Skip to content

Commit

Permalink
--wip-- [skipci]
Browse files Browse the repository at this point in the history
  • Loading branch information
Liana64 committed Nov 22, 2024
1 parent 8118b73 commit 1f614ab
Show file tree
Hide file tree
Showing 13 changed files with 366 additions and 0 deletions.
6 changes: 6 additions & 0 deletions kubernetes/lianalabs/apps/federated/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./namespace.yaml
7 changes: 7 additions & 0 deletions kubernetes/lianalabs/apps/federated/namespace.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: federated
labels:
kustomize.toolkit.fluxcd.io/prune: disabled
Original file line number Diff line number Diff line change
@@ -1,2 +1,58 @@
---
- Network:
# - OPNsense:
# href: https://opnsense.${SECRET_OLD_DOMAIN}
# siteMonitor: https://opnsense.${SECRET_OLD_DOMAIN}
# icon: opnsense
# description: RSS feed
# widget:
# type: opnsense
# url: https://opnsense.${SECRET_OLD_DOMAIN}
# key: "{{HOMEPAGE_VAR_OPNSENSE_TOKEN}}"
- Services:
- Miniflux:
href: https://rss.${SECRET_INTERNAL_DOMAIN}
siteMonitor: http://miniflux.labs.svc.cluster.local/healthcheck
icon: miniflux
description: RSS feed
widget:
type: miniflux
url: http://miniflux.labs.svc.cluster.local
key: "{{HOMEPAGE_VAR_MINIFLUX_TOKEN}}"
- Media:
- Jellyfin:
href: https://${SECRET_MEDIA_DOMAIN}
siteMonitor: https://${SECRET_MEDIA_DOMAIN}
icon: jellyfin
description: Media streaming
widget:
type: jellyfin
url: https://${SECRET_MEDIA_DOMAIN}
key: "{{HOMEPAGE_VAR_JELLYFIN_TOKEN}}"
- Jellyfin:
href: https://jellyseerr.${SECRET_MEDIA_DOMAIN}
siteMonitor: https://jellyseerr.${SECRET_MEDIA_DOMAIN}
icon: jellyseerr
description: Media requests
widget:
type: jellyseerr
url: https://jellyseerr.${SECRET_MEDIA_DOMAIN}
key: "{{HOMEPAGE_VAR_JELLYSEERR_TOKEN}}"
- Sonarr:
href: https://sonarr.${SECRET_MEDIA_DOMAIN}
siteMonitor: https://sonarr.${SECRET_MEDIA_DOMAIN}
icon: sonarr
description: TV
widget:
type: sonarr
url: https://sonarr.${SECRET_MEDIA_DOMAIN}
key: "{{HOMEPAGE_VAR_SONARR_TOKEN}}"
- Radarr:
href: https://radarr.${SECRET_MEDIA_DOMAIN}
siteMonitor: https://radarr.${SECRET_MEDIA_DOMAIN}
icon: radarr
description: Movies
widget:
type: radarr
url: https://radarr.${SECRET_MEDIA_DOMAIN}
key: "{{HOMEPAGE_VAR_RADARR_TOKEN}}"
1 change: 1 addition & 0 deletions kubernetes/lianalabs/apps/labs/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,3 +13,4 @@ resources:
- ./cyberchef/ks.yaml
- ./redlib/ks.yaml
- ./linkding/ks.yaml
- ./web-check/ks.yaml
77 changes: 77 additions & 0 deletions kubernetes/lianalabs/apps/labs/web-check/app/helmrelease.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app web-check
spec:
interval: 30m
chart:
spec:
chart: app-template
version: 3.5.1
interval: 30m
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system

values:
controllers:
web-check:
replicas: 1
strategy: RollingUpdate
annotations:
reloader.stakater.com/auto: "true"
pod:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: "OnRootMismatch"
containers:
app:
image:
repository: ghcr.io/lissy93/web-check
tag: latest@sha256:a2ae048b601c7d44ab148d746f5836ace7b4e8514ba8f905c4890b90635c62c5
resources:
requests:
cpu: 5m
memory: 32Mi
limits:
memory: 256Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
service:
app:
controller: *app
ports:
http:
port: 8080
ingress:
app:
className: traefik
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-production"
gethomepage.dev/enabled: "true"
gethomepage.dev/group: Tools
gethomepage.dev/name: *app
gethomepage.dev/description: Web OSINT
gethomepage.dev/icon: web-check
hosts:
- host: &host "it-tools.${SECRET_INTERNAL_DOMAIN}"
paths:
- path: /
service:
identifier: app
port: http
tls:
- secretName: web-check-tls
hosts: [*host]
persistence:
tmp:
type: emptyDir
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helmrelease.yaml
26 changes: 26 additions & 0 deletions kubernetes/lianalabs/apps/labs/web-check/ks.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app web-check
namespace: flux-system
spec:
targetNamespace: labs
commonMetadata:
labels:
app.kubernetes.io/name: *app
dependsOn:
- name: traefik
path: ./kubernetes/lianalabs/apps/labs/web-check/app
prune: true
sourceRef:
kind: GitRepository
name: k8s-gitops
wait: false
interval: 30m
retryInterval: 1m
timeout: 5m
postBuild:
substitute:
APP: *app
1 change: 1 addition & 0 deletions kubernetes/lianalabs/apps/media/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./namespace.yaml
#- ./piped/ks.yaml
111 changes: 111 additions & 0 deletions kubernetes/lianalabs/apps/media/piped/app/helmrelease.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,111 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app piped
namespace: media
spec:
interval: 30m
chart:
spec:
chart: piped
version: 6.0.4
sourceRef:
kind: HelmRepository
name: piped
namespace: flux-system
install:
createNamespace: true
remediation:
retries: 3
upgrade:
cleanupOnFail: true
crds: Skip
remediation:
strategy: rollback
retries: 3
values:
postgresql:
enabled: false
frontend:
image:
repository: "docker.io/1337kavin/piped-frontend"
tag: "latest"
pullPolicy: Always
env:
BACKEND_HOSTNAME: &api api.yt.${SECRET_INTERNAL_DOMAIN}
TZ: ${TIMEZONE}

backend:
image:
repository: docker.io/1337kavin/piped
pullPolicy: "Always"
initContainers:
01-init-db:
image:
repository: ghcr.io/onedr0p/postgres-init
tag: "16"
imagePullPolicy: IfNotPresent
envFrom:
- secretRef:
name: &secret piped-secret
podAnnotations:
configmap.reloader.stakater.com/reload: "piped-backend-config"
env:
TZ: ${TIMEZONE}
config:
PORT: 8080
HTTP_WORKERS: 4
PROXY_PART: &proxy https://proxy.yt.${SECRET_INTERNAL_DOMAIN}
# DISABLE_REGISTRATION: false
database:
secret:
name: *secret
connection_url: CONNECTION_URL
username: INIT_POSTGRES_USER
password: INIT_POSTGRES_PASS
ingress:
main:
enabled: true
ingressClassName: traefik
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-production"
gethomepage.dev/enabled: "true"
gethomepage.dev/group: Tools
gethomepage.dev/name: Piped
gethomepage.dev/description: YouTube client
gethomepage.dev/icon: mdi-youtube
hosts:
- host: &host yt.${SECRET_INTERNAL_DOMAIN}
paths:
- path: "/"
tls:
- secretName: piped-frontend-tls
hosts:
- *host
backend:
enabled: true
ingressClassName: traefik
annotations:
hajimari.io/enable: "false"
hosts:
- host: *api
paths:
- path: "/"
tls:
- secretName: piped-api-tls
hosts:
- *api
ytproxy:
enabled: true
ingressClassName: traefik
annotations:
hajimari.io/enable: "false"
hosts:
- host: &proxy proxy.yt.${SECRET_INTERNAL_DOMAIN}
paths:
- path: "/"
tls:
- secretName: piped-proxy-tls
hosts:
- *proxy
8 changes: 8 additions & 0 deletions kubernetes/lianalabs/apps/media/piped/app/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./secret.sops.yaml
- ./helmrelease.yaml
- ../../../database/cloudnative-pg/app/secret.sops.yaml
31 changes: 31 additions & 0 deletions kubernetes/lianalabs/apps/media/piped/app/secret.sops.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# yamllint disable
kind: Secret
apiVersion: v1
type: Opaque
metadata:
name: piped-secret
stringData:
INIT_POSTGRES_USER: ENC[AES256_GCM,data:PClMpCo=,iv:WswYV4g8v6yC9BBc+mRwqaW7uBlLYpB/IQP0/9Xa8uU=,tag:/4UO3l/iYn2G6tWsd/J7EA==,type:str]
INIT_POSTGRES_PASS: null
DATABASE_URL: ENC[AES256_GCM,data:qubN/jEvkx3VtuYvNJcihullUJWUYmISs2/vlQOSqQLhmq2fTbXLIb1loKFmpt9XK/za17EZRKh/cAHOEePR1nvpXcflULyMf89i8+7P0UxtOtVmEJEHDaCpGw==,iv:V5cfvsj12SVUjwZsNjM4RpMB7pnWUFr3ncfT6vNeDoU=,tag:HXUs60lmP9zanDABDJxRlA==,type:str]
CONNECTION_URL: ENC[AES256_GCM,data:Ml4MIn1tcLLbd9woL0wVPAem/MvGq5ZeUVo4XFeJt7iZsZxZInNk4ZlhP3hNQD7Tp4qoQvXatA6YToe6,iv:bFZSz0cFBnzCU56g12Usx6gfm9NHrxnPikVQPuUEI4A=,tag:Fr3kgiADMHUDDeAILoyUDQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19nu7uf8dageqlmzk23x7vl24fpn0l7cq20l3l4xxf2sk2xd5h98qss437p
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBORHlmdTRudXlhQ0xwb1hv
QVZJMFhPUWJmOU5xZXdwbFhVdWxJTTdxSUdJCjdxYTVZU2ltTFMySkV6cFdqd0hH
VmlYUTRtQmh4L3dUb1gzNDY5Zlk3aG8KLS0tIG83ZVpwQk5pMSswMTRHczk3NTdF
YkI2MTZLamFIOTUyOUx2ZlZOVGw3b3cKzgoAlWBy9DBWFt3SJ6IJa5d1haTNEEmP
bY3ypNKP1yj0MFLDTfqnI3HtE8yRi93z551b2jFy8cViVUXlWzMWtA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-19T00:27:03Z"
mac: ENC[AES256_GCM,data:A1H/pyFlWoypT6NA69pUNDTxN3oI/pWuSQjmcvqytfDW/d9B1wbT2JuCa7KZu5P6FUC2cMk7y7gU8rj+g3WF6vPcGQm3bPXJJ0OX2ingztf/041gkZwooxaQTqOpZbsnbpDl3vGI1gnIwQuW18XqFVye34LxgdMmqf/9HsxQYPQ=,iv:KpBhyabXFD67gL33H7xGu0bzrZAkqMmIvMV/GkLbD5g=,tag:toFR3GZiRtZoPR4nPrph6g==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.9.1
26 changes: 26 additions & 0 deletions kubernetes/lianalabs/apps/media/piped/ks.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app piped
namespace: flux-system
spec:
targetNamespace: media
commonMetadata:
labels:
app.kubernetes.io/name: *app
dependsOn:
- name: traefik
path: ./kubernetes/lianalabs/apps/media/piped/app
prune: true
sourceRef:
kind: GitRepository
name: k8s-gitops
wait: false
interval: 30m
retryInterval: 1m
timeout: 5m
postBuild:
substitute:
APP: *app
10 changes: 10 additions & 0 deletions kubernetes/lianalabs/flux/repositories/helm/piped.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: piped
namespace: flux-system
spec:
interval: 1h
url: https://helm.piped.video

0 comments on commit 1f614ab

Please sign in to comment.