Use more PVC's

.vscode/settings.json

@@ -10,15 +10,20 @@
         "commandtransports",
         "dbname",
         "DFOREGROUND",
+        "Djava",
         "electrs",
         "esphome",
         "gitea",
+        "heapdump",
+        "hprof",
         "icingaadmin",
         "icingadb",
         "icingaweb",
         "ifdef",
+        "influxd",
         "jellyfin",
         "jwillikers",
+        "letsencrypt",
         "lncm",
         "miniflux",
         "Minio",
@@ -35,6 +40,7 @@
         "pgsql",
         "pipefail",
         "sysctls",
+        "tplink",
         "urandom",
         "USEPATH",
         "vaultwarden",

bitcoin-core/bitcoin-core.kube

@@ -1,7 +1,7 @@
 [Unit]
 Description=Bitcoin Core server
 Before=local-fs.target
-RequiresMountsFor=%h/container-volumes/bitcoin-core-server-data
+RequiresMountsFor=%h/container-volumes
 
 [Kube]
 Yaml=%h/Projects/home-lab-helm/bitcoin-core/bitcoin-core.yaml

bitcoin-core/bitcoin-core.yaml

@@ -40,9 +40,9 @@ spec:
           name: var-home-core-Projects-bitcoin-core-config-tor-host-0
           readOnly: true
         - mountPath: /var/lib/tor
-          name: var-home-core-container-volumes-bitcoin-core-tor-data-host-0
+          name: bitcoin-core-tor-data-pvc
         - mountPath: /run/tor
-          name: var-home-core-container-volumes-bitcoin-core-tor-run-host-0
+          name: bitcoin-core-tor-run-pvc
     - args:
         - -zmqpubrawblock=tcp://0.0.0.0:28332
         - -zmqpubrawtx=tcp://0.0.0.0:28333
@@ -62,10 +62,11 @@ spec:
         - mountPath: /.bitcoin/bitcoin.conf.d
           name: var-home-core-Projects-bitcoin-core-config-bitcoin-bitcoin.conf.d-host-2
           readOnly: true
+        # todo This isn't needed anymore, right? 
         - mountPath: /data/.bitcoin
           name: e3f0489fa20b702a7a5c9b9ed3175bb3b42ba8d77fd606066604d5d23efda15d-pvc
         - mountPath: /run/tor
-          name: var-home-core-container-volumes-bitcoin-core-tor-run-host-0
+          name: bitcoin-core-tor-run-pvc
           readOnly: true
     - image: docker.io/getumbrel/electrs:v0.9.14
       name: electrs
@@ -85,6 +86,7 @@ spec:
           readOnly: true
   hostUsers: false
   volumes:
+    # todo Move to PVC
     - hostPath:
         path: /var/home/core/container-volumes/bitcoin-core-server-data
         type: Directory
@@ -108,6 +110,7 @@ spec:
         path: /var/home/core/Projects/bitcoin-core-config/bitcoin/bitcoin.conf.d
         type: Directory
       name: var-home-core-Projects-bitcoin-core-config-bitcoin-bitcoin.conf.d-host-2
+    # todo Move to PVC
     - hostPath:
         path: /var/home/core/container-volumes/electrs-data
         type: Directory
@@ -116,11 +119,9 @@ spec:
         path: /var/home/core/Projects/bitcoin-core-config/tor
         type: Directory
       name: var-home-core-Projects-bitcoin-core-config-tor-host-0
-    - hostPath:
-        path: /var/home/core/container-volumes/bitcoin-core-tor-data
-        type: Directory
-      name: var-home-core-container-volumes-bitcoin-core-tor-data-host-0
-    - hostPath:
-        path: /var/home/core/container-volumes/bitcoin-core-tor-run
-        type: Directory
-      name: var-home-core-container-volumes-bitcoin-core-tor-run-host-0
+    - name: bitcoin-core-tor-data-pvc
+      persistentVolumeClaim:
+        claimName: bitcoin-core-tor-data
+    - name: bitcoin-core-tor-run-pvc
+      persistentVolumeClaim:
+        claimName: bitcoin-core-tor-run

caddy/caddy.kube

@@ -1,7 +1,7 @@
 [Unit]
 Description=Caddy reverse-proxy
 Before=local-fs.target
-RequiresMountsFor=%h/container-volumes/caddy-data %h/Projects/caddy-config
+RequiresMountsFor=%h/Projects/caddy-config
 
 [Kube]
 Yaml=%h/Projects/home-lab-helm/caddy/caddy.yaml

caddy/caddy.yaml

@@ -91,7 +91,7 @@ spec:
   - name: caddy-config-pvc
     persistentVolumeClaim:
       claimName: caddy-config
-  - hostPath:
-      path: /home/core/container-volumes/caddy-data
-      type: Directory
-    name: caddy-data-host
+  - name: caddy-data-pvc
+    persistentVolumeClaim:
+      claimName: caddy-data
+

eclipse-mosquitto/eclipse-mosquitto.yaml

@@ -59,23 +59,21 @@ spec:
           type: spc_t
       volumeMounts:
         - mountPath: /mosquitto/config/
-          name: eclipse-mosquitto-config-host-0
+          name: eclipse-mosquitto-config-host
         - mountPath: /mosquitto/data/
-          name: eclipse-mosquitto-data-host-1
+          name: eclipse-mosquitto-data-pvc
         - mountPath: /mosquitto/log/
-          name: eclipse-mosquitto-log-host-2
+          name: eclipse-mosquitto-log-pvc
   enableServiceLinks: false
   hostUsers: false
   volumes:
     - hostPath:
-        path: /home/jordan/container-volumes/eclipse-mosquitto-config
+        path: /home/core/Projects/eclipse-mosquitto-config
         type: Directory
-      name: eclipse-mosquitto-config-host-0
-    - hostPath:
-        path: /home/jordan/container-volumes/eclipse-mosquitto-data
-        type: Directory
-      name: eclipse-mosquitto-data-host-1
-    - hostPath:
-        path: /home/jordan/container-volumes/eclipse-mosquitto-log
-        type: Directory
-      name: eclipse-mosquitto-log-host-2
+      name: eclipse-mosquitto-config-host
+    - name: eclipse-mosquitto-data-pvc
+      persistentVolumeClaim:
+        claimName: eclipse-mosquitto-data
+    - name: eclipse-mosquitto-log-pvc
+      persistentVolumeClaim:
+        claimName: eclipse-mosquitto-log

esphome/esphome.kube

@@ -1,7 +1,7 @@
 [Unit]
 Description=ESPHome server
 Before=local-fs.target
-RequiresMountsFor=%h/container-volumes/esphome-config
+RequiresMountsFor=%h/Projects/esphome-config
 
 [Kube]
 Yaml=%h/Projects/home-lab-helm/esphome/esphome.yaml

esphome/esphome.yaml

@@ -48,15 +48,15 @@ spec:
           type: spc_t
       volumeMounts:
         - mountPath: /config
-          name: esphome-config-host-0
+          name: esphome-config-host
         - mountPath: /config/.esphome
           name: esphome-cache-pvc
   enableServiceLinks: false
   volumes:
     - hostPath:
-        path: /home/jordan/container-volumes/esphome-config
+        path: /home/core/Projects/esphome-config
         type: Directory
-      name: esphome-config-host-0
+      name: esphome-config-host
     - name: esphome-cache-pvc
       persistentVolumeClaim:
         claimName: esphome-cache

icinga/icinga.yaml

@@ -47,15 +47,17 @@ spec:
         type: spc_t
     volumeMounts:
     - mountPath: /data
-      name: icinga-pvc
+      name: icinga-data-pvc
     - mountPath: /data/etc/icinga2
-      name: icinga-config-host-0
+      name: icinga-config-host
+      # todo Read-only 
+      # readOnly: True
   hostname: icinga.jwillikers.io
   volumes:
-  - name: icinga-pvc
+  - name: icinga-data-pvc
     persistentVolumeClaim:
-      claimName: icinga
+      claimName: icinga-data
   - hostPath:
       path: /home/core/Projects/icinga-config/etc/icinga2
       type: Directory
-    name: icinga-config-host-0
+    name: icinga-config-host

icinga/icingadb.yaml

@@ -39,7 +39,7 @@ spec:
         type: spc_t
     volumeMounts:
     - mountPath: /data
-      name: var-home-core-container-volumes-icingadb-redis-host-0
+      name: icingadb-redis-data-pvc
   - args:
     - postgres
     env:
@@ -64,7 +64,7 @@ spec:
         type: spc_t
     volumeMounts:
     - mountPath: /var/lib/postgresql/data
-      name: var-home-core-container-volumes-icingadb-postgresql-data-host-0
+      name: icingadb-postgresql-data-pvc
   - env:
     - name: ICINGADB_RETENTION_HISTORY-DAYS
       value: "30"
@@ -93,11 +93,9 @@ spec:
     securityContext: {}
   hostUsers: false
   volumes:
-  - hostPath:
-      path: /var/home/core/container-volumes/icingadb-redis
-      type: Directory
-    name: var-home-core-container-volumes-icingadb-redis-host-0
-  - hostPath:
-      path: /var/home/core/container-volumes/icingadb-postgresql-data
-      type: Directory
-    name: var-home-core-container-volumes-icingadb-postgresql-data-host-0
+  - name: icingadb-redis-data-pvc
+    persistentVolumeClaim:
+      claimName: icingadb-redis-data
+  - name: icingadb-postgresql-data-pvc
+    persistentVolumeClaim:
+      claimName: icingadb-postgresql-data

icinga/icingaweb.yaml

@@ -51,14 +51,20 @@ spec:
         type: spc_t
     volumeMounts:
     - mountPath: /var/lib/postgresql/data
-      name: var-home-core-container-volumes-icingaweb-postgresql-data-host-0
+      name: icingaweb-postgresql-data-pvc
   - args:
     - bash
     - -eo
     - pipefail
     - -c
     - . /etc/apache2/envvars; exec apache2 -DFOREGROUND
     env:
+    - name: APACHE_RUN_GROUP
+      # The GID used for runAsGroup.
+      value: 387
+    - name: APACHE_RUN_USER
+      # The UID used for runAsUser.
+      value: 387
     - name: icingaweb.resources.icingaweb_db.dbname
       value: icingaweb
     - name: icingaweb.resources.icingadb.dbname
@@ -151,21 +157,13 @@ spec:
         type: spc_t
     volumeMounts:
     - mountPath: /data
-      name: var-home-core-container-volumes-icingaweb-server-data-host-0
-    - mountPath: /var/run/apache2
-      name: var-home-core-container-volumes-icingaweb-server-run-host-1
+      name: icingaweb-server-data-pvc
   hostUsers: false
   hostname: icingaweb.jwillikers.io
   volumes:
-  - hostPath:
-      path: /var/home/core/container-volumes/icingaweb-postgresql-data
-      type: Directory
-    name: var-home-core-container-volumes-icingaweb-postgresql-data-host-0
-  - hostPath:
-      path: /var/home/core/container-volumes/icingaweb-server-data
-      type: Directory
-    name: var-home-core-container-volumes-icingaweb-server-data-host-0
-  - hostPath:
-      path: /var/home/core/container-volumes/icingaweb-server-run
-      type: Directory
-    name: var-home-core-container-volumes-icingaweb-server-run-host-1
+  - name: icingaweb-postgresql-data-pvc
+    persistentVolumeClaim:
+      claimName: icingaweb-postgresql-data
+  - name: icingaweb-server-data-pvc
+    persistentVolumeClaim:
+      claimName: icingaweb-server-data

minio-server/minio-server.yaml

@@ -80,7 +80,7 @@ spec:
       tty: true
       volumeMounts:
         - mountPath: /data
-          name: home-jordan-s3-host-0
+          name: home-core-s3-host
         - mountPath: /root/.minio/certs/minio.jwillikers.io/public.crt
           name: caddy-data-caddy-certificates-acme-v02.api.letsencrypt.org-directory-minio.jwillikers.io-minio.jwillikers.io.crt-host-0
           readOnly: true
@@ -96,22 +96,22 @@ spec:
   hostUsers: false
   volumes:
     - hostPath:
-        path: /home/jordan/s3
+        path: /home/core/s3
         type: Directory
-      name: home-jordan-s3-host-0
+      name: home-core-s3-host
     - hostPath:
-        path: /home/jordan/container-volumes/caddy-data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/minio.jwillikers.io/minio.jwillikers.io.crt
+        path: /home/core/container-volumes/caddy-data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/minio.jwillikers.io/minio.jwillikers.io.crt
         type: File
       name: caddy-data-caddy-certificates-acme-v02.api.letsencrypt.org-directory-minio.jwillikers.io-minio.jwillikers.io.crt-host-0
     - hostPath:
-        path: /home/jordan/container-volumes/caddy-data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/minio.jwillikers.io/minio.jwillikers.io.key
+        path: /home/core/container-volumes/caddy-data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/minio.jwillikers.io/minio.jwillikers.io.key
         type: File
       name: caddy-data-caddy-certificates-acme-v02.api.letsencrypt.org-directory-minio.jwillikers.io-minio.jwillikers.io.key-host-0
     - hostPath:
-        path: /home/jordan/container-volumes/caddy-data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/minio.lan.jwillikers.io/minio.lan.jwillikers.io.crt
+        path: /home/core/container-volumes/caddy-data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/minio.lan.jwillikers.io/minio.lan.jwillikers.io.crt
         type: File
       name: caddy-data-caddy-certificates-acme-v02.api.letsencrypt.org-directory-minio.lan.jwillikers.io-minio.lan.jwillikers.io.crt-host-0
     - hostPath:
-        path: /home/jordan/container-volumes/caddy-data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/minio.lan.jwillikers.io/minio.lan.jwillikers.io.key
+        path: /home/core/container-volumes/caddy-data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/minio.lan.jwillikers.io/minio.lan.jwillikers.io.key
         type: File
       name: caddy-data-caddy-certificates-acme-v02.api.letsencrypt.org-directory-minio.lan.jwillikers.io-minio.lan.jwillikers.io.key-host-0

nextcloud/caddy-nextcloud.kube

@@ -0,0 +1,16 @@
+[Unit]
+Description=Caddy reverse-proxy
+Before=local-fs.target
+RequiresMountsFor=%h/Projects/caddy-config
+
+[Kube]
+Yaml=%h/Projects/home-lab-helm/nextcloud/caddy-nextcloud.yaml
+Network=podman.network
+# Run as non-root inside the container when Podman supports setting sysctls in Kubernetes YAML.
+# RemapUsers: keep-id
+
+[Service]
+Restart=always
+
+[Install]
+WantedBy=multi-user.target default.target

vaultwarden/vaultwarden.yaml

@@ -59,7 +59,7 @@ spec:
           type: spc_t
       volumeMounts:
         - mountPath: /var/lib/postgresql/data
-          name: vaultwarden-db-data-host-0
+          name: vaultwarden-db-data-host
     - args:
         - /start.sh
       env:
@@ -109,17 +109,17 @@ spec:
           type: spc_t
       volumeMounts:
         - mountPath: /data
-          name: vaultwarden-data-host-0
+          name: vaultwarden-data-host
   hostUsers: false
   hostname: vaultwarden
   restartPolicy: Never
   volumes:
     - hostPath:
         path: /home/jordan/container-volumes/vaultwarden-db-data
         type: Directory
-      name: vaultwarden-db-data-host-0
+      name: vaultwarden-db-data-host
     - hostPath:
         path: /home/jordan/container-volumes/vaultwarden-data
         type: Directory
-      name: vaultwarden-data-host-0
+      name: vaultwarden-data-host
 status: {}