0xEmma/HomeOps
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

App(Mirror) - Init

Browse Source
This commit is contained in:
Emma Ruby 2024-07-19 22:58:02 -04:00
parent 09e9946932
commit 68468c8310
No known key found for this signature in database
58 changed files with 1906 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
Manifests/Mirror/CronJobs/almalinux.yml Normal file
View File

@ -0,0 +1,35 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: mirrorupdate-almalinux
namespace: default
spec:
schedule: "35 */3 * * *"
successfulJobsHistoryLimit: 0
failedJobsHistoryLimit: 0
concurrencyPolicy: Forbid
jobTemplate:
spec:
template:
spec:
containers:
- name: mirrorupdate-almalinux
imagePullPolicy: Always
image: ghcr.io/0xemma/mirror-updater:v2.0.0
env:
- name: TARGET
value: /ext/mirror/almalinux
- name: SOURCE
value: rsync://rsync.repo.almalinux.org/almalinux/
- name: LASTUPDATE
value: http://rsync.repo.almalinux.org/almalinux/timestamp.txt
- name: FIRST
value: "no"
volumeMounts:
- name: mirror-pvc
mountPath: /ext/mirror/
restartPolicy: OnFailure
volumes:
- name: mirror-pvc
persistentVolumeClaim:
claimName: mirror-almalinux

35
Manifests/Mirror/CronJobs/arch.yml Normal file
View File

@ -0,0 +1,35 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: mirrorupdate-arch
namespace: default
spec:
schedule: "0 * * * *"
successfulJobsHistoryLimit: 0
failedJobsHistoryLimit: 0
concurrencyPolicy: Forbid
jobTemplate:
spec:
template:
spec:
containers:
- name: mirrorupdate-ubuntu
imagePullPolicy: Always
image: ghcr.io/0xemma/mirror-updater:v2.0.0
env:
- name: TARGET
value: /ext/mirror/arch
- name: SOURCE
value: rsync://arch.mirror.constant.com/archlinux/
- name: LASTUPDATE
value: https://arch.mirror.constant.com/archlinux/lastupdate
- name: FIRST
value: "not"
volumeMounts:
- name: mirror-pvc
mountPath: /ext/mirror/
restartPolicy: OnFailure
volumes:
- name: mirror-pvc
persistentVolumeClaim:
claimName: mirror-arch

33
Manifests/Mirror/CronJobs/blackarch.yml Normal file
View File

@ -0,0 +1,33 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: mirrorupdate-blackarch
namespace: default
spec:
schedule: "45 */5 * * *"
successfulJobsHistoryLimit: 0
failedJobsHistoryLimit: 0
concurrencyPolicy: Forbid
jobTemplate:
spec:
template:
spec:
containers:
- name: mirrorupdate-blackarch
imagePullPolicy: Always
image: ghcr.io/0xemma/mirror-updater:v1.0.0
env:
- name: TARGET
value: /ext/mirror/blackarch
- name: SOURCE
value: rsync://mirror.math.princeton.edu/pub/blackarch/
- name: LASTUPDATE
value: https://mirror.math.princeton.edu/pub/blackarch/lastupdate
volumeMounts:
- name: mirror-pvc
mountPath: /ext/mirror
restartPolicy: OnFailure
volumes:
- name: mirror-pvc
persistentVolumeClaim:
claimName: mirror-blackarch

35
Manifests/Mirror/CronJobs/fedora-epel.yml Normal file
View File

@ -0,0 +1,35 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: mirrorupdate-epel
namespace: default
spec:
schedule: "35 */2 * * *"
successfulJobsHistoryLimit: 0
failedJobsHistoryLimit: 0
concurrencyPolicy: Forbid
jobTemplate:
spec:
template:
spec:
containers:
- name: mirrorupdate-epel
imagePullPolicy: Always
image: ghcr.io/0xemma/mirror-updater:v2.0.0
env:
- name: TARGET
value: /ext/mirror/epel
- name: SOURCE
value: rsync://mirrors.rit.edu/epel
- name: LASTUPDATE
value: http://rsync.repo.epel.org/epel/timestamp.txt
- name: FIRST
value: "no"
volumeMounts:
- name: mirror-pvc
mountPath: /ext/mirror/
restartPolicy: OnFailure
volumes:
- name: mirror-pvc
persistentVolumeClaim:
claimName: mirror-truenas

35
Manifests/Mirror/CronJobs/kali-images.yml Normal file
View File

@ -0,0 +1,35 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: mirrorupdate-kali-images
namespace: default
spec:
schedule: "0 */2 * * *"
successfulJobsHistoryLimit: 0
failedJobsHistoryLimit: 0
concurrencyPolicy: Forbid
jobTemplate:
spec:
template:
spec:
containers:
- name: mirrorupdate-kali
imagePullPolicy: Always
image: ghcr.io/0xemma/mirror-updater:v2.0.0
env:
- name: TARGET
value: /ext/mirror/kali-images
- name: SOURCE
value: rsync://kali.mirror.rafal.ca/kali-images
- name: LASTUPDATE
value: https://mirrors.lug.mtu.edu/archlinux/lastupdate
- name: FIRST
value: "not"
volumeMounts:
- name: mirror-pvc
mountPath: /ext/mirror/
restartPolicy: OnFailure
volumes:
- name: mirror-pvc
persistentVolumeClaim:
claimName: mirror-kali-images

28
Manifests/Mirror/CronJobs/parrot.yaml Normal file
View File

@ -0,0 +1,28 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: mirrorupdate-parrot
namespace: default
spec:
schedule: "30 */5 * * *"
successfulJobsHistoryLimit: 0
failedJobsHistoryLimit: 0
concurrencyPolicy: Forbid
jobTemplate:
spec:
template:
spec:
containers:
- name: mirrorupdate-parrot
imagePullPolicy: Always
image: ghcr.io/0xemma/mirror-updater:v0.0.4
command:
- /scripts/parrot-clone.sh
volumeMounts:
- name: mirror-pvc
mountPath: /ext/mirror
restartPolicy: OnFailure
volumes:
- name: mirror-pvc
persistentVolumeClaim:
claimName: mirror-parrot

28
Manifests/Mirror/CronJobs/ubnt-releases.yaml Normal file
View File

@ -0,0 +1,28 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: mirrorupdate-ubnt-releases
namespace: default
spec:
schedule: "30 */5 * * *"
successfulJobsHistoryLimit: 0
failedJobsHistoryLimit: 0
concurrencyPolicy: Forbid
jobTemplate:
spec:
template:
spec:
containers:
- name: mirrorupdate-ubuntu
imagePullPolicy: Always
image: ghcr.io/0xemma/mirror-updater:v0.0.4
command:
- /scripts/ubuntu-release-clone.sh
volumeMounts:
- name: mirror-pvc
mountPath: /ext/mirror
restartPolicy: OnFailure
volumes:
- name: mirror-pvc
persistentVolumeClaim:
claimName: mirror-ubuntu-iso

35
Manifests/Mirror/CronJobs/ubuntu.yml Normal file
View File

@ -0,0 +1,35 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: mirrorupdate-ubuntu
namespace: default
spec:
schedule: "15 */6 * * *"
successfulJobsHistoryLimit: 0
failedJobsHistoryLimit: 0
concurrencyPolicy: Forbid
jobTemplate:
spec:
template:
spec:
containers:
- name: mirrorupdate-ubuntu
imagePullPolicy: Always
image: ghcr.io/0xemma/mirror-updater:v2.0.0
env:
- name: TARGET
value: /ext/mirror/ubuntu
- name: SOURCE
value: rsync://archive.ubuntu.com/ubuntu
- name: LASTUPDATE
value: https://mirror.math.princeton.edu/pub/blackarch/lastupdate
- name: FIRST
value: "not"
volumeMounts:
- name: mirror-pvc
mountPath: /ext/mirror/
restartPolicy: OnFailure
volumes:
- name: mirror-pvc
persistentVolumeClaim:
claimName: mirror-truenas

35
Manifests/Mirror/CronJobs/voidlinux.yml Normal file
View File

@ -0,0 +1,35 @@
# apiVersion: batch/v1
# kind: CronJob
# metadata:
# name: mirrorupdate-voidlinux
# namespace: default
# spec:
# schedule: "25 */3 * * *"
# successfulJobsHistoryLimit: 0
# failedJobsHistoryLimit: 0
# concurrencyPolicy: Forbid
# jobTemplate:
# spec:
# template:
# spec:
# containers:
# - name: mirrorupdate-voidlinux
# imagePullPolicy: Always
# image: ghcr.io/0xemma/mirror-updater:v2.0.0
# env:
# - name: TARGET
# value: /ext/mirror/voidlinux
# - name: SOURCE
# value: rsync://repo-sync.voidlinux.org/voidlinux
# - name: LASTUPDATE
# value: http://rsync.repo.almalinux.org/almalinux/timestamp.txt
# - name: FIRST
# value: "no"
# volumeMounts:
# - name: mirror-pvc
# mountPath: /ext/mirror/
# restartPolicy: OnFailure
# volumes:
# - name: mirror-pvc
# persistentVolumeClaim:
# claimName: mirror-truenas

43
Manifests/Mirror/Mirror-Rsync/mirror-rsync-config.yml Normal file
View File

@ -0,0 +1,43 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: rsync-config
labels:
app: mirror-rsync
data:
rsync.conf: |-
read only = yes
[arch]
path = /mnt/arch/arch
comment = Arch Mirror
[ubuntu]
path = /mirror/ubuntu
comment = Ubuntu Archive
[ubuntu-releases]
path = /mnt/ubnt-iso/ubuntu-releases
comment = Ubuntu ISO
[parrot]
path = /mnt/parrot/parrot
comment = Parrot
[parrot-iso]
path = /mnt/parrot/parrot
exclude = pool dists
comment = Parrot ISO
[blackarch]
path = /mnt/blackarch/blackarch
comment = BlackArch
[almalinux]
path = /mnt/almalinux/almalinux
comment = AlmaLinux
[kali]
path = /mnt/kali/
comment = Kali Repo
[kali-images]
path = /mnt/kali-iso/kali-images
comment = Kali Images
[stream]
path = /mirror/stream
[epel]
path = /mirror/epel
[void]
path = /mirror/voidlinux

14
Manifests/Mirror/Mirror-Rsync/mirror-rsync-svc.yml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
name: mirror-rsync
namespace: default
spec:
selector:
app: mirror-rsync
type: LoadBalancer
externalTrafficPolicy: Local
ports:
- name: mirror-rsync
protocol: TCP
port: 873

87
Manifests/Mirror/Mirror-Rsync/mirror-rsync.yml Normal file
View File

@ -0,0 +1,87 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: mirror-rsync
namespace: default
labels:
app: mirror-rsync
spec:
selector:
matchLabels:
app: mirror-rsync
replicas: 1
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: mirror-rsync
spec:
# initContainers:
# Init containers are exactly like regular containers, except:
# - Init containers always run to completion.
# - Each init container must complete successfully before the next one starts.
containers:
- name: mirror-rsync
image: ghcr.io/0xemma/rsync-daemon-docker:v0.0.2
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 1000m
memory: 1000Mi
ports:
- containerPort: 873
name: rsync
volumeMounts:
- name: config
mountPath: /config/
- name: mirror
mountPath: /mirror/
- name: ubuntu-iso
mountPath: /mnt/ubnt-iso
- name: kali-iso
mountPath: /mnt/kali-iso
- name: arch
mountPath: /mnt/arch
- name: alma
mountPath: /mnt/almalinux
- name: parrot
mountPath: /mnt/parrot
- name: kali
mountPath: /mnt/kali
- name: blackarch
mountPath: /mnt/blackarch
volumes:
- name: config
configMap:
name: rsync-config
- name: mirror
persistentVolumeClaim:
claimName: mirror-truenas
- name: ubuntu-iso
persistentVolumeClaim:
claimName: mirror-ubuntu-iso
- name: kali-iso
persistentVolumeClaim:
claimName: mirror-kali-images
- name: arch
persistentVolumeClaim:
claimName: mirror-arch
- name: alma
persistentVolumeClaim:
claimName: mirror-almalinux
- name: parrot
persistentVolumeClaim:
claimName: mirror-parrot
- name: kali
persistentVolumeClaim:
claimName: mirror-kali
- name: blackarch
persistentVolumeClaim:
claimName: mirror-blackarch
restartPolicy: Always

6
Manifests/Mirror/Mirror-Web/Amplify_Secret.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: onepassword.com/v1
kind: OnePasswordItem
metadata:
name: amplify-secret
spec:
itemPath: "vaults/K8S/items/Amplify"

82
Manifests/Mirror/Mirror-Web/Mainpage/index.html Normal file
View File

@ -0,0 +1,82 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
<script src="https://cdn.tailwindcss.com"></script>
</head>
<body>
<div class="flex h-screen w-full items-center justify-center bg-[#1e1e1e] font-mono text-[#c6c6c6]">
<div class="border border-[#4CAF50] p-12 rounded-lg">
<header class="bg-[#2d2d2d] px-4 py-2">
<h1 class="text-lg font-bold text-[#4CAF50]">0xEmma's Mirrors</h1>
</header>
<main class="flex-1 overflow-auto px-4 py-6">
<ul class="space-y-2">
<li>
<span class="text-[#9cdcfe]">$</span>
<a class="text-[#4CAF50] hover:underline" href="/almalinux/">
AlmaLinux
</a>
</li>
<li>
<span class="text-[#9cdcfe]">$</span>
<a class="text-[#4CAF50] hover:underline" href="/arch/">
Arch
</a>
</li>
<li>
<span class="text-[#9cdcfe]">$</span>
<a class="text-[#4CAF50] hover:underline" href="/blackarch/">
BlackArch
</a>
</li>
<li>
<span class="text-[#9cdcfe]">$</span>
<a class="text-[#4CAF50] hover:underline" href="/epel/">
Fedora EPEL
</a>
</li>
<li>
<span class="text-[#9cdcfe]">$</span>
<a class="text-[#4CAF50] hover:underline" href="/kali-images/">
Kali ISOs
</a>
</li>
<li>
<span class="text-[#9cdcfe]">$</span>
<a class="text-[#4CAF50] hover:underline" href="/kali/">
Kali
</a>
</li>
<li>
<span class="text-[#9cdcfe]">$</span>
<a class="text-[#4CAF50] hover:underline" href="/parrot/">
Parrot
</a>
</li>
<li>
<span class="text-[#9cdcfe]">$</span>
<a class="text-[#4CAF50] hover:underline" href="/ubuntu-releases/">
Ubuntu ISOs
</a>
</li>
<li>
<span class="text-[#9cdcfe]">$</span>
<a class="text-[#4CAF50] hover:underline" href="/ubuntu/">
Ubuntu
</a>
</li>
<li>
<span class="text-[#9cdcfe]">$</span>
<a class="text-[#4CAF50] hover:underline" href="/voidlinux/">
Voidlinux
</a>
</li>
</ul>
</main>
</div>
</div>
</body>
</html>

96
Manifests/Mirror/Mirror-Web/Mainpage/mirror-configmap.yml Normal file
View File

@ -0,0 +1,96 @@
kind: ConfigMap
apiVersion: v1
metadata:
name: caddy-config-mirror
namespace: default
data:
index.html: |
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>0xEmma's Mirrors</title>
<script src="https://cdn.tailwindcss.com"></script>
</head>
<body>
<div class="flex h-screen w-full items-center justify-center bg-[#1e1e1e] font-mono text-[#c6c6c6]">
<div class="border border-[#4CAF50] p-12 rounded-lg">
<header class="bg-[#2d2d2d] px-4 py-2">
<h1 class="text-lg font-bold text-[#4CAF50]">0xEmma's Mirrors</h1>
</header>
<main class="flex-1 overflow-auto px-4 py-6">
<ul class="space-y-2">
<li>
<span class="text-[#9cdcfe]">$</span>
<a class="text-[#4CAF50] hover:underline" href="/almalinux/">
AlmaLinux
</a>
</li>
<li>
<span class="text-[#9cdcfe]">$</span>
<a class="text-[#4CAF50] hover:underline" href="/arch/">
Arch
</a>
</li>
<li>
<span class="text-[#9cdcfe]">$</span>
<a class="text-[#4CAF50] hover:underline" href="/blackarch/">
BlackArch
</a>
</li>
<li>
<span class="text-[#9cdcfe]">$</span>
<a class="text-[#4CAF50] hover:underline" href="/epel/">
Fedora EPEL
</a>
</li>
<li>
<span class="text-[#9cdcfe]">$</span>
<a class="text-[#4CAF50] hover:underline" href="/kali-images/">
Kali ISOs
</a>
</li>
<li>
<span class="text-[#9cdcfe]">$</span>
<a class="text-[#4CAF50] hover:underline" href="/kali/">
Kali
</a>
</li>
<li>
<span class="text-[#9cdcfe]">$</span>
<a class="text-[#4CAF50] hover:underline" href="/parrot/">
Parrot
</a>
</li>
<li>
<span class="text-[#9cdcfe]">$</span>
<a class="text-[#4CAF50] hover:underline" href="/ubuntu-releases/">
Ubuntu ISOs
</a>
</li>
<li>
<span class="text-[#9cdcfe]">$</span>
<a class="text-[#4CAF50] hover:underline" href="/ubuntu/">
Ubuntu
</a>
</li>
<li>
<span class="text-[#9cdcfe]">$</span>
<a class="text-[#4CAF50] hover:underline" href="/voidlinux/">
Voidlinux
</a>
</li>
</ul>
</main>
</div>
</div>
</body>
</html>
robots.txt: |
user-agent: *
Allow: /$
Disallow: /
User-agent: ClaudeBot
Disallow: /

47
Manifests/Mirror/Mirror-Web/Mainpage/mirror-deployment.yml Normal file
View File

@ -0,0 +1,47 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: mirror
namespace: default
labels:
app: mirror
spec:
revisionHistoryLimit: 2
selector:
matchLabels:
app: mirror
replicas: 2
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: mirror
spec:
containers:
- name: mirror
image: 0xemma/nginx-autoindex:json-2
resources:
limits:
memory: 8000Mi
requests:
cpu: 100m
memory: 8000Mi
volumeMounts:
- name: config
mountPath: /var/lib/nginx/html
ports:
- containerPort: 80
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 5
periodSeconds: 10
volumes:
- name: config
configMap:
name: caddy-config-mirror

31
Manifests/Mirror/Mirror-Web/Mainpage/mirror-ingress.yml Normal file
View File

@ -0,0 +1,31 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mirror-ingress-tls
spec:
entryPoints:
- websecure
routes:
- match: Host(`mirror.0xem.ma`)
kind: Rule
services:
- name: mirror
kind: Service
port: 80
tls:
secretName: emma-tls
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mirror-ingress
spec:
entryPoints:
- web
routes:
- match: Host(`mirror.0xem.ma`)
kind: Rule
services:
- name: mirror
kind: Service
port: 80

13
Manifests/Mirror/Mirror-Web/Mainpage/mirror-svc.yml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: mirror
namespace: default
spec:
selector:
app: mirror
ports:
- name: mirror
protocol: TCP
port: 80
targetPort: 80

31
Manifests/Mirror/Mirror-Web/almalinux/ingress.yml Normal file
View File

@ -0,0 +1,31 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mirror-ingress-tls-almalinux
spec:
entryPoints:
- websecure
routes:
- match: Host(`mirror.0xem.ma`) && PathPrefix(`/almalinux`)
kind: Rule
services:
- name: mirror-almalinux
kind: Service
port: 80
tls:
secretName: emma-tls
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mirror-ingress-almalinux
spec:
entryPoints:
- web
routes:
- match: Host(`mirror.0xem.ma`) && PathPrefix(`/almalinux`)
kind: Rule
services:
- name: mirror-almalinux
kind: Service
port: 80

13
Manifests/Mirror/Mirror-Web/almalinux/pvc.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mirror-almalinux
namespace: default
labels:
app: mirror-almalinux
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 750Gi

13
Manifests/Mirror/Mirror-Web/almalinux/svc.yml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: mirror-almalinux
namespace: default
spec:
selector:
app: mirror-almalinux
ports:
- name: mirror-almalinux
protocol: TCP
port: 80
targetPort: 80

59
Manifests/Mirror/Mirror-Web/almalinux/web.yaml Normal file
View File

@ -0,0 +1,59 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: mirror-almalinux
namespace: default
labels:
app: mirror-almalinux
id: mirror-web
annotations:
operator.1password.io/auto-restart: "true"
spec:
revisionHistoryLimit: 2
selector:
matchLabels:
app: mirror-almalinux
replicas: 2
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: mirror-almalinux
id: mirror-web
spec:
containers:
- name: mirror-almalinux
image: 0xemma/nginx-autoindex:json-4
resources:
limits:
memory: 8000Mi
requests:
cpu: 100m
memory: 8000Mi
env:
- name: API_KEY
valueFrom:
secretKeyRef:
key: AMPLIFY_API_KEY
name: amplify-secret
- name: AMPLIFY_IMAGENAME
value: "almalinux"
volumeMounts:
- mountPath: /var/lib/nginx/html
name: mirror-pvc
ports:
- containerPort: 80
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 5
periodSeconds: 10
volumes:
- name: mirror-pvc
persistentVolumeClaim:
claimName: mirror-almalinux

31
Manifests/Mirror/Mirror-Web/arch/ingress.yml Normal file
View File

@ -0,0 +1,31 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mirror-ingress-tls-arch
spec:
entryPoints:
- websecure
routes:
- match: Host(`mirror.0xem.ma`) && PathPrefix(`/arch`)
kind: Rule
services:
- name: mirror-arch
kind: Service
port: 80
tls:
secretName: emma-tls
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mirror-ingress-arch
spec:
entryPoints:
- web
routes:
- match: Host(`mirror.0xem.ma`) && PathPrefix(`/arch`)
kind: Rule
services:
- name: mirror-arch
kind: Service
port: 80

13
Manifests/Mirror/Mirror-Web/arch/pvc.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mirror-arch
namespace: default
labels:
app: mirror-arch
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 150Gi

13
Manifests/Mirror/Mirror-Web/arch/svc.yml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: mirror-arch
namespace: default
spec:
selector:
app: mirror-arch
ports:
- name: mirror-arch
protocol: TCP
port: 80
targetPort: 80

59
Manifests/Mirror/Mirror-Web/arch/web.yaml Normal file
View File

@ -0,0 +1,59 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: mirror-arch
namespace: default
labels:
app: mirror-arch
id: mirror-web
annotations:
operator.1password.io/auto-restart: "true"
spec:
revisionHistoryLimit: 2
selector:
matchLabels:
app: mirror-arch
replicas: 2
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: mirror-arch
id: mirror-web
spec:
containers:
- name: mirror-arch
image: 0xemma/nginx-autoindex:json-4
resources:
limits:
memory: 8000Mi
requests:
cpu: 100m
memory: 8000Mi
volumeMounts:
- mountPath: /var/lib/nginx/html
name: mirror-pvc
env:
- name: API_KEY
valueFrom:
secretKeyRef:
key: AMPLIFY_API_KEY
name: amplify-secret
- name: AMPLIFY_IMAGENAME
value: "arch"
ports:
- containerPort: 80
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 5
periodSeconds: 10
volumes:
- name: mirror-pvc
persistentVolumeClaim:
claimName: mirror-arch

31
Manifests/Mirror/Mirror-Web/blackarch/blackarch-ingress.yml Normal file
View File

@ -0,0 +1,31 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mirror-ingress-tls-blackarch
spec:
entryPoints:
- websecure
routes:
- match: Host(`mirror.0xem.ma`) && PathPrefix(`/blackarch`)
kind: Rule
services:
- name: mirror-blackarch
kind: Service
port: 80
tls:
secretName: emma-tls
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mirror-ingress-blackarch
spec:
entryPoints:
- web
routes:
- match: Host(`mirror.0xem.ma`) && PathPrefix(`/blackarch`)
kind: Rule
services:
- name: mirror-blackarch
kind: Service
port: 80

13
Manifests/Mirror/Mirror-Web/blackarch/blackarch-pvc.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mirror-blackarch
namespace: default
labels:
app: mirror-blackarch
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 100Gi

13
Manifests/Mirror/Mirror-Web/blackarch/blackarch-svc.yml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: mirror-blackarch
namespace: default
spec:
selector:
app: mirror-blackarch
ports:
- name: mirror-blackarch
protocol: TCP
port: 80
targetPort: 80

57
Manifests/Mirror/Mirror-Web/blackarch/blackarch-web.yaml Normal file
View File

@ -0,0 +1,57 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: mirror-blackarch
namespace: default
labels:
app: mirror-blackarch
id: mirror-web
spec:
revisionHistoryLimit: 2
selector:
matchLabels:
app: mirror-blackarch
replicas: 2
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: mirror-blackarch
id: mirror-web
spec:
containers:
- name: mirror-blackarch
image: 0xemma/nginx-autoindex:json-4
resources:
limits:
memory: 8000Mi
requests:
cpu: 100m
memory: 8000Mi
volumeMounts:
- mountPath: /var/lib/nginx/html
name: mirror-pvc
env:
- name: API_KEY
valueFrom:
secretKeyRef:
key: AMPLIFY_API_KEY
name: amplify-secret
- name: AMPLIFY_IMAGENAME
value: "backarch"
ports:
- containerPort: 80
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 5
periodSeconds: 10
volumes:
- name: mirror-pvc
persistentVolumeClaim:
claimName: mirror-blackarch

31
Manifests/Mirror/Mirror-Web/epel/ingress.yml Normal file
View File

@ -0,0 +1,31 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mirror-ingress-tls-epel
spec:
entryPoints:
- websecure
routes:
- match: Host(`mirror.0xem.ma`) && PathPrefix(`/epel`)
kind: Rule
services:
- name: mirror-epel
kind: Service
port: 80
tls:
secretName: emma-tls
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mirror-ingress-epel
spec:
entryPoints:
- web
routes:
- match: Host(`mirror.0xem.ma`) && PathPrefix(`/epel`)
kind: Rule
services:
- name: mirror-epel
kind: Service
port: 80

13
Manifests/Mirror/Mirror-Web/epel/svc.yml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: mirror-epel
namespace: default
spec:
selector:
app: mirror-epel
ports:
- name: mirror-epel
protocol: TCP
port: 80
targetPort: 80

59
Manifests/Mirror/Mirror-Web/epel/web.yaml Normal file
View File

@ -0,0 +1,59 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: mirror-epel
namespace: default
labels:
app: mirror-epel
id: mirror-web
annotations:
operator.1password.io/auto-restart: "true"
spec:
revisionHistoryLimit: 2
selector:
matchLabels:
app: mirror-epel
replicas: 2
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: mirror-epel
id: mirror-web
spec:
containers:
- name: mirror-epel
image: 0xemma/nginx-autoindex:json-4
resources:
limits:
memory: 16000Mi
requests:
cpu: 100m
memory: 15000Mi
env:
- name: API_KEY
valueFrom:
secretKeyRef:
key: AMPLIFY_API_KEY
name: amplify-secret
- name: AMPLIFY_IMAGENAME
value: "epel"
volumeMounts:
- mountPath: /var/lib/nginx/html
name: mirror-pvc
ports:
- containerPort: 80
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 5
periodSeconds: 10
volumes:
- name: mirror-pvc
persistentVolumeClaim:
claimName: mirror-truenas

31
Manifests/Mirror/Mirror-Web/kali-iso/ingress.yml Normal file
View File

@ -0,0 +1,31 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mirror-ingress-tls-kali-images
spec:
entryPoints:
- websecure
routes:
- match: Host(`mirror.0xem.ma`) && PathPrefix(`/kali-images`)
kind: Rule
services:
- name: mirror-kali-images
kind: Service
port: 80
tls:
secretName: emma-tls
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mirror-ingress-kali-images
spec:
entryPoints:
- web
routes:
- match: Host(`mirror.0xem.ma`) && PathPrefix(`/kali-images`)
kind: Rule
services:
- name: mirror-kali-images
kind: Service
port: 80

13
Manifests/Mirror/Mirror-Web/kali-iso/pvc.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mirror-kali-images
namespace: default
labels:
app: mirror-kali-images
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 250Gi

13
Manifests/Mirror/Mirror-Web/kali-iso/svc.yml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: mirror-kali-images
namespace: default
spec:
selector:
app: mirror-kali-images
ports:
- name: mirror-kali-images
protocol: TCP
port: 80
targetPort: 80

59
Manifests/Mirror/Mirror-Web/kali-iso/web.yaml Normal file
View File

@ -0,0 +1,59 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: mirror-kali-images
namespace: default
labels:
app: mirror-kali-images
id: mirror-web
annotations:
operator.1password.io/auto-restart: "true"
spec:
revisionHistoryLimit: 2
selector:
matchLabels:
app: mirror-kali-images
replicas: 2
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: mirror-kali-images
id: mirror-web
spec:
containers:
- name: mirror-kali-images
image: 0xemma/nginx-autoindex:json-4
resources:
limits:
memory: 8000Mi
requests:
cpu: 100m
memory: 8000Mi
volumeMounts:
- mountPath: /var/lib/nginx/html
name: mirror-pvc
env:
- name: API_KEY
valueFrom:
secretKeyRef:
key: AMPLIFY_API_KEY
name: amplify-secret
- name: AMPLIFY_IMAGENAME
value: "kali-iso"
ports:
- containerPort: 80
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 5
periodSeconds: 10
volumes:
- name: mirror-pvc
persistentVolumeClaim:
claimName: mirror-kali-images

31
Manifests/Mirror/Mirror-Web/kali/ingress.yml Normal file
View File

@ -0,0 +1,31 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mirror-ingress-tls-kali
spec:
entryPoints:
- websecure
routes:
- match: Host(`mirror.0xem.ma`) && PathPrefix(`/kali`)
kind: Rule
services:
- name: mirror-kali
kind: Service
port: 80
tls:
secretName: emma-tls
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mirror-ingress-kali
spec:
entryPoints:
- web
routes:
- match: Host(`mirror.0xem.ma`) && PathPrefix(`/kali`)
kind: Rule
services:
- name: mirror-kali
kind: Service
port: 80

13
Manifests/Mirror/Mirror-Web/kali/pvc.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mirror-kali
namespace: default
labels:
app: mirror-kali
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 700Gi

13
Manifests/Mirror/Mirror-Web/kali/svc.yml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: mirror-kali
namespace: default
spec:
selector:
app: mirror-kali
ports:
- name: mirror-kali
protocol: TCP
port: 80
targetPort: 80

59
Manifests/Mirror/Mirror-Web/kali/web.yaml Normal file
View File

@ -0,0 +1,59 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: mirror-kali
namespace: default
labels:
app: mirror-kali
id: mirror-web
annotations:
operator.1password.io/auto-restart: "true"
spec:
revisionHistoryLimit: 2
selector:
matchLabels:
app: mirror-kali
replicas: 2
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: mirror-kali
id: mirror-web
spec:
containers:
- name: mirror-kali
image: 0xemma/nginx-autoindex:json-4
resources:
limits:
memory: 8000Mi
requests:
cpu: 100m
memory: 8000Mi
volumeMounts:
- mountPath: /var/lib/nginx/html/kali
name: mirror-pvc
env:
- name: API_KEY
valueFrom:
secretKeyRef:
key: AMPLIFY_API_KEY
name: amplify-secret
- name: AMPLIFY_IMAGENAME
value: "kali"
ports:
- containerPort: 80
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 5
periodSeconds: 10
volumes:
- name: mirror-pvc
persistentVolumeClaim:
claimName: mirror-kali

31
Manifests/Mirror/Mirror-Web/parrot/ingress.yml Normal file
View File

@ -0,0 +1,31 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mirror-ingress-tls-parrot
spec:
entryPoints:
- websecure
routes:
- match: Host(`mirror.0xem.ma`) && PathPrefix(`/parrot`)
kind: Rule
services:
- name: mirror-parrot
kind: Service
port: 80
tls:
secretName: emma-tls
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mirror-ingress-parrot
spec:
entryPoints:
- web
routes:
- match: Host(`mirror.0xem.ma`) && PathPrefix(`/parrot`)
kind: Rule
services:
- name: mirror-parrot
kind: Service
port: 80

13
Manifests/Mirror/Mirror-Web/parrot/pvc.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mirror-parrot
namespace: default
labels:
app: mirror-parrot
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 700Gi

13
Manifests/Mirror/Mirror-Web/parrot/svc.yml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: mirror-parrot
namespace: default
spec:
selector:
app: mirror-parrot
ports:
- name: mirror-parrot
protocol: TCP
port: 80
targetPort: 80

59
Manifests/Mirror/Mirror-Web/parrot/web.yaml Normal file
View File

@ -0,0 +1,59 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: mirror-parrot
namespace: default
labels:
app: mirror-parrot
id: mirror-web
annotations:
operator.1password.io/auto-restart: "true"
spec:
revisionHistoryLimit: 2
selector:
matchLabels:
app: mirror-parrot
replicas: 2
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: mirror-parrot
id: mirror-web
spec:
containers:
- name: mirror-parrot
image: 0xemma/nginx-autoindex:json-4
resources:
limits:
memory: 8000Mi
requests:
cpu: 100m
memory: 8000Mi
env:
- name: API_KEY
valueFrom:
secretKeyRef:
key: AMPLIFY_API_KEY
name: amplify-secret
- name: AMPLIFY_IMAGENAME
value: "parrot"
volumeMounts:
- mountPath: /var/lib/nginx/html
name: mirror-pvc
ports:
- containerPort: 80
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 5
periodSeconds: 10
volumes:
- name: mirror-pvc
persistentVolumeClaim:
claimName: mirror-parrot

31
Manifests/Mirror/Mirror-Web/ubuntu-iso/ingress.yml Normal file
View File

@ -0,0 +1,31 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mirror-ingress-tls-ubuntureleases
spec:
entryPoints:
- websecure
routes:
- match: Host(`mirror.0xem.ma`) && PathPrefix(`/ubuntu-releases`)
kind: Rule
services:
- name: mirror-ubuntureleases
kind: Service
port: 80
tls:
secretName: emma-tls
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mirror-ingress-ubuntureleases
spec:
entryPoints:
- web
routes:
- match: Host(`mirror.0xem.ma`) && PathPrefix(`/ubuntu-releases`)
kind: Rule
services:
- name: mirror-ubuntureleases
kind: Service
port: 80

13
Manifests/Mirror/Mirror-Web/ubuntu-iso/pvc.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mirror-ubuntu-iso
namespace: default
labels:
app: mirror-ubuntureleases
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 60Gi

13
Manifests/Mirror/Mirror-Web/ubuntu-iso/svc.yml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: mirror-ubuntureleases
namespace: default
spec:
selector:
app: mirror-ubuntureleases
ports:
- name: mirror-ubuntureleases
protocol: TCP
port: 80
targetPort: 80

59
Manifests/Mirror/Mirror-Web/ubuntu-iso/web.yaml Normal file
View File

@ -0,0 +1,59 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: mirror-ubuntureleases
namespace: default
labels:
app: mirror-ubuntureleases
id: mirror-web
annotations:
operator.1password.io/auto-restart: "true"
spec:
revisionHistoryLimit: 2
selector:
matchLabels:
app: mirror-ubuntureleases
replicas: 2
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: mirror-ubuntureleases
id: mirror-web
spec:
containers:
- name: mirror-ubuntureleases
image: 0xemma/nginx-autoindex:json-4
resources:
limits:
memory: 8000Mi
requests:
cpu: 100m
memory: 8000Mi
volumeMounts:
- mountPath: /var/lib/nginx/html
name: mirror-pvc
env:
- name: API_KEY
valueFrom:
secretKeyRef:
key: AMPLIFY_API_KEY
name: amplify-secret
- name: AMPLIFY_IMAGENAME
value: "ubuntu-iso"
ports:
- containerPort: 80
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 5
periodSeconds: 10
volumes:
- name: mirror-pvc
persistentVolumeClaim:
claimName: mirror-ubuntu-iso

31
Manifests/Mirror/Mirror-Web/ubuntu/ingress.yml Normal file
View File

@ -0,0 +1,31 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mirror-ingress-tls-ubuntu
spec:
entryPoints:
- websecure
routes:
- match: Host(`mirror.0xem.ma`) && PathPrefix(`/ubuntu`)
kind: Rule
services:
- name: mirror-ubuntu
kind: Service
port: 80
tls:
secretName: emma-tls
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mirror-ingress-ubuntu
spec:
entryPoints:
- web
routes:
- match: Host(`mirror.0xem.ma`) && PathPrefix(`/ubuntu`)
kind: Rule
services:
- name: mirror-ubuntu
kind: Service
port: 80

13
Manifests/Mirror/Mirror-Web/ubuntu/svc.yml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: mirror-ubuntu
namespace: default
spec:
selector:
app: mirror-ubuntu
ports:
- name: mirror-ubuntu
protocol: TCP
port: 80
targetPort: 80

59
Manifests/Mirror/Mirror-Web/ubuntu/web.yaml Normal file
View File

@ -0,0 +1,59 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: mirror-ubuntu
namespace: default
labels:
app: mirror-ubuntu
id: mirror-web
annotations:
operator.1password.io/auto-restart: "true"
spec:
revisionHistoryLimit: 2
selector:
matchLabels:
app: mirror-ubuntu
replicas: 2
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: mirror-ubuntu
id: mirror-web
spec:
containers:
- name: mirror-ubuntu
image: 0xemma/nginx-autoindex:json-4
resources:
limits:
memory: 8000Mi
requests:
cpu: 100m
memory: 8000Mi
env:
- name: API_KEY
valueFrom:
secretKeyRef:
key: AMPLIFY_API_KEY
name: amplify-secret
- name: AMPLIFY_IMAGENAME
value: "ubuntu"
volumeMounts:
- mountPath: /var/lib/nginx/html
name: mirror-pvc
ports:
- containerPort: 80
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 5
periodSeconds: 10
volumes:
- name: mirror-pvc
persistentVolumeClaim:
claimName: mirror-truenas

31
Manifests/Mirror/Mirror-Web/voidlinux/ingress.yml Normal file
View File

@ -0,0 +1,31 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mirror-ingress-tls-voidlinux
spec:
entryPoints:
- websecure
routes:
- match: Host(`mirror.0xem.ma`) && PathPrefix(`/voidlinux`)
kind: Rule
services:
- name: mirror-voidlinux
kind: Service
port: 80
tls:
secretName: emma-tls
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mirror-ingress-voidlinux
spec:
entryPoints:
- web
routes:
- match: Host(`mirror.0xem.ma`) && PathPrefix(`/voidlinux`)
kind: Rule
services:
- name: mirror-voidlinux
kind: Service
port: 80

13
Manifests/Mirror/Mirror-Web/voidlinux/svc.yml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: mirror-voidlinux
namespace: default
spec:
selector:
app: mirror-voidlinux
ports:
- name: mirror-voidlinux
protocol: TCP
port: 80
targetPort: 80

59
Manifests/Mirror/Mirror-Web/voidlinux/web.yaml Normal file
View File

@ -0,0 +1,59 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: mirror-voidlinux
namespace: default
labels:
app: mirror-voidlinux
id: mirror-web
annotations:
operator.1password.io/auto-restart: "true"
spec:
revisionHistoryLimit: 2
selector:
matchLabels:
app: mirror-voidlinux
replicas: 2
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: mirror-voidlinux
id: mirror-web
spec:
containers:
- name: mirror-voidlinux
image: 0xemma/nginx-autoindex:json-4
resources:
limits:
memory: 8000Mi
requests:
cpu: 100m
memory: 8000Mi
volumeMounts:
- mountPath: /var/lib/nginx/html
name: mirror-pvc
env:
- name: API_KEY
valueFrom:
secretKeyRef:
key: AMPLIFY_API_KEY
name: amplify-secret
- name: AMPLIFY_IMAGENAME
value: "voidlinux"
ports:
- containerPort: 80
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 5
periodSeconds: 10
volumes:
- name: mirror-pvc
persistentVolumeClaim:
claimName: mirror-truenas

19
Manifests/Mirror/README.md Normal file
View File

@ -0,0 +1,19 @@
# Linux Mirrors
## Cronjobs/
Contains the Kubernetes CronJobs to update the mirror source via rsync, using a custom image that will be in containers/eventually
## Mirror-Rsync
Provides the RSync Daemon Server
## Mirror-Web
Provides PVC, Ingress, SVC, Pod per Mirror.
Doing a pod per mirror was chosen to make doing stats via loki logs easier. Using a slightly custom image of NGINX w/Amplify, and autoindex turned on, and a JSON Log format for ingest into Loki
## Misc.
- Mirror-PVC.yaml
- Provides a single PVC used by Ubuntu & EPEL together, since its stored on a seperate storage class due to my flash-ceph cluster being full.
- Network-Policy.yaml
- Restricts the pods to only allow inbound from traefik, and outbound to amplify + kube-dns

14
Manifests/Mirror/mirror-pvc.yml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mirror-truenas
namespace: default
labels:
app: mirror-truenas
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 11000Gi
storageClassName: freenas-nfs-csi

36
Manifests/Mirror/network-policy.yaml Normal file
View File

@ -0,0 +1,36 @@
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: mirror-network-policy
namespace: default
spec:
endpointSelector:
matchLabels:
id: mirror-web
ingress:
- fromEndpoints:
- matchLabels:
app.kubernetes.io/name: traefik
io.kubernetes.pod.namespace: kube-system
toPorts:
- ports:
- port: "80"
egress:
- toEndpoints:
- matchLabels:
io.kubernetes.pod.namespace: kube-system
k8s-app: kube-dns
toPorts:
- ports:
- port: "53"
protocol: UDP
rules:
dns:
- matchPattern: "*"
- toFQDNs:
- matchName: receiver.amplify.nginx.com
toPorts:
- ports:
- port: "443"
- ports:
- port: "80"