add linkwarden

Signed-off-by: gwg313 <gwg313@pm.me>

apps/linkwarden.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: linkwarden
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/gwg313/homelab-gitops
+    targetRevision: main
+    path: linkwarden
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: linkwarden
+  syncPolicy:
+    automated:
+      selfHeal: true
+      prune: true
+    syncOptions:
+      - CreateNamespace=true

linkwarden/certificate.yaml

@@ -0,0 +1,12 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: linkwarden-cert
+  namespace: istio-system
+spec:
+  secretName: linkwarden-cert
+  issuerRef:
+    name: letsencrypt-dns
+    kind: ClusterIssuer
+  dnsNames:
+    - bookmarks.gwg313.xyz

linkwarden/gateway.yaml

@@ -0,0 +1,18 @@
+apiVersion: networking.istio.io/v1beta1
+kind: Gateway
+metadata:
+  name: linkwarden-gateway
+  namespace: linkwarden
+spec:
+  selector:
+    istio: gateway
+  servers:
+    - port:
+        number: 443
+        name: https
+        protocol: HTTPS
+      tls:
+        mode: SIMPLE
+        credentialName: linkwarden-cert
+      hosts:
+        - bookmarks.gwg313.xyz

linkwarden/iscsi-sealed.yaml

@@ -0,0 +1,19 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: linkwarden-iscsi-auth
+  namespace: linkwarden
+spec:
+  encryptedData:
+    discovery.sendtargets.auth.password: AgAo6dvx0sb5AklRqs6kLDp+Axa39HF9VvbRmiAqTb1aqS1pmpkt774c6X5B0pVM9Tkz5XANdPriEzpKcBsPLCuBRGrXAjIrzdao6RgXS+11zLx4rnIhw/HUTrFcsbPC1N3ilxICu6y/1pr1alOrtoRa9azKN0R9LoCuM8+T2ea3w7NHjLhxeIGnOe1aOsZQ1Dp3cZQbHiajSGZW9kj0NquJAvVq+tpFNIYDwo08YtOPvGa0jKiZCDq1a29t8yMUY7YLKpEDIibVtFU+OkpiK7TW/cTzURO1Hr+bH3WdLsB6bcQjrtnD75vxYGLTXbjNTjWtkolsZ3tsvR1FVr1iELrXooMrtsEDEum7UyNOf079pwvLMFsz+UrM78bE/JEYzm9YowfBdvOAkvqkwZq9MiJq5heAi1kMgE1p5LPHZGTtVKTBXxwdFRM3qZWRl82nTI+nVAiTqNDP2ZCHvsEOTIIgxb6zSvEcQ1Mjit3PnNh9KmiasGX454S1vS7TROwLsjzubWaMoS3ADN2DSV1uh6pe7/lfn8GcfSfcyYOzGZcgVFWeQoBMXPG+3HsFfidQU+DLdovdqw0DPsEYK7Crvhskz6thfERZDYFMt2RIbsTUeo46SyqhiMuIetmVcvvomgngUM7rclS86B3bMnrXwjkYBznaYBw9+XrUBAoaMChAPkVGT6JKi9hF9cd5R3mfPkvjphKWegyYQlYvyjvG93EN
+    discovery.sendtargets.auth.username: AgBcERjX9uRVG5MsS6ZALQax8BjEtmfnNuyMMNw5P3Z5Y/ktHQJPY533u2nDaRYp/Gu7EaREQ50UpJ4X93TbbqCHG11N6KLnhxYO1UhlOV3ZJhWvvfKjGF9328uuJdN1Kgf1kZIaZ28bTBQqKFuYCkQzxTuQc5rmXov9uwHFJkcn1+eqHfHMNoBT5L7ljFziLstK11s/WlVpVseMfvOL4nTtLRckAn136ToDakYXX3jJnw/f2ZQADwXN5am53+B24Wcu+ugZxCbESKMQ4qCJc3VAkv+5809N6UPvCKXe8by1J8L6RUZH1ax4bUGci6rEekSl9dEuSaKxMuUZ8dwPf5lMOvGwCm0LvfMqoMFjonb290wU4UgLwVKK7vkoh0ZCBLRkX/zl0BaUAdtcUozT88ZeFfSi8Yv5qEO5jLXb+oUQOID/7PWxyFh0AH2ct/b7utGK06m6HXZnEjOb20tTZw6W16OZxTd7qwGvj6JLznLZBeJGDNeg2AjCIBcBsmA6ocI4pMOpSlAfGWZuvYnRPbov32QEP+zB4aqDk7cRAWUATIs0ES4HK/COpah7k2M0PZ9/YOhWgYfRFKWpHdeB2CUDKRgT0Hyi3xx6HBK0o4S/doBQmaPJq3GsjpVLLaqH6W+KL962/VMSx1QXmcn1dUGT1Qs6o52622dD8WawLIuazRl0pkteckTuEsbxVFms2+nfQUzyihZF6L01
+    node.session.auth.password: AgAk19CA2EtTgSPRgzD2B7Zbw58r3+rlVyOEkxuMUvWlULqsWp7DSUFcIySH/2kCU4XkMxZOLQiuCdIx7ccBx5CRKFrVAS1L/2L6tZGeLc7NfI8M5Ka8HFy4K1X75yBBd0KiUHn0VEkwyinfDTzSK66+ZYhxgYlBviyhjB+1ieSBTaoXZcJ2AsS9ZsHYmUniro3wr2v/VvmsC2Tgx2TYMpBjC6KWxTJW7QNEMMrBOTnaaYrYDGFe9/as52amuM0Qqygb6bmSp+QEJGUohVgk1dpLFTHubUxMM3aA8UVAh8Ual81DXmBsVUQEx+IuEpNRm76UXlW7Iod5yi9zDWA3Lo4AzdPE112CYwQOR5lf7jqVSyLdcVrweFxY2J8Yh3hPVoM8P93HVGUlatwIlSJXmApfx3TeGvZ7gi1xIfKCpsBlifLCOxLIFE7IghcumDw20lFamuEgXX2iyqbtCgcbibjYbS7NflfjYq5JXx8EwKS89Zqdt3UdsJcvWskO4i0ouXzLxERy+jnRHGtNoUrgziYbkSRyzSCTLIcypn80HA/rZpZc1ZuQYTpJF1JO05QI0pz73U58Tf/gWf/rnwRVtoZmmGZ2tKl+HG0oqlZNEMdrxLcERQ1zEuXXoaSaRm4bbSfhzVfYVyLNA3O+T4EXm4jWY9v7bMHitn+iyfVFTCXhitoIc10F/ZcYHT5rb9cuxE2R5ivqxnDKc0ldbU2JU8Eu
+    node.session.auth.username: AgAjBMKyXteIqLgPraY9U7n5NzsoWvyi5jVyz0M7i+StCVp2BeKaqhxNMpmxQ98EhAflhh4A/DeLsQueDAMSv2v9So4WmwTCHFRVKxUgLoXjAgzttlsaMrItmIuzGEy5Kx22MkDN5K25PJ2ZelGzY6FUy7LYzJtHLZvU+vZaLKpraw9RrqGHd3M2se5e5GalzIOI3h2K/5Ljs0VfggZEy9wjZvGSeLTPVMXvCtAExAll8wZ5j1U78ddG+rE2Ox0SwB7aF5BqK9f+calijYHNxyCGwoh35T8uCJELIG2GVXIifNvFtLX8vv/si7d60ptoPd1kxcKgCV5mJx1mE7FfeTrFFuqzZThsqwOzfFAoEbcPlE+CJOsJm8DnWlXxHicK6DMaN2LIxk9hMvns8tcr/8VURwZ/8yU9Z8GvEG8tP8zAMc/RP5ZysQIDYAA2EZGtsVrynWRo6K82u5I1axMcwEt0oslQyHrJpmLZv/AOBdjWsvWV6lT7Sv3PlUuqxsw1IRyjokiro74kLNgvTlgluiyhRHb7mjzREZzHoKSYI/6Yzx8xNoLZM2y0VA6NTHHFOorXcxWSeoG1eTynpuJY6jQma1Ie3bN9ohEwoV0trvqotaxku1meJAmZUJTzJ3AkrO43XGMYFYkQfuF8wmEU0Yp1GOtNMKhoa/GnFobnJaviJz8RL6aXUek1Y8LV0s9fhyCxWyuzJxpBUDrm
+  template:
+    metadata:
+      creationTimestamp: null
+      name: linkwarden-iscsi-auth
+      namespace: linkwarden
+    type: kubernetes.io/iscsi-chap

linkwarden/linkwarden-deployment.yml

@@ -0,0 +1,41 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: linkwarden
+  namespace: linkwarden
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: linkwarden
+  template:
+    metadata:
+      labels:
+        app: linkwarden
+    spec:
+      containers:
+        - name: linkwarden
+          image: ghcr.io/linkwarden/linkwarden:latest
+          ports:
+            - containerPort: 3000
+          env:
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: postgresql-secret-linkwarden
+                  key: POSTGRESQL_PASSWORD
+            - name: DATABASE_URL
+              value: "postgres://postgres:$(POSTGRES_PASSWORD)@postgres:5432/postgres"
+            - name: NEXTAUTH_SECRET
+              value: SgG4jVtm9ukRKEbJw7vw
+            - name: NEXTAUTH_URL
+              value: "https://bookmarks.gwg313.xyz/api/v1/auth"
+            - name: NEXT_PUBLIC_DISABLE_REGISTRATION
+              value: "true"
+          volumeMounts:
+            - mountPath: /data/data
+              name: linkwarden-data
+      volumes:
+        - name: linkwarden-data
+          persistentVolumeClaim:
+            claimName: linkwarden-data-pvc

linkwarden/linkwarden-pv.yml

@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: linkwarden-data-pv
+spec:
+  capacity:
+    storage: 5Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  iscsi:
+    targetPortal: truenas.local.gwg313.xyz:3260
+    iqn: iqn.2005-10.org.freenas.ctl:linkwarden-data
+    lun: 0
+    fsType: ext4
+    chapAuthDiscovery: true
+    chapAuthSession: true
+    secretRef:
+      name: linkwarden-iscsi-auth
+  claimRef:
+    namespace: linkwarden
+    name: linkwarden-data-pvc

linkwarden/linkwarden-pvc.yml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: linkwarden-data-pvc
+  namespace: linkwarden
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 5Gi
+  storageClassName: manual
+  volumeName: linkwarden-data-pv

linkwarden/namespace.yml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: linkwarden

linkwarden/postgres-configmap.yml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: postgresql-config
+  namespace: linkwarden
+data:
+  POSTGRESQL_FSYNC: "on"
+  POSTGRESQL_SYNCHRONOUS_COMMIT: "on"
+  POSTGRESQL_FULL_PAGE_WRITES: "on"
+  POSTGRESQL_WAL_LEVEL: "replica"
+  POSTGRESQL_ARCHIVE_MODE: "on"
+  POSTGRESQL_MAX_WAL_SIZE: "2GB"
+  POSTGRESQL_MIN_WAL_SIZE: "1GB"
+  POSTGRESQL_CHECKPOINT_TIMEOUT: "5min"
+  POSTGRESQL_LOG_CONNECTIONS: "on"
+  POSTGRESQL_LOG_DISCONNECTIONS: "on"
+  POSTGRESQL_LOG_STATEMENT: "all"
+  POSTGRESQL_LOG_DURATION: "1000"
+  POSTGRESQL_AUTOVACUUM: "on"
+  POSTGRESQL_VACUUM_COST_DELAY: "20ms"
+  POSTGRESQL_LOG_TIMEZONE: "UTC"
+  POSTGRESQL_LOG_CHECKPOINTS: "on"
+  POSTGRESQL_LOG_ERROR_VERBOSITY: "verbose"
+  POSTGRESQL_HOT_STANDBY: "on"
+  POSTGRESQL_ARCHIVE_TIMEOUT: "60s"

linkwarden/postgres-deployment.yml

@@ -0,0 +1,43 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: postgres
+  namespace: linkwarden
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: postgres
+  template:
+    metadata:
+      labels:
+        app: postgres
+    spec:
+      securityContext:
+        fsGroup: 999 # PostgreSQL's default GID (postgres group)
+      containers:
+        - name: postgres
+          image: bitnami/postgresql:latest
+          ports:
+            - containerPort: 5432
+          env:
+            - name: POSTGRESQL_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: postgresql-secret-linkwarden
+                  key: POSTGRESQL_PASSWORD
+            - name: POSTGRESQL_PERFORM_RESTORE
+              value: "true"
+          envFrom:
+            - configMapRef:
+                name: postgresql-config
+          volumeMounts:
+            - mountPath: /var/lib/postgresql/data
+              name: postgres-storage
+      volumes:
+        - name: postgres-storage
+          persistentVolumeClaim:
+            claimName: linkwarden-postgres-pvc
+      securityContext:
+        runAsUser: 999 # Ensure the container runs as the 'postgres' user (UID 999)
+        fsGroup: 999 # Ensure the filesystem group is 'postgres' (GID 999)

linkwarden/postgres-pv.yml

@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: linkwarden-postgres-pv
+spec:
+  capacity:
+    storage: 5Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  iscsi:
+    targetPortal: truenas.local.gwg313.xyz:3260
+    iqn: iqn.2005-10.org.freenas.ctl:linkwarden-postgres
+    lun: 1
+    fsType: ext4
+    chapAuthDiscovery: true
+    chapAuthSession: true
+    secretRef:
+      name: linkwarden-iscsi-auth
+  claimRef:
+    namespace: linkwarden
+    name: linkwarden-postgres-pvc

linkwarden/postgres-pvc.yml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: linkwarden-postgres-pvc
+  namespace: linkwarden
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 5Gi
+  storageClassName: manual
+  volumeName: linkwarden-postgres-pv

linkwarden/postgres-secret.yml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: postgresql-secret-linkwarden
+  namespace: linkwarden
+type: Opaque
+data:
+  POSTGRESQL_PASSWORD: dWtGbTYyOGR2QnpKQUpLWGVVdUs=

linkwarden/postgres-service.yml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres
+  namespace: linkwarden
+spec:
+  type: ClusterIP
+  selector:
+    app: postgres
+  ports:
+    - port: 5432
+      targetPort: 5432

linkwarden/service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: linkwarden
+  namespace: linkwarden
+spec:
+  selector:
+    app: linkwarden
+  ports:
+    - name: http
+      port: 80
+      targetPort: 3000
+  type: ClusterIP

linkwarden/virtualservice.yaml

@@ -0,0 +1,19 @@
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: linkwarden
+  namespace: linkwarden
+spec:
+  hosts:
+    - bookmarks.gwg313.xyz
+  gateways:
+    - linkwarden-gateway
+  http:
+    - match:
+        - uri:
+            prefix: /
+      route:
+        - destination:
+            host: linkwarden
+            port:
+              number: 80