Compare commits
1 Commits
renovate/o
...
9b11cc2ad6
| Author | SHA1 | Date | |
|---|---|---|---|
| 9b11cc2ad6 |
@@ -1,15 +0,0 @@
|
||||
when:
|
||||
- event: push
|
||||
branch: fresh-start
|
||||
|
||||
steps:
|
||||
- name: build
|
||||
image: debian
|
||||
commands:
|
||||
- echo "This is the build step"
|
||||
- echo "echo hello world" > executable
|
||||
- name: a-test-step
|
||||
image: golang:1.16
|
||||
commands:
|
||||
- echo "Testing ..."
|
||||
- sh executable
|
||||
@@ -73,7 +73,7 @@ spec:
|
||||
ISSUE_INDEXER_TYPE: bleve
|
||||
REPO_INDEXER_ENABLED: true
|
||||
webhook:
|
||||
ALLOWED_HOST_LIST: garm.garm.svc.cluster.local,woodpecker.lumpiasty.xyz
|
||||
ALLOWED_HOST_LIST: garm.garm.svc.cluster.local
|
||||
admin:
|
||||
username: GiteaAdmin
|
||||
email: gi@tea.com
|
||||
|
||||
@@ -18,7 +18,7 @@ spec:
|
||||
chart:
|
||||
spec:
|
||||
chart: immich
|
||||
version: 1.2.2
|
||||
version: 1.1.3
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: secustor
|
||||
|
||||
@@ -15,4 +15,3 @@ resources:
|
||||
- ispeak3
|
||||
- openwebui
|
||||
- garm
|
||||
- woodpecker
|
||||
|
||||
@@ -4,9 +4,8 @@ logToStdout: "both" # proxy and upstream
|
||||
|
||||
macros:
|
||||
base_args: "--no-warmup --port ${PORT}"
|
||||
common_args: "--fit-target 1536 --no-warmup --port ${PORT}"
|
||||
common_args: "--fit-target 1024 --no-warmup --port ${PORT}"
|
||||
gemma3_ctx_128k: "--ctx-size 131072"
|
||||
qwen35_ctx_128k: "--ctx-size 131072"
|
||||
qwen35_ctx_256k: "--ctx-size 262144"
|
||||
gemma_sampling: "--prio 2 --temp 1.0 --repeat-penalty 1.0 --min-p 0.00 --top-k 64 --top-p 0.95"
|
||||
qwen35_sampling: "--temp 0.6 --top-p 0.95 --top-k 20 --min-p 0.00 -ctk q8_0 -ctv q8_0"
|
||||
@@ -164,7 +163,7 @@ models:
|
||||
cmd: |
|
||||
/app/llama-server
|
||||
-hf unsloth/Qwen3.5-4B-GGUF:Q4_K_M
|
||||
${qwen35_ctx_128k}
|
||||
${qwen35_ctx_256k}
|
||||
${qwen35_sampling}
|
||||
${common_args}
|
||||
${thinking_on}
|
||||
@@ -173,7 +172,7 @@ models:
|
||||
cmd: |
|
||||
/app/llama-server
|
||||
-hf unsloth/Qwen3.5-4B-GGUF:Q4_K_M
|
||||
${qwen35_ctx_128k}
|
||||
${qwen35_ctx_256k}
|
||||
${qwen35_sampling}
|
||||
${common_args}
|
||||
${thinking_off}
|
||||
@@ -183,7 +182,7 @@ models:
|
||||
/app/llama-server
|
||||
-hf mradermacher/Qwen3.5-4B-heretic-GGUF:Q4_K_M
|
||||
${qwen35_4b_heretic_mmproj}
|
||||
${qwen35_ctx_128k}
|
||||
${qwen35_ctx_256k}
|
||||
${qwen35_sampling}
|
||||
${common_args}
|
||||
${thinking_on}
|
||||
@@ -193,7 +192,7 @@ models:
|
||||
/app/llama-server
|
||||
-hf mradermacher/Qwen3.5-4B-heretic-GGUF:Q4_K_M
|
||||
${qwen35_4b_heretic_mmproj}
|
||||
${qwen35_ctx_128k}
|
||||
${qwen35_ctx_256k}
|
||||
${qwen35_sampling}
|
||||
${common_args}
|
||||
${thinking_off}
|
||||
|
||||
@@ -18,7 +18,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: llama-swap
|
||||
image: ghcr.io/mostlygeek/llama-swap:v199-vulkan-b8589
|
||||
image: ghcr.io/mostlygeek/llama-swap:v198-vulkan-b8445
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /app/llama-swap
|
||||
|
||||
@@ -18,7 +18,7 @@ spec:
|
||||
chart:
|
||||
spec:
|
||||
chart: open-webui
|
||||
version: 13.0.1
|
||||
version: 12.10.0
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: open-webui
|
||||
|
||||
@@ -15,7 +15,7 @@ spec:
|
||||
- name: renovate
|
||||
# Update this to the latest available and then enable Renovate on
|
||||
# the manifest
|
||||
image: renovate/renovate:43.95.0-full
|
||||
image: renovate/renovate:43.84.1-full
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: renovate-gitea-token
|
||||
|
||||
@@ -1,8 +0,0 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- postgres-volume.yaml
|
||||
- postgres-cluster.yaml
|
||||
- release.yaml
|
||||
- secret.yaml
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: woodpecker
|
||||
@@ -1,23 +0,0 @@
|
||||
---
|
||||
apiVersion: postgresql.cnpg.io/v1
|
||||
kind: Cluster
|
||||
metadata:
|
||||
name: woodpecker-postgresql-cluster
|
||||
namespace: woodpecker
|
||||
spec:
|
||||
instances: 1
|
||||
|
||||
imageName: ghcr.io/cloudnative-pg/postgresql:17.4
|
||||
|
||||
bootstrap:
|
||||
initdb:
|
||||
database: woodpecker
|
||||
owner: woodpecker
|
||||
|
||||
storage:
|
||||
pvcTemplate:
|
||||
storageClassName: ssd-lvmpv
|
||||
resources:
|
||||
requests:
|
||||
storage: 10Gi
|
||||
volumeName: woodpecker-postgresql-cluster-lvmssd
|
||||
@@ -1,33 +0,0 @@
|
||||
apiVersion: local.openebs.io/v1alpha1
|
||||
kind: LVMVolume
|
||||
metadata:
|
||||
labels:
|
||||
kubernetes.io/nodename: anapistula-delrosalae
|
||||
name: woodpecker-postgresql-cluster-lvmssd
|
||||
namespace: openebs
|
||||
spec:
|
||||
capacity: 10Gi
|
||||
ownerNodeID: anapistula-delrosalae
|
||||
shared: "yes"
|
||||
thinProvision: "no"
|
||||
vgPattern: ^openebs-ssd$
|
||||
volGroup: openebs-ssd
|
||||
---
|
||||
kind: PersistentVolume
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: woodpecker-postgresql-cluster-lvmssd
|
||||
spec:
|
||||
capacity:
|
||||
storage: 10Gi
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: ssd-lvmpv
|
||||
volumeMode: Filesystem
|
||||
csi:
|
||||
driver: local.csi.openebs.io
|
||||
fsType: btrfs
|
||||
volumeHandle: woodpecker-postgresql-cluster-lvmssd
|
||||
---
|
||||
# PVC is dynamically created by the Postgres operator
|
||||
@@ -1,115 +0,0 @@
|
||||
---
|
||||
apiVersion: source.toolkit.fluxcd.io/v1
|
||||
kind: HelmRepository
|
||||
metadata:
|
||||
name: woodpecker
|
||||
namespace: woodpecker
|
||||
spec:
|
||||
interval: 24h
|
||||
url: https://woodpecker-ci.org/
|
||||
---
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: woodpecker
|
||||
namespace: woodpecker
|
||||
spec:
|
||||
interval: 30m
|
||||
chart:
|
||||
spec:
|
||||
chart: woodpecker
|
||||
version: 3.5.1
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: woodpecker
|
||||
namespace: woodpecker
|
||||
interval: 12h
|
||||
values:
|
||||
server:
|
||||
enabled: true
|
||||
statefulSet:
|
||||
replicaCount: 1
|
||||
|
||||
persistentVolume:
|
||||
enabled: false # Using Postgresql database
|
||||
|
||||
env:
|
||||
WOODPECKER_HOST: "https://woodpecker.lumpiasty.xyz"
|
||||
# Gitea integration
|
||||
WOODPECKER_GITEA: "true"
|
||||
WOODPECKER_GITEA_URL: "https://gitea.lumpiasty.xyz"
|
||||
# PostgreSQL database configuration
|
||||
WOODPECKER_DATABASE_DRIVER: postgres
|
||||
# Password is loaded from woodpecker-postgresql-cluster-app secret (created by CNPG)
|
||||
WOODPECKER_DATABASE_DATASOURCE:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: woodpecker-postgresql-cluster-app
|
||||
key: fqdn-uri
|
||||
# Allow logging in from all accounts on Gitea
|
||||
WOODPECKER_OPEN: "true"
|
||||
# Make lumpiasty admin
|
||||
WOODPECKER_ADMIN: GiteaAdmin
|
||||
|
||||
createAgentSecret: true
|
||||
|
||||
extraSecretNamesForEnvFrom:
|
||||
- woodpecker-secrets
|
||||
|
||||
ingress:
|
||||
enabled: true
|
||||
ingressClassName: nginx-ingress
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
acme.cert-manager.io/http01-edit-in-place: "true"
|
||||
hosts:
|
||||
- host: woodpecker.lumpiasty.xyz
|
||||
paths:
|
||||
- path: /
|
||||
backend:
|
||||
serviceName: woodpecker-server
|
||||
servicePort: 80
|
||||
tls:
|
||||
- hosts:
|
||||
- woodpecker.lumpiasty.xyz
|
||||
secretName: woodpecker-ingress
|
||||
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 256Mi
|
||||
|
||||
service:
|
||||
type: ClusterIP
|
||||
port: 80
|
||||
|
||||
agent:
|
||||
enabled: true
|
||||
replicaCount: 2
|
||||
|
||||
env:
|
||||
WOODPECKER_SERVER: "woodpecker-server:9000"
|
||||
WOODPECKER_BACKEND: kubernetes
|
||||
WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker
|
||||
WOODPECKER_BACKEND_K8S_STORAGE_CLASS: ssd-lvmpv
|
||||
WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 10G
|
||||
WOODPECKER_BACKEND_K8S_STORAGE_RWX: false
|
||||
WOODPECKER_CONNECT_RETRY_COUNT: "5"
|
||||
|
||||
mapAgentSecret: true
|
||||
|
||||
extraSecretNamesForEnvFrom:
|
||||
- woodpecker-secrets
|
||||
|
||||
persistence:
|
||||
enabled: false
|
||||
|
||||
serviceAccount:
|
||||
create: true
|
||||
rbac:
|
||||
create: true
|
||||
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 128Mi
|
||||
@@ -1,62 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: woodpecker-secret
|
||||
namespace: woodpecker
|
||||
---
|
||||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultAuth
|
||||
metadata:
|
||||
name: woodpecker
|
||||
namespace: woodpecker
|
||||
spec:
|
||||
method: kubernetes
|
||||
mount: kubernetes
|
||||
kubernetes:
|
||||
role: woodpecker
|
||||
serviceAccount: woodpecker-secret
|
||||
---
|
||||
# Main woodpecker secrets from Vault
|
||||
# Requires vault kv put secret/woodpecker \
|
||||
# WOODPECKER_AGENT_SECRET="$(openssl rand -hex 32)" \
|
||||
# WOODPECKER_GITEA_CLIENT="<gitea-oauth-client>" \
|
||||
# WOODPECKER_GITEA_SECRET="<gitea-oauth-secret>"
|
||||
# Note: Database password comes from CNPG secret (woodpecker-postgresql-cluster-app)
|
||||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultStaticSecret
|
||||
metadata:
|
||||
name: woodpecker-secrets
|
||||
namespace: woodpecker
|
||||
spec:
|
||||
type: kv-v2
|
||||
mount: secret
|
||||
path: woodpecker
|
||||
destination:
|
||||
create: true
|
||||
name: woodpecker-secrets
|
||||
type: Opaque
|
||||
transformation:
|
||||
excludeRaw: true
|
||||
vaultAuthRef: woodpecker
|
||||
---
|
||||
# Container registry credentials for Kaniko
|
||||
# Requires vault kv put secret/container-registry \
|
||||
# REGISTRY_USERNAME="<username>" \
|
||||
# REGISTRY_PASSWORD="<token>"
|
||||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultStaticSecret
|
||||
metadata:
|
||||
name: container-registry
|
||||
namespace: woodpecker
|
||||
spec:
|
||||
type: kv-v2
|
||||
mount: secret
|
||||
path: container-registry
|
||||
destination:
|
||||
create: true
|
||||
name: container-registry
|
||||
type: Opaque
|
||||
transformation:
|
||||
excludeRaw: true
|
||||
vaultAuthRef: woodpecker
|
||||
@@ -18,7 +18,7 @@ spec:
|
||||
chart:
|
||||
spec:
|
||||
chart: cert-manager-webhook-ovh
|
||||
version: 0.9.5
|
||||
version: 0.9.4
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: cert-manager-webhook-ovh
|
||||
|
||||
@@ -23,7 +23,7 @@ spec:
|
||||
chart:
|
||||
spec:
|
||||
chart: cert-manager
|
||||
version: v1.20.1
|
||||
version: v1.20.0
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: cert-manager
|
||||
|
||||
@@ -23,7 +23,7 @@ spec:
|
||||
chart:
|
||||
spec:
|
||||
chart: cilium
|
||||
version: 1.19.2
|
||||
version: 1.19.1
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: cilium
|
||||
|
||||
@@ -23,7 +23,7 @@ spec:
|
||||
chart:
|
||||
spec:
|
||||
chart: k8up
|
||||
version: 4.9.0
|
||||
version: 4.8.7
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: k8up-io
|
||||
|
||||
@@ -23,7 +23,7 @@ spec:
|
||||
chart:
|
||||
spec:
|
||||
chart: openbao
|
||||
version: 0.26.2
|
||||
version: 0.26.1
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: openbao
|
||||
|
||||
@@ -1,6 +0,0 @@
|
||||
bound_service_account_names:
|
||||
- woodpecker-secret
|
||||
bound_service_account_namespaces:
|
||||
- woodpecker
|
||||
token_policies:
|
||||
- woodpecker
|
||||
@@ -1,7 +0,0 @@
|
||||
path "secret/data/woodpecker" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
|
||||
path "secret/data/container-registry" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
Reference in New Issue
Block a user