michael_dileo/Keybard-Vagabond-Demo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

redaction #1

Merged
michael_dileo merged 4 commits from redaction into main 2025-12-24 13:40:48 +00:00
Conversation 0 Commits 4 Files Changed 333 +19 -19
10 changed files with 19 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 91e6e2e502 - Show all commits

2
docs/VLAN-NODE-IP-MIGRATION.md
View File

@@ -149,7 +149,7 @@ Test VLAN migration on a worker node first:
```bash ```bash
# Apply updated config to n3 # Apply updated config to n3
cd /Users/michaeldileo/src/keyboard-vagabond cd /Users/<USERNAME>/src/keyboard-vagabond
talosctl -e <NODE_3_EXTERNAL_IP> -n <NODE_3_EXTERNAL_IP> apply-config \ talosctl -e <NODE_3_EXTERNAL_IP> -n <NODE_3_EXTERNAL_IP> apply-config \
--file machineconfigs/n3-vlan.yaml --file machineconfigs/n3-vlan.yaml

2
docs/theme-digest.md
View File

@@ -27,7 +27,7 @@ Here are some other reference sites from bigger instances:
* https://pixelfed.social (click About and Explore) * https://pixelfed.social (click About and Explore)
* https://piefed.social * https://piefed.social
* https://bookwyrm.social * https://bookwyrm.social
* My personal blog: https://blog.michaeldileo.org for Write Freely * My personal blog: https://blog.<DOMAIN> for Write Freely
These sevices generally support custom mascot icons and background banners. Themeing and custom CSS has varying degrees of support, though I have full access to the server, so I could override the built in CSS, though that could likely be an endeavor, which I'm not user would be worth the effort. These sevices generally support custom mascot icons and background banners. Themeing and custom CSS has varying degrees of support, though I have full access to the server, so I could override the built in CSS, though that could likely be an endeavor, which I'm not user would be worth the effort.

6
manifests/applications/piefed/flower-monitoring.yaml
View File

@@ -31,13 +31,13 @@ spec:
- containerPort: 5555 - containerPort: 5555
env: env:
- name: CELERY_BROKER_URL - name: CELERY_BROKER_URL
value: "redis://:9EE33616C76D42A68442228B918F0A7D@redis-ha-haproxy.redis-system.svc.cluster.local:6379/0" value: "redis://:<REDIS_PASSWORD>@redis-ha-haproxy.redis-system.svc.cluster.local:6379/0"
- name: FLOWER_PORT - name: FLOWER_PORT
value: "5555" value: "5555"
- name: FLOWER_BASIC_AUTH - name: FLOWER_BASIC_AUTH
value: "admin:flower123" # Change this password! value: "admin:<CHANGE_THIS_PASSWORD>" # Change this password!
- name: FLOWER_BROKER_API - name: FLOWER_BROKER_API
value: "redis://:9EE33616C76D42A68442228B918F0A7D@redis-ha-haproxy.redis-system.svc.cluster.local:6379/0,redis://:9EE33616C76D42A68442228B918F0A7D@redis-ha-haproxy.redis-system.svc.cluster.local:6379/3" value: "redis://:<REDIS_PASSWORD>@redis-ha-haproxy.redis-system.svc.cluster.local:6379/0,redis://:<REDIS_PASSWORD>@redis-ha-haproxy.redis-system.svc.cluster.local:6379/3"
resources: resources:
requests: requests:
cpu: 100m cpu: 100m

2
manifests/cluster/flux-system/gotk-sync.yaml
View File

@@ -11,7 +11,7 @@ spec:
branch: k8s-fleet branch: k8s-fleet
secretRef: secretRef:
name: flux-system name: flux-system
url: https://source.michaeldileo.org/michael_dileo/keyboard-vagabond.git url: https://<GITEA_INSTANCE>/<USERNAME>/keyboard-vagabond.git
--- ---
apiVersion: kustomize.toolkit.fluxcd.io/v1 apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization kind: Kustomization

4
manifests/infrastructure/celery-monitoring/flower-deployment.yaml
View File

@@ -26,13 +26,13 @@ spec:
- containerPort: 5555 - containerPort: 5555
env: env:
- name: CELERY_BROKER_URL - name: CELERY_BROKER_URL
value: "redis://:9EE33616C76D42A68442228B918F0A7D@redis-ha-haproxy.redis-system.svc.cluster.local:6379/0" value: "redis://:<REDIS_PASSWORD>@redis-ha-haproxy.redis-system.svc.cluster.local:6379/0"
- name: FLOWER_PORT - name: FLOWER_PORT
value: "5555" value: "5555"
# FLOWER_BASIC_AUTH removed - authentication handled by NGINX Ingress # FLOWER_BASIC_AUTH removed - authentication handled by NGINX Ingress
# This allows Kubernetes health checks to work properly # This allows Kubernetes health checks to work properly
- name: FLOWER_BROKER_API - name: FLOWER_BROKER_API
value: "redis://:9EE33616C76D42A68442228B918F0A7D@redis-ha-haproxy.redis-system.svc.cluster.local:6379/0,redis://:9EE33616C76D42A68442228B918F0A7D@redis-ha-haproxy.redis-system.svc.cluster.local:6379/3" value: "redis://:<REDIS_PASSWORD>@redis-ha-haproxy.redis-system.svc.cluster.local:6379/0,redis://:<REDIS_PASSWORD>@redis-ha-haproxy.redis-system.svc.cluster.local:6379/3"
resources: resources:
requests: requests:
cpu: 100m cpu: 100m

2
manifests/infrastructure/longhorn/S3-API-OPTIMIZATION.md
View File

@@ -141,7 +141,7 @@ kubectl get networkpolicy -n longhorn-system longhorn-block-s3-access
kubectl get cronjobs -n longhorn-system | grep longhorn-.*-s3-access kubectl get cronjobs -n longhorn-system | grep longhorn-.*-s3-access
# 3. Test: S3 access should be blocked # 3. Test: S3 access should be blocked
kubectl exec -n longhorn-system deploy/longhorn-ui -- curl -I https://eu-central-003.backblazeb2.com kubectl exec -n longhorn-system deploy/longhorn-ui -- curl -I https://<B2_ENDPOINT>
# Expected: Connection timeout or network error # Expected: Connection timeout or network error
``` ```

4
manifests/infrastructure/longhorn/S3-API-SOLUTION-FINAL.md
View File

@@ -36,7 +36,7 @@ Longhorn's `backupstore-poll-interval` setting controls how frequently Longhorn
```yaml ```yaml
data: data:
default-resource.yaml: |- default-resource.yaml: |-
"backup-target": "s3://longhorn-keyboard-vagabond@eu-central-003.backblazeb2.com/longhorn-backup" "backup-target": "s3://<BUCKET_NAME>@<B2_ENDPOINT>/longhorn-backup"
"backup-target-credential-secret": "backblaze-credentials" "backup-target-credential-secret": "backblaze-credentials"
"backupstore-poll-interval": "86400" # 24 hours "backupstore-poll-interval": "86400" # 24 hours
"virtual-hosted-style": "true" "virtual-hosted-style": "true"
@@ -164,7 +164,7 @@ kubectl get jobs -n longhorn-system | grep backup
# Check backup target connectivity (should work anytime) # Check backup target connectivity (should work anytime)
MANAGER_POD=$(kubectl get pods -n longhorn-system -l app=longhorn-manager --no-headers | head -1 | awk '{print $1}') MANAGER_POD=$(kubectl get pods -n longhorn-system -l app=longhorn-manager --no-headers | head -1 | awk '{print $1}')
kubectl exec -n longhorn-system "$MANAGER_POD" -c longhorn-manager -- curl -I https://eu-central-003.backblazeb2.com kubectl exec -n longhorn-system "$MANAGER_POD" -c longhorn-manager -- curl -I https://<B2_ENDPOINT>
``` ```
## References ## References

6
manifests/infrastructure/redis/bitnami/secret.yaml
View File

@@ -5,6 +5,6 @@ metadata:
namespace: redis-system namespace: redis-system
type: Opaque type: Opaque
stringData: stringData:
REDIS_PASSWORD: 9EE33616C76D42A68442228B918F0A7D REDIS_PASSWORD: <REDACTED>
redis-password: 9EE33616C76D42A68442228B918F0A7D redis-password: <REDACTED>
redis-replica-password: 9EE33616C76D42A68442228B918F0A7D redis-replica-password: <REDACTED>

4
manifests/infrastructure/redis/secret.yaml
View File

@@ -5,5 +5,5 @@ metadata:
namespace: redis-system namespace: redis-system
type: Opaque type: Opaque
stringData: stringData:
redis-password: 9EE33616C76D42A68442228B918F0A7D redis-password: <REDACTED>
redis-replica-password: 9EE33616C76D42A68442228B918F0A7D redis-replica-password: <REDACTED>

6
manifests/infrastructure/renovate/renovate.yaml
View File

@@ -39,9 +39,9 @@ spec:
"extends": ["config:recommended"], "extends": ["config:recommended"],
"labels": ["renovate", "dependencies"], "labels": ["renovate", "dependencies"],
"platform": "gitea", "platform": "gitea",
"endpoint": "https://source.michaeldileo.org/", "endpoint": "https://<GITEA_INSTANCE>/",
"repositories": ["michael_dileo/keyboard-vagabond"], "repositories": ["<USERNAME>/keyboard-vagabond"],
"gitAuthor": "Renovate Bot <renovate@michaeldileo.org>", "gitAuthor": "Renovate Bot <renovate@<DOMAIN>>",
"kubernetes": { "kubernetes": {
"fileMatch": ["^manifests/.+\\.yaml$"] "fileMatch": ["^manifests/.+\\.yaml$"]
}, },