add nas deployment

apps/kustomization.yaml

@@ -8,4 +8,5 @@ resources:
   - frigate
   - llama
   - immich
+  - nas
   - searxng

apps/nas/configmap.yaml

@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nas-sftp-config
+  namespace: nas
+data:
+  sftp.json: |
+    {
+      "Global": {
+        "Chroot": {
+          "Directory": "%h",
+          "StartPath": "data"
+        },
+        "Directories": [
+          "data"
+        ]
+      },
+      "Users": [
+        {
+          "Username": "nas",
+          "UID": 1000,
+          "GID": 1000,
+          "PublicKeys": [
+            "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCresbDFZijI+rZMgd3LdciPjpb4x4S5B7y0U+EoYPaz6hILT72fyz3QdcgKJJv8JUJI6g0811/yFRuOzCXgWaA922c/S/t6HMUrorh7mPVQMTN2dc/SVBvMa7S2M9NYBj6z1X2LRHs+g1JTMCtL202PIjes/E9qu0as0Vx6n/6HHNmtmA9LrpiAmurbeKXDmrYe2yWg/FA6cX5d86SJb21Dj8WqdCd3Hz0Pi6FzMKXhpWvs5Hfei1htsjsRzCxkpSTjlgFEFVfmHIXPfB06Sa6aCnkxAFnE7N+xNa9RIWeZmOXdA74LsfSKQ9eAXSrsC/IRxo2ce8cBzXJy+Itxw24fUqGYXBiCgx8i3ZA9IdwI1u71xYo9lyNjav5VykzKnAHRAYnDm9UsCf8k04reBevcLdtxL11vPCtind3xn76Nhy2b45dcp/MdYFANGsCcXJOMb6Aisb03HPGhs/aU3tCAQbTVe195mL9FWhGqIK2wBmF1SKW+4ssX2bIU6YaCYc= cardno:23_671_999"
+          ]
+        }
+      ]
+    }

apps/nas/deployment.yaml

@@ -0,0 +1,68 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nas-sftp
+  namespace: nas
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nas-sftp
+  template:
+    metadata:
+      labels:
+        app: nas-sftp
+    spec:
+      initContainers:
+        - name: prepare-home
+          image: alpine:3.20.3
+          imagePullPolicy: IfNotPresent
+          command:
+            - /bin/sh
+            - -c
+            - |
+              set -euo pipefail
+              mkdir -p /volume/sftp-root
+              chown root:root /volume/sftp-root
+              chmod 755 /volume/sftp-root
+              mkdir -p /volume/sftp-root/data
+              chown 1000:1000 /volume/sftp-root/data
+              chmod 750 /volume/sftp-root/data
+              mkdir -p /volume/host-keys
+              chown root:root /volume/host-keys
+              chmod 700 /volume/host-keys
+          volumeMounts:
+            - name: home
+              mountPath: /volume
+      containers:
+        - name: sftp
+          image: docker.io/emberstack/sftp:build-5.1.72
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 22
+              name: sftp
+              protocol: TCP
+          volumeMounts:
+            - name: config
+              mountPath: /app/config/sftp.json
+              subPath: sftp.json
+              readOnly: true
+            - name: home
+              mountPath: /home/nas
+              subPath: sftp-root
+            - name: home
+              mountPath: /etc/ssh/keys
+              subPath: host-keys
+          resources:
+            requests:
+              cpu: 50m
+              memory: 128Mi
+            limits:
+              memory: 512Mi
+      volumes:
+        - name: home
+          persistentVolumeClaim:
+            claimName: nas-data
+        - name: config
+          configMap:
+            name: nas-sftp-config

apps/nas/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - namespace.yaml
+  - configmap.yaml
+  - pvc.yaml
+  - deployment.yaml
+  - service.yaml

apps/nas/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: nas

apps/nas/pvc.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nas-data
+  namespace: nas
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 500Gi
+  storageClassName: mayastor-single-hdd

apps/nas/service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: nas-sftp
+  namespace: nas
+spec:
+  type: LoadBalancer
+  externalTrafficPolicy: Cluster
+  ports:
+    - name: sftp
+      port: 22
+      targetPort: 22
+      protocol: TCP
+  selector:
+    app: nas-sftp