127 lines
2.8 KiB
YAML
127 lines
2.8 KiB
YAML
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: pkg-repo-pvc
|
|
namespace: pkg-repo
|
|
spec:
|
|
storageClassName: longhorn
|
|
accessModes: [ReadWriteOnce]
|
|
resources:
|
|
requests:
|
|
storage: 10Gi
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: reprepro-config
|
|
namespace: pkg-repo
|
|
data:
|
|
distributions: |
|
|
Codename: trixie
|
|
Suite: stable
|
|
Components: main
|
|
Architectures: amd64 arm64
|
|
SignWith: yes
|
|
options: |
|
|
basedir /repo/debian
|
|
init.sh: |
|
|
#!/bin/bash
|
|
set -e
|
|
|
|
# Import GPG key
|
|
gpg --batch --import /gpg/private.key 2>/dev/null || true
|
|
|
|
# Export public key for clients
|
|
gpg --armor --export > /repo/pubkey.gpg
|
|
|
|
# Always ensure conf is up-to-date and repo is initialized
|
|
mkdir -p /repo/debian/conf
|
|
cp /config/distributions /repo/debian/conf/
|
|
cp /config/options /repo/debian/conf/
|
|
|
|
# Export (initialize or re-sign) the repo
|
|
cd /repo/debian && reprepro export
|
|
|
|
# Index page
|
|
cat > /repo/index.html <<'HTML'
|
|
<!DOCTYPE html>
|
|
<html><head><title>n0ball repo</title></head>
|
|
<body>
|
|
<h1>n0ball Package Repository</h1>
|
|
<ul>
|
|
<li><a href="/debian/">Debian (trixie)</a></li>
|
|
<li><a href="/pubkey.gpg">GPG Public Key</a></li>
|
|
</ul>
|
|
</body></html>
|
|
HTML
|
|
|
|
echo "Repo initialized. Waiting for commands..."
|
|
sleep infinity
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: pkg-repo
|
|
namespace: pkg-repo
|
|
spec:
|
|
replicas: 1
|
|
strategy:
|
|
type: Recreate
|
|
selector:
|
|
matchLabels:
|
|
app: pkg-repo
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: pkg-repo
|
|
spec:
|
|
containers:
|
|
- name: nginx
|
|
image: nginx:stable
|
|
ports:
|
|
- containerPort: 80
|
|
volumeMounts:
|
|
- name: repo-data
|
|
mountPath: /usr/share/nginx/html
|
|
readOnly: true
|
|
- name: reprepro
|
|
image: harbor.n0ball.tw/infra/reprepro:latest
|
|
command: ["bash", "/config/init.sh"]
|
|
volumeMounts:
|
|
- name: repo-data
|
|
mountPath: /repo
|
|
- name: gpg-key
|
|
mountPath: /gpg
|
|
readOnly: true
|
|
- name: config
|
|
mountPath: /config
|
|
readOnly: true
|
|
- name: incoming
|
|
mountPath: /incoming
|
|
volumes:
|
|
- name: repo-data
|
|
persistentVolumeClaim:
|
|
claimName: pkg-repo-pvc
|
|
- name: gpg-key
|
|
secret:
|
|
secretName: repo-gpg-key
|
|
- name: config
|
|
configMap:
|
|
name: reprepro-config
|
|
defaultMode: 0755
|
|
- name: incoming
|
|
emptyDir: {}
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: pkg-repo
|
|
namespace: pkg-repo
|
|
spec:
|
|
selector:
|
|
app: pkg-repo
|
|
ports:
|
|
- port: 80
|
|
targetPort: 80
|