eliott/Olares
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4e9b8d840d55a5d15dcf87c7317e4eae1d6dbb10
Olares/framework/files/.olares/config/cluster/deploy/files_deploy.yaml

935 lines
27 KiB
YAML
Raw Blame History

{{- $namespace := printf "%s" "os-framework" -}}
{{- $files_secret := (lookup "v1" "Secret" $namespace "files-secrets") -}}
{{- $files_postgres_password := "" -}}
{{ if $files_secret -}}
{{ $files_postgres_password = (index $files_secret "data" "files_postgres_password") }}
{{ else -}}
{{ $files_postgres_password = randAlphaNum 16 | b64enc }}
{{- end -}}
{{- $files_redis_password := "" -}}
{{ if $files_secret -}}
{{ $files_redis_password = (index $files_secret "data" "files_redis_password") }}
{{ else -}}
{{ $files_redis_password = randAlphaNum 16 | b64enc }}
{{- end -}}
{{- $files_nats_secret := (lookup "v1" "Secret" "os-framework" "files-nats-secrets") -}}
{{- $files_nats_password := "" -}}
{{ if $files_nats_secret -}}
{{ $files_nats_password = (index $files_nats_secret "data" "files_nats_password") }}
{{ else -}}
{{ $files_nats_password = randAlphaNum 16 | b64enc }}
{{- end -}}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: files
namespace: {{ .Release.Namespace }}
labels:
app: files
applications.app.bytetrade.io/author: bytetrade.io
spec:
selector:
matchLabels:
app: files
template:
metadata:
labels:
app: files
annotations:
{{ if .Values.telemetry }}
instrumentation.opentelemetry.io/inject-nginx: "olares-instrumentation"
instrumentation.opentelemetry.io/inject-nginx-container-names: "nginx"
instrumentation.opentelemetry.io/inject-go: "olares-instrumentation"
instrumentation.opentelemetry.io/go-container-names: "gateway,files,uploader"
instrumentation.opentelemetry.io/otel-go-auto-target-exe: "/filebrowser"
{{ end }}
spec:
serviceAccount: os-internal
serviceAccountName: os-internal
priorityClassName: "system-cluster-critical"
securityContext:
runAsUser: 0
runAsNonRoot: false
initContainers:
- name: init-data
image: busybox:1.28
securityContext:
privileged: true
runAsNonRoot: false
runAsUser: 0
volumeMounts:
- name: userspace-dir
mountPath: /data
- name: fb-data
mountPath: /appdata
- name: upload-appdata
mountPath: /appcache
- mountPath: /data/appcache
name: upload-appdata
command:
- sh
- -c
- env
- name: init-container
image: 'postgres:16.0-alpine3.18'
command:
- sh
- '-c'
- >-
echo -e "Checking for the availability of PostgreSQL Server
deployment"; until psql -h $PGHOST -p $PGPORT -U $PGUSER -d $PGDB1
-c "SELECT 1"; do sleep 1; printf "-"; done; sleep 5; echo -e " >>
PostgreSQL DB Server has started";
env:
- name: PGHOST
value: citus-headless.os-platform
- name: PGPORT
value: '5432'
- name: PGUSER
value: files_os_framework
- name: PGPASSWORD
value: {{ $files_postgres_password | b64dec }}
- name: PGDB1
value: os_framework_files
containers:
- command:
- /rclone
- rcd
- --rc-addr
- :5572
- --rc-no-auth
- --log-level
- DEBUG
- --no-check-certificate
- --s3-directory-markers
- --fs-cache-expire-duration
- "0"
- --s3-list-version
- "2"
- --config
- /dev/null
image: beclab/rclone:v1.73.0
imagePullPolicy: IfNotPresent
name: rclone
ports:
- containerPort: 5572
protocol: TCP
resources: {}
securityContext:
allowPrivilegeEscalation: true
privileged: true
runAsUser: 0
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /data/appcache/
name: upload-appdata
- mountPath: /appdata
name: fb-data
- mountPath: /data
name: userspace-dir
- mountPath: /appcache/
name: upload-appdata
{{ if .Values.sharedlib }}
- mountPath: /data/External
mountPropagation: Bidirectional
name: shared-lib
{{ end }}
- name: samba-server
image: beclab/samba-server:0.0.8
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: true
runAsUser: 0
privileged: true
volumeMounts:
- mountPath: /data/appcache/
name: upload-appdata
- name: fb-data
mountPath: /appdata
- name: userspace-dir
mountPath: /data
- name: upload-appdata
mountPath: /appcache/
{{ if .Values.sharedlib }}
- name: shared-lib
mountPath: /data/External
mountPropagation: Bidirectional
{{ end }}
ports:
- containerPort: 445
env:
{{ if .Values.sharedlib }}
- name: NODE_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: TERMINUSD_HOST
value: $(NODE_IP):18088
{{ end }}
- name: EXTERNAL_PREFIX
value: '/External/'
- name: ROOT_PREFIX
value: /data
- name: REDIS_HOST
value: redis-cluster-proxy.os-platform
- name: REDIS_PORT
value: '6379'
- name: REDIS_USERNAME
value: ''
- name: REDIS_PASSWORD
value: {{ $files_redis_password | b64dec }}
- name: REDIS_USE_SSL
value: 'false'
# use redis db 0 for redis cache
- name: REDIS_DB
value: '0'
- name: PGHOST
value: citus-headless.os-platform
- name: PGPORT
value: '5432'
- name: PGUSER
value: files_os_framework
- name: PGPASSWORD
value: {{ $files_postgres_password | b64dec }}
- name: PGDB1
value: os_framework_files
command:
- /samba_share
- name: files
image: beclab/files-server:v0.2.135
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: true
runAsUser: 0
privileged: true
volumeMounts:
- mountPath: /data/appcache/
name: upload-appdata
- name: fb-data
mountPath: /appdata
- name: userspace-dir
mountPath: /data
- name: upload-appdata
mountPath: /appcache/
- name: seafile-data
mountPath: /root/dev/seafile-data
{{ if .Values.sharedlib }}
- name: shared-lib
mountPath: /data/External
mountPropagation: Bidirectional
{{ end }}
ports:
- containerPort: 8110
env:
{{ if .Values.sharedlib }}
- name: NODE_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: TERMINUSD_HOST
value: $(NODE_IP):18088
{{ end }}
- name: EXTERNAL_PREFIX
value: '/External/'
- name: ES_ENABLED
value: 'False'
- name: WATCHER_ENABLED
value: 'True'
- name: KNOWLEDGE_BASE_ENABLED
value: 'False'
- name: PHOTOS_ENABLED
value: 'True'
- name: FB_DATABASE
value: /appdata/database/filebrowser.db
- name: FB_CONFIG
value: /appdata/config/settings.json
- name: FB_ROOT
value: /data
- name: MEDIA_SERVER_DATA_DIR
value: /data
- name: SEAFILE_SERVICE
value: seafile
- name: WATCH_DIR
value: '/Home'
- name: FS_TYPE
value: {{ .Values.fs_type }}
- name: PATH_PREFIX
value: ''
- name: ROOT_PREFIX
value: /data
- name: CACHE_ROOT_PATH
value: ''
- name: CONTENT_PATH
value: /Home/Documents
- name: PHOTOS_PATH
value: /Home/Pictures
- name: REDIS_HOST
value: redis-cluster-proxy.os-platform
- name: REDIS_PORT
value: '6379'
- name: REDIS_USERNAME
value: ''
- name: REDIS_PASSWORD
value: {{ $files_redis_password | b64dec }}
- name: REDIS_USE_SSL
value: 'false'
# use redis db 0 for redis cache
- name: REDIS_DB
value: '0'
- name: NATS_HOST
value: nats.os-platform
- name: NATS_PORT
value: '4222'
- name: NATS_USERNAME
value: os-files-server
- name: NATS_PASSWORD
valueFrom:
secretKeyRef:
name: files-nats-secrets
key: files_nats_password
- name: NATS_SUBJECT
value: os.files-notify
- name: NATS_SUBJECT_SYSTEM_FILES
value: os.files
- name: NATS_SUBJECT_SYSTEM_USERS
value: os.users
- name: NATS_SUBJECT_SYSTEM_GROUPS
value: os.groups
- name: RESERVED_SPACE
value: '1000'
- name: OLARES_VERSION
value: '1.12'
- name: FILE_CACHE_DIR
value: '/data/file_cache'
- name: PGHOST
value: citus-headless.os-platform
- name: PGPORT
value: '5432'
- name: PGUSER
value: files_os_framework
- name: PGPASSWORD
value: {{ $files_postgres_password | b64dec }}
- name: PGDB1
value: os_framework_files
- name: FB_SEAFILE_RPC_PATH
value: /root/dev/seafile-data
- name: UPLOAD_FILE_TYPE
value: '*'
- name: UPLOAD_LIMITED_SIZE
value: "118111600640"
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: CONTAINER_NAME
value: files
- name: NOTIFY_SERVER
value: fsnotify-svc.os-platform:5079
command:
- /filebrowser
- --noauth
- -p
- "8080"
- name: nginx
image: 'beclab/docker-nginx-headers-more:ubuntu-v0.1.0'
securityContext:
runAsNonRoot: false
runAsUser: 0
ports:
- containerPort: 80
protocol: TCP
volumeMounts:
- name: files-nginx-config
readOnly: true
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
- name: files-nginx-config
mountPath: /etc/nginx/conf.d/default.conf
subPath: default.conf
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: IfNotPresent
volumes:
- name: userspace-dir
hostPath:
type: Directory
path: '{{ .Values.rootPath }}/rootfs/userspace'
- name: fb-data
hostPath:
type: DirectoryOrCreate
path: '{{ .Values.rootPath }}/userdata/Cache/files'
- name: upload-appdata
hostPath:
path: '{{ .Values.rootPath }}/userdata/Cache'
type: DirectoryOrCreate
- name: files-nginx-config
configMap:
name: files-nginx-config
items:
- key: nginx.conf
path: nginx.conf
- key: default.conf
path: default.conf
defaultMode: 420
- name: user-appdata-dir
hostPath:
path: '{{ .Values.rootPath }}/userdata/Cache'
type: Directory
- name: seafile-data
hostPath:
path: '{{ .Values.rootPath }}/rootfs/Application/seafile/data'
type: DirectoryOrCreate
{{ if .Values.sharedlib }}
- name: shared-lib
hostPath:
path: "{{ .Values.sharedlib }}"
type: Directory
{{ end }}
---
kind: Service
apiVersion: v1
metadata:
name: files-samba
namespace: os-framework
spec:
ports:
- name: smb
protocol: TCP
port: 445
targetPort: 445
nodePort: 445
selector:
app: files
type: NodePort
externalTrafficPolicy: Local
---
apiVersion: v1
kind: Service
metadata:
name: files-service
namespace: {{ .Release.Namespace }}
spec:
selector:
app: files
type: ClusterIP
ports:
- protocol: TCP
name: files
port: 80
targetPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: media-server-service
namespace: {{ .Release.Namespace }}
spec:
selector:
app: files
type: ClusterIP
ports:
- protocol: TCP
name: media-server
port: 9090
targetPort: 80
---
apiVersion: v1
kind: Secret
metadata:
name: files-secrets
namespace: {{ .Release.Namespace }}
type: Opaque
data:
files_postgres_password: {{ $files_postgres_password }}
files_redis_password: {{ $files_redis_password }}
---
apiVersion: v1
kind: Secret
metadata:
name: files-nats-secrets
namespace: {{ .Release.Namespace }}
data:
files_nats_password: {{ $files_nats_password }}
type: Opaque
---
apiVersion: apr.bytetrade.io/v1alpha1
kind: MiddlewareRequest
metadata:
name: files-pg
namespace: {{ .Release.Namespace }}
spec:
app: files
appNamespace: {{ .Release.Namespace }}
middleware: postgres
postgreSQL:
user: files_os_framework
password:
valueFrom:
secretKeyRef:
key: files_postgres_password
name: files-secrets
databases:
- name: files
---
apiVersion: apr.bytetrade.io/v1alpha1
kind: MiddlewareRequest
metadata:
name: files-redis
namespace: {{ .Release.Namespace }}
spec:
app: files
appNamespace: {{ .Release.Namespace }}
middleware: redis
redis:
password:
valueFrom:
secretKeyRef:
key: files_redis_password
name: files-secrets
namespace: files-redis
---
apiVersion: apr.bytetrade.io/v1alpha1
kind: MiddlewareRequest
metadata:
name: files-server-nat
namespace: {{ .Release.Namespace }}
spec:
app: files-server
appNamespace: os
middleware: nats
nats:
password:
valueFrom:
secretKeyRef:
key: files_nats_password
name: files-nats-secrets
subjects:
- name: "files.*"
permission:
pub: allow
sub: allow
- name: files-notify
permission:
pub: allow
sub: allow
- name: files
permission:
pub: allow
sub: allow
- name: users
permission:
pub: deny
sub: allow
- name: groups
permission:
pub: deny
sub: allow
user: os-files-server
---
kind: ConfigMap
apiVersion: v1
metadata:
name: files-nginx-config
namespace: {{ .Release.Namespace }}
annotations:
kubesphere.io/creator: bytetrade.io
data:
nginx.conf: |-
user nginx;
worker_processes auto;
worker_rlimit_nofile 65535;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
tcp_nodelay on;
tcp_nopush on;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 2700;
client_max_body_size 4000M;
client_body_buffer_size 64m;
proxy_buffers 32 256k;
proxy_buffer_size 512k;
client_header_buffer_size 16k;
large_client_header_buffers 8 32k;
proxy_request_buffering off;
client_body_timeout 120s;
client_header_timeout 60s;
send_timeout 120s;
keepalive_requests 1000;
gzip on;
gzip_types text/plain application/javascript text/css;
gzip_comp_level 2;
include /etc/nginx/conf.d/*.conf;
}
default.conf: |-
server {
listen 80 default_server;
# Gzip Settings
gzip on;
gzip_disable "msie6";
gzip_min_length 1k;
gzip_buffers 16 64k;
gzip_http_version 1.1;
gzip_comp_level 6;
gzip_types *;
client_max_body_size 2000M;
root /app;
# normal routes
# serve given url and default to index.html if not found
# e.g. /, /user and /foo/bar will return index.html
location / {
try_files $uri $uri/index.html /index.html;
add_header Cache-Control "private,no-cache";
add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
expires 0;
}
location /api/resources/AppData {
proxy_pass http://127.0.0.1:8080;
# rewrite ^/server(.*)$ $1 break;
# Add original-request-related headers
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
client_body_timeout 600s;
client_max_body_size 2000M;
proxy_request_buffering off;
keepalive_timeout 750s;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
location /api/raw/AppData {
proxy_pass http://127.0.0.1:8080;
# rewrite ^/server(.*)$ $1 break;
# Add original-request-related headers
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
client_body_timeout 1800s;
client_max_body_size 4000M;
proxy_request_buffering off;
keepalive_timeout 2700s;
proxy_read_timeout 1800s;
proxy_send_timeout 1800s;
}
location /api/raw {
proxy_pass http://127.0.0.1:8080;
# rewrite ^/server(.*)$ $1 break;
# Add original-request-related headers
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
client_body_timeout 1800s;
client_max_body_size 4000M;
proxy_request_buffering off;
keepalive_timeout 2700s;
proxy_read_timeout 1800s;
proxy_send_timeout 1800s;
}
location /api/md5 {
proxy_pass http://127.0.0.1:8080;
# rewrite ^/server(.*)$ $1 break;
# Add original-request-related headers
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
add_header Accept-Ranges bytes;
client_body_timeout 1800s;
client_max_body_size 4000M;
proxy_request_buffering off;
keepalive_timeout 2700s;
proxy_read_timeout 1800s;
proxy_send_timeout 1800s;
}
location /api/paste {
proxy_pass http://127.0.0.1:8080;
# rewrite ^/server(.*)$ $1 break;
# Add original-request-related headers
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
add_header Accept-Ranges bytes;
client_body_timeout 1800s;
client_max_body_size 4000M;
proxy_request_buffering off;
keepalive_timeout 2700s;
proxy_read_timeout 1800s;
proxy_send_timeout 1800s;
}
location /api/cache {
proxy_pass http://127.0.0.1:8080;
# rewrite ^/server(.*)$ $1 break;
# Add original-request-related headers
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
add_header Accept-Ranges bytes;
client_body_timeout 1800s;
client_max_body_size 4000M;
proxy_request_buffering off;
keepalive_timeout 2700s;
proxy_read_timeout 1800s;
proxy_send_timeout 1800s;
}
location /provider {
proxy_pass http://127.0.0.1:8080;
# rewrite ^/server(.*)$ $1 break;
# Add original-request-related headers
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
client_body_timeout 60s;
client_max_body_size 2000M;
proxy_request_buffering off;
keepalive_timeout 75s;
proxy_read_timeout 60s;
proxy_send_timeout 60s;
}
location /api {
proxy_pass http://127.0.0.1:8080;
# rewrite ^/server(.*)$ $1 break;
# Add original-request-related headers
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
add_header Accept-Ranges bytes;
client_body_timeout 600s;
client_max_body_size 4000M;
proxy_request_buffering off;
keepalive_timeout 750s;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
location /callback {
proxy_pass http://127.0.0.1:8080;
# rewrite ^/server(.*)$ $1 break;
# Add original-request-related headers
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
add_header Accept-Ranges bytes;
client_body_timeout 600s;
client_max_body_size 4000M;
proxy_request_buffering off;
keepalive_timeout 750s;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
location /upload {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Connection keep-alive;
proxy_request_buffering off;
proxy_buffering off;
proxy_connect_timeout 15s;
proxy_send_timeout 90s;
proxy_read_timeout 90s;
send_timeout 90s;
proxy_max_temp_file_size 0;
client_body_buffer_size 64m;
proxy_buffers 8 64k;
proxy_buffer_size 128k;
proxy_busy_buffers_size 128k;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header Accept-Ranges bytes;
}
location /system {
proxy_pass http://127.0.0.1:8080;
# Add original-request-related headers
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
add_header Accept-Ranges bytes;
client_body_timeout 600s;
client_max_body_size 4000M;
proxy_request_buffering off;
keepalive_timeout 750s;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
location /videos {
proxy_pass http://127.0.0.1:8080;
# rewrite ^/server(.*)$ $1 break;
# Add original-request-related headers
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
add_header Accept-Ranges bytes;
client_body_timeout 600s;
client_max_body_size 4000M;
proxy_request_buffering off;
keepalive_timeout 750s;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
location /seahub/ {
proxy_pass http://seafile/;
# rewrite ^/server(.*)$ $1 break;
# Add original-request-related headers
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
add_header Accept-Ranges bytes;
client_body_timeout 600s;
client_max_body_size 2000M;
proxy_request_buffering off;
keepalive_timeout 750s;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
location /seafhttp/upload-aj {
proxy_pass http://127.0.0.1:8080;
# rewrite ^/server(.*)$ $1 break;
# Add original-request-related headers
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
add_header Accept-Ranges bytes;
client_body_timeout 600s;
client_max_body_size 2000M;
proxy_request_buffering off;
keepalive_timeout 750s;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
location /seafhttp/ {
proxy_pass http://seafile:8082/;
# rewrite ^/server(.*)$ $1 break;
# Add original-request-related headers
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
add_header Accept-Ranges bytes;
client_body_timeout 600s;
client_max_body_size 2000M;
proxy_request_buffering off;
keepalive_timeout 750s;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
# Set cache for static resources
location ~ ^/(assets|js|css|fonts|img)/.*.(js|css|png|jpg|svg|woff|woff2)$
{
add_header Cache-Control "public, max-age=2678400";
}
location ~ ^/resources/Home/Pictures/(.*.(png|jpg|svg|gif|jpeg))$
{
alias /data/Pictures/$1;
autoindex off;
}
}
Reference in New Issue View Git Blame Copy Permalink