--wip-- [skipci]

kubernetes/lianalabs/apps/games/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./namespace.yaml
+  #- ./minecraft/ks.yaml

kubernetes/lianalabs/apps/games/minecraft/app/helmrelease.yaml

@@ -0,0 +1,120 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: &app minecraft
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.5.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3
+  dependsOn:
+    - name: volsync
+      namespace: volsync-system
+  values:
+    controllers:
+      minecraft:
+        annotations:
+          reloader.stakater.com/auto: "true"
+        containers:
+          app:
+            image:
+              repository: ghcr.io/itzg/minecraft-server
+              tag: 2024.10.2@sha256:8bd119f65ef6e65bdb12f756bfb44a305b36b1adf868ade8027014fabc29c755
+            env:
+              TZ: ${TIMEZONE}
+              AUTOPAUSE_TIMEOUT_EST: 600
+              AUTOPAUSE_TIMEOUT_INIT: 300
+              DIFFICULTY: normal
+              ENABLE_AUTOPAUSE: TRUE
+              ENABLE_WHITELIST: true
+              EULA: true
+              FORCE_GAMEMODE: true
+              ICON: https://i.ibb.co/q7PkGt4/shoujomagical.png
+              JVM_XX_OPTS: "-XX:MaxRAMPercentage=75"
+              MAX_BUILD_HEIGHT: 320
+              MAX_TICK_TIME: -1
+              MAX_WORLD_SIZE: 29999984
+              MEMORY: 8192M
+              MODE: survival
+              MOTD: "Minecraft Server"
+              OVERRIDE_ICON: TRUE
+              PAPER_CHANNEL: experimental
+              SERVER_NAME: Shoujo Magical Gamers
+              SKIP_SUDO: true
+              SPAWN_PROTECTION: 0
+              SPIGET_RESOURCES: 36618
+              TYPE: PAPER
+              VERSION: "1.21"
+              VIEW_DISTANCE: 12
+            envFrom:
+              - secretRef:
+                  name: minecraft-secret
+            resources:
+              requests:
+                cpu: 100m
+                memory: 100Mi
+              limits:
+                memory: 8192Mi
+            securityContext:
+              allowPrivilegeEscalation: true
+              readOnlyRootFilesystem: true
+              capabilities:
+                add: ["NET_RAW"]
+                drop: ["ALL"]
+            probes:
+              liveness: &probe
+                enabled: true
+                custom: true
+                spec:
+                  periodSeconds: 60
+                  exec: &probeexec { command: ["mc-health"] }
+              readiness: *probe
+              startup:
+                <<: *probe
+                spec:
+                  initialDelaySeconds: 30
+                  periodSeconds: 1
+                  failureThreshold: 300
+                  exec: *probeexec
+        pod:
+          securityContext:
+            runAsUser: 1000
+            runAsGroup: 1000
+            runAsNonRoot: true
+            fsGroup: 1000
+            fsGroupChangePolicy: Always
+    service:
+      app:
+        controller: minecraft
+        annotations:
+          external-dns.alpha.kubernetes.io/hostname: "minecraft.${SECRET_EXTERNAL_DOMAIN}"
+          external-dns.alpha.kubernetes.io/target: "mc-router.${SECRET_EXTERNAL_DOMAIN}"
+          mc-router.itzg.me/externalServerName: minecraft.${SECRET_EXTERNAL_DOMAIN}
+        ports:
+          minecraft:
+            port: 25565
+    persistence:
+      data:
+        existingClaim: minecraft
+        globalMounts:
+          - path: /data
+      tmp:
+        type: emptyDir
+        medium: Memory
+        globalMounts:
+          - path: /tmp

kubernetes/lianalabs/apps/games/minecraft/app/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./secret.sops.yaml
+  - ./helmrelease.yaml

kubernetes/lianalabs/apps/games/minecraft/app/secret.sops.yaml

@@ -0,0 +1,29 @@
+# yamllint disable
+kind: Secret
+apiVersion: v1
+type: Opaque
+metadata:
+  name: minecraft-secret
+stringData:
+  OPS: null
+  WHITELIST: null
+sops:
+  kms: []
+  gcp_kms: []
+  azure_kv: []
+  hc_vault: []
+  age:
+    - recipient: age19nu7uf8dageqlmzk23x7vl24fpn0l7cq20l3l4xxf2sk2xd5h98qss437p
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzY003SDgrU0JpcGxvaVZZ
+        OTdXcTgyVitmYk5tMGF3cVpsNkNsRHhyR2tzCmJUNWRYM2V6SG5VNU1seFovZEs0
+        UnJ4K2o4ejBtL01KUnRRVW1udWRLblUKLS0tIGVWUUtnL2kxOThtcnA0VW5WSk9P
+        R2dOOXozc2ZFZm9DOGVqNnNlTWh3amsKx0xCZTnekhyPX6hqGBPe2iNkKGPMPWCq
+        vFnuh4T1EKl3ckU0yhU4cxk1KrBuFCaboPYLgTJ5kkjvtgUV2rg+9A==
+        -----END AGE ENCRYPTED FILE-----
+  lastmodified: "2024-11-24T19:27:41Z"
+  mac: ENC[AES256_GCM,data:kxWbQtrVby8Nj1X1nHoS86RcL5O8x4tikbcJSLpnSoN1UXjXo3QqoHQ1eYVXMuQu58s+SgPkSF6XSTfVRDwLIGia0fzJ87c7QxGvlQsdkzXwtP0SqrSyEIhnge/rOsRhfm7B89cwhmIxISHXIIORBh3RNEdrDQBHIUFhEhUj5j8=,iv:OYnkzOkVWr8DTUyhbWinrVhe6pL8W/zKW0ufkMe8Vfk=,tag:1/Ud7OHz09QEl/CtaoMSmg==,type:str]
+  pgp: []
+  encrypted_regex: ^(data|stringData)$
+  version: 3.9.1

kubernetes/lianalabs/apps/games/minecraft/ks.yaml

@@ -0,0 +1,52 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app minecraft
+  namespace: flux-system
+spec:
+  targetNamespace: games
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: traefik
+  path: ./kubernetes/lianalabs/apps/games/minecraft/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: k8s-gitops
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+  postBuild:
+    substitute:
+      APP: *app
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app mc-router
+  namespace: flux-system
+spec:
+  targetNamespace: games
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: traefik
+  path: ./kubernetes/lianalabs/apps/games/minecraft/mc-router
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: k8s-gitops
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+  postBuild:
+    substitute:
+      APP: *app

kubernetes/lianalabs/apps/games/minecraft/mc-router/helmrelease.yaml

@@ -0,0 +1,30 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: &app mc-router
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: mc-router
+      version: 1.2.3
+      sourceRef:
+        kind: HelmRepository
+        name: itzg
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3
+  values:
+    services:
+      minecraft:
+        type: LoadBalancer
+        annotations:
+          external-dns.alpha.kubernetes.io/hostname: "mc-router.${SECRET_EXTERNAL_DOMAIN}"
+          lbipam.cilium.io/ips: "${LB_MINECRAFT}"

kubernetes/lianalabs/apps/games/minecraft/mc-router/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./helmrelease.yaml

kubernetes/lianalabs/apps/games/namespace.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: games
+  labels:
+    kustomize.toolkit.fluxcd.io/prune: disabled

kubernetes/lianalabs/apps/home/kustomization.yaml

@@ -6,3 +6,5 @@ resources:
   - ./namespace.yaml
   - ./actual/ks.yaml
   - ./stirling-pdf/ks.yaml
+  - ./pairdrop/ks.yaml
+  - ./pingvin/ks.yaml

kubernetes/lianalabs/apps/home/pairdrop/app/helmrelease.yaml

@@ -0,0 +1,84 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: &app pairdrop
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.5.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  maxHistory: 2
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3
+  values:
+    controllers:
+      pairdrop:
+        replicas: 1
+        strategy: RollingUpdate
+        annotations:
+          reloader.stakater.com/auto: "true"
+        containers:
+          app:
+            image:
+              repository: ghcr.io/schlagmichdoch/pairdrop
+              tag: v1.10.10@sha256:89a19e22de00843cb47a81f95bdb68c7fa5c1357b318e571419004b6b3618252
+            env:
+              TZ: ${TIMEZONE}
+            resources:
+              requests:
+                cpu: 5m
+                memory: 50M
+              limits:
+                memory: 250M
+            securityContext:
+              allowPrivilegeEscalation: false
+              readOnlyRootFilesystem: true
+              capabilities: { drop: ["ALL"] }
+    service:
+      app:
+        controller: pairdrop
+        ports:
+          http:
+            port: 3000
+    ingress:
+      app:
+        className: traefik
+        annotations:
+          cert-manager.io/cluster-issuer: "letsencrypt-production"
+          gethomepage.dev/enabled: "true"
+          gethomepage.dev/group: Home
+          gethomepage.dev/name: Pairdrop
+          gethomepage.dev/description: File transfers
+          gethomepage.dev/icon: pairdrop
+        hosts:
+          - host: &host "pairdrop.${SECRET_INTERNAL_DOMAIN}"
+            paths:
+              - path: /
+                service:
+                  identifier: app
+                  port: http
+        tls:
+          - hosts:
+              - *host
+            secretName: "pairdrop-tls"
+    persistence:
+      cache:
+        type: emptyDir
+        globalMounts:
+          - path: /root/.npm/_cacache
+      logs:
+        type: emptyDir
+        globalMounts:
+          - path: /root/.npm/_logs

kubernetes/lianalabs/apps/home/pairdrop/app/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./helmrelease.yaml

kubernetes/lianalabs/apps/home/pairdrop/ks.yaml

@@ -0,0 +1,26 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app pairdrop
+  namespace: flux-system
+spec:
+  targetNamespace: home
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: traefik
+  path: ./kubernetes/lianalabs/apps/home/pairdrop/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: k8s-gitops
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+  postBuild:
+    substitute:
+      APP: *app