containers:
- name: zwave-js-ui
image: zwavejs/zwave-js-ui:latest
imagePullPolicy: Always
tty: true
env:
- name: SESSION_SECRET
value: "iqpwoeinf9384bw3p48gbwer"
- name: TZ
value: "America/Denver"
volumeMounts:
- name: zwave-data
mountPath: /usr/src/app/store
- name: zwave-device-if00
mountPath: /dev/serial/by-id/usb-Silicon_Labs_HubZ_Smart_Home_Controller_31500417-if00-port0
- name: zwave-device-if01
mountPath: /dev/serial/by-id/usb-Silicon_Labs_HubZ_Smart_Home_Controller_31500417-if01-port0
securityContext:
privileged: true
ports:
- containerPort: 8091
name: http
- containerPort: 3051
name: websocket
volumes:
- name: zwave-data
hostPath:
path: /data/zwave
type: DirectoryOrCreate
- name: zwave-device-if00
hostPath:
path: /dev/serial/by-id/usb-Silicon_Labs_HubZ_Smart_Home_Controller_31500417-if00-port0
type: CharDevice
- name: zwave-device-if01
hostPath:
path: /dev/serial/by-id/usb-Silicon_Labs_HubZ_Smart_Home_Controller_31500417-if01-port0
type: CharDevice
---
apiVersion: v1
kind: Service
metadata:
name: zwave-js-ui
namespace: homeassistant
annotations:
tailscale.com/expose: "true"
spec:
selector:
app: zwave-js-ui
ports:
- name: http
protocol: TCP
port: 8091
targetPort: 8091
- name: websocket
protocol: TCP
port: 3051
targetPort: 3051
---

96
kubernetes/minecraft/minecraft-dep.yml Normal file
View File

@@ -0,0 +1,96 @@
# apiVersion: v1
# kind: Namespace
# metadata:
# name: minecraft
# ---
# apiVersion: apps/v1
# kind: Deployment
# metadata:
# name: minecraft
# namespace: minecraft
# spec:
# replicas: 1
# selector:
# matchLabels:
# app: minecraft
# template:
# metadata:
# labels:
# app: minecraft
# spec:
# containers:
# - name: tailscale
# image: tailscale/tailscale:latest
# env:
# - name: TS_STATE_DIR
# value: "/var/lib/tailscale"
# - name: TS_AUTHKEY
# value: "tskey-auth-REPLACE_ME"
# - name: TS_HOSTNAME
# value: "minecraft"
# volumeMounts:
# - name: tailscale-data
# mountPath: /var/lib/tailscale
# - name: dev-tun
# mountPath: /dev/net/tun
# securityContext:
# capabilities:
# add:
# - NET_ADMIN
# - SYS_MODULE
# - name: minecraft
# image: itzg/minecraft-server:java21
# stdin: true
# tty: true
# env:
# - name: EULA
# value: "true"
# - name: MEMORY
# value: "6G"
# - name: CF_OVERRIDES_EXCLUSIONS
# value: |
# # Not applicable for server side
# shaderpacks/**
# volumeMounts:
# - name: minecraft-data
# mountPath: /data
# - name: modpacks
# mountPath: /modpacks
# readOnly: true
# resources:
# requests:
# memory: "6Gi"
# limits:
# memory: "8Gi"
# volumes:
# - name: minecraft-data
# hostPath:
# path: /data/minecraft/data
# type: DirectoryOrCreate
# - name: modpacks
# hostPath:
# path: /data/minecraft/modpacks
# type: DirectoryOrCreate
# - name: tailscale-data
# hostPath:
# path: /data/minecraft/tailscale-data
# type: DirectoryOrCreate
# - name: dev-tun
# hostPath:
# path: /dev/net/tun
# type: CharDevice
# ---
# # apiVersion: v1
# # kind: Service
# # metadata:
# # name: minecraft
# # namespace: minecraft
# # spec:
# # selector:
# # app: minecraft
# # ports:
# # - name: minecraft
# # protocol: TCP
# # port: 25565
# # targetPort: 25565
# # type: ClusterIP

1
kubernetes/nfs-server/.gitignore vendored
View File

@@ -1 +0,0 @@
test/

13
kubernetes/nfs-server/Dockerfile
View File

@@ -1,13 +0,0 @@
FROM alpine:latest
RUN apk add --no-cache nfs-utils bash
RUN mkdir -p /exports
COPY entrypoint.sh /usr/local/bin/entrypoint.sh
RUN chmod +x /usr/local/bin/entrypoint.sh
EXPOSE 2049 20048
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

24
kubernetes/nfs-server/entrypoint.sh
View File

@@ -1,24 +0,0 @@
#!/bin/bash
set -e
ALLOWED_CLIENTS="${ALLOWED_CLIENTS:-*}"
echo "/exports $ALLOWED_CLIENTS(rw,sync,no_subtree_check,no_root_squash)" > /etc/exports
rpcbind || true
rpc.statd || true
echo "Starting NFS server..."
mount -t nfsd nfsd /proc/fs/nfsd
rpc.nfsd -N 3 -V 4 --grace-time 10 $nfsd_debug_opt &
rpc.mountd -N 2 -N 3 -V 4 --foreground $mountd_debug_opt &
wait
# rpc.mountd -N 2 -N 3 -V 4 --foreground
# wait

19
kubernetes/nfs-server/readme.md
View File

@@ -1,19 +0,0 @@
<https://wiki.alpinelinux.org/wiki/Setting_up_an_NFS_server>
example docker run
```bash
docker run --rm -it \
--name nfs-server \
--cap-add SYS_ADMIN \
-e ALLOWED_CLIENTS="127.0.0.1.0/24" \
-v (pwd)/test:/exports \
--network host \
nfs-server
```
currently not working, i like the idea of running the nfs server in a docker container, but doing it as a nixos module is probably better

106
kubernetes/proxy-ingress/audiobook-proxy-ingress.yml
View File

@@ -1,53 +1,53 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: audiobookshelf-ingress
namespace: projects
annotations:
cert-manager.io/cluster-issuer: cloudflare-issuer
spec:
ingressClassName: nginx
tls:
- hosts:
- audiobook.alexmickelson.guru
secretName: audiobookshelf-tls-cert
rules:
- host: audiobook.alexmickelson.guru
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: audiobookshelf
port:
number: 13378
---
apiVersion: v1
kind: Service
metadata:
name: audiobookshelf
namespace: projects
spec:
ports:
- port: 13378
targetPort: 13378
protocol: TCP
---
apiVersion: discovery.k8s.io/v1
kind: EndpointSlice
metadata:
name: audiobookshelf
namespace: projects
labels:
kubernetes.io/service-name: audiobookshelf
addressType: IPv4
ports:
- name: http
port: 13378
protocol: TCP
endpoints:
- addresses:
- 100.122.128.107
conditions:
ready: true
# apiVersion: networking.k8s.io/v1
# kind: Ingress
# metadata:
# name: audiobookshelf-ingress
# namespace: projects
# annotations:
# cert-manager.io/cluster-issuer: cloudflare-issuer
# spec:
# ingressClassName: nginx
# tls:
# - hosts:
# - audiobook.alexmickelson.guru
# secretName: audiobookshelf-tls-cert
# rules:
# - host: audiobook.alexmickelson.guru
# http:
# paths:
# - path: /
# pathType: Prefix
# backend:
# service:
# name: audiobookshelf
# port:
# number: 13378
# ---
# apiVersion: v1
# kind: Service
# metadata:
# name: audiobookshelf
# namespace: projects
# spec:
# ports:
# - port: 13378
# targetPort: 13378
# protocol: TCP
# ---
# apiVersion: discovery.k8s.io/v1
# kind: EndpointSlice
# metadata:
# name: audiobookshelf
# namespace: projects
# labels:
# kubernetes.io/service-name: audiobookshelf
# addressType: IPv4
# ports:
# - name: http
# port: 13378
# protocol: TCP
# endpoints:
# - addresses:
# - 100.122.128.107
# conditions:
# ready: true

106
kubernetes/proxy-ingress/musicassistant-proxy-ingress.yml
View File

@@ -1,53 +1,53 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: musicassistant-ingress
namespace: projects
annotations:
cert-manager.io/cluster-issuer: cloudflare-issuer
spec:
ingressClassName: nginx
tls:
- hosts:
- sound.alexmickelson.guru
secretName: sound-tls-cert
rules:
- host: sound.alexmickelson.guru
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: musicassistant
port:
number: 8095
---
apiVersion: v1
kind: Service
metadata:
name: musicassistant
namespace: projects
spec:
ports:
- port: 8095
targetPort: 8095
protocol: TCP
---
apiVersion: discovery.k8s.io/v1
kind: EndpointSlice
metadata:
name: musicassistant
namespace: projects
labels:
kubernetes.io/service-name: musicassistant
addressType: IPv4
ports:
- name: http
port: 8095
protocol: TCP
endpoints:
- addresses:
- 100.122.128.107
conditions:
ready: true
# apiVersion: networking.k8s.io/v1
# kind: Ingress
# metadata:
# name: musicassistant-ingress
# namespace: projects
# annotations:
# cert-manager.io/cluster-issuer: cloudflare-issuer
# spec:
# ingressClassName: nginx
# tls:
# - hosts:
# - sound.alexmickelson.guru
# secretName: sound-tls-cert
# rules:
# - host: sound.alexmickelson.guru
# http:
# paths:
# - path: /
# pathType: Prefix
# backend:
# service:
# name: musicassistant
# port:
# number: 8095
# ---
# apiVersion: v1
# kind: Service
# metadata:
# name: musicassistant
# namespace: projects
# spec:
# ports:
# - port: 8095
# targetPort: 8095
# protocol: TCP
# ---
# apiVersion: discovery.k8s.io/v1
# kind: EndpointSlice
# metadata:
# name: musicassistant
# namespace: projects
# labels:
# kubernetes.io/service-name: musicassistant
# addressType: IPv4
# ports:
# - name: http
# port: 8095
# protocol: TCP
# endpoints:
# - addresses:
# - 100.122.128.107
# conditions:
# ready: true