759ef949bc
Replaced Headscale (too buggy in 0.28.x — random node drops) with direct WireGuard hub-and-spoke + full mesh. 7 Proxmox VMs across 3 hosts form a K3s v1.34.6 cluster: 3 control-plane/etcd nodes, 4 workers. Running services: postgres, mariadb, ghost (x3), forgejo, authentik. All unpinned services use local-path StorageClass. Databases pinned to pve-worker and adder-worker with local PVs. Includes VM provisioning scripts (create-debian-template.sh, clone-vm.sh), K3s manifests for all services, and full deployment docs in k3s/README.md. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
26 lines
699 B
YAML
26 lines
699 B
YAML
# Ghost DB passwords
|
|
# Replace CHANGEME values before applying.
|
|
# Generate with: openssl rand -base64 24
|
|
#
|
|
# Apply with:
|
|
# kubectl apply -f ghost-secrets.yaml
|
|
#
|
|
# Or create directly without a file:
|
|
# kubectl create secret generic ghost-secrets \
|
|
# --namespace ghost \
|
|
# --from-literal=ghost1-db-password='<password>' \
|
|
# --from-literal=ghost2-db-password='<password>' \
|
|
# --from-literal=ghost3-db-password='<password>'
|
|
#
|
|
# NOTE: Do not commit this file with real passwords to git.
|
|
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: ghost-secrets
|
|
namespace: ghost
|
|
type: Opaque
|
|
stringData:
|
|
ghost1-db-password: CHANGEME
|
|
ghost2-db-password: CHANGEME
|
|
ghost3-db-password: CHANGEME
|