senset/helm
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add

Browse Source
This commit is contained in:
Sense T 2023-06-08 22:13:27 +08:00
parent b21fe927b1
commit aabdebb350
29 changed files with 467 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
code-ssh/Dockerfile
View File

@ -1,11 +0,0 @@
FROM debian:stable-slim
RUN sed -i 's/deb.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list && \
apt-get update && \
apt-get install -y zsh dropbear-bin python3 python3-pip python3-virtualenv vim sudo curl git && \
mkdir -p /etc/dropbear && \
useradd -s /bin/zsh -u 1000 coder && \
echo 'coder ALL=(ALL:ALL) NOPASSWD:ALL' >> /etc/sudoers && \
apt-get clean
CMD [ "/usr/sbin/dropbear", "-swEF" ]

4
code-ssh/build.sh
View File

@ -1,4 +0,0 @@
#!/bin/sh
docker build -t tonychee7000/code-ssh:$1 .
docker push tonychee7000/code-ssh:$1

BIN
code-ssh/config/dropbear_ed25519_host_key
View File

Binary file not shown.

2
code-ssh/config/dropbear_ed25519_host_key.base64
View File

@ -1,2 +0,0 @@
AAAAC3NzaC1lZDI1NTE5AAAAQKtWqf+I28KI3ZLGK78bEjhcMkt1s4OtwxtDClF8oyT4Yjtobr3p
Nm0gkElJn/MqjMpsb08iboaFbz2KqsA9mE8=

54
code-ssh/deployment.yaml
View File

@ -1,54 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: code-ssh
spec:
selector:
matchLabels:
app: code-ssh
template:
metadata:
labels:
app: code-ssh
spec:
volumes:
- name: data
hostPath:
path: /data/code-server
- name: config
secret:
secretName: code-ssh-host-key
optional: false
containers:
- name: code-ssh
image: linuxserver/openssh-server:latest
volumeMounts:
- mountPath: /home/coder
name: data
- mountPath: /etc/dropbear
name: config
readOnly: true
resources:
limits:
cpu: 500m
memory: 4Gi
requests:
cpu: 100m
memory: 256Mi
readinessProbe:
tcpSocket:
port: ssh
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
livenessProbe:
tcpSocket:
port: ssh
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
ports:
- containerPort: 22
name: ssh

17
code-ssh/kustomization.yaml
View File

@ -1,17 +0,0 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml
- service.yaml
commonLabels:
app: code-ssh
images:
- name: linuxserver/openssh-server
newName: tonychee7000/code-ssh
newTag: '20220814-1'
secretGenerator:
- name: code-ssh-host-key
files:
- config/dropbear_ed25519_host_key

19
code-ssh/service.yaml
View File

@ -1,19 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: code-ssh
annotations:
holepunch/punch-external: 'false'
spec:
selector:
app: code-ssh
ports:
- port: 2333
targetPort: ssh
name: ssh
protocol: TCP
type: LoadBalancer
ipFamilyPolicy: PreferDualStack
ipFamilies:
- IPv4
- IPv6

4
factorio/deployment.yaml
View File

@ -15,6 +15,10 @@ spec:
- name: config
configMap:
name: factorio
items:
- key: t
path: t
- name: data
hostPath:
path: /data/factorio

27
goproxy/deployment.yaml Normal file
View File

@ -0,0 +1,27 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: goproxy
spec:
selector:
matchLabels:
apps: goproxy
template:
metadata:
apps: goproxy
spec:
containers:
- name: goproxy
image: goproxy
args:
- 'tcp'
- '-p'
- ':33080'
- '-T'
- 'udp'
- '-P'
- 'ksp.midymidy.tk:8800'
resources:
limits:
cpu: '200m'
memory: 128Mi

12
goproxy/kustomization.yaml Normal file
View File

@ -0,0 +1,12 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
nameSuffix: -ksp
resources:
- deployment.yaml
- service.yaml
images:
- name: goproxy
newName: snail007/goproxy
newTag: v11.8

15
goproxy/service.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
name: goproxy
spec:
selector:
app: goproxy
ports:
- port: 33080
targetPort: 33080
ipFamilies:
- IPv4
- IPv6
ipFamilyPolicy: PerferDualStack
type: LoadBalancer

29
resilio/deployment.yaml Normal file
View File

@ -0,0 +1,29 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: resilio-sync
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: resilio-sync
template:
metadata:
labels:
app: resilio-sync
spec:
volumes:
- name: data
hostPath:
path: /data/resilio-sync
containers:
- name: resilio-sync
image: resilio/sync:2.7.3
resources:
limits:
cpu: 500m
memory: 512Mi
volumeMounts:
- name: data
mountPath: /mnt/sync

7
resilio/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml
- service.yaml

19
resilio/service.yaml Normal file
View File

@ -0,0 +1,19 @@
apiVersion: v1
kind: Service
metadata:
name: resilio-sync
spec:
type: LoadBalancer
ipFamilyPolicy: PreferDualStack
ipFamilies:
- IPv4
- IPv6
selector:
app: resilio-sync
ports:
- name: web
port: 8888
targetPort: 8888
- name: sync
port: 55555
targetPort: 55555

66
vaultwarden/deployment.yaml Normal file
View File

@ -0,0 +1,66 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: vaultwarden
spec:
selector:
matchLabels:
app: vaultwarden
template:
metadata:
labels:
app: vaultwarden
spec:
volumes:
- name: data
persistentVolumeClaim:
claimName: vaultwarden
containers:
- name: vaultwarden
image: vaultwarden
env:
- name: DATABASE_URL
valueFrom:
configMapKeyRef:
key: database-url
name: vaultwarden
- name: ADMIN_TOKEN
valueFrom:
secretKeyRef:
key: admin-token
name: vaultwarden
- name: DOMAIN
valueFrom:
configMapKeyRef:
key: domain
name: vaultwarden
- name: PASSWORD_HINTS_ALLOWED
valueFrom:
configMapKeyRef:
key: password-hints-allowed
name: vaultwarden
- name: SIGNUPS_ALLOWED
valueFrom:
configMapKeyRef:
key: signups-allowed
name: vaultwarden
- name: WEBSOCKET_ENABLED
valueFrom:
configMapKeyRef:
key: websocket-enabled
name: vaultwarden
resources:
limits:
memory: "128Mi"
cpu: "500m"
requests:
memory: "32Mi"
cpu: "100m"
ports:
- containerPort: 80
name: http
- containerPort: 3012
name: ws
volumeMounts:
- mountPath: /data
name: data

32
vaultwarden/ingress.yaml Normal file
View File

@ -0,0 +1,32 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: vaultwarden
labels:
name: vaultwarden
spec:
rules:
- host: pass.sense-t.eu.org
http:
paths:
- pathType: Prefix
path: "/notifications/hub/negotiate"
backend:
service:
name: vaultwarden
port:
number: 80
- pathType: Prefix
path: "/notifications/hub"
backend:
service:
name: vaultwarden
port:
number: 3012
- pathType: Prefix
path: "/"
backend:
service:
name: vaultwarden
port:
number: 80

27
vaultwarden/kustomization.yaml Normal file
View File

@ -0,0 +1,27 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: default
resources:
- deployment.yaml
- pvc.yaml
- services.yaml
- ingress.yaml
configMapGenerator:
- name: vaultwarden
files:
- config/database-url
- config/domain
- config/password-hints-allowed
- config/signups-allowed
- config/websocket-enabled
secretGenerator:
- name: vaultwarden
files:
- config/admin-token
images:
- name: vaultwarden
newName: vaultwarden/server
newTag: 1.28.1-alpine

12
vaultwarden/pvc.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: vaultwarden
spec:
resources:
requests:
storage: 1Gi
volumeMode: Filesystem
storageClassName: nfs-client
accessModes:
- ReadWriteOnce

18
vaultwarden/services.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: Service
metadata:
name: vaultwarden
spec:
ipFamilyPolicy: PreferDualStack
ipFamilies:
- IPv4
- IPv6
selector:
app: vaultwarden
ports:
- port: 80
targetPort: http
name: http
- port: 3012
targetPort: ws
name: ws

12
vintage-os/macos/kustomization.yaml Normal file
View File

@ -0,0 +1,12 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
nameSuffix: macos
commonLabels:
app: qemu-macos
namespace: vintage-os
resources:
- ../base
images:
- newName: tonychee7000/qemu-macos9
newTag: "20221026-1"
name: system

12
vintage-os/win98/kustomization.yaml Normal file
View File

@ -0,0 +1,12 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
nameSuffix: windows98
commonLabels:
app: qemu-windows98
namespace: vintage-os
resources:
- ../base
images:
- newName: tonychee7000/qemu-windows98
newTag: "20221025"
name: system

31
vless/config.json Normal file
View File

@ -0,0 +1,31 @@
{
"log": {
"loglevel": "warning"
},
"outbounds": [
{
"protocol": "freedom"
}
],
"inbounds": [
{
"port": 8080,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "3883e684-6971-11ed-a53b-f388e0649c3d"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "ws",
"security": "none",
"wsSettings": {
"path": "/KnockOut"
}
}
}
]
}

27
vless/deployment.yaml Normal file
View File

@ -0,0 +1,27 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: v2ray
spec:
selector:
matchLabels:
app: v2ray
template:
metadata:
labels:
app: v2ray
spec:
volumes:
- name: config
configMap:
name: v2ray
containers:
- name: v2ray
image: v2fly/v2fly-core:v5.1.0
resources:
limits:
memory: 32Mi
cpu: 200m
volumeMounts:
- name: config
mountPath: /etc/v2ray

27
vless/ingress.yaml Normal file
View File

@ -0,0 +1,27 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: v2ray
labels:
name: v2ray
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: 'true'
spec:
tls:
- hosts:
- '*.wetofu.me'
secretName: wetofu-me-certs
rules:
- host: dev.wetofu.me
http:
paths:
- pathType: ImplementationSpecific
path: "/KnockOut"
backend:
service:
name: v2ray
port:
number: 8080

11
vless/kustomization.yaml Normal file
View File

@ -0,0 +1,11 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
resources:
- deployment.yaml
- service.yaml
- ingress.yaml
configMapGenerator:
- name: v2ray
files:
- config.json
nameSuffix: -server

10
vless/service.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: Service
metadata:
name: v2ray
spec:
selector:
app: v2ray
ports:
- port: 8080
targetPort: 8080

51
wg-socks/deployment.yaml Normal file
View File

@ -0,0 +1,51 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: wireguard-socks
spec:
selector:
matchLabels:
app: wireguard-socks
type: proxy
template:
spec:
volumes:
- name: wireguard
hostPath:
path: /data/wireguard
- name: module
hostPath:
path: /lib/modules
containers:
- name: wireguard
image: neilpang/wgcf-docker:alpine
resources:
limits:
cpu: 200m
memory: 128Mi
imagePullPolicy: IfNotPresent
securityContext:
#sysctls:
# - name: net.ipv6.conf.all.disable_ipv6
# value: '0'
privileged: true
capabilities:
add:
- NET_ADMIN
allowPrivilegeEscalation: true
readOnlyRootFilesystem: false
volumeMounts:
- mountPath: /wgcf
name: wireguard
- mountPath: /lib/modules
name: module
- name: socks5
image: netbyte/socks5-server
args:
- '-l'
- ':1089'
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 200m
memory: 128Mi

7
wg-socks/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
resources:
- deployment.yaml
commonLabels:
app: wireguard-socks
type: proxy

11
wg-socks/wg0.conf Normal file
View File

@ -0,0 +1,11 @@
[Interface]
PrivateKey = qHAma2P6+Q3vbublEoBhULwVdzXeQne4YMnXeLxG6Wo=
Address = 172.16.0.2/32
Address = 2606:4700:110:81a7:4036:8234:a94:4254/128
DNS = 1.1.1.1
MTU = 1280
[Peer]
PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
AllowedIPs = 0.0.0.0/0
AllowedIPs = ::/0
Endpoint = engage.cloudflareclient.com:2408