misskey: initial commit

Author: daurnimator

misskey/README.md

@@ -0,0 +1,8 @@
+# Misskey
+![Misskey Status Indicator](https://argocd.hashbang.sh/api/badge?name=misskey)
+
+## TODO:
+
+  - Add an elasticsearch instance
+    - Likely need to set up ECK operator?
+  - Add resource requests/limits

misskey/ingress.yaml

@@ -0,0 +1,23 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: misskey-ingress
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: misskey.hashbang.sh
+    http:
+      paths:
+      - backend:
+          service:
+            name: misskey
+            port:
+              name: http
+        path: /
+        pathType: Prefix
+  tls:
+  - hosts:
+    - misskey.hashbang.sh
+    secretName: misskey-tls

misskey/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: misskey
+commonLabels:
+  app.kubernetes.io/name: misskey
+resources:
+  - ./misskey
+  - ./redis
+  - networkpolicy.yaml
+  - ingress.yaml

misskey/misskey/deployment.yaml

@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: misskey
+spec:
+  template:
+    spec:
+      initContainers:
+        - name: migrate
+          image: misskey/misskey
+          command: [npm, run, migrate]
+          env:
+            - name: NODE_ENV
+              value: production
+            - name: PGPASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: misskey-configuration
+                  key: PGPASSWORD
+            - name: PGSSLMODE
+              value: no-verify
+          volumeMounts:
+            - name: misskey-configuration
+              mountPath: /misskey/.config
+              readOnly: true
+      containers:
+        - name: misskey
+          image: misskey/misskey
+          command: [npm, run, start]
+          env:
+            - name: NODE_ENV
+              value: production
+            - name: PGPASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: misskey-configuration
+                  key: PGPASSWORD
+            - name: PGSSLMODE
+              value: no-verify
+          resources:
+            requests:
+              memory: 350M
+          volumeMounts:
+            - name: misskey-configuration
+              mountPath: /misskey/.config
+              readOnly: true
+          ports:
+            - containerPort: 3000
+      volumes:
+        - name: misskey-configuration
+          configMap:
+            name: misskey-configuration

misskey/misskey/files/default.yml

@@ -0,0 +1,148 @@
+#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+# Misskey configuration
+#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+#   ┌─────┐
+#───┘ URL └─────────────────────────────────────────────────────
+
+# Final accessible URL seen by a user.
+url: https://misskey.hashbang.sh/
+
+# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE
+# URL SETTINGS AFTER THAT!
+
+#   ┌───────────────────────┐
+#───┘ Port and TLS settings └───────────────────────────────────
+
+#
+# Misskey requires a reverse proxy to support HTTPS connections.
+#
+#                 +----- https://example.tld/ ------------+
+#   +------+      |+-------------+      +----------------+|
+#   | User | ---> || Proxy (443) | ---> | Misskey (3000) ||
+#   +------+      |+-------------+      +----------------+|
+#                 +---------------------------------------+
+#
+#   You need to set up a reverse proxy. (e.g. nginx)
+#   An encrypted connection with HTTPS is highly recommended
+#   because tokens may be transferred in GET requests.
+
+# The port that your Misskey server should listen on.
+port: 443
+
+#   ┌──────────────────────────┐
+#───┘ PostgreSQL configuration └────────────────────────────────
+
+db:
+  host: userdb-attempt-too-do-user-989073-0.db.ondigitalocean.com
+  port: 25060
+
+  # Database name
+  db: misskey
+
+  # Auth
+  user: misskey
+  #pass: 
+
+  # Whether disable Caching queries
+  #disableCache: true
+
+  # Extra Connection options
+  #extra:
+  #  ssl: true
+
+#   ┌─────────────────────┐
+#───┘ Redis configuration └─────────────────────────────────────
+
+redis:
+  host: misskey-redis
+  port: 6379
+  #family: 0  # 0=Both, 4=IPv4, 6=IPv6
+  #pass: example-pass
+  #prefix: example-prefix
+  #db: 1
+
+#   ┌─────────────────────────────┐
+#───┘ Elasticsearch configuration └─────────────────────────────
+
+#elasticsearch:
+#  host: localhost
+#  port: 9200
+#  ssl: false
+#  user:
+#  pass:
+
+#   ┌───────────────┐
+#───┘ ID generation └───────────────────────────────────────────
+
+# You can select the ID generation method.
+# You don't usually need to change this setting, but you can
+# change it according to your preferences.
+
+# Available methods:
+# aid ... Short, Millisecond accuracy
+# meid ... Similar to ObjectID, Millisecond accuracy
+# ulid ... Millisecond accuracy
+# objectid ... This is left for backward compatibility
+
+# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE
+# ID SETTINGS AFTER THAT!
+
+id: 'aid'
+
+#   ┌─────────────────────┐
+#───┘ Other configuration └─────────────────────────────────────
+
+# Whether disable HSTS
+#disableHsts: true
+
+# Number of worker processes
+#clusterLimit: 1
+
+# Job concurrency per worker
+# deliverJobConcurrency: 128
+# inboxJobConcurrency: 16
+
+# Job rate limiter
+# deliverJobPerSec: 128
+# inboxJobPerSec: 16
+
+# Job attempts
+# deliverJobMaxAttempts: 12
+# inboxJobMaxAttempts: 8
+
+# IP address family used for outgoing request (ipv4, ipv6 or dual)
+#outgoingAddressFamily: ipv4
+
+# Proxy for HTTP/HTTPS
+#proxy: http://127.0.0.1:3128
+
+proxyBypassHosts:
+  - api.deepl.com
+  - api-free.deepl.com
+  - www.recaptcha.net
+  - hcaptcha.com
+  - challenges.cloudflare.com
+
+# Proxy for SMTP/SMTPS
+#proxySmtp: http://127.0.0.1:3128   # use HTTP/1.1 CONNECT
+#proxySmtp: socks4://127.0.0.1:1080 # use SOCKS4
+#proxySmtp: socks5://127.0.0.1:1080 # use SOCKS5
+
+# Media Proxy
+# Reference Implementation: https://github.com/misskey-dev/media-proxy
+#mediaProxy: https://example.com/proxy
+
+# Proxy remote files (default: false)
+#proxyRemoteFiles: true
+
+# Sign to ActivityPub GET request (default: true)
+signToActivityPubGet: true
+
+#allowedPrivateNetworks: [
+#  '127.0.0.1/32'
+#]
+
+# Upload or download file size limits (bytes)
+#maxFileSize: 262144000
+

misskey/misskey/kustomization.yaml

@@ -0,0 +1,16 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+commonLabels:
+  app.kubernetes.io/component: misskey
+resources:
+  - deployment.yaml
+  - service.yaml
+configMapGenerator:
+  - name: misskey-configuration
+    files:
+      - files/default.yml
+generators:
+  - secret-generator.yaml
+images:
+  - name: misskey/misskey
+    newTag: 13.5.2@sha256:1b8eae17b59cf793b96e3f9128e7021d35bbe0f44142a5bcdc09dbe8df962316