samantha/homelab
1
0
Fork 0
Code Issues 2 Pull requests Projects 1 Releases Packages Wiki Activity Actions
homelab/k3s/mediawiki/mediawiki.yaml
Samantha Atkins 6882281c24 added garage, mattermost, etc
2026-04-18 18:28:55 -04:00

156 lines
4.5 KiB
YAML
Raw Permalink Blame History

# MediaWiki — personal wiki, postgres-backed
# Unpinned; uploads PVC on local-path.
# LocalSettings.php supplied via ConfigMap — secrets read at runtime from env.
# NodePort 32392.
#
# Deploy flow (run in order, from /home/samantha/private/Knowledge/repos/homelab):
#
# # 1. Generate secrets and stash in pass + k8s:
# DB=$(openssl rand -hex 32)
# ADM=$(openssl rand -hex 16)
# SK=$(openssl rand -hex 32)
# UK=$(openssl rand -hex 16)
# echo "$DB" | pass insert -m -f homelab/MEDIAWIKI_DB_PASSWORD
# echo "$ADM" | pass insert -m -f homelab/MEDIAWIKI_ADMIN_PASSWORD
# echo "$SK" | pass insert -m -f homelab/MEDIAWIKI_SECRET_KEY
# echo "$UK" | pass insert -m -f homelab/MEDIAWIKI_UPGRADE_KEY
# k3s/scripts/k3s-control-command "sudo kubectl create secret generic mediawiki-secret -n default \
# --from-literal=db-password='$DB' \
# --from-literal=admin-password='$ADM' \
# --from-literal=secret-key='$SK' \
# --from-literal=upgrade-key='$UK'"
#
# # 2. Create db/user, run install.php, deploy:
# k3s/scripts/k3s-control-command 'kubectl apply -f /tmp/mediawiki-db-init.yaml' # scp first
# k3s/scripts/k3s-control-command 'kubectl wait --for=condition=complete job/mediawiki-db-init --timeout=60s'
# k3s/scripts/k3s-control-command 'kubectl apply -f /tmp/mediawiki-install.yaml'
# k3s/scripts/k3s-control-command 'kubectl wait --for=condition=complete job/mediawiki-install --timeout=120s'
# k3s/scripts/k3s-control-command 'kubectl apply -f /tmp/mediawiki.yaml'
---
apiVersion: v1
kind: ConfigMap
metadata:
name: mediawiki-localsettings
data:
LocalSettings.php: |
<?php
if (!defined('MEDIAWIKI')) { exit; }
$wgSitename = "Samantha's Wiki";
$wgMetaNamespace = "Samanthas_Wiki";
$wgScriptPath = "";
$wgServer = getenv('MW_SERVER') ?: "http://localhost:32392";
$wgResourceBasePath = $wgScriptPath;
$wgLogos = [ '1x' => "$wgResourceBasePath/resources/assets/change-your-logo.svg" ];
$wgEnableEmail = false;
$wgEmergencyContact = "";
$wgPasswordSender = "";
$wgDBtype = "mysql";
$wgDBserver = "mariadb";
$wgDBname = "mediawiki_db";
$wgDBuser = "mediawiki_user";
$wgDBpassword = getenv('MW_DB_PASSWORD');
$wgDBport = "3306";
$wgSecretKey = getenv('MW_SECRET_KEY');
$wgUpgradeKey = getenv('MW_UPGRADE_KEY');
$wgUploadDirectory = "/var/www/html/images";
$wgEnableUploads = true;
$wgPingback = false;
$wgDefaultSkin = "vector-2022";
wfLoadSkin( 'Vector' );
wfLoadSkin( 'MonoBook' );
wfLoadSkin( 'Timeless' );
wfLoadSkin( 'MinervaNeue' );
$wgLocaltimezone = "UTC";
date_default_timezone_set($wgLocaltimezone);
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mediawiki-images-pvc
spec:
accessModes: [ReadWriteOnce]
storageClassName: local-path
resources:
requests:
storage: 20Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mediawiki
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: mediawiki
template:
metadata:
labels:
app: mediawiki
spec:
securityContext:
fsGroup: 33 # www-data — so PVC is group-writable by apache
containers:
- name: mediawiki
image: mediawiki:1.43
env:
- name: MW_SERVER
value: "https://wiki.the-fulfillment.org"
- name: MW_DB_PASSWORD
valueFrom:
secretKeyRef:
name: mediawiki-secret
key: db-password
- name: MW_SECRET_KEY
valueFrom:
secretKeyRef:
name: mediawiki-secret
key: secret-key
- name: MW_UPGRADE_KEY
valueFrom:
secretKeyRef:
name: mediawiki-secret
key: upgrade-key
ports:
- containerPort: 80
volumeMounts:
- name: localsettings
mountPath: /var/www/html/LocalSettings.php
subPath: LocalSettings.php
- name: images
mountPath: /var/www/html/images
volumes:
- name: localsettings
configMap:
name: mediawiki-localsettings
- name: images
persistentVolumeClaim:
claimName: mediawiki-images-pvc
---
apiVersion: v1
kind: Service
metadata:
name: mediawiki
spec:
selector:
app: mediawiki
ports:
- port: 80
targetPort: 80
nodePort: 32392
type: NodePort
Reference in a new issue View git blame Copy permalink