Merge remote-tracking branch 'refs/remotes/origin/main'

2025-03-13 11:28:08 -04:00
parent ea4c6b4cd9 339f9af7ea
commit e90e9bb0be
20 changed files with 366 additions and 6 deletions
--- a/attic/cert-dubyatp-xyz.yaml
+++ b/attic/cert-dubyatp-xyz.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cert-dubyatp-xyz
+  annotations:
+    replicator.v1.mittwald.de/replicate-from: "cert-manager/cert-dubyatp-xyz"
+    replicator.v1.mittwald.de/replicated-keys: "tls.crt,tls.key"
+data:
+  tls.crt: ""
+  tls.key: ""
--- a/attic/deployment.yaml
+++ b/attic/deployment.yaml
@@ -0,0 +1,30 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: attic
+spec:
+  selector:
+    matchLabels:
+      app: attic
+  template:
+    metadata:
+      labels:
+        app: attic
+    spec:
+      containers:
+      - name: attic
+        image: ghcr.io/zhaofengli/attic:ff8a897d1f4408ebbf4d45fa9049c06b3e1e3f4e
+        envFrom:
+        - secretRef:
+            name: attic-secret
+        volumeMounts:
+        - name: attic-pvc
+          mountPath: /var/empty
+        resources:
+          limits:
+            memory: "256Mi"
+            cpu: "500m"
+      volumes:
+      - name: attic-pvc
+        persistentVolumeClaim:
+          claimName: attic-pvc
--- a/attic/ingress.yaml
+++ b/attic/ingress.yaml
@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: attic
+  labels:
+    name: attic
+  annotations:
+    traefik.ingress.kubernetes.io/router.middlewares: cloudflarewarp@file
+spec:
+  rules:
+  - host: nix-cache.dubyatp.xyz
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: attic-svc
+            port: 
+              number: 8080
+  tls:
+  - hosts:
+    - nix-cache.dubyatp.xyz
+    secretName: cert-dubyatp-xyz
--- a/attic/pvc.yaml
+++ b/attic/pvc.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: attic-pvc
+spec:
+  storageClassName: weyma-shared
+  resources:
+    requests:
+      storage: 20Gi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteMany
--- a/attic/secret.yaml
+++ b/attic/secret.yaml
@@ -0,0 +1,17 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: attic-secret
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: weyma-vault
+    kind: ClusterSecretStore
+  target:
+    name: attic-secret
+    creationPolicy: Owner
+  data:
+    - secretKey: ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64
+      remoteRef:
+        key: attic
+        property: ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64
--- a/attic/service.yaml
+++ b/attic/service.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: attic-svc
+spec:
+  type: ClusterIP
+  selector:
+    app: attic
+  ports:
+  - port: 8080
+    targetPort: 8080
--- a/emby/cert-dubyatp-xyz.yaml
+++ b/emby/cert-dubyatp-xyz.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cert-dubyatp-xyz
+  annotations:
+    replicator.v1.mittwald.de/replicate-from: "cert-manager/cert-dubyatp-xyz"
+    replicator.v1.mittwald.de/replicated-keys: "tls.crt,tls.key"
+data:
+  tls.crt: ""
+  tls.key: ""
--- a/emby/deployment.yaml
+++ b/emby/deployment.yaml
@@ -0,0 +1,68 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: emby
+spec:
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: emby
+  template:
+    metadata:
+      annotations:
+        backup.velero.io/backup-volumes: emby-config
+      labels:
+        app: emby
+    spec:
+      volumes:
+        - name: tv-shows
+          nfs:
+            server: 10.105.15.20
+            path: /mnt/hdd-pool/tv-shows
+        - name: movies
+          nfs:
+            server: 10.105.15.20
+            path: /mnt/hdd-pool/movies
+        - name: emby-config
+          persistentVolumeClaim:
+            claimName: emby-config
+        - name: dev-dri
+          hostPath:
+            path: /dev/dri
+      containers:
+      - name: emby
+        image: emby/embyserver:4.9.0.41
+        volumeMounts:
+          - name: tv-shows
+            mountPath: /mnt/tv-shows
+          - name: movies
+            mountPath: /mnt/movies
+          - name: emby-config
+            mountPath: /config
+          - name: dev-dri
+            mountPath: /dev/dri
+        env:
+        - name: UID
+          value: "1000"
+        - name: GID
+          value: "1000"
+        - name: GIDLIST
+          value: "100"
+        livenessProbe:
+          httpGet:
+            path: /
+            port: http
+        securityContext:
+          privileged: true
+        resources:
+          limits:
+            memory: "4096Mi"
+            cpu: "1000m"
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: extensions.talos.dev/i915
+                operator: Exists
--- a/emby/ingress.yaml
+++ b/emby/ingress.yaml
@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: emby-ingress
+  annotations:
+    traefik.ingress.kubernetes.io/router.middlewares: cloudflarewarp@file
+spec:
+  rules:
+  - host: emby.dubyatp.xyz
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: emby-http-svc
+            port: 
+              number: 8096
+  tls:
+  - hosts:
+    - emby.dubyatp.xyz
+    secretName: cert-dubyatp-xyz
--- a/emby/pvc.yaml
+++ b/emby/pvc.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: emby-config
+spec:
+  storageClassName: weyma-shared
+  resources:
+    requests:
+      storage: 10Gi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
--- a/emby/resilio-pvc.yaml
+++ b/emby/resilio-pvc.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: resilio-pvc
+spec:
+  storageClassName: weyma-shared
+  resources:
+    requests:
+      storage: 10Gi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
--- a/emby/resilio-sync.yaml
+++ b/emby/resilio-sync.yaml
@@ -0,0 +1,39 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: resilio-sync
+spec:
+  selector:
+    matchLabels:
+      app: resilio-sync
+  template:
+    metadata:
+      labels:
+        app: resilio-sync
+    spec:
+      containers:
+      - name: resilio-sync
+        image: lscr.io/linuxserver/resilio-sync:3.0.0
+        volumeMounts:
+        - name: config
+          mountPath: /config
+        - name: tv-shows
+          mountPath: /sync/tv-shows
+        - name: movies
+          mountPath: /sync/movies
+        resources:
+          limits:
+            memory: "700Mi"
+            cpu: "500m"
+      volumes:
+        - name: config
+          persistentVolumeClaim:
+            claimName: resilio-pvc
+        - name: tv-shows
+          nfs:
+            server: 10.105.15.20
+            path: /mnt/hdd-pool/tv-shows
+        - name: movies
+          nfs:
+            server: 10.105.15.20
+            path: /mnt/hdd-pool/movies
--- a/emby/svc.yaml
+++ b/emby/svc.yaml
@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: emby-http-svc
+spec:
+  type: ClusterIP
+  selector:
+    app: emby
+  ports:
+  - port: 8096
+    targetPort: 8096
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: emby-https-svc
+spec:
+  type: ClusterIP
+  selector:
+    app: emby
+  ports:
+  - port: 8920
+    targetPort: 8920
--- a/vaultwarden/cert-dubyatp-xyz.yaml
+++ b/vaultwarden/cert-dubyatp-xyz.yaml
@@ -5,6 +5,6 @@ metadata:
  annotations:
    replicator.v1.mittwald.de/replicate-from: "cert-manager/cert-dubyatp-xyz"
    replicator.v1.mittwald.de/replicated-keys: "tls.crt,tls.key"
-  data:
+data:
  tls.crt: ""
  tls.key: ""
--- a/vaultwarden/deployment.yaml
+++ b/vaultwarden/deployment.yaml
@@ -3,6 +3,8 @@ kind: Deployment
 metadata:
  name: vaultwarden
 spec:
+  strategy:
+    type: Recreate
  selector:
    matchLabels:
      app: vaultwarden
@@ -16,6 +18,12 @@ spec:
      containers:
      - name: vaultwarden
        image: vaultwarden/server:1.33.2-alpine
+        livenessProbe:
+          exec:
+            command:
+              - /healthcheck.sh
+          initialDelaySeconds: 10
+          periodSeconds: 60
        resources:
          limits:
            memory: "128Mi"
--- a/whatismyip/cert-dubyatp-xyz.yaml
+++ b/whatismyip/cert-dubyatp-xyz.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cert-dubyatp-xyz
+  annotations:
+    replicator.v1.mittwald.de/replicate-from: "cert-manager/cert-dubyatp-xyz"
+    replicator.v1.mittwald.de/replicated-keys: "tls.crt,tls.key"
+data:
+  tls.crt: ""
+  tls.key: ""
--- a/whatismyip/deployment.yaml
+++ b/whatismyip/deployment.yaml
@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: whatismyip
+spec:
+  selector:
+    matchLabels:
+      app: whatismyip
+  template:
+    metadata:
+      labels:
+        app: whatismyip
+    spec:
+      containers:
+      - name: whatismyip
+        image: ghcr.io/eugenmayer/whatsmyip:0.0.1
+        resources:
+          limits:
+            memory: "128Mi"
+            cpu: "500m"
--- a/whatismyip/ingress.yaml
+++ b/whatismyip/ingress.yaml
@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: whatismyip-ingress
+  annotations:
+    traefik.ingress.kubernetes.io/router.middlewares: cloudflarewarp@file
+spec:
+  rules:
+  - host: whatismyip.dubyatp.xyz
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: whatismyip-svc
+            port: 
+              number: 8080
+  tls:
+  - hosts:
+    - whatismyip.dubyatp.xyz
+    secretName: cert-dubyatp-xyz
--- a/whatismyip/svc.yaml
+++ b/whatismyip/svc.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: whatismyip-svc
+spec:
+  selector:
+    app: whatismyip
+  ports:
+  - port: 8080
+    targetPort: 8080