From 07c74189d816e9562599e3df5a50ae693ebbc42a Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Sat, 7 Mar 2026 21:37:37 -0800 Subject: [PATCH] =?UTF-8?q?C2(jobsync):=20impl=20=E2=80=94=20deploy-jobsyn?= =?UTF-8?q?c=20manifests=20and=20routing?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ArgoCD app, k8s manifests (deployment, service, PVC, ExternalSecret, Tailscale ingress), and Caddy route for jobsync.ops.eblu.me. 1Password item "JobSync" created with auth_secret and encryption_key. Container build v1.1.4 in progress. Co-Authored-By: Claude Opus 4.6 --- ansible/roles/caddy/defaults/main.yml | 3 + argocd/apps/jobsync.yaml | 18 +++++ argocd/manifests/jobsync/deployment.yaml | 71 +++++++++++++++++++ argocd/manifests/jobsync/external-secret.yaml | 23 ++++++ .../manifests/jobsync/ingress-tailscale.yaml | 26 +++++++ argocd/manifests/jobsync/kustomization.yaml | 15 ++++ argocd/manifests/jobsync/pv-hostpath.yaml | 15 ++++ argocd/manifests/jobsync/pvc.yaml | 14 ++++ argocd/manifests/jobsync/service.yaml | 13 ++++ 9 files changed, 198 insertions(+) create mode 100644 argocd/apps/jobsync.yaml create mode 100644 argocd/manifests/jobsync/deployment.yaml create mode 100644 argocd/manifests/jobsync/external-secret.yaml create mode 100644 argocd/manifests/jobsync/ingress-tailscale.yaml create mode 100644 argocd/manifests/jobsync/kustomization.yaml create mode 100644 argocd/manifests/jobsync/pv-hostpath.yaml create mode 100644 argocd/manifests/jobsync/pvc.yaml create mode 100644 argocd/manifests/jobsync/service.yaml diff --git a/ansible/roles/caddy/defaults/main.yml b/ansible/roles/caddy/defaults/main.yml index 464d331..da40cfb 100644 --- a/ansible/roles/caddy/defaults/main.yml +++ b/ansible/roles/caddy/defaults/main.yml @@ -88,6 +88,9 @@ caddy_services: - name: ollama host: "ollama.{{ caddy_domain }}" backend: "https://ollama.tail8d86e.ts.net" + - name: jobsync + host: "jobsync.{{ caddy_domain }}" + backend: "https://jobsync.tail8d86e.ts.net" - name: sifaka host: "nas.{{ caddy_domain }}" backend: "http://sifaka:5000" diff --git a/argocd/apps/jobsync.yaml b/argocd/apps/jobsync.yaml new file mode 100644 index 0000000..11d8beb --- /dev/null +++ b/argocd/apps/jobsync.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: jobsync + namespace: argocd +spec: + project: default + source: + repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/blumeops.git + targetRevision: main + path: argocd/manifests/jobsync + destination: + server: https://ringtail.tail8d86e.ts.net:6443 + namespace: jobsync + syncPolicy: + syncOptions: + - CreateNamespace=true diff --git a/argocd/manifests/jobsync/deployment.yaml b/argocd/manifests/jobsync/deployment.yaml new file mode 100644 index 0000000..bc27dac --- /dev/null +++ b/argocd/manifests/jobsync/deployment.yaml @@ -0,0 +1,71 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: jobsync + namespace: jobsync +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app: jobsync + template: + metadata: + labels: + app: jobsync + spec: + containers: + - name: jobsync + image: registry.ops.eblu.me/blumeops/jobsync:kustomized + ports: + - containerPort: 3000 + name: http + env: + - name: DATABASE_URL + value: "file:/data/dev.db" + - name: NEXTAUTH_URL + value: "https://jobsync.ops.eblu.me" + - name: AUTH_TRUST_HOST + value: "true" + - name: TZ + value: "America/Los_Angeles" + - name: OLLAMA_BASE_URL + value: "http://ollama.ollama.svc.cluster.local:11434" + - name: AUTH_SECRET + valueFrom: + secretKeyRef: + name: jobsync-secrets + key: auth_secret + - name: ENCRYPTION_KEY + valueFrom: + secretKeyRef: + name: jobsync-secrets + key: encryption_key + volumeMounts: + - name: data + mountPath: /data + resources: + requests: + memory: "256Mi" + cpu: "200m" + limits: + memory: "1Gi" + cpu: "1000m" + livenessProbe: + httpGet: + path: / + port: 3000 + initialDelaySeconds: 30 + periodSeconds: 30 + readinessProbe: + httpGet: + path: / + port: 3000 + initialDelaySeconds: 10 + periodSeconds: 10 + volumes: + - name: data + persistentVolumeClaim: + claimName: jobsync-data diff --git a/argocd/manifests/jobsync/external-secret.yaml b/argocd/manifests/jobsync/external-secret.yaml new file mode 100644 index 0000000..e4ef3a2 --- /dev/null +++ b/argocd/manifests/jobsync/external-secret.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: jobsync-secrets + namespace: jobsync +spec: + refreshInterval: 1h + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-blumeops + target: + name: jobsync-secrets + creationPolicy: Owner + data: + - secretKey: auth_secret + remoteRef: + key: JobSync + property: auth_secret + - secretKey: encryption_key + remoteRef: + key: JobSync + property: encryption_key diff --git a/argocd/manifests/jobsync/ingress-tailscale.yaml b/argocd/manifests/jobsync/ingress-tailscale.yaml new file mode 100644 index 0000000..85c7b53 --- /dev/null +++ b/argocd/manifests/jobsync/ingress-tailscale.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: jobsync-tailscale + namespace: jobsync + annotations: + tailscale.com/proxy-class: "default" + tailscale.com/proxy-group: "ingress" + gethomepage.dev/enabled: "true" + gethomepage.dev/name: "JobSync" + gethomepage.dev/group: "Productivity" + gethomepage.dev/icon: "mdi-briefcase-search" + gethomepage.dev/description: "Job application tracker" + gethomepage.dev/href: "https://jobsync.ops.eblu.me" + gethomepage.dev/pod-selector: "app=jobsync" +spec: + ingressClassName: tailscale + defaultBackend: + service: + name: jobsync + port: + number: 3000 + tls: + - hosts: + - jobsync diff --git a/argocd/manifests/jobsync/kustomization.yaml b/argocd/manifests/jobsync/kustomization.yaml new file mode 100644 index 0000000..2e48bf1 --- /dev/null +++ b/argocd/manifests/jobsync/kustomization.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: jobsync +resources: + - pv-hostpath.yaml + - pvc.yaml + - external-secret.yaml + - deployment.yaml + - service.yaml + - ingress-tailscale.yaml + +images: + - name: registry.ops.eblu.me/blumeops/jobsync + newTag: "v1.1.4" diff --git a/argocd/manifests/jobsync/pv-hostpath.yaml b/argocd/manifests/jobsync/pv-hostpath.yaml new file mode 100644 index 0000000..af0e64a --- /dev/null +++ b/argocd/manifests/jobsync/pv-hostpath.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: jobsync-data-pv +spec: + capacity: + storage: 10Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: "" + hostPath: + path: /mnt/storage1/jobsync + type: DirectoryOrCreate diff --git a/argocd/manifests/jobsync/pvc.yaml b/argocd/manifests/jobsync/pvc.yaml new file mode 100644 index 0000000..b451f3a --- /dev/null +++ b/argocd/manifests/jobsync/pvc.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: jobsync-data + namespace: jobsync +spec: + accessModes: + - ReadWriteOnce + storageClassName: "" + volumeName: jobsync-data-pv + resources: + requests: + storage: 10Gi diff --git a/argocd/manifests/jobsync/service.yaml b/argocd/manifests/jobsync/service.yaml new file mode 100644 index 0000000..dc2d73a --- /dev/null +++ b/argocd/manifests/jobsync/service.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: jobsync + namespace: jobsync +spec: + selector: + app: jobsync + ports: + - name: http + port: 3000 + targetPort: 3000