759ef949bc
Replaced Headscale (too buggy in 0.28.x — random node drops) with direct WireGuard hub-and-spoke + full mesh. 7 Proxmox VMs across 3 hosts form a K3s v1.34.6 cluster: 3 control-plane/etcd nodes, 4 workers. Running services: postgres, mariadb, ghost (x3), forgejo, authentik. All unpinned services use local-path StorageClass. Databases pinned to pve-worker and adder-worker with local PVs. Includes VM provisioning scripts (create-debian-template.sh, clone-vm.sh), K3s manifests for all services, and full deployment docs in k3s/README.md. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
82 lines
1.9 KiB
YAML
82 lines
1.9 KiB
YAML
# Monerod — Monero full node (pruned)
|
|
# NAS-backed PVC for blockchain data — unpinned, free to migrate across nodes
|
|
# Ban list stored on NAS alongside blockchain data
|
|
# NodePorts: 32379 (P2P), 32380 (restricted RPC)
|
|
#
|
|
# Prerequisites:
|
|
# NAS share /volume1/k3s/monerod must exist on Synology
|
|
# Copy ban list to NAS: /volume1/k3s/monerod/ban_list.txt
|
|
# nas-pv.yaml must be applied first
|
|
# nfs-common installed on all worker VMs
|
|
#
|
|
# Deploy:
|
|
# kubectl apply -f ../storage/nas-pv.yaml # once, if not already applied
|
|
# kubectl apply -f monerod.yaml -n <ns>
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: monerod-pvc
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteMany
|
|
storageClassName: nas-nfs
|
|
resources:
|
|
requests:
|
|
storage: 200Gi
|
|
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: monerod
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: monerod
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: monerod
|
|
spec:
|
|
containers:
|
|
- name: monerod
|
|
image: ghcr.io/sethforprivacy/simple-monerod:latest
|
|
args:
|
|
- --rpc-restricted-bind-ip=0.0.0.0
|
|
- --rpc-restricted-bind-port=18089
|
|
- --no-igd
|
|
- --enable-dns-blocklist
|
|
- --ban-list=/home/monero/.bitmonero/ban_list.txt
|
|
- --prune-blockchain
|
|
ports:
|
|
- containerPort: 18080
|
|
- containerPort: 18089
|
|
volumeMounts:
|
|
- name: monerod-data
|
|
mountPath: /home/monero/.bitmonero
|
|
volumes:
|
|
- name: monerod-data
|
|
persistentVolumeClaim:
|
|
claimName: monerod-pvc
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: monerod
|
|
spec:
|
|
selector:
|
|
app: monerod
|
|
ports:
|
|
- name: p2p
|
|
port: 18080
|
|
targetPort: 18080
|
|
nodePort: 32379
|
|
- name: rpc
|
|
port: 18089
|
|
targetPort: 18089
|
|
nodePort: 32380
|
|
type: NodePort
|