diff --git a/attic/cert-dubyatp-xyz.yaml b/attic/cert-dubyatp-xyz.yaml new file mode 100644 index 0000000..5bf57b8 --- /dev/null +++ b/attic/cert-dubyatp-xyz.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cert-dubyatp-xyz + annotations: + replicator.v1.mittwald.de/replicate-from: "cert-manager/cert-dubyatp-xyz" + replicator.v1.mittwald.de/replicated-keys: "tls.crt,tls.key" +data: + tls.crt: "" + tls.key: "" \ No newline at end of file diff --git a/attic/deployment.yaml b/attic/deployment.yaml new file mode 100644 index 0000000..38d3dfe --- /dev/null +++ b/attic/deployment.yaml @@ -0,0 +1,30 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: attic +spec: + selector: + matchLabels: + app: attic + template: + metadata: + labels: + app: attic + spec: + containers: + - name: attic + image: ghcr.io/zhaofengli/attic:ff8a897d1f4408ebbf4d45fa9049c06b3e1e3f4e + envFrom: + - secretRef: + name: attic-secret + volumeMounts: + - name: attic-pvc + mountPath: /var/empty + resources: + limits: + memory: "256Mi" + cpu: "500m" + volumes: + - name: attic-pvc + persistentVolumeClaim: + claimName: attic-pvc \ No newline at end of file diff --git a/attic/ingress.yaml b/attic/ingress.yaml new file mode 100644 index 0000000..b209b39 --- /dev/null +++ b/attic/ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: attic + labels: + name: attic + annotations: + traefik.ingress.kubernetes.io/router.middlewares: cloudflarewarp@file +spec: + rules: + - host: nix-cache.dubyatp.xyz + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: attic-svc + port: + number: 8080 + tls: + - hosts: + - nix-cache.dubyatp.xyz + secretName: cert-dubyatp-xyz \ No newline at end of file diff --git a/attic/pvc.yaml b/attic/pvc.yaml new file mode 100644 index 0000000..e0cef5c --- /dev/null +++ b/attic/pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: attic-pvc +spec: + storageClassName: weyma-shared + resources: + requests: + storage: 20Gi + volumeMode: Filesystem + accessModes: + - ReadWriteMany diff --git a/attic/secret.yaml b/attic/secret.yaml new file mode 100644 index 0000000..2364167 --- /dev/null +++ b/attic/secret.yaml @@ -0,0 +1,17 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: attic-secret +spec: + refreshInterval: 1h + secretStoreRef: + name: weyma-vault + kind: ClusterSecretStore + target: + name: attic-secret + creationPolicy: Owner + data: + - secretKey: ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64 + remoteRef: + key: attic + property: ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64 \ No newline at end of file diff --git a/attic/service.yaml b/attic/service.yaml new file mode 100644 index 0000000..936945e --- /dev/null +++ b/attic/service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: attic-svc +spec: + type: ClusterIP + selector: + app: attic + ports: + - port: 8080 + targetPort: 8080 diff --git a/authentik/values.yaml b/authentik/values.yaml index c1a3dc5..9e5a513 100644 --- a/authentik/values.yaml +++ b/authentik/values.yaml @@ -114,9 +114,9 @@ authentik: annotations: replicator.v1.mittwald.de/replicate-from: "cert-manager/cert-dubyatp-xyz" replicator.v1.mittwald.de/replicated-keys: "tls.crt,tls.key" - data: - tls.crt: "" - tls.key: "" + data: + tls.crt: "" + tls.key: "" - apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: diff --git a/emby/cert-dubyatp-xyz.yaml b/emby/cert-dubyatp-xyz.yaml new file mode 100644 index 0000000..5bf57b8 --- /dev/null +++ b/emby/cert-dubyatp-xyz.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cert-dubyatp-xyz + annotations: + replicator.v1.mittwald.de/replicate-from: "cert-manager/cert-dubyatp-xyz" + replicator.v1.mittwald.de/replicated-keys: "tls.crt,tls.key" +data: + tls.crt: "" + tls.key: "" \ No newline at end of file diff --git a/emby/deployment.yaml b/emby/deployment.yaml new file mode 100644 index 0000000..c0680f8 --- /dev/null +++ b/emby/deployment.yaml @@ -0,0 +1,68 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: emby +spec: + strategy: + type: Recreate + selector: + matchLabels: + app: emby + template: + metadata: + annotations: + backup.velero.io/backup-volumes: emby-config + labels: + app: emby + spec: + volumes: + - name: tv-shows + nfs: + server: 10.105.15.20 + path: /mnt/hdd-pool/tv-shows + - name: movies + nfs: + server: 10.105.15.20 + path: /mnt/hdd-pool/movies + - name: emby-config + persistentVolumeClaim: + claimName: emby-config + - name: dev-dri + hostPath: + path: /dev/dri + containers: + - name: emby + image: emby/embyserver:4.9.0.41 + volumeMounts: + - name: tv-shows + mountPath: /mnt/tv-shows + - name: movies + mountPath: /mnt/movies + - name: emby-config + mountPath: /config + - name: dev-dri + mountPath: /dev/dri + env: + - name: UID + value: "1000" + - name: GID + value: "1000" + - name: GIDLIST + value: "100" + livenessProbe: + httpGet: + path: / + port: http + securityContext: + privileged: true + resources: + limits: + memory: "4096Mi" + cpu: "1000m" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: extensions.talos.dev/i915 + operator: Exists \ No newline at end of file diff --git a/emby/ingress.yaml b/emby/ingress.yaml new file mode 100644 index 0000000..4b1821d --- /dev/null +++ b/emby/ingress.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: emby-ingress + annotations: + traefik.ingress.kubernetes.io/router.middlewares: cloudflarewarp@file +spec: + rules: + - host: emby.dubyatp.xyz + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: emby-http-svc + port: + number: 8096 + tls: + - hosts: + - emby.dubyatp.xyz + secretName: cert-dubyatp-xyz \ No newline at end of file diff --git a/emby/pvc.yaml b/emby/pvc.yaml new file mode 100644 index 0000000..35318b4 --- /dev/null +++ b/emby/pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: emby-config +spec: + storageClassName: weyma-shared + resources: + requests: + storage: 10Gi + volumeMode: Filesystem + accessModes: + - ReadWriteOnce \ No newline at end of file diff --git a/emby/resilio-pvc.yaml b/emby/resilio-pvc.yaml new file mode 100644 index 0000000..8dca22d --- /dev/null +++ b/emby/resilio-pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: resilio-pvc +spec: + storageClassName: weyma-shared + resources: + requests: + storage: 10Gi + volumeMode: Filesystem + accessModes: + - ReadWriteOnce diff --git a/emby/resilio-sync.yaml b/emby/resilio-sync.yaml new file mode 100644 index 0000000..dd5afdf --- /dev/null +++ b/emby/resilio-sync.yaml @@ -0,0 +1,39 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: resilio-sync +spec: + selector: + matchLabels: + app: resilio-sync + template: + metadata: + labels: + app: resilio-sync + spec: + containers: + - name: resilio-sync + image: lscr.io/linuxserver/resilio-sync:3.0.0 + volumeMounts: + - name: config + mountPath: /config + - name: tv-shows + mountPath: /sync/tv-shows + - name: movies + mountPath: /sync/movies + resources: + limits: + memory: "700Mi" + cpu: "500m" + volumes: + - name: config + persistentVolumeClaim: + claimName: resilio-pvc + - name: tv-shows + nfs: + server: 10.105.15.20 + path: /mnt/hdd-pool/tv-shows + - name: movies + nfs: + server: 10.105.15.20 + path: /mnt/hdd-pool/movies \ No newline at end of file diff --git a/emby/svc.yaml b/emby/svc.yaml new file mode 100644 index 0000000..c29bb39 --- /dev/null +++ b/emby/svc.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: emby-http-svc +spec: + type: ClusterIP + selector: + app: emby + ports: + - port: 8096 + targetPort: 8096 +--- +apiVersion: v1 +kind: Service +metadata: + name: emby-https-svc +spec: + type: ClusterIP + selector: + app: emby + ports: + - port: 8920 + targetPort: 8920 \ No newline at end of file diff --git a/vaultwarden/cert-dubyatp-xyz.yaml b/vaultwarden/cert-dubyatp-xyz.yaml index dc95814..5bf57b8 100644 --- a/vaultwarden/cert-dubyatp-xyz.yaml +++ b/vaultwarden/cert-dubyatp-xyz.yaml @@ -5,6 +5,6 @@ metadata: annotations: replicator.v1.mittwald.de/replicate-from: "cert-manager/cert-dubyatp-xyz" replicator.v1.mittwald.de/replicated-keys: "tls.crt,tls.key" - data: - tls.crt: "" - tls.key: "" \ No newline at end of file +data: + tls.crt: "" + tls.key: "" \ No newline at end of file diff --git a/vaultwarden/deployment.yaml b/vaultwarden/deployment.yaml index 16d63ac..21933d6 100644 --- a/vaultwarden/deployment.yaml +++ b/vaultwarden/deployment.yaml @@ -3,6 +3,8 @@ kind: Deployment metadata: name: vaultwarden spec: + strategy: + type: Recreate selector: matchLabels: app: vaultwarden @@ -16,6 +18,12 @@ spec: containers: - name: vaultwarden image: vaultwarden/server:1.33.2-alpine + livenessProbe: + exec: + command: + - /healthcheck.sh + initialDelaySeconds: 10 + periodSeconds: 60 resources: limits: memory: "128Mi" diff --git a/whatismyip/cert-dubyatp-xyz.yaml b/whatismyip/cert-dubyatp-xyz.yaml new file mode 100644 index 0000000..5bf57b8 --- /dev/null +++ b/whatismyip/cert-dubyatp-xyz.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cert-dubyatp-xyz + annotations: + replicator.v1.mittwald.de/replicate-from: "cert-manager/cert-dubyatp-xyz" + replicator.v1.mittwald.de/replicated-keys: "tls.crt,tls.key" +data: + tls.crt: "" + tls.key: "" \ No newline at end of file diff --git a/whatismyip/deployment.yaml b/whatismyip/deployment.yaml new file mode 100644 index 0000000..07d89d9 --- /dev/null +++ b/whatismyip/deployment.yaml @@ -0,0 +1,20 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: whatismyip +spec: + selector: + matchLabels: + app: whatismyip + template: + metadata: + labels: + app: whatismyip + spec: + containers: + - name: whatismyip + image: ghcr.io/eugenmayer/whatsmyip:0.0.1 + resources: + limits: + memory: "128Mi" + cpu: "500m" diff --git a/whatismyip/ingress.yaml b/whatismyip/ingress.yaml new file mode 100644 index 0000000..47983db --- /dev/null +++ b/whatismyip/ingress.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: whatismyip-ingress + annotations: + traefik.ingress.kubernetes.io/router.middlewares: cloudflarewarp@file +spec: + rules: + - host: whatismyip.dubyatp.xyz + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: whatismyip-svc + port: + number: 8080 + tls: + - hosts: + - whatismyip.dubyatp.xyz + secretName: cert-dubyatp-xyz \ No newline at end of file diff --git a/whatismyip/svc.yaml b/whatismyip/svc.yaml new file mode 100644 index 0000000..2cb3a4c --- /dev/null +++ b/whatismyip/svc.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Service +metadata: + name: whatismyip-svc +spec: + selector: + app: whatismyip + ports: + - port: 8080 + targetPort: 8080