✨ new talos cluster

kubernetes/cluster-0/apps/storage/kopia/kopia-kube/config/repository.config

@@ -0,0 +1,20 @@
+{
+  "storage": {
+    "type": "filesystem",
+    "config": {
+      "path": "/snapshots",
+      "dirShards": null
+    }
+  },
+  "caching": {
+    "cacheDirectory": "cache",
+    "maxCacheSize": 5242880000,
+    "maxMetadataCacheSize": 5242880000,
+    "maxListCacheDuration": 30
+  },
+  "hostname": "cluster",
+  "username": "root",
+  "description": "Cluster",
+  "enableActions": false,
+  "formatBlobCacheDuration": 900000000000
+}

kubernetes/cluster-0/apps/storage/kopia/kopia-kube/helm-release.yaml

@@ -0,0 +1,109 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: &app kopia-kube
+  namespace: default
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: app-template
+      version: 1.0.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    createNamespace: true
+    remediation:
+      retries: 5
+  upgrade:
+    remediation:
+      retries: 5
+  values:
+    initContainers:
+      wait-for-repo:
+        image: ghcr.io/onedr0p/kopia:0.12.1@sha256:88106e6bb642ee4cb58b61a335ff55992ee2c03493f1aec804422774cf7cf063
+        command:
+          - /bin/bash
+          - -c
+          - |-
+            until [ -f /snapshots/kopia.repository.f ]; do
+                printf "\e[1;32m%-6s\e[m\n" "Waiting for the Kopia repo to become ready ..."
+                sleep 1
+            done
+        volumeMounts:
+          - name: snapshots
+            mountPath: /snapshots
+    image:
+      repository: ghcr.io/onedr0p/kopia
+      tag: 0.12.1@sha256:88106e6bb642ee4cb58b61a335ff55992ee2c03493f1aec804422774cf7cf063
+    env:
+      TZ: "${TIMEZONE}"
+      KOPIA_PASSWORD: "none"
+    command: kopia
+    args:
+      - server
+      - --insecure
+      - --address
+      - 0.0.0.0:80
+      - --metrics-listen-addr
+      - 0.0.0.0:8080
+      - --without-password
+      - --log-level
+      - debug
+    service:
+      main:
+        ports:
+          http:
+            port: 80
+          metrics:
+            enabled: true
+            port: 8080
+    serviceMonitor:
+      main:
+        enabled: true
+        endpoints:
+          - port: metrics
+            scheme: http
+            path: /metrics
+            interval: 1m
+            scrapeTimeout: 10s
+    ingress:
+      main:
+        enabled: true
+        ingressClassName: "nginx"
+        hosts:
+          - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
+            paths:
+              - path: /
+                pathType: Prefix
+        tls:
+          - hosts:
+              - *host
+    podSecurityContext:
+      supplementalGroups:
+        - 100
+    persistence:
+      config:
+        enabled: true
+        type: configMap
+        name: *app
+        subPath: repository.config
+        mountPath: /config/repository.config
+        readOnly: true
+      snapshots:
+        enabled: true
+        type: nfs
+        server: "${LOCAL_LAN_TRUENAS}"
+        path: /mnt/storage/backups/kubernetes
+        mountPath: /snapshots
+    podAnnotations:
+      configmap.reloader.stakater.com/reload: *app
+    resources:
+      requests:
+        cpu: 10m
+        memory: 100Mi
+      limits:
+        memory: 500Mi

kubernetes/cluster-0/apps/storage/kopia/kopia-kube/kustomization.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - helm-release.yaml
+namespace: default
+configMapGenerator:
+  - name: kopia-kube
+    files:
+      - ./config/repository.config
+generatorOptions:
+  disableNameSuffixHash: true

kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/config/repository.config

@@ -0,0 +1,20 @@
+{
+  "storage": {
+    "type": "filesystem",
+    "config": {
+      "path": "/snapshots",
+      "dirShards": null
+    }
+  },
+  "caching": {
+    "cacheDirectory": "cache",
+    "maxCacheSize": 5242880000,
+    "maxMetadataCacheSize": 5242880000,
+    "maxListCacheDuration": 30
+  },
+  "hostname": "cluster",
+  "username": "root",
+  "description": "Cluster",
+  "enableActions": false,
+  "formatBlobCacheDuration": 900000000000
+}

kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/helm-release.yaml

@@ -0,0 +1,109 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: &app kopia-workstations
+  namespace: default
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: app-template
+      version: 1.0.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    createNamespace: true
+    remediation:
+      retries: 5
+  upgrade:
+    remediation:
+      retries: 5
+  values:
+    initContainers:
+      wait-for-repo:
+        image: ghcr.io/onedr0p/kopia:0.12.1@sha256:88106e6bb642ee4cb58b61a335ff55992ee2c03493f1aec804422774cf7cf063
+        command:
+          - /bin/bash
+          - -c
+          - |-
+            until [ -f /snapshots/kopia.repository.f ]; do
+                printf "\e[1;32m%-6s\e[m\n" "Waiting for the Kopia repo to become ready ..."
+                sleep 1
+            done
+        volumeMounts:
+          - name: snapshots
+            mountPath: /snapshots
+    image:
+      repository: ghcr.io/onedr0p/kopia
+      tag: 0.12.1@sha256:88106e6bb642ee4cb58b61a335ff55992ee2c03493f1aec804422774cf7cf063
+    env:
+      TZ: "${TIMEZONE}"
+      KOPIA_PASSWORD: "none"
+    command: kopia
+    args:
+      - server
+      - --insecure
+      - --address
+      - 0.0.0.0:80
+      - --metrics-listen-addr
+      - 0.0.0.0:8080
+      - --without-password
+      - --log-level
+      - debug
+    service:
+      main:
+        ports:
+          http:
+            port: 80
+          metrics:
+            enabled: true
+            port: 8080
+    serviceMonitor:
+      main:
+        enabled: true
+        endpoints:
+          - port: metrics
+            scheme: http
+            path: /metrics
+            interval: 1m
+            scrapeTimeout: 10s
+    ingress:
+      main:
+        enabled: true
+        ingressClassName: "nginx"
+        hosts:
+          - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
+            paths:
+              - path: /
+                pathType: Prefix
+        tls:
+          - hosts:
+              - *host
+    podSecurityContext:
+      supplementalGroups:
+        - 100
+    persistence:
+      config:
+        enabled: true
+        type: configMap
+        name: *app
+        subPath: repository.config
+        mountPath: /config/repository.config
+        readOnly: true
+      snapshots:
+        enabled: true
+        type: nfs
+        server: "${LOCAL_LAN_TRUENAS}"
+        path: /mnt/storage/backups/kopia-workstations
+        mountPath: /snapshots
+    podAnnotations:
+      configmap.reloader.stakater.com/reload: *app
+    resources:
+      requests:
+        cpu: 10m
+        memory: 100Mi
+      limits:
+        memory: 500Mi

kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/kustomization.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - helm-release.yaml
+namespace: default
+configMapGenerator:
+  - name: kopia-workstations
+    files:
+      - ./config/repository.config
+generatorOptions:
+  disableNameSuffixHash: true

kubernetes/cluster-0/apps/storage/kopia/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - kopia-kube
+  - kopia-workstations