diff --git a/apps/kustomization.yaml b/apps/kustomization.yaml index 086cd1e..ccf748f 100644 --- a/apps/kustomization.yaml +++ b/apps/kustomization.yaml @@ -8,4 +8,5 @@ resources: - frigate - llama - immich + - nas - searxng diff --git a/apps/nas/configmap.yaml b/apps/nas/configmap.yaml new file mode 100644 index 0000000..9a15706 --- /dev/null +++ b/apps/nas/configmap.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: nas-sftp-config + namespace: nas +data: + sftp.json: | + { + "Global": { + "Chroot": { + "Directory": "%h", + "StartPath": "data" + }, + "Directories": [ + "data" + ] + }, + "Users": [ + { + "Username": "nas", + "UID": 1000, + "GID": 1000, + "PublicKeys": [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCresbDFZijI+rZMgd3LdciPjpb4x4S5B7y0U+EoYPaz6hILT72fyz3QdcgKJJv8JUJI6g0811/yFRuOzCXgWaA922c/S/t6HMUrorh7mPVQMTN2dc/SVBvMa7S2M9NYBj6z1X2LRHs+g1JTMCtL202PIjes/E9qu0as0Vx6n/6HHNmtmA9LrpiAmurbeKXDmrYe2yWg/FA6cX5d86SJb21Dj8WqdCd3Hz0Pi6FzMKXhpWvs5Hfei1htsjsRzCxkpSTjlgFEFVfmHIXPfB06Sa6aCnkxAFnE7N+xNa9RIWeZmOXdA74LsfSKQ9eAXSrsC/IRxo2ce8cBzXJy+Itxw24fUqGYXBiCgx8i3ZA9IdwI1u71xYo9lyNjav5VykzKnAHRAYnDm9UsCf8k04reBevcLdtxL11vPCtind3xn76Nhy2b45dcp/MdYFANGsCcXJOMb6Aisb03HPGhs/aU3tCAQbTVe195mL9FWhGqIK2wBmF1SKW+4ssX2bIU6YaCYc= cardno:23_671_999" + ] + } + ] + } diff --git a/apps/nas/deployment.yaml b/apps/nas/deployment.yaml new file mode 100644 index 0000000..caf034a --- /dev/null +++ b/apps/nas/deployment.yaml @@ -0,0 +1,68 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nas-sftp + namespace: nas +spec: + replicas: 1 + selector: + matchLabels: + app: nas-sftp + template: + metadata: + labels: + app: nas-sftp + spec: + initContainers: + - name: prepare-home + image: alpine:3.20.3 + imagePullPolicy: IfNotPresent + command: + - /bin/sh + - -c + - | + set -euo pipefail + mkdir -p /volume/sftp-root + chown root:root /volume/sftp-root + chmod 755 /volume/sftp-root + mkdir -p /volume/sftp-root/data + chown 1000:1000 /volume/sftp-root/data + chmod 750 /volume/sftp-root/data + mkdir -p /volume/host-keys + chown root:root /volume/host-keys + chmod 700 /volume/host-keys + volumeMounts: + - name: home + mountPath: /volume + containers: + - name: sftp + image: docker.io/emberstack/sftp:build-5.1.72 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 22 + name: sftp + protocol: TCP + volumeMounts: + - name: config + mountPath: /app/config/sftp.json + subPath: sftp.json + readOnly: true + - name: home + mountPath: /home/nas + subPath: sftp-root + - name: home + mountPath: /etc/ssh/keys + subPath: host-keys + resources: + requests: + cpu: 50m + memory: 128Mi + limits: + memory: 512Mi + volumes: + - name: home + persistentVolumeClaim: + claimName: nas-data + - name: config + configMap: + name: nas-sftp-config diff --git a/apps/nas/kustomization.yaml b/apps/nas/kustomization.yaml new file mode 100644 index 0000000..b368429 --- /dev/null +++ b/apps/nas/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - namespace.yaml + - configmap.yaml + - pvc.yaml + - deployment.yaml + - service.yaml diff --git a/apps/nas/namespace.yaml b/apps/nas/namespace.yaml new file mode 100644 index 0000000..d058aa9 --- /dev/null +++ b/apps/nas/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: nas diff --git a/apps/nas/pvc.yaml b/apps/nas/pvc.yaml new file mode 100644 index 0000000..99d6426 --- /dev/null +++ b/apps/nas/pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nas-data + namespace: nas +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 500Gi + storageClassName: mayastor-single-hdd diff --git a/apps/nas/service.yaml b/apps/nas/service.yaml new file mode 100644 index 0000000..140a38a --- /dev/null +++ b/apps/nas/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: nas-sftp + namespace: nas +spec: + type: LoadBalancer + externalTrafficPolicy: Cluster + ports: + - name: sftp + port: 22 + targetPort: 22 + protocol: TCP + selector: + app: nas-sftp