Project import generated by Copybara.

GitOrigin-RevId: 7ab53b65735974f92e0ce0fce8456500593ae0cb
2026-01-20 17:29:37 -08:00 · 2026-01-20 17:29:37 -08:00 · 600f7ecce9
commit 600f7ecce9
parent 8467693da2
22 changed files with 74 additions and 893 deletions
--- a/MODULE.bazel.lock
+++ b/MODULE.bazel.lock
@ -2309,6 +2309,64 @@
        ]
      }
    },
+    "@@rules_qt+//extension:qt.bzl%fetch": {
+      "general": {
+        "bzlTransitiveDigest": "+wmXAn/rrcsNKiW6OUivYSeVfd3AXW5c+xNYlBdh9q4=",
+        "usagesDigest": "PFPAf/n4+nciCmEXpgZADS3iYvQtMHuaonLOnItLs8Y=",
+        "recordedFileInputs": {},
+        "recordedDirentsInputs": {},
+        "envVariables": {},
+        "generatedRepoSpecs": {
+          "qt_linux_x86_64": {
+            "repoRuleId": "@@rules_qt+//extension:download_qt.bzl%download_qt",
+            "attributes": {
+              "version": "6.8.3",
+              "os": "linux",
+              "target_sdk": "desktop",
+              "build_file": "@@rules_qt+//extension:qt/6.8.3/linux_x86_64.BUILD",
+              "windows_architecture": ""
+            }
+          },
+          "qt_windows_x86_64": {
+            "repoRuleId": "@@rules_qt+//extension:download_qt.bzl%download_qt",
+            "attributes": {
+              "version": "6.8.3",
+              "os": "windows",
+              "target_sdk": "desktop",
+              "build_file": "@@rules_qt+//extension:qt/6.8.3/windows_x86_64.BUILD",
+              "windows_architecture": "win64_msvc2022"
+            }
+          },
+          "qt_mac_aarch64": {
+            "repoRuleId": "@@rules_qt+//extension:download_qt.bzl%download_qt",
+            "attributes": {
+              "version": "6.8.3",
+              "os": "macos",
+              "target_sdk": "desktop",
+              "build_file": "@@rules_qt+//extension:qt/6.8.3/mac_aarch64.BUILD",
+              "windows_architecture": ""
+            }
+          }
+        },
+        "recordedRepoMappingEntries": [
+          [
+            "",
+            "rules_qt",
+            "rules_qt+"
+          ],
+          [
+            "rules_qt+",
+            "bazel_skylib",
+            "bazel_skylib+"
+          ],
+          [
+            "rules_qt+",
+            "rules_qt",
+            "rules_qt+"
+          ]
+        ]
+      }
+    },
    "@@rules_scala+//scala/extensions:config.bzl%scala_config": {
      "general": {
        "bzlTransitiveDigest": "TYEDBdoN7s4wE8er7JwzFt7+3iw57BHsTSLyWmxbgZo=",
--- a/experimental/users/acmcarther/k8s/configs/environments/crossplane/BUILD.bazel
+++ b/experimental/users/acmcarther/k8s/configs/environments/crossplane/BUILD.bazel
@ -1,22 +0,0 @@
-load("@rules_jsonnet//jsonnet:jsonnet.bzl", "jsonnet_to_json")
-load("//tools:tanka.bzl", "tanka_environment")
-
-jsonnet_to_json(
-    name = "main",
-    src = "main.jsonnet",
-    outs = ["main.json"],
-    data = [
-        "@helm_crossplane_crossplane//:chart",
-    ],
-    visibility = ["//visibility:public"],
-    deps = [
-        "//k8s/configs/templates",
-        "//experimental/users/acmcarther/k8s/configs/templates",
-    ],
-)
-
-tanka_environment(
-    name = "crossplane",
-    main = ":main",
-    spec = "spec.json",
-)
--- a/experimental/users/acmcarther/k8s/configs/environments/crossplane/main.jsonnet
+++ b/experimental/users/acmcarther/k8s/configs/environments/crossplane/main.jsonnet
@ -1,25 +0,0 @@
-local base = import "k8s/configs/base.libsonnet";
-local crossplane = import "experimental/users/acmcarther/k8s/configs/templates/crossplane.libsonnet";
-
-local namespace = "crossplane-system";
-local ctx = base.NewContext(base.helm);
-
-{
-    namespace: {
-        apiVersion: "v1",
-        kind: "Namespace",
-        metadata: {
-            name: namespace,
-        },
-    },
-    apps: {
-        crossplane: crossplane.App(crossplane.Params {
-            namespace: namespace,
-            name: "crossplane",
-            context: ctx,
-            values: {
-                # Add any specific values here
-            },
-        }),
-    },
-}
--- a/experimental/users/acmcarther/k8s/configs/environments/crossplane/spec.json
+++ b/experimental/users/acmcarther/k8s/configs/environments/crossplane/spec.json
@ -1,15 +0,0 @@
-{
-  "apiVersion": "tanka.dev/v1alpha1",
-  "kind": "Environment",
-  "metadata": {
-    "name": "environments/crossplane",
-    "namespace": "environments/crossplane/main.jsonnet"
-  },
-  "spec": {
-    "apiServer": "https://k8s.dominion.lan:6443",
-    "namespace": "crossplane-system",
-    "resourceDefaults": {},
-    "expectVersions": {},
-    "injectLabels": true
-  }
-}
--- a/experimental/users/acmcarther/k8s/configs/environments/dominion/BUILD.bazel
+++ b/experimental/users/acmcarther/k8s/configs/environments/dominion/BUILD.bazel
@ -1,35 +0,0 @@
-load("@rules_jsonnet//jsonnet:jsonnet.bzl", "jsonnet_library", "jsonnet_to_json", "jsonnet_to_json_test")
-load("//tools:tanka.bzl", "tanka_environment")
-load("//tools:sops.bzl", "sops_decrypt")
-
-sops_decrypt(
-    name = "secrets",
-    src = "secrets.sops.yaml",
-    out = "secrets.json",
-)
-
-jsonnet_library(
-    name = "secrets_lib",
-    srcs = [":secrets"],
-)
-
-jsonnet_to_json(
-    name = "main",
-    src = "main.jsonnet",
-    outs = ["main.json"],
-    data = [
-        "@helm_jetstack_cert_manager//:chart",
-    ],
-    visibility = ["//visibility:public"],
-    deps = [
-        ":secrets_lib",
-        "//k8s/configs/templates",
-        "//experimental/users/acmcarther/k8s/configs/templates",
-    ],
-)
-
-tanka_environment(
-    name = "dominion",
-    main = ":main",
-    spec = "spec.json",
-)
--- a/experimental/users/acmcarther/k8s/configs/environments/dominion/main.jsonnet
+++ b/experimental/users/acmcarther/k8s/configs/environments/dominion/main.jsonnet
@ -1,159 +0,0 @@
-local base = import "k8s/configs/base.libsonnet";
-local secrets = import "experimental/users/acmcarther/k8s/configs/environments/dominion/secrets.json";
-
-local freshrss = import "k8s/configs/templates/personal/media/freshrss.libsonnet";
-local monica = import "k8s/configs/templates/personal/home/monica.libsonnet";
-local jellyfin = import "k8s/configs/templates/personal/media/jellyfin.libsonnet";
-local transmission = import "k8s/configs/templates/personal/media/transmission.libsonnet";
-
-local lanraragi = import "experimental/users/acmcarther/k8s/configs/templates/lanraragi.libsonnet";
-
-local nginxIngress = import "k8s/configs/templates/core/network/nginx-ingress.libsonnet";
-local mariadb = import "k8s/configs/templates/core/storage/mariadb.libsonnet";
-
-local namespace = "dominion";
-{
-    namespace: {
-        apiVersion: "v1",
-        kind: "Namespace",
-        metadata: {
-            name: namespace,
-        },
-    },
-    secrets: {
-        monica: mariadb.Secret(mariadb.SecretParams{
-            name: "monica",
-            namespace: "dominion",
-            rootPassword: secrets.monica_mariadb_root_db_pwd,
-            password: secrets.monica_mariadb_db_pwd,
-        }),
-    },
-    apps: {
-        /*
-        jellyfin: {
-            app: jellyfin.App(jellyfin.Params {
-                namespace: namespace,
-                name: "jellyfin",
-                filePath: std.thisFile,
-                // Defined in "dominion"
-                configClaimName: "jellyfin-config",
-                // Defined in "dominion"
-                serialClaimName: "serial-lake",
-                // Defined in "dominion"
-                filmClaimName: "film-lake",
-                // Defined in "dominion"
-                transcodeClaimName: "jellyfin-transcode",
-            }),
-            ingress: nginxIngress.Ingress(nginxIngress.IngressParams {
-                namespace: namespace,
-                name: "jellyfin-ion",
-                hosts: [
-                    "ion.cheapassbox.com",
-                ],
-                serviceName: "jellyfin-vui",
-            }),
-            pvcs: {
-                pvcJellyfinConfig: kube.RecoverableSimpleManyPvc(namespace, "jellyfin-config", "nfs-client", "10Gi", {
-                    volumeName: "pvc-287055fe-b436-11e9-bad8-b8aeed7dc356",
-                    nfsPath: "/volume3/fs/dominion-jellyfin-config-pvc-287055fe-b436-11e9-bad8-b8aeed7dc356",
-                    nfsServer: "apollo1.dominion.lan",
-                }),
-                pvcJellyfinTranscode: kube.RecoverableSimpleManyPvc(namespace, "jellyfin-transcode", "nfs-client", "200Gi", {
-                    volumeName: "pvc-2871f840-b436-11e9-bad8-b8aeed7dc356",
-                    nfsPath: "/volume3/fs/dominion-jellyfin-transcode-pvc-2871f840-b436-11e9-bad8-b8aeed7dc356",
-                    nfsServer: "apollo1.dominion.lan",
-                }),
-                //  NOTE: These are different!
-                pvcSerialLake: kube.RecoverableSimpleManyPvc(namespace, "serial-lake", "nfs-bulk", "160Gi", {
-                    volumeName: "pvc-2873b76a-b436-11e9-bad8-b8aeed7dc356",
-                    nfsPath: "/volume4/fs-bulk/dominion-serial-lake-pvc-2873b76a-b436-11e9-bad8-b8aeed7dc356",
-                    nfsServer: "apollo2.dominion.lan",
-                }),
-                pvcFilmLake: kube.RecoverableSimpleManyPvc(namespace, "film-lake", "nfs-bulk", "80Gi", {
-                    volumeName: "pvc-286ce6ea-b436-11e9-bad8-b8aeed7dc356",
-                    nfsPath: "/volume4/fs-bulk/dominion-film-lake-pvc-286ce6ea-b436-11e9-bad8-b8aeed7dc356",
-                    nfsServer: "apollo2.dominion.lan",
-                }),
-            },
-        },
-        */
-        freshrss: {
-            configPvc: base.RecoverableSimplePvc(namespace, "freshrss-config", "nfs-client", "32Gi", {
-                volumeName: "pvc-26b893fc-c3bf-11e9-8ccb-b8aeed7dc356",
-                nfsPath: "/volume3/fs/dominion-freshrss-config-pvc-26b893fc-c3bf-11e9-8ccb-b8aeed7dc356",
-                nfsServer: "apollo1.dominion.lan",
-            }),
-            app: freshrss.App(freshrss.Params {
-                namespace: namespace,
-                name: "freshrss",
-                filePath: std.thisFile,
-                // Defined in "dominion"
-                configClaimName: "freshrss-config",
-            }),
-            ingress: nginxIngress.Ingress(nginxIngress.IngressParams {
-                namespace: namespace,
-                name: "freshrss",
-                hosts: [
-                    "rss.cheapassbox.com",
-                ],
-                serviceName: "freshrss-ui",
-                annotations: nginxIngress.KubeOauthProxyAnnotations,
-            }),
-            ingress2: nginxIngress.Ingress(nginxIngress.IngressParams {
-                namespace: namespace,
-                name: "freshrss-csbx",
-                hosts: [
-                    "rss.csbx.dev",
-                ],
-                serviceName: "freshrss-ui",
-                annotations: nginxIngress.KubeCsbxOauthProxyAnnotations,
-            }),
-        },
-        transmission2: {
-            configPvc: base.RecoverableSimpleManyPvc(namespace, "transmission-config", "nfs-client", "50Mi", {
-                volumeName: "pvc-3d93c19b-c177-11e9-8ccb-b8aeed7dc356",
-                nfsPath: "/volume3/fs/dominion-transmission-config-pvc-3d93c19b-c177-11e9-8ccb-b8aeed7dc356",
-                nfsServer: "apollo1.dominion.lan",
-            }),
-            torrentFilesPvc: base.RecoverableSimpleManyPvc(namespace, "torrent-files", "nfs-client", "100Mi", {
-                volumeName: "pvc-73528d8b-c177-11e9-8ccb-b8aeed7dc356",
-                nfsPath: "/volume3/fs/dominion-torrent-files-pvc-73528d8b-c177-11e9-8ccb-b8aeed7dc356",
-                nfsServer: "apollo1.dominion.lan",
-            }),
-            incompleteDownloadsPvc: base.RecoverableSimpleManyPvc(namespace, "transmission-incomplete-downloads", "nfs-bulk", "100Gi", {
-                volumeName: "pvc-1c1a00ff-b9a8-4f92-b3a7-70f81752141d",
-                nfsPath: "/volume4/fs-bulk/dominion-transmission-incomplete-downloads-pvc-1c1a00ff-b9a8-4f92-b3a7-70f81752141d",
-                nfsServer: "apollo2.dominion.lan",
-            }),
-            app: transmission.App(transmission.Params {
-                namespace: namespace,
-                name: "transmission2",
-                filePath: std.thisFile,
-                configClaimName: "transmission-config",
-                incompleteDownloadsClaimName: "transmission-incomplete-downloads",
-                downloadsClaimName: "lanraragi-content",
-                torrentFilesClaimName: "torrent-files",
-                // TODO(acmcarther): Import from central location
-                dataNodePort: 32701,
-            }),
-            ingress: nginxIngress.Ingress(nginxIngress.IngressParams {
-                namespace: namespace,
-                name: "transmission",
-                hosts: [
-                    "ex-transmission.cheapassbox.com",
-                ],
-                serviceName: "transmission2-ui",
-                annotations: nginxIngress.DominionOauthProxyAnnotations,
-            }),
-            ingress2: nginxIngress.Ingress(nginxIngress.IngressParams {
-                namespace: namespace,
-                name: "transmission-csbx",
-                hosts: [
-                    "ex-transmission.csbx.dev",
-                ],
-                serviceName: "transmission2-ui",
-                annotations: nginxIngress.DominionCsbxOauthProxyAnnotations,
-            }),
-        },
-    },
-}
--- a/experimental/users/acmcarther/k8s/configs/environments/dominion/spec.json
+++ b/experimental/users/acmcarther/k8s/configs/environments/dominion/spec.json
@ -1,15 +0,0 @@
-{
-  "apiVersion": "tanka.dev/v1alpha1",
-  "kind": "Environment",
-  "metadata": {
-    "name": "environments/dominion",
-    "namespace": "environments/dominion/main.jsonnet"
-  },
-  "spec": {
-    "apiServer": "https://k8s.dominion.lan:6443",
-    "namespace": "dominion",
-    "resourceDefaults": {},
-    "expectVersions": {},
-    "injectLabels": true
-  }
-}
--- a/experimental/users/acmcarther/k8s/configs/environments/semantic-search/BUILD.bazel
+++ b/experimental/users/acmcarther/k8s/configs/environments/semantic-search/BUILD.bazel
@ -1,21 +0,0 @@
-load("@rules_jsonnet//jsonnet:jsonnet.bzl", "jsonnet_library", "jsonnet_to_json", "jsonnet_to_json_test")
-load("//tools:tanka.bzl", "tanka_environment")
-
-jsonnet_to_json(
-    name = "main",
-    src = "main.jsonnet",
-    outs = ["main.json"],
-    data = [
-    ],
-    visibility = ["//visibility:public"],
-    deps = [
-        "//k8s/configs/templates",
-        "//experimental/users/acmcarther/k8s/configs/templates",
-    ],
-)
-
-tanka_environment(
-    name = "semantic-search",
-    main = ":main",
-    spec = "spec.json",
-)
--- a/experimental/users/acmcarther/k8s/configs/environments/semantic-search/main.jsonnet
+++ b/experimental/users/acmcarther/k8s/configs/environments/semantic-search/main.jsonnet
@ -1,37 +0,0 @@
-local base = import "k8s/configs/base.libsonnet";
-local semanticSearch = import "experimental/users/acmcarther/k8s/configs/templates/semantic-search.libsonnet";
-local nginxIngress = import "k8s/configs/templates/core/network/nginx-ingress.libsonnet";
-
-local namespace = "semantic-search";
-local appName = "semantic-search-server";
-
-{
-    namespace: {
-        apiVersion: "v1",
-        kind: "Namespace",
-        metadata: {
-            name: namespace,
-        },
-    },
-    pvc: base.RecoverableSimpleManyPvc(namespace, appName + "-data", "nfs-client", "2Gi", {
-        volumeName: "pvc-a10eadb8-b2a3-45b2-a50b-83ab11ae7f39",
-        nfsPath: "/volume3/fs/semantic-search-semantic-search-server-data-pvc-a10eadb8-b2a3-45b2-a50b-83ab11ae7f39",
-        nfsServer: "apollo1.dominion.lan",
-    }),
-    apps: {
-        server: semanticSearch.App(semanticSearch.Params {
-            namespace: namespace,
-            name: appName,
-            filePath: std.thisFile,
-            dataClaimName: appName + "-data",
-        }),
-        ingress: nginxIngress.Ingress(nginxIngress.IngressParams {
-            namespace: namespace,
-            name: appName,
-            hosts: [
-                "search.csbx.dev",
-            ],
-            serviceName: appName + "-ui",
-        }),
-    },
-}
--- a/experimental/users/acmcarther/k8s/configs/environments/semantic-search/spec.json
+++ b/experimental/users/acmcarther/k8s/configs/environments/semantic-search/spec.json
@ -1,14 +0,0 @@
-{
-  "apiVersion": "tanka.dev/v1alpha1",
-  "kind": "Environment",
-  "metadata": {
-    "name": "environments/semantic-search"
-  },
-  "spec": {
-    "apiServer": "https://k8s.dominion.lan:6443",
-    "namespace": "semantic-search",
-    "resourceDefaults": {},
-    "expectVersions": {},
-    "injectLabels": true
-  }
-}
--- a/experimental/users/acmcarther/k8s/configs/environments/vault/BUILD.bazel
+++ b/experimental/users/acmcarther/k8s/configs/environments/vault/BUILD.bazel
@ -1,21 +0,0 @@
-load("@rules_jsonnet//jsonnet:jsonnet.bzl", "jsonnet_library", "jsonnet_to_json", "jsonnet_to_json_test")
-load("//tools:tanka.bzl", "tanka_environment")
-
-jsonnet_to_json(
-    name = "main",
-    src = "main.jsonnet",
-    outs = ["main.json"],
-    data = [
-        "@helm_hashicorp_vault//:chart",
-    ],
-    visibility = ["//visibility:public"],
-    deps = [
-        "//k8s/configs/templates",
-    ],
-)
-
-tanka_environment(
-    name = "vault",
-    main = ":main",
-    spec = "spec.json",
-)
--- a/experimental/users/acmcarther/k8s/configs/environments/vault/main.jsonnet
+++ b/experimental/users/acmcarther/k8s/configs/environments/vault/main.jsonnet
@ -1,83 +0,0 @@
-local base = import "k8s/configs/base.libsonnet";
-local nginxIngress = import "k8s/configs/templates/core/network/nginx-ingress.libsonnet";
-local vault = import "k8s/configs/templates/core/security/vault.libsonnet";
-
-local namespace = "vault";
-local ctx = base.NewContext(base.helm);
-{
-    namespace: {
-        apiVersion: "v1",
-        kind: "Namespace",
-        metadata: {
-            name: namespace,
-        },
-    },
-    apps: {
-        /*
-        consul: consul.App(consul.Params {
-            namespace: namespace,
-            context: ctx,
-            bootstrapTokenSecretName: "consul-bootstrap-acl-token",
-        }),
-        */
-        vault: vault.App(vault.Params {
-            namespace: namespace,
-            context: ctx,
-        }),
-        /*
-        vaultIngress1: nginxIngress.Ingress(nginxIngress.IngressParams {
-            namespace: namespace,
-            name: "vault",
-            hosts: [
-                "vault.cheapassbox.com",
-            ],
-            serviceName: "vault", # TODO
-            annotations: nginxIngress.KubeOauthProxyAnnotations,
-        }),
-        */
-        vaultIngress2: nginxIngress.Ingress(nginxIngress.IngressParams {
-            namespace: namespace,
-            name: "vault-csbx",
-            hosts: [
-                "vault.csbx.dev",
-            ],
-            serviceName: "vault-ui", # TODO
-            servicePort: 8200,
-            annotations: nginxIngress.KubeCsbxOauthProxyAnnotations,
-        }),
-    },
-    volumes: {
-        data0: base.RecoverableSimplePvc(namespace, "data-vault-0", "nfs-client", "10Gi", {
-            volumeName: "pvc-0aa9f845-baef-476b-971f-8cd30932b874",
-            nfsPath: "/volume3/fs/vault-data-vault-0-pvc-0aa9f845-baef-476b-971f-8cd30932b874",
-            nfsServer: "apollo1.dominion.lan",
-        }),
-        data1: base.RecoverableSimplePvc(namespace, "data-vault-1", "nfs-client", "10Gi", {
-            volumeName: "pvc-90241eff-1ed4-49e0-87bb-8485cd0f6aca",
-            nfsPath: "/volume3/fs/vault-data-vault-1-pvc-90241eff-1ed4-49e0-87bb-8485cd0f6aca",
-            nfsServer: "apollo1.dominion.lan",
-        }),
-        data2: base.RecoverableSimplePvc(namespace, "data-vault-2", "nfs-client", "10Gi", {
-            volumeName: "pvc-5c23b9b5-3fbf-4898-9784-83d9bbef185c",
-            nfsPath: "/volume3/fs/vault-data-vault-2-pvc-5c23b9b5-3fbf-4898-9784-83d9bbef185c",
-            nfsServer: "apollo1.dominion.lan",
-        }),
-        audit0: base.RecoverableSimplePvc(namespace, "audit-vault-0", "nfs-client", "10Gi", {
-            volumeName: "pvc-1d037ee0-836c-4079-a96f-f61ed13c9626",
-            nfsPath: "/volume3/fs/vault-audit-vault-0-pvc-1d037ee0-836c-4079-a96f-f61ed13c9626",
-            nfsServer: "apollo1.dominion.lan",
-        }),
-        audit1: base.RecoverableSimplePvc(namespace, "audit-vault-1", "nfs-client", "10Gi", {
-            volumeName: "pvc-6f63b89d-b007-440a-adea-b503b885b914",
-            nfsPath: "/volume3/fs/vault-audit-vault-1-pvc-6f63b89d-b007-440a-adea-b503b885b914",
-            nfsServer: "apollo1.dominion.lan",
-        }),
-        audit2: base.RecoverableSimplePvc(namespace, "audit-vault-2", "nfs-client", "10Gi", {
-            volumeName: "pvc-44121280-3a8c-4252-abe2-95e177e78efc",
-            nfsPath: "/volume3/fs/vault-audit-vault-2-pvc-44121280-3a8c-4252-abe2-95e177e78efc",
-            nfsServer: "apollo1.dominion.lan",
-        }),
-
-    },
-
-}
--- a/experimental/users/acmcarther/k8s/configs/environments/vault/spec.json
+++ b/experimental/users/acmcarther/k8s/configs/environments/vault/spec.json
@ -1,15 +0,0 @@
-{
-  "apiVersion": "tanka.dev/v1alpha1",
-  "kind": "Environment",
-  "metadata": {
-    "name": "environments/vault",
-    "namespace": "environments/vault/main.jsonnet"
-  },
-  "spec": {
-    "apiServer": "https://k8s.dominion.lan:6443",
-    "namespace": "vault",
-    "resourceDefaults": {},
-    "expectVersions": {},
-    "injectLabels": true
-  }
-}
--- a/experimental/users/acmcarther/k8s/configs/templates/BUILD.bazel
+++ b/experimental/users/acmcarther/k8s/configs/templates/BUILD.bazel
@ -1,12 +0,0 @@
-load("@rules_jsonnet//jsonnet:jsonnet.bzl", "jsonnet_library", "jsonnet_to_json", "jsonnet_to_json_test")
-
-jsonnet_library(
-    name = "templates",
-    srcs = glob(include = ["**/*.libsonnet"]),
-    visibility = ["//visibility:public"],
-    deps = [
-        "//k8s/configs:base",
-        "//k8s/configs:images",
-        "//k8s/configs/templates",
-    ],
-)
--- a/experimental/users/acmcarther/k8s/configs/templates/crossplane.libsonnet
+++ b/experimental/users/acmcarther/k8s/configs/templates/crossplane.libsonnet
@ -1,29 +0,0 @@
-local base = import "k8s/configs/base.libsonnet";
-
-local Params = base.SimpleFieldStruct([
-    "namespace",
-    "name",
-    "context",
-    "values",
-]);
-
-local App(params) = {
-    # The chart is provided by the @helm_crossplane_crossplane repository.
-    # Note: The path construction might need adjustment depending on how helm_deps handles the repo name.
-    # In chartfile.yaml, repo name is 'crossplane'.
-    local chartPath = "../../external/+helm_deps+helm_crossplane_crossplane",
-    
-    app: params.context.helm.template(params.name, chartPath, {
-        namespace: params.namespace,
-        values: params.values,
-        # Crossplane often needs includeCRDs: true or similar if it's not default in values.
-        # But for helm template, it's usually handled by includeCRDs option in the helm function if supported
-        # or just let helm handle it. Tanka's helm.template usually passes args to `helm template`.
-        includeCRDs: true,
-    })
-};
-
-{
-    Params: Params,
-    App: App,
-}
--- a/experimental/users/acmcarther/k8s/configs/templates/lanraragi.libsonnet
+++ b/experimental/users/acmcarther/k8s/configs/templates/lanraragi.libsonnet
@ -1,113 +0,0 @@
-local kube = import "k8s/configs/base.libsonnet";
-local images = import "k8s/configs/images.libsonnet";
-local templates = import "k8s/configs/templates/templates.libsonnet";
-
-local WebPort = 3000;
-
-local Params = kube.simpleFieldStruct([
-  "namespace",
-  "name",
-  "contentClaimName",
-  "databaseClaimName",
-  "thumbClaimName",
-  "filePath",
-]) {
-  image: images.Prod["difegue/lanraragi"],
-  webPort: WebPort,
-  gatekeeperSidecar: null,
-  resources: {
-    requests: {
-      cpu: "1000m",
-      memory: "1000Mi",
-    },
-    limits: {
-      cpu: "2000m",
-      memory: "2000Mi",
-    },
-  },
-};
-
-local App(params) = {
-  local nskube = kube.UsingNamespace(params.namespace),
-  local selector = {
-    name: params.name,
-    phase: "prod",
-  },
-  local selectorMixin = {
-    selector: selector
-  },
-  service: nskube.Service(params.name + '-ui') {
-    spec+: kube.SvcUtil.BasicHttpClusterIpSpec(WebPort) {
-      selector: selector
-    }
-  },
-  deployment: nskube.Deployment(params.name) {
-    metadata+: {
-      annotations: templates.annotations(params.filePath, std.thisFile),
-    },
-    spec+: {
-      strategy: kube.DeployUtil.SimpleRollingUpdate(),
-      replicas: 1,
-      selector: {
-        matchLabels: selector,
-      },
-      template: {
-        metadata: {
-          labels: selector,
-          annotations: templates.annotations(params.filePath, std.thisFile),
-        },
-        spec+: {
-          imagePullSecrets: [
-            {
-              name: "docker-auth",
-            }
-          ],
-          containers: [
-            {
-              image: params.image,
-              name: "lanraragi",
-              ports: [
-                kube.DeployUtil.ContainerPort("http", params.webPort),
-              ],
-              resources: params.resources,
-              readinessProbe: {
-                httpGet: {
-                  path: "/",
-                  port: params.webPort,
-                },
-                initialDelaySeconds: 30,
-              },
-
-              livenessProbe: {
-                httpGet: {
-                  path: "/",
-                  port: params.webPort,
-                },
-                initialDelaySeconds: 30,
-                periodSeconds: 15,
-                failureThreshold: 10 
-              },
-              args: [],
-              volumeMounts: [
-                 kube.DeployUtil.VolumeMount("content", "/home/koyomi/lanraragi/content"),
-                 kube.DeployUtil.VolumeMount("database", "/home/koyomi/lanraragi/database"),
-                 kube.DeployUtil.VolumeMount("thumb", "/home/koyomi/lanraragi/thumb"),
-              ]
-            },
-          ],
-          volumes: [
-            kube.DeployUtil.VolumeClaimRef("content", params.contentClaimName),
-            kube.DeployUtil.VolumeClaimRef("database", params.databaseClaimName),
-            kube.DeployUtil.VolumeClaimRef("thumb", params.thumbClaimName),
-          ],
-        }
-      },
-    },
-  }
-};
-
-{
-  WebPort: WebPort,
-  Params: Params,
-  App(params): App(params),
-}
--- a/experimental/users/acmcarther/k8s/configs/templates/naifu2.libsonnet
+++ b/experimental/users/acmcarther/k8s/configs/templates/naifu2.libsonnet
@ -1,126 +0,0 @@
-local kube = import "k8s/configs/base.libsonnet";
-local linuxserver = import "k8s/configs/templates/core/linuxserver.libsonnet";
-local images = import "k8s/configs/images.libsonnet";
-
-local probe(delaySeconds) = {
-  initialDelaySeconds: delaySeconds,
-  periodSeconds: 20,
-  tcpSocket: {
-    port: "http",
-  },
-};
-
-local WebPort = 7860;
-
-local Params = kube.simpleFieldStruct([
-  "namespace",
-  "name",
-  "filePath",
-  "storageClaimName",
-  "outputClaimName",
-  //"ingressHost",
-]) {
-  labels: {},
-  gatekeeperSidecar: null,
-  lsParams: linuxserver.AppParams {
-    name: $.name,
-    namespace: $.namespace,
-    filePath: $.filePath,
-    templatePath: std.thisFile,
-    baseAppName: "naifu",
-    imageName: "naifu2",
-    imagePullSecrets: ["regcred"],
-    labels+: $.labels,
-    gatekeeperSidecar: $.gatekeeperSidecar,
-    isPrivileged: true,
-    services: [
-      linuxserver.Service {
-        suffix: "ui",
-        spec: {
-          type: "ClusterIP",
-          ports: [
-            kube.SvcUtil.TCPServicePort("http", 80) {
-              targetPort: WebPort
-            },
-          ],
-        },
-      },
-    ],
-    nodeSelector: {
-      "gpu": "nvidia"
-    },
-    ports: [ 
-      kube.DeployUtil.ContainerPort("http", WebPort), 
-    ],
-    env: linuxserver.Env {
-      others: [
-        kube.NameVal("CLI_ARGS", "--allow-code --ui-config-file /stable-diffusion-webui/models/Stable-diffusion/ui-config.json --styles-file /stable-diffusion-webui/models/Stable-diffusion/styles.csv --deepdanbooru"),
-        kube.NameVal("NVIDIA_VISIBLE_DEVICES", "all"),
-        //kube.NameVal("CLI_FLAGS", "--extra-models-cpu --optimized-turbo"),
-        //--precision full --no-half
-        //kube.NameVal("CLI_FLAGS", "--no-half"),
-        //kube.NameVal("CUDA_VISIBLE_DEVICES", "0"),
-        #kube.NameVal("TOKEN", "example-token"),
-      ]
-    },
-    args: [
-    ],
-    pvcs: [
-      linuxserver.Pvc{
-        name: "naifu-storage",
-        mountPath: "/data",
-        bindName: $.storageClaimName,
-      },
-      linuxserver.Pvc{
-        name: "naifu-output",
-        mountPath: "/output",
-        bindName: $.outputClaimName,
-      },
-
-    ],
-    hostPaths: [
-      linuxserver.HostPath{
-        name: "nvidia-nvidia-uvm",
-        hostPath: "/dev/nvidia-uvm",
-        mountPath: "/dev/nvidia-uvm",
-      },
-      linuxserver.HostPath{
-        name: "nvidia-nvidia0",
-        hostPath: "/dev/nvidia0",
-        mountPath: "/dev/nvidia0",
-      },
-      linuxserver.HostPath{
-        name: "nvidia-nvidiactrl",
-        hostPath: "/dev/nvidiactrl",
-        mountPath: "/dev/nvidiactrl",
-      },
-      linuxserver.HostPath{
-        name: "nvidia-drivers",
-        hostPath: "/opt/drivers/nvidia",
-        mountPath: "/usr/local/nvidia",
-      },
-
-    ],
-    resources: {
-      requests: {
-        cpu: "1000m",
-        memory: "12000Mi",
-      },
-      limits: {
-        cpu: "4000m",
-        memory: "24000Mi",
-      },
-    },
-    //livenessProbe: probe(/*delaySeconds=*/60),
-    //readinessProbe: probe(/*delaySeconds=*/60),
-  },
-};
-
-local App(params) = linuxserver.App(params.lsParams) {
-};
-
-{
-  WebPort: WebPort,
-  Params: Params,
-  App(params): App(params),
-}
--- a/experimental/users/acmcarther/k8s/configs/templates/semantic-search.libsonnet
+++ b/experimental/users/acmcarther/k8s/configs/templates/semantic-search.libsonnet
@ -1,89 +0,0 @@
-local kube = import "k8s/configs/base.libsonnet";
-local linuxserver = import "k8s/configs/templates/core/linuxserver.libsonnet";
-local images = import "k8s/configs/images.libsonnet";
-
-local searchProbe(delaySeconds) = {
-  initialDelaySeconds: delaySeconds,
-  periodSeconds: 30,
-  tcpSocket: {
-    port: "http",
-  },
-};
-
-local WebPort = 8000;
-local DataDir = "/app/ai/data/vectordb";
-local ModelCacheDir = DataDir + "/models";
-
-local Params = kube.simpleFieldStruct([
-  "namespace",
-  "name",
-  "filePath",
-  "dataClaimName",
-]) {
-  labels: {},
-  gatekeeperSidecar: null,
-  lsParams: linuxserver.AppParams {
-    name: $.name,
-    namespace: $.namespace,
-    filePath: $.filePath,
-    templatePath: std.thisFile,
-    baseAppName: "semantic-search",
-    imageName: "semantic-search-server",
-    labels+: $.labels,
-    gatekeeperSidecar: $.gatekeeperSidecar,
-    env+: linuxserver.Env {
-        others: [
-            kube.NameVal("TRANSFORMERS_CACHE", ModelCacheDir),
-        ],
-    },
-    services: [
-      linuxserver.Service {
-        suffix: "ui",
-        spec: kube.SvcUtil.BasicHttpClusterIpSpec(WebPort)
-      },
-    ],
-    ports: [ kube.DeployUtil.ContainerPort("http", WebPort), ],
-    pvcs: [
-      linuxserver.Pvc {
-        name: "data",
-        mountPath: DataDir,
-        bindName: $.dataClaimName,
-      },
-    ],
-    resources: {
-      requests: {
-        cpu: "100m",
-        memory: "512Mi",
-      },
-      limits: {
-        cpu: "500m",
-        memory: "2Gi",
-      },
-    },
-    livenessProbe: searchProbe(/*delaySeconds=*/60),
-    readinessProbe: searchProbe(/*delaySeconds=*/60),
-  },
-};
-
-local App(params) =
-  local baseApp = linuxserver.App(params.lsParams);
-  baseApp {
-    deployment+: {
-      spec+: {
-        template+: {
-          spec+: {
-            containers: [
-              c { imagePullPolicy: "Always" }
-              for c in super.containers
-            ],
-          },
-        },
-      },
-    },
-  };
-
-{
-  Params: Params,
-  WebPort: WebPort,
-  App(params): App(params),
-}
--- a/experimental/users/acmcarther/k8s/configs/templates/static-site.libsonnet
+++ b/experimental/users/acmcarther/k8s/configs/templates/static-site.libsonnet
@ -1,58 +0,0 @@
-// A template for deploying a generic static website with Nginx.
-local kube = import "k8s/configs/base.libsonnet";
-local linuxserver = import "k8s/configs/templates/core/linuxserver.libsonnet";
-local images = import "k8s/configs/images.libsonnet";
-
-local WebPort = 80;
-
-local Params = kube.simpleFieldStruct([
-  "namespace",
-  "name",
-  "filePath",
-  "dataClaimName",
-]) {
-  labels: {},
-  gatekeeperSidecar: null,
-  lsParams: linuxserver.AppParams {
-    name: $.name,
-    namespace: $.namespace,
-    filePath: $.filePath,
-    templatePath: std.thisFile,
-    baseAppName: "static-site",
-    imageName: "nginx:1.29.1-alpine",
-    labels+: $.labels,
-    gatekeeperSidecar: $.gatekeeperSidecar,
-    services: [
-      linuxserver.Service {
-        suffix: "ui",
-        spec: kube.SvcUtil.BasicHttpClusterIpSpec(WebPort)
-      },
-    ],
-    ports: [ kube.DeployUtil.ContainerPort("http", WebPort), ],
-    pvcs: [
-      linuxserver.Pvc{
-        name: "static-content",
-        mountPath: "/usr/share/nginx/html",
-        bindName: $.dataClaimName,
-      },
-    ],
-    resources: {
-      requests: {
-        cpu: "10m",
-        memory: "32Mi",
-      },
-      limits: {
-        cpu: "50m",
-        memory: "64Mi",
-      },
-    },
-  },
-};
-
-local App(params) = linuxserver.App(params.lsParams);
-
-{
-  Params: Params,
-  WebPort: WebPort,
-  App(params): App(params),
-}
--- a/k8s/configs/environments/sourcebot/main.jsonnet
+++ b/k8s/configs/environments/sourcebot/main.jsonnet
@ -17,6 +17,7 @@ local params = linuxserver.AppParams {
  filePath: std.thisFile,
  templatePath: std.thisFile,
  authUrl: 'https://sourcebot.csbx.dev',
+  forceEnableAnonymousAccess: false,
  ports: [ base.DeployUtil.ContainerPort("http", WebPort), ],
  services: [
    linuxserver.Service {
@ -53,6 +54,7 @@ local params = linuxserver.AppParams {
      base.NameVal('CONFIG_PATH', '/etc/sourcebot/config.json'),
      base.NameVal('AUTH_URL', $.authUrl),
      base.NameVal('SOURCEBOT_TELEMETRY_DISABLED', 'true'),
+      base.NameVal('FORCE_ENABLE_ANONYMOUS_ACCESS', if $.forceEnableAnonymousAccess then 'true' else 'false'),
      {
        name: 'GITEA_TOKEN',
        valueFrom: {
@ -74,11 +76,17 @@ local params = linuxserver.AppParams {
      name: namespaceName,
    },
  },
+  // This database might have been destroyed...
  pvc: base.RecoverableSimplePvc(namespaceName, appName + '-data', 'nfs-client', '10Gi', {
    volumeName: "pvc-55405f2b-f253-4e3e-a45f-2a1a18f75c89",
    nfsPath: "/volume3/fs/sourcebot-sourcebot-data-pvc-55405f2b-f253-4e3e-a45f-2a1a18f75c89",
    nfsServer: "apollo1.dominion.lan",
  }),
+  pvc1: base.RecoverableSimplePvc(namespaceName, appName + '-1-data', 'nfs-client', '10Gi', null/*{
+    volumeName: "pvc-55405f2b-f253-4e3e-a45f-2a1a18f75c89",
+    nfsPath: "/volume3/fs/sourcebot-sourcebot-data-pvc-55405f2b-f253-4e3e-a45f-2a1a18f75c89",
+    nfsServer: "apollo1.dominion.lan",
+  }*/),
  pvc2: base.RecoverableSimplePvc(namespaceName, appName + '-2-data', 'nfs-client', '10Gi', {
    volumeName: "pvc-73d0ed19-562b-4bd9-a198-d8a5d21f0146",
    nfsPath: "/volume3/fs/sourcebot-sourcebot-2-data-pvc-73d0ed19-562b-4bd9-a198-d8a5d21f0146",
@ -134,12 +142,16 @@ local params = linuxserver.AppParams {
      |||
    },
  },
-  app: linuxserver.App(params),
+  app: linuxserver.App(params {
+    imageName: "sourcebot-patched",
+    pvcName: appName + '-1-data',
+  }),
  app2: linuxserver.App(params {
    name: appName + '-2',
    authUrl: 'https://source-mirror.csbx.dev',
    configMapName: appName + '-2',
    pvcName: appName + '-2-data',
+    forceEnableAnonymousAccess: true,
  }),
  ingress1: nginxIngress.Ingress(nginxIngress.IngressParams {
    namespace: namespaceName,
--- a/k8s/configs/images.libsonnet
+++ b/k8s/configs/images.libsonnet
@ -91,8 +91,8 @@ local ProdImages() =  {
  # 2025-07-??
  "ollama/ollama": "ollama/ollama:0.9.6",
  "ghcr.io/open-webui/open-webui": "ghcr.io/open-webui/open-webui:v0.6.18",
-  #"sourcebot": "ghcr.io/sourcebot-dev/sourcebot:v4.10.12",
-  "sourcebot": "forgejo.csbx.dev/acmcarther/sourcebot:v4.10.12-patched",
+  "sourcebot": "ghcr.io/sourcebot-dev/sourcebot:v4.10.12",
+  "sourcebot-patched": "forgejo.csbx.dev/acmcarther/sourcebot:v4.10.12-patched",
  # 2026-01-18
  "linuxserver/jellyfin": "linuxserver/jellyfin:10.11.5",
 };
--- a/tools/copybara/yesod-mirror/copy.bara.sky
+++ b/tools/copybara/yesod-mirror/copy.bara.sky
@ -18,7 +18,7 @@ core.workflow(
    ),
    # Exclude notes and anything that looks secret-like for now.
    # The secrets are encrypted, but we don't need them in the mirror anyway.
-    origin_files = glob(["*", "**/*"], exclude=["notes/**", "**/*.sops.yaml"]),
+    origin_files = glob(["*", "**/*"], exclude=["notes/**", "**/*.sops.yaml", "experimental/users/acmcarther/k8s/**"]),
    
    authoring = authoring.pass_thru("Copybara <copybara@csbx.dev>"),