martyn/infra4talos
1
0
Fork 0
Code Issues Pull requests 10 Projects Releases Packages Wiki Activity

adding actual

Browse source
This commit is contained in:
Martyn 2026-01-27 19:51:22 +01:00
parent 35c6496dae
commit b31f0dc3aa
7 changed files with 155 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
apps-kustomized/actual/backup-creds.yaml Normal file
View file

@ -0,0 +1,8 @@
apiVersion: v1
kind: Secret
metadata:
name: backup-creds
data:
accesskey: UUtJNkVONFJQNjhJWTJKQko1R1U=
secretkey: bzVSN2QxK2pxNkJScHF5Ri9GUGdhRm5XZXdKU3YxNjE1SWYzMHl0Vw==
type: Opaque

7
apps-kustomized/actual/backup-repo.yaml Normal file
View file

@ -0,0 +1,7 @@
apiVersion: v1
kind: Secret
metadata:
name: backup-repo
data:
password: MTkyNzY5MTJlNGJiOTQyZmU1MGE3MGEyNjlhNjA1NmE=
type: Opaque

27
apps-kustomized/actual/backup-schedule.yaml Normal file
View file

@ -0,0 +1,27 @@
apiVersion: k8up.io/v1
kind: Schedule
metadata:
name: backup-actual
spec:
backend:
repoPasswordSecretRef:
key: password
name: backup-repo
s3:
accessKeyIDSecretRef:
key: accesskey
name: backup-creds
bucket: k3sup-backups-armnleg
endpoint: http://s3.s3:8333
secretAccessKeySecretRef:
key: secretkey
name: backup-creds
backup:
failedJobsHistoryLimit: 2
schedule: 3 5 * * *
successfulJobsHistoryLimit: 2
prune:
retention:
keepDaily: 14
keepLast: 5
schedule: 0 1 * * 0

60
apps-kustomized/actual/deploy.yaml Normal file
View file

@ -0,0 +1,60 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: actual
name: actual
spec:
replicas: 1
selector:
matchLabels:
app: actual
strategy:
type: Recreate
template:
metadata:
creationTimestamp: null
labels:
app: actual
spec:
enableServiceLinks: false
containers:
- env:
- name: ACTUAL_OPENID_CLIENT_ID
value: "92c919af43ed3d82a9cfd281f7e16355"
- name: ACTUAL_OPENID_CLIENT_SECRET
value: "6a98e994d036d7c3fe9fecfe918aac89b072be8747cd6952dc1328c63aee9925"
- name: ACTUAL_OPENID_SERVER_HOSTNAME
value: "https://auth.martyn.berlin"
- name: ACTUAL_OPENID_AUTHORIZATION_ENDPOINT
value: "https://auth.martyn.berlin/oauth2/outhorize"
- name: ACTUAL_OPENID_TOKEN_ENDPOINT
value: "https://auth.martyn.berlin/oauth2/token"
- name: ACTUAL_OPENID_USERINFO_ENDPOINT
value: "https://auth.martyn.berlin/oauth2/userinfo"
- name: ACTUAL_OPENID_AUTH_METHOD
value: "oauth2"
image: docker.io/actualbudget/actual-server:25.9.0
imagePullPolicy: IfNotPresent
name: actual
ports:
- containerPort: 5006
name: http
protocol: TCP
resources:
requests:
cpu: 25m
memory: "920733364"
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /data
name: data
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
terminationGracePeriodSeconds: 30
volumes:
- name: data
persistentVolumeClaim:
claimName: actual-data

27
apps-kustomized/actual/ing.yaml Normal file
View file

@ -0,0 +1,27 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt
external-dns.alpha.kubernetes.io/target: armnleg.martyn.berlin
nginx.ingress.kubernetes.io/auth-signin: https://homeauth.martyn.berlin/oauth2/start?rd=https://$host$escaped_request_uri
nginx.ingress.kubernetes.io/auth-url: https://homeauth.martyn.berlin/oauth2/auth
labels:
app.kubernetes.io/name: actual
name: actual
spec:
ingressClassName: nginx
rules:
- host: actual.martyn.berlin
http:
paths:
- backend:
service:
name: actual
port:
number: 5006
path: /
pathType: Prefix
tls:
- hosts:
- actual.martyn.berlin

13
apps-kustomized/actual/pvc.yaml Normal file
View file

@ -0,0 +1,13 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: actual-data
annotations:
k8up.io/backup: "true"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: longhorn-fast

13
apps-kustomized/actual/svc.yaml Normal file
View file

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
labels:
app: actual
name: actual
spec:
ports:
- port: 80
targetPort: 5006
selector:
app: actual
type: LoadBalancer