feat: add seafile

2025-03-10 18:15:57 -04:00 · 2025-03-10 18:15:57 -04:00 · 75c250b5fd
commit 75c250b5fd
parent c935fcd640
5 changed files with 172 additions and 0 deletions
--- a/kubernetes/main/apps/default/kustomization.yaml
+++ b/kubernetes/main/apps/default/kustomization.yaml
@ -10,3 +10,4 @@ resources:
 - ./dendrite/ks.yaml
 - ./ganymede/ks.yaml
 - ./piwigo/ks.yaml
+- ./seafile/ks.yaml
--- a/kubernetes/main/apps/default/seafile/app/env-secret.sops.yaml
+++ b/kubernetes/main/apps/default/seafile/app/env-secret.sops.yaml
@ -0,0 +1,71 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: seafile-env
+stringData:
+    DB_ROOT_PASSWD: ENC[AES256_GCM,data:c61w0LxJZWosVQJ00OHo3c/yAlOifsKSkCyymXNRaiM=,iv:rkJEodHcYaTzHDnpZEIYfeJvwnDvr91Oz2ILhvWQnIs=,tag:yP4N+gzQgAe8Uv11tf742g==,type:str]
+    SEAFILE_ADMIN_PASSWORD: ENC[AES256_GCM,data:n+EchmGEQVPdsWw=,iv:eX39MPzFgQ71WuMpdhfKB2p8qCoqsviihmeO+1Tk9C8=,tag:bv45s+Lk6MnMFOMswZEw4Q==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2025-03-10T22:15:21Z"
+    mac: ENC[AES256_GCM,data:GoD9bsMUc1UCaOKhS17Vzwb6kZcfGyHuwy6FM8uZuWx/ZJ0mUNOs9Q2y72jjaAL3DlWtiyP6/yUuQpHbSCVFfbcHs8QbckBwybkO8hhEOH+/1IUAdedFlkzIYifZa9p/GDkO5vGxBkCosPkVDowDjaT3xK+dH74dkZ0Y6OyRPx8=,iv:MQTp3sFod5rrq6Cy/oXdH8OjE6fhUSjB15LbFNIOL7Q=,tag:rEsBalAsYbK0P3WfbOE2fQ==,type:str]
+    pgp:
+        - created_at: "2025-03-10T22:15:21Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAyqlIeyoxYovAQ//doR7i38xedVqtt8UXIFyhkVNcTAky2AnM9mBJdsUnvZq
+            Roj3V10APfUPl1xchWecELl6YjBnxKaVWHIglkEVY/2+/8ORmY+H7n9cdeMMYZ+i
+            sa0rJujCodY9i15Teqj1bDGwX851qLiQ9yuONPlASgqrLV6bEFU4+Ufg4pp7Zrym
+            aXGmpgB7auqh2OVUkUIwy7bj4Gy+k8t1Q0hHTz05iUuLN/1FOw0RD7Tp7RS6qC/4
+            8d8NwdMB2ANvre8Ld0pGH8eAn7qxJBdYLIUel/SPZ9xwbeZ0JCOIuT1iYlTCmBP2
+            pfLnTVsu7980ZUIdxe1J2LKIsXOxhcHbqq4iSaTj06uWHvf2OAGpvk1oKqS6Tczu
+            Wzvnzm87mzQJCRa1LdF43ds93Bxgl1yNqBF/Wwa/M+8Y4DcijUfCI9+OBpgCy1JJ
+            uLbaSqGgKnVirkm1xZahL+jxHZ82wjpys0Ze5hJpnHoibPpAA4nVUHlpF66+2G6w
+            iSck+X25/dzyaDrhpO8B9bjFFgvr9u0dMqqbJJbDpWeeC046C9pg+7isFkwscmMA
+            8z7AFDShH13VXEUhdNWZN4IF3+2d5f4ShG0px0wdE9S8i6Rsp+iGmTR/FcUUBjTz
+            IR8R8sjMaY34+1QcIXwwTdTmMtAPCaGOBV6z0eEJygneKOdpvnQmcn+TFhldfcGF
+            AgwDXjg0p2IN1X8BEACeWqoLehxuLDfKR3qmvd9LkowYztAlCgCKwcNliT1v0Cwp
+            22sjqGYCpH04/y4mELoThkkofCIYYS9FSGLbQutKknpV4FpKOO1nOzowDt6/3g78
+            1UquSxe2nkRSFkmFNBWKR32DAIQ+QrsBITL+n0bbC7QpxeKWqarohhl/giW9eUuw
+            L5Uak2bDvTu4OcSbAnBjvNx2JRcLfQMgIqDcIH7b7MinyA16guNgECrmePS3ab+z
+            lpmf2T2A867snAiQ9bn0q0xZdELqGd0XcgJgBrF5ylBQ1FYT8qjRJPhaIZA0ZDES
+            C3ktNdOy/ZMf+oNFBGmY9TbkqnkRAjSCyuuhPFnrnj7mLQMOoq3SDcB20HdzHqWT
+            jdcdkslS8mkkGDQEWCS7utvru7Z39eTx6U54Q/kmDKKmiKXOgAwAqOlH3rMhBIMO
+            z+MIrT7DbNPps5B3d9r3ewDD1HpwrJg/LV1Y+aITijgeg7g2bFDsvkC7vkzsuAZ/
+            W5cv+BRle3zR3lOu194a6mBuvZaU+RfQxLr8+sK+fTroeWf743747hCh1aWzkRQT
+            VS6My3V4wBl19b5362HWAiWAha53qwoE6TKCqhhpkgBqCyR+o2U0G42m2yeAf0Ky
+            ZAyvitrFzWFDLgmyCFJEGpWkQrN/HqGK7h+t3dA3wuGJDyT1sXJ16jAkzS/N7dRo
+            AQkCEKWwvaO8FLzVTFBc2pQZmtwTiSVgMmd9d8EY355Xo+mEg8J/qrrMlPhh4Tbv
+            ytSYqGIn2kX8pd8caYNRjY9bHhOAwHjBOg/5raC0giluaA4+r0TJya/HKxSya/Ac
+            ns4DDNVHEJg=
+            =UCDj
+            -----END PGP MESSAGE-----
+          fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
+        - created_at: "2025-03-10T22:15:21Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAy5t8IMoPu4VAQ/9F4nt9UrOGsNw5eY2cvhwfTX21+4cxmKKWaC/XErSzQFe
+            XjIfsiiCnpZLCMCazSid0WHKvw5gt033JMEBfvoq/91W0qso/9TAmaSM7sGoy1/o
+            jd0QDq+gF/wCLdQBi2N+FBPzLN10x03cYJEkGeEkCBL4k/X/SJ+aIY4umfwP/0wr
+            BjMU3QSFuiMrJbu/dA2RyHBHFchHUGFlpF2jbFK+sN3YFXcAUEzdL8SCJ3YNiVgo
+            /t/Y/lkKk/w3I4R6zg59QJPRcERML2hmeVFVLHJaSsRJzWrEEBEkUrvdLwRUqaAr
+            Z6/b3v4iu8/yQF94wY3biDg2YKtg4EnTGD11W4+dPWZ5AX2ukGI3CrfdvfNLuUm7
+            iWCis7YhO/KYQkx8vX/RVHAQXX1J+7mG89LNLsGKZyrJrCyHG2V4iD+WnllMljF0
+            du9zAckTEs3aRQ9VRP2e4Bs22qSOVqwMii4MD2cwwyhse/XpkMzfgiZC9h3lOIW0
+            x2dXwG7mr3GvRYfnxR/P7Ow9YEERX3W6tZ3BY0KPq8bMZB8gPXfXlrZ9PK4H9aLt
+            Sd1bFX0iFguOfvR+rIY/P1rX6Twja+Y/pyvREqzNQ2PR0ZflLfyHmmAlD72XFLU6
+            bdrMMTuzlIgEIrE9tiPnVNdvEearsQhr8xpQwoAzmNga/GKKqm6QsS/8fvVP/t/U
+            aAEJAhC6BySewomcVrQJ8c23u4ZiLRcUqhw9CGnx/ur+DEZyHRm4PoEM85x7u1sR
+            1a1ptn8c7MARURCSD6+MXb+8/lr/o+Ca0AWl0iKHaDJHAIrvC5GfK0nj9BwHFdaM
+            VcEPCk6zUzG+
+            =WzPE
+            -----END PGP MESSAGE-----
+          fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
+    encrypted_regex: ^(data|stringData)$
+    version: 3.9.4
--- a/kubernetes/main/apps/default/seafile/app/helm-release.yaml
+++ b/kubernetes/main/apps/default/seafile/app/helm-release.yaml
@ -0,0 +1,67 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: seafile
+spec:
+  interval: 5m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.7.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjws-charts
+        namespace: flux-system
+  values:
+    controllers:
+      main:
+#        pod:
+#          securityContext:
+#            runAsNonRoot: true
+#            runAsUser: 10000
+#            runAsGroup: 10000
+#            fsGroup: 10000
+#            fsGroupChangePolicy: OnRootMismatch
+        containers:
+          main:
+            image:
+              repository: seafileltd/seafile-mc
+              tag: 11.0-latest
+            env:
+              DB_HOST: mysql.database.svc
+              TIMEZONE: ${SERVER_TIMEZONE}
+              SEAFILE_ADMIN_EMAIL: admin@${SECRET_NEW_DOMAIN}
+              SEAFILE_SERVER_LETSENCRYPT: false
+            envFrom:
+              - secretRef:
+                  name: seafile-env
+            resources:
+              limits:
+                memory: 1Gi
+    service:
+      app:
+        controller: main
+        ports:
+          http:
+            port: 80
+    ingress:
+      main:
+        annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-production
+          traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        hosts:
+        - host: seafile.${SECRET_NEW_DOMAIN}
+          paths:
+          - path: /
+            service:
+              identifier: app
+              port: http
+    persistence:
+      data:
+        type: persistentVolumeClaim
+        storageClass: openebs-zfs-mainpool
+        accessMode: ReadWriteOnce
+        size: 150G
+        globalMounts:
+        - path: /shared
--- a/kubernetes/main/apps/default/seafile/app/kustomization.yaml
+++ b/kubernetes/main/apps/default/seafile/app/kustomization.yaml
@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ./env-secret.sops.yaml
+- ./helm-release.yaml
--- a/kubernetes/main/apps/default/seafile/ks.yaml
+++ b/kubernetes/main/apps/default/seafile/ks.yaml
@ -0,0 +1,28 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: seafile
+  namespace: flux-system
+spec:
+  timeout: 5m
+  interval: 10m
+  targetNamespace: default
+  path: ./kubernetes/main/apps/default/seafile/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-cluster
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-gpg
+  postBuild:
+    substituteFrom:
+      - kind: ConfigMap
+        name: cluster-settings
+      - kind: Secret
+        name: cluster-secrets
+  dependsOn:
+    - name: openebs
+    - name: openebs-sc