eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/argocd/manifests/shower/pv-nfs.yaml
Erich Blume cb4f4085c2 C1: bake shower wheel into image; wire borgmatic; refine NFS docs 
Three follow-ups on the shower deployment branch:

1. containers/shower/default.nix now uses buildPythonPackage to install
   the adelaide-baby-shower-app wheel + its deps at nix build time. The
   wheel comes from the forge PyPI index with a pinned SRI hash. The
   entrypoint no longer does pip-at-boot — it just runs migrations,
   collectstatic, and execs gunicorn.

2. ansible/roles/borgmatic/defaults/main.yml:
   - Adds shower to borgmatic_k8s_sqlite_dumps (context k3s-ringtail)
     so /app/data/db.sqlite3 is dumped via kubectl exec on every run.
   - Adds /Volumes/shower (sifaka SMB mount on indri) to
     borgmatic_source_directories so prize-photo media gets archived.

3. NFS share docs corrected to match the real on-sifaka pattern:
   exports allowlist 192.168.1.0/24 + 100.64.0.0/10 with all_squash to
   admin (matching frigate/paperless/etc.), not "Squash=No mapping".
   The pod's runAsUser doesn't need to match an on-disk uid because
   all_squash rewrites every write to admin:users.

Also adds a missing service-versions entry for the tailscale container
introduced in PR #347 — pre-existing gap surfaced by the
container-version-check hook on this commit.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-11 08:37:12 -07:00

24 lines
818 B
YAML
Raw Blame History

# NFS PersistentVolume for shower app media uploads (prize photos).
#
# Requires the `shower` share on sifaka with NFS exports matching the
# blumeops standard (192.168.1.0/24 + 100.64.0.0/10, all_squash → admin).
# See docs/how-to/operations/shower-app.md for the Synology web-UI walk
# and docs/reference/storage/sifaka.md for the exports table.
#
# Because all_squash rewrites every NFS write to admin:users (1024:100),
# the in-pod runAsUser does NOT have to match an on-disk uid. Mode 0777
# on /volume1/shower lets the pod read back what it wrote.
apiVersion: v1
kind: PersistentVolume
metadata:
name: shower-media-nfs-pv
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
storageClassName: ""
nfs:
server: sifaka
path: /volume1/shower
Reference in a new issue View git blame Copy permalink