759ef949bc
Replaced Headscale (too buggy in 0.28.x — random node drops) with direct WireGuard hub-and-spoke + full mesh. 7 Proxmox VMs across 3 hosts form a K3s v1.34.6 cluster: 3 control-plane/etcd nodes, 4 workers. Running services: postgres, mariadb, ghost (x3), forgejo, authentik. All unpinned services use local-path StorageClass. Databases pinned to pve-worker and adder-worker with local PVs. Includes VM provisioning scripts (create-debian-template.sh, clone-vm.sh), K3s manifests for all services, and full deployment docs in k3s/README.md. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
50 lines
1.4 KiB
YAML
50 lines
1.4 KiB
YAML
# Synapse DB Init Job
|
|
# Creates synapse database and user in PostgreSQL.
|
|
# Synapse requires UTF-8 encoding and C locale — standard CREATE DATABASE won't work.
|
|
# Run once before deploying Synapse.
|
|
#
|
|
# Deploy:
|
|
# kubectl create secret generic synapse-secret \
|
|
# --namespace <ns> \
|
|
# --from-literal=db-password='<password>'
|
|
# kubectl apply -f synapse-db-init.yaml -n <ns>
|
|
#
|
|
# Watch completion:
|
|
# kubectl get jobs -n <ns> -w
|
|
# kubectl logs job/synapse-db-init -n <ns>
|
|
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: synapse-db-init
|
|
spec:
|
|
template:
|
|
spec:
|
|
restartPolicy: OnFailure
|
|
containers:
|
|
- name: synapse-db-init
|
|
image: postgres:16
|
|
env:
|
|
- name: PGPASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: postgres-secret
|
|
key: password
|
|
- name: SYNAPSE_DB_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: synapse-secret
|
|
key: db-password
|
|
command:
|
|
- /bin/sh
|
|
- -c
|
|
- |
|
|
psql -h postgres -U postgres <<EOF
|
|
CREATE USER synapse_user WITH PASSWORD '${SYNAPSE_DB_PASSWORD}';
|
|
CREATE DATABASE synapse_db
|
|
ENCODING 'UTF8'
|
|
LC_COLLATE='C'
|
|
LC_CTYPE='C'
|
|
template=template0
|
|
OWNER synapse_user;
|
|
EOF
|