redaction (#1)

Add the redacted source file for demo purposes Reviewed-on: https://source.michaeldileo.org/michael_dileo/Keybard-Vagabond-Demo/pulls/1 Co-authored-by: Michael DiLeo <michael_dileo@proton.me> Co-committed-by: Michael DiLeo <michael_dileo@proton.me>
2025-12-24 13:40:47 +00:00
parent 612235d52b
commit 7327d77dcd
333 changed files with 39286 additions and 1 deletions
--- a/.cursor/rules/s3-storage-config-template.yaml
+++ b/.cursor/rules/s3-storage-config-template.yaml
@@ -0,0 +1,132 @@
+# S3 Storage Configuration Templates
+# Framework-specific S3 integration patterns with dedicated bucket approach
+
+# Laravel/Pixelfed S3 Configuration
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: pixelfed-s3-config
+data:
+  # Critical Laravel S3 Configuration
+  FILESYSTEM_DRIVER: "s3"
+  DANGEROUSLY_SET_FILESYSTEM_DRIVER: "s3"  # Required for S3 default disk
+  PF_ENABLE_CLOUD: "true"
+  FILESYSTEM_CLOUD: "s3"
+  FILESYSTEM_DISK: "s3"
+  
+  # Backblaze B2 S3-Compatible Storage
+  AWS_BUCKET: "pixelfed-bucket"  # Dedicated bucket approach
+  AWS_URL: "<REPLACE_WITH_CDN_URL>"  # CDN URL
+  AWS_ENDPOINT: "<REPLACE_WITH_S3_ENDPOINT>"
+  AWS_ROOT: ""  # Empty - no prefix needed with dedicated bucket
+  AWS_USE_PATH_STYLE_ENDPOINT: "false"
+  AWS_VISIBILITY: "public"
+
+# Flask/PieFed S3 Configuration  
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: piefed-s3-config
+data:
+  # S3 Storage (Backblaze B2)
+  S3_BUCKET: "piefed-bucket"
+  S3_REGION: "<REPLACE_WITH_S3_REGION>"
+  S3_ENDPOINT_URL: "<REPLACE_WITH_S3_ENDPOINT>"
+  S3_PUBLIC_URL: "<REPLACE_WITH_CDN_URL>"
+
+# Django/BookWyrm S3 Configuration
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: bookwyrm-s3-config
+data:
+  # S3 Storage (Backblaze B2)
+  USE_S3: "true"
+  AWS_STORAGE_BUCKET_NAME: "bookwyrm-bucket"
+  AWS_S3_REGION_NAME: "<REPLACE_WITH_S3_REGION>"
+  AWS_S3_ENDPOINT_URL: "<REPLACE_WITH_S3_ENDPOINT>"
+  AWS_S3_CUSTOM_DOMAIN: "<REPLACE_WITH_CDN_DOMAIN>"
+  AWS_DEFAULT_ACL: ""  # Backblaze B2 doesn't support ACLs
+
+# Ruby/Mastodon S3 Configuration
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mastodon-s3-config
+data:
+  # S3 Object Storage
+  S3_ENABLED: "true"
+  S3_BUCKET: "mastodon-bucket"
+  S3_REGION: "<REPLACE_WITH_S3_REGION>"
+  S3_ENDPOINT: "<REPLACE_WITH_S3_ENDPOINT>"
+  S3_HOSTNAME: "<REPLACE_WITH_S3_HOSTNAME>"
+  S3_ALIAS_HOST: "<REPLACE_WITH_CDN_DOMAIN>"
+
+# Generic S3 Secret Template
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: s3-credentials
+type: Opaque
+data:
+  # Base64 encoded values (will be encrypted by SOPS)
+  # Replace with actual base64-encoded values before encryption
+  AWS_ACCESS_KEY_ID: <REPLACE_WITH_BASE64_ENCODED_KEY_ID>
+  AWS_SECRET_ACCESS_KEY: <REPLACE_WITH_BASE64_ENCODED_SECRET_KEY>
+  S3_KEY: <REPLACE_WITH_BASE64_ENCODED_KEY_ID>  # Flask apps use this naming
+  S3_SECRET: <REPLACE_WITH_BASE64_ENCODED_SECRET_KEY>  # Flask apps use this naming
+
+# CDN Mapping Reference
+# | Application | CDN Subdomain | S3 Bucket | Purpose |
+# |------------|---------------|-----------|---------|
+# | Pixelfed | pm.keyboardvagabond.com | pixelfed-bucket | Photo/media sharing |
+# | PieFed | pfm.keyboardvagabond.com | piefed-bucket | Forum content/uploads |
+# | Mastodon | mm.keyboardvagabond.com | mastodon-bucket | Social media/attachments |
+# | BookWyrm | bm.keyboardvagabond.com | bookwyrm-bucket | Book covers/user uploads |
+
+# Redis Connection Pattern (HAProxy-based):
+# - HAProxy (Read/Write): redis-ha-haproxy.redis-system.svc.cluster.local:6379
+# - Managed by 3 HAProxy pods providing unified endpoint
+# - Redis HA cluster: 3 Redis replicas with Sentinel for HA
+# - Helm Chart: redis-ha from dandydeveloper/charts (replaced deprecated Bitnami)
+
+# Redis Usage Examples:
+
+# Mastodon - Redis for caching and Sidekiq job queue
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mastodon-redis-config
+data:
+  REDIS_HOST: "redis-ha-haproxy.redis-system.svc.cluster.local"  # HAProxy endpoint
+  REDIS_PORT: "6379"
+
+# PieFed - Flask with Redis for cache and Celery broker  
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: piefed-redis-config
+data:
+  # All Redis connections use HAProxy endpoint
+  CACHE_REDIS_URL: "redis://:<REPLACE_WITH_REDIS_PASSWORD>@redis-ha-haproxy.redis-system.svc.cluster.local:6379/1"
+  CELERY_BROKER_URL: "redis://:<REPLACE_WITH_REDIS_PASSWORD>@redis-ha-haproxy.redis-system.svc.cluster.local:6379/2"
+
+# BookWyrm - Django with Redis for broker and activity streams
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: bookwyrm-redis-config
+data:
+  # All Redis connections use HAProxy endpoint
+  REDIS_BROKER_HOST: "redis-ha-haproxy.redis-system.svc.cluster.local:6379"
+  REDIS_ACTIVITY_HOST: "redis-ha-haproxy.redis-system.svc.cluster.local:6379"
+  REDIS_BROKER_DB_INDEX: "3"
+  REDIS_ACTIVITY_DB: "4"