running cluster with immich, photoprism and authentik

k3s/apps/authentik/helm/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: authentik

k3s/apps/authentik/helm/values.yaml

@@ -0,0 +1,28 @@
+
+namespace: authentik
+authentik:
+    secret_key: "6sNotXqR3cvcVHx3RbYCViX6J/OmMvopb4b7ge80V3EdSgBtWzG0l4SXBPo80J3mRy0BDaCCfb1EZoz+"
+    # This sends anonymous usage-data, stack traces on errors and
+    # performance data to sentry.io, and is fully opt-in
+    error_reporting:
+        enabled: true
+    postgresql:
+        password: "WoPbKRCEeLoLb9J840FqwDE95ergX8CqXq7jC6nbJkoNSiTSlA"
+
+server:
+    ingress:
+        # Specify kubernetes ingress controller class name
+        # ingressClassName: nginx 
+        # enabled: true
+        # hosts:
+        #     - authentik.henryathome.home64.de
+        enabled: false
+    service:
+        type: NodePort
+        port: 9000
+        nodePort: 32222
+
+postgresql:
+    enabled: true
+    auth:
+        password: "WoPbKRCEeLoLb9J840FqwDE95ergX8CqXq7jC6nbJkoNSiTSlA"

k3s/apps/gitea/gitea.yaml

@@ -19,8 +19,8 @@ spec:
     - ReadWriteMany
   persistentVolumeReclaimPolicy: Retain
   nfs:
-    server: 192.168.178.132
-    path: /slowData/gitea/repos
+    server: 192.168.178.166
+    path: /export/fastData/gitea/repos
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
@@ -49,8 +49,8 @@ spec:
     - ReadWriteOnce
   persistentVolumeReclaimPolicy: Retain
   nfs:
-    server: 192.168.178.132
-    path: /slowData/gitea/postgres
+    server: 192.168.178.166
+    path: /export/fastData/gitea/postgres
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
@@ -97,6 +97,10 @@ spec:
           volumeMounts:
             - name: postgres-storage
               mountPath: /var/lib/postgresql/data
+          securityContext:
+            runAsUser: 1001
+            runAsGroup: 1000
+#            fsGroup: 1000
       volumes:
         - name: postgres-storage
           persistentVolumeClaim:
@@ -152,12 +156,26 @@ spec:
               value: gitea
             - name: GITEA__database__PASSWD
               value: giteapassword
+            - name: GITEA__server__ROOT_URL
+              value: "https://git.henryathome.home64.de"
+            - name: GITEA__server__SSH_DOMAIN
+              value: git.henryathome.home64.de
+            - name: GITEA__server__START_SSH_SERVER
+              value: "true"
+            - name: GITEA__server__SSH_LISTEN_PORT
+              value: "32000"
+            - name: GITEA__server__SSH_PORT
+              value: "32000"
           ports:
             - containerPort: 3000   # HTTP
-            - containerPort: 22     # SSH
+            - containerPort: 32000     # SSH
           volumeMounts:
             - name: gitea-storage
               mountPath: /data
+          securityContext:
+#             runAsUser: 1001
+#            runAsGroup: 1000
+#            fsGroup: 1000
       volumes:
         - name: gitea-storage
           persistentVolumeClaim:
@@ -181,5 +199,6 @@ spec:
       targetPort: 3000
     - name: ssh
       protocol: TCP
-      port: 22
-      targetPort: 22
+      port: 32000
+      targetPort: 32000
+      nodePort: 32000

k3s/apps/nfs-pv/nfs-pv.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: nfs-pv
+spec:
+  capacity:
+    storage: 100Gi  # Irgendwas großzügiges, spielt bei NFS weniger Rolle
+  accessModes:
+    - ReadWriteMany   # GANZ WICHTIG!
+  storageClassName: nfs
+  persistentVolumeReclaimPolicy: Retain  # Optional: verhindert, dass K8s dein Share löscht
+  nfs:
+    path: /export/slowData/photos
+    server: 192.168.178.166

k3s/apps/photo/immich/immich-data-pv.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: immich-data-pv
+spec:
+  capacity:
+    storage: 100Gi  # Irgendwas großzügiges, spielt bei NFS weniger Rolle
+  accessModes:
+    - ReadWriteMany   # GANZ WICHTIG!
+  storageClassName: nfs
+  persistentVolumeReclaimPolicy: Retain  # Optional: verhindert, dass K8s dein Share löscht
+  nfs:
+    path: /export/fastData/immichData
+    server: 192.168.178.166

k3s/apps/photo/immich/immich-db-deployment.yaml

@@ -40,6 +40,10 @@ spec:
               mountPath: /var/lib/postgresql/data
               subPath: postgres
           resources: {}
+          securityContext:
+            runAsUser: 1001
+            runAsGroup: 1000
+#            fsGroup: 2000
       volumes:
         - name: pgdata
           persistentVolumeClaim:

k3s/apps/photo/immich/immich-db-pv.yaml

@@ -12,6 +12,6 @@ spec:
   accessModes:
     - ReadWriteMany
   nfs:
-    path: /slowData/immichDB  # Static path on the NFS server
-    server: 192.168.178.132               # Your NFS server's IP
+    path: /export/fastData/immichDB  # Static path on the NFS server
+    server: 192.168.178.166               # Your NFS server's IP
   persistentVolumeReclaimPolicy: Retain

k3s/apps/photo/immich/immich-library-pv.yaml

@@ -12,5 +12,5 @@ spec:
   accessModes:
     - ReadWriteMany
   nfs:
-    path: /fastData/immichLibrary  # Static path on the NFS server
-    server: 192.168.178.132
+    path: /export/fastData/immichLibrary  # Static path on the NFS server
+    server: 192.168.178.166

k3s/apps/photo/immich/immich-server-deployment.yaml

@@ -88,6 +88,10 @@ spec:
               subPath: library
             - name: ext-library
               mountPath: /photos
+          # securityContext:
+#            runAsUser: 1001
+#            runAsGroup: 1000
+#            fsGroup: 2000
       volumes:
         - name: library
           persistentVolumeClaim:

k3s/apps/photo/photoprism/immich-db-pvc.yaml

@@ -0,0 +1,15 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: immich-db-pvc
+  namespace: photoprism
+  labels:
+    app: immich
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 20Gi  # Match or be less than the PV's capacity
+  volumeName: immich-db-pv  # Bind explicitly to the PV created above
+  storageClassName: nfs

k3s/apps/photo/photoprism/mariadb-pv.yaml

@@ -1,13 +1,17 @@
-apiVersion: v1
 kind: PersistentVolume
+apiVersion: v1
 metadata:
-  name: mariadb-pv
+  name: mariadb-db-pv
+  namespace: photoprism
+  labels:
+    app: photoprism-mariadb
 spec:
   capacity:
-    storage: 50Gi
+    storage: 20Gi  # Adjust the storage size as needed
+  storageClassName: nfs
   accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain  # Optional: verhindert, dass K8s dein Share löscht
-  storageClassName: local-path
-  hostPath:
-    path: /slowData/photoprismDB
+    - ReadWriteMany
+  nfs:
+    path: /fastData/photoprismDB  # Static path on the NFS server
+    server: 192.168.178.166               # Your NFS server's IP
+  persistentVolumeReclaimPolicy: Retain

k3s/apps/photo/photoprism/mariadb-pv.yaml.old

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: mariadb-pv
+spec:
+  capacity:
+    storage: 50Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain  # Optional: verhindert, dass K8s dein Share löscht
+  storageClassName: local-path
+  hostPath:
+    path: /slowData/photoprismDB

k3s/apps/photo/photoprism/mariadb.yaml

@@ -4,13 +4,14 @@ metadata:
   name: mariadb
   namespace: photoprism
 spec:
-  storageClassName: local-path
-  volumeName: mariadb-pv
   accessModes:
-    - ReadWriteOnce
+    - ReadWriteMany
   resources:
     requests:
-      storage: 50Gi
+      storage: 20Gi  # Match or be less than the PV's capacity
+  volumeName: mariadb-db-pv  # Bind explicitly to the PV created above
+  storageClassName: nfs
+
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -42,6 +43,10 @@ spec:
           volumeMounts:
             - mountPath: /var/lib/mysql
               name: mariadb
+          securityContext:
+            runAsUser: 1001
+            runAsGroup: 1000
+ #           fsGroup: 2000
       volumes:
         - name: mariadb
           persistentVolumeClaim:

k3s/apps/photo/photoprism/photoprism.yaml

@@ -52,7 +52,7 @@ spec:
             - name: PHOTOPRISM_AUTH_MODE
               value: password
             - name: PHOTOPRISM_SITE_URL
-              value: https://photoprism.henryathome.home64.de
+              value: https://henrysfotos.henryathome.home64.de
             - name: PHOTOPRISM_INDEX_WORKERS
               value: "3"
             - name: PHOTOPRISM_INDEX_SCHEDULE
@@ -68,6 +68,19 @@ spec:
               value: photoprism
             - name: PHOTOPRISM_DATABASE_PASSWORD
               value: photoprism
+            - name: PHOTOPRISM_UID
+              value: "1001"
+            - name: PHOTOPRISM_GID
+              value: "1000"
+            - name: PHOTOPRISM_DISABLE_CHOWN
+              value: "true"
+          resources:
+            requests:
+              cpu: "100m"
+              memory: "128Mi"
+            limits:
+              cpu: "500m"
+              memory: "512Mi"
           volumeMounts:
             - mountPath: /photoprism/
               name: photoprism-storage
@@ -76,6 +89,9 @@ spec:
 #            - mountPath: /photoprism/originals
 #              name: photoprism-storage
 #              name: photoprism-originals
+#          securityContext:
+#            runAsUser: 1000
+#            runAsGroup: 1000
       volumes:
         - name: photoprism-storage
           persistentVolumeClaim: