DevOps/ansible-role-eom
2
0
Fork 0
Code Issues 17 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: DevOps:3ae97ac4e192ac7802697077cdf05b9bd8fae838
Branches Tags
DevOps:main
...
compare: DevOps:92a024d74467e16337a795ac48ad6aab19535da1
Branches Tags
DevOps:main

7 Commits
3ae97ac4e1 ... 92a024d744

Author SHA1 Message Date
Eric Meehan
92a024d744 Misc. changes 2025-11-06 11:35:51 -05:00
Eric Meehan
055c92f3f7 Closes #15 2025-11-06 11:33:41 -05:00
Eric Meehan
71d0491236 Closes #33 2025-11-03 22:59:41 -05:00
Eric Meehan
460fdedf50 Updates to LocalAI, Discourse, and Owncast 2025-10-29 09:22:15 -04:00
Eric Meehan
b1cd53a9d8 Pinned PostgreSQL to v16.6 (#38) 
This change was made to recover from an update made while attempting to address DevOps/ansible-role-eom#37, which was not solved here.

Reviewed-on: #38
 2025-08-01 17:29:29 +00:00
Eric Meehan
5aac0ef5a9 DKIM for Docker Mailserver 2025-06-30 17:53:56 -04:00
Eric Meehan
2a63f7980b PVC for DKIM 2025-06-30 17:34:30 -04:00
10 changed files with 130 additions and 12 deletions
Expand all files Collapse all files

12
tasks/coturn.yaml
View File

@@ -17,6 +17,9 @@
release_namespace: coturn
create_namespace: true
values:
global:
security:
allowInsecureImages: true
service:
type: LoadBalancer
externalTrafficPolicy: Local
@@ -30,8 +33,14 @@
pullPolicy: Always
externalDatabase:
enabled: true
username: coturn
password: "{{ coturn_admin_password }}"
database: coturn
postgresql:
enabled: true
image:
repository: bitnamilegacy/postgresql
tag: 17.6.0-debian-12-r0
global:
postgresql:
auth:
@@ -101,3 +110,6 @@
auth:
username: coturn
password: "{{ coturn_admin_password }}"
extraTurnserverConfiguration: |
use-auth-secret
static-auth-secret={{ coturn_shared_secret }}

16
tasks/dex.yaml
View File

@@ -32,10 +32,6 @@
volumeName: "data"
size: 256Gi
- name: Deploy Dex
kubernetes.core.helm:
name: dex
@@ -45,6 +41,12 @@
values:
config:
issuer: https://dex.eom.dev/
staticClients:
- id: "{{ matrix_dex_oidc_client_id }}"
name: Matrix Auth Service
secret: "{{ matrix_dex_oidc_client_secret }}"
redirectURIs:
- "https://mas.eom.dev/upstream/callback/01K96AQEZKKABW34PY3R6BVNJ4"
storage:
type: postgres
config:
@@ -62,10 +64,10 @@
config:
host: openldap.openldap.svc.cluster.local
insecureNoSSL: true
bindDN: cn=readonly,dc=example,dc=com
bindDN: cn=readonly,dc=eom,dc=dev
bindPW: "{{ openldap_readonly_password }}"
userSearch:
baseDN: dc=example,dc=com
baseDN: dc=eom,dc=dev
filter: "(&(objectClass=posixAccount)(memberOf=cn=Dex Users,ou=Dex,ou=Services,dc=eom,dc=dev))"
username: uid
idAttr: uid
@@ -81,12 +83,14 @@
nameAttr: cn
ingress:
enabled: true
className: nginx
annotations:
cert-manager.io/cluster-issuer: ca-issuer
hosts:
- host: dex.eom.dev
paths:
- path: /
pathType: ImplementationSpecific
tls:
- hosts:
- dex.eom.dev

7
tasks/discourse.yaml
View File

@@ -22,6 +22,8 @@
password: "{{ discourse_admin_password }}"
image:
debug: false
repository: bitnamilegacy/discourse
tag: 3.4.7-debian-12-r0
service:
externalTrafficPolicy: Local
discourse:
@@ -32,6 +34,7 @@
- https://github.com/discourse/discourse-activity-pub
- https://github.com/discourse/discourse-openid-connect
- https://github.com/jonmbake/discourse-ldap-auth
- https://github.com/discourse/discourse-math
- https://github.com/discourse/discourse-post-voting
- https://github.com/discourse/discourse-prometheus
- https://github.com/discourse/discourse-reactions
@@ -58,6 +61,8 @@
tls: true
postgresql:
enabled: true
image:
repository: bitnamilegacy/postgresql
auth:
enablePostgresUser: true
postgresPassword: "{{ discourse_admin_password }}"
@@ -67,5 +72,7 @@
size: 2Ti
redis:
enabled: true
image:
repository: bitnamilegacy/redis
auth:
password: "{{ discourse_admin_password }}"

15
tasks/grafana-matrix-forwarder.yaml
View File

@@ -1,5 +1,14 @@
---
# tasks file for grafana-matrix-forwarder
- name: Create Grafana Matrix Forwarder namespace
k8s:
state: present
definition:
apiVersion: v1
kind: Namespace
metadata:
name: grafana-matrix-forwarder
- name: Create a Deployment for Grafana Matrix Forwarder
k8s:
definition:
@@ -7,7 +16,7 @@
kind: Deployment
metadata:
name: matrix-forwarder
namespace: grafana
namespace: grafana-matrix-forwarder
spec:
replicas: 1
selector:
@@ -29,7 +38,7 @@
- name: GMF_MATRIX_PASSWORD
value: "{{ grafana_admin_password }}"
- name: GMF_MATRIX_HOMESERVER
value: eom.dev
value: synapse.eom.dev
- name: GMF_RESOLVE_MODE
value: reply
@@ -40,7 +49,7 @@
kind: Service
metadata:
name: matrix-forwarder
namespace: grafana
namespace: grafana-matrix-forwarder
spec:
selector:
app: matrix-forwarder

27
tasks/localai.yaml
View File

@@ -17,12 +17,21 @@
release_namespace: localai
create_namespace: true
values:
service:
type: LoadBalancer
deployment:
image:
tag: latest-gpu-nvidia-cuda-12
runtimeClassName: nvidia
secretEnv:
- name: LOCALAI_DISABLE_WEBUI
value: "true"
- name: LOCALAI_API_KEY
value: "{{ localai_api_keys | join(',') }}"
- name: LOCALAI_WATCHDOG_IDLE
value: "true"
- name: LOCALAI_WATCHDOG_IDLE_TIMEOUT
value: "5m"
- name: LOCALAI_WATCHDOG_BUSY
value: "true"
resources:
limits:
nvidia.com/gpu: 1
@@ -36,3 +45,17 @@
operator: Equal
value: GPU
effect: NoSchedule
ingress:
enabled: true
className: nginx
annotations:
cert-manager.io/cluster-issuer: ca-issuer
hosts:
- host: localai.eom.dev
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: localai-tls
hosts:
- localai.eom.dev

21
tasks/mail.yaml
View File

@@ -42,6 +42,22 @@
name: ca-issuer
kind: ClusterIssuer
- name: Create a persistent volume claim for mail
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: dkim
namespace: mail
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 512Mi
- name: Create a persistent volume claim for mail
k8s:
state: present
@@ -131,6 +147,8 @@
mountPath: /etc/letsencrypt
- name: mail
mountPath: /var/mail
- name: dkim
mountPath: /tmp/docker-mailserver/opendkim
ports:
- containerPort: 25
- containerPort: 465
@@ -198,6 +216,9 @@
- name: mail
persistentVolumeClaim:
claimName: mail
- name: dkim
persistentVolumeClaim:
claimName: dkim
- name: Expose deployment as a service
k8s:

2
tasks/main.yaml
View File

@@ -3,4 +3,4 @@
- name: Deploy
include_tasks: "{{ item }}"
loop:
- lemmy.yaml
- localai.yaml

4
tasks/nextcloud.yaml
View File

@@ -57,6 +57,8 @@
cronjob:
enabled: true
redis:
#global:
#defaultStorageClass: r720-nfs-client
enabled: true
auth:
password: "{{ redis_auth_password }}"
@@ -109,6 +111,8 @@
database: nextcloud
postgresql:
enabled: true
image:
tag: 16.6.0-debian-12-r2
global:
postgresql:
auth:

34
tasks/openldap.yaml
View File

@@ -41,6 +41,36 @@
requests:
storage: 32Gi
- name: Request a certificate for OpenLDAP
k8s:
state: present
definition:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: openldap
namespace: openldap
spec:
secretName: openldap
privateKey:
algorithm: RSA
encoding: PKCS1
size: 2048
duration: 2160h # 90d
renewBefore: 360h # 15d
isCA: false
usages:
- server auth
- client auth
subject:
organizations:
- EOM
dnsNames:
- openldap.eom.dev
issuerRef:
name: ca-issuer
kind: ClusterIssuer
- name: Create Deployment for OpenLDAP
k8s:
definition:
@@ -75,6 +105,10 @@
value: "{{ openldap_readonly_password }}"
- name: LDAP_TLS_VERIFY_CLIENT
value: never
- name: LDAP_TLS_CRT_FILENAME
value: tls.crt
- name: LDAP_TLS_KEY_FILENAME
value: tls.key
volumeMounts:
- name: config
mountPath: /etc/ldap/slapd.d

4
tasks/owncast.yaml
View File

@@ -49,6 +49,9 @@
containers:
- name: owncast
image: owncast/owncast:0.2.0
resources:
requests:
cpu: 1.5
volumeMounts:
- name: data
mountPath: /app/data
@@ -78,6 +81,7 @@
name: rtmp
- port: 8080
name: http
externalTrafficPolicy: Local
type: LoadBalancer
- name: Create Ingress