From 9a44273047504d86001e82a556743c00df4562bf Mon Sep 17 00:00:00 2001 From: Liana Date: Mon, 9 Dec 2024 23:12:45 -0600 Subject: [PATCH] --wip-- [skipci] --- .../bitwarden/bitwarden/app/helmrelease.yaml | 205 ++++++++++++++++++ .../bitwarden/app/kustomization.yaml | 6 + .../bitwarden/bitwarden/app/secret.sops.yaml | 34 +++ .../main/apps/bitwarden/bitwarden/ks.yaml | 20 ++ .../main/apps/bitwarden/kustomization.yaml | 6 + kubernetes/main/apps/bitwarden/namespace.yaml | 7 + .../downloads/archivebox/app/helmrelease.yaml | 1 - .../downloads/bazarr/app/helmrelease.yaml | 110 ++++++++++ .../downloads/bazarr/app/kustomization.yaml | 6 + kubernetes/main/apps/downloads/bazarr/ks.yaml | 26 +++ .../downloads/cross-seed/app/helmrelease.yaml | 95 ++++++++ .../cross-seed/app/kustomization.yaml | 7 + .../downloads/cross-seed/app/secret.sops.yaml | 30 +++ .../main/apps/downloads/cross-seed/ks.yaml | 26 +++ .../flaresolverr/app/helmrelease.yaml | 48 ++++ .../flaresolverr/app/kustomization.yaml | 6 + .../main/apps/downloads/flaresolverr/ks.yaml | 26 +++ .../main/apps/downloads/kustomization.yaml | 4 + .../qbittorrent/app/helmrelease.yaml | 10 +- .../downloads/radarr/app/helmrelease.yaml | 6 +- .../downloads/radarr/app/secret.sops.yaml | 16 +- .../recyclarr/app/config/recyclarr.yaml | 74 +++++++ .../downloads/recyclarr/app/helmrelease.yaml | 80 +++++++ .../recyclarr/app/kustomization.yaml | 15 ++ .../downloads/recyclarr/app/secret.sops.yaml | 29 +++ .../main/apps/downloads/recyclarr/ks.yaml | 26 +++ .../downloads/sonarr/app/helmrelease.yaml | 125 +++++++++++ .../downloads/sonarr/app/kustomization.yaml | 7 + .../downloads/sonarr/app/secret.sops.yaml | 28 +++ kubernetes/main/apps/downloads/sonarr/ks.yaml | 26 +++ .../home/homepage/app/resources/settings.yaml | 6 +- kubernetes/main/apps/tools/kustomization.yaml | 2 +- 32 files changed, 1089 insertions(+), 24 deletions(-) create mode 100644 kubernetes/main/apps/bitwarden/bitwarden/app/helmrelease.yaml create mode 100644 kubernetes/main/apps/bitwarden/bitwarden/app/kustomization.yaml create mode 100644 kubernetes/main/apps/bitwarden/bitwarden/app/secret.sops.yaml create mode 100644 kubernetes/main/apps/bitwarden/bitwarden/ks.yaml create mode 100644 kubernetes/main/apps/bitwarden/kustomization.yaml create mode 100644 kubernetes/main/apps/bitwarden/namespace.yaml create mode 100644 kubernetes/main/apps/downloads/bazarr/app/helmrelease.yaml create mode 100644 kubernetes/main/apps/downloads/bazarr/app/kustomization.yaml create mode 100644 kubernetes/main/apps/downloads/bazarr/ks.yaml create mode 100644 kubernetes/main/apps/downloads/cross-seed/app/helmrelease.yaml create mode 100644 kubernetes/main/apps/downloads/cross-seed/app/kustomization.yaml create mode 100644 kubernetes/main/apps/downloads/cross-seed/app/secret.sops.yaml create mode 100644 kubernetes/main/apps/downloads/cross-seed/ks.yaml create mode 100644 kubernetes/main/apps/downloads/flaresolverr/app/helmrelease.yaml create mode 100644 kubernetes/main/apps/downloads/flaresolverr/app/kustomization.yaml create mode 100644 kubernetes/main/apps/downloads/flaresolverr/ks.yaml create mode 100644 kubernetes/main/apps/downloads/recyclarr/app/config/recyclarr.yaml create mode 100644 kubernetes/main/apps/downloads/recyclarr/app/helmrelease.yaml create mode 100644 kubernetes/main/apps/downloads/recyclarr/app/kustomization.yaml create mode 100644 kubernetes/main/apps/downloads/recyclarr/app/secret.sops.yaml create mode 100644 kubernetes/main/apps/downloads/recyclarr/ks.yaml create mode 100644 kubernetes/main/apps/downloads/sonarr/app/helmrelease.yaml create mode 100644 kubernetes/main/apps/downloads/sonarr/app/kustomization.yaml create mode 100644 kubernetes/main/apps/downloads/sonarr/app/secret.sops.yaml create mode 100644 kubernetes/main/apps/downloads/sonarr/ks.yaml diff --git a/kubernetes/main/apps/bitwarden/bitwarden/app/helmrelease.yaml b/kubernetes/main/apps/bitwarden/bitwarden/app/helmrelease.yaml new file mode 100644 index 0000000..03e4be7 --- /dev/null +++ b/kubernetes/main/apps/bitwarden/bitwarden/app/helmrelease.yaml @@ -0,0 +1,205 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: bitwarden +spec: + interval: 30m + chart: + spec: + chart: self-host + version: 2024.11.0 + sourceRef: + kind: HelmRepository + name: bitwarden + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 + values: + sharedStorageClassName: "cluster-nvme" + general: + admins: "${SECRET_ADMIN_EMAIL}" + disableUserRegistration: "false" + cloudRegion: US + enableCloudCommunication: true + sharedStorageClassName: "cluster-nvme" + volumeAccessMode: "ReadWriteOnce" + domain: "bitwarden.${SECRET_EXTERNAL_DOMAIN}" + ingress: + enabled: true + className: traefik + annotations: + gethomepage.dev/enabled: "true" + gethomepage.dev/group: Home + gethomepage.dev/name: Bitwarden + gethomepage.dev/description: Password management + gethomepage.dev/icon: bitwarden + tls: + name: bitwarden-tls + clusterIssuer: letsencrypt-production + paths: + web: + path: / + pathType: ImplementationSpecific + attachments: + path: /attachments/ + pathType: ImplementationSpecific + api: + path: /api/ + pathType: ImplementationSpecific + icons: + path: /icons/ + pathType: ImplementationSpecific + notifications: + path: /notifications/ + pathType: ImplementationSpecific + events: + path: /events/ + pathType: ImplementationSpecific + scim: + path: /scim/ + pathType: ImplementationSpecific + sso: + path: /sso/ + pathType: ImplementationSpecific + identity: + path: /identity/ + pathType: ImplementationSpecific + admin: + path: /admin/ + pathType: ImplementationSpecific + email: + smtpSsl: "false" + smtpPort: "465" + smtpHost: "${SECRET_SMTP_HOST}" + replyToEmail: "${SECRET_SMTP_FROM}" + secrets: + secretName: bitwarden-secret + database: + enabled: false + #volume: + # backups: + # storageClass: "cluster-nvme" + # data: + # storageClass: "cluster-nvme" + # log: + # storageClass: "cluster-nvme" + volume: + dataprotection: + storageClass: "cluster-nvme" + attachments: + storageClass: "cluster-nvme" + licenses: + storageClass: "cluster-nvme" + logs: + enabled: true + storageClass: "cluster-nvme" + # rawManifests: + # preInstall: [] + # postInstall: + # - apiVersion: traefik.io/v1alpha1 + # kind: Middleware + # metadata: + # name: "bitwarden-self-host-middleware-stripprefix" + # spec: + # stripPrefix: + # prefixes: + # - /api + # - /attachements + # - /icons + # - /notifications + # - /events + # - /scim + # ##### NOTE: Admin, Identity, and SSO will not function correctly with path strip middleware + # - apiVersion: traefik.io/v1alpha1 + # kind: IngressRoute + # metadata: + # name: "bitwarden-self-host-ingress" + # spec: + # entryPoints: + # - websecure + # routes: + # - kind: Rule + # match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/`) + # services: + # - kind: Service + # name: bitwarden-self-host-web + # passHostHeader: true + # port: 5000 + # - kind: Rule + # match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/api/`) + # services: + # - kind: Service + # name: bitwarden-self-host-api + # port: 5000 + # middlewares: + # - name: "bitwarden-self-host-middleware-stripprefix" + # - kind: Rule + # match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/attachments/`) + # services: + # - kind: Service + # name: bitwarden-self-host-api + # port: 5000 + # middlewares: + # - name: "bitwarden-self-host-middleware-stripprefix" + # - kind: Rule + # match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/icons/`) + # services: + # - kind: Service + # name: bitwarden-self-host-icons + # port: 5000 + # middlewares: + # - name: "bitwarden-self-host-middleware-stripprefix" + # - kind: Rule + # match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/notifications/`) + # services: + # - kind: Service + # name: bitwarden-self-host-notifications + # port: 5000 + # middlewares: + # - name: "bitwarden-self-host-middleware-stripprefix" + # - kind: Rule + # match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/events/`) + # services: + # - kind: Service + # name: bitwarden-self-host-events + # port: 5000 + # middlewares: + # - name: "bitwarden-self-host-middleware-stripprefix" + # - kind: Rule + # match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/scim/`) + # services: + # - kind: Service + # name: bitwarden-self-host-scim + # port: 5000 + # middlewares: + # - name: "bitwarden-self-host-middleware-stripprefix" + # ##### NOTE: SSO will not function correctly with path strip middleware + # - kind: Rule + # match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/sso/`) + # services: + # - kind: Service + # name: bitwarden-self-host-sso + # port: 5000 + # ##### NOTE: Identity will not function correctly with path strip middleware + # - kind: Rule + # match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/identity/`) + # services: + # - kind: Service + # name: bitwarden-self-host-identity + # port: 5000 + # ##### NOTE: Admin will not function correctly with path strip middleware + # - kind: Rule + # match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/admin`) + # services: + # - kind: Service + # name: bitwarden-self-host-admin + # port: 5000 + # tls: + # certResolver: letsencrypt-production diff --git a/kubernetes/main/apps/bitwarden/bitwarden/app/kustomization.yaml b/kubernetes/main/apps/bitwarden/bitwarden/app/kustomization.yaml new file mode 100644 index 0000000..95bf474 --- /dev/null +++ b/kubernetes/main/apps/bitwarden/bitwarden/app/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./secret.sops.yaml + - ./helmrelease.yaml diff --git a/kubernetes/main/apps/bitwarden/bitwarden/app/secret.sops.yaml b/kubernetes/main/apps/bitwarden/bitwarden/app/secret.sops.yaml new file mode 100644 index 0000000..ce98397 --- /dev/null +++ b/kubernetes/main/apps/bitwarden/bitwarden/app/secret.sops.yaml @@ -0,0 +1,34 @@ +# yamllint disable +kind: Secret +apiVersion: v1 +type: Opaque +metadata: + name: bitwarden-secret +stringData: + replyToEmail: ENC[AES256_GCM,data:7NR/XlAqsO4PtCNKQ890Njv6Qh2Jp6W/t0Lc8px7,iv:VznXZaMbwLda8LkrJDTc2UKurHRWqGTJ1T0/1C3VMus=,tag:Z+Wkfb7DqcaPam7AFrvWUw==,type:str] + globalSettings__installation__id: ENC[AES256_GCM,data:U091rHP2N4UjYgSdGrkDvSBZHQu9w8s75xWPCp6gfZ0773gW,iv:PZ2hBlqta/sclVQUtO6LYD/ZhL6e+Q+yDESxrt6CYjQ=,tag:1A/9gKzuflMqOktyoZ5adQ==,type:str] + globalSettings__installation__key: ENC[AES256_GCM,data:/pWJt9ElR+mgiv5m8I0Gdb5Z6H8=,iv:31bd6uhc45WMi41iACel8/YOjDjVTDxoR3Ok19+U43A=,tag:xtI3eCRActaFajUqVdxemw==,type:str] + globalSettings__mail__smtp__username: ENC[AES256_GCM,data:wGph7iTpKhvYXjsFKnPIFevGsJvgovvfNnIJPjFf,iv:o7l19Onw6PHMmk19e++zTArLmZrwSIAXgDpuwaDhjuo=,tag:ojY3lQFiP3G3oYeVQXri7A==,type:str] + globalSettings__mail__smtp__password: ENC[AES256_GCM,data:OQ3mROVpRAZ2MNFZtvRV0N74EPOaSdSvmaOJas1JCgEbHHNq0laLg5r2ufTYz9vA0aM=,iv:vB9ElILgqKyvY6wgQ8Nesg2pygGK9mcjIhEYGsHVWEQ=,tag:l84bsTR3twb3Al19FKezqA==,type:str] + globalSettings__sqlServer__connectionString: ENC[AES256_GCM,data:mJxp4MXvqV4T+/J7O0XX6+Z4kmo4IVFYvUPEBU0uaJ3w0YNcqPps+LH9pgFNOjwBWCAQ8QxvCH9ul2uSiYGhy41YjLsQD4X/UF1Hhimezc3IrexCDFkXXl4WIACAZjpQf6morvx9+/v0EvdxofP7auWQ2BGcid4lHYxO78gEAvPaueS+L0TerqEpEnxS26r2uMLOe2w5L0hxBKGQyWmWPx8mTAJXTgTaXAvKLT2G97JNa9a5EQSAPuBoi95F+CkQBEwbo6uwrcJS6DTWQmNefEdZ1D7Abp50zlpJfC7Tuf54tjnHyGya9EWEwc32mTadqCto047ySvDNNB2jgrG97HXvnqOo4LGpZn9jYGJsJZjVFibiy2+WHzgxDmU=,iv:Nq4LIbSDzk9WurGEPojUfRe8WqEOGO4t7WnfyYoupVo=,tag:yV7w9j9gRKuAsgsnxncUtA==,type:str] + #ENC[AES256_GCM,data:r7/63ugBvNNcFQGkau56LkG5lNH0NwvuA0OiRj0FOjAWlbf6sR7v5JOgIy97uMC+mBWy8A+OGZFO8p4bosrdrmzuomArHNnM4oWN498=,iv:2TaG5UkIEjLwPQpEZjOJdEviNNnSVi/e1lUUckJ+KqM=,tag:BPd/IOSUJvS1/mgPqqSlyQ==,type:comment] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age19nu7uf8dageqlmzk23x7vl24fpn0l7cq20l3l4xxf2sk2xd5h98qss437p + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFRGFTc01qRmdlMzZ0WE53 + OWtoUzBaMUp4T3FoYnJuVGhGODVna1RHYkRZCk0xWEVjOWp2YW9NZmE0MnNFYnJX + OEdHbkdsOWM4Tk44aTRVZ0VoNWorWDAKLS0tIHp2SE9Wd1lmTmV2eUFYRmRYNDZn + NFR5QkpIaFQ5Tk1FdGV3aUtzNTZsRXcKyNl9cFicgjcTiGkoQK/StLd7FEHGUVWD + hs8+h4ak+r++3+KpUay4aNqY09RtAzvUd4Vl3VQ2tYt/TOlDrgErHQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-29T17:22:46Z" + mac: ENC[AES256_GCM,data:+KthNzUdXl/XgnupjWiEdk8EHvHldUvUwfWT7FNpR+Pysl/fdI1fAK02rXOlY0ABCKpejSIobHipy3RkxTXiF6PPGTC4R0aoqxRvZjyXDCUaHc3F4KdYBH4vkGoBchosHJnOX0qymSEGbzJERRSjxEZ3JDg0JRIEB8jQtObGivs=,iv:w7XSWHs1RaDAuxsImvxDHo96T6qwaaYlXGZUP2nfqLg=,tag:QNSjFrABn8tf8nQlu5MXkw==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.1 diff --git a/kubernetes/main/apps/bitwarden/bitwarden/ks.yaml b/kubernetes/main/apps/bitwarden/bitwarden/ks.yaml new file mode 100644 index 0000000..2792893 --- /dev/null +++ b/kubernetes/main/apps/bitwarden/bitwarden/ks.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app bitwarden + namespace: flux-system +spec: + targetNamespace: bitwarden + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./kubernetes/main/apps/bitwarden/bitwarden/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-gitops + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/main/apps/bitwarden/kustomization.yaml b/kubernetes/main/apps/bitwarden/kustomization.yaml new file mode 100644 index 0000000..85537a8 --- /dev/null +++ b/kubernetes/main/apps/bitwarden/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./namespace.yaml + #- ./bitwarden/ks.yaml diff --git a/kubernetes/main/apps/bitwarden/namespace.yaml b/kubernetes/main/apps/bitwarden/namespace.yaml new file mode 100644 index 0000000..8fdd863 --- /dev/null +++ b/kubernetes/main/apps/bitwarden/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: bitwarden + labels: + kustomize.toolkit.fluxcd.io/prune: disabled diff --git a/kubernetes/main/apps/downloads/archivebox/app/helmrelease.yaml b/kubernetes/main/apps/downloads/archivebox/app/helmrelease.yaml index 5518988..3be2e73 100644 --- a/kubernetes/main/apps/downloads/archivebox/app/helmrelease.yaml +++ b/kubernetes/main/apps/downloads/archivebox/app/helmrelease.yaml @@ -121,4 +121,3 @@ spec: archivebox: app: - path: /data/r720xd-media - readOnly: false diff --git a/kubernetes/main/apps/downloads/bazarr/app/helmrelease.yaml b/kubernetes/main/apps/downloads/bazarr/app/helmrelease.yaml new file mode 100644 index 0000000..ebc00af --- /dev/null +++ b/kubernetes/main/apps/downloads/bazarr/app/helmrelease.yaml @@ -0,0 +1,110 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: bazarr +spec: + interval: 30m + chart: + spec: + chart: app-template + version: 3.5.1 + interval: 30m + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + + values: + controllers: + bazarr: + annotations: + reloader.stakater.com/auto: "true" + + pod: + securityContext: + runAsUser: 2000 + runAsGroup: 2000 + runAsNonRoot: true + fsGroup: 2000 + fsGroupChangePolicy: "OnRootMismatch" + supplementalGroups: + - 65542 # gladius:external-services + + containers: + app: + image: + repository: ghcr.io/liana64/bazarr + tag: 1.4.5@sha256:0df4900c308a9106c922cee359e91cdfb31b30181cf95c230fd22fe7bf785cdc + probes: + liveness: &probes + enabled: true + custom: true + spec: + httpGet: + path: /health + port: &port 6767 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: *probes + resources: + requests: + cpu: 15m + memory: 256Mi + limits: + memory: 512Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + + service: + app: + controller: bazarr + ports: + http: + port: *port + ingress: + app: + className: traefik + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + external-dns.alpha.kubernetes.io/target: "external.${SECRET_EXTERNAL_DOMAIN}" + gethomepage.dev/enabled: "true" + gethomepage.dev/group: Media + gethomepage.dev/name: Bazarr + gethomepage.dev/description: Subtitles + gethomepage.dev/icon: radarr + hosts: + - host: &host "bazarr.${SECRET_INTERNAL_DOMAIN}" + paths: + - path: / + service: + identifier: app + port: http + tls: + - secretName: bazarr-tls + hosts: [*host] + + persistence: + config: + storageClass: cluster-nvme + accessMode: ReadWriteOnce + size: 1Gi + retain: true + globalMounts: + - path: /config + nfs-media: + type: nfs + server: ${NFS_HOST} + path: ${NFS_MEDIA} + advancedMounts: + radarr: + app: + - path: /data/r720xd-media + readOnly: false diff --git a/kubernetes/main/apps/downloads/bazarr/app/kustomization.yaml b/kubernetes/main/apps/downloads/bazarr/app/kustomization.yaml new file mode 100644 index 0000000..17cbc72 --- /dev/null +++ b/kubernetes/main/apps/downloads/bazarr/app/kustomization.yaml @@ -0,0 +1,6 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml diff --git a/kubernetes/main/apps/downloads/bazarr/ks.yaml b/kubernetes/main/apps/downloads/bazarr/ks.yaml new file mode 100644 index 0000000..f95808f --- /dev/null +++ b/kubernetes/main/apps/downloads/bazarr/ks.yaml @@ -0,0 +1,26 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app bazarr + namespace: flux-system +spec: + targetNamespace: downloads + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: traefik + path: ./kubernetes/main/apps/downloads/bazarr/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-gitops + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m + postBuild: + substitute: + APP: *app diff --git a/kubernetes/main/apps/downloads/cross-seed/app/helmrelease.yaml b/kubernetes/main/apps/downloads/cross-seed/app/helmrelease.yaml new file mode 100644 index 0000000..4f55572 --- /dev/null +++ b/kubernetes/main/apps/downloads/cross-seed/app/helmrelease.yaml @@ -0,0 +1,95 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: cross-seed +spec: + interval: 30m + chart: + spec: + chart: app-template + version: 3.5.1 + interval: 30m + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + dependsOn: + - name: qbittorrent + namespace: media + values: + controllers: + cross-seed: + annotations: + secret.reloader.stakater.com/reload: cross-seed-secret + pod: + securityContext: + runAsUser: 2000 + runAsGroup: 2000 + runAsNonRoot: true + fsGroup: 2000 + fsGroupChangePolicy: "OnRootMismatch" + supplementalGroups: + - 65542 # gladius:external-services + containers: + app: + image: + repository: ghcr.io/cross-seed/cross-seed + tag: 6.1.1 + args: + - daemon + - -v + probes: + liveness: + enabled: true + readiness: + enabled: true + startup: + enabled: true + spec: + failureThreshold: 30 + periodSeconds: 5 + resources: + requests: + cpu: 10m + memory: 128Mi + limits: + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + service: + app: + controller: cross-seed + ports: + http: + port: 2468 + persistence: + config: + type: emptyDir + config-file: + type: secret + name: cross-seed-secret + globalMounts: + - path: /config/config.js + subPath: config.js + readOnly: true + qbittorrent: + storageClass: cluster-nvme + accessMode: ReadWriteOnce + size: 512Mb + retain: true + globalMounts: + - path: /qbittorrent + nfs-media: + type: nfs + server: ${NFS_HOST} + path: ${NFS_MEDIA} + advancedMounts: + jellyfin: + app: + - path: /data/r720xd-media diff --git a/kubernetes/main/apps/downloads/cross-seed/app/kustomization.yaml b/kubernetes/main/apps/downloads/cross-seed/app/kustomization.yaml new file mode 100644 index 0000000..16a6ce3 --- /dev/null +++ b/kubernetes/main/apps/downloads/cross-seed/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./secret.sops.yaml + - ./helmrelease.yaml diff --git a/kubernetes/main/apps/downloads/cross-seed/app/secret.sops.yaml b/kubernetes/main/apps/downloads/cross-seed/app/secret.sops.yaml new file mode 100644 index 0000000..5cf9a51 --- /dev/null +++ b/kubernetes/main/apps/downloads/cross-seed/app/secret.sops.yaml @@ -0,0 +1,30 @@ +# yamllint disable +kind: Secret +apiVersion: v1 +type: Opaque +metadata: + name: cross-seed-secret +stringData: + PROWLARR_API_KEY: ENC[AES256_GCM,data:uYOEJYXmUNkIFV+LB/lvLhUEBeZI43yKvUR6ZPw9f2ynphvOO9ZZgv5xjqH80F48,iv:90ErBH3yaDyFhF0Ka+XP5rXuN8iQBBl3e2UejMrTbTg=,tag:wRhahHUp2Jt8cHAw0GDxNQ==,type:str] + QBT_USERNAME: ENC[AES256_GCM,data:W4SbLow=,iv:dZMtZASdv/3H9MJXzqO6cEnUiCicfFNRfUhO60JrPL4=,tag:fJ8+r6Rb9Jdi/KQ6PPQeNA==,type:str] + QBT_PASSWORD: ENC[AES256_GCM,data:HinTmD3E1Bd4uoYy7ZvngP7M9brE0+ilQCYfdQ==,iv:LiprBIiAsUv4joRQ4ID6h90RN7715L2KLLwDy3OxSrk=,tag:Myxd2zqfXkemX36U6H+/+w==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age19nu7uf8dageqlmzk23x7vl24fpn0l7cq20l3l4xxf2sk2xd5h98qss437p + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXa0VqcUpXdExUSUlFdVBo + bWJVY09yNjNsRjhzN0UwTHc4ZFovMm5VMm5nClBHVTVPakhGazNHd1FBWTVid3pr + cStmc0s5UnJLdWNSdUVRQzAxU2pwN1UKLS0tIGRBWDhQUTFVM0R3NjZuU0dXNy9U + aUNMS1FKQlA4ZCtKcS9kS1dhM0F4ZG8KHxfDICiGuY+d7yCxPuPf0R9WGwMaezly + /poO43t6Ki3VQXOltIGNNMkvwGeVcSUyKVm53+PxXKICo5yJlPVLJg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-09T20:02:17Z" + mac: ENC[AES256_GCM,data:QEuiNByB/W9Om7dJfU2rgttfLcyP4RatF8O2FNRuwENpVf0MeQ1eXEbDPj6TmfA/ao06CWijomhoKJBpIl7KZujXkFVCws627FSnGwhdnUgIx6fqu5p3iWhU8EGO5ywpwl6xi6MrfQPzysSlC1Lt7FIMquc9c/yXmfBb0zkKRso=,iv:snpV1ErrbbcA1vB55zRrA+t+ebjUS0AqVvHcMEv0EEw=,tag:DPFSt38w5Be3M7mHLyFuZg==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.1 diff --git a/kubernetes/main/apps/downloads/cross-seed/ks.yaml b/kubernetes/main/apps/downloads/cross-seed/ks.yaml new file mode 100644 index 0000000..7ed70c5 --- /dev/null +++ b/kubernetes/main/apps/downloads/cross-seed/ks.yaml @@ -0,0 +1,26 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app cross-seed + namespace: flux-system +spec: + targetNamespace: downloads + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: traefik + path: ./kubernetes/main/apps/downloads/cross-seed/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-gitops + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m + postBuild: + substitute: + APP: *app diff --git a/kubernetes/main/apps/downloads/flaresolverr/app/helmrelease.yaml b/kubernetes/main/apps/downloads/flaresolverr/app/helmrelease.yaml new file mode 100644 index 0000000..6996e18 --- /dev/null +++ b/kubernetes/main/apps/downloads/flaresolverr/app/helmrelease.yaml @@ -0,0 +1,48 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app flaresolverr + namespace: vpn +spec: + interval: 30m + chart: + spec: + chart: app-template + version: 3.5.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + values: + controllers: + flaresolverr: + replicas: 1 + strategy: RollingUpdate + annotations: + reloader.stakater.com/auto: "true" + containers: + app: + image: + repository: ghcr.io/flaresolverr/flaresolverr + tag: v3.3.21 + resources: + requests: + cpu: 15m + memory: 150Mi + service: + app: + controller: *app + type: ClusterIP + ports: + http: + port: 8191 diff --git a/kubernetes/main/apps/downloads/flaresolverr/app/kustomization.yaml b/kubernetes/main/apps/downloads/flaresolverr/app/kustomization.yaml new file mode 100644 index 0000000..17cbc72 --- /dev/null +++ b/kubernetes/main/apps/downloads/flaresolverr/app/kustomization.yaml @@ -0,0 +1,6 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml diff --git a/kubernetes/main/apps/downloads/flaresolverr/ks.yaml b/kubernetes/main/apps/downloads/flaresolverr/ks.yaml new file mode 100644 index 0000000..dd9f21d --- /dev/null +++ b/kubernetes/main/apps/downloads/flaresolverr/ks.yaml @@ -0,0 +1,26 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app flaresolverr + namespace: flux-system +spec: + targetNamespace: downloads + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: traefik + path: ./kubernetes/main/apps/downloads/flaresolverr/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-gitops + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m + postBuild: + substitute: + APP: *app diff --git a/kubernetes/main/apps/downloads/kustomization.yaml b/kubernetes/main/apps/downloads/kustomization.yaml index 635f5f5..17462ef 100644 --- a/kubernetes/main/apps/downloads/kustomization.yaml +++ b/kubernetes/main/apps/downloads/kustomization.yaml @@ -5,6 +5,10 @@ kind: Kustomization resources: - ./namespace.yaml - ./archivebox/ks.yaml + - ./bazarr/ks.yaml + - ./flaresolverr/ks.yaml - ./prowlarr/ks.yaml - ./radarr/ks.yaml + - ./recyclarr/ks.yaml + - ./sonarr/ks.yaml - ./qbittorrent/ks.yaml diff --git a/kubernetes/main/apps/downloads/qbittorrent/app/helmrelease.yaml b/kubernetes/main/apps/downloads/qbittorrent/app/helmrelease.yaml index 10cb753..33fd9df 100644 --- a/kubernetes/main/apps/downloads/qbittorrent/app/helmrelease.yaml +++ b/kubernetes/main/apps/downloads/qbittorrent/app/helmrelease.yaml @@ -65,8 +65,8 @@ spec: - 501 terminationGracePeriodSeconds: 120 containers: - app: - nameOverride: qbittorrent + qbittorrent: + #nameOverride: qbittorrent image: repository: ghcr.io/liana64/qbittorrent-beta tag: 5.0.2@sha256:84961a7f137dc4d80460ca0bf4746477f751767579278ae0d4164dcb5cc735d5 @@ -80,7 +80,7 @@ spec: QBT_Application__MemoryWorkingSetLimit: valueFrom: resourceFieldRef: - containerName: app + containerName: qbittorrent resource: limits.memory divisor: 1Mi QBT_Preferences__WebUI__Username: @@ -138,7 +138,7 @@ spec: drop: - ALL service: - app: + qbittorrent: controller: qbittorrent ports: http: @@ -184,7 +184,7 @@ spec: path: ${NFS_MEDIA} advancedMounts: qbittorrent: - app: + qbittorrent: - path: /data/r720xd-media readOnly: false dnsdist: diff --git a/kubernetes/main/apps/downloads/radarr/app/helmrelease.yaml b/kubernetes/main/apps/downloads/radarr/app/helmrelease.yaml index 8d22682..d04b03c 100644 --- a/kubernetes/main/apps/downloads/radarr/app/helmrelease.yaml +++ b/kubernetes/main/apps/downloads/radarr/app/helmrelease.yaml @@ -84,7 +84,7 @@ spec: gethomepage.dev/enabled: "true" gethomepage.dev/group: Media gethomepage.dev/name: Radarr - gethomepage.dev/description: Movie downloader + gethomepage.dev/description: Movies gethomepage.dev/icon: radarr hosts: - host: &host "radarr.${SECRET_INTERNAL_DOMAIN}" @@ -113,7 +113,3 @@ spec: app: - path: /data/r720xd-media readOnly: true - add-ons: - type: emptyDir - tmp: - type: emptyDir diff --git a/kubernetes/main/apps/downloads/radarr/app/secret.sops.yaml b/kubernetes/main/apps/downloads/radarr/app/secret.sops.yaml index e6fa129..88a642a 100644 --- a/kubernetes/main/apps/downloads/radarr/app/secret.sops.yaml +++ b/kubernetes/main/apps/downloads/radarr/app/secret.sops.yaml @@ -5,7 +5,7 @@ type: Opaque metadata: name: radarr-secret stringData: - api_key: ENC[AES256_GCM,data:E0qbyZTPj6yQGkVb74K6/sg7304gfo0TGP3pqK9z8urD2Z+jGz/WNqCfgAw=,iv:yVwugLsqnoeChODoq0/72ko+AsMTMqFCfpV+TOMeX2o=,tag:8CkPM/5HCfcKUcd6jy/+Yg==,type:str] + api_key: ENC[AES256_GCM,data:XkW/YA9BNLykhXbjUgMh6y0T/LeEZv9aswXpLPfm3hDDZuIOi02xrMKFQ8s=,iv:tChWTpvFhe9QKfryTkdLBxrDeUZV+nMi5GqTRTfLiPs=,tag:NHZi8WRndIriZDwX066FKA==,type:str] sops: kms: [] gcp_kms: [] @@ -15,14 +15,14 @@ sops: - recipient: age19nu7uf8dageqlmzk23x7vl24fpn0l7cq20l3l4xxf2sk2xd5h98qss437p enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFdjZIM3BQTlJScC9yZXhV - Vm9WdVdPUXN2ZEpKMVF4WGlwcUtFTDlqNzM4CklMUmRoZzF6K2Q2Yi82S1d5cHRG - MllLSlR3Y0RMQW1welF0TDBDaWtvRXMKLS0tIDRRSGUyRVF4Y0QwS2J1RUFjeDZS - d0NpL3dWRFFaZnY5ZGxvQUdKb0M3bzQKrsxU8yklK0OYUeJXnzYnOJGHBfJ4EeNT - t46v+3RCiIVNdWO+epWhH1BpUI7ugXH/VistEPpln13pI7I9P7rcfA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjTFpmM05xZ3F0R0VqTDBU + OGJoRzJPTHVrNUw1c2JqZWlzeDhYNE5Ja2dnCjUwZlpuQ1dkcGhnY0p3ZkNZV000 + RVc2ODhYcFZFSTNHMzBBNUo3M0g2RHcKLS0tIHhEdlFEbWN3eHhRVFRpNU1hOEYr + djY2TkZPZVY0Q3BSQzhvVE1BVDBsQlUK/5XRuVofHjLBAoXff2PKiuK/mQKZXf05 + xXbElNkxDL+BZETZUCEZ+smQuSfyiEwtP12V+JCzpQM3loUu53DyqA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-10T04:19:08Z" - mac: ENC[AES256_GCM,data:f7GXIR1DTXuVbIr75DeNAd192ngGjW+vkazubhL6R7P2itX2R/r6FOqhabIPced+8K9o94qhGcK7apxVQT7CNvP3f7fDlwec1SnWOhMdWQZX892SjluGfp2T7BDBL7DoRSClSaudtVN9Z/9J3NJeN+uFxJAvThjygULrOjCbEDI=,iv:Zk+1BrC8yQwfvpl6F7E7uxXe08Yn7aahy3IuCOmzq1Q=,tag:vLX610JvXG1uHJ7bxRxeCQ==,type:str] + lastmodified: "2024-12-10T05:11:25Z" + mac: ENC[AES256_GCM,data:M7+WgAGETcqwG5PHV4fKzDRF4MIFB6YwicclVgrcK5+Z0s6W4GxsC1iaoYYGFbjCge8a+7zdkcfwfZTMne460FZPOFYrwzZQD45dtrihMbMjBBXM3Yv6gkJiQjcOnmnSTQJDOMfGxoc01eXyg9DXPBtv13EcfbTlYVeV85MwOFM=,iv:oNmUIPbkSkIUbkjHvQ4/jrY0F01Yo6j6/32yStNthXg=,tag:Y2KqkLeEV090ibJsDAxjLg==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.9.1 diff --git a/kubernetes/main/apps/downloads/recyclarr/app/config/recyclarr.yaml b/kubernetes/main/apps/downloads/recyclarr/app/config/recyclarr.yaml new file mode 100644 index 0000000..5433e98 --- /dev/null +++ b/kubernetes/main/apps/downloads/recyclarr/app/config/recyclarr.yaml @@ -0,0 +1,74 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/recyclarr/recyclarr/master/schemas/config-schema.json +sonarr: + sonarr_main: + base_url: http://sonarr.downloads.svc.cluster.local:8989 + api_key: !env_var SONARR_API_KEY + + delete_old_custom_formats: true + replace_existing_custom_formats: true + + include: + - template: sonarr-quality-definition-series + # 1080p + - template: sonarr-v4-quality-profile-web-1080p + - template: sonarr-v4-custom-formats-web-1080p + # 2160p + - template: sonarr-v4-quality-profile-web-2160p + - template: sonarr-v4-custom-formats-web-2160p + + quality_profiles: + - name: WEB-1080p + - name: WEB-2160p + + custom_formats: + # HDR Formats + - trash_ids: + # Comment out the next line if you and all of your users' setups are fully DV compatible + - 9b27ab6498ec0f31a3353992e19434ca # DV (WEBDL) + + # HDR10+ Boost - Uncomment the next two lines if any of your devices DO support HDR10+ + # - 0dad0a507451acddd754fe6dc3a7f5e7 # HDR10+ Boost + # - 385e9e8581d33133c3961bdcdeffb7b4 # DV HDR10+ Boost + assign_scores_to: + - name: WEB-2160p + + - trash_ids: + - 32b367365729d530ca1c124a0b180c64 # Bad Dual Groups + - 82d40da2bc6923f41e14394075dd4b03 # No-RlsGroup + - e1a997ddb54e3ecbfe06341ad323c458 # Obfuscated + - 06d66ab109d4d2eddb2794d21526d140 # Retags + - 1b3994c551cbb92a2c781af061f4ab44 # Scene + assign_scores_to: + - name: WEB-1080p + - name: WEB-2160p + +radarr: + radarr_main: + base_url: http://radarr.downloads.svc.cluster.local:7878 + api_key: !env_var RADARR_API_KEY + + delete_old_custom_formats: true + replace_existing_custom_formats: true + + include: + - template: radarr-quality-definition-sqp-streaming + # 2160p + - template: radarr-custom-formats-sqp-1-2160p + - template: radarr-quality-profile-sqp-1-2160p-4k-only-imax-e + + quality_profiles: + - name: SQP-1 (2160p) + min_format_score: 2000 + + custom_formats: + - trash_ids: + - 7a0d1ad358fee9f5b074af3ef3f9d9ef # hallowed + - b6832f586342ef70d9c128d40c07b872 # Bad Dual Groups + - 90cedc1fea7ea5d11298bebd3d1d3223 # EVO (no WEBDL) + - ae9b7c9ebde1f3bd336a8cbd1ec4c5e5 # No-RlsGroup + - 7357cf5161efbf8c4d5d0c30b4815ee2 # Obfuscated + - 5c44f52a8714fdd79bb4d98e2673be1f # Retags + - f537cf427b64c38c8e36298f657e4828 # Scene + assign_scores_to: + - name: SQP-1 (2160p) diff --git a/kubernetes/main/apps/downloads/recyclarr/app/helmrelease.yaml b/kubernetes/main/apps/downloads/recyclarr/app/helmrelease.yaml new file mode 100644 index 0000000..4862b57 --- /dev/null +++ b/kubernetes/main/apps/downloads/recyclarr/app/helmrelease.yaml @@ -0,0 +1,80 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: recyclarr +spec: + interval: 30m + chart: + spec: + chart: app-template + version: 3.5.1 + interval: 30m + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + + values: + controllers: + recyclarr: + type: cronjob + + annotations: + reloader.stakater.com/auto: "true" + + cronjob: + schedule: "@daily" + backoffLimit: 0 + concurrencyPolicy: Forbid + failedJobsHistory: 1 + successfulJobsHistory: 0 + + pod: + securityContext: + runAsUser: 2000 + runAsGroup: 2000 + runAsNonRoot: true + fsGroup: 2000 + fsGroupChangePolicy: OnRootMismatch + + containers: + app: + image: + repository: ghcr.io/recyclarr/recyclarr + tag: 7.4.0 + args: + - sync + env: + COMPlus_EnableDiagnostics: "0" + envFrom: + - secretRef: + name: recyclarr-secret + resources: + requests: + cpu: 5m + memory: 36M + limits: + memory: 128M + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + + persistence: + config: + existingClaim: recyclarr-config + advancedMounts: + recyclarr: + app: + - path: /config + config-file: + type: configMap + name: recyclarr-configmap + globalMounts: + - path: /config/recyclarr.yml + subPath: recyclarr.yml + readOnly: true diff --git a/kubernetes/main/apps/downloads/recyclarr/app/kustomization.yaml b/kubernetes/main/apps/downloads/recyclarr/app/kustomization.yaml new file mode 100644 index 0000000..3d0b407 --- /dev/null +++ b/kubernetes/main/apps/downloads/recyclarr/app/kustomization.yaml @@ -0,0 +1,15 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./secret.sops.yaml.yaml + - ./helmrelease.yaml +configMapGenerator: + - name: recyclarr-configmap + files: + - config/recyclarr.yaml +generatorOptions: + disableNameSuffixHash: true + annotations: + kustomize.toolkit.fluxcd.io/substitute: disabled diff --git a/kubernetes/main/apps/downloads/recyclarr/app/secret.sops.yaml b/kubernetes/main/apps/downloads/recyclarr/app/secret.sops.yaml new file mode 100644 index 0000000..84096c3 --- /dev/null +++ b/kubernetes/main/apps/downloads/recyclarr/app/secret.sops.yaml @@ -0,0 +1,29 @@ +# yamllint disable +kind: Secret +apiVersion: v1 +type: Opaque +metadata: + name: recyclarr-secret +stringData: + RADARR_API_KEY: ENC[AES256_GCM,data:yQIIXAuNxhFF61/KD2ImZshHXpnHxJjhpc7Q4mglYmv89QcTh6/tT0Xebk/v1vI=,iv:EOjYXDcIfYZsLn4jJ61nBOSua6QYbiJqXhTyhzYqcGE=,tag:0Lqq3A8ImL70H2FgOqV/Tg==,type:str] + SONARR_API_KEY: ENC[AES256_GCM,data:kMi2ykTv/W2M2uRqzaip1vKg7Kll04eGTYYRsd1jsqeZDe/5RED4CEmg/ws=,iv:znaAg9h5XpWw4TpU1+TR8x+YAwV0Tpnu9zDa/x94LDI=,tag:fgqPxqZIgLP2ZZDJwEyPBw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age19nu7uf8dageqlmzk23x7vl24fpn0l7cq20l3l4xxf2sk2xd5h98qss437p + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxTlFMbk5iS2t4TlYvbmRw + Ni96SlV1c3N4b0hINE1JK1FWUEFZalJtK2o0CkFrTCtmeDVORTM4QTh0R0UyakRk + ajFaRFFON2hDdFlyMzFONGdtNmt6RHcKLS0tIFZvLzh6MmpmNjMvY2d4R1loUVhQ + SFE5bUh3ajhjVkdOTGN5ZzMrWWhwYncKs9mRfXotY3bufnkyluH8VWIFzz5eyMdg + FOXo8N/JxCIMrSgj9dSTenVS+5fX4z0FRjlqJuSIYfNtUEnYYtwvZA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-10T05:11:25Z" + mac: ENC[AES256_GCM,data:l5fnH3I/da5YYP4jEBVF0+SR608zxlfsqL1Ogg3cPB+qSO3BYFiTX0LYu38Cx4ReiuvttYdxCZMbyPs/q+ex9+ZiHNwkthyRl9hgsrG0uM++zkiMP1aDJewSV6NTluwswuHr+RMK+MukmrltWkrya6UHz/2QjosfzH7Fpu9Mqj8=,iv:mtVRN9YaIpeYiWN8RIyG7dWdTRIEa2Fm/FP/IBeMCtA=,tag:m7tGLTtMov8kW2LBTf8AHQ==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.1 diff --git a/kubernetes/main/apps/downloads/recyclarr/ks.yaml b/kubernetes/main/apps/downloads/recyclarr/ks.yaml new file mode 100644 index 0000000..4e8903c --- /dev/null +++ b/kubernetes/main/apps/downloads/recyclarr/ks.yaml @@ -0,0 +1,26 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app recyclarr + namespace: flux-system +spec: + targetNamespace: downloads + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: traefik + path: ./kubernetes/main/apps/downloads/recyclarr/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-gitops + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m + postBuild: + substitute: + APP: *app diff --git a/kubernetes/main/apps/downloads/sonarr/app/helmrelease.yaml b/kubernetes/main/apps/downloads/sonarr/app/helmrelease.yaml new file mode 100644 index 0000000..9d9cb7b --- /dev/null +++ b/kubernetes/main/apps/downloads/sonarr/app/helmrelease.yaml @@ -0,0 +1,125 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: sonarr +spec: + interval: 30m + chart: + spec: + chart: app-template + version: 3.5.1 + interval: 30m + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + + values: + controllers: + sonarr: + annotations: + reloader.stakater.com/auto: "true" + + pod: + securityContext: + runAsUser: 2000 + runAsGroup: 2000 + runAsNonRoot: true + fsGroup: 2000 + fsGroupChangePolicy: "OnRootMismatch" + supplementalGroups: + - 65542 # gladius:external-services + + containers: + app: + image: + repository: ghcr.io/liana64/sonarr-develop + tag: 4.0.11.2743@sha256:461883f3575321bb1e06b34245240b2b3f0b5471652c854545fee54fe085d184 + env: + COMPlus_EnableDiagnostics: "0" + SONARR__APP__INSTANCENAME: Sonarr + SONARR__AUTH__APIKEY: + valueFrom: + secretKeyRef: + name: sonarr-secret + key: api_key + SONARR__AUTH__METHOD: External + SONARR__AUTH__REQUIRED: DisabledForLocalAddresses + SONARR__LOG__LEVEL: info + SONARR__SERVER__PORT: &port 8989 + SONARR__UPDATE__BRANCH: develop + probes: + liveness: + enabled: true + readiness: + enabled: true + startup: + enabled: true + spec: + failureThreshold: 30 + periodSeconds: 5 + resources: + requests: + cpu: 20m + memory: 384Mi + limits: + memory: 2Gi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + + service: + app: + controller: sonarr + ports: + http: + port: *port + + ingress: + app: + className: traefik + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + external-dns.alpha.kubernetes.io/target: "external.${SECRET_EXTERNAL_DOMAIN}" + gethomepage.dev/enabled: "true" + gethomepage.dev/group: Media + gethomepage.dev/name: Sonarr + gethomepage.dev/description: Shows + gethomepage.dev/icon: sonarr + hosts: + - host: &host "sonarr.${SECRET_INTERNAL_DOMAIN}" + paths: + - path: / + service: + identifier: app + port: http + tls: + - secretName: sonarr-tls + hosts: [*host] + + persistence: + config: + storageClass: cluster-nvme + accessMode: ReadWriteOnce + size: 1Gi + retain: true + globalMounts: + - path: /config + nfs-media: + type: nfs + server: ${NFS_HOST} + path: ${NFS_MEDIA} + advancedMounts: + radarr: + app: + - path: /data/r720xd-media + readOnly: true + add-ons: + type: emptyDir + tmp: + type: emptyDir diff --git a/kubernetes/main/apps/downloads/sonarr/app/kustomization.yaml b/kubernetes/main/apps/downloads/sonarr/app/kustomization.yaml new file mode 100644 index 0000000..16a6ce3 --- /dev/null +++ b/kubernetes/main/apps/downloads/sonarr/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./secret.sops.yaml + - ./helmrelease.yaml diff --git a/kubernetes/main/apps/downloads/sonarr/app/secret.sops.yaml b/kubernetes/main/apps/downloads/sonarr/app/secret.sops.yaml new file mode 100644 index 0000000..d57ae44 --- /dev/null +++ b/kubernetes/main/apps/downloads/sonarr/app/secret.sops.yaml @@ -0,0 +1,28 @@ +# yamllint disable +kind: Secret +apiVersion: v1 +type: Opaque +metadata: + name: sonarr-secret +stringData: + api_key: ENC[AES256_GCM,data:rpE1OKVYtwRyczuvlLhbBGzc9xGPXczfAuATKPeBjd95GKvzVAk/pKLZDzU=,iv:HG93BmB4xllu906DkyYJoKRw/thnVl//tXMFQ4Dv9bI=,tag:BpvPoCtf4qm4qWvtgG3O0A==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age19nu7uf8dageqlmzk23x7vl24fpn0l7cq20l3l4xxf2sk2xd5h98qss437p + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWTlhjcy9WVS95YU1ra2Z4 + N0g1R05jWU9tb0JlLzRTSGdTYVhTSzhzVHpRCmNRSk44NExRTGMxMlV5VENIeEty + YmdYRVZNRi9NQVVIcWZKR3Z4Y1RYSFEKLS0tIE5kSlpoR2tGdGZVcnpCZmhRUnBT + MFRmM3NTa0llZUZwQ2ZFVlJTanpwZkkKe29CTcpltrnF84d64/N3n6PJJiml8eRA + XxD6R8LarIScjxYEklXtA1SM3rPomU9XYG8sH/2FQM509H972r8G8Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-10T05:11:25Z" + mac: ENC[AES256_GCM,data:1WhyEH4wYHcV2GAl7Y3s3Y/LP++OSyyeN3pN/+UnVo6byjPLTTf/ZDcuJ36EmHNfOssJjwqqqkWwoKiJ4ir6TpyR1jn4j7nK3u6xKEB9Kc9k0ON/TB+3C1zQzIVlZvak/xyHEXRKDcyHZhc5jcR25UXBzV5CEXXlgU2ZkF8g/MY=,iv:nB/Q/0dtqtWZ8lfEc1sVNphXvDBwrrATflUqJ1/Ce6Y=,tag:ez+zAfTEkMo8OM8KP3DKOA==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.1 diff --git a/kubernetes/main/apps/downloads/sonarr/ks.yaml b/kubernetes/main/apps/downloads/sonarr/ks.yaml new file mode 100644 index 0000000..d5328f2 --- /dev/null +++ b/kubernetes/main/apps/downloads/sonarr/ks.yaml @@ -0,0 +1,26 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app sonarr + namespace: flux-system +spec: + targetNamespace: downloads + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: traefik + path: ./kubernetes/main/apps/downloads/sonarr/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-gitops + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m + postBuild: + substitute: + APP: *app diff --git a/kubernetes/main/apps/home/homepage/app/resources/settings.yaml b/kubernetes/main/apps/home/homepage/app/resources/settings.yaml index 5350973..00d48f7 100644 --- a/kubernetes/main/apps/home/homepage/app/resources/settings.yaml +++ b/kubernetes/main/apps/home/homepage/app/resources/settings.yaml @@ -25,14 +25,12 @@ layout: tab: Main Media: tab: Main + Downloads: + tab: Main Endpoints: tab: Admin IPMIs: tab: Admin - Downloads: - tab: Media - style: row - columns: 4 quicklaunch: searchDescriptions: true hideInternetSearch: false diff --git a/kubernetes/main/apps/tools/kustomization.yaml b/kubernetes/main/apps/tools/kustomization.yaml index ea55008..77d55cb 100644 --- a/kubernetes/main/apps/tools/kustomization.yaml +++ b/kubernetes/main/apps/tools/kustomization.yaml @@ -5,7 +5,7 @@ kind: Kustomization resources: - ./namespace.yaml - ./it-tools/ks.yaml - - ./cyberchef/ks.yaml + #- ./cyberchef/ks.yaml - ./web-check/ks.yaml - ./redlib/ks.yaml - ./excalidraw/ks.yaml