add source code and readme

2025-12-24 14:35:17 +01:00
parent 7c92e1e610
commit 74324d5a1b
331 changed files with 39272 additions and 1 deletions
--- a/manifests/applications/picsur/README.md
+++ b/manifests/applications/picsur/README.md
@@ -0,0 +1,85 @@
+# Picsur Image Hosting Service
+
+Picsur is a self-hosted image sharing service similar to Imgur. This deployment integrates with the existing PostgreSQL cluster and provides automatic DNS/SSL setup.
+
+## Prerequisites
+
+### Database Setup
+Before deploying, create the database and user manually. **Note**: Connect to the PRIMARY instance (check with `kubectl get cluster postgresql-shared -n postgresql-system -o jsonpath="{.status.currentPrimary}"`):
+
+```bash
+# Step 1: Create database and user (if they don't exist)
+kubectl exec -it postgresql-shared-2 -n postgresql-system -- psql -U postgres -c "CREATE DATABASE picsur;"
+kubectl exec -it postgresql-shared-2 -n postgresql-system -- psql -U postgres -c "CREATE USER picsur WITH ENCRYPTED PASSWORD 'your_secure_password';"
+
+# Step 2: Grant database-level permissions
+kubectl exec -it postgresql-shared-2 -n postgresql-system -- psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE picsur TO picsur;"
+
+# Step 3: Grant schema-level permissions (CRITICAL for table creation)
+kubectl exec -it postgresql-shared-2 -n postgresql-system -- psql -U postgres -d picsur -c "GRANT ALL ON SCHEMA public TO picsur; GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO picsur; GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO picsur;"
+```
+
+**Troubleshooting**: If Picsur fails with "permission denied for schema public", you need to run Step 3 above. The user needs explicit permissions on the public schema to create tables.
+
+### Secret Configuration
+Update the `secret.yaml` file with proper SOPS encryption:
+
+```bash
+# Edit the secret with your actual values
+sops manifests/applications/picsur/secret.yaml
+
+# Update these values:
+# - PICSUR_DB_USERNAME: picsur
+# - PICSUR_DB_PASSWORD: your_secure_password
+# - PICSUR_DB_DATABASE: picsur
+# - PICSUR_ADMIN_PASSWORD: your_admin_password
+# - PICSUR_JWT_SECRET: your_jwt_secret_key
+```
+
+## Configuration
+
+### Environment Variables
+- `PICSUR_DB_HOST`: PostgreSQL connection host
+- `PICSUR_DB_PORT`: PostgreSQL port (5432)
+- `PICSUR_DB_USERNAME`: Database username
+- `PICSUR_DB_PASSWORD`: Database password
+- `PICSUR_DB_DATABASE`: Database name
+- `PICSUR_ADMIN_PASSWORD`: Admin user password
+- `PICSUR_JWT_SECRET`: JWT secret for authentication
+- `PICSUR_MAX_FILE_SIZE`: Maximum file size (default: 50MB)
+
+### Storage
+- Uses Longhorn persistent volume with `longhorn-retain` storage class
+- 20GB initial storage allocation
+- Volume labeled for S3 backup inclusion
+
+### Resources
+- **Requests**: 200m CPU, 512Mi memory
+- **Limits**: 1000m CPU, 2Gi memory
+- **Worker Memory**: 1024MB (configured in Picsur admin UI)
+- Suitable for image hosting with large file processing (up to 50MB files, 40MP+ panoramas)
+
+## Access
+
+Once deployed, Picsur will be available at:
+- **URL**: https://picsur.keyboardvagabond.com
+- **Admin Username**: admin
+- **Admin Password**: As configured in secret
+
+## Monitoring
+
+Basic health checks are configured. If Picsur exposes metrics, uncomment the ServiceMonitor in `monitoring.yaml`.
+
+## Integration with WriteFreely
+
+Picsur can be used as an image backend for WriteFreely:
+1. Upload images to Picsur
+2. Use the direct image URLs in WriteFreely posts
+3. Images are served from your own infrastructure
+
+## Scaling
+
+Current deployment is single-replica. For high availability:
+1. Increase replica count
+2. Consider using ReadWriteMany storage if needed
+3. Ensure database can handle multiple connections