attic: add

attic/cert-dubyatp-xyz.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cert-dubyatp-xyz
+  annotations:
+    replicator.v1.mittwald.de/replicate-from: "cert-manager/cert-dubyatp-xyz"
+    replicator.v1.mittwald.de/replicated-keys: "tls.crt,tls.key"
+data:
+  tls.crt: ""
+  tls.key: ""

attic/deployment.yaml

@@ -0,0 +1,30 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: attic
+spec:
+  selector:
+    matchLabels:
+      app: attic
+  template:
+    metadata:
+      labels:
+        app: attic
+    spec:
+      containers:
+      - name: attic
+        image: ghcr.io/zhaofengli/attic:ff8a897d1f4408ebbf4d45fa9049c06b3e1e3f4e
+        envFrom:
+        - secretRef:
+            name: attic-secret
+        volumeMounts:
+        - name: attic-pvc
+          mountPath: /var/empty
+        resources:
+          limits:
+            memory: "256Mi"
+            cpu: "500m"
+      volumes:
+      - name: attic-pvc
+        persistentVolumeClaim:
+          claimName: attic-pvc

attic/ingress.yaml

@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: attic
+  labels:
+    name: attic
+  annotations:
+    traefik.ingress.kubernetes.io/router.middlewares: cloudflarewarp@file
+spec:
+  rules:
+  - host: nix-cache.dubyatp.xyz
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: attic-svc
+            port: 
+              number: 8080
+  tls:
+  - hosts:
+    - nix-cache.dubyatp.xyz
+    secretName: cert-dubyatp-xyz

attic/pvc.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: attic-pvc
+spec:
+  storageClassName: weyma-shared
+  resources:
+    requests:
+      storage: 20Gi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteMany

attic/secret.yaml

@@ -0,0 +1,17 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: attic-secret
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: weyma-vault
+    kind: ClusterSecretStore
+  target:
+    name: attic-secret
+    creationPolicy: Owner
+  data:
+    - secretKey: ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64
+      remoteRef:
+        key: attic
+        property: ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64

attic/service.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: attic-svc
+spec:
+  type: ClusterIP
+  selector:
+    app: attic
+  ports:
+  - port: 8080
+    targetPort: 8080