From 732fd4229e78359a4ff846a12d28f1842ca8adf4 Mon Sep 17 00:00:00 2001
From: djpbessems <danny@bessems.eu>
Date: Mon, 19 Oct 2020 15:56:11 +0200
Subject: [PATCH] Define PVR apikey rules in separate file; add file to
 .gitignore

---
 .gitignore                                 |   1 +
 services/PVR/deploy-NZBHydra.yml           |   8 --
 services/PVR/deploy-PVR.yml.legacy         | 147 ---------------------
 services/PVR/deploy-Radarr.yml             |   8 --
 services/PVR/deploy-Readarr.yml            |   5 +
 services/PVR/deploy-SABnzbd.yml            |   8 --
 services/PVR/deploy-Sonarr.yml             |   8 --
 services/PVR/ingressRoute-PVR.yml.template |  57 ++++++++
 services/PVR/persistentVolumeClaim-PVR.yml |  34 +++++
 9 files changed, 97 insertions(+), 179 deletions(-)
 create mode 100644 .gitignore
 delete mode 100644 services/PVR/deploy-PVR.yml.legacy
 create mode 100644 services/PVR/ingressRoute-PVR.yml.template

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..d274e91
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+*.sensitive.yml
diff --git a/services/PVR/deploy-NZBHydra.yml b/services/PVR/deploy-NZBHydra.yml
index 3f8e7af..c7cbe46 100644
--- a/services/PVR/deploy-NZBHydra.yml
+++ b/services/PVR/deploy-NZBHydra.yml
@@ -66,14 +66,6 @@ spec:
       - name: 2fa-authentication@file
       - name: security-headers@file
       - name: compression@file
-  - match: Host(`index.pvr.spamasaurus.com`) && (Headers(`X-Api-Key`, `<removed>`) || Query(`apikey=<removed>`))
-    kind: Rule
-    services:
-    - name: nzbhydra
-      port: 5076
-    middlewares:
-      - name: security-headers@file
-      - name: compression@file
   tls:
     options:
       name: defaults@file
diff --git a/services/PVR/deploy-PVR.yml.legacy b/services/PVR/deploy-PVR.yml.legacy
deleted file mode 100644
index 6f1b7e0..0000000
--- a/services/PVR/deploy-PVR.yml.legacy
+++ /dev/null
@@ -1,147 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: nzbhydra
-spec:
-  ports:
-    - protocol: TCP
-      port: 5076
-      targetPort: 5076
----
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: nzbhydra
-subsets:
-  - addresses:
-      - ip: 192.168.11.242
-    ports:
-      - port: 5076
----
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: nzbhydra
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`index.pvr.spamasaurus.com`)
-    kind: Rule
-    services:
-      - name: nzbhydra
-        port: 5076
-    middlewares:
-      - name: 2fa-authentication@file
-      - name: security-headers@file
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: radarr
-spec:
-  ports:
-    - protocol: TCP
-      port: 7878
-      targetPort: 7878
----
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: radarr
-subsets:
-  - addresses:
-      - ip: 192.168.11.242
-    ports:
-      - port: 7878
----
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: radarr
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`movies.pvr.spamasaurus.com`)
-    kind: Rule
-    services:
-      - name: radarr
-        port: 7878
-    middlewares:
-      - name: 2fa-authentication@file
-      - name: security-headers@file
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: sabnzbd
-spec:
-  ports:
-    - protocol: TCP
-      port: 8080
-      targetPort: 8080
----
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: sabnzbd
-subsets:
-  - addresses:
-      - ip: 192.168.11.242
-    ports:
-      - port: 8080
----
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: sabnzbd
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`download.pvr.spamasaurus.com`)
-    kind: Rule
-    services:
-      - name: sabnzbd
-        port: 8080
-    middlewares:
-      - name: 2fa-authentication@file
-      - name: security-headers@file
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: sonarr
-spec:
-  ports:
-    - protocol: TCP
-      port: 8989
-      targetPort: 8989
----
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: sonarr
-subsets:
-  - addresses:
-      - ip: 192.168.11.242
-    ports:
-      - port: 8989
----
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: sonarr
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`series.pvr.spamasaurus.com`)
-    kind: Rule
-    services:
-      - name: sonarr
-        port: 8989
-    middlewares:
-      - name: 2fa-authentication@file
-      - name: security-headers@file
diff --git a/services/PVR/deploy-Radarr.yml b/services/PVR/deploy-Radarr.yml
index 946c15c..ca56a58 100644
--- a/services/PVR/deploy-Radarr.yml
+++ b/services/PVR/deploy-Radarr.yml
@@ -71,14 +71,6 @@ spec:
       - name: 2fa-authentication@file
       - name: security-headers@file
       - name: compression@file
-  - match: Host(`movies.pvr.spamasaurus.com`) && (Headers(`X-Api-Key`, `<removed>`) || Query(`apikey=<removed>`))
-    kind: Rule
-    services:
-    - name: radarr
-      port: 7878
-    middlewares:
-      - name: security-headers@file
-      - name: compression@file
   tls:
     options:
       name: defaults@file
diff --git a/services/PVR/deploy-Readarr.yml b/services/PVR/deploy-Readarr.yml
index cc684c4..93a53a4 100644
--- a/services/PVR/deploy-Readarr.yml
+++ b/services/PVR/deploy-Readarr.yml
@@ -40,6 +40,8 @@ spec:
         volumeMounts:
         - mountPath: /config
           name: flexvolsmb-readarr-config
+        - mountPath: /books
+          name: flexvolsmb-pvr-books
         - mountPath: /downloads
           name: smb-pvr-volatile
           subPath: downloads
@@ -47,6 +49,9 @@ spec:
       - name: flexvolsmb-readarr-config
         persistentVolumeClaim:
           claimName: flexvolsmb-readarr-config
+      - name: flexvolsmb-pvr-books
+        persistentVolumeClaim:
+          claimName: flexvolsmb-pvr-books
       - name: smb-pvr-volatile
         persistentVolumeClaim:
           claimName: smb-pvr-volatile
diff --git a/services/PVR/deploy-SABnzbd.yml b/services/PVR/deploy-SABnzbd.yml
index e5f8376..97a3373 100644
--- a/services/PVR/deploy-SABnzbd.yml
+++ b/services/PVR/deploy-SABnzbd.yml
@@ -70,14 +70,6 @@ spec:
       - name: 2fa-authentication@file
       - name: security-headers@file
       - name: compression@file
-  - match: Host(`download.pvr.spamasaurus.com`) && (Headers(`X-Api-Key`, `<removed>`) || Query(`apikey=<removed>`))
-    kind: Rule
-    services:
-    - name: sabnzbd
-      port: 8080
-    middlewares:
-      - name: security-headers@file
-      - name: compression@file
   tls:
     options:
       name: defaults@file
diff --git a/services/PVR/deploy-Sonarr.yml b/services/PVR/deploy-Sonarr.yml
index f50329c..34fe316 100644
--- a/services/PVR/deploy-Sonarr.yml
+++ b/services/PVR/deploy-Sonarr.yml
@@ -71,14 +71,6 @@ spec:
       - name: 2fa-authentication@file
       - name: security-headers@file
       - name: compression@file
-  - match: Host(`series.pvr.spamasaurus.com`) && (Headers(`X-Api-Key`, `<removed>`) || Query(`apikey=<removed>`))
-    kind: Rule
-    services:
-    - name: sonarr
-      port: 8989
-    middlewares:
-      - name: security-headers@file
-      - name: compression@file
   tls:
     options:
       name: defaults@file
diff --git a/services/PVR/ingressRoute-PVR.yml.template b/services/PVR/ingressRoute-PVR.yml.template
new file mode 100644
index 0000000..c14a00c
--- /dev/null
+++ b/services/PVR/ingressRoute-PVR.yml.template
@@ -0,0 +1,57 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: pvr-apikeys
+  namespace: pvr
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`index.pvr.spamasaurus.com`) && (Headers(`X-Api-Key`, `<removed>`) || Query(`apikey=<removed>`))
+    kind: Rule
+    services:
+    - name: nzbhydra
+      port: 5076
+    middlewares:
+      - name: security-headers@file
+      - name: compression@file
+  - match: Host(`movies.pvr.spamasaurus.com`) && (Headers(`X-Api-Key`, `<removed>`) || Query(`apikey=<removed>`))
+    kind: Rule
+    services:
+    - name: radarr
+      port: 7878
+    middlewares:
+      - name: security-headers@file
+      - name: compression@file
+  - match: Host(`books.pvr.spamasaurus.com`) && (Headers(`X-Api-Key`, `<removed>`) || Query(`apikey=<removed>`))
+    kind: Rule
+    services:
+    - name: readarr
+      port: 8787
+    middlewares:
+      - name: security-headers@file
+      - name: compression@file
+  - match: Host(`download.pvr.spamasaurus.com`) && (Headers(`X-Api-Key`, `<removed>`) || Query(`apikey=<removed>`))
+    kind: Rule
+    services:
+    - name: sabnzbd
+      port: 8080
+    middlewares:
+      - name: security-headers@file
+      - name: compression@file
+  - match: Host(`series.pvr.spamasaurus.com`) && (Headers(`X-Api-Key`, `<removed>`) || Query(`apikey=<removed>`))
+    kind: Rule
+    services:
+    - name: sonarr
+      port: 8989
+    middlewares:
+      - name: security-headers@file
+      - name: compression@file
+  tls:
+    options:
+      name: defaults@file
+    certResolver: default
+    domains:
+    - main: '*.pvr.spamasaurus.com'
+      sans:
+        - 'pvr.spamasaurus.com'
diff --git a/services/PVR/persistentVolumeClaim-PVR.yml b/services/PVR/persistentVolumeClaim-PVR.yml
index 855934d..28b2294 100644
--- a/services/PVR/persistentVolumeClaim-PVR.yml
+++ b/services/PVR/persistentVolumeClaim-PVR.yml
@@ -63,3 +63,37 @@ spec:
   resources:
     requests:
       storage: 1Gi
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: flexvolsmb-pvr-books
+  namespace: pvr
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-pvr-books
+  flexVolume:
+    driver: mount/smb
+    secretRef:
+      name: smb-secret
+    options:
+      opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8,cache=none
+      server: 192.168.11.225
+      share: /Public/Boeken
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: flexvolsmb-pvr-books
+  namespace: pvr
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-pvr-books
+  resources:
+    requests:
+      storage: 1Gi
+