sans-self.org
this repo has no description
Switch PDS blob storage from filesystem to S3
Blobs now go directly to Hetzner Object Storage instead of through
JuiceFS. SQLite databases remain on JuiceFS. Backup CronJob trimmed
to SQLite-only since blobs are already in S3.
+17
-4
+1
CHANGELOG.md
+1
CHANGELOG.md
···
12
12
- Add tarpit for vulnerability scanners hitting known exploit paths (#18)
13
13
14
14
### Added
15
+
- Update PDS to use S3 for blob storage instead of filesystem (#52)
15
16
- Add S3 remote backend for OpenTofu state (#50)
16
17
- Migrate to 3-node HA cluster with JuiceFS and S3-backed storage (#38)
17
18
- Add JuiceFS Redis and CSI manifests for S3-backed storage (#47)
+1
-3
k8s/pds/backup-cronjob.yaml
+1
-3
k8s/pds/backup-cronjob.yaml
+4
-1
k8s/pds/configmap.yaml
+4
-1
k8s/pds/configmap.yaml
···
7
7
PDS_HOSTNAME: sans-self.org
8
8
PDS_PORT: "3000"
9
9
PDS_DATA_DIRECTORY: /pds
10
-
PDS_BLOBSTORE_DISK_LOCATION: /pds/blocks
10
+
PDS_BLOBSTORE_S3_BUCKET: sans-self-net
11
+
PDS_BLOBSTORE_S3_REGION: nbg1
12
+
PDS_BLOBSTORE_S3_ENDPOINT: https://nbg1.your-objectstorage.com
13
+
PDS_BLOBSTORE_S3_FORCE_PATH_STYLE: "true"
11
14
PDS_EMAIL_FROM_ADDRESS: noreply@sans-self.org
12
15
PDS_INVITE_REQUIRED: "true"
13
16
PDS_SERVICE_HANDLE_DOMAINS: .sans-self.org
+11
k8s/pds/deployment.yaml
+11
k8s/pds/deployment.yaml
···
31
31
name: pds-config
32
32
- secretRef:
33
33
name: pds-secrets
34
+
env:
35
+
- name: PDS_BLOBSTORE_S3_ACCESS_KEY_ID
36
+
valueFrom:
37
+
secretKeyRef:
38
+
name: pds-s3-credentials
39
+
key: access-key
40
+
- name: PDS_BLOBSTORE_S3_SECRET_ACCESS_KEY
41
+
valueFrom:
42
+
secretKeyRef:
43
+
name: pds-s3-credentials
44
+
key: secret-key
34
45
volumeMounts:
35
46
- name: data
36
47
mountPath: /pds