Add atuin

apps/atuin.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: atuin
+  namespace: argocd
+spec:
+  project: default
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: atuin
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: false
+    syncOptions:
+      - CreateNamespace=true
+  source:
+    repoURL: https://github.com/zoriya/snow
+    targetRevision: HEAD
+    path: charts/atuin

apps/misc/kustomization.yaml

@@ -2,7 +2,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 resources:
-  - cilium-announcement.yaml
-  - ip-pool.yaml
-  - bitwarden.yaml
-  - secret-generators.yaml
+- cilium-announcement.yaml
+- ip-pool.yaml
+- bitwarden.yaml
+- secret-generators.yaml
+- nvidia.yaml

apps/postgres/cluster.yaml

@@ -28,3 +28,6 @@ spec:
     - name: authentik
       login: true
       disablePassword: true
+    - name: atuin
+      login: true
+      disablePassword: true

charts/atuin/database.yaml

@@ -0,0 +1,26 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Database
+metadata:
+  name: atuin-db
+  namespace: postgres
+spec:
+  name: atuin
+  owner: atuin
+  cluster:
+    name: postgres-cluster
+  databaseReclaimPolicy: delete
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: postgres-atui
+spec:
+  secretName: postgres-atuin
+  usages:
+  - client auth
+  # same as pg user
+  commonName: atuin
+  issuerRef:
+    name: postgres-ca
+    kind: ClusterIssuer
+    group: cert-manager.io

charts/atuin/deploy.yaml

@@ -0,0 +1,40 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: atuin
+spec:
+  template:
+    spec:
+      containers:
+      - name: atuin
+        image: ghcr.io/atuinsh/atuin:v18.8.0
+        args: [server, start]
+        ports:
+        - name: http
+          containerPort: 8888
+        env:
+        - name: ATUIN_HOST
+          value: 0.0.0.0
+        - name: ATUIN_PORT
+          value: "8888"
+        - name: ATUIN_OPEN_REGISTRATION
+          value: "true"
+        - name: ATUIN_DB_URI
+          value: postgres://atuin@postgres-cluster-rw.postgres/atuin?sslcert=/pg/tls.crt&sslkey=/pg/tls.key&sslrootcert=/pg/ca.crt
+        volumeMounts:
+        - name: postgres-cert
+          mountPath: /pg
+        - name: config
+          mountPath: /config
+      volumes:
+      - name: postgres-cert
+        secret:
+          secretName: postgres-atuin
+          defaultMode: 0640
+      - name: config
+        configMap:
+          # Just an empty cm 
+          name: settings
+      securityContext:
+        fsGroup: 1001
+        runAsUser: 1001

charts/atuin/ingress.yaml

@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: atuin
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    acme.cert-manager.io/http01-edit-in-place: "true"
+spec:
+  ingressClassName: cilium
+  rules:
+  - host: atuin.sdg.moe
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: atuin
+            port:
+              number: 80
+  tls:
+  - hosts:
+    - atuin.sdg.moe
+    secretName: atuin-ssl

charts/atuin/kustomization.yaml

@@ -0,0 +1,18 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+labels:
+- includeSelectors: true
+  pairs:
+   app.kubernetes.io/name: atuin
+
+configMapGenerator:
+- name: settings
+  literals:
+  - server.toml=""
+
+resources:
+- deploy.yaml
+- svc.yaml
+- ingress.yaml
+- database.yaml

charts/atuin/svc.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: atuin
+spec:
+  type: ClusterIP
+  ports:
+  - name: http
+    port: 80
+    targetPort: 8888