commit 6457a68f173487d751123fa6dd4826908b3e1441 Author: JethroC Admin Date: Sun Mar 8 17:19:04 2026 +1300 initial commit, *arr stack working, forgejo online but ssh pushing not working yet diff --git a/ceph-rbd-sc.yaml b/ceph-rbd-sc.yaml new file mode 100644 index 0000000..2f97812 --- /dev/null +++ b/ceph-rbd-sc.yaml @@ -0,0 +1,16 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +***REMOVED*** + name: ceph-rbd +provisioner: rbd.csi.ceph.com +parameters: + clusterID: 003e55bd-532b-4240-a8d6-75b784735404 + pool: pool0 + imageFormat: "2" + imageFeatures: layering + csi.storage.k8s.io/provisioner-secret-name: csi-rbd-secret + csi.storage.k8s.io/provisioner-secret-namespace: kube-system + csi.storage.k8s.io/node-stage-secret-name: csi-rbd-secret + csi.storage.k8s.io/node-stage-secret-namespace: kube-system +reclaimPolicy: Delete +allowVolumeExpansion: true diff --git a/ceph-secret.yaml b/ceph-secret.yaml new file mode 100644 index 0000000..e9f9bfe --- /dev/null +++ b/ceph-secret.yaml @@ -0,0 +1,8 @@ +***REMOVED*** +***REMOVED*** +***REMOVED*** + name: csi-rbd-secret + namespace: kube-system +***REMOVED*** + userID: k8s + userKey: AQAVVqJprYZeFBAALRdX3gJGaN/5kRNnVVadHw== diff --git a/namespaces/arr/arr-configmap.yaml b/namespaces/arr/arr-configmap.yaml new file mode 100644 index 0000000..b86fea8 --- /dev/null +++ b/namespaces/arr/arr-configmap.yaml @@ -0,0 +1,13 @@ +***REMOVED*** +kind: ConfigMap +***REMOVED*** + name: arr-config + namespace: media +data: + APP_ENV: production + DEFAULT_LANGUAGE: en_US + DEFAULT_LOCALE: equal + TZ: Pacific/Auckland + TRUSTED_PROXIES: "**" + USERNAME: jpcitadmin + PASSWORD: pm1njqt6 diff --git a/namespaces/arr/default-headers-media.yaml b/namespaces/arr/default-headers-media.yaml new file mode 100644 index 0000000..1c3159a --- /dev/null +++ b/namespaces/arr/default-headers-media.yaml @@ -0,0 +1,16 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +***REMOVED*** + name: default-headers-media + namespace: media +spec: + headers: + browserXssFilter: true + contentTypeNosniff: true + forceSTSHeader: true + stsIncludeSubdomains: true + stsPreload: true + stsSeconds: 15552000 + customFrameOptionsValue: SAMEORIGIN + customRequestHeaders: + X-Forwarded-Proto: https diff --git a/namespaces/arr/jellyfin/jellyfin-deployment.yaml b/namespaces/arr/jellyfin/jellyfin-deployment.yaml new file mode 100644 index 0000000..b7ce74f --- /dev/null +++ b/namespaces/arr/jellyfin/jellyfin-deployment.yaml @@ -0,0 +1,70 @@ +apiVersion: apps/v1 +kind: Deployment +***REMOVED*** + name: jellyfin + namespace: media +spec: + replicas: 1 + selector: + matchLabels: + app: jellyfin + template: + ***REMOVED*** + labels: + app: jellyfin + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + preference: + matchExpressions: + - key: media-transcode + operator: In + values: + - "true" + + containers: + - name: jellyfin + image: jellyfin/jellyfin:latest + + ports: + - containerPort: 8096 + + env: + - name: PUID + value: "1000" + - name: PGID + value: "1000" + - name: TZ + value: "Pacific/Auckland" + + volumeMounts: + - name: config + mountPath: /config + - name: jellyfin-media + mountPath: /media + - name: dri + mountPath: /dev/dri + - name: jellyfin-media-seagate + mountPath: /seagate + + securityContext: + privileged: true + + volumes: + - name: config + persistentVolumeClaim: + claimName: jellyfin-config + + - name: jellyfin-media + persistentVolumeClaim: + claimName: jellyfin-media + + - name: jellyfin-media-seagate + persistentVolumeClaim: + claimName: jellyfin-media-seagate + + - name: dri + hostPath: + path: /dev/dri diff --git a/namespaces/arr/jellyfin/jellyfin-deployment.yaml.old b/namespaces/arr/jellyfin/jellyfin-deployment.yaml.old new file mode 100644 index 0000000..ddae62e --- /dev/null +++ b/namespaces/arr/jellyfin/jellyfin-deployment.yaml.old @@ -0,0 +1,58 @@ +apiVersion: apps/v1 +kind: Deployment +***REMOVED*** + name: jellyfin + namespace: media +spec: + replicas: 1 + selector: + matchLabels: + app: jellyfin + template: + ***REMOVED*** + labels: + app: jellyfin + strategy: + type: Recreate + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + preference: + matchExpressions: + - key: media-transcode + operator: In + values: + - "true" + spec: + containers: + - name: jellyfin + image: jellyfin/jellyfin + volumeMounts: + - name: config + mountPath: /config + - name: videos + mountPath: /data/videos + - name: dri + mountPath: /dev/dri + securityContext: + privileged: true + ports: + - containerPort: 8096 + env: + - name: PUID + value: "1000" + - name: PGID + value: "1000" + - name: TZ + value: "Pacific/Auckland" + volumes: + - name: config + persistentVolumeClaim: + claimName: jellyfin-config + - name: videos + persistentVolumeClaim: + claimName: jellyfin-media + - name: dri + hostPath: + path: /dev/dri diff --git a/namespaces/arr/jellyfin/jellyfin-ingress.yaml b/namespaces/arr/jellyfin/jellyfin-ingress.yaml new file mode 100644 index 0000000..42aa91f --- /dev/null +++ b/namespaces/arr/jellyfin/jellyfin-ingress.yaml @@ -0,0 +1,27 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +***REMOVED*** + name: jellyfin + namespace: media +spec: + ingressClassName: traefik + rules: + - host: jellyfin.local + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: jellyfin + port: + number: 80 +# - match: Host(`movies.merox.cloud`) # change to your domain +# kind: Rule +# services: +# - name: app # radarr for example +# port: 80 +# middlewares: +# - name: default-headers-media +# tls: +# secretName: mycert-tls # change to your cert name diff --git a/namespaces/arr/jellyfin/jellyfin-pvc.yaml b/namespaces/arr/jellyfin/jellyfin-pvc.yaml new file mode 100644 index 0000000..ac7f417 --- /dev/null +++ b/namespaces/arr/jellyfin/jellyfin-pvc.yaml @@ -0,0 +1,12 @@ +***REMOVED*** +kind: PersistentVolumeClaim +***REMOVED*** + name: jellyfin-config + namespace: media +spec: + accessModes: + - ReadWriteOnce + storageClassName: local-path + resources: + requests: + storage: 10Gi diff --git a/namespaces/arr/jellyfin/jellyfin-service.yaml b/namespaces/arr/jellyfin/jellyfin-service.yaml new file mode 100644 index 0000000..8020e24 --- /dev/null +++ b/namespaces/arr/jellyfin/jellyfin-service.yaml @@ -0,0 +1,12 @@ +***REMOVED*** +kind: Service +***REMOVED*** + name: jellyfin + namespace: media +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 8096 + selector: + app: jellyfin diff --git a/namespaces/arr/media-namespace.yaml b/namespaces/arr/media-namespace.yaml new file mode 100644 index 0000000..58e999c --- /dev/null +++ b/namespaces/arr/media-namespace.yaml @@ -0,0 +1,4 @@ +***REMOVED*** +kind: Namespace +***REMOVED*** + name: media diff --git a/namespaces/arr/mediapvs/mediadownloadspv-and-pvc-seagate.yaml b/namespaces/arr/mediapvs/mediadownloadspv-and-pvc-seagate.yaml new file mode 100644 index 0000000..8353884 --- /dev/null +++ b/namespaces/arr/mediapvs/mediadownloadspv-and-pvc-seagate.yaml @@ -0,0 +1,32 @@ +#text +***REMOVED*** +kind: PersistentVolume +***REMOVED*** + name: qbittorrent-downloads-seagate +spec: + capacity: + storage: 2800Gi + accessModes: + - ReadWriteMany + nfs: + path: /media/seagate/downloads + server: 192.168.88.242 + persistentVolumeReclaimPolicy: Retain + mountOptions: + - hard + - nfsvers=3 + storageClassName: "" +--- +***REMOVED*** +kind: PersistentVolumeClaim +***REMOVED*** + name: qbittorrent-downloads-seagate + namespace: media +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 2800Gi + volumeName: qbittorrent-downloads-seagate + storageClassName: "" diff --git a/namespaces/arr/mediapvs/mediadownloadspv-and-pvc.yaml b/namespaces/arr/mediapvs/mediadownloadspv-and-pvc.yaml new file mode 100644 index 0000000..a4fa60e --- /dev/null +++ b/namespaces/arr/mediapvs/mediadownloadspv-and-pvc.yaml @@ -0,0 +1,32 @@ +#text +***REMOVED*** +kind: PersistentVolume +***REMOVED*** + name: qbittorrent-downloads +spec: + capacity: + storage: 1900Gi + accessModes: + - ReadWriteMany + nfs: + path: /media/storage/downloads + server: 192.168.88.242 + persistentVolumeReclaimPolicy: Retain + mountOptions: + - hard + - nfsvers=3 + storageClassName: "" +--- +***REMOVED*** +kind: PersistentVolumeClaim +***REMOVED*** + name: qbittorrent-downloads + namespace: media +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1900Gi + volumeName: qbittorrent-downloads + storageClassName: "" diff --git a/namespaces/arr/mediapvs/mediapv-and-pvc-seagate.yaml b/namespaces/arr/mediapvs/mediapv-and-pvc-seagate.yaml new file mode 100644 index 0000000..16290e2 --- /dev/null +++ b/namespaces/arr/mediapvs/mediapv-and-pvc-seagate.yaml @@ -0,0 +1,31 @@ +***REMOVED*** +kind: PersistentVolume +***REMOVED*** + name: jellyfin-media-seagate +spec: + capacity: + storage: 2800Gi + accessModes: + - ReadWriteMany + nfs: + path: /media/seagate + server: 192.168.88.242 + persistentVolumeReclaimPolicy: Retain + mountOptions: + - hard + - nfsvers=3 + storageClassName: "" +--- +***REMOVED*** +kind: PersistentVolumeClaim +***REMOVED*** + name: jellyfin-media-seagate + namespace: media +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 2800Gi + volumeName: jellyfin-media-seagate + storageClassName: "" diff --git a/namespaces/arr/mediapvs/mediapv-and-pvc.yaml b/namespaces/arr/mediapvs/mediapv-and-pvc.yaml new file mode 100644 index 0000000..45e841b --- /dev/null +++ b/namespaces/arr/mediapvs/mediapv-and-pvc.yaml @@ -0,0 +1,31 @@ +***REMOVED*** +kind: PersistentVolume +***REMOVED*** + name: jellyfin-media +spec: + capacity: + storage: 1900Gi + accessModes: + - ReadWriteMany + nfs: + path: /media/storage + server: 192.168.88.242 + persistentVolumeReclaimPolicy: Retain + mountOptions: + - hard + - nfsvers=3 + storageClassName: "" +--- +***REMOVED*** +kind: PersistentVolumeClaim +***REMOVED*** + name: jellyfin-media + namespace: media +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1900Gi + volumeName: jellyfin-media + storageClassName: "" diff --git a/namespaces/arr/plex/plex-deployment.yaml b/namespaces/arr/plex/plex-deployment.yaml new file mode 100644 index 0000000..d2c2d1e --- /dev/null +++ b/namespaces/arr/plex/plex-deployment.yaml @@ -0,0 +1,32 @@ +apiVersion: apps/v1 +kind: Deployment +***REMOVED*** + name: plex + namespace: media +spec: + replicas: 1 + selector: + matchLabels: + app: plex + template: + ***REMOVED*** + labels: + app: plex + spec: + containers: + - name: plex + image: lscr.io/linuxserver/plex + volumeMounts: + - name: config + mountPath: /config + - name: videos + mountPath: /data/videos + ports: + - containerPort: 8096 + volumes: + - name: config + persistentVolumeClaim: + claimName: jellyfin-config + - name: videos + persistentVolumeClaim: + claimName: jellyfin-videos diff --git a/namespaces/arr/plex/plex-ingress.yaml b/namespaces/arr/plex/plex-ingress.yaml new file mode 100644 index 0000000..c2f271f --- /dev/null +++ b/namespaces/arr/plex/plex-ingress.yaml @@ -0,0 +1,27 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +***REMOVED*** + name: plex + namespace: media +spec: + ingressClassName: traefik + rules: + - host: plex.local + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: plex + port: + number: 80 +# - match: Host(`movies.merox.cloud`) # change to your domain +# kind: Rule +# services: +# - name: app # radarr for example +# port: 80 +# middlewares: +# - name: default-headers-media +# tls: +# secretName: mycert-tls # change to your cert name diff --git a/namespaces/arr/plex/plex-service.yaml b/namespaces/arr/plex/plex-service.yaml new file mode 100644 index 0000000..601b95f --- /dev/null +++ b/namespaces/arr/plex/plex-service.yaml @@ -0,0 +1,12 @@ +***REMOVED*** +kind: Service +***REMOVED*** + name: plex + namespace: media +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 32400 + selector: + app: plex diff --git a/namespaces/arr/prowlarr/prowlarr-config.yaml b/namespaces/arr/prowlarr/prowlarr-config.yaml new file mode 100644 index 0000000..aa9473e --- /dev/null +++ b/namespaces/arr/prowlarr/prowlarr-config.yaml @@ -0,0 +1,44 @@ +apiVersion: apps/v1 +kind: Deployment +***REMOVED*** + name: prowlarr + namespace: media +spec: + replicas: 1 + selector: + matchLabels: + app: prowlarr + template: + ***REMOVED*** + labels: + app: prowlarr + spec: +# InitContainer to fix permissions on the storage directory + initContainers: + - name: init-storage + image: busybox + command: + - sh + - -c + - | + mkdir -p /config && chown -R 33:33 /config + volumeMounts: + - name: config + mountPath: /config + containers: + - name: prowlarr + image: linuxserver/prowlarr + env: + - name: PUID + value: "1000" + - name: PGID + value: "1000" + volumeMounts: + - name: config + mountPath: /config + ports: + - containerPort: 9696 + volumes: + - name: config + persistentVolumeClaim: + claimName: prowlarr-config diff --git a/namespaces/arr/prowlarr/prowlarr-ingress.yaml b/namespaces/arr/prowlarr/prowlarr-ingress.yaml new file mode 100644 index 0000000..3008ed4 --- /dev/null +++ b/namespaces/arr/prowlarr/prowlarr-ingress.yaml @@ -0,0 +1,27 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +***REMOVED*** + name: prowlarr + namespace: media +spec: + ingressClassName: traefik + rules: + - host: prowlarr.local + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: prowlarr + port: + number: 80 +# - match: Host(`movies.merox.cloud`) # change to your domain +# kind: Rule +# services: +# - name: app # radarr for example +# port: 80 +# middlewares: +# - name: default-headers-media +# tls: +# secretName: mycert-tls # change to your cert name diff --git a/namespaces/arr/prowlarr/prowlarr-pvc.yaml b/namespaces/arr/prowlarr/prowlarr-pvc.yaml new file mode 100644 index 0000000..9ff947a --- /dev/null +++ b/namespaces/arr/prowlarr/prowlarr-pvc.yaml @@ -0,0 +1,12 @@ +***REMOVED*** +kind: PersistentVolumeClaim +***REMOVED*** + name: prowlarr-config + namespace: media +spec: + accessModes: + - ReadWriteOnce + storageClassName: ceph-rbd + resources: + requests: + storage: 500Mi diff --git a/namespaces/arr/prowlarr/prowlarr-service.yaml b/namespaces/arr/prowlarr/prowlarr-service.yaml new file mode 100644 index 0000000..a493ff6 --- /dev/null +++ b/namespaces/arr/prowlarr/prowlarr-service.yaml @@ -0,0 +1,12 @@ +***REMOVED*** +kind: Service +***REMOVED*** + name: prowlarr + namespace: media +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 9696 + selector: + app: prowlarr diff --git a/namespaces/arr/qbittorrent/qbittorrent-deployment.yaml b/namespaces/arr/qbittorrent/qbittorrent-deployment.yaml new file mode 100644 index 0000000..b7efd29 --- /dev/null +++ b/namespaces/arr/qbittorrent/qbittorrent-deployment.yaml @@ -0,0 +1,42 @@ +apiVersion: apps/v1 +kind: Deployment +***REMOVED*** + name: qbittorrent + namespace: media +spec: + replicas: 1 + selector: + matchLabels: + app: qbittorrent + template: + ***REMOVED*** + labels: + app: qbittorrent + spec: + containers: + - name: qbittorrent + image: linuxserver/qbittorrent + resources: + limits: + memory: "2Gi" + requests: + memory: "512Mi" + env: + - name: PUID + value: "1000" + - name: PGID + value: "1000" + volumeMounts: + - name: config + mountPath: /config + - name: downloads + mountPath: /downloads + ports: + - containerPort: 8080 + volumes: + - name: config + persistentVolumeClaim: + claimName: qbittorrent-config + - name: downloads + persistentVolumeClaim: + claimName: qbittorrent-downloads diff --git a/namespaces/arr/qbittorrent/qbittorrent-ingress.yaml b/namespaces/arr/qbittorrent/qbittorrent-ingress.yaml new file mode 100644 index 0000000..1f4f48a --- /dev/null +++ b/namespaces/arr/qbittorrent/qbittorrent-ingress.yaml @@ -0,0 +1,27 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +***REMOVED*** + name: qbittorrent + namespace: media +spec: + ingressClassName: traefik + rules: + - host: qbittorrent.local + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: qbittorrent + port: + number: 80 +# - match: Host(`movies.merox.cloud`) # change to your domain +# kind: Rule +# services: +# - name: app # radarr for example +# port: 80 +# middlewares: +# - name: default-headers-media +# tls: +# secretName: mycert-tls # change to your cert name diff --git a/namespaces/arr/qbittorrent/qbittorrent-pvc.yaml b/namespaces/arr/qbittorrent/qbittorrent-pvc.yaml new file mode 100644 index 0000000..0123b30 --- /dev/null +++ b/namespaces/arr/qbittorrent/qbittorrent-pvc.yaml @@ -0,0 +1,12 @@ +***REMOVED*** +kind: PersistentVolumeClaim +***REMOVED*** + name: qbittorrent-config + namespace: media +spec: + accessModes: + - ReadWriteOnce + storageClassName: local-path + resources: + requests: + storage: 500Mi diff --git a/namespaces/arr/qbittorrent/qbittorrent-service.yaml b/namespaces/arr/qbittorrent/qbittorrent-service.yaml new file mode 100644 index 0000000..ebb6cac --- /dev/null +++ b/namespaces/arr/qbittorrent/qbittorrent-service.yaml @@ -0,0 +1,12 @@ +***REMOVED*** +kind: Service +***REMOVED*** + name: qbittorrent + namespace: media +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 8080 + selector: + app: qbittorrent diff --git a/namespaces/arr/radarr/radarr-deployment.yaml b/namespaces/arr/radarr/radarr-deployment.yaml new file mode 100644 index 0000000..e0adf50 --- /dev/null +++ b/namespaces/arr/radarr/radarr-deployment.yaml @@ -0,0 +1,42 @@ +apiVersion: apps/v1 +kind: Deployment +***REMOVED*** + name: radarr + namespace: media +spec: + replicas: 1 + selector: + matchLabels: + app: radarr + template: + ***REMOVED*** + labels: + app: radarr + spec: + containers: + - name: radarr + image: linuxserver/radarr + env: + - name: PUID + value: "1000" + - name: PGID + value: "1000" + volumeMounts: + - name: config + mountPath: /config + - name: videos + mountPath: /movies + - name: downloads + mountPath: /downloads + ports: + - containerPort: 7878 + volumes: + - name: config + persistentVolumeClaim: + claimName: radarr-config + - name: videos + persistentVolumeClaim: + claimName: jellyfin-media + - name: downloads + persistentVolumeClaim: + claimName: qbittorrent-downloads diff --git a/namespaces/arr/radarr/radarr-ingress.yaml b/namespaces/arr/radarr/radarr-ingress.yaml new file mode 100644 index 0000000..3c98e31 --- /dev/null +++ b/namespaces/arr/radarr/radarr-ingress.yaml @@ -0,0 +1,27 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +***REMOVED*** + name: radarr + namespace: media +spec: + ingressClassName: traefik + rules: + - host: radarr.local + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: radarr + port: + number: 80 +# - match: Host(`movies.merox.cloud`) # change to your domain +# kind: Rule +# services: +# - name: app # radarr for example +# port: 80 +# middlewares: +# - name: default-headers-media +# tls: +# secretName: mycert-tls # change to your cert name diff --git a/namespaces/arr/radarr/radarr-pvc.yaml b/namespaces/arr/radarr/radarr-pvc.yaml new file mode 100644 index 0000000..7a84060 --- /dev/null +++ b/namespaces/arr/radarr/radarr-pvc.yaml @@ -0,0 +1,12 @@ +***REMOVED*** +kind: PersistentVolumeClaim +***REMOVED*** + name: radarr-config + namespace: media +spec: + accessModes: + - ReadWriteOnce + storageClassName: ceph-rbd + resources: + requests: + storage: 500Mi diff --git a/namespaces/arr/radarr/radarr-service.yaml b/namespaces/arr/radarr/radarr-service.yaml new file mode 100644 index 0000000..2d2ff0b --- /dev/null +++ b/namespaces/arr/radarr/radarr-service.yaml @@ -0,0 +1,12 @@ +***REMOVED*** +kind: Service +***REMOVED*** + name: radarr + namespace: media +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 7878 + selector: + app: radarr diff --git a/namespaces/arr/sonarr/sonarr-deployment.yaml b/namespaces/arr/sonarr/sonarr-deployment.yaml new file mode 100644 index 0000000..855e23a --- /dev/null +++ b/namespaces/arr/sonarr/sonarr-deployment.yaml @@ -0,0 +1,53 @@ +apiVersion: apps/v1 +kind: Deployment +***REMOVED*** + name: sonarr + namespace: media +spec: + replicas: 1 + selector: + matchLabels: + app: sonarr + template: + ***REMOVED*** + labels: + app: sonarr + spec: + initContainers: + - name: init-storage + image: busybox + command: + - sh + - -c + - | + mkdir -p /config && chown -R 33:33 /config + volumeMounts: + - name: config + mountPath: /config + containers: + - name: sonarr + image: linuxserver/sonarr + env: + - name: PUID + value: "1000" + - name: PGID + value: "1000" + volumeMounts: + - name: config + mountPath: /config + - name: videos + mountPath: /tv + - name: downloads + mountPath: /downloads + ports: + - containerPort: 8989 + volumes: + - name: config + persistentVolumeClaim: + claimName: sonarr-config + - name: videos + persistentVolumeClaim: + claimName: jellyfin-media + - name: downloads + persistentVolumeClaim: + claimName: qbittorrent-downloads diff --git a/namespaces/arr/sonarr/sonarr-ingress.yaml b/namespaces/arr/sonarr/sonarr-ingress.yaml new file mode 100644 index 0000000..1a775e7 --- /dev/null +++ b/namespaces/arr/sonarr/sonarr-ingress.yaml @@ -0,0 +1,27 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +***REMOVED*** + name: sonarr + namespace: media +spec: + ingressClassName: traefik + rules: + - host: sonarr.local + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: sonarr + port: + number: 80 +# - match: Host(`movies.merox.cloud`) # change to your domain +# kind: Rule +# services: +# - name: app # radarr for example +# port: 80 +# middlewares: +# - name: default-headers-media +# tls: +# secretName: mycert-tls # change to your cert name diff --git a/namespaces/arr/sonarr/sonarr-pvc.yaml b/namespaces/arr/sonarr/sonarr-pvc.yaml new file mode 100644 index 0000000..f408e41 --- /dev/null +++ b/namespaces/arr/sonarr/sonarr-pvc.yaml @@ -0,0 +1,12 @@ +***REMOVED*** +kind: PersistentVolumeClaim +***REMOVED*** + name: sonarr-config + namespace: media +spec: + accessModes: + - ReadWriteOnce + storageClassName: ceph-rbd + resources: + requests: + storage: 500Mi diff --git a/namespaces/arr/sonarr/sonarr-service.yaml b/namespaces/arr/sonarr/sonarr-service.yaml new file mode 100644 index 0000000..260b693 --- /dev/null +++ b/namespaces/arr/sonarr/sonarr-service.yaml @@ -0,0 +1,12 @@ +***REMOVED*** +kind: Service +***REMOVED*** + name: sonarr + namespace: media +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 8989 + selector: + app: sonarr diff --git a/namespaces/fireflyiii/firefly-app.yaml b/namespaces/fireflyiii/firefly-app.yaml new file mode 100644 index 0000000..705e37e --- /dev/null +++ b/namespaces/fireflyiii/firefly-app.yaml @@ -0,0 +1,78 @@ +***REMOVED*** +***REMOVED*** +***REMOVED*** + name: firefly-secret + namespace: firefly +***REMOVED*** +***REMOVED*** + APP_KEY: mGZYm25jttwFptoskC+qcprTY23iHArM +--- +apiVersion: apps/v1 +kind: Deployment +***REMOVED*** + name: firefly + namespace: firefly +spec: + replicas: 1 + selector: + matchLabels: + app: firefly + template: + ***REMOVED*** + labels: + app: firefly + spec: + # InitContainer to fix permissions on the storage directory + initContainers: + - name: init-storage + image: busybox + command: + - sh + - -c + - | + mkdir -p /var/www/html/storage && chown -R 33:33 /var/www/html/storage + volumeMounts: + - name: firefly-data + mountPath: /var/www/html/storage + containers: + - name: firefly + image: fireflyiii/core:latest + ports: + - containerPort: 8080 + envFrom: + - configMapRef: + name: firefly-config + - secretRef: + name: firefly-secret + volumeMounts: + - name: firefly-data + mountPath: /var/www/html/storage + volumes: + - name: firefly-data + persistentVolumeClaim: + claimName: firefly-data +--- +***REMOVED*** +kind: PersistentVolumeClaim +***REMOVED*** + name: firefly-data + namespace: firefly +spec: + accessModes: + - ReadWriteOnce + storageClassName: ceph-rbd + resources: + requests: + storage: 5Gi +--- +***REMOVED*** +kind: Service +***REMOVED*** + name: firefly + namespace: firefly +spec: + ports: + - port: 80 + targetPort: 8080 + selector: + app: firefly diff --git a/namespaces/fireflyiii/firefly-app.yaml.old b/namespaces/fireflyiii/firefly-app.yaml.old new file mode 100644 index 0000000..573b3bb --- /dev/null +++ b/namespaces/fireflyiii/firefly-app.yaml.old @@ -0,0 +1,83 @@ +***REMOVED*** +***REMOVED*** +***REMOVED*** + name: firefly-secret + namespace: firefly +***REMOVED*** +***REMOVED*** + APP_KEY: RIJCNjIgmM+46tFaOznt00MadL0O0SrJnp1MzPPz/lo= +--- +apiVersion: apps/v1 +kind: Deployment +***REMOVED*** + name: firefly + namespace: firefly +spec: + replicas: 1 + selector: + matchLabels: + app: firefly + template: + ***REMOVED*** + labels: + app: firefly + spec: + containers: + - name: firefly + image: fireflyiii/core:latest + ports: + - containerPort: 8080 + env: + - name: DB_CONNECTION + value: pgsql + - name: DB_HOST + value: postgres + - name: DB_PORT + value: "5432" + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: postgres-secret + key: POSTGRES_DB + - name: DB_USERNAME + valueFrom: + secretKeyRef: + name: postgres-secret + key: POSTGRES_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: postgres-secret + key: POSTGRES_PASSWORD + volumeMounts: + - name: firefly-data + mountPath: /var/www/html/storage + volumes: + - name: firefly-data + persistentVolumeClaim: + claimName: firefly-data +--- +***REMOVED*** +kind: PersistentVolumeClaim +***REMOVED*** + name: firefly-data + namespace: firefly +spec: + accessModes: + - ReadWriteOnce + storageClassName: ceph-rbd + resources: + requests: + storage: 5Gi +--- +***REMOVED*** +kind: Service +***REMOVED*** + name: firefly + namespace: firefly +spec: + ports: + - port: 80 + targetPort: 8080 + selector: + app: firefly diff --git a/namespaces/fireflyiii/firefly-app.yaml.old.new b/namespaces/fireflyiii/firefly-app.yaml.old.new new file mode 100644 index 0000000..fa09de7 --- /dev/null +++ b/namespaces/fireflyiii/firefly-app.yaml.old.new @@ -0,0 +1,100 @@ +***REMOVED*** +***REMOVED*** +***REMOVED*** + name: firefly-secret + namespace: firefly +***REMOVED*** +***REMOVED*** + APP_KEY: mGZYm25jttwFptoskC+qcprTY23iHArM +--- +apiVersion: apps/v1 +kind: Deployment +***REMOVED*** + name: firefly + namespace: firefly +spec: + replicas: 1 + selector: + matchLabels: + app: firefly + template: + ***REMOVED*** + labels: + app: firefly + spec: + # InitContainer to fix permissions on the storage directory + initContainers: + - name: init-storage + image: busybox + command: + - sh + - -c + - | + mkdir -p /var/www/html/storage && chown -R 33:33 /var/www/html/storage + volumeMounts: + - name: firefly-data + mountPath: /var/www/html/storage + containers: + - name: firefly + image: fireflyiii/core:latest + ports: + - containerPort: 8080 + env: + - name: DB_CONNECTION + value: pgsql + - name: DB_HOST + value: postgres + - name: DB_PORT + value: "5432" + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: postgres-secret + key: POSTGRES_DB + - name: DB_USERNAME + valueFrom: + secretKeyRef: + name: postgres-secret + key: POSTGRES_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: postgres-secret + key: POSTGRES_PASSWORD + - name: APP_KEY + valueFrom: + secretKeyRef: + name: firefly-secret + key: APP_KEY + volumeMounts: + - name: firefly-data + mountPath: /var/www/html/storage + volumes: + - name: firefly-data + persistentVolumeClaim: + claimName: firefly-data +--- +***REMOVED*** +kind: PersistentVolumeClaim +***REMOVED*** + name: firefly-data + namespace: firefly +spec: + accessModes: + - ReadWriteOnce + storageClassName: ceph-rbd + resources: + requests: + storage: 5Gi +--- +***REMOVED*** +kind: Service +***REMOVED*** + name: firefly + namespace: firefly +spec: + ports: + - port: 80 + targetPort: 8080 + selector: + app: firefly diff --git a/namespaces/fireflyiii/firefly-cm.yaml b/namespaces/fireflyiii/firefly-cm.yaml new file mode 100644 index 0000000..14bad97 --- /dev/null +++ b/namespaces/fireflyiii/firefly-cm.yaml @@ -0,0 +1,58 @@ +***REMOVED*** +kind: ConfigMap +***REMOVED*** + name: firefly-config + namespace: firefly +data: + APP_ENV: production + APP_DEBUG: "false" + SITE_OWNER: jethro.cotton3@gmail.com + DEFAULT_LANGUAGE: en_US + DEFAULT_LOCALE: equal + TZ: Pacific/Auckland + TRUSTED_PROXIES: "**" + LOG_CHANNEL: stack + APP_LOG_LEVEL: notice + AUDIT_LOG_LEVEL: emergency + DB_CONNECTION: pgsql + DB_HOST: postgres + DB_PORT: "5432" + DB_DATABASE: firefly + DB_USERNAME: firefly + PGSQL_SSL_MODE: prefer + PGSQL_SCHEMA: public + CACHE_DRIVER: file + SESSION_DRIVER: file + REDIS_SCHEME: tcp + REDIS_HOST: 127.0.0.1 + REDIS_PORT: "6379" + REDIS_DB: "0" + REDIS_CACHE_DB: "1" + COOKIE_PATH: "/" + COOKIE_SECURE: "false" + COOKIE_SAMESITE: lax + MAIL_MAILER: log + MAIL_HOST: smtp.gmail.com + MAIL_PORT: "587" + MAIL_FROM: jethro.cotton3@gmail.com + MAIL_ENCRYPTION: null + SEND_ERROR_MESSAGE: "true" + SEND_REPORT_JOURNALS: "true" + ENABLE_EXTERNAL_MAP: "false" + ENABLE_EXTERNAL_RATES: "false" + MAP_DEFAULT_LAT: "51.983333" + MAP_DEFAULT_LONG: "5.916667" + MAP_DEFAULT_ZOOM: "6" + AUTHENTICATION_GUARD: web + AUTHENTICATION_GUARD_HEADER: REMOTE_USER + DISABLE_FRAME_HEADER: "false" + DISABLE_CSP_HEADER: "false" + ALLOW_WEBHOOKS: "false" + DKR_BUILD_LOCALE: "false" + DKR_CHECK_SQLITE: "true" + APP_NAME: FireflyIII + BROADCAST_DRIVER: log + QUEUE_DRIVER: sync + CACHE_PREFIX: firefly + FIREFLY_III_LAYOUT: v1 + APP_URL: http://firefly_iii_core diff --git a/namespaces/fireflyiii/firefly-ingress.yaml b/namespaces/fireflyiii/firefly-ingress.yaml new file mode 100644 index 0000000..236e94c --- /dev/null +++ b/namespaces/fireflyiii/firefly-ingress.yaml @@ -0,0 +1,18 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +***REMOVED*** + name: firefly + namespace: firefly +spec: + ingressClassName: traefik + rules: + - host: firefly.local + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: firefly + port: + number: 80 diff --git a/namespaces/fireflyiii/firefly-namespace.yaml b/namespaces/fireflyiii/firefly-namespace.yaml new file mode 100644 index 0000000..4fe4afc --- /dev/null +++ b/namespaces/fireflyiii/firefly-namespace.yaml @@ -0,0 +1,4 @@ +***REMOVED*** +kind: Namespace +***REMOVED*** + name: firefly diff --git a/namespaces/fireflyiii/firefly-postgres.yaml b/namespaces/fireflyiii/firefly-postgres.yaml new file mode 100644 index 0000000..7c434a1 --- /dev/null +++ b/namespaces/fireflyiii/firefly-postgres.yaml @@ -0,0 +1,72 @@ +***REMOVED*** +***REMOVED*** +***REMOVED*** + name: postgres-secret + namespace: firefly +***REMOVED*** +***REMOVED*** + POSTGRES_DB: firefly + POSTGRES_USER: firefly + POSTGRES_PASSWORD: pm1njqt6ulc92231 +--- +apiVersion: apps/v1 +kind: StatefulSet +***REMOVED*** + name: postgres + namespace: firefly +spec: + serviceName: postgres + replicas: 1 + selector: + matchLabels: + app: postgres + template: + ***REMOVED*** + labels: + app: postgres + spec: + initContainers: + - name: init-postgres-dir + image: busybox + command: + - sh + - -c + - | + mkdir -p /var/lib/postgresql/data/pgdata && chown -R 999:999 /var/lib/postgresql/data + volumeMounts: + - name: postgres-data + mountPath: /var/lib/postgresql/data + containers: + - name: postgres + image: postgres:15 + envFrom: + - secretRef: + name: postgres-secret + env: + - name: PGDATA + value: /var/lib/postgresql/data/pgdata + ports: + - containerPort: 5432 + volumeMounts: + - name: postgres-data + mountPath: /var/lib/postgresql/data + volumeClaimTemplates: + - ***REMOVED*** + name: postgres-data + spec: + accessModes: ["ReadWriteOnce"] + storageClassName: ceph-rbd + resources: + requests: + storage: 10Gi +--- +***REMOVED*** +kind: Service +***REMOVED*** + name: postgres + namespace: firefly +spec: + ports: + - port: 5432 + selector: + app: postgres diff --git a/namespaces/fireflyiii/firefly-secret.yaml b/namespaces/fireflyiii/firefly-secret.yaml new file mode 100644 index 0000000..7febbee --- /dev/null +++ b/namespaces/fireflyiii/firefly-secret.yaml @@ -0,0 +1,12 @@ +***REMOVED*** +***REMOVED*** +***REMOVED*** + name: firefly-secret + namespace: firefly +***REMOVED*** +***REMOVED*** + APP_KEY: mGZYm25jttwFptoskC+qcprTY23iHArM + DB_PASSWORD: pm1njqt6ulc92231 + MAIL_USERNAME: jethro.cotton3@gmail.com + MAIL_PASSWORD: wpreineebdyvzkoz + STATIC_CRON_TOKEN: jq1VaxCOKM1H3vW535qlQlpdSbz3exwu diff --git a/namespaces/forgejo/forgejo-deployment.yaml b/namespaces/forgejo/forgejo-deployment.yaml new file mode 100644 index 0000000..3c16d76 --- /dev/null +++ b/namespaces/forgejo/forgejo-deployment.yaml @@ -0,0 +1,64 @@ +apiVersion: apps/v1 +kind: Deployment +***REMOVED*** + name: forgejo + namespace: forgejo + labels: + app: forgejo +spec: + replicas: 1 + selector: + matchLabels: + app: forgejo + template: + ***REMOVED*** + labels: + app: forgejo + spec: + containers: + - name: forgejo + image: codeberg.org/forgejo/forgejo:7 + ports: + - name: http + containerPort: 3000 + protocol: TCP + - name: ssh + containerPort: 22 + protocol: TCP + env: + - name: USER_UID + value: "1000" + - name: USER_GID + value: "1000" + - name: FORGEJO__database__DB_TYPE + value: "sqlite3" + volumeMounts: + - name: forgejo-data + mountPath: /data + resources: + requests: + memory: "256Mi" + cpu: "100m" + limits: + memory: "1Gi" + cpu: "1000m" + livenessProbe: + httpGet: + path: /api/healthz + port: 3000 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /api/healthz + port: 3000 + initialDelaySeconds: 15 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 3 + volumes: + - name: forgejo-data + persistentVolumeClaim: + claimName: forgejo-pvc diff --git a/namespaces/forgejo/forgejo-ingress.yaml b/namespaces/forgejo/forgejo-ingress.yaml new file mode 100644 index 0000000..792aad6 --- /dev/null +++ b/namespaces/forgejo/forgejo-ingress.yaml @@ -0,0 +1,18 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +***REMOVED*** + name: forgejo + namespace: forgejo +spec: + ingressClassName: traefik + rules: + - host: forgejo.local + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: forgejo + port: + number: 80 diff --git a/namespaces/forgejo/forgejo-namespace.yaml b/namespaces/forgejo/forgejo-namespace.yaml new file mode 100644 index 0000000..4ab9056 --- /dev/null +++ b/namespaces/forgejo/forgejo-namespace.yaml @@ -0,0 +1,4 @@ +***REMOVED*** +kind: Namespace +***REMOVED*** + name: forgejo diff --git a/namespaces/forgejo/forgejo-pvc.yaml b/namespaces/forgejo/forgejo-pvc.yaml new file mode 100644 index 0000000..d38c1f7 --- /dev/null +++ b/namespaces/forgejo/forgejo-pvc.yaml @@ -0,0 +1,12 @@ +***REMOVED*** +kind: PersistentVolumeClaim +***REMOVED*** + name: forgejo-pvc + namespace: forgejo +spec: + accessModes: + - ReadWriteOnce + storageClassName: ceph-rbd + resources: + requests: + storage: 10Gi diff --git a/namespaces/forgejo/forgejo-service.yaml b/namespaces/forgejo/forgejo-service.yaml new file mode 100644 index 0000000..fe53ce0 --- /dev/null +++ b/namespaces/forgejo/forgejo-service.yaml @@ -0,0 +1,18 @@ +***REMOVED*** +kind: Service +***REMOVED*** + name: forgejo + namespace: forgejo +spec: + type: ClusterIP + ports: + - name: http + port: 80 + targetPort: 3000 + protocol: TCP + - name: ssh + port: 22 + targetPort: 22 + protocol: TCP + selector: + app: forgejo diff --git a/namespaces/monitoring/ingress.yaml b/namespaces/monitoring/ingress.yaml new file mode 100644 index 0000000..0729fca --- /dev/null +++ b/namespaces/monitoring/ingress.yaml @@ -0,0 +1,17 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +***REMOVED*** + name: grafana + namespace: monitoring +spec: + rules: + - host: grafana.local + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: monitoring-grafana + port: + number: 80 diff --git a/namespaces/monitoring/values.yaml b/namespaces/monitoring/values.yaml new file mode 100644 index 0000000..fb142d4 --- /dev/null +++ b/namespaces/monitoring/values.yaml @@ -0,0 +1,31 @@ +prometheus: + prometheusSpec: + retention: 15d + storageSpec: + volumeClaimTemplate: + spec: + storageClassName: local-path # change if needed + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 30Gi + +grafana: + adminPassword: "pm1njqt6" + persistence: + enabled: true + storageClassName: local-path + accessModes: + - ReadWriteOnce + size: 10Gi + +alertmanager: + alertmanagerSpec: + storage: + volumeClaimTemplate: + spec: + storageClassName: local-path + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 10Gi diff --git a/pvc.yaml b/pvc.yaml new file mode 100644 index 0000000..a93ee4e --- /dev/null +++ b/pvc.yaml @@ -0,0 +1,11 @@ +***REMOVED*** +kind: PersistentVolumeClaim +***REMOVED*** + name: ceph-test-pvc +spec: + accessModes: + - ReadWriteOnce + storageClassName: ceph-rbd + resources: + requests: + storage: 5Gi