commit 915d40cdce2a9fc63910ecc8586706e5e9f3317f Author: Roger Oriol Date: Fri Aug 1 11:11:46 2025 +0200 initialize repository with glance, litellm, openwebui, nas and pihole services diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..147f742 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +**/*secret* diff --git a/glance/assets/user.css b/glance/assets/user.css new file mode 100644 index 0000000..e69de29 diff --git a/glance/config-map.yaml b/glance/config-map.yaml new file mode 100644 index 0000000..8559ce1 --- /dev/null +++ b/glance/config-map.yaml @@ -0,0 +1,67 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: glance-config +data: + glance.yml: | + pages: + # It's not necessary to create a new file for each page and include it, you can simply + # put its contents here, though multiple pages are easier to manage when separated + !include: home.yml + home.yml: | + - name: Home + # Optionally, if you only have a single page you can hide the desktop navigation for a cleaner look + # hide-desktop-navigation: true + columns: + - size: small + widgets: + - type: calendar + first-day-of-week: monday + - size: full + widgets: + - type: group + widgets: + - type: rss + limit: 10 + collapse-after: 3 + cache: 12h + feeds: + - url: https://www.ruxu.dev/feed.xml + title: Ruxu.dev + - url: https://simonwillison.net/atom/everything/ + title: Simon Willison + - url: https://www.gilesthomas.com/feed/rss.xml + title: Giles Thomas + - url: https://huggingface.co/blog/feed.xml + title: HuggingFace Blog + - url: https://www.philschmid.de/rss + title: Phil Schmid + - url: https://www.wheresyoured.at/rss/ + title: Ed Zitron + - url: https://www.seangoedecke.com/rss.xml + - type: hacker-news + - type: lobsters + - type: videos + channels: + - UCR-DXc1voovS8nhAvccRZhg # Jeff Geerling + - UCsBjURrPoezykLs9EqgamOA # Fireship + - UCHnyfMqiRRG1u-2MsSQLbXA # Veritasium + - UCC-lyoTfSrcJzA1ab3APAgw # LangChain + - UCkCGANrihzExmu9QiqZpPlQ # How Money Works + - UC55ODQSvARtgSyc8ThfiepQ # Sam Witteveen + - UCASM0cgfkJxQ1ICmRilfHLw # Patrick Boyle + - UCFCEuCsyWP0YkP3CZ3Mr01Q # The Plain Bagel + - UCDXTQ8nWmx_EhZ2v-kp7QxA # Ben Felix + - UCCKpicnIwBP3VPxBAZWDeNA # Money & Macro + - UCFQMnBA3CS502aghlcr0_aw # Coffeezilla + - UCsXVk37bltHxD1rDPwtNM8Q # Kurzgesagt + - UCHlNU7kIZhRgSbhHvFoy72w # HuggingFace + - UCeRjipR4_SsCddq9VZ2AeKg # LlamaIndex + - size: small + widgets: + - type: weather + location: Barcelona, Spain + units: metric # alternatively "imperial" + hour-format: 24h # alternatively "24h" + # Optionally hide the location from being displayed in the widget + # hide-location: true diff --git a/glance/config/glance.yml b/glance/config/glance.yml new file mode 100644 index 0000000..a4902e3 --- /dev/null +++ b/glance/config/glance.yml @@ -0,0 +1,12 @@ +server: + assets-path: /app/assets + +theme: + # Note: assets are cached by the browser, changes to the CSS file + # will not be reflected until the browser cache is cleared (Ctrl+F5) + custom-css-file: /assets/user.css + +pages: + # It's not necessary to create a new file for each page and include it, you can simply + # put its contents here, though multiple pages are easier to manage when separated + !include: home.yml diff --git a/glance/config/home.yml b/glance/config/home.yml new file mode 100644 index 0000000..5220b95 --- /dev/null +++ b/glance/config/home.yml @@ -0,0 +1,75 @@ +- name: Home + # Optionally, if you only have a single page you can hide the desktop navigation for a cleaner look + # hide-desktop-navigation: true + columns: + - size: small + widgets: + - type: calendar + first-day-of-week: monday + + - size: full + widgets: + - type: group + widgets: + - type: rss + limit: 10 + collapse-after: 3 + cache: 12h + feeds: + - url: https://www.ruxu.dev/feed.xml + title: Ruxu.dev + - url: https://simonwillison.net/atom/everything/ + title: Simon Willison + - url: https://www.gilesthomas.com/feed/rss.xml + title: Giles Thomas + - url: https://huggingface.co/blog/feed.xml + title: HuggingFace Blog + - url: https://www.philschmid.de/rss + title: Phil Schmid + - url: https://www.wheresyoured.at/rss/ + title: Ed Zitron + - url: https://www.seangoedecke.com/rss.xml + - type: hacker-news + - type: lobsters + + - type: videos + channels: + - UCR-DXc1voovS8nhAvccRZhg # Jeff Geerling + - UCsBjURrPoezykLs9EqgamOA # Fireship + - UCHnyfMqiRRG1u-2MsSQLbXA # Veritasium + - UCC-lyoTfSrcJzA1ab3APAgw # LangChain + - UCkCGANrihzExmu9QiqZpPlQ # How Money Works + - UC55ODQSvARtgSyc8ThfiepQ # Sam Witteveen + - UCASM0cgfkJxQ1ICmRilfHLw # Patrick Boyle + - UCFCEuCsyWP0YkP3CZ3Mr01Q # The Plain Bagel + - UCDXTQ8nWmx_EhZ2v-kp7QxA # Ben Felix + - UCCKpicnIwBP3VPxBAZWDeNA # Money & Macro + - UCFQMnBA3CS502aghlcr0_aw # Coffeezilla + - UCsXVk37bltHxD1rDPwtNM8Q # Kurzgesagt + - UCHlNU7kIZhRgSbhHvFoy72w # HuggingFace + - UCeRjipR4_SsCddq9VZ2AeKg # LlamaIndex + + - size: small + widgets: + - type: weather + location: Barcelona, Spain + units: metric # alternatively "imperial" + hour-format: 24h # alternatively "24h" + # Optionally hide the location from being displayed in the widget + # hide-location: true + + - type: markets + markets: + - symbol: IE00B03HD191.IR + name: Vanguard Global Stock Index + - symbol: 0P00012I66.F + name: Vanguard Global Small-Cap Index + - symbol: 0P0001RCAQ.F + name: Renta 4 Renta Fija + - symbol: IWVL.L + name: iShares Edge MSCI World Value Factor + - symbol: XDEQ.DE + name: Xtracker MSCI World Quality ETF + - symbol: 0P000060MS.F + name: Vanguard Emerging Markets Stock Index + diff --git a/glance/glance.yaml b/glance/glance.yaml new file mode 100644 index 0000000..d3c756d --- /dev/null +++ b/glance/glance.yaml @@ -0,0 +1,40 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: glance +spec: + replicas: 1 + selector: + matchLabels: + app: glance + template: + metadata: + labels: + app: glance + spec: + containers: + - name: glance + image: glanceapp/glance + ports: + - containerPort: 8080 + volumeMounts: + - name: config-volume + mountPath: /app/config + volumes: + - name: config-volume + configMap: + name: glance-config +--- +apiVersion: v1 +kind: Service +metadata: + name: glance-service + namespace: default +spec: + type: ClusterIP + selector: + app: glance + ports: + - name: http + port: 80 + targetPort: 8080 diff --git a/ingress.yaml b/ingress.yaml new file mode 100644 index 0000000..3e34b11 --- /dev/null +++ b/ingress.yaml @@ -0,0 +1,72 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: rogicasa-ingress + namespace: default # Change to your preferred namespace + annotations: + # Use Traefik as the ingress controller (default in k3s) + kubernetes.io/ingress.class: "traefik" + # Enable SSL redirect + traefik.ingress.kubernetes.io/redirect-entry-point: https + # Optional: enable compression + traefik.ingress.kubernetes.io/compress: "true" + cert-manager.io/issuer: prod-issuer + cert-manager.io/issuer-kind: OriginIssuer + cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com +spec: + tls: + - hosts: + - "*.rogi.casa" + secretName: rogicasa-tls + rules: + - host: glance.rogi.casa + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: glance-service + port: + number: 80 + - host: pihole.rogi.casa + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: pihole-web + port: + number: 80 + - host: litellm.rogi.casa + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: litellm-service + port: + number: 80 + - host: openai.rogi.casa + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: open-webui-service + port: + number: 80 + - host: nas.rogi.casa + http: + paths: + - pathType: Prefix + backend: + service: + name: external-ip + port: + number: 80 + path: / + diff --git a/litellm/litellm.yaml b/litellm/litellm.yaml new file mode 100644 index 0000000..49a65fb --- /dev/null +++ b/litellm/litellm.yaml @@ -0,0 +1,65 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: litellm-config-file +data: + config.yaml: | + model_list: + - model_name: gpt-4.1-mini + litellm_params: + model: openai/gpt-4.1-mini + api_key: "os.environ/OPENAI_API_KEY" + - model_name: qwen3:32b + litellm_params: + model: ollama/qwen3:32b + api_base: "http://10.88.88.236:11434" +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: litellm-deployment + labels: + app: litellm +spec: + selector: + matchLabels: + app: litellm + template: + metadata: + labels: + app: litellm + spec: + containers: + - name: litellm + image: ghcr.io/berriai/litellm:main-stable # it is recommended to fix a version generally + args: + - "--config" + - "/app/proxy_server_config.yaml" + ports: + - containerPort: 4000 + volumeMounts: + - name: config-volume + mountPath: /app/proxy_server_config.yaml + subPath: config.yaml + envFrom: + - secretRef: + name: litellm-secrets + volumes: + - name: config-volume + configMap: + name: litellm-config-file +--- +apiVersion: v1 +kind: Service +metadata: + name: litellm-service + namespace: default +spec: + type: ClusterIP + selector: + app: litellm + ports: + - name: http + port: 80 + targetPort: 4000 + diff --git a/litellm/postgres.yaml b/litellm/postgres.yaml new file mode 100644 index 0000000..c56c332 --- /dev/null +++ b/litellm/postgres.yaml @@ -0,0 +1,73 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: postgres-volume + labels: + type: local + app: postgres +spec: + storageClassName: manual + capacity: + storage: 10Gi + accessModes: + - ReadWriteMany + hostPath: + path: /data/postgresql +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: postgres-volume-claim + labels: + app: postgres +spec: + storageClassName: manual + accessModes: + - ReadWriteMany + resources: + requests: + storage: 10Gi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: postgres +spec: + replicas: 1 + selector: + matchLabels: + app: postgres + template: + metadata: + labels: + app: postgres + spec: + containers: + - name: postgres + image: 'postgres:16' + imagePullPolicy: IfNotPresent + ports: + - containerPort: 5432 + envFrom: + - configMapRef: + name: postgres-secret + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: postgresdata + volumes: + - name: postgresdata + persistentVolumeClaim: + claimName: postgres-volume-claim +--- +apiVersion: v1 +kind: Service +metadata: + name: postgres + labels: + app: postgres +spec: + type: NodePort + ports: + - port: 5432 + selector: + app: postgres diff --git a/nas.yaml b/nas.yaml new file mode 100644 index 0000000..746eb9e --- /dev/null +++ b/nas.yaml @@ -0,0 +1,45 @@ +#apiVersion: networking.k8s.io/v1 +#kind: Ingress +#metadata: +# name: nas-redirect +# annotations: +# nginx.ingress.kubernetes.io/permanent-redirect: "http://10.88.88.238:5000" +#spec: +# rules: +# - host: nas.rogi.casa +# http: +# paths: +# - path: / +# pathType: Prefix +# backend: +# service: +# name: dummy-service +# port: +# number: 80 +apiVersion: v1 +kind: Service +metadata: + name: external-ip +spec: + ports: + - name: app + port: 80 + protocol: TCP + targetPort: 5000 + clusterIP: None + type: ClusterIP +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: external-ip +subsets: +- addresses: + - ip: 10.88.88.238 + ports: + - name: app + port: 5000 + protocol: TCP + + + diff --git a/openwebui/openwebui.yaml b/openwebui/openwebui.yaml new file mode 100644 index 0000000..b908300 --- /dev/null +++ b/openwebui/openwebui.yaml @@ -0,0 +1,90 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: openwebui-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: open-webui + name: open-webui +spec: + replicas: 1 + selector: + matchLabels: + app: open-webui + template: + metadata: + labels: + app: open-webui + spec: + volumes: + - name: webui-data + persistentVolumeClaim: + claimName: openwebui-pvc + containers: + - image: ghcr.io/open-webui/open-webui + name: open-webui + ports: + - containerPort: 8080 + volumeMounts: + - name: webui-data + mountPath: /app/backend/data + resources: + requests: + cpu: 1000m + memory: 128Mi + limits: + cpu: 2000m + memory: 1Gi + livenessProbe: + httpGet: + path: / + port: 8080 + scheme: HTTP + initialDelaySeconds: 5 + timeoutSeconds: 2 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 5 + readinessProbe: + httpGet: + path: / + port: 8080 + scheme: HTTP + initialDelaySeconds: 5 + timeoutSeconds: 2 + periodSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + startupProbe: + httpGet: + path: / + port: 8080 + scheme: HTTP + initialDelaySeconds: 5 + timeoutSeconds: 2 + periodSeconds: 5 + successThreshold: 1 + failureThreshold: 30 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: open-webui + name: open-webui-service +spec: + ports: + - name: http + port: 80 + targetPort: 8080 + selector: + app: open-webui diff --git a/pihole/pihole.yaml b/pihole/pihole.yaml new file mode 100644 index 0000000..4a8089a --- /dev/null +++ b/pihole/pihole.yaml @@ -0,0 +1,130 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: pihole-pvc + namespace: default +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: pihole + namespace: default + labels: + app: pihole +spec: + replicas: 1 + selector: + matchLabels: + app: pihole + template: + metadata: + labels: + app: pihole + spec: + containers: + - name: pihole + image: pihole/pihole:latest + ports: + - containerPort: 80 + name: http + - containerPort: 53 + name: dns-tcp + protocol: TCP + - containerPort: 53 + name: dns-udp + protocol: UDP + env: + - name: TZ + value: "Europe/Madrid" + #- name: WEBPASSWORD + #value: "" + #- name: FTLCONF_webserver_api_password + #value: '' + - name: FTLCONF_REPLY_ADDR4 + value: pihole + - name: FTLCONF_dns_upstreams + value: "8.8.8.8;8.8.4.4" + #- name: PIHOLE_DNS_ + #value: 127.0.0.1#5054 + #- name: PIHOLE_DNS_ + #value: "8.8.8.8;8.8.4.4" + #- name: DNSMASQ_LISTENING + #value: "all" + - name: FTLCONF_dns_listeningMode + value: "all" + - name: WEB_PORT + value: "80" + #- name: VIRTUAL_HOST + #value: "pihole" + #- name: FTLCONF_LOCAL_IPV4 + #value: "0.0.0.0" + - name: SKIPGRAVITYONBOOT + value: "1" + volumeMounts: + - name: pihole-data + mountPath: /etc/pihole + #- name: pihole-dnsmasq + #mountPath: /etc/dnsmasq.d + resources: + requests: + memory: "256Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "500m" + securityContext: + capabilities: + add: + - NET_ADMIN + - SYS_TIME + - SYS_NICE + volumes: + - name: pihole-data + persistentVolumeClaim: + claimName: pihole-pvc + #- name: pihole-dnsmasq + #emptyDir: {} +--- +apiVersion: v1 +kind: Service +metadata: + name: pihole-web + namespace: default + labels: + app: pihole +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + selector: + app: pihole +--- +apiVersion: v1 +kind: Service +metadata: + name: pihole-dns + namespace: default + labels: + app: pihole +spec: + type: LoadBalancer # Change to NodePort or ClusterIP as needed + ports: + - port: 53 + targetPort: 53 + protocol: TCP + name: dns-tcp + - port: 53 + targetPort: 53 + protocol: UDP + name: dns-udp + selector: + app: pihole