misskey: initial commit

misskey/README.md

@@ -0,0 +1,8 @@
+# Misskey
+![Misskey Status Indicator](https://argocd.hashbang.sh/api/badge?name=misskey)
+
+## TODO:
+
+ - Add an elasticsearch instance
+ - Likely need to set up ECK operator?
+ - Add resource requests/limits

misskey/ingress.yaml

@@ -0,0 +1,23 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: misskey-ingress
+ annotations:
+ cert-manager.io/cluster-issuer: letsencrypt-prod
+spec:
+ ingressClassName: nginx
+ rules:
+ - host: misskey.hashbang.sh
+ http:
+ paths:
+ - backend:
+ service:
+ name: misskey
+ port:
+ name: http
+ path: /
+ pathType: Prefix
+ tls:
+ - hosts:
+ - misskey.hashbang.sh
+ secretName: misskey-tls

misskey/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: misskey
+commonLabels:
+ app.kubernetes.io/name: misskey
+resources:
+ - ./misskey
+ - ./redis
+ - networkpolicy.yaml
+ - ingress.yaml

misskey/misskey/deployment.yaml

@@ -0,0 +1,53 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: misskey
+spec:
+ template:
+ spec:
+ initContainers:
+ - name: migrate
+ image: misskey/misskey
+ command: [npm, run, migrate]
+ env:
+ - name: NODE_ENV
+ value: production
+ - name: PGPASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: misskey-configuration
+ key: PGPASSWORD
+ - name: PGSSLMODE
+ value: no-verify
+ volumeMounts:
+ - name: misskey-configuration
+ mountPath: /misskey/.config
+ readOnly: true
+ containers:
+ - name: misskey
+ image: misskey/misskey
+ command: [npm, run, start]
+ env:
+ - name: NODE_ENV
+ value: production
+ - name: PGPASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: misskey-configuration
+ key: PGPASSWORD
+ - name: PGSSLMODE
+ value: no-verify
+ resources:
+ requests:
+ memory: 350M
+ volumeMounts:
+ - name: misskey-configuration
+ mountPath: /misskey/.config
+ readOnly: true
+ ports:
+ - name: http
+ containerPort: 3000
+ volumes:
+ - name: misskey-configuration
+ configMap:
+ name: misskey-configuration

misskey/misskey/files/default.yml

@@ -0,0 +1,148 @@
+#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+# Misskey configuration
+#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+# ┌─────┐
+#───┘ URL └─────────────────────────────────────────────────────
+
+# Final accessible URL seen by a user.
+url: https://misskey.hashbang.sh/
+
+# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE
+# URL SETTINGS AFTER THAT!
+
+# ┌───────────────────────┐
+#───┘ Port and TLS settings └───────────────────────────────────
+
+#
+# Misskey requires a reverse proxy to support HTTPS connections.
+#
+# +----- https://example.tld/ ------------+
+# +------+ |+-------------+ +----------------+|
+# | User | ---> || Proxy (443) | ---> | Misskey (3000) ||
+# +------+ |+-------------+ +----------------+|
+# +---------------------------------------+
+#
+# You need to set up a reverse proxy. (e.g. nginx)
+# An encrypted connection with HTTPS is highly recommended
+# because tokens may be transferred in GET requests.
+
+# The port that your Misskey server should listen on.
+port: 3000
+
+# ┌──────────────────────────┐
+#───┘ PostgreSQL configuration └────────────────────────────────
+
+db:
+ host: userdb-attempt-too-do-user-989073-0.db.ondigitalocean.com
+ port: 25060
+
+ # Database name
+ db: misskey
+
+ # Auth
+ user: misskey
+ #pass: 
+
+ # Whether disable Caching queries
+ #disableCache: true
+
+ # Extra Connection options
+ #extra:
+ # ssl: true
+
+# ┌─────────────────────┐
+#───┘ Redis configuration └─────────────────────────────────────
+
+redis:
+ host: misskey-redis
+ port: 6379
+ #family: 0 # 0=Both, 4=IPv4, 6=IPv6
+ #pass: example-pass
+ #prefix: example-prefix
+ #db: 1
+
+# ┌─────────────────────────────┐
+#───┘ Elasticsearch configuration └─────────────────────────────
+
+#elasticsearch:
+# host: localhost
+# port: 9200
+# ssl: false
+# user:
+# pass:
+
+# ┌───────────────┐
+#───┘ ID generation └───────────────────────────────────────────
+
+# You can select the ID generation method.
+# You don't usually need to change this setting, but you can
+# change it according to your preferences.
+
+# Available methods:
+# aid ... Short, Millisecond accuracy
+# meid ... Similar to ObjectID, Millisecond accuracy
+# ulid ... Millisecond accuracy
+# objectid ... This is left for backward compatibility
+
+# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE
+# ID SETTINGS AFTER THAT!
+
+id: 'aid'
+
+# ┌─────────────────────┐
+#───┘ Other configuration └─────────────────────────────────────
+
+# Whether disable HSTS
+#disableHsts: true
+
+# Number of worker processes
+#clusterLimit: 1
+
+# Job concurrency per worker
+# deliverJobConcurrency: 128
+# inboxJobConcurrency: 16
+
+# Job rate limiter
+# deliverJobPerSec: 128
+# inboxJobPerSec: 16
+
+# Job attempts
+# deliverJobMaxAttempts: 12
+# inboxJobMaxAttempts: 8
+
+# IP address family used for outgoing request (ipv4, ipv6 or dual)
+#outgoingAddressFamily: ipv4
+
+# Proxy for HTTP/HTTPS
+#proxy: http://127.0.0.1:3128
+
+proxyBypassHosts:
+ - api.deepl.com
+ - api-free.deepl.com
+ - www.recaptcha.net
+ - hcaptcha.com
+ - challenges.cloudflare.com
+
+# Proxy for SMTP/SMTPS
+#proxySmtp: http://127.0.0.1:3128 # use HTTP/1.1 CONNECT
+#proxySmtp: socks4://127.0.0.1:1080 # use SOCKS4
+#proxySmtp: socks5://127.0.0.1:1080 # use SOCKS5
+
+# Media Proxy
+# Reference Implementation: https://github.com/misskey-dev/media-proxy
+#mediaProxy: https://example.com/proxy
+
+# Proxy remote files (default: false)
+#proxyRemoteFiles: true
+
+# Sign to ActivityPub GET request (default: true)
+signToActivityPubGet: true
+
+#allowedPrivateNetworks: [
+# '127.0.0.1/32'
+#]
+
+# Upload or download file size limits (bytes)
+#maxFileSize: 262144000
+

misskey/misskey/kustomization.yaml

@@ -0,0 +1,16 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+commonLabels:
+ app.kubernetes.io/component: misskey
+resources:
+ - deployment.yaml
+ - service.yaml
+configMapGenerator:
+ - name: misskey-configuration
+ files:
+ - files/default.yml
+generators:
+ - secret-generator.yaml
+images:
+ - name: misskey/misskey
+ newTag: 13.5.2@sha256:1b8eae17b59cf793b96e3f9128e7021d35bbe0f44142a5bcdc09dbe8df962316