feat: Initial commit

README.md

@@ -0,0 +1,16 @@
+# Bitwarden server (Vaultwarden)
+## Usage
+Self-hosted password manager, giving individual the insurance that data is not used by unkown entity, with the drawback of having to take care of the security yourself.
+
+This server is based off [Vaultwarden](https://github.com/dani-garcia/vaultwarden), an unofficial Bitwarden server working seamlessly with all Bitwarden clients (officials and community).
+
+## Requirements
+Do deploy this instance, you only need to install `docker-compose` and `docker`.
+
+## Installation
+```
+git clone https://git.halia.dev/athens-school/Bitwarden.git
+docker-compose up -d
+```
+
+All necessary images should be downloaded automatically and the service should be started in the background.

manifests/deployment.yaml

@@ -0,0 +1,30 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+    name: owncast
+    namespace: owncast
+spec:
+    replicas: 1
+    selector:
+        matchLabels:
+            app: owncast
+    template:
+        metadata:
+            labels:
+                app: owncast
+        spec:
+            hostname: owncast
+            subdomain: owncast
+            containers:
+              - name: owncast
+                image: owncast/owncast:0.2.3
+                ports:
+                  - containerPort: 8080
+                  - containerPort: 1935
+                volumeMounts:
+                  - mountPath: "/app/data"
+                    name: owncast-data
+            volumes:
+              - name: owncast-data
+                persistentVolumeClaim:
+                  claimName: owncast-pvc

manifests/ingress.yaml

@@ -0,0 +1,52 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: owncast-ingress
+  namespace: owncast
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production
+    kubernetes.io/ingress.class: nginx-external
+    acme.cert-manager.io/http01-edit-in-place: "true"
+spec:
+  tls:
+  - hosts:
+    - live.halis.io
+    secretName: live-halis-io-tls
+  ingressClassName: nginx-external
+  rules:
+  - host: live.halis.io
+    http:
+      paths:
+        - path: /
+          pathType: Prefix
+          backend:
+            service:
+              name: owncast-svc
+              port:
+                number: 80
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: owncast-internal-ingress
+  namespace: owncast
+spec:
+  ingressClassName: nginx-internal
+  rules:
+  - host: live.entos
+    http:
+      paths:
+        - path: /
+          pathType: Prefix
+          backend:
+            service:
+              name: owncast-svc
+              port:
+                number: 80
+        - path: /live
+          pathType: Prefix
+          backend:
+            service:
+              name: owncast-svc
+              port:
+                number: 1935

manifests/kustomization.yaml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - namespace.yaml
+  - service.yaml
+  - ingress.yaml
+  - pvc.yaml
+  - deployment.yaml

manifests/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: owncast

manifests/pvc.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: owncast-pvc
+  namespace: owncast
+  labels:
+    recurring-job.longhorn.io/source: enabled
+    recurring-job-group.longhorn.io/standard-pvc: enabled
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 50Gi
+  storageClassName: redundant-storage-class

manifests/service.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+    name: owncast-svc
+    namespace: owncast
+spec:
+    ports:
+        - name: http
+          port: 80
+          protocol: TCP
+          targetPort: 8080
+        - name: rtmp
+          port: 1935
+          protocol: TCP
+          targetPort: 1935
+    selector:
+        app: owncast