Define PVR apikey rules in separate file; add file to .gitignore

.gitignore

@@ -0,0 +1 @@
+*.sensitive.yml

services/PVR/deploy-NZBHydra.yml

@@ -66,14 +66,6 @@ spec:
       - name: 2fa-authentication@file
       - name: security-headers@file
       - name: compression@file
-  - match: Host(`index.pvr.spamasaurus.com`) && (Headers(`X-Api-Key`, `<removed>`) || Query(`apikey=<removed>`))
-    kind: Rule
-    services:
-    - name: nzbhydra
-      port: 5076
-    middlewares:
-      - name: security-headers@file
-      - name: compression@file
   tls:
     options:
       name: defaults@file

services/PVR/deploy-PVR.yml.legacy

@@ -1,147 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: nzbhydra
-spec:
-  ports:
-    - protocol: TCP
-      port: 5076
-      targetPort: 5076
----
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: nzbhydra
-subsets:
-  - addresses:
-      - ip: 192.168.11.242
-    ports:
-      - port: 5076
----
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: nzbhydra
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`index.pvr.spamasaurus.com`)
-    kind: Rule
-    services:
-      - name: nzbhydra
-        port: 5076
-    middlewares:
-      - name: 2fa-authentication@file
-      - name: security-headers@file
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: radarr
-spec:
-  ports:
-    - protocol: TCP
-      port: 7878
-      targetPort: 7878
----
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: radarr
-subsets:
-  - addresses:
-      - ip: 192.168.11.242
-    ports:
-      - port: 7878
----
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: radarr
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`movies.pvr.spamasaurus.com`)
-    kind: Rule
-    services:
-      - name: radarr
-        port: 7878
-    middlewares:
-      - name: 2fa-authentication@file
-      - name: security-headers@file
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: sabnzbd
-spec:
-  ports:
-    - protocol: TCP
-      port: 8080
-      targetPort: 8080
----
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: sabnzbd
-subsets:
-  - addresses:
-      - ip: 192.168.11.242
-    ports:
-      - port: 8080
----
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: sabnzbd
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`download.pvr.spamasaurus.com`)
-    kind: Rule
-    services:
-      - name: sabnzbd
-        port: 8080
-    middlewares:
-      - name: 2fa-authentication@file
-      - name: security-headers@file
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: sonarr
-spec:
-  ports:
-    - protocol: TCP
-      port: 8989
-      targetPort: 8989
----
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: sonarr
-subsets:
-  - addresses:
-      - ip: 192.168.11.242
-    ports:
-      - port: 8989
----
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: sonarr
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`series.pvr.spamasaurus.com`)
-    kind: Rule
-    services:
-      - name: sonarr
-        port: 8989
-    middlewares:
-      - name: 2fa-authentication@file
-      - name: security-headers@file

services/PVR/deploy-Radarr.yml

@@ -71,14 +71,6 @@ spec:
       - name: 2fa-authentication@file
       - name: security-headers@file
       - name: compression@file
-  - match: Host(`movies.pvr.spamasaurus.com`) && (Headers(`X-Api-Key`, `<removed>`) || Query(`apikey=<removed>`))
-    kind: Rule
-    services:
-    - name: radarr
-      port: 7878
-    middlewares:
-      - name: security-headers@file
-      - name: compression@file
   tls:
     options:
       name: defaults@file

services/PVR/deploy-Readarr.yml

@@ -40,6 +40,8 @@ spec:
         volumeMounts:
         - mountPath: /config
           name: flexvolsmb-readarr-config
+        - mountPath: /books
+          name: flexvolsmb-pvr-books
         - mountPath: /downloads
           name: smb-pvr-volatile
           subPath: downloads
@@ -47,6 +49,9 @@ spec:
       - name: flexvolsmb-readarr-config
         persistentVolumeClaim:
           claimName: flexvolsmb-readarr-config
+      - name: flexvolsmb-pvr-books
+        persistentVolumeClaim:
+          claimName: flexvolsmb-pvr-books
       - name: smb-pvr-volatile
         persistentVolumeClaim:
           claimName: smb-pvr-volatile

services/PVR/deploy-SABnzbd.yml

@@ -70,14 +70,6 @@ spec:
       - name: 2fa-authentication@file
       - name: security-headers@file
       - name: compression@file
-  - match: Host(`download.pvr.spamasaurus.com`) && (Headers(`X-Api-Key`, `<removed>`) || Query(`apikey=<removed>`))
-    kind: Rule
-    services:
-    - name: sabnzbd
-      port: 8080
-    middlewares:
-      - name: security-headers@file
-      - name: compression@file
   tls:
     options:
       name: defaults@file

services/PVR/deploy-Sonarr.yml

@@ -71,14 +71,6 @@ spec:
       - name: 2fa-authentication@file
       - name: security-headers@file
       - name: compression@file
-  - match: Host(`series.pvr.spamasaurus.com`) && (Headers(`X-Api-Key`, `<removed>`) || Query(`apikey=<removed>`))
-    kind: Rule
-    services:
-    - name: sonarr
-      port: 8989
-    middlewares:
-      - name: security-headers@file
-      - name: compression@file
   tls:
     options:
       name: defaults@file

services/PVR/ingressRoute-PVR.yml.template

@@ -0,0 +1,57 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: pvr-apikeys
+  namespace: pvr
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`index.pvr.spamasaurus.com`) && (Headers(`X-Api-Key`, `<removed>`) || Query(`apikey=<removed>`))
+    kind: Rule
+    services:
+    - name: nzbhydra
+      port: 5076
+    middlewares:
+      - name: security-headers@file
+      - name: compression@file
+  - match: Host(`movies.pvr.spamasaurus.com`) && (Headers(`X-Api-Key`, `<removed>`) || Query(`apikey=<removed>`))
+    kind: Rule
+    services:
+    - name: radarr
+      port: 7878
+    middlewares:
+      - name: security-headers@file
+      - name: compression@file
+  - match: Host(`books.pvr.spamasaurus.com`) && (Headers(`X-Api-Key`, `<removed>`) || Query(`apikey=<removed>`))
+    kind: Rule
+    services:
+    - name: readarr
+      port: 8787
+    middlewares:
+      - name: security-headers@file
+      - name: compression@file
+  - match: Host(`download.pvr.spamasaurus.com`) && (Headers(`X-Api-Key`, `<removed>`) || Query(`apikey=<removed>`))
+    kind: Rule
+    services:
+    - name: sabnzbd
+      port: 8080
+    middlewares:
+      - name: security-headers@file
+      - name: compression@file
+  - match: Host(`series.pvr.spamasaurus.com`) && (Headers(`X-Api-Key`, `<removed>`) || Query(`apikey=<removed>`))
+    kind: Rule
+    services:
+    - name: sonarr
+      port: 8989
+    middlewares:
+      - name: security-headers@file
+      - name: compression@file
+  tls:
+    options:
+      name: defaults@file
+    certResolver: default
+    domains:
+    - main: '*.pvr.spamasaurus.com'
+      sans:
+        - 'pvr.spamasaurus.com'

services/PVR/persistentVolumeClaim-PVR.yml

@@ -63,3 +63,37 @@ spec:
   resources:
     requests:
       storage: 1Gi
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: flexvolsmb-pvr-books
+  namespace: pvr
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-pvr-books
+  flexVolume:
+    driver: mount/smb
+    secretRef:
+      name: smb-secret
+    options:
+      opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8,cache=none
+      server: 192.168.11.225
+      share: /Public/Boeken
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: flexvolsmb-pvr-books
+  namespace: pvr
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-pvr-books
+  resources:
+    requests:
+      storage: 1Gi
+