--wip-- [skipci]

Taskfile.yaml

@@ -7,7 +7,7 @@ vars:
   SCRIPTS_DIR: "{{.ROOT_DIR}}/scripts"
   SOPS_CONFIG_FILE: "{{.ROOT_DIR}}/.sops.yaml"
   AGE_DIR: ~/.config/sops/age
-  AGE_FILE: "{{.AGE_DIR}}/keys.txt"
+  AGE_FILE: "{{.AGE_DIR}}/rd350.key"
 
 #env:
 #  KUBECONFIG: "{{.KUBECONFIG_FILE}}"

kubernetes/lianalabs/apps/auth/lldap/app/secret.sops.yaml

@@ -6,17 +6,17 @@ metadata:
   name: lldap-secret
   namespace: security
 stringData:
-  LLDAP_JWT_SECRET: ENC[AES256_GCM,data:voTjYoiA7D7xlJDc/YYtvAJZ4aBEhCeOlnjPY3BTWQzGcnEK+PrLld/+Y9b6a6nsu2ACG8PEXDpUKauVikETKw==,iv:5NvPfnZ7OqGokk7EpaFpaOSAftrJVPpFYMVZDE4RYxI=,tag:2V1maEf3GYGusUMHtxVLAQ==,type:str]
-  LLDAP_SERVER_KEY_SEED: ENC[AES256_GCM,data:wH5XrCk1lC5cl7xGn19t30wBuks3PQvZoMSRCEBBt9+Q1hXhK+r7GCDhVMgcE26rEGIzg9S0w9hzF8KKUpQYVg==,iv:9lo6e/KQ5lD24QzgXk+NF4SVisEFNPc4i/2zccEOtwo=,tag:33WhxVwnzOEA12k31TxOZA==,type:str]
-  LLDAP_USER_DN: ENC[AES256_GCM,data:MxbeegcOs1V5whCIqPrhQO7k5sA=,iv:xPDJCFLqd73hYWArEfk4noPx3N2mpplTfmyWDzWzy9I=,tag:Eeck7uLzncaUlww+0egAIA==,type:str]
-  LLDAP_LDAP_USER_EMAIL: ENC[AES256_GCM,data:vRsFqFkL6zFtBoaz0v22Aw==,iv:Dleghf2VK+3wIsM0uBUjuX0mKbu8Z7hI5pNXBmnAqWw=,tag:BEcobs4mHIimd2WdL4o84A==,type:str]
-  LLDAP_LDAP_USER_PASS: ENC[AES256_GCM,data:qOpjTJtrGeqwiqG2fVga+1+i/rTIYK/V,iv:CztV1Rdwzx0MMChi5wNq6WyTOzj+WfkOpjLCQpRlZic=,tag:UgrOH554wy4vqEnCICs6pQ==,type:str]
-  LLDAP_DATABASE_URL: ENC[AES256_GCM,data:I5MC0NvnA5iGpqPDPPSVhJpTv4a1CukKhnOBuqlpciIRbIWlVJ9mVcCHI5Pz77aBzmutzRtt4F1bBdatTb1u3Ok9bLLRwNqCmeT9TDU2rUsjK2zQauszkg==,iv:ez3s5ANWvjBzOLKO6cGdGl8OEkBBcxgp1HzHb9nJo18=,tag:EesfsmL+7PHtjL0vY/GX+Q==,type:str]
-  INIT_POSTGRES_DBNAME: ENC[AES256_GCM,data:dY0zFzQ=,iv:JwrVOVc2aW/3fgDtOfblD6dn5bSQFofQZwOui23GPu4=,tag:qZylFuBnj+8DiRL2Y5AkJA==,type:str]
-  INIT_POSTGRES_HOST: ENC[AES256_GCM,data:VGJvnQE3y41Ns0jsJtHcl7JviEYi1L4CV+0//Ii84m2XKfBZHQf5aA==,iv:sEltk+i+JP4F6zqQw02GIh/dqqgP9Ib0ZdleevEaZJU=,tag:4D+P7bzJcEVx1KTOMUGuCA==,type:str]
-  INIT_POSTGRES_USER: ENC[AES256_GCM,data:shHhp94=,iv:ihSJyT50YxhgqH5WN4c5ahwnElvr0zUBqDKsIWHgsi4=,tag:8iGoo/1Y5S+3jJBeiLf87w==,type:str]
-  INIT_POSTGRES_PASS: ENC[AES256_GCM,data:nb04tfLH5eLl2jNswKvTveST5WmvMrUC,iv:CXwgrgwS2XkE5CQJGlOOMLLtAIopsNrl280BLHlM+to=,tag:AZjdDsupBAmQEgD3Q62Osg==,type:str]
-  INIT_POSTGRES_SUPER_PASS: ENC[AES256_GCM,data:3I32D1fKoZ31PKUVC/8NZcuW8nWsALdUwUabOw==,iv:4LgtT1nf+wNrE0g+Qwv4fjvSkUaao1uuryf0gAzY/S4=,tag:hAfhA5Il0DZJ3kKODXFw+A==,type:str]
+  LLDAP_JWT_SECRET: ENC[AES256_GCM,data:eO6ioFY+McP/Nv9kyH0M1/NJZw2y7zZurs350IJ8FJJ654J6Nl2dn5yI3mWoVD0R7UFhcUf6wfO62bm0pFbKoQ==,iv:WV93t3EVhl1bVU+UX3Fw0+3naA5UWX1G5v22/NGSHmQ=,tag:x+UsBhgBUZMLU4SPwC4tsw==,type:str]
+  LLDAP_SERVER_KEY_SEED: ENC[AES256_GCM,data:muCJlQdHQRJML22S/LRzyLPpnvLU+7Zo3Cw+VM9br1em4PzFyhVrcYQMI6Sha6igYMMlxirRMGGVCWOhQfdxeg==,iv:9OYljQ6ioZ45djSMlGv/wmvNh4JiBDgakzojYTIqwyQ=,tag:ehQJEhNsBnfcIXPk7lGZZA==,type:str]
+  LLDAP_USER_DN: ENC[AES256_GCM,data:bS7kEo9POWPLq6L8lrr2lw+2LNw=,iv://aQAD26HUekY6E5EH99w0SZR9D1Y76R3biICHhtGmY=,tag:SxDPwAd/6JVB0urUzf6yQg==,type:str]
+  LLDAP_LDAP_USER_EMAIL: ENC[AES256_GCM,data:7HOVsxWSoObmv3zDMA6MdQ==,iv:fYkr2LSrDIff8NP77THt7CEwvaj82Klh2b+0Y/ng+io=,tag:Ms4MKiJT5BN59ddSOzr76A==,type:str]
+  LLDAP_LDAP_USER_PASS: ENC[AES256_GCM,data:ZkT3joe7cQWYiOLBsHjln7fvT5b7pIY+,iv:0ioMo2Eec65+F0STOfcv0AGT9yyT7WOdb/Su2wnG8cg=,tag:j8qW+BARjZVVupBULKQwEQ==,type:str]
+  LLDAP_DATABASE_URL: ENC[AES256_GCM,data:crv56nHAel8l0+SlByna9KN1cg73LBesKcrO7LpsKAOZz0XPVz/SFRTzAs488beocSGXY9BjKThRJYFXCD7XAqQoqwoOO432TpE1slEIIclpv7kqOdEHiw==,iv:9YThfZC5J3fWSUYIJrYO19XBOquV2iL/rTiLzRGqOb8=,tag:Sb1SaqLwZxs+hCIuqoXKXA==,type:str]
+  INIT_POSTGRES_DBNAME: ENC[AES256_GCM,data:wtfx8QM=,iv:a2h7iJnr2pKJ+cOAKx5LCbq1oopq5ZdSIU8tru0o7CA=,tag:dhFgaqVxRruVhiidZ5o6ww==,type:str]
+  INIT_POSTGRES_HOST: ENC[AES256_GCM,data:u0rZ2u31+ogCNv6gCvz/uF7egaDdfhLzC0hql0/D0OxtYmYONuH2VA==,iv:QjJDlICShJ/IT0B90WrE6GBBgTwEdn61lyj7DeGcefM=,tag:u14YBAHgApNDUloH/E09ag==,type:str]
+  INIT_POSTGRES_USER: ENC[AES256_GCM,data:NdhPsyQ=,iv:ui2WTAu1rKrtDG5KJODTpJ8SQdw5zX+Hk8e3uINkWGo=,tag:t3XtCpmGKFSMczj65y1m0Q==,type:str]
+  INIT_POSTGRES_PASS: ENC[AES256_GCM,data:RtP7/6nAyobgUz7NiaH8d+pxn7mx8fCD,iv:WhApd9nrNyNO7IXxHLUd8aFNcj2ILvCj+L8X5ZXG3Us=,tag:vaJiQVmAQOR1aNJXIrMucA==,type:str]
+  INIT_POSTGRES_SUPER_PASS: ENC[AES256_GCM,data:IU6WDTijXmSu8SZRqAH8b5x7v5vvR8/NMRMdSg==,iv:RddsUxHY/mNhQf5lV7jXe9TBMBedsnlSwrOVxNOvdH0=,tag:JhRcdtK5yovHW+A2VP3xhg==,type:str]
 sops:
   kms: []
   gcp_kms: []
@@ -26,14 +26,14 @@ sops:
     - recipient: age19nu7uf8dageqlmzk23x7vl24fpn0l7cq20l3l4xxf2sk2xd5h98qss437p
       enc: |
         -----BEGIN AGE ENCRYPTED FILE-----
-        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIdU0zYkY3ZEpYY3BPRmlX
-        NFY0cWVLQTQ3L24rUFl3WWR3YzY5c1NkTkZnCjl2MHRSeVBUM2J5UXBManVTWHla
-        RHBndGE3eWFETVRzQU92L2JGckJZVmMKLS0tIGt3QkREV0hhVWJxTDUwOWFlbm1Q
-        SE5aNDNyOW4rSFZreWZLMHFPWTZWQVEKTa7upAW/g6Gr9yRIgFqg2NLmcDgo6qkJ
-        5a5riZF0rkNw7TLHPljgAxXXv3blfc9emUvvELT0803KM/4Rgl/X5g==
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLRkRpbmREYnljSkExMVVs
+        SmxTd0FNdGVOSWl6MVNOYm43c2xYWkdCRUVnCjM2bWMyc3lVT21FV0JpZVlFaFU1
+        aExIemNQT1g4MDBlT2VRMDk3b2h5ZTQKLS0tIGNOODRYU1BCRmRNOC8vUUtGejlZ
+        UFhFN05tQlhiSHpWZ3JvSS9zWnVMeDQK5LUCRKI3Icmf2XTrowqbshZToNSKCXss
+        wGLAzx7efkPJKCLoMUKvvnA33JiKQEs7lKK/ycDsYlyPUNEbkB6TKA==
         -----END AGE ENCRYPTED FILE-----
-  lastmodified: "2024-11-12T16:33:45Z"
-  mac: ENC[AES256_GCM,data:0nOctIyTEhV/tRz0bfcPM8hqr9qCSxDKcL/qk13sBLL8NIHV1Z9/e84vH6yikFgXCzg1MFOeacBqqL6L5QkYnWFDIQqjGF2KJs8gAocy1+XeJxyN2u1ZaZcekwMM2si7Acra3Y0zlxtLiC+ezU78u6p0ov9NhmC+EJdlzPNrBVM=,iv:N61M9+ICHkN0ffPXeZhft1qingQhHIVUM84Nb/G2jdI=,tag:Bvav75zeQbONAaW9rrRCEA==,type:str]
+  lastmodified: "2024-11-14T05:33:44Z"
+  mac: ENC[AES256_GCM,data:DivMUwY9PoVnfwbjRV0O1me9xstdzU0C6YMnHn1xIX3JOXDP5wL8Tkt+9+W+oRXYY5E7B7RF83mylg0saLilA8W0nupjM8kJGlLvoGYvhN0isETSG0k/3YK6TRWJ72CG/WiAZNLnSBBJiZx53Xety7rrfqEXfhwm5pK+KVpZbHk=,iv:Bn0U2LkJ5RzCavx//XMcCkUn9+cMNDhzHnKDvD55oB8=,tag:WYzhR04pevAEfBdsNMlbYw==,type:str]
   pgp: []
   encrypted_regex: ^(data|stringData)$
   version: 3.9.1

kubernetes/lianalabs/apps/database/minio/app/secret.sops.yaml

@@ -5,8 +5,8 @@ metadata:
   name: minio
   namespace: storage
 stringData:
-  MINIO_ROOT_USER: ENC[AES256_GCM,data:9dZi+UY=,iv:7OwY8tKc98aYXuGPk3rRRyNg78PeiXRrFav0+WngS2I=,tag:kcqsDX+07lRlnTV3KdruOA==,type:str]
-  MINIO_ROOT_PASSWORD: ENC[AES256_GCM,data:wOZ7WGYCnjev+lsZNI5RN91n0q8dt0LaznKdXw==,iv:N1tAWXIObiGiuWNaIFQCJSl3VBDdGb6Qqxkhvh5X7/8=,tag:BOQt+a3TydPFCjxWr7OtYw==,type:str]
+  MINIO_ROOT_USER: ENC[AES256_GCM,data:LrebSHA=,iv:gawVYARJvesu/JFLPSiJxdAmzifRo87i7jz+bS97zno=,tag:vubz8vWNtNex5ma60je5Eg==,type:str]
+  MINIO_ROOT_PASSWORD: ENC[AES256_GCM,data:sFFPjiW/q+HmapZVZ8f7qaj8RYNbqDqmpuYSKw==,iv:SnxoTn7vwXyETgbdDy+VaBFtwWTZrOjm/gRlyz2WKbg=,tag:HsLjWILUpgUNB8MpKX9LEQ==,type:str]
 sops:
   kms: []
   gcp_kms: []
@@ -16,14 +16,14 @@ sops:
     - recipient: age19nu7uf8dageqlmzk23x7vl24fpn0l7cq20l3l4xxf2sk2xd5h98qss437p
       enc: |
         -----BEGIN AGE ENCRYPTED FILE-----
-        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlbFBYeVczeDZwT0VNUDgx
-        bUtidHVpVFdJODJMMHZPZWZFQWNlL0k0T2xvCnVzWStYNUlnRHdBR29sUzFRd2l2
-        UlFRYjVFNEpUU2d5MW9PTkg0MU9mbUUKLS0tIFRIMzdDTG5uc3QzWGp6ZVUrSWJJ
-        ZEFUcDJKUm9KaFUrdDYyTHk3eThMMjAKgkotzWGfJJgY9qDM+XP/jHlyOxBO0AFg
-        f3gAMj5OGrNSEgF08ldeQaFHTRGfugz9Q6yS/TaJaJaBvbD4pi5tgg==
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6SFZrSjMxREtmNjlML2p1
+        dFVWYkFqTk5vcGV6UE5UbWR5NXZqc1dqZUVrCmlaUnlyUDF5aVlvdXdZa3U3WW94
+        enJSQXlMK2FBL0tMMm45K1AvNUtqdTgKLS0tIFhCTFR0RGlVL25DT1FVbTVUT04z
+        cEJHNHREcWNINlVHSTJucWxiQTBSKzgKsEW+bUpW6m6dEGvZEyzebjjX/m4+khrN
+        cjl40uIhOidKUv7XjPUwiAindaFuZYcbHDF7XcebXm0PBYtiC+RJAg==
         -----END AGE ENCRYPTED FILE-----
-  lastmodified: "2024-11-11T16:54:24Z"
-  mac: ENC[AES256_GCM,data:lPuaYAB7oB9PCMPUkda9B7e6TDmQKGvhECkbECHAwgG8ZYqF5Dh9faQXjn67/AtiVDrbskq3xSIx7ZkPGcu9gZMip2kLex9C93iyXrMRoC1ktEYspMf9GnelqjZS6SWM+lbIhHIvL/09VXFNW0u2nzgP8KRV0u5T0pP/8x7rA8c=,iv:Sua0M5UW/TvGYSFRBddYzjdcmEokbxdglZJeedfDKLk=,tag:BmaOCusZ4vjxidWKVHPe7g==,type:str]
+  lastmodified: "2024-11-14T05:33:44Z"
+  mac: ENC[AES256_GCM,data:brdkOeahLXL51R/3Xqnfj3r57e6DX65o4Ln1L4Y9H/F+3lNSE+1HR/+RkLecZnmMFnQFTuz3tMvTnI4Bj0vgbGvVCMpfwxp7vhV++h3sdCjoF5Lme05Kq0i3qK+gt7ZZkrlCnhv9nGdLv5YHruafIZPg8SEJCOwIK1F7XaTkHmk=,iv:UwoBhenHPh1YcpL0s9jop5S7SbYua6VoUho6lM8AxRc=,tag:Oxu12rXr7wH7d84DYKN88Q==,type:str]
   pgp: []
   encrypted_regex: ^(data|stringData)$
   version: 3.9.1

kubernetes/lianalabs/apps/labs/homepage/app/resources/services.yaml

@@ -1,2 +1,58 @@
 ---
+- Network:
+  #    - OPNsense:
+  #        href: https://opnsense.${SECRET_OLD_DOMAIN}
+  #        siteMonitor: https://opnsense.${SECRET_OLD_DOMAIN}
+  #        icon: opnsense
+  #        description: RSS feed
+  #        widget:
+  #          type: opnsense
+  #          url: https://opnsense.${SECRET_OLD_DOMAIN}
+  #          key: "{{HOMEPAGE_VAR_OPNSENSE_TOKEN}}"
 - Services:
+    - Miniflux:
+        href: https://rss.${SECRET_INTERNAL_DOMAIN}
+        siteMonitor: http://miniflux.labs.svc.cluster.local/healthcheck
+        icon: miniflux
+        description: RSS feed
+        widget:
+          type: miniflux
+          url: http://miniflux.labs.svc.cluster.local
+          key: "{{HOMEPAGE_VAR_MINIFLUX_TOKEN}}"
+- Media:
+    - Jellyfin:
+        href: https://${SECRET_MEDIA_DOMAIN}
+        siteMonitor: https://${SECRET_MEDIA_DOMAIN}
+        icon: jellyfin
+        description: Media streaming
+        widget:
+          type: jellyfin
+          url: https://${SECRET_MEDIA_DOMAIN}
+          key: "{{HOMEPAGE_VAR_JELLYFIN_TOKEN}}"
+    - Jellyfin:
+        href: https://jellyseerr.${SECRET_MEDIA_DOMAIN}
+        siteMonitor: https://jellyseerr.${SECRET_MEDIA_DOMAIN}
+        icon: jellyseerr
+        description: Media requests
+        widget:
+          type: jellyseerr
+          url: https://jellyseerr.${SECRET_MEDIA_DOMAIN}
+          key: "{{HOMEPAGE_VAR_JELLYSEERR_TOKEN}}"
+    - Sonarr:
+        href: https://sonarr.${SECRET_MEDIA_DOMAIN}
+        siteMonitor: https://sonarr.${SECRET_MEDIA_DOMAIN}
+        icon: sonarr
+        description: TV
+        widget:
+          type: sonarr
+          url: https://sonarr.${SECRET_MEDIA_DOMAIN}
+          key: "{{HOMEPAGE_VAR_SONARR_TOKEN}}"
+    - Radarr:
+        href: https://radarr.${SECRET_MEDIA_DOMAIN}
+        siteMonitor: https://radarr.${SECRET_MEDIA_DOMAIN}
+        icon: radarr
+        description: Movies
+        widget:
+          type: radarr
+          url: https://radarr.${SECRET_MEDIA_DOMAIN}
+          key: "{{HOMEPAGE_VAR_RADARR_TOKEN}}"

kubernetes/lianalabs/apps/labs/homepage/app/resources/settings.yaml

@@ -17,6 +17,8 @@ layout:
     columns: 4
   Services:
     tab: Main
+  Tools:
+    tab: Main
   Home:
     tab: Main
   Endpoints:

kubernetes/lianalabs/apps/labs/homepage/app/secret.sops.yaml

@@ -5,10 +5,15 @@ type: Opaque
 metadata:
   name: homepage-secret
 stringData:
-  HOMEPAGE_VAR_LATITUDE: ENC[AES256_GCM,data:+OXZcv/saxs=,iv:Xa7i/EzlO9Mdp7XVoh4M7lvrjqVkMnytR4ZjEFc0zT0=,tag:rQL5ta1W7AvC00egR5rZDw==,type:str]
-  HOMEPAGE_VAR_LONGITUDE: ENC[AES256_GCM,data:KiITgqjCzUtL,iv:bJzB2ooYEA1F6ZkTQuq4oI/52jvar0xUcoSKVUGA1M4=,tag:2iA1tdp4qZuU5gzr9fJIAA==,type:str]
-  OPENWEATHERMAP_API_KEY: ENC[AES256_GCM,data:uVwEuwZ/dXVh8s0cG5kdf9yIoWUwRM8NMgMK26iQ3A==,iv:AZmxlaVbEzBOzqtjYVX57EJGSsOnTne6Viwoh9HLQz4=,tag:qkHjuZMPk0Pt8PawcyNufA==,type:str]
-  bookmarks.yaml: ENC[AES256_GCM,data:gJ8eKlgKRD85lv8BBJJrD/VAe6Fg5WPFRoL9cCawXqDtkvIk5v3vZiLAKerwOCB2DhWGKDxYClGII6LAy7L7wYmjYPZWMEHWSQjB4XcYv2cq8aMfOn85A2lLp0l3CEBoXMO4L4b5+ihXz95OHultv/2WZY8sKsHeEf3Cam+P1Ya35nO/UCC7ynAnc0nmPvG02h73CJvP0v01+0aFdZL04B6D8rPLSqb7AOp/Xpky6Ws0ecTSFjd4Q3nA2XZwHkmhLEppP7o/TrTRhbA/qbIpuvhAMlSmrpbcQ03KL8W0Tg5Vg5GztBXXyxMbZfmPils64jZUKG9f3SYQMmlurLAJi+Pl5plXOJ2Xz2IjysStl7LfgxYrJrhAXvAPHdXK0i89QIqt1wR+21vz0q2bni1KnwjwyTH4b0NxUb3cp+fVx/qnYMrAb9dBV9gNwblY+SyO/rZMjbt/vGSJnoJR+8RdHanZXWcQImdArYnn6l3CNOBo8OuPMN84vG0UzS1LTqfHciFfWfXjFDNUMMSlKQjZBmQNIKAJZtwhScXloozXl7cdXcqKjB+YrdH8LSR54nWVM/Ae+XhnxUG1yidqLAmG4+XiKatvAmL0sjxaiuNyS5q3efogW7v2GoT0kYFfXhxI6Vp09ayDucOJ1rpIx1wFkoEIXjC2sm5Np2xY5ZUpRQZQzM4Davac2PRzgHo5B1JBAOha9hLEzjKYzM3FsH9OF3f+TGinxIJWBVLhXGSb4M1AJy+PTAfDHLYfLrcFEC/622zX8R3B1L6yqZqqTooD6F51433Fs2z5OqigEYT5TVbQn1BEm3KqsxsmA8q7ZQj35ZFO8Jy/OwVClapscVf/kabE8bSPJ9OMmIqBWhE5pElP7UNij7jSt0c20id07f+9mae1e9Iq6rMe74aWCTsWHZo7labpqw7BXg==,iv:AKg+5H9CjHBOMeGZKQBE3KETVKEDykqO9yRAdRi3qrY=,tag:zqfGydIhn6yj7dSXrkcOTw==,type:str]
+  HOMEPAGE_VAR_LATITUDE: ENC[AES256_GCM,data:6/8msxUVD6Y=,iv:G0WCHGcj1k67KGcIc2bnNAJ6AweRGvfxfr8eEx/Fs7U=,tag:szQbnRCQdaYloJcUXFY4Wg==,type:str]
+  HOMEPAGE_VAR_LONGITUDE: ENC[AES256_GCM,data:Ewsx/BLnsfNu,iv:h3/XGHbpNJaw25L4Gx982M951qa22MX4uSwmrqn+sd0=,tag:nTqKsW5uHR0+xbMiW9vblA==,type:str]
+  HOMEPAGE_VAR_MINIFLUX_TOKEN: ENC[AES256_GCM,data:L+KfgG7vVcu9Wt3bjcHlgdRmYKoMrnUT6id3YCo5sVpyqgeYFGGKx/aU7A==,iv:zoVrriqZAGUysXpHofQ8MiBpATsN2lSa+35enaeuBWY=,tag:DhBi4Lf0Dt0/G7F08KsVhg==,type:str]
+  HOMEPAGE_VAR_JELLYFIN_TOKEN: ENC[AES256_GCM,data:pCPIZd3V5r2nRWvRuSxmQ8YFBx4stxFVxMtN1fMuZQ==,iv:4LpkpawRkhXmE5RUPkZak+eybUc8rpR4h9R9SoV5lQk=,tag:T5iFm1D7jY96Sgoc0EqtYw==,type:str]
+  HOMEPAGE_VAR_JELLYSEERR_TOKEN: ENC[AES256_GCM,data:ZAau0O5NxHnBIV/JNbUP9jy1bhvpjuR54vDQ7TPRXoWeuMpCVe+eaBpYCt/ayvewYvsibCOKOTJ4C9NpEzLyqGFDCA==,iv:QdaKjPdg7v+0kaZ8IF06sJbkl5yN0rPjV1jXeVzH57w=,tag:n/r0RavMr0Vv3vH4oJFiDg==,type:str]
+  HOMEPAGE_VAR_RADARR_TOKEN: ENC[AES256_GCM,data:F583uuAetTSXIbFUxu9vDnER8PLE0tXw7uo3EuAkmg==,iv:1lnx6lSMCoDSvMZl9rF7WIQlvGdw/zFRh+V8nm2CQxM=,tag:IhWlCfThuPXMHGFm5XfPww==,type:str]
+  HOMEPAGE_VAR_SONARR_TOKEN: ENC[AES256_GCM,data:Z4L8pwauevbWWixLWGT3x+ApRJrVPc+TBFWSwwE44w==,iv:8YrcrKDPRz5E17vhA0iR7cKQCNQEhjaTr4cvd4qbJYY=,tag:LWfTOQQr/FepJlRca7KRYQ==,type:str]
+  OPENWEATHERMAP_API_KEY: ENC[AES256_GCM,data:J+Rn2lVxOt6J8sFkVxgBYYl+fx7cOXVgdrBtp9rGYg==,iv:fsG90yVQL+GkLyaLyrpx1lNiYzUTmrSIiCcO/P5j4uA=,tag:XTmz1xFIx8xQLgXHdIXxEQ==,type:str]
+  bookmarks.yaml: ENC[AES256_GCM,data:zJZc7xR2sI0tNWDU8wMTwXzoV2I73hvRWFZ4bHxenOKSY0B3KuzNpaXxxURDIQZGtbxO9Bl4tEsqmzn5nKie0AoWBaTJGGDbBQoCatDsrW1Lt8xWXq1YxtKMNaf+ychSy7kDJZtJ5euf229DUBnx8kma5MYY2PmK5L+jvCf+uBeFZoIq7GeREkQpAAg2IvsznM5jC8b0x6Z1z0MawAHFAd5IoDc0A54j3YIYKjBuYuzawKNSWF7YUSiyA20l4qmj8tyvMymU+c11/O9k2dljbOzX+TB7bWrvYK2ZEJUXqIW47TFWTvrSJUrRv/OXcSMu6A6sB4PSL5pFU7zhgsCZCdOqqwZOdkRQJzC8n+oUwZTnDOOXnjE+kEdceHxQ2Yc8PpESt0/BOXxiVnt3KoXYs/V1j/TrvYcJannoR4Z314py4JlxBEgfOW/Bmut5WEX5mjwgSk7qQoHIAuVEoGtCT5/+m64eFcD5q2/WnC3M2v4M5tg28aite6alTGDM2pqQu6RCu7u1gLNcwsImey+BbC7OZhnNmwoBZVb/BX5jtk7OBQRbOV39qaJqCchjazVnN7y/8nPHQg7JaEdNuSSD6iI7sOQ7EcgdeoU0nzyTmBQ9I4F8ZNU+u5liLYPgC1c6LzzzMlGcnncPWUHSm2LGG94vQ9r12oNzH0Qif/FjIavanG1v3TyXKnfNXcB5fxZWL5Aq/hHIDXshKDF11u9vxodJ27N52tMfOf2oonronbZMyRIdmimTK46tGLNAbEy5Ph1Ak6fD3ITvmk6a0bin/LytWw+TosP9i9f88ZZx32jUa5JZo4XvTrMxOttQMEUJY0OalnQjRiWGJHTVIHBal/buhR55MgJTom+zlxHGCzXwAYqZXI+z/pntbCxunKjDZ+sDEMncN+mJJad/9mmJ1ivxffk4nzFTag==,iv:rhvKPEncOG7R05CEoZreJlImzW+6G6e0VWT25a9CA74=,tag:4/7t0I0cC2XAlq+QhHJyGA==,type:str]
 sops:
   kms: []
   gcp_kms: []
@@ -18,14 +23,14 @@ sops:
     - recipient: age19nu7uf8dageqlmzk23x7vl24fpn0l7cq20l3l4xxf2sk2xd5h98qss437p
       enc: |
         -----BEGIN AGE ENCRYPTED FILE-----
-        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5Y2V4bDZncEJOempPWkRt
-        RTF0Y0dnMFlSSlJjeTVUclUraDA0QWJ0SndzCjNWajZ5UWE4dUZwZFo0WlBwWUN2
-        SHN2YWFRSi84QUhiOTc4WFNBSWdBMGsKLS0tIFlnQW9VWTJETHlnTnUwQWNycFZq
-        aGgrOXF4c2hvU3AzVHYydmgwNndCcFkKjPeLdIRcnd451sqnT9O6dLBf/HGM+uHX
-        UU0yvGCLz12dMgJEQL8m8phUV4gzXTC8owJLZkGHc1nmz/wd9qXNRg==
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWRlhmYmx5eGdTNnZkNmU5
+        T1dDYWR4SWNKU2VZZVF1V3FVQ0pxUlFCeVQ4CjR3TTZVbzhvbVREeVlSZzMvV3E0
+        MVREci9jc3VSdlM5TWx3NmFWbVVQNzQKLS0tIHJVSjhqWW9QeXBIOVIwOUk5eWdC
+        dEpkYzB0K3o4bVRkOUF0R3NOSjRycUEKU05Q8EsSOZD5PoIPMtJr2xE/bQqAbmN+
+        0QGlae3ajfTmybwlX9X7zepxuBHpEwYCcrrCbifE4zyFIbuM8S9dfg==
         -----END AGE ENCRYPTED FILE-----
-  lastmodified: "2024-11-09T05:35:53Z"
-  mac: ENC[AES256_GCM,data:91Mnhssi4yFbnr2wwqHx4pXl2OhNHAdG+3NkvnUyOLjLkEIgKXT1u2LaEgJPyAOPqquqO17m/qy2ZhDyFqsBeSFZFOMht6oVyPop21OhnTewhwPavPqYAxj+jw8Zgu9Wb3/zRSc5jj+JbOB6WG5KLsOtdCG4G+ka3vdWrBRdVgA=,iv:l3+7zmqDAkSScJ7v+hM0p/0RnVmtsgqr4Bj7MmhVaUU=,tag:VNN7J/p4aZ3DRBITQgQnvg==,type:str]
+  lastmodified: "2024-11-14T05:33:44Z"
+  mac: ENC[AES256_GCM,data:FC0n19/bco5FNUcjV4bjccXh7KI87tOuTecCW4RzcZHVjTr6d46POpFxDPVdLJnCVtKHG1d9hQM5NuzIj0z39bCR7uxMTtSt/ixXsMmSFcQix2dTKN6Nld5HxN2B/ZJ3nU/m34WpnB1B5nqdH8URvbhfEJmCSATy13tbj0mUfZE=,iv:z3dVL2miyPpX8IYnQglo09A4jlubfGLeJTezqd4TsV8=,tag:uFKLXQwx7gvRwqRf10KhUg==,type:str]
   pgp: []
   encrypted_regex: ^(data|stringData)$
   version: 3.9.1

kubernetes/lianalabs/apps/labs/kustomization.yaml

@@ -11,3 +11,4 @@ resources:
   - ./atuin/ks.yaml
   - ./it-tools/ks.yaml
   - ./cyberchef/ks.yaml
+  - ./redlib/ks.yaml

kubernetes/lianalabs/apps/labs/redlib/app/helmrelease.yaml

@@ -0,0 +1,97 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: &app redlib
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.2.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3
+  values:
+    controllers:
+      redlib:
+        annotations:
+          reloader.stakater.com/auto: "true"
+        containers:
+          app:
+            image:
+              repository: quay.io/redlib/redlib
+              tag: latest
+            env:
+              LIBREDDIT_DEFAULT_THEME: gruvboxdark
+              LIBREDDIT_DEFAULT_WIDE: on
+              LIBREDDIT_DEFAULT_USE_HLS: on
+              LIBREDDIT_DEFAULT_HIDE_HLS_NOTIFICATION: on
+              LIBREDDIT_DEFAULT_POST_SORT: "hot"
+              LIBREDDIT_DEFAULT_SHOW_NSFW: on
+              LIBREDDIT_DEFAULT_BLUR_NSFW: on
+              TZ: ${TIMEZONE}
+            probes:
+              liveness: &probes
+                enabled: true
+                custom: true
+                spec:
+                  httpGet:
+                    path: &path /settings
+                    port: &port 8080
+                  initialDelaySeconds: 0
+                  periodSeconds: 10
+                  timeoutSeconds: 1
+                  failureThreshold: 3
+              readiness: *probes
+            resources:
+              requests:
+                cpu: 12m
+                memory: 64Mi
+              limits:
+                memory: 256Mi
+            securityContext:
+              allowPrivilegeEscalation: false
+              readOnlyRootFilesystem: true
+              capabilities:
+                drop:
+                  - ALL
+    ingress:
+      app:
+        className: traefik
+        annotations:
+          cert-manager.io/cluster-issuer: "letsencrypt-production"
+          gethomepage.dev/enabled: "true"
+          gethomepage.dev/group: Services
+          gethomepage.dev/name: Redlib
+          gethomepage.dev/description: Reddit client with privacy features
+          gethomepage.dev/icon: reddit
+        hosts:
+          - host: &host "redlib.${SECRET_INTERNAL_DOMAIN}"
+            paths: &paths
+              - path: /
+                service:
+                  identifier: app
+                  port: http
+          - host: &customHost reddit.${SECRET_INTERNAL_DOMAIN}
+            paths: *paths
+        tls:
+          - hosts:
+              - *host
+              - *customHost
+    service:
+      app:
+        controller: *app
+        ports:
+          http:
+            port: *port

kubernetes/lianalabs/apps/labs/redlib/app/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./helmrelease.yaml

kubernetes/lianalabs/apps/labs/redlib/ks.yaml

@@ -0,0 +1,26 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app redlib
+  namespace: flux-system
+spec:
+  targetNamespace: labs
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: traefik
+  path: ./kubernetes/lianalabs/apps/labs/redlib/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: k8s-gitops
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+  postBuild:
+    substitute:
+      APP: *app

kubernetes/lianalabs/apps/media/kustomization.yaml

@@ -4,3 +4,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ./namespace.yaml
+  - ./piped/ks.yaml