yt-dlp-bot: deploy update to 1ef217f

Reviewed-on: #61

arr-stack/flaresolverr/deployment.yaml

@@ -0,0 +1,24 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: flaresolverr
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: flaresolverr
+  template:
+    metadata:
+      labels:
+        app: flaresolverr
+    spec:
+      containers:
+      - name: flaresolverr
+        image: ghcr.io/flaresolverr/flaresolverr:v3.4.1
+        resources:
+          limits:
+            memory: "4Gi"
+            cpu: "1"
+          requests:
+            memory: "2Gi"
+            cpu: "0.5"

arr-stack/flaresolverr/svc.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: flaresolverr
+spec:
+  selector:
+    app: flaresolverr
+  ports:
+  - port: 8191
+    targetPort: 8191

arr-stack/prowlarr/deployment.yaml

@@ -0,0 +1,33 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: prowlarr
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: prowlarr
+  template:
+    metadata:
+      labels:
+        app: prowlarr
+      annotations:
+        backup.velero.io/backup-volumes: config
+    spec:
+      containers:
+      - name: prowlarr
+        image: linuxserver/prowlarr:version-2.0.5.5160
+        volumeMounts:
+          - name: config
+            mountPath: /config
+        resources:
+          limits:
+            memory: "1Gi"
+            cpu: "1"
+          requests:
+            memory: "512Mi"
+            cpu: "0.5"
+      volumes:
+        - name: config
+          persistentVolumeClaim:
+            claimName: prowlarr-config

arr-stack/prowlarr/pvc.yaml

@@ -1,12 +1,11 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: emby-config
+  name: prowlarr-config
 spec:
-  storageClassName: weyma-shared
   resources:
     requests:
       storage: 10Gi
   volumeMode: Filesystem
   accessModes:
-    - ReadWriteOnce
+    - ReadWriteMany

arr-stack/prowlarr/svc.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: prowlarr
+spec:
+  selector:
+    app: prowlarr
+  ports:
+  - port: 9696
+    targetPort: 9696

arr-stack/radarr/deployment.yaml

@@ -0,0 +1,45 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: radarr
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: radarr
+  template:
+    metadata:
+      labels:
+        app: radarr
+      annotations:
+        backup.velero.io/backup-volumes: config
+    spec:
+      containers:
+      - name: radarr
+        image: linuxserver/radarr:version-5.27.5.10198
+        volumeMounts:
+          - name: config
+            mountPath: /config
+          - name: downloads
+            mountPath: /mnt/Downloads
+          - name: movies
+            mountPath: /mnt/movies
+        resources:
+          limits:
+            memory: "1Gi"
+            cpu: "1"
+          requests:
+            memory: "512Mi"
+            cpu: "0.5"
+      volumes:
+        - name: config
+          persistentVolumeClaim:
+            claimName: radarr-config
+        - name: movies
+          nfs:
+            server: 10.105.15.20
+            path: /mnt/hdd-pool/movies
+        - name: downloads
+          nfs:
+            server: 10.105.15.20
+            path: /mnt/hdd-pool/syncthing-downloads

arr-stack/radarr/pvc.yaml

@@ -1,12 +1,11 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: resilio-pvc
+  name: radarr-config
 spec:
-  storageClassName: weyma-shared
   resources:
     requests:
       storage: 10Gi
   volumeMode: Filesystem
   accessModes:
-    - ReadWriteOnce
+    - ReadWriteMany

arr-stack/radarr/svc.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: radarr
+spec:
+  selector:
+    app: radarr
+  ports:
+  - port: 7878
+    targetPort: 7878

arr-stack/sonarr/deployment.yaml

@@ -0,0 +1,45 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: sonarr
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: sonarr
+  template:
+    metadata:
+      labels:
+        app: sonarr
+      annotations:
+        backup.velero.io/backup-volumes: config
+    spec:
+      containers:
+      - name: sonarr
+        image: linuxserver/sonarr:4.0.15
+        volumeMounts:
+          - name: config
+            mountPath: /config
+          - name: downloads
+            mountPath: /mnt/Downloads
+          - name: tv-shows
+            mountPath: /mnt/tv-shows
+        resources:
+          limits:
+            memory: "1Gi"
+            cpu: "1"
+          requests:
+            memory: "512Mi"
+            cpu: "0.5"
+      volumes:
+        - name: config
+          persistentVolumeClaim:
+            claimName: sonarr-config
+        - name: tv-shows
+          nfs:
+            server: 10.105.15.20
+            path: /mnt/hdd-pool/tv-shows
+        - name: downloads
+          nfs:
+            server: 10.105.15.20
+            path: /mnt/hdd-pool/syncthing-downloads

arr-stack/sonarr/pvc.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: sonarr-config
+spec:
+  resources:
+    requests:
+      storage: 10Gi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteMany

arr-stack/sonarr/svc.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: sonarr
+spec:
+  selector:
+    app: sonarr
+  ports:
+  - port: 8989
+    targetPort: 8989

arr-stack/tunnel/deployment.yaml

@@ -0,0 +1,33 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: deluge-tunnel
+spec:
+  selector:
+    matchLabels:
+      app: deluge-tunnel
+  template:
+    metadata:
+      labels:
+        app: deluge-tunnel
+    spec:
+      containers:
+      - name: deluge-tunnel
+        image: kroniak/ssh-client:3.21
+        command: ["/bin/sh", "-c", "ssh -o StrictHostKeyChecking=no weyma-talos@45.152.211.243 -p 2222 -L 0.0.0.0:58846:127.0.0.1:58846 -L 0.0.0.0:8112:127.0.0.1:8112 -N"]
+        volumeMounts:
+          - name: ssh-keys
+            mountPath: /root/.ssh
+        resources:
+          limits:
+            memory: "512Mi"
+            cpu: "500m"
+          requests:
+            memory: "128Mi"
+            cpu: "200m"
+      volumes:
+        - name: ssh-keys
+          secret:
+            defaultMode: 0400
+            secretName: ssh-keys
+

arr-stack/tunnel/ssh-keys.yaml

@@ -0,0 +1,28 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: ssh-keys
+spec:
+  data:
+  - remoteRef:
+      conversionStrategy: Default
+      decodingStrategy: None
+      key: deluge-ssh
+      metadataPolicy: None
+      property: private
+    secretKey: id_ed25519
+  - remoteRef:
+      conversionStrategy: Default
+      decodingStrategy: None
+      key: deluge-ssh
+      metadataPolicy: None
+      property: public
+    secretKey: id_ed25519.pub
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: weyma-vault
+  target:
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    name: ssh-keys

arr-stack/tunnel/svc.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: deluge
+spec:
+  selector:
+    app: deluge-tunnel
+  ports:
+  - port: 58846
+    targetPort: 58846
+    name: deluge
+  - port: 8112
+    targetPort: 8112
+    name: web

authentik/Chart.yaml

@@ -24,5 +24,5 @@ appVersion: "1.0"
 
 dependencies:
 - name: authentik
-  version: 2025.8.1
+  version: 2025.10.2
   repository: https://charts.goauthentik.io

authentik/values.yaml

@@ -25,25 +25,6 @@ authentik:
       - name: cert-dubyatp-xyz
         secret:
           secretName: cert-dubyatp-xyz
-  redis:
-    enabled: true
-    architecture: standalone
-    auth:
-      enabled: false
-    master:
-      resourcesPreset: "none"
-      podAnnotations:
-        backup.velero.io/backup-volumes: redis-data
-    replica:
-      resourcesPreset: "none"
-    sentinel:
-      resourcesPreset: "none"
-    metrics:
-      resourcesPreset: "none"
-    volumePermissions:
-      resourcesPreset: "none"
-    sysctl:
-      resourcesPreset: "none"
   global:
     env:
       - name: AUTHENTIK_SECRET_KEY
@@ -52,7 +33,7 @@ authentik:
             name: authentik-credentials
             key: authentik-secret-key
       - name: AUTHENTIK_POSTGRESQL__HOST
-        value: weyma-pgsql-rw.cloudnativepg.svc.cluster.local
+        value: pooler-weyma-rw.cloudnativepg.svc.cluster.local
       - name: AUTHENTIK_POSTGRESQL__NAME
         value: authentik
       - name: AUTHENTIK_POSTGRESQL__USER
@@ -62,6 +43,21 @@ authentik:
           secretKeyRef:
             name: authentik-db-auth
             key: password
+      - name: AUTHENTIK_EMAIL__FROM
+        value: authentik_dubyatp@em924671.dubyatp.xyz
+      - name: AUTHENTIK_EMAIL__HOST
+        value: mail.smtp2go.com
+      - name: AUTHENTIK_EMAIL__USE_TLS
+        value: "true"
+      - name: AUTHENTIK_EMAIL__USERNAME
+        value: authentik_dubyatp
+      - name: AUTHENTIK_EMAIL__PASSWORD
+        valueFrom:
+          secretKeyRef:
+            name: authentik-credentials
+            key: smtp-password
+      - name: AUTHENTIK_EMAIL__TIMEOUT
+        value: "30"
   additionalObjects:
     - apiVersion: networking.k8s.io/v1
       kind: Ingress
@@ -125,6 +121,10 @@ authentik:
             remoteRef:
               key: authentik
               property: user-password
+          - secretKey: smtp-password
+            remoteRef:
+              key: authentik
+              property: smtp-password
     - apiVersion: external-secrets.io/v1
       kind: ExternalSecret
       metadata:

dispatcharr/deployment.yaml

@@ -0,0 +1,61 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dispatcharr
+spec:
+  selector:
+    matchLabels:
+      app: dispatcharr
+  template:
+    metadata:
+      labels:
+        app: dispatcharr
+      annotations:
+        backup.velero.io/backup-volumes: data
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: extensions.talos.dev/i915
+                operator: Exists
+      nodeSelector:
+        kubernetes.io/hostname: weyma-talos-testw04
+      containers:
+      - name: dispatcharr
+        image: ghcr.io/dispatcharr/dispatcharr:0.8.0-amd64
+        env:
+          - name: DISPATCHARR_ENV
+            value: aio
+          - name: REDIS_HOST
+            value: localhost
+          - name: CELERY_BROKER_URL
+            value: redis://localhost:6379/0
+          - name: DISPATCHARR_LOG_LEVEL
+            value: info
+          - name: UWSGI_NICE_LEVEL
+            value: "-5"
+          - name: CELERY_NICE_LEVEL
+            value: "-5"
+        volumeMounts:
+          - name: dispatcharr-data
+            mountPath: /data
+          - name: dev-dri
+            mountPath: /dev/dri
+        resources:
+          limits:
+            memory: "3Gi"
+            cpu: "1"
+          requests:
+            memory: "256Mi"
+            cpu: "500m"
+        securityContext:
+          privileged: true
+      volumes:
+        - name: dispatcharr-data
+          persistentVolumeClaim:
+            claimName: dispatcharr
+        - name: dev-dri
+          hostPath:
+            path: /dev/dri

dispatcharr/ingress.yaml

@@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: dispatcharr
+  labels:
+    app.kubernetes.io/name: dispatcharr
+spec:
+  rules:
+  - host: dispatcharr.dubyatp.xyz
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: dispatcharr-svc
+            port: 
+              number: 9191

dispatcharr/pvc.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: dispatcharr
+spec:
+  resources:
+    requests:
+      storage: 20Gi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteMany

dispatcharr/svc.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: dispatcharr-svc
+spec:
+  selector:
+    app: dispatcharr
+  ports:
+  - port: 9191
+    targetPort: 9191

emby/cert-dubyatp-xyz.yaml

@@ -1,10 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: cert-dubyatp-xyz
-  annotations:
-    replicator.v1.mittwald.de/replicate-from: "cert-manager/cert-dubyatp-xyz"
-    replicator.v1.mittwald.de/replicated-keys: "tls.crt,tls.key"
-data:
-  tls.crt: ""
-  tls.key: ""

emby/deployment.yaml

@@ -1,79 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: emby
-spec:
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: emby
-  template:
-    metadata:
-      annotations:
-        backup.velero.io/backup-volumes: emby-config
-      labels:
-        app: emby
-    spec:
-      volumes:
-        - name: tv-shows
-          nfs:
-            server: 10.105.15.20
-            path: /mnt/hdd-pool/tv-shows
-        - name: movies
-          nfs:
-            server: 10.105.15.20
-            path: /mnt/hdd-pool/movies
-        - name: emby-config
-          persistentVolumeClaim:
-            claimName: emby-config
-        - name: transcode-temp
-          emptyDir:
-            sizeLimit: 8Gi
-            medium: Memory
-        - name: dev-dri
-          hostPath:
-            path: /dev/dri
-      containers:
-      - name: emby
-        image: emby/embyserver:4.8.11.0
-        volumeMounts:
-          - name: tv-shows
-            mountPath: /mnt/tv-shows
-          - name: movies
-            mountPath: /mnt/movies
-          - name: emby-config
-            mountPath: /config
-          - name: transcode-temp
-            mountPath: /tmp/transcode
-          - name: dev-dri
-            mountPath: /dev/dri
-        env:
-        - name: UID
-          value: "1000"
-        - name: GID
-          value: "1000"
-        - name: GIDLIST
-          value: "100"
-        livenessProbe:
-          httpGet:
-            path: /
-            port: http
-        securityContext:
-          privileged: true
-        resources:
-          limits:
-            memory: 8Gi
-            cpu: '1'
-          requests:
-            memory: 4Gi
-            cpu: "500m"
-      nodeSelector:
-        kubernetes.io/hostname: weyma-talos-testw04
-      affinity:
-        nodeAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            nodeSelectorTerms:
-            - matchExpressions:
-              - key: extensions.talos.dev/i915
-                operator: Exists

emby/ingress.yaml

@@ -1,22 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: emby-ingress
-  annotations:
-    traefik.ingress.kubernetes.io/router.middlewares: cloudflarewarp@file
-spec:
-  rules:
-  - host: emby.dubyatp.xyz
-    http:
-      paths:
-      - pathType: Prefix
-        path: "/"
-        backend:
-          service:
-            name: emby-http-svc
-            port: 
-              number: 8096
-  tls:
-  - hosts:
-    - emby.dubyatp.xyz
-    secretName: cert-dubyatp-xyz

emby/resilio-sync.yaml

@@ -1,39 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: resilio-sync
-spec:
-  selector:
-    matchLabels:
-      app: resilio-sync
-  template:
-    metadata:
-      labels:
-        app: resilio-sync
-    spec:
-      containers:
-      - name: resilio-sync
-        image: lscr.io/linuxserver/resilio-sync:3.0.0
-        volumeMounts:
-        - name: config
-          mountPath: /config
-        - name: tv-shows
-          mountPath: /sync/tv-shows
-        - name: movies
-          mountPath: /sync/movies
-        resources:
-          limits:
-            memory: "700Mi"
-            cpu: "500m"
-      volumes:
-        - name: config
-          persistentVolumeClaim:
-            claimName: resilio-pvc
-        - name: tv-shows
-          nfs:
-            server: 10.105.15.20
-            path: /mnt/hdd-pool/tv-shows
-        - name: movies
-          nfs:
-            server: 10.105.15.20
-            path: /mnt/hdd-pool/movies

emby/svc.yaml

@@ -1,23 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: emby-http-svc
-spec:
-  type: ClusterIP
-  selector:
-    app: emby
-  ports:
-  - port: 8096
-    targetPort: 8096
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: emby-https-svc
-spec:
-  type: ClusterIP
-  selector:
-    app: emby
-  ports:
-  - port: 8920
-    targetPort: 8920

gitea/Chart.yaml

@@ -24,5 +24,5 @@ appVersion: "1.0"
 
 dependencies:
 - name: gitea
-  version: 12.2.0
+  version: 12.4.0
   repository: https://dl.gitea.com/charts/

gitea/values.yaml

@@ -56,19 +56,9 @@ gitea:
     config:
       database:
         DB_TYPE: postgres
-        HOST: weyma-pgsql-rw.cloudnativepg.svc.cluster.local
+        HOST: pooler-weyma-rw.cloudnativepg.svc.cluster.local
         NAME: gitea
         USER: gitea
-      queue:
-        TYPE: redis
-        CONN_STR: redis+cluster://:@gitea-kv-headless.gitea.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
-      session:
-        PROVIDER: redis
-        PROVIDER_CONFIG: redis+cluster://:@gitea-kv-headless.gitea.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
-      cache:
-        ENABLED: 'true'
-        ADAPTER: redis
-        HOST: redis+cluster://:@gitea-kv-headless.gitea.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
       server:
         DISABLE_SSH: false
         DOMAIN: git.dubyatp.xyz
@@ -92,21 +82,11 @@ gitea:
         USER: gitea_dubyatp
       security:
         INSTALL_LOCK: true
+    metrics:
+      enabled: true
+      serviceMonitor:
+        enabled: true
   extraDeploy:
-    - apiVersion: hyperspike.io/v1
-      kind: Valkey
-      metadata:
-        name: gitea-kv
-      spec:
-        anonymousAuth: true
-        certIssuerType: ClusterIssuer
-        clusterDomain: cluster.local
-        clusterPreferredEndpointType: ip
-        nodes: 1
-        prometheus: false
-        replicas: 3
-        tls: false
-        volumePermissions: true
     - apiVersion: traefik.io/v1alpha1
       kind: IngressRouteTCP
       metadata:
@@ -203,4 +183,6 @@ gitea:
   postgresql-ha:
     enabled: false
   valkey-cluster:
-    enabled: false
+    enabled: true
+    valkey:
+      resourcesPreset: "small"

grafana/Chart.yaml

@@ -24,5 +24,5 @@ appVersion: "1.0"
 
 dependencies:
 - name: grafana
-  version: 9.4.3
+  version: 10.2.0
   repository: https://grafana.github.io/helm-charts

grafana/values.yaml

@@ -191,6 +191,6 @@ grafana:
     image:
       registry: docker.io
       repository: bats/bats
-      tag: 1.12.0
+      tag: 1.13.0
     imagePullPolicy: IfNotPresent
   useStatefulSet: false

jellyfin/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-name: wekan
+name: jellyfin
 description: A Helm chart for Kubernetes
 
 # A chart can be either an 'application' or a 'library' chart.
@@ -23,6 +23,6 @@ version: 0.1.0
 appVersion: "1.0"
 
 dependencies:
-- name: wekan
+- name: jellyfin
-  version: 7.94.0
+  version: 2.5.0
-  repository: https://wekan.github.io/charts/
+  repository: https://jellyfin.github.io/jellyfin-helm

jellyfin/templates/metrics-block.yaml

@@ -0,0 +1,33 @@
+{{- if and (.Values.jellyfin.metrics.enabled) (.Values.jellyfin.ingress.enabled) -}}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: dummy-svc
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    app: dummy-svc
+  ports:
+    - protocol: TCP
+      port: 6767
+      targetPort: 6767
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: block-metrics
+  namespace: {{ .Release.Namespace }}
+spec:
+  rules:
+  - host: {{ (index .Values.jellyfin.ingress.hosts 0).host }}
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/metrics"
+        backend:
+          service:
+            name: dummy-svc
+            port: 
+              number: 6767
+{{- end }}

jellyfin/templates/redirect-regex.yaml

@@ -0,0 +1,26 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: emby-redirect
+spec:
+  redirectRegex:
+    regex: ^https?://emby\.dubyatp\.xyz/(.*)$
+    replacement: https://jellyfin.dubyatp.xyz/${1}
+    permanent: true
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: emby-redirect
+spec:
+  entryPoints:
+  - websecure
+  - web
+  routes:
+  - kind: Rule
+    match: Host(`emby.dubyatp.xyz`)
+    middlewares:
+        - name: emby-redirect
+    services:
+      - name: noop@internal
+        kind: TraefikService

jellyfin/templates/ssl-cert.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+data:
+  tls.crt:
+  tls.key:
+kind: Secret
+metadata:
+  annotations:
+    replicator.v1.mittwald.de/replicate-from: cert-manager/cert-dubyatp-xyz
+    replicator.v1.mittwald.de/replicated-keys: tls.crt,tls.key
+  name: cert-dubyatp-xyz
+type: Opaque

jellyfin/values.yaml

@@ -0,0 +1,73 @@
+jellyfin:
+  deploymentStrategy:
+    type: Recreate
+  ingress:
+    enabled: true
+    hosts:
+      - host: jellyfin.dubyatp.xyz
+        paths:
+          - path: /
+            pathType: ImplementationSpecific
+    tls:
+      - secretName: cert-dubyatp.xyz
+        hosts:
+          - jellyfin.dubyatp.xyz
+  persistence:
+    config:
+      size: 25Gi
+    media:
+      enabled: false
+  volumes:
+    - name: tv-shows
+      nfs:
+        server: 10.105.15.20
+        path: /mnt/hdd-pool/tv-shows
+    - name: movies
+      nfs:
+        server: 10.105.15.20
+        path: /mnt/hdd-pool/movies
+    - name: dvr
+      nfs:
+        server: 10.105.15.20
+        path: /mnt/hdd-pool/DVR
+    - name: youtube-vids
+      nfs:
+        server: 10.105.15.20
+        path: /mnt/hdd-pool/youtube-vids
+    - name: transcode-temp
+      emptyDir:
+        sizeLimit: 8Gi
+        medium: Memory
+    - name: dev-dri
+      hostPath:
+        path: /dev/dri
+  metrics:
+    enabled: true
+    serviceMonitor:
+      enabled: true
+  volumeMounts:
+    - name: tv-shows
+      mountPath: /mnt/tv-shows
+    - name: movies
+      mountPath: /mnt/movies
+    - name: dvr
+      mountPath: /mnt/dvr
+    - name: youtube-vids
+      mountPath: /mnt/youtube-vids
+    - name: transcode-temp
+      mountPath: /tmp/transcode
+    - name: dev-dri
+      mountPath: /dev/dri
+  podAnnotations:
+    backup.velero.io/backup-volumes: config
+  securityContext:
+    privileged: true
+  nodeSelector:
+    kubernetes.io/hostname: weyma-talos-testw04
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+          - matchExpressions:
+            - key: extensions.talos.dev/i915
+              operator: Exists

netmaker/config.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: netmaker-config 
+data:
+  SERVER_NAME: netmaker.infra.dubyatp.xyz
+  SERVER_API_CONN_STRING: api.netmaker.infra.dubyatp.xyz:443
+  SERVER_HTTP_HOST: api.netmaker.infra.dubyatp.xyz
+  API_PORT: "8081"
+  WG_QUICK_USERSPACE_IMPLEMENTATION: wireguard-go
+  DNS_MODE: "off"
+  DISPLAY_KEYS: "on"
+  DATABASE: postgres
+  SQL_HOST: "pooler-weyma-rw.cloudnativepg.svc.cluster.local"
+  SQL_PORT: "5432"
+  SQL_DB: "netmaker"
+  SQL_USER: "netmaker"
+  MQ_USERNAME: netmaker
+  CORS_ALLOWED_ORIGIN: '*'
+  SERVER_BROKER_ENDPOINT: "ws://mq:1883"
+  BROKER_ENDPOINT: "wss://broker.netmaker.infra.dubyatp.xyz"
+  PLATFORM: "Kubernetes"
+  VERBOSITY: "3"
+  K8s: "true"
+  CACHING_ENABLED: "false"

netmaker/ingress.yaml

@@ -0,0 +1,16 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: netmaker-api-ingress
+spec:
+  rules:
+  - host: api.netmaker.infra.dubyatp.xyz
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: netmaker-rest
+            port: 
+              number: 8081

netmaker/mosquitto/certs-pvc.yaml

@@ -0,0 +1,11 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: shared-certs-pvc
+spec:
+  storageClassName: weyma-shared
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 100Mi

netmaker/mosquitto/config.yaml

@@ -0,0 +1,38 @@
+apiVersion: v1
+data:
+  mosquitto.conf: |
+    per_listener_settings false
+    listener 8883
+    protocol websockets
+    allow_anonymous false
+    listener 1883
+    protocol websockets
+    allow_anonymous false
+    password_file /mosquitto/temp/password.txt
+  wait.sh: |
+    #!/bin/ash
+
+    encrypt_password() {
+      echo "${MQ_USERNAME}:${MQ_PASSWORD}" > /mosquitto/temp/password.txt
+      mosquitto_passwd -U /mosquitto/temp/password.txt
+      chmod 0700 /mosquitto/temp/password.txt
+    }
+
+    main(){
+
+     encrypt_password
+     echo "Starting MQ..."
+     # Run the main container command.
+     /docker-entrypoint.sh
+     /usr/sbin/mosquitto -c /mosquitto/config/mosquitto.conf
+
+    }
+
+    main "${@}"
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/instance: mosquitto
+    app.kubernetes.io/name: mosquitto
+  name: mosquitto-config
+  namespace: netmaker

netmaker/mosquitto/deployment.yaml

@@ -0,0 +1,83 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mosquitto
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: mosquitto
+      app.kubernetes.io/name: mosquitto
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/instance: mosquitto
+        app.kubernetes.io/name: mosquitto
+    spec:
+      containers:
+      - image: eclipse-mosquitto:2.0.22-openssl
+        imagePullPolicy: IfNotPresent
+        command: ["/mosquitto/config/wait.sh"]
+        livenessProbe:
+          failureThreshold: 3
+          periodSeconds: 10
+          successThreshold: 1
+          tcpSocket:
+            port: 8883
+          timeoutSeconds: 1
+        name: mosquitto
+        env:
+          - name: MQ_USERNAME
+            value: netmaker
+          - name: MQ_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                key: mq_password
+                name: netmaker-secrets
+        ports:
+        - containerPort: 1883        
+          name: mqtt
+          protocol: TCP
+        - containerPort: 8883        
+          name: mqtt2
+          protocol: TCP
+        readinessProbe:
+          failureThreshold: 3
+          periodSeconds: 10
+          successThreshold: 1
+          tcpSocket:
+            port: 8883
+          timeoutSeconds: 1
+        resources: {}
+        startupProbe:
+          failureThreshold: 30
+          periodSeconds: 5
+          successThreshold: 1
+          tcpSocket:
+            port: 8883
+          timeoutSeconds: 1
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        volumeMounts:
+        - mountPath: /mosquitto/config
+          name: mosquitto-config
+        - mountPath: /mosquitto/certs
+          name: shared-certs
+        - mountPath: /mosquitto/temp
+          name: mosquitto-temp
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - configMap:
+          name: mosquitto-config
+          defaultMode: 0755
+        name: mosquitto-config
+      - name: mosquitto-temp
+        emptyDir:
+      - name: shared-certs
+        persistentVolumeClaim:
+          claimName: shared-certs-pvc

netmaker/mosquitto/ingress.yaml

@@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: mosquitto-ingress
+  labels:
+    app.kubernetes.io/name: mosquitto-ingress
+spec:
+  rules:
+  - host: broker.netmaker.infra.dubyatp.xyz
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: mq
+            port: 
+              number: 8883

netmaker/mosquitto/svc.yaml

@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mq
+  namespace: netmaker
+spec:
+  ports:
+  - name: mqtt
+    port: 1883
+    protocol: TCP
+    targetPort: mqtt
+  - name: mqtt2
+    port: 8883
+    protocol: TCP
+    targetPort: mqtt2    
+  selector:
+    app.kubernetes.io/instance: mosquitto
+    app.kubernetes.io/name: mosquitto
+  sessionAffinity: None
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: 'netmaker-mqtt'
+spec:
+  externalTrafficPolicy: Cluster
+  type: NodePort
+  selector:
+    app.kubernetes.io/instance: mosquitto
+    app.kubernetes.io/name: mosquitto
+  ports:
+  - port: 31883
+    nodePort: 31883
+    protocol: TCP
+    targetPort: 8883
+    name: nm-mqtt

netmaker/postgres-auth.yaml

@@ -0,0 +1,21 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: postgres-pw
+spec:
+  data:
+  - remoteRef:
+      conversionStrategy: Default
+      decodingStrategy: None
+      key: cloudnativepg
+      metadataPolicy: None
+      property: netmaker_pw
+    secretKey: password
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: weyma-vault
+  target:
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    name: postgres-pw

netmaker/secrets.yaml

@@ -0,0 +1,35 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: netmaker-secrets
+spec:
+  data:
+  - remoteRef:
+      conversionStrategy: Default
+      decodingStrategy: None
+      key: netmaker
+      metadataPolicy: None
+      property: master_key
+    secretKey: master_key
+  - remoteRef:
+      conversionStrategy: Default
+      decodingStrategy: None
+      key: netmaker
+      metadataPolicy: None
+      property: mq_password
+    secretKey: mq_password
+  - remoteRef:
+      conversionStrategy: Default
+      decodingStrategy: None
+      key: netmaker
+      metadataPolicy: None
+      property: turn_password
+    secretKey: turn_password
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: weyma-vault
+  target:
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    name: netmaker-secrets

netmaker/statefulset.yaml

@@ -0,0 +1,95 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  labels:
+    app: netmaker
+  name: netmaker
+spec:
+  replicas: 3
+  serviceName: netmaker-headless
+  selector:
+    matchLabels:
+      app: netmaker
+  template:
+    metadata:
+      labels:
+        app: netmaker
+    spec:
+      initContainers:
+      - name: init-sysctl
+        image: busybox
+        imagePullPolicy: IfNotPresent
+        command: ["/bin/sh", "-c"]
+        args: ["sysctl -w net.ipv4.ip_forward=1 && sysctl -w net.ipv4.conf.all.src_valid_mark=1 && sysctl -w net.ipv6.conf.all.disable_ipv6=0 && sysctl -w net.ipv6.conf.all.forwarding=1"]
+        securityContext:
+          privileged: true
+      dnsPolicy: ClusterFirstWithHostNet
+      containers:
+      - env:
+        - name: NODE_ID
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.name
+        - name: SQL_PASS
+          valueFrom:
+            secretKeyRef:
+              key: password
+              name: postgres-pw
+        - name: MASTER_KEY
+          valueFrom:
+            secretKeyRef:
+              key: master_key
+              name: netmaker-secrets
+        - name: MQ_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              key: mq_password
+              name: netmaker-secrets
+        - name: TURN_SERVER_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              key: turn_password
+              name: netmaker-secrets
+        envFrom:
+          - configMapRef:
+              name: netmaker-config
+        image: gravitl/netmaker:v1.1.0
+        imagePullPolicy: Always
+        name: netmaker
+        ports:
+        - containerPort: 8081
+          protocol: TCP
+        - containerPort: 31821
+          protocol: UDP
+        - containerPort: 31822
+          protocol: UDP
+        - containerPort: 31823
+          protocol: UDP
+        - containerPort: 31824
+          protocol: UDP
+        - containerPort: 31825
+          protocol: UDP
+        - containerPort: 31826
+          protocol: UDP
+        - containerPort: 31827
+          protocol: UDP
+        - containerPort: 31828
+          protocol: UDP
+        - containerPort: 31829
+          protocol: UDP
+        - containerPort: 31830
+          protocol: UDP
+        resources: {}
+        securityContext:
+          capabilities:
+            add:
+            - NET_ADMIN
+            - NET_RAW
+        volumeMounts:
+        - mountPath: /etc/netmaker/
+          name: shared-certs
+      volumes:
+      - name: shared-certs
+        persistentVolumeClaim:
+          claimName: shared-certs-pvc

netmaker/svc.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: 'netmaker-rest'
+spec:
+  ports:
+  - name: rest
+    port: 8081
+    protocol: TCP
+    targetPort: 8081
+  selector:
+    app: 'netmaker'
+  sessionAffinity: None
+  type: ClusterIP

netmaker/ui/deployment.yaml

@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: netmaker-ui
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: netmaker-ui
+  template:
+    metadata:
+      labels:
+        app: netmaker-ui
+    spec:
+      containers:
+      - name: netmaker-ui
+        image: gravitl/netmaker-ui:v1.1.0
+        env:
+        - name: BACKEND_URL
+          value: 'https://api.netmaker.infra.dubyatp.xyz'
+      terminationGracePeriodSeconds: 15

netmaker/ui/ingress.yaml

@@ -0,0 +1,16 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: netmaker-ui-ingress
+spec:
+  rules:
+  - host: dashboard.netmaker.infra.dubyatp.xyz
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: netmaker-ui
+            port: 
+              number: 80

netmaker/ui/svc.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: 'netmaker-ui'
+spec:
+  ports:
+  - port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: 'netmaker-ui'
+  sessionAffinity: None
+  type: 'ClusterIP'

peertube/config.yaml

@@ -8,7 +8,7 @@ data:
   POSTGRES_USER: peertube
   POSTGRES_DB: peertube
   PEERTUBE_DB_USERNAME: peertube
-  PEERTUBE_DB_HOSTNAME: weyma-pgsql-rw.cloudnativepg.svc.cluster.local
+  PEERTUBE_DB_HOSTNAME: pooler-weyma-rw.cloudnativepg.svc.cluster.local
   PEERTUBE_DB_PORT: "5432"
   PEERTUBE_WEBSERVER_HOSTNAME: "tube.dubyatp.xyz"
   PEERTUBE_TRUST_PROXY: '["127.0.0.1", "loopback", "172.18.0.0/16"]'

renovate.json

@@ -1,3 +1,6 @@
 {
-  "$schema": "https://docs.renovatebot.com/renovate-schema.json"
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "kubernetes": {
+    "managerFilePatterns": ["deployment.yaml", "statefulset.yaml", "cron.yaml", "cronjob.yaml"]
+  }
 }

renovate/renovate-cronjob.yaml

@@ -27,6 +27,11 @@ spec:
                     secretKeyRef:
                       key: github-com-pat
                       name: renovate-github-com-token
+                - name: RENOVATE_GIT_PRIVATE_KEY
+                  valueFrom:
+                    secretKeyRef:
+                      key: ssh-key
+                      name: renovate-ssh-key
                 - name: RENOVATE_AUTODISCOVER
                   value: 'false'
                 - name: RENOVATE_BASE_DIR

renovate/renovate-ssh-key.yaml

@@ -0,0 +1,17 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: renovate-ssh-key
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: weyma-vault
+    kind: ClusterSecretStore
+  target:
+    name: renovate-ssh-key
+    creationPolicy: Owner
+  data:
+    - secretKey: ssh-key
+      remoteRef:
+        key: renovate
+        property: ssh-key

wekan/templates/_helpers.tpl

@@ -1,12 +0,0 @@
-{{- define "wekan.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}

wekan/templates/configmap.yaml

@@ -1,12 +0,0 @@
-{{ if .Values.configMapsManaged }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ template "wekan.fullname" $ }}-config
-data:
-{{- range $key := .Values.configMapEnv -}}
-{{ if $key.value }}
-{{ $key.name | indent 2 }}: {{ $key.value | toString | quote }}
-{{- end }}
-{{- end }}
-{{ end }}

wekan/templates/externalsecret.yaml

@@ -1,31 +0,0 @@
-{{- if .Values.externalSecretsManaged }}
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: {{ include "wekan.fullname" . }}-extsecret
-spec:
-  data:
-  {{- if .Values.externalSecrets.secrets }}
-  {{- range $key := .Values.externalSecrets.secrets }}
-  {{- if $key.keyName }}
-    - secretKey: {{ $key.secretKeyName }}
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: {{ $key.keyName }}
-        metadataPolicy: None
-        property: {{ $key.property }}
-  {{- end }}
-  {{- end }}
-  {{- else }}
-  {{- fail "externalSecrets.secrets must be defined when externalSecretsManaged is true" }}
-  {{- end }}
-  refreshInterval: 1h
-  secretStoreRef:
-    kind: {{ .Values.externalSecrets.secretStore.kind }}
-    name: {{ .Values.externalSecrets.secretStore.name }}
-  target:
-    creationPolicy: Owner
-    deletionPolicy: Retain
-    name: {{ .Values.externalSecrets.targetSecretName }}
-{{- end }}

wekan/values.yaml

@@ -1,63 +0,0 @@
-externalSecretsManaged: true
-externalSecrets:
-  targetSecretName: wekan-secrets
-  secrets:
-    - keyName: wekan
-      secretKeyName: OAUTH2_CLIENT_ID
-      property: client_id
-    - keyName: wekan
-      secretKeyName: OAUTH2_SECRET
-      property: secret
-  secretStore:
-    kind: ClusterSecretStore
-    name: weyma-vault
-configMapsManaged: true
-configMapEnv:
-  - name: OAUTH2_ENABLED
-    value: "true"
-  - name: OAUTH2_LOGIN_STYLE
-    value: redirect
-  - name: OAUTH2_SERVER_URL
-    value: https://auth.dubyatp.xyz
-  - name: OAUTH2_AUTH_ENDPOINT
-    value: /application/o/authorize/
-  - name: OAUTH2_USERINFO_ENDPOINT
-    value: /application/o/userinfo/
-  - name: OAUTH2_TOKEN_ENDPOINT
-    value: /application/o/token/
-  - name: OAUTH2_ID_MAP
-    value: sub
-  - name: OAUTH2_USERNAME_MAP
-    value: email
-  - name: OAUTH2_FULLNAME_MAP
-    value: given_name
-  - name: OAUTH2_EMAIL_MAP
-    value: email
-wekan:
-  endpoint: wekan.dubyatp.xyz
-  root_url: https://wekan.dubyatp.xyz
-  secretManaged: false
-  podAnnotations:
-    backup.velero.io/backup-volumes: shared-data-volume
-  sharedDataFolder:
-    accessMode: ReadWriteMany
-  extraEnvFrom: |
-    - configMapRef:
-        name: wekan-config
-    - secretRef:
-        name: wekan-secrets
-  ingress:
-    enabled: true
-    path: /
-    pathtype: ImplementationSpecific
-    hosts:
-      - wekan.dubyatp.xyz
-    tls:
-      - secretName: cert-dubyatp-xyz
-        hosts:
-          - wekan.dubyatp.xyz
-  mongodb:
-    updateStrategy:
-      type: Recreate
-    podAnnotations:
-      backup.velero.io/backup-volumes: datadir

yt-dlp-bot/deployment.yaml

@@ -14,7 +14,7 @@ spec:
     spec:
       containers:
         - name: yt-dlp-bot
-          image: 'git.dubyatp.xyz/williamp/yt-dlp-bot:df8c7e9'
+          image: 'git.dubyatp.xyz/williamp/yt-dlp-bot:1ef217f'
           env:
             - name: OUT_PATH
               value: /data/youtube-vids

zap2xml/bucket.yaml

@@ -0,0 +1,10 @@
+apiVersion: objectbucket.io/v1alpha1
+kind: ObjectBucketClaim
+metadata:
+  name: zap2xml-bucket
+  namespace: zap2xml
+spec:
+  generateBucketName: zap2xml
+  storageClassName: weyma-s3-bucket
+  additionalConfig:
+    maxSize: "1Gi"

zap2xml/config.yaml

@@ -0,0 +1,98 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: zap2xml-s3config
+data:
+  .s3cfg: |
+   [default]
+   access_key =
+   access_token = 
+   add_encoding_exts = 
+   add_headers = 
+   bucket_location = US
+   ca_certs_file = 
+   cache_file = 
+   check_ssl_certificate = True
+   check_ssl_hostname = True
+   cloudfront_host = cloudfront.amazonaws.com
+   connection_max_age = 5
+   connection_pooling = True
+   content_disposition = 
+   content_type = 
+   default_mime_type = binary/octet-stream
+   delay_updates = False
+   delete_after = False
+   delete_after_fetch = False
+   delete_removed = False
+   dry_run = False
+   enable_multipart = True
+   encoding = UTF-8
+   encrypt = False
+   expiry_date = 
+   expiry_days = 
+   expiry_prefix = 
+   follow_symlinks = False
+   force = False
+   get_continue = False
+   gpg_command = /usr/bin/gpg
+   gpg_decrypt = %(gpg_command)s -d --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
+   gpg_encrypt = %(gpg_command)s -c --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
+   gpg_passphrase = 
+   guess_mime_type = True
+   host_base = https://weyma-s3.infra.dubyatp.xyz
+   host_bucket =
+   human_readable_sizes = False
+   invalidate_default_index_on_cf = False
+   invalidate_default_index_root_on_cf = True
+   invalidate_on_cf = False
+   keep_dirs = False
+   kms_key = 
+   limit = -1
+   limitrate = 0
+   list_allow_unordered = False
+   list_md5 = False
+   log_target_prefix = 
+   long_listing = False
+   max_delete = -1
+   max_retries = 5
+   mime_type = 
+   multipart_chunk_size_mb = 15
+   multipart_copy_chunk_size_mb = 1024
+   multipart_max_chunks = 10000
+   preserve_attrs = True
+   progress_meter = True
+   proxy_host = 
+   proxy_port = 0
+   public_url_use_https = False
+   put_continue = False
+   recursive = False
+   recv_chunk = 65536
+   reduced_redundancy = False
+   requester_pays = False
+   restore_days = 1
+   restore_priority = Standard
+   secret_key =
+   send_chunk = 65536
+   server_side_encryption = False
+   signature_v2 = False
+   signurl_use_https = False
+   simpledb_host = sdb.amazonaws.com
+   skip_destination_validation = False
+   skip_existing = False
+   socket_timeout = 300
+   ssl_client_cert_file = 
+   ssl_client_key_file = 
+   stats = False
+   stop_on_error = False
+   storage_class = 
+   throttle_max = 100
+   upload_id = 
+   urlencoding_mode = normal
+   use_http_expect = False
+   use_https = True
+   use_mime_magic = True
+   verbosity = WARNING
+   website_endpoint = http://%(bucket)s.s3-website-%(location)s.amazonaws.com/
+   website_error = 
+   website_index = index.html
+   

zap2xml/cron.yaml

@@ -0,0 +1,87 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: zap2xml-dtv-02191
+spec:
+  schedule: "0 */12 * * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: zap2xml
+            image: git.dubyatp.xyz/williamp/kube-zap2xml:c075fec
+            envFrom:
+              - secretRef:
+                 name: zap2xml-bucket
+            env:
+              - name: LINEUP_ID
+                value: USA-DITV506-X
+              - name: POSTAL_CODE
+                value: "02191"
+              - name: TIMESPAN
+                value: "120"
+              - name: OUTPUT_FILE
+                value: /tmp/xmltv.xml
+              - name: PUBLIC_FILENAME
+                value: xmltv-directv-02191.xml
+              - name: S3_URL
+                value: s3://zap2xml-c134c9a7-a7a0-4113-997e-78e72ec3f576
+            volumeMounts:
+              - name: s3-config
+                mountPath: /root
+              - name: temp
+                mountPath: /tmp
+          restartPolicy: Never
+          volumes:
+            - name: s3-config
+              configMap:
+                name: zap2xml-s3config
+            - name: temp
+              emptyDir:
+               sizeLimit: 1Gi
+               medium: Memory
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: zap2xml-ota-02191
+spec:
+  schedule: "30 */12 * * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: zap2xml
+            image: git.dubyatp.xyz/williamp/kube-zap2xml:c075fec
+            envFrom:
+              - secretRef:
+                 name: zap2xml-bucket
+            env:
+              - name: LINEUP_ID
+                value: USA-OTA02191
+              - name: POSTAL_CODE
+                value: "02191"
+              - name: TIMESPAN
+                value: "120"
+              - name: OUTPUT_FILE
+                value: /tmp/xmltv.xml
+              - name: PUBLIC_FILENAME
+                value: xmltv-ota-02191.xml
+              - name: S3_URL
+                value: s3://zap2xml-c134c9a7-a7a0-4113-997e-78e72ec3f576
+            volumeMounts:
+              - name: s3-config
+                mountPath: /root
+              - name: temp
+                mountPath: /tmp
+          restartPolicy: Never
+          volumes:
+            - name: s3-config
+              configMap:
+                name: zap2xml-s3config
+            - name: temp
+              emptyDir:
+               sizeLimit: 1Gi
+               medium: Memory