diff --git a/kubernetes/lianalabs/apps/federated/kustomization.yaml b/kubernetes/lianalabs/apps/federated/kustomization.yaml new file mode 100644 index 0000000..51fca06 --- /dev/null +++ b/kubernetes/lianalabs/apps/federated/kustomization.yaml @@ -0,0 +1,6 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./namespace.yaml diff --git a/kubernetes/lianalabs/apps/federated/namespace.yaml b/kubernetes/lianalabs/apps/federated/namespace.yaml new file mode 100644 index 0000000..93ebf55 --- /dev/null +++ b/kubernetes/lianalabs/apps/federated/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: federated + labels: + kustomize.toolkit.fluxcd.io/prune: disabled diff --git a/kubernetes/lianalabs/apps/labs/homepage/app/resources/services.yaml b/kubernetes/lianalabs/apps/labs/homepage/app/resources/services.yaml index d9fba7e..24ab465 100644 --- a/kubernetes/lianalabs/apps/labs/homepage/app/resources/services.yaml +++ b/kubernetes/lianalabs/apps/labs/homepage/app/resources/services.yaml @@ -1,2 +1,58 @@ --- +- Network: + # - OPNsense: + # href: https://opnsense.${SECRET_OLD_DOMAIN} + # siteMonitor: https://opnsense.${SECRET_OLD_DOMAIN} + # icon: opnsense + # description: RSS feed + # widget: + # type: opnsense + # url: https://opnsense.${SECRET_OLD_DOMAIN} + # key: "{{HOMEPAGE_VAR_OPNSENSE_TOKEN}}" - Services: + - Miniflux: + href: https://rss.${SECRET_INTERNAL_DOMAIN} + siteMonitor: http://miniflux.labs.svc.cluster.local/healthcheck + icon: miniflux + description: RSS feed + widget: + type: miniflux + url: http://miniflux.labs.svc.cluster.local + key: "{{HOMEPAGE_VAR_MINIFLUX_TOKEN}}" +- Media: + - Jellyfin: + href: https://${SECRET_MEDIA_DOMAIN} + siteMonitor: https://${SECRET_MEDIA_DOMAIN} + icon: jellyfin + description: Media streaming + widget: + type: jellyfin + url: https://${SECRET_MEDIA_DOMAIN} + key: "{{HOMEPAGE_VAR_JELLYFIN_TOKEN}}" + - Jellyfin: + href: https://jellyseerr.${SECRET_MEDIA_DOMAIN} + siteMonitor: https://jellyseerr.${SECRET_MEDIA_DOMAIN} + icon: jellyseerr + description: Media requests + widget: + type: jellyseerr + url: https://jellyseerr.${SECRET_MEDIA_DOMAIN} + key: "{{HOMEPAGE_VAR_JELLYSEERR_TOKEN}}" + - Sonarr: + href: https://sonarr.${SECRET_MEDIA_DOMAIN} + siteMonitor: https://sonarr.${SECRET_MEDIA_DOMAIN} + icon: sonarr + description: TV + widget: + type: sonarr + url: https://sonarr.${SECRET_MEDIA_DOMAIN} + key: "{{HOMEPAGE_VAR_SONARR_TOKEN}}" + - Radarr: + href: https://radarr.${SECRET_MEDIA_DOMAIN} + siteMonitor: https://radarr.${SECRET_MEDIA_DOMAIN} + icon: radarr + description: Movies + widget: + type: radarr + url: https://radarr.${SECRET_MEDIA_DOMAIN} + key: "{{HOMEPAGE_VAR_RADARR_TOKEN}}" diff --git a/kubernetes/lianalabs/apps/labs/kustomization.yaml b/kubernetes/lianalabs/apps/labs/kustomization.yaml index 30fa837..c2168a9 100644 --- a/kubernetes/lianalabs/apps/labs/kustomization.yaml +++ b/kubernetes/lianalabs/apps/labs/kustomization.yaml @@ -13,3 +13,4 @@ resources: - ./cyberchef/ks.yaml - ./redlib/ks.yaml - ./linkding/ks.yaml + - ./web-check/ks.yaml diff --git a/kubernetes/lianalabs/apps/labs/web-check/app/helmrelease.yaml b/kubernetes/lianalabs/apps/labs/web-check/app/helmrelease.yaml new file mode 100644 index 0000000..ee96652 --- /dev/null +++ b/kubernetes/lianalabs/apps/labs/web-check/app/helmrelease.yaml @@ -0,0 +1,77 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app web-check +spec: + interval: 30m + chart: + spec: + chart: app-template + version: 3.5.1 + interval: 30m + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + + values: + controllers: + web-check: + replicas: 1 + strategy: RollingUpdate + annotations: + reloader.stakater.com/auto: "true" + pod: + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + fsGroupChangePolicy: "OnRootMismatch" + containers: + app: + image: + repository: ghcr.io/lissy93/web-check + tag: latest@sha256:a2ae048b601c7d44ab148d746f5836ace7b4e8514ba8f905c4890b90635c62c5 + resources: + requests: + cpu: 5m + memory: 32Mi + limits: + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + service: + app: + controller: *app + ports: + http: + port: 8080 + ingress: + app: + className: traefik + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + gethomepage.dev/enabled: "true" + gethomepage.dev/group: Tools + gethomepage.dev/name: *app + gethomepage.dev/description: Web OSINT + gethomepage.dev/icon: web-check + hosts: + - host: &host "it-tools.${SECRET_INTERNAL_DOMAIN}" + paths: + - path: / + service: + identifier: app + port: http + tls: + - secretName: web-check-tls + hosts: [*host] + persistence: + tmp: + type: emptyDir diff --git a/kubernetes/lianalabs/apps/labs/web-check/app/kustomization.yaml b/kubernetes/lianalabs/apps/labs/web-check/app/kustomization.yaml new file mode 100644 index 0000000..17cbc72 --- /dev/null +++ b/kubernetes/lianalabs/apps/labs/web-check/app/kustomization.yaml @@ -0,0 +1,6 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml diff --git a/kubernetes/lianalabs/apps/labs/web-check/ks.yaml b/kubernetes/lianalabs/apps/labs/web-check/ks.yaml new file mode 100644 index 0000000..ca06079 --- /dev/null +++ b/kubernetes/lianalabs/apps/labs/web-check/ks.yaml @@ -0,0 +1,26 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app web-check + namespace: flux-system +spec: + targetNamespace: labs + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: traefik + path: ./kubernetes/lianalabs/apps/labs/web-check/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-gitops + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m + postBuild: + substitute: + APP: *app diff --git a/kubernetes/lianalabs/apps/media/kustomization.yaml b/kubernetes/lianalabs/apps/media/kustomization.yaml index 51fca06..1deda68 100644 --- a/kubernetes/lianalabs/apps/media/kustomization.yaml +++ b/kubernetes/lianalabs/apps/media/kustomization.yaml @@ -4,3 +4,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./namespace.yaml + #- ./piped/ks.yaml diff --git a/kubernetes/lianalabs/apps/media/piped/app/helmrelease.yaml b/kubernetes/lianalabs/apps/media/piped/app/helmrelease.yaml new file mode 100644 index 0000000..32088eb --- /dev/null +++ b/kubernetes/lianalabs/apps/media/piped/app/helmrelease.yaml @@ -0,0 +1,111 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app piped + namespace: media +spec: + interval: 30m + chart: + spec: + chart: piped + version: 6.0.4 + sourceRef: + kind: HelmRepository + name: piped + namespace: flux-system + install: + createNamespace: true + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + crds: Skip + remediation: + strategy: rollback + retries: 3 + values: + postgresql: + enabled: false + frontend: + image: + repository: "docker.io/1337kavin/piped-frontend" + tag: "latest" + pullPolicy: Always + env: + BACKEND_HOSTNAME: &api api.yt.${SECRET_INTERNAL_DOMAIN} + TZ: ${TIMEZONE} + + backend: + image: + repository: docker.io/1337kavin/piped + pullPolicy: "Always" + initContainers: + 01-init-db: + image: + repository: ghcr.io/onedr0p/postgres-init + tag: "16" + imagePullPolicy: IfNotPresent + envFrom: + - secretRef: + name: &secret piped-secret + podAnnotations: + configmap.reloader.stakater.com/reload: "piped-backend-config" + env: + TZ: ${TIMEZONE} + config: + PORT: 8080 + HTTP_WORKERS: 4 + PROXY_PART: &proxy https://proxy.yt.${SECRET_INTERNAL_DOMAIN} + # DISABLE_REGISTRATION: false + database: + secret: + name: *secret + connection_url: CONNECTION_URL + username: INIT_POSTGRES_USER + password: INIT_POSTGRES_PASS + ingress: + main: + enabled: true + ingressClassName: traefik + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + gethomepage.dev/enabled: "true" + gethomepage.dev/group: Tools + gethomepage.dev/name: Piped + gethomepage.dev/description: YouTube client + gethomepage.dev/icon: mdi-youtube + hosts: + - host: &host yt.${SECRET_INTERNAL_DOMAIN} + paths: + - path: "/" + tls: + - secretName: piped-frontend-tls + hosts: + - *host + backend: + enabled: true + ingressClassName: traefik + annotations: + hajimari.io/enable: "false" + hosts: + - host: *api + paths: + - path: "/" + tls: + - secretName: piped-api-tls + hosts: + - *api + ytproxy: + enabled: true + ingressClassName: traefik + annotations: + hajimari.io/enable: "false" + hosts: + - host: &proxy proxy.yt.${SECRET_INTERNAL_DOMAIN} + paths: + - path: "/" + tls: + - secretName: piped-proxy-tls + hosts: + - *proxy diff --git a/kubernetes/lianalabs/apps/media/piped/app/kustomization.yaml b/kubernetes/lianalabs/apps/media/piped/app/kustomization.yaml new file mode 100644 index 0000000..5ae7a45 --- /dev/null +++ b/kubernetes/lianalabs/apps/media/piped/app/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./secret.sops.yaml + - ./helmrelease.yaml + - ../../../database/cloudnative-pg/app/secret.sops.yaml diff --git a/kubernetes/lianalabs/apps/media/piped/app/secret.sops.yaml b/kubernetes/lianalabs/apps/media/piped/app/secret.sops.yaml new file mode 100644 index 0000000..a89c9c0 --- /dev/null +++ b/kubernetes/lianalabs/apps/media/piped/app/secret.sops.yaml @@ -0,0 +1,31 @@ +# yamllint disable +kind: Secret +apiVersion: v1 +type: Opaque +metadata: + name: piped-secret +stringData: + INIT_POSTGRES_USER: ENC[AES256_GCM,data:PClMpCo=,iv:WswYV4g8v6yC9BBc+mRwqaW7uBlLYpB/IQP0/9Xa8uU=,tag:/4UO3l/iYn2G6tWsd/J7EA==,type:str] + INIT_POSTGRES_PASS: null + DATABASE_URL: ENC[AES256_GCM,data:qubN/jEvkx3VtuYvNJcihullUJWUYmISs2/vlQOSqQLhmq2fTbXLIb1loKFmpt9XK/za17EZRKh/cAHOEePR1nvpXcflULyMf89i8+7P0UxtOtVmEJEHDaCpGw==,iv:V5cfvsj12SVUjwZsNjM4RpMB7pnWUFr3ncfT6vNeDoU=,tag:HXUs60lmP9zanDABDJxRlA==,type:str] + CONNECTION_URL: ENC[AES256_GCM,data:Ml4MIn1tcLLbd9woL0wVPAem/MvGq5ZeUVo4XFeJt7iZsZxZInNk4ZlhP3hNQD7Tp4qoQvXatA6YToe6,iv:bFZSz0cFBnzCU56g12Usx6gfm9NHrxnPikVQPuUEI4A=,tag:Fr3kgiADMHUDDeAILoyUDQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age19nu7uf8dageqlmzk23x7vl24fpn0l7cq20l3l4xxf2sk2xd5h98qss437p + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBORHlmdTRudXlhQ0xwb1hv + QVZJMFhPUWJmOU5xZXdwbFhVdWxJTTdxSUdJCjdxYTVZU2ltTFMySkV6cFdqd0hH + VmlYUTRtQmh4L3dUb1gzNDY5Zlk3aG8KLS0tIG83ZVpwQk5pMSswMTRHczk3NTdF + YkI2MTZLamFIOTUyOUx2ZlZOVGw3b3cKzgoAlWBy9DBWFt3SJ6IJa5d1haTNEEmP + bY3ypNKP1yj0MFLDTfqnI3HtE8yRi93z551b2jFy8cViVUXlWzMWtA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-19T00:27:03Z" + mac: ENC[AES256_GCM,data:A1H/pyFlWoypT6NA69pUNDTxN3oI/pWuSQjmcvqytfDW/d9B1wbT2JuCa7KZu5P6FUC2cMk7y7gU8rj+g3WF6vPcGQm3bPXJJ0OX2ingztf/041gkZwooxaQTqOpZbsnbpDl3vGI1gnIwQuW18XqFVye34LxgdMmqf/9HsxQYPQ=,iv:KpBhyabXFD67gL33H7xGu0bzrZAkqMmIvMV/GkLbD5g=,tag:toFR3GZiRtZoPR4nPrph6g==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.1 diff --git a/kubernetes/lianalabs/apps/media/piped/ks.yaml b/kubernetes/lianalabs/apps/media/piped/ks.yaml new file mode 100644 index 0000000..5cd2035 --- /dev/null +++ b/kubernetes/lianalabs/apps/media/piped/ks.yaml @@ -0,0 +1,26 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app piped + namespace: flux-system +spec: + targetNamespace: media + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: traefik + path: ./kubernetes/lianalabs/apps/media/piped/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-gitops + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m + postBuild: + substitute: + APP: *app diff --git a/kubernetes/lianalabs/flux/repositories/helm/piped.yaml b/kubernetes/lianalabs/flux/repositories/helm/piped.yaml new file mode 100644 index 0000000..355c832 --- /dev/null +++ b/kubernetes/lianalabs/flux/repositories/helm/piped.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: piped + namespace: flux-system +spec: + interval: 1h + url: https://helm.piped.video