moritz
/
infrapuzzle
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adding current state that was previously created to make the repo cleaner

This commit is contained in:
Moritz Graf 2025-04-21 16:11:22 +02:00
parent 201aefe8da
commit 1357498b2e
8 changed files with 321 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
k8s/README.md
View File

@ -560,7 +560,17 @@ Test imap from console:
openssl s_client -crlf -connect moritzgraf.de:993 openssl s_client -crlf -connect moritzgraf.de:993
``` ```
### migrate ### migrate to GoogleWorkspace
Namespace `migrate`is used.
```
kubectl create ns migrate
```
### old migrate (from before GoogleWorkspace)
```sh ```sh
# backup on moritzgraf.de # backup on moritzgraf.de
@ -594,11 +604,9 @@ Checks:
* browser mail.moritzgraf.de & login * browser mail.moritzgraf.de & login
* browser mail.moritzgraf.de/admin * browser mail.moritzgraf.de/admin
## Add mopbot & corona & corona-api ## mopbot
```sh Mopbot deployment has been moved to the mopbot repository itself.
kubectl apply -f datalab/
```
## zebrium ## zebrium

14
k8s/devbox.json Normal file
View File

@ -0,0 +1,14 @@
{
"$schema": "https://raw.githubusercontent.com/jetify-com/devbox/0.12.0/.schema/devbox.schema.json",
"packages": ["wireguard-tools@latest"],
"shell": {
"init_hook": [
"echo 'Welcome to devbox!' > /dev/null"
],
"scripts": {
"test": [
"echo \"Error: no test specified\" && exit 1"
]
}
}
}

73
k8s/devbox.lock Normal file
View File

@ -0,0 +1,73 @@
{
"lockfile_version": "1",
"packages": {
"wireguard-tools@latest": {
"last_modified": "2024-08-14T11:41:26Z",
"resolved": "github:NixOS/nixpkgs/0cb2fd7c59fed0cd82ef858cbcbdb552b9a33465#wireguard-tools",
"source": "devbox-search",
"version": "1.0.20210914",
"systems": {
"aarch64-darwin": {
"outputs": [
{
"name": "out",
"path": "/nix/store/m87fr53h4yn9ivzx623vb6jndilnab03-wireguard-tools-1.0.20210914",
"default": true
},
{
"name": "man",
"path": "/nix/store/w7wg6y3mdb1b8jwr1l2c7a1ja4x8znbz-wireguard-tools-1.0.20210914-man",
"default": true
}
],
"store_path": "/nix/store/m87fr53h4yn9ivzx623vb6jndilnab03-wireguard-tools-1.0.20210914"
},
"aarch64-linux": {
"outputs": [
{
"name": "out",
"path": "/nix/store/yx0kjydlczhjalaimzgyd16l6anxafrl-wireguard-tools-1.0.20210914",
"default": true
},
{
"name": "man",
"path": "/nix/store/ljr81m9ahrv4n3h0csqc8mlxc0i3av3l-wireguard-tools-1.0.20210914-man",
"default": true
}
],
"store_path": "/nix/store/yx0kjydlczhjalaimzgyd16l6anxafrl-wireguard-tools-1.0.20210914"
},
"x86_64-darwin": {
"outputs": [
{
"name": "out",
"path": "/nix/store/xn4rbg2fz0fcz62nfpmpcnihf9rfm5r0-wireguard-tools-1.0.20210914",
"default": true
},
{
"name": "man",
"path": "/nix/store/72xv0pyigi6lxjpw5l5mvgvs34m9rpg1-wireguard-tools-1.0.20210914-man",
"default": true
}
],
"store_path": "/nix/store/xn4rbg2fz0fcz62nfpmpcnihf9rfm5r0-wireguard-tools-1.0.20210914"
},
"x86_64-linux": {
"outputs": [
{
"name": "out",
"path": "/nix/store/8wgicrd7x6mvbgwyfw2sdkjcb0fjfwsb-wireguard-tools-1.0.20210914",
"default": true
},
{
"name": "man",
"path": "/nix/store/5ri4kwk5x0bk8xd5hx4fgqbbcxkgzlzr-wireguard-tools-1.0.20210914-man",
"default": true
}
],
"store_path": "/nix/store/8wgicrd7x6mvbgwyfw2sdkjcb0fjfwsb-wireguard-tools-1.0.20210914"
}
}
}
}
}

51
k8s/influxdb/influxdb2.secret.yml Normal file
View File

@ -0,0 +1,51 @@
## Create default user through docker entrypoint
## Defaults indicated below
##
adminUser:
organization: "influxdata"
bucket: "default"
user: "admin"
retention_policy: "0s"
## Leave empty to generate a random password and token.
## Or fill any of these values to use fixed values.
password: "doa6seetaTh6wu3Iech5al0Aiquiog"
#token: "enaiY9yaiWi6ahv0phoph3FaiphoGh"
## The password and token are obtained from an existing secret. The expected
## keys are `admin-password` and `admin-token`.
## If set, the password and token values above are ignored.
# existingSecret: influxdb-auth
## Persist data to a persistent volume
##
persistence:
enabled: true
## If true will use an existing PVC instead of creating one
# useExisting: false
## Name of existing PVC to be used in the influx deployment
# name:
## influxdb data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
accessMode: ReadWriteOnce
size: 10Gi
mountPath: /var/lib/influxdb2
subPath: ""
ingress:
enabled: false
# For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
# See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
# className: nginx
tls: false
# secretName: my-tls-cert # only needed if tls above is true or default certificate is not configured for Nginx
hostname: influxdb.foobar.com
annotations: {}
# kubernetes.io/ingress.class: "nginx"
# kubernetes.io/tls-acme: "true"
path: /

135
k8s/llm/llama_cpp_hosting.yaml Normal file
View File

@ -0,0 +1,135 @@
apiVersion: v1
kind: Namespace
metadata:
name: llm
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: llama-cpp-server
namespace: llm
spec:
replicas: 1
selector:
matchLabels:
app: llama-cpp-server
strategy:
type: Recreate
template:
metadata:
labels:
app: llama-cpp-server
spec:
initContainers:
- name: download-model
image: curlimages/curl
command:
- /bin/sh
- -c
- |
MODEL_URL="https://huggingface.co/QuantFactory/Meta-Llama-3-8B-Instruct-GGUF/resolve/main/Meta-Llama-3-8B-Instruct.Q8_0.gguf?download=true"
MODEL_FILE="/models/Meta-Llama-3-8B-Instruct.Q8_0.gguf"
# Purge everything except the desired model file
find /models -type f ! -name "$(basename $MODEL_FILE)" -delete
# Check if the model file does not exist and then download it
if [ ! -f $MODEL_FILE ]; then
curl -L -o $MODEL_FILE $MODEL_URL
fi
volumeMounts:
- name: model-storage
mountPath: /models
containers:
- name: llama-cpp-server
image: ghcr.io/ggerganov/llama.cpp:server
command:
- /server
- -m
- "/models/Meta-Llama-3-8B-Instruct.Q8_0.gguf"
- --port
- "8000"
- --host
- "0.0.0.0"
- -n
- "512"
resources:
requests:
memory: "18Gi"
cpu: 0.1
volumeMounts:
- name: model-storage
mountPath: /models
volumes:
- name: model-storage
persistentVolumeClaim:
claimName: llama-model-pvc
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: llama-model-pvc
namespace: llm
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
---
apiVersion: v1
kind: Service
metadata:
name: llama-server-service
namespace: llm
spec:
type: ClusterIP
selector:
app: llama-cpp-server
ports:
- protocol: TCP
port: 8000
targetPort: 8000
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: llama-server-service
namespace: llm
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/auth-realm: Authentication Required - llama webui
nginx.ingress.kubernetes.io/auth-secret: llama-auth
nginx.ingress.kubernetes.io/auth-type: basic
cert-manager.io/cluster-issuer: "letsencrypt-prod"
kubernetes.io/ingress.class: nginx
spec:
ingressClassName: nginx
tls:
- hosts:
- "llama.moritzgraf.de"
secretName: llama-moritzgraf-de
rules:
- host: llama.moritzgraf.de
http:
paths:
- backend:
service:
name: llama-server-service
port:
number: 8000
path: /
pathType: Prefix
---
apiVersion: v1
data:
# fabian:stinkt
# $htpasswd -c auth fabian
# -> Creates file auth with creds, does not work in git repo. unkn why.
auth: ZmFiaWFuOiRhcHIxJHRTV3YzU3hOJHJPZEJ5WXhYdG4vbVJtSzhtaENWZy4K
kind: Secret
metadata:
name: llama-auth
namespace: llm
type: Opaque

24
k8s/llm_hosting.md Normal file
View File

@ -0,0 +1,24 @@
# llm-hosting
This is an extended article to not have to write everything in the main readme. This chapter takes care of hosting llm models on the server.
## deploy
```sh
kubectl apply -f llm/llama_cpp_hosting.yaml
```
## development
```sh
```
## links
Two examples of model files that are currently tried out:
* [https://huggingface.co/MaziyarPanahi/Meta-Llama-3-70B-Instruct-GGUF/resolve/main/Meta-Llama-3-70B-Instruct.IQ1_S.gguf?download=true](https://huggingface.co/MaziyarPanahi/Meta-Llama-3-70B-Instruct-GGUF/resolve/main/Meta-Llama-3-70B-Instruct.IQ1_S.gguf?download=true)
* From [this page](https://huggingface.co/MaziyarPanahi/Meta-Llama-3-70B-Instruct-GGUF/tree/main).
* [https://huggingface.co/QuantFactory/Meta-Llama-3-8B-Instruct-GGUF/resolve/main/Meta-Llama-3-8B-Instruct.Q8_0.gguf?download=true](https://huggingface.co/QuantFactory/Meta-Llama-3-8B-Instruct-GGUF/resolve/main/Meta-Llama-3-8B-Instruct.Q8_0.gguf?download=true)
* From [this page](https://huggingface.co/QuantFactory/Meta-Llama-3-8B-Instruct-GGUF/tree/main).

BIN
k8s/migrate/migrate_snmp.secret.yaml Normal file
View File

Binary file not shown.

11
k8s/migrate/rclone.secret.yml Normal file
View File

@ -0,0 +1,11 @@
kind: ConfigMap
metadata:
creationTimestamp: null
name: rclone-dropbox-config
namespace: backup
apiVersion: v1
data:
rclone.conf: |
[dropbox]
type = dropbox
token = {"access_token":"17hvEArIh3cAAAAAAAGTXUfwkGdz8EC_rDcEseLmSRltQoUz_AVceuUewx0sGMQ1","token_type":"bearer","expiry":"0001-01-01T00:00:00Z"}