diff --git a/Divers/OVH_Stalwart.md b/Divers/OVH_Stalwart.md index fa0b6e5..54c9f37 100644 --- a/Divers/OVH_Stalwart.md +++ b/Divers/OVH_Stalwart.md @@ -1,5 +1,5 @@ $TTL 3600 -@ IN SOA dns106.ovh.net. tech.ovh.net. (2026012101 86400 3600 3600000 300) +@ IN SOA dns106.ovh.net. tech.ovh.net. (2026021002 86400 3600 3600000 300) IN NS dns106.ovh.net. IN NS ns106.ovh.net. IN MX 100 mx3.mail.ovh.net. @@ -8,10 +8,11 @@ $TTL 3600 IN MX 0 mx0.mail.ovh.net. IN A 213.186.33.5 IN TXT "v=spf1 include:mx.ovh.com ~all" + IN TXT "google-site-verification=j7RPCRYeiAgvZ4uHOD3ZQ4uqi-vPQ-UUmyVD9WXv4t8" IN TXT "1|www.delmar.bzh" IN TXT "openpgp4fpr:E22A8974BD3F45E3A827AEB891AFB168A1EAD35C" - IN TXT "google-site-verification=j7RPCRYeiAgvZ4uHOD3ZQ4uqi-vPQ-UUmyVD9WXv4t8" IN CAA 0 issue "letsencrypt.org" +_acme-challenge.mon 60 IN TXT "KIcXU0JrpELQffhG-D3Jr6-LijjvBBSb06QO1-WrSo8" _autodiscover._tcp IN SRV 0 0 443 pro1.mail.ovh.net. _dmarc IN TXT "v=DMARC1;p=none;sp=none;aspf=r;" affine IN A 176.188.240.123 @@ -25,7 +26,6 @@ cloud IN A 176.188.240.123 cnvrt IN A 176.188.240.123 crm IN A 176.188.240.123 cs IN A 176.188.240.123 -ctr IN A 176.188.240.123 cvs IN A 176.188.240.123 dev IN A 176.188.240.123 dia IN A 176.188.240.123 @@ -53,12 +53,12 @@ paperless IN A 176.188.240.123 pdf IN A 176.188.240.123 penpot IN A 176.188.240.123 pip IN A 176.188.240.123 -scanopy IN A 176.188.240.123 search IN A 176.188.240.123 send IN A 176.188.240.123 shop IN A 176.188.240.123 stream IN A 176.188.240.123 tpml IN A 176.188.240.123 +trfk IN A 176.188.240.123 trmx IN A 176.188.240.123 twip IN A 176.188.240.123 ugo IN A 176.188.240.123 diff --git a/TuringPi/k3sup.md b/TuringPi/k3sup.md index 4afb347..17a6f54 100644 --- a/TuringPi/k3sup.md +++ b/TuringPi/k3sup.md @@ -82,7 +82,7 @@ chmod 700 get_helm.sh helm version ``` -#### Headlamp +#### [Headlamp](https://headlamp.dev/docs/latest/) ```bash # first add our custom repo to your local helm repositories @@ -115,6 +115,133 @@ kubectl --namespace kube-system port-forward $POD_NAME 8080:$CONTAINER_PORT kubectl create token bb-headlamp --namespace kube-system ``` +#### [longhorn](https://longhorn.io) + +```bash +USER=admin; PASSWORD=v5bB4OQRDfY5tFJ1; echo "${USER}:$(openssl passwd -stdin -apr1 <<< ${PASSWORD})" >> auth + +sudo k3s kubectl -n longhorn-system create secret generic basic-auth --from-file=auth + +vim longhorn-ingress.yml ``` -eyJhbGciOiJSUzI1NiIsImtpZCI6InJJMkRkd2MzMUw5cDR0WHY5bnNHRHpjQ0kwdmNuOHdWSTZValZvTWlLZlkifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiLCJrM3MiXSwiZXhwIjoxNzcxMzQ4Nzk5LCJpYXQiOjE3NzEzNDUxOTksImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwianRpIjoiODAyZWVhNGYtN2EwNC00ZjQyLTgyNTUtYTVhYzQ0ZTBmZWI3Iiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJiYi1oZWFkbGFtcCIsInVpZCI6ImYxMmY0MzM4LWYxZDgtNGYwNy1iYTAzLTU5NTc1MWIzNGZhNCJ9fSwibmJmIjoxNzcxMzQ1MTk5LCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YmItaGVhZGxhbXAifQ.UySnaWZ_dIqPGmFPcOgvDi7vvUR9S728ifJChFtsr577TyY9rz6h1CrRQuTXVpfdFbh2jHLpP6QSOvyQkKQX6CYvH-YVZRSTr6v_StG-doKlKWdNpirStGPxQSnkDq3xG0weeUt7xhObSj91oKqylekAx6MMu2miGHTere8zvaLC1NVcu8pgJlXaDHyMQnAyLy6nACu6fH7g4Yvkdl-VcjeII_JtoQQMPXl8wtl25PsDU0tHHQ3K2IB4qyFEwTPVDoLC_jdwgd_5V-Cy82wdGP403dF-6tQiMoniDRO_NiClVJBMEh5r-spKBVF2mMaNknFHzVK8ANQhWyJKFeDAyA + +``` +--- +apiVersion: v1 +kind: Secret +metadata: + name: longhorn-basic-auth-secret + namespace: longhorn-system +data: + users: |2 + YWRtaW46JGFwcjEkMmp5TzMwYmskRE5IV0VEQW1VQXFVajVGOHNvdXNVMAoK + +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: longhorn-basic-auth-middleware +spec: + basicAuth: + secret: longhorn-basic-auth-secret + realm: "Longhorn Dashboard" + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: longhorn-ingress + namespace: longhorn-system + annotations: + spec.ingressClassName: traefik + traefik.ingress.kubernetes.io/router.middlewares: longhorn-system-longhorn-basic-auth-middleware@kubernetescrd +spec: + rules: + - http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: longhorn-frontend + port: + number: 80 +``` + +```bash +sudo k3s kubectl -n longhorn-system apply -f longhorn-ingress.yml +``` + +#### traefik + +```bash +vim traefik-ingress.yml +``` + +``` +--- +apiVersion: v1 +kind: Secret +metadata: + name: traefik-basic-auth-secret + namespace: kube-system +data: + users: |2 + YWRtaW46JGFwcjEkMmp5TzMwYmskRE5IV0VEQW1VQXFVajVGOHNvdXNVMAoK + +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: traefik-basic-auth-middleware +spec: + basicAuth: + secret: traefik-basic-auth-secret + realm: "Traefik Dashboard" + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: traefik-ingress + namespace: kube-system + annotations: + spec.ingressClassName: traefik + traefik.ingress.kubernetes.io/router.middlewares: kube-system-traefik-basic-auth-middleware@kubernetescrd +spec: + rules: + - host: trfk.delmar.bzh + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: traefik-dashboard + port: + number: 9000 + +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: dashboard +spec: + entryPoints: + - web + - websecure + routes: + - match: Host(`trfk.delmar.bzh`) + kind: Rule + services: + - name: api@internal + kind: TraefikService + middlewares: + - name: traefik-basic-auth-middleware + tls: + secretName: traefik-tls +``` + +```bash +sudo k3s kubectl -n kube-system apply -f traefik-ingress.yml ``` diff --git a/installs_on_host/Caddyfile b/installs_on_host/Caddyfile index cd2df1b..af5327b 100644 --- a/installs_on_host/Caddyfile +++ b/installs_on_host/Caddyfile @@ -511,6 +511,15 @@ tpml.delmar.bzh { } } +trfk.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy sandy:9000 +} + trmx.delmar.bzh { encode { zstd