diff --git a/renovate.json b/renovate.json index 70eb495..9950317 100644 --- a/renovate.json +++ b/renovate.json @@ -8,5 +8,8 @@ "prHourlyLimit": 0, "argocd": { "managerFilePatterns": ["/\\.yaml$/"] + }, + "kubernetes": { + "managerFilePatterns": ["/\\.yaml$/"] } } diff --git a/services/Argus/deployment-argus.yml b/services/Argus/deployment-argus.yml deleted file mode 100644 index f0c051d..0000000 --- a/services/Argus/deployment-argus.yml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: argus - namespace: argus - labels: - app: argus -spec: - replicas: 1 - selector: - matchLabels: - app: argus - template: - metadata: - labels: - app: argus - spec: - serviceAccountName: argus - containers: - - name: argus - image: releaseargus/argus:0.21.0 - args: - - -config.file=/app/config/config.yml - ports: - - name: web - containerPort: 8080 - volumeMounts: - - name: csismb-argus-config - mountPath: /app/config - - name: csismb-argus-data - mountPath: /app/data - volumes: - - name: csismb-argus-config - persistentVolumeClaim: - claimName: csismb-argus-config - - name: csismb-argus-data - persistentVolumeClaim: - claimName: csismb-argus-data diff --git a/services/Argus/sealedsecret-smb-credentials.yaml b/services/Argus/sealedsecret-smb-credentials.yaml deleted file mode 100644 index d4ee2a1..0000000 --- a/services/Argus/sealedsecret-smb-credentials.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: smb-credentials - namespace: argus -spec: - encryptedData: - password: AgB8gU7Lj+Pn5B/oC8HtyKnKUzSvB7NRvxJOC2UmKjt3hj3pcRmfKrEh2khkcfSksb6x3f4ttIxYV2uFsXJfL4Wvi6zhsgvfgUHT12oD1/fuxD0LvHCm9otlGp8yyiQu5mPrFBdsGJswreBY53sD0UUdgu2riAlX0ESm+xKhzDJ6eSM8/Iz9Dq4GIhivLZ3OcZJw9hbgbelICIgvuxJZ3bWLfakPdeNDQUoayZuG3Z4GW0KPiqOMyaWz1/rljMHFaZHnFaszgKobwzPihsWWAnXEWmn54fwVBqfe/jNIo8CBvjlZGnMzinaS5lKTHObEVIG+F0XRI5VNFPa89NbsGKN71HJMFYU729lzdl58yy6B/5K789JRtxWUi/8I/7H8kLZWzUhUOqAcmLpVHKWnkH0Ub4MLtDyAaTJam5HqTtsvPDMW3+njiC+8vxC3n0X7q7pzAQQzM5JPZ7G/On6irFKe4LryfrphHiCB/gyJlLpBMXUqKJ4MvzUQU8G8e8W3OLMbtPl0O6oFuFxD8bUA4gdkoPO04bxlLvRmxlmavkbA0vFi60L6eyIOq5yzxvuEd7tzyD7SEO49hb8zW/LS/+H/PE/fCVT6crn+UbNOhgyaHR8pxlNpy6Z4PAti3mG8ZOtKVD0mx6fm8BCPHfWVFyC5YO6kNI285o4uuqsQI+SSZ+zkxwlFwvLcp1RdfJZFLUNyrQm3mlvMUY9xjZANlCHZ - username: AgB67La0V5HRLzZ1RqR0Y0nufYKq3z0SK/go4AQ0aaZwQEE/mIy0c6xhdkwup7ava4PzTyOavEEQoluhojOcrVTz9qKUHoMQHcnhS3NagBc/QCeA+2rL15qw9ZUn5+sSU4OhM3UNCTy2jF1kMoXr2cdCi9pALRdAXPLhrccPoaItmWkA4bMRIe3on78BQUOlhF+zJjcMciPlDo+9ywY8ArShMHj5YlRgWQ6uOJmIH5FFp2BcXKP5d0gALoVQ4/Ek4zIkk4YubtO1C0sqfbvkTW+oxeymUSLd2PddGyF18iohfrgje6PQAvvtkDBX2hUuVcp8h2oFj2JkeZld4neOYpDFbdKwe1aGep24GxbYIt24j+iFfs8txqXhQQsHJWJmwHNB2798gPvjIxPC+G90V4/drsjr7KiAgdWKUaqU5JMDVo2HTSplyWpS1LZIGQmloafWiAXvTWQVIEg2044TXQIq2X7k3npbHU/KcWmlMqR1546QawsZAnohWaOIskqEBkG7nXx/eeYk7LVppP2TqdRtt+VfuvptXgfFhkOB2wUSOwqWH7OkQu/k3jtPR0FVJni+Hc1/+fKfuStwvEX+/1bdjZuS8DUGelOb1d/pXrHw+KypfzXcOoDaO31hJMQOEalXZc2GNJleAvLAxv34s8fFWKWvnEXqwYIaNwRPvX64GtencJwyFo/rdO/HH7gVIhA2DCDQwB0= - template: - metadata: - creationTimestamp: null - name: smb-credentials - namespace: argus - type: Opaque diff --git a/services/Argus/serviceAccount-argus.yml b/services/Argus/serviceAccount-argus.yml deleted file mode 100644 index 761e5c6..0000000 --- a/services/Argus/serviceAccount-argus.yml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: argus - namespace: argus - labels: - app: argus diff --git a/services/BedrockServerManager/_namespace-bedrockservermanager.yml b/services/BedrockServerManager/_namespace-bedrockservermanager.yml new file mode 100644 index 0000000..8d9b44a --- /dev/null +++ b/services/BedrockServerManager/_namespace-bedrockservermanager.yml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: bedrockservermanager diff --git a/services/BedrockServerManager/application-bedrockservermanager.yaml b/services/BedrockServerManager/application-bedrockservermanager.yaml new file mode 100644 index 0000000..c1fcfc5 --- /dev/null +++ b/services/BedrockServerManager/application-bedrockservermanager.yaml @@ -0,0 +1,18 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: bedrockservermanager + namespace: argo-cd +spec: + destination: + namespace: bedrockservermanager + server: https://kubernetes.default.svc + project: default + syncPolicy: + automated: {} + syncOptions: + - CreateNamespace=true + sources: + - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog + path: services/BedrockServerManager + targetRevision: HEAD diff --git a/services/BedrockServerManager/deployment-bedrockservermanager.yaml b/services/BedrockServerManager/deployment-bedrockservermanager.yaml new file mode 100644 index 0000000..70ff9c4 --- /dev/null +++ b/services/BedrockServerManager/deployment-bedrockservermanager.yaml @@ -0,0 +1,42 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: bedrockservermanager + namespace: bedrockservermanager + labels: + app: bedrockservermanager +spec: + replicas: 1 + selector: + matchLabels: + app: bedrockservermanager + strategy: + type: Recreate + template: + metadata: + labels: + app: bedrockservermanager + spec: + containers: + - name: bedrockservermanager + # image: ghcr.io/dmedina559/bedrock-server-manager:stable + image: ghcr.io/dmedina559/bedrock-server-manager:3.7.2 + ports: + - name: web + containerPort: 11325 + - name: mc + containerPort: 19132 + - name: mc-creative + containerPort: 19134 + volumeMounts: + - mountPath: /root/.config/bedrock-server-manager + name: csismb-bedrockservermanager-config + - mountPath: /root/bedrock-server-manager + name: csismb-bedrockservermanager-data + volumes: + - name: csismb-bedrockservermanager-config + persistentVolumeClaim: + claimName: csismb-bedrockservermanager-config + - name: csismb-bedrockservermanager-data + persistentVolumeClaim: + claimName: csismb-bedrockservermanager-data diff --git a/services/BedrockServerManager/ingressroute-bedrockservermanager.yaml b/services/BedrockServerManager/ingressroute-bedrockservermanager.yaml new file mode 100644 index 0000000..b7e7348 --- /dev/null +++ b/services/BedrockServerManager/ingressroute-bedrockservermanager.yaml @@ -0,0 +1,17 @@ +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: bedrockservermanager + namespace: bedrockservermanager +spec: + entryPoints: + - websecure + routes: + - match: Host(`mc.spamasaurus.com`) + kind: Rule + services: + - name: bedrockservermanager + port: 11325 + middlewares: + - name: security-headers@file + # - name: compression@file diff --git a/services/BedrockServerManager/persistentvolume-csismb-bedrockservermanager-config.yaml b/services/BedrockServerManager/persistentvolume-csismb-bedrockservermanager-config.yaml new file mode 100644 index 0000000..d7b9ffd --- /dev/null +++ b/services/BedrockServerManager/persistentvolume-csismb-bedrockservermanager-config.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + annotations: + pv.kubernetes.io/provisioned-by: smb.csi.k8s.io + name: csismb-bedrockservermanager-config +spec: + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + persistentVolumeReclaimPolicy: Retain + storageClassName: csismb-bedrockservermanager-config + mountOptions: + - dir_mode=0777 + - file_mode=0777 + - nobrl + - cache=strict + - mfsymlinks + - noserverino # required to prevent data corruption + csi: + driver: smb.csi.k8s.io + # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name} + # make sure this value is unique for every share in the cluster + volumeHandle: 192.168.154.195#bedrockservermanager#config + volumeAttributes: + source: //192.168.154.195/K3s.Volumes + subDir: bedrockservermanager/config + nodeStageSecretRef: + name: smb-credentials + namespace: bedrockservermanager diff --git a/services/LdapWrapper/persistentvolume-csismb-ldapwrapper-cache.yaml b/services/BedrockServerManager/persistentvolume-csismb-bedrockservermanager-data.yaml similarity index 74% rename from services/LdapWrapper/persistentvolume-csismb-ldapwrapper-cache.yaml rename to services/BedrockServerManager/persistentvolume-csismb-bedrockservermanager-data.yaml index 396636a..0d87b76 100644 --- a/services/LdapWrapper/persistentvolume-csismb-ldapwrapper-cache.yaml +++ b/services/BedrockServerManager/persistentvolume-csismb-bedrockservermanager-data.yaml @@ -3,14 +3,14 @@ kind: PersistentVolume metadata: annotations: pv.kubernetes.io/provisioned-by: smb.csi.k8s.io - name: csismb-ldapwrapper-cache + name: csismb-bedrockservermanager-data spec: capacity: storage: 1Gi accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain - storageClassName: csismb-ldapwrapper-cache + storageClassName: csismb-bedrockservermanager-data mountOptions: - dir_mode=0777 - file_mode=0777 @@ -22,10 +22,10 @@ spec: driver: smb.csi.k8s.io # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name} # make sure this value is unique for every share in the cluster - volumeHandle: 192.168.154.195#ldapwrapper#cache + volumeHandle: 192.168.154.195#bedrockservermanager#data volumeAttributes: source: //192.168.154.195/K3s.Volumes - subDir: ldapwrapper/cache + subDir: bedrockservermanager/data nodeStageSecretRef: name: smb-credentials - namespace: ldapwrapper + namespace: bedrockservermanager diff --git a/services/BedrockServerManager/persistentvolumeclaim-csismb-bedrockservermanager-config.yaml b/services/BedrockServerManager/persistentvolumeclaim-csismb-bedrockservermanager-config.yaml new file mode 100644 index 0000000..e61d443 --- /dev/null +++ b/services/BedrockServerManager/persistentvolumeclaim-csismb-bedrockservermanager-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: csismb-bedrockservermanager-config + namespace: bedrockservermanager +spec: + accessModes: + - ReadWriteMany + storageClassName: csismb-bedrockservermanager-config + resources: + requests: + storage: 1Gi diff --git a/services/BedrockServerManager/persistentvolumeclaim-csismb-bedrockservermanager-data.yaml b/services/BedrockServerManager/persistentvolumeclaim-csismb-bedrockservermanager-data.yaml new file mode 100644 index 0000000..ab78102 --- /dev/null +++ b/services/BedrockServerManager/persistentvolumeclaim-csismb-bedrockservermanager-data.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: csismb-bedrockservermanager-data + namespace: bedrockservermanager +spec: + accessModes: + - ReadWriteMany + storageClassName: csismb-bedrockservermanager-data + resources: + requests: + storage: 1Gi diff --git a/services/BedrockServerManager/sealedsecret-smb-credentials.yaml b/services/BedrockServerManager/sealedsecret-smb-credentials.yaml new file mode 100644 index 0000000..7212a2c --- /dev/null +++ b/services/BedrockServerManager/sealedsecret-smb-credentials.yaml @@ -0,0 +1,14 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: smb-credentials + namespace: bedrockservermanager +spec: + encryptedData: + password: AgAUxKVMBkGZeLu1XablLg9UuP9Jj6Od7phWEhXzyEdT5UB6ZNRlmi07k0dUrT+IgVl7OGNyP1yVJQCrbWWOlNtOIUez3SNd4XqTrXg4TM7OpgewHEHTibexSZWhQ8QCOc/jpk6bVPBjaiOq02jmBocwakOhB56drojknr8CI5nD2xSgfAc4VIj1dmpzBn8a3SG7rBep0nKVifgFLaYdVSCURW/NEyG4TKMQpbFDHDL7BzN7Zpx3+kuzlrInSMRd+XfCsGOawvnLZERz5/WS1cc7iSmU4J5gV572yPcwwlw9DN3ewsANJ5oFr6gVjrPTS33bdXY2BNDTQMziLA+GyERhbmbPrz3z3bCCeqYv3hihNS6G35Z47hN1hUETHpjrS5HbbZ0e4RwThEHbt2lzjfVBGsrRCq3qZC4DFhFc+S7PP/pBO1c2UJ3YP4+Fbha72ZtZANh8xJH0HVbzuE4Ut7Lg88Iq9fCNJ6vLVuk4kHws8cvOLEEZBWaWkJcZ1RHpw/DUblHIZlg9htzeKMHFyRyT2qrqPF3XdQAYFHRTXXtn9gUefT8DhIYufsJbahg5qICoPwnS6fIPwoGCRTq03JI8MNeB/9qjRJrZT3LdgUtD2zMKEBqzvl6kJsl81dWhQZIsAuQMsC4DlUvpHj4+XL9QGkK8spQ7sV2U6yh37yCkvG+b+lOHjIANC0iXQOYwSkxApVJLgGfrQYSMf1qVL1Qe + username: AgBq8d65YBkZfjT9B0vbCJWu3D0xeA7aYCU4pj329I/0elD5OuFTrY4ZOLlbTMy6+wmhKN90DjpBWgjMkpc/NcRz8lnUE81W5OBL8bzQeOmGp/gwFBhpNcI8RxCBqaoi4616VApdKpj+qjD31ik215RvaKSIgX+mWtiqYgExhrDwWlOCW93fOwXE061FdIt4noUIbhRH7IzNX6S+irxNUEcaAPPn02hTSbwXvrHcVy7PP0lEmANGAbBmNzLZCQ0nBPDOZTceWEAQECTjI7xT94miTuYKhvdJ1afdC2TOQH2Pnq6m+OqCZABdXlsb3KRej1++mKDpIPScAwY5YdmkxYHg1Dqd818z0iaL6u62rCV9pWrjZM40BGVDaXiYKqlmS+X5hMYqFCF5dpgljaM6rBlj1ad0bvPFtgzjPXdF3bgalIR0xzfuVaxcOe7FU7wG/6XICaJ3ka3fxV0EuBBJ2zA4vvElCe/LLK0YbkgdznFh4LypE0wnvqtEoE90S8i5n6UifAaHKHkAuJ0f952bqxz4FEb3CFohlrWqZnml0j+JK/UJFG3ItFtnOJEuVq7+4YBNxS6TNrdD1KyQHqT1BFC7pGCk1r+TSM7AASwa1vFnHAMv9g0vpVpDlfT20rXewZxcg/9+E4R4o29RsuNqdL/mn7a4bm9u/+ll7IQSkwpVvkbw5HBGGebCRTJkAhAYL2j6noedeoc= + template: + metadata: + name: smb-credentials + namespace: bedrockservermanager + type: Opaque diff --git a/services/BedrockServerManager/service-bedrockservermanager-mc.yaml b/services/BedrockServerManager/service-bedrockservermanager-mc.yaml new file mode 100644 index 0000000..5dd2c8b --- /dev/null +++ b/services/BedrockServerManager/service-bedrockservermanager-mc.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: bedrockservermanager-mc + namespace: bedrockservermanager +spec: + type: LoadBalancer + ports: + - protocol: UDP + name: mc + port: 19132 + - protocol: UDP + name: mc-creative + port: 19134 + selector: + app: bedrockservermanager diff --git a/services/BedrockServerManager/service-bedrockservermanager.yaml b/services/BedrockServerManager/service-bedrockservermanager.yaml new file mode 100644 index 0000000..9c2d32f --- /dev/null +++ b/services/BedrockServerManager/service-bedrockservermanager.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: bedrockservermanager + namespace: bedrockservermanager +spec: + ports: + - protocol: TCP + name: web + port: 11325 + selector: + app: bedrockservermanager diff --git a/services/DDclient/persistentvolume-csismb-ddclient-config.yaml b/services/DDclient/persistentvolume-csismb-ddclient-config.yaml index 5dded29..7047d5f 100644 --- a/services/DDclient/persistentvolume-csismb-ddclient-config.yaml +++ b/services/DDclient/persistentvolume-csismb-ddclient-config.yaml @@ -28,4 +28,4 @@ spec: subDir: ddclient/config nodeStageSecretRef: name: smb-credentials - namespace: argus + namespace: ddclient diff --git a/services/Gitea/application-gitea.yaml b/services/Gitea/application-gitea.yaml index 40bd04c..20955ec 100644 --- a/services/Gitea/application-gitea.yaml +++ b/services/Gitea/application-gitea.yaml @@ -22,7 +22,7 @@ spec: - repoURL: https://dl.gitea.com/charts/ chart: gitea # targetRevision: 11.0.0 - targetRevision: 12.2.0 + targetRevision: 12.5.0 helm: valueFiles: - $values/services/Gitea/values.yaml diff --git a/services/Gitea/supportingfiles/sealedsecret-gitea-actions-registration-token.yaml b/services/Gitea/supportingfiles/sealedsecret-gitea-actions-registration-token.yaml new file mode 100644 index 0000000..ed82ecd --- /dev/null +++ b/services/Gitea/supportingfiles/sealedsecret-gitea-actions-registration-token.yaml @@ -0,0 +1,15 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: gitea-actions-registration-token + namespace: gitea +spec: + encryptedData: + token: AgCfSO12i+bhMyaQo8esgDhnxc61L5VUGnT+L6q3rdfAco/pgKk6ZKS/p5+oTCu24VIGWnKq91IsvMxPTECfHmy6Z2ah8C8HNUCeOIupzz7QMSkGJuF3Gj0dB92bGQC34nGSmtl+Z0EXxfjZobaYmO2gZGHA2Y6FEf45bgb6wE3uxkv48RsWLDN0gW/FbQw837hcHxjx7Ivf5dpZu5Th3bTalKmEyoIlh7RCzsF8IV/I0V9ztJPeBpTRjUAYryVs8JgqrCW5DQQqAeSTRxccdb4Ldj22XsSOzKMXxsWbIOCqJ1arFZF+fhw3ITEnlDAn2N7Hl5keb/D9lleFcQe293f5+g/sfttVeR0G3a6lGrG0OzY2c5+1pH/Dlt+BfVWcdadV1HGqig+ZrAGQmz4XgUlcFhSuTBw+8pjyECsV+ueysi6DuPDiKh03ienc1dZY53yBo+e6QfV9Z0aIEsHheqasbIn1uh9StwqygTO/i7En3aJSBySuuHT3AMmBwKELsHyNQEgtIFocMjDJxOsxIj/3HYDdBzkEFoyx491hZSnV1ceJxN5BcgYMENJ6D/B5i+Srfyzk7AUD4fcuiyrV5ZWnnuHjOG57UlLXIUWBdeXdy2CS9+POltHuq5kGkku71UEJ/MLuZOHM+Iy/AASErsds9roZ1cBf2n4FpUXe+LwGb+RbvrLl1HETW2XnbsFMleiOx2wicvDsQ8CDSv9RVmxVE6TepHSrrDd2Aq+6PjCfkTpcUVhZYQ8s + template: + metadata: + creationTimestamp: null + name: gitea-actions-registration-token + namespace: gitea + type: Opaque diff --git a/services/Gitea/supportingfiles/values.yaml b/services/Gitea/supportingfiles/values.yaml deleted file mode 100644 index b609794..0000000 --- a/services/Gitea/supportingfiles/values.yaml +++ /dev/null @@ -1,41 +0,0 @@ -enabled: true - -statefulset: - actRunner: - repository: gitea/act_runner - tag: 0.2.12 - dind: - repository: docker - # tag: 25.0.2-dind - tag: 28.3.2-dind - - persistence: - size: 1Gi - -init: - image: - repository: busybox - tag: "1.37.0" - -provisioning: - enabled: false - - publish: - repository: bitnami/kubectl - # tag: 1.29.0 - tag: 1.33.3 - -existingSecret: "gitea-actions-registration-token" -existingSecretKey: "token" - -giteaRootURL: "https://code.spamasaurus.com" - -persistence: - create: false - claimName: csismb-gitea-act - storageClass: csismb-gitea-act - -image: - registry: "docker.gitea.com" - repository: gitea - tag: "1.24.2-rootless" diff --git a/services/Gitea/values.yaml b/services/Gitea/values.yaml index 5499b30..e02e6f2 100644 --- a/services/Gitea/values.yaml +++ b/services/Gitea/values.yaml @@ -44,6 +44,11 @@ postgresql-ha: enabled: false valkey: enabled: true + image: + repository: bitnamilegacy/valkey + global: + security: + allowInsecureImages: true primary: persistence: existingClaim: csismb-gitea-cache diff --git a/services/LdapWrapper/deployment-ldapwrapper.yaml b/services/LdapWrapper/deployment-ldapwrapper.yaml deleted file mode 100644 index 783c962..0000000 --- a/services/LdapWrapper/deployment-ldapwrapper.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: ldapwrapper - namespace: ldapwrapper - labels: - app: ldapwrapper -spec: - replicas: 1 - selector: - matchLabels: - app: ldapwrapper - template: - metadata: - labels: - app: ldapwrapper - spec: - containers: - - name: ldapwrapper - image: ahaen/azuread-ldap-wrapper:latest - env: - - name: GRAPH_IGNORE_MFA_ERRORS - value: 'true' - - name: LDAP_PORT - value: '389' - envFrom: - - secretRef: - name: ldapwrapper - ports: - - containerPort: 389 - name: ldap - volumeMounts: - - mountPath: /app/.cache - name: csismb-ldapwrapper-cache - volumes: - - name: csismb-ldapwrapper-cache - persistentVolumeClaim: - claimName: csismb-ldapwrapper-cache diff --git a/services/LdapWrapper/sealedsecret-ldapwrapper.yaml b/services/LdapWrapper/sealedsecret-ldapwrapper.yaml deleted file mode 100644 index 5ab3d49..0000000 --- a/services/LdapWrapper/sealedsecret-ldapwrapper.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: ldapwrapper - namespace: ldapwrapper -spec: - encryptedData: - AZURE_APP_ID: AgAiauqNLJ+JncVKWkTrnbHMXJnhO5Qb5NEOTTftQoSz9BEByAsHAM3XdU0HpgbrZgC2JBHVuzlPQ0AxvAowOMywXVsa51N/ck1KNt/KaANX1eJIRgVdhQtafJm+uoiePbTKHezvgHbQQE14fqw2hMa2zI7pdEJb9qeLh5nVGcNyFown0SAnTWYRmvZNyy8oDQZyBCs/g1IAZk+ok0QU/mrU4Jx7yDT7uFZnahQAxeBYO2/UXQxVVbGchba4B2IpNl9ae3eK/DYA7ZlSMpTvh27ELeatpB8A66hXutS3Srec4CLDI9ULbT87ua5ndQreRCzMTOcUEO+EPAB0u7Vvf+4TNJqBmixpLlt615ruLCX5DDIXksDgIu7x3KBVSqoKCl/8qcYfZM6QL8cIQIMS4AN3jmIhh4bQV1qAQIMq8IgcHwV2phQWv75eEGIAyvhoKqlmV9MmTbSkUVwiVSxClVXIdr6U32sU22v4h+NvjRRJoaZGGWNm1N9lEHio29HuvG+SRPCmzaUGk+oajz5EljX/QGvKHHYKHoeT2rgp3i0t+y2HSaS310o1zUfTF7KAyHWz+pzvOmgESimsPM9m3Wqw5BI6zd5wWAflaf1UvNr37413z1rrK83Qe0iMyqjpO8Hsko3suyWqQWM0ditwMIqIJ5Exs+KgfXDyCDgKuKH2AmBWQf0yT/gONvhT8SGPbGBXeto30avG4xQPg9QJy3/YV7TXJduxbhOwdwavj19xHOKfad8= - AZURE_APP_SECRET: AgATwUdeu7DQlQBa6CHe7B+FXjqUKosCAxhDr3fAxRONqJqPTWF8bv766V4G9ivcWWEL7nIpy+WrHduAnnpykHJTabZAkcXIzid7RcwmBdhVc4Ahj2VIYSSaxlAmHwbi4Xf0eEsH60CaqdGmLi/ZymxIHjfMhPxT3P3R1+pnIkVhnQcN55DcOeS6UTIC8dAZwkPqXdzU4Kobt28dpGNDTwLzeF/opQKj0aGGdK/vQb5VQXlId+iqhUUBZIIPeKI98QItEa4xj6lwbdAQbTxqBEYRZEvEfkNLt7owKUC/pmNIt6uSPtlJfC02bRG+JJRfO2nNqZ4sNYDh/aiWBR6ch8LELh1u2jYVsuP+wi6DvWE3KMCob1ZkqI1GkU8QqNjscsi8utnQsklymJMBAhastzyOEv2SOqLk6Uh9xRDKce8DNzAd/PdoMPObyXXAFO5zpHVjj5RlCcGrKgqirnJwm46HdSgoXFQ+k4mLOywoZd8pRV1Jz8VNL2Hclv50WkfSH+xNyV8P7fN8ITJA/kG5tgQDuNpeWWljc7DMYvlJ4LtnhU2Oo/iSTgfBW0ENRsvdGRXjXk+zGnl1KGYF1Rl2YaySdEPOB9VbeipR3CjDtJQzm1jd/Ro5ctL4Jol5yQM2cf1osG8FN+hQ7A4z3nfGx8meoUioWxccnOMyVNsanp3xRUL7ZzZSDbo2TtoFdIEvFlz22HjxsgWNptb2c3++QL9yF4DvBdzuLGG97HTDDnmJm2GMp+R5o8W5 - AZURE_TENANTID: AgCXRjcsgulYe8XFjCSCS7fSjGvtrU3rQT9dQf/ZPo6/iVZYiA3fF9uapa+WiiAsNWbMCPaNMWySkcKb+h8mh7O7r6Nd8inVJ1WNHE9QXE7kZnPgKtnBFVRfTewwAL2H3YrLEGwKOABO9L5fb0kzcnu+ryH7bmWHRl2Vn5Qb7ibKveeqNGe5shB6OiwbX1amnuUAhadA1lCZQutmbLjdY2w6G6zjm6YkF2jDlwDGsybv1Vtcbh+7P1joNtQ8BA4RywWP8BRYWg7/YnB4abGoff8adGteqeLHuQ0L2clP7kpf32qNt4fl1NmZDH75GKEtUQzIQG9SdjpDqUTzGi83e7seqLKz2v2phMvkkjDoNmTU/MLCQ8vzhjUEhNYRPU9R0lCbnY/erxuBAwS6m2qHQZMapKsfic1aD2Ui4CRXCZeExo9pkMYI/ObvSJmNDfuYNu0fi9KCYimoEoWXX+GEs+zBSsRGE4ibMRIWdm4Z3nyUPuLZNWa2/NJG3a/Xnqmyq5vKJE8GnO1EJ+XnbGzUY9fg1RVQ0g/TQWyBWmOXrjS2lIb/caz/xrGnIt+4xGVfmck7GHgjWcGd2lQKH67Nd8k0BVZZaN8GKZyYNHc8rkLxuIbNBwRd/O6YB0d5RrHe2346oazpuy4w01La4lGDoXQDkUOX0PE4EKNYWkr+qYgbow0yLBC1ET0fyqb+DCuOQioByyiu9qkPjIjkCSP1N/7nGRrbifHLhY4LjiMYeZpeKk+15wY= - LDAP_BINDUSER: AgBGcYK7LLNTqwBkWEcDf+E2Zroaqs0dp/aXO7wIZQQ7sIpEAy1/P093SF8650MYmiHP2W7phYylWW617U/pjuUzV7zzhZz02eAePWH+LucWIOxxuHVICQEjhWvGLFD7fk1zdLy/qktYI4EvJix3HPq4SHTtUmrZm9qL8cFz6JqAsiVP0Y2NvlsgDN0uPPS5zoiGt5ifFkCMXWS5JdYnEGyWD6bENPKLmmJhDjLxG1JkDMaYuRnGFLPX+d9mvCENp5myWAeW7VyIsU7ZrI0woItc06pCicbNa2qDabiuWIkRR5ZeC6xSU05Xinx4pNasWD1yYs6sw/PA0ghcs0t4vlPTL1Iru0w4albylSTi68jA4IaBwkJIfEcvBVEUykmf9fE8EsiorABUEGUXn8SrZvPiwKTtD1NtZ39avnvXAqqR3tzzvplpCNKOta9ziWmaH+3TuMU/HmdRHEdESJxqcIz+Xl1bmiunOr74eT2n5W4FVGL1DdpYZvJSWlLFzKbdkg/XbvLRSc6f7UVbZe5S7f8yK7B0rknEg6U1cyaE7DuYAraT4o8NK0FgDtm/pH/1lj5gTSR3X9uJbVmCbvhwUI1F4+62aBVx5BNM16IIJHYd750QkTLbanhpdfWhu7PXf9vvW6ySYNWWW5CZFzKd2DJKIDOWPj228OuOavBQBevTrZNH9cj2jnofZB+3cKEfFEKx+jm8XgSlUX4I8NR4pMY7bsW5ndvlWA== - LDAP_DOMAIN: AgCgcQjDhBiTAif8gY4ohMzsfI9muB7eUs7YTIS2Ma0jNW6sD+C16ytk9QcslxnO4BM8nXcJXYE/yv0STHjvIRkhMHcUsvlEIsCWI3x9VAwBp2mpMazObLF89s4O+3oumcWJm44bDc9hMHzydqnl3PXhx+hUE3fgq5zIpyqflAQD/9jUGMSXoeEV8ccopJNwsz613kUb7CPfzGV63cpfuby7J3OVXruTYkn8kXth+i5Q/R+7nMZW62vxMXNhkHUITlp96ZgPau8+2vwtYhxDU/EOvVwLqLEuktrHX12pGp8zQ7sRKMoCjp+IXUD2v0CgK+RgikTO9upfGYkdMFLpY1TDqnksJnUuGrrXhqsRU4ziP0sqPz0G2vK+tUFjiMlQDc71oEGEKICdKXoMwVhlk4lOY6xAYu/B06zJyTE20LQiiQvfNVQZz6YJhe/kjNMKml/9KrOcuzBB+fcCFXAJKHrS16Wa9DHPl4QVdtwLsrWTl9hhP30IVQMDdFASHhCBZEld2H0y0ZMXI5tT2XI2rFzQYr7lQIK4Za2IdDlI1vjjqye1vKZ5/AeYunGGEciGjFRPCqhD3VvlWRRsoJxY5NAyVJdp+bIpjAKRrso4qJwtNc3NcMAKlKS/fNlS1k8w7R1K6yMqKwkrqNKoCXD5LfHPCDGTb/vVUaEB68+lCKXTlZsAQriOOB+AbAbtrYXpYlbcw0tMBkcr77qm - template: - data: null - metadata: - creationTimestamp: null - labels: - app: ldapwrapper - name: ldapwrapper - namespace: ldapwrapper - type: Opaque diff --git a/services/LdapWrapper/sealedsecret-smb-credentials.yaml b/services/LdapWrapper/sealedsecret-smb-credentials.yaml deleted file mode 100644 index 9be5438..0000000 --- a/services/LdapWrapper/sealedsecret-smb-credentials.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: smb-credentials - namespace: ldapwrapper -spec: - encryptedData: - password: AgBc2k0pHG/YT8gHBugDzpAreGsVlDLQJeQnGEn6lzk97Gv1F2RSBy5pASx6WgMX1P/OU4+MPD1QkAIHRQowUTXH2/YDsEKUO/8n93kXnWRr3LOc0hjKGeHCUWdyzre8fU07g4+6dcKopNRGY53nCBNTSQG0DOQOiyCzkEgGDQYLFLk6cnN0B2n2sYRgkNJQCRXUbjKIWaNc8xbmzMrWb+qCBarP75J0c42249K0cpVS/u8txpmWOOtPfngIRh6wV+r5/3W7CwXuNBSUHa+Sm18j/guvIIloN2m5nHY/jXFopekIr02lHv4ANO24EZ1N4V4Uo9TvVV/agNGAU9nK0a0ebZ8W4wjvhiKwMiBOHWp55E3+oA8mP4C9ZC1hkhgbyBi9rK/9ZhVvoB+Q1rl+FD8bdbMcuTYDU9lt799MOThpbR1ti9gj3hO4Yz/GACN7rCJhpb+MIQywrdpRlO2eME1ssVKSmedEAVp/efLfNgfNhlLDl0rZ/I4vwwiQ5JBNsrNwKIoIhneC98ouRJdrZUWFWU0p95dbActr3qmAZQNJbfJ+UktPWSWxd+HW7LqvmYB1A0BT628GLBM5SvXWx0+ye7MLS/t8hJM/cqtOtdwdzoTZZfZv2dCnDQ0WtsZfXAdnigitA7UES3TzapIgdim3d6ujvnOY0OfJcKKSsKh7GQw451dKWUzTWafkciWoaWRBZnTmEgt6zz0Be0hQCfJm - username: AgAMIlu1M5O+fL3DJvdgSHkLpp8QDYXada4cFGTOGREY/1VonKhnmCDvgchsDzZY4DFiXn/nRxljlc8PalZsDmZ+6CZCmnJpMVSehrDw0gUigLgf0fFccJ8Sqk/kb3RTfZUYu906xUVHCQg7XeVaNyOaVZVfxB/SpPV33Y41nt4rjlwwIs+haQA1HoJLekANsR8YTDJABa/PFj/+oX2WS3OHXJvRtCeSSmPR3WJWJXQYQQewakMNqOuGTRjXSvHw95XJPnyYJiwHL8b+fdZRKxPpJwhRvKNmj+reosJkKeaq/M6cERLixJo8RpFATNAnv8BcKMbslMRQB+cn5HlfX5afMS8E1k/nPHa/3uSjNCuFoc1w4t9FjNMjfQrvDMxTIaJ78py0eZHznBO9uGdr1gDwZHzgcLJSFKL2aH8AdGTivRk7qKegCcWvFxtujGUWyXNnCV/6S1n9V4gvk62tnxNMbC5alCo8cAehJfJMyQrozyWH3mtnn7a61brPh+LVMeSne6dl6RRctQY7ZG0ypH7r1UxQczvkwuafVFvY+EfuKRM95SV41wo8Nyunb1MpXte77QLFpBnDxs/td14/i8QDJMjHIw0dItmtEbvPOaLMiyIk6kIGYRksyVwAQOHdEJISUJPnF8wcCeC3gpbXukSpgmQFQeyGsMgiRPlKYGFRq1nk8gIDMtUn5k1cZsMPX9G43vBGU4M= - template: - metadata: - creationTimestamp: null - name: smb-credentials - namespace: ldapwrapper - type: Opaque diff --git a/services/LdapWrapper/service-ldapwrapper.yaml b/services/LdapWrapper/service-ldapwrapper.yaml deleted file mode 100644 index 28ded45..0000000 --- a/services/LdapWrapper/service-ldapwrapper.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: ldapwrapper - namespace: ldapwrapper -spec: - ports: - - protocol: TCP - name: ldap - port: 389 - selector: - app: ldapwrapper diff --git a/services/Lighttpd/ingressroute-lighttpd.yaml b/services/Lighttpd/ingressroute-lighttpd.yaml index 615c6f0..272d2c1 100644 --- a/services/Lighttpd/ingressroute-lighttpd.yaml +++ b/services/Lighttpd/ingressroute-lighttpd.yaml @@ -7,7 +7,7 @@ spec: entryPoints: - websecure routes: - - match: Host(`bessems.com`) || Host(`bessems.eu`) || Host(`gabaldon.eu`) || Host(`gabaldon.nl`) || Host(`sn.itch.fyi`) || Host(`spamasaurus.com`) + - match: Host(`bessems.com`) || Host(`bessems.eu`) || Host(`gabaldon.eu`) || Host(`gabaldon.nl`) || Host(`spamasaurus.com`) kind: Rule services: - name: lighttpd diff --git a/services/Memos/deployment-memos.yaml b/services/Memos/deployment-memos.yaml index b73321f..16e61c6 100644 --- a/services/Memos/deployment-memos.yaml +++ b/services/Memos/deployment-memos.yaml @@ -17,7 +17,7 @@ spec: spec: containers: - name: app - image: neosmemo/memos:0.25 + image: neosmemo/memos:0.26 imagePullPolicy: Always env: - name: MEMOS_PORT diff --git a/services/Argus/_namespace-argus.yml b/services/PVR/Bazarr/_namespace-bazarr.yaml similarity index 73% rename from services/Argus/_namespace-argus.yml rename to services/PVR/Bazarr/_namespace-bazarr.yaml index e7733f3..eb18a3a 100644 --- a/services/Argus/_namespace-argus.yml +++ b/services/PVR/Bazarr/_namespace-bazarr.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: Namespace metadata: - name: argus + name: bazarr diff --git a/services/Argus/application-argus.yaml b/services/PVR/Bazarr/application-bazarr.yaml similarity index 84% rename from services/Argus/application-argus.yaml rename to services/PVR/Bazarr/application-bazarr.yaml index 5253801..3755d66 100644 --- a/services/Argus/application-argus.yaml +++ b/services/PVR/Bazarr/application-bazarr.yaml @@ -1,11 +1,11 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: argus + name: bazarr namespace: argo-cd spec: destination: - namespace: argus + namespace: bazarr server: https://kubernetes.default.svc project: default syncPolicy: @@ -14,5 +14,5 @@ spec: - CreateNamespace=true sources: - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog - path: services/Argus + path: services/PVR/Bazarr targetRevision: HEAD diff --git a/services/PVR/Bazarr/deployment-bazarr.yaml b/services/PVR/Bazarr/deployment-bazarr.yaml new file mode 100644 index 0000000..2c07b62 --- /dev/null +++ b/services/PVR/Bazarr/deployment-bazarr.yaml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: bazarr + namespace: bazarr + labels: + app: bazarr +spec: + replicas: 1 + selector: + matchLabels: + app: bazarr + strategy: + type: Recreate + template: + metadata: + labels: + app: bazarr + spec: + containers: + - name: bazarr + image: linuxserver/bazarr:latest + imagePullPolicy: Always + ports: + - name: web + containerPort: 6767 + volumeMounts: + - mountPath: /config + name: csismb-bazarr-config + - mountPath: /movies + name: csismb-bazarr-movies + - mountPath: /tv + name: csismb-bazarr-series + volumes: + - name: csismb-bazarr-config + persistentVolumeClaim: + claimName: csismb-bazarr-config + - name: csismb-bazarr-movies + persistentVolumeClaim: + claimName: csismb-bazarr-movies + - name: csismb-bazarr-series + persistentVolumeClaim: + claimName: csismb-bazarr-series diff --git a/services/PVR/Bazarr/ingressroute-bazarr.yaml b/services/PVR/Bazarr/ingressroute-bazarr.yaml new file mode 100644 index 0000000..890f211 --- /dev/null +++ b/services/PVR/Bazarr/ingressroute-bazarr.yaml @@ -0,0 +1,18 @@ +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: bazarr + namespace: bazarr +spec: + entryPoints: + - websecure + routes: + - match: Host(`captions.pvr.spamasaurus.com`) + kind: Rule + services: + - name: bazarr + port: 6767 + middlewares: + - name: 2fa-authentication@file + - name: security-headers@file + # - name: compression@file diff --git a/services/Argus/persistentvolume-csismb-argus-config.yaml b/services/PVR/Bazarr/persistentvolume-csismb-bazarr-config.yaml similarity index 77% rename from services/Argus/persistentvolume-csismb-argus-config.yaml rename to services/PVR/Bazarr/persistentvolume-csismb-bazarr-config.yaml index 0297abd..5ac974e 100644 --- a/services/Argus/persistentvolume-csismb-argus-config.yaml +++ b/services/PVR/Bazarr/persistentvolume-csismb-bazarr-config.yaml @@ -3,17 +3,19 @@ kind: PersistentVolume metadata: annotations: pv.kubernetes.io/provisioned-by: smb.csi.k8s.io - name: csismb-argus-config + name: csismb-bazarr-config spec: capacity: storage: 1Gi accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain - storageClassName: csismb-argus-config + storageClassName: csismb-bazarr-config mountOptions: - dir_mode=0777 - file_mode=0777 + - uid=911 + - gid=911 - nobrl - cache=strict - mfsymlinks @@ -22,10 +24,10 @@ spec: driver: smb.csi.k8s.io # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name} # make sure this value is unique for every share in the cluster - volumeHandle: 192.168.154.195#argus#config + volumeHandle: 192.168.154.195#bazarr#config volumeAttributes: source: //192.168.154.195/K3s.Volumes - subDir: argus/config + subDir: bazarr/config nodeStageSecretRef: name: smb-credentials - namespace: argus + namespace: bazarr diff --git a/services/PVR/Bazarr/persistentvolume-csismb-jellyfin-movies.yaml b/services/PVR/Bazarr/persistentvolume-csismb-jellyfin-movies.yaml new file mode 100644 index 0000000..027b679 --- /dev/null +++ b/services/PVR/Bazarr/persistentvolume-csismb-jellyfin-movies.yaml @@ -0,0 +1,33 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + annotations: + pv.kubernetes.io/provisioned-by: smb.csi.k8s.io + name: csismb-bazarr-movies +spec: + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + persistentVolumeReclaimPolicy: Retain + storageClassName: csismb-bazarr-movies + mountOptions: + - dir_mode=0777 + - file_mode=0777 + - uid=911 + - gid=911 +# - nobrl + - cache=strict + - mfsymlinks + - noserverino # required to prevent data corruption + csi: + driver: smb.csi.k8s.io + # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name} + # make sure this value is unique for every share in the cluster + volumeHandle: 192.168.154.195#bazarr#movies + volumeAttributes: + source: //192.168.154.195/Public + subDir: Video's/Films + nodeStageSecretRef: + name: smb-credentials + namespace: bazarr diff --git a/services/PVR/Bazarr/persistentvolume-csismb-jellyfin-series.yaml b/services/PVR/Bazarr/persistentvolume-csismb-jellyfin-series.yaml new file mode 100644 index 0000000..7b8f196 --- /dev/null +++ b/services/PVR/Bazarr/persistentvolume-csismb-jellyfin-series.yaml @@ -0,0 +1,33 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + annotations: + pv.kubernetes.io/provisioned-by: smb.csi.k8s.io + name: csismb-bazarr-series +spec: + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + persistentVolumeReclaimPolicy: Retain + storageClassName: csismb-bazarr-series + mountOptions: + - dir_mode=0777 + - file_mode=0777 + - uid=911 + - gid=911 +# - nobrl + - cache=strict + - mfsymlinks + - noserverino # required to prevent data corruption + csi: + driver: smb.csi.k8s.io + # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name} + # make sure this value is unique for every share in the cluster + volumeHandle: 192.168.154.195#bazarr#series + volumeAttributes: + source: //192.168.154.195/Public + subDir: Video's/Series + nodeStageSecretRef: + name: smb-credentials + namespace: bazarr diff --git a/services/Argus/persistentvolumeclaim-csismb-argus-config.yaml b/services/PVR/Bazarr/persistentvolumeclaim-csismb-bazarr-config.yaml similarity index 60% rename from services/Argus/persistentvolumeclaim-csismb-argus-config.yaml rename to services/PVR/Bazarr/persistentvolumeclaim-csismb-bazarr-config.yaml index c58a4e5..e40cecb 100644 --- a/services/Argus/persistentvolumeclaim-csismb-argus-config.yaml +++ b/services/PVR/Bazarr/persistentvolumeclaim-csismb-bazarr-config.yaml @@ -1,12 +1,12 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: csismb-argus-config - namespace: argus + name: csismb-bazarr-config + namespace: bazarr spec: accessModes: - ReadWriteMany - storageClassName: csismb-argus-config + storageClassName: csismb-bazarr-config resources: requests: storage: 1Gi diff --git a/services/LdapWrapper/persistentvolumeclaim-csismb-ldapwrapper-cache.yaml b/services/PVR/Bazarr/persistentvolumeclaim-csismb-jellyfin-movies.yaml similarity index 57% rename from services/LdapWrapper/persistentvolumeclaim-csismb-ldapwrapper-cache.yaml rename to services/PVR/Bazarr/persistentvolumeclaim-csismb-jellyfin-movies.yaml index ab4d8cb..ca993ce 100644 --- a/services/LdapWrapper/persistentvolumeclaim-csismb-ldapwrapper-cache.yaml +++ b/services/PVR/Bazarr/persistentvolumeclaim-csismb-jellyfin-movies.yaml @@ -1,12 +1,12 @@ -apiVersion: v1 kind: PersistentVolumeClaim +apiVersion: v1 metadata: - name: csismb-ldapwrapper-cache - namespace: ldapwrapper + name: csismb-bazarr-movies + namespace: bazarr spec: accessModes: - ReadWriteMany - storageClassName: csismb-ldapwrapper-cache resources: requests: storage: 1Gi + storageClassName: csismb-bazarr-movies diff --git a/services/PVR/Bazarr/persistentvolumeclaim-csismb-jellyfin-series.yaml b/services/PVR/Bazarr/persistentvolumeclaim-csismb-jellyfin-series.yaml new file mode 100644 index 0000000..80c691a --- /dev/null +++ b/services/PVR/Bazarr/persistentvolumeclaim-csismb-jellyfin-series.yaml @@ -0,0 +1,12 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: csismb-bazarr-series + namespace: bazarr +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi + storageClassName: csismb-bazarr-series diff --git a/services/PVR/Bazarr/sealedsecret-smb-credentials.yaml b/services/PVR/Bazarr/sealedsecret-smb-credentials.yaml new file mode 100644 index 0000000..7a81d92 --- /dev/null +++ b/services/PVR/Bazarr/sealedsecret-smb-credentials.yaml @@ -0,0 +1,14 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: smb-credentials + namespace: bazarr +spec: + encryptedData: + password: AgBOHNOsO7vRPeVmYSWmC3rozbFWozrt5zVbQnktnJfpiaHDKc42jDpd/Ug4EB8OVCOqM7AG6bMmeUz0TwWwaktap1epnBsa/6LZU1X7EATIlZ3B9pheHxETMCPBuCF853pr7vsASYW38jgY0jrlzAHuoak/P9DO+0YSPIaWV4a4lJHl7ZduER6RU++zjap1hTQKVaVDd5EJysS9hbh8Tiyx/jXQnkQnxrwpl9ZYaYVSuQcJIDUe2NBzsWMq3f53S2q4AEli6B0L5PVcQnSelzRVxhQ3zvNTpT2dJiCAtrAu1sVqcNknU4UKFEeyAdUDflSE3RH/Hwg1TxQz4cks0+oT6SGa1964U8fF0/zPHILGUt3eOhVFmBU5itI3Fe8J+Zk/DpMlRg0JoEbx0Pylq1JlBls31KTHoHtJVEF9LPB/Eqevvwx8ERe7RhJFYnlu0pQdZMhlU0y5sasiUby4AHNc+99qa/qFQoWCnr1y85Q7RAfPTY0ONWI7cW6soxtJo3kYYP8WARr9eGkXhd4KIcXJOF3Yvjg1FjEMd6k+4hHoWKlcmjjptu693CVBV8zGuxZHOBagbaf5ODs8e/IIJRsPhbJ4hVlkpavk00MbDoW5L/WHGtYoRx5JRCmXeT5qeNpJL26bL3RpdC6nY4Glh5PB97JxpDkhNCfinBrCH2urjBwYAz+o8BiPa5XjnY+Rq7EnoPIpADVVdzE+vyUL8Msm + username: AgC7jXwLqgbL3thXUymbF8mdPwnzmXZUvPQ0erAY0/NaZassMOnvlbTwpX0HbOSWVdJNGpzDlBPgjZ3Ayl1oOEVbQs8+I96T+klJgfJ2aMQMSfjpBzV2HXTuENfYLyDgzvX78a2jf/h54tQtU/zXuqvYpuXYBNIuishZxvK/JtkT82KQ3u4xA3DlvaWlu5RqnLQCaDXDnKPiyDdxRKgu97RcCpN3ONhPsTCmr5YfePmyL+w7Aq2WOPIQshUpkg9joQELdo8TPdxPOPvj72XGBzGjtq3I0dNPFn6iLQre60eKB7MqLsAWkf7lIkdgww+JqqCqf/AWeK2QUNH/oK+Y4rtqOV2rVb75Z+/MLD2VGwTo5UhOy9LOLEOXTlBIz/awNj4Z+TRmzZgkFOm62FVt5c+JwwjPg9vaS5+7pIeihkLO+KLziFyAMx67ASqrhqmMb6EZZ22yyuPsqwCxvUXHQ5khfgFxjg1s4n56Lsb/WIkCvQFi2B7jNLYWaNIfUDNySyHZdg5C249nsWRiCm+pjUFBiYWkCxVMvNAG1MCEzXnrD0aPPSyY8JRRTtRMUo8ykK+TiKn8b/ocrFu6lo2g4GiuNtLBUTdBhwQmHeMLZ3STofI5I2+eP4XGkWrdEjq6+L5NV5NmG+0CwyIAziNgumJVkbYBN93v1c1QQFpbt5Y8VtINvl++TU0uetC/wOpbz7GSGTpu2EQ= + template: + metadata: + name: smb-credentials + namespace: bazarr + type: Opaque diff --git a/services/Argus/service-argus.yml b/services/PVR/Bazarr/service-bazarr.yaml similarity index 60% rename from services/Argus/service-argus.yml rename to services/PVR/Bazarr/service-bazarr.yaml index c02fec3..ec023ef 100644 --- a/services/Argus/service-argus.yml +++ b/services/PVR/Bazarr/service-bazarr.yaml @@ -1,12 +1,12 @@ apiVersion: v1 kind: Service metadata: - name: argus - namespace: argus + name: bazarr + namespace: bazarr spec: ports: - protocol: TCP name: web - port: 8080 + port: 6767 selector: - app: argus + app: bazarr diff --git a/services/PVR/Jellyfin/application-jellyfin.yaml b/services/PVR/Jellyfin/application-jellyfin.yaml index 01e0ebb..cbca500 100644 --- a/services/PVR/Jellyfin/application-jellyfin.yaml +++ b/services/PVR/Jellyfin/application-jellyfin.yaml @@ -13,12 +13,15 @@ spec: syncOptions: - CreateNamespace=true sources: + - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog + path: services/PVR/Jellyfin + targetRevision: HEAD - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog path: services/PVR/Jellyfin/manifests targetRevision: HEAD - repoURL: https://jellyfin.github.io/jellyfin-helm chart: jellyfin - targetRevision: 2.3.0 + targetRevision: 2.7.0 helm: valueFiles: - $values/services/PVR/Jellyfin/values.yaml diff --git a/services/PVR/Jellyfin/values.yaml b/services/PVR/Jellyfin/values.yaml index 1b22bf4..c6f86a5 100644 --- a/services/PVR/Jellyfin/values.yaml +++ b/services/PVR/Jellyfin/values.yaml @@ -1,3 +1,6 @@ +deploymentStrategy: + type: Recreate + ingress: enabled: true className: traefik diff --git a/services/PVR/Jellyseerr/application-jellyseerr.yaml b/services/PVR/Jellyseerr/application-jellyseerr.yaml index fa89b2f..90056e8 100644 --- a/services/PVR/Jellyseerr/application-jellyseerr.yaml +++ b/services/PVR/Jellyseerr/application-jellyseerr.yaml @@ -18,7 +18,7 @@ spec: targetRevision: HEAD - repoURL: ghcr.io/fallenbagel/jellyseerr chart: jellyseerr-chart - targetRevision: 2.4.0 + targetRevision: 2.7.0 helm: valueFiles: - $values/services/PVR/Jellyseerr/values.yaml diff --git a/services/LdapWrapper/_namespace-ldapwrapper.yaml b/services/PVR/Wizarr/_namespace-wizarr.yaml similarity index 67% rename from services/LdapWrapper/_namespace-ldapwrapper.yaml rename to services/PVR/Wizarr/_namespace-wizarr.yaml index c4e889f..e1a9c76 100644 --- a/services/LdapWrapper/_namespace-ldapwrapper.yaml +++ b/services/PVR/Wizarr/_namespace-wizarr.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: Namespace metadata: - name: ldapwrapper + name: wizarr diff --git a/services/LdapWrapper/application-ldapwrapper.yaml b/services/PVR/Wizarr/application-wizarr.yaml similarity index 82% rename from services/LdapWrapper/application-ldapwrapper.yaml rename to services/PVR/Wizarr/application-wizarr.yaml index 9677c93..41f8666 100644 --- a/services/LdapWrapper/application-ldapwrapper.yaml +++ b/services/PVR/Wizarr/application-wizarr.yaml @@ -1,12 +1,12 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: ldapwrapper + name: wizarr namespace: argo-cd spec: destination: + namespace: wizarr server: https://kubernetes.default.svc - namespace: ldapwrapper project: default syncPolicy: automated: {} @@ -14,5 +14,5 @@ spec: - CreateNamespace=true sources: - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog - path: services/LdapWrapper + path: services/PVR/Wizarr targetRevision: HEAD diff --git a/services/PVR/Wizarr/deployment-wizarr.yaml b/services/PVR/Wizarr/deployment-wizarr.yaml new file mode 100644 index 0000000..0b26c9d --- /dev/null +++ b/services/PVR/Wizarr/deployment-wizarr.yaml @@ -0,0 +1,40 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: wizarr + namespace: wizarr + labels: + app: wizarr +spec: + replicas: 1 + selector: + matchLabels: + app: wizarr + template: + metadata: + labels: + app: wizarr + spec: + containers: + - name: wizarr + image: ghcr.io/wizarrrr/wizarr:latest + imagePullPolicy: Always + env: + - name: PUID + value: '1000' + - name: PGID + value: '1000' + - name: DISABLE_BUILTIN_AUTH + value: 'false' + - name: TZ + value: Australia/Melbourne + ports: + - name: web + containerPort: 5690 + volumeMounts: + - mountPath: /data + name: csismb-wizarr-data + volumes: + - name: csismb-wizarr-data + persistentVolumeClaim: + claimName: csismb-wizarr-data diff --git a/services/Argus/ingressroute-argus.yml b/services/PVR/Wizarr/ingressroute-wizarr.yaml similarity index 68% rename from services/Argus/ingressroute-argus.yml rename to services/PVR/Wizarr/ingressroute-wizarr.yaml index 91bd9b9..d56755f 100644 --- a/services/Argus/ingressroute-argus.yml +++ b/services/PVR/Wizarr/ingressroute-wizarr.yaml @@ -1,17 +1,17 @@ apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: - name: argus - namespace: argus + name: wizarr + namespace: wizarr spec: entryPoints: - websecure routes: - - match: Host(`release.spamasaurus.com`) + - match: Host(`account.pvr.spamasaurus.com`) kind: Rule services: - - name: argus - port: 8080 + - name: wizarr + port: 5690 middlewares: - name: 2fa-authentication@file - name: security-headers@file diff --git a/services/Argus/persistentvolume-csismb-argus-data.yaml b/services/PVR/Wizarr/persistentvolume-csismb-wizarr-data.yaml similarity index 76% rename from services/Argus/persistentvolume-csismb-argus-data.yaml rename to services/PVR/Wizarr/persistentvolume-csismb-wizarr-data.yaml index 600b453..b475076 100644 --- a/services/Argus/persistentvolume-csismb-argus-data.yaml +++ b/services/PVR/Wizarr/persistentvolume-csismb-wizarr-data.yaml @@ -3,29 +3,32 @@ kind: PersistentVolume metadata: annotations: pv.kubernetes.io/provisioned-by: smb.csi.k8s.io - name: csismb-argus-data + name: csismb-wizarr-data spec: capacity: storage: 1Gi accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain - storageClassName: csismb-argus-data + storageClassName: csismb-wizarr-data mountOptions: - dir_mode=0777 - file_mode=0777 + - uid=1000 + - gid=1000 - nobrl - cache=strict + - iocharset=utf8 - mfsymlinks - noserverino # required to prevent data corruption csi: driver: smb.csi.k8s.io # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name} # make sure this value is unique for every share in the cluster - volumeHandle: 192.168.154.195#argus#data + volumeHandle: 192.168.154.195#wizarr#data volumeAttributes: source: //192.168.154.195/K3s.Volumes - subDir: argus/data + subDir: wizarr/data nodeStageSecretRef: name: smb-credentials - namespace: argus + namespace: wizarr diff --git a/services/Argus/persistentvolumeclaim-csismb-argus-data.yaml b/services/PVR/Wizarr/persistentvolumeclaim-csismb-wizarr-data.yaml similarity index 61% rename from services/Argus/persistentvolumeclaim-csismb-argus-data.yaml rename to services/PVR/Wizarr/persistentvolumeclaim-csismb-wizarr-data.yaml index 46328d8..ef0b6ff 100644 --- a/services/Argus/persistentvolumeclaim-csismb-argus-data.yaml +++ b/services/PVR/Wizarr/persistentvolumeclaim-csismb-wizarr-data.yaml @@ -1,12 +1,12 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: csismb-argus-data - namespace: argus + name: csismb-wizarr-data + namespace: wizarr spec: accessModes: - ReadWriteMany - storageClassName: csismb-argus-data + storageClassName: csismb-wizarr-data resources: requests: storage: 1Gi diff --git a/services/PVR/Wizarr/sealedsecret-smb-credentials.yaml b/services/PVR/Wizarr/sealedsecret-smb-credentials.yaml new file mode 100644 index 0000000..448ef2f --- /dev/null +++ b/services/PVR/Wizarr/sealedsecret-smb-credentials.yaml @@ -0,0 +1,14 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: smb-credentials + namespace: wizarr +spec: + encryptedData: + password: AgAFPVyGCmZtPcMq5/BUWuAHWBBTXTRbMfS0iFTKCZiuKz0GmuKjjQ6XHfpMo3LvSs2TJD0Dzh/SjwqhnW4VA/xwH5BeBEn8hB5LS3FTN41MoJeH6PxY+be3FqMVLFkfZi7ae37D49qQkSb09FVd5cK/iy18ikDRR+sbr2snX0qZqrN4nYbvAJKfLeyUjbflXuS1XeQAv2vtZvNlgSRfpVph/DFGiPnwMVxkjLMWxIQnpX6SJy+xG6jWWMiAELH/Ro9vUEpYVO56foqemcU8NssHdvO8pfZ6nqFuXvHopM4MZYr6rH8b0XA7tK9crR334De7JpgwdLc7hQmuc2cn2IE/OsfPWnqJ8oQvR8ndZrX66IBBWOQM2RTzpyz7ZT3s8Ryc5Wew0NAeeusCm3V6M4NUAKZLCNO6rgKFzpGY6mNDTCKHNzj31GffxNF+U5KCXJuOL5E+vJaaWUi3tV9rO8WeKjrA2dPOPu8pMBFY//qYVcPYzVZ3m3oavQsJTSJZ7YCcYAUiL+UYNzeMZxTsU7dxqm864YOalc15453M35jespDioYTYtmSoQuQYQ3uyW3mLFF0lwspdCXhuulJQvqZ6AVfNkP55cHpYVpkRnlY6ESHI2fbBtWBLRrRlgRF2m8Hsa2ZGI+YmfSVYhKG1BotN4XpLlfLbNSeqlMMzR3SIK7n5zlZKJDZl/czr4w+lzJkXPXyhpZHYfGlPTCsXOW2E + username: AgApQgyeFk1Ebce3P86Ih3aAXwiwmJ8Jtkwd4reHW45l59X8OosDCdZnhoMxKebciG17Caa7MLWF5A7MFNzahlqnyMCj3xdoC+w8fqLDQUO8vhV1xikAfuVxLMqpj+BHg4gl2N+vuwz+EGnUrN+upC6AmJAC1KSY3Y1V+i6l6wegXv2FGzVYS9p48bROr8LJEEvpzaw99mA4DXPLO5rp9Dh90c70GN5wOq1AHC4oEQzeQJERxQ+M8xS1jGFOn0XDHvw5d1eIfOoN1lAyntowDfHzNZJ8gumS3xDr0sL2ISVkozvAGkabUBq2gMP1U0TlwQIPOfGJdUTYFujAZAItwT7YkLx2hiS3gITgiFuO3muB4U2xw+1Jimj4RH9kMdYDSXEnee2yCh4oZAiIYazXcwUv7R2d83QH2Nl6ORwHnkGsQRMe27q9CHszgLYM1tA2pUDtJfnengDLs4CCNUj1wCP40mThqFIJ9XF1FlkF3ulBleMBbLzFx+4UJJJXbVS2IRTufmLzAOk6ejf3WySP1/Cu5ik0/+2/5D7Ct/uraz+269YfbE8gz9wWMD4kU/EjoTAkfGZ8xuRso8hxKVOh4bXsgCCi0HT3MUJfE82crkKQxCIBzTPOYjreveZzL1TBtb9BQTaa7Cj8S2wNgrhGG9zAavpOMOGg4VtBuCBa9J6Vgw1EzS3vT/MjLMlo9JQGp8smH1kqNos= + template: + metadata: + name: smb-credentials + namespace: wizarr + type: Opaque diff --git a/services/PVR/Wizarr/service-wizarr.yaml b/services/PVR/Wizarr/service-wizarr.yaml new file mode 100644 index 0000000..25b6cf2 --- /dev/null +++ b/services/PVR/Wizarr/service-wizarr.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: wizarr + namespace: wizarr +spec: + ports: + - protocol: TCP + name: web + port: 5690 + selector: + app: wizarr diff --git a/services/PVR/cronjob-RolloutRestart.yml b/services/PVR/cronjob-RolloutRestart.yml deleted file mode 100644 index ea50910..0000000 --- a/services/PVR/cronjob-RolloutRestart.yml +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kubectl-rolloutrestart - namespace: pvr ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kubectl-rolloutrestart - namespace: pvr -rules: - - apiGroups: ["apps", "extensions"] - resources: ["deployments", "statefulsets"] - verbs: ["get", "list", "patch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: kubectl-rolloutrestart-pvr - namespace: pvr -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kubectl-rolloutrestart -subjects: - - kind: ServiceAccount - name: kubectl-rolloutrestart - namespace: pvr ---- -apiVersion: batch/v1 -kind: CronJob -metadata: - name: kubectl-rolloutrestart - namespace: pvr -spec: - concurrencyPolicy: Forbid - failedJobsHistoryLimit: 1 - successfulJobsHistoryLimit: 1 - schedule: '30 2 * * *' - jobTemplate: - spec: - backoffLimit: 2 - activeDeadlineSeconds: 600 - template: - spec: - serviceAccountName: kubectl-rolloutrestart - restartPolicy: Never - containers: - - name: kubectl - image: bitnami/kubectl - command: - - '/bin/bash' - - '-c' - args: - - for workload in `kubectl get deployments -n pvr --no-headers | cut -d " " -f 1`; do kubectl rollout restart deployment -n pvr $workload; done; - for workload in `kubectl get statefulsets -n pvr --no-headers | cut -d " " -f 1`; do kubectl rollout restart statefulsets -n pvr $workload; done; diff --git a/services/Vaultwarden/deployment-vaultwarden.yaml b/services/Vaultwarden/deployment-vaultwarden.yaml index d2c042b..45d0960 100644 --- a/services/Vaultwarden/deployment-vaultwarden.yaml +++ b/services/Vaultwarden/deployment-vaultwarden.yaml @@ -18,7 +18,8 @@ spec: serviceAccountName: vaultwarden containers: - name: vaultwarden - image: vaultwarden/server:1.33.2 + # image: vaultwarden/server:1.34.3 + image: vaultwarden/server:1.35.2 env: - name: ENABLE_DB_WAL value: "false" diff --git a/storage/csi-driver-smb/application-csi-driver-smb.yaml b/storage/csi-driver-smb/application-csi-driver-smb.yaml index 9603e1e..ff5eb20 100644 --- a/storage/csi-driver-smb/application-csi-driver-smb.yaml +++ b/storage/csi-driver-smb/application-csi-driver-smb.yaml @@ -13,10 +13,11 @@ spec: sources: - repoURL: https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts chart: csi-driver-smb - targetRevision: v1.18.0 + targetRevision: 1.20.0 helm: valueFiles: - $values/storage/csi-driver-smb/values.yaml - - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog +# - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog + - repoURL: https://github.com/djpbessems/Kubernetes.K3s.installLog targetRevision: master ref: values diff --git a/system/ArgoCD/application-argo-cd.yaml b/system/ArgoCD/application-argo-cd.yaml index 658332d..84c57ca 100644 --- a/system/ArgoCD/application-argo-cd.yaml +++ b/system/ArgoCD/application-argo-cd.yaml @@ -9,9 +9,12 @@ spec: namespace: argo-cd project: default sources: + - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog + path: system/ArgoCD + targetRevision: HEAD - repoURL: https://argoproj.github.io/argo-helm chart: argo-cd - targetRevision: 8.1.2 + targetRevision: 9.3.7 helm: valueFiles: - $values/system/ArgoCD/values.yaml diff --git a/system/SealedSecrets/application-sealed-secrets-controller.yaml b/system/SealedSecrets/application-sealed-secrets-controller.yaml index 1dc3e3a..e99ae04 100644 --- a/system/SealedSecrets/application-sealed-secrets-controller.yaml +++ b/system/SealedSecrets/application-sealed-secrets-controller.yaml @@ -13,10 +13,11 @@ spec: sources: - repoURL: https://bitnami-labs.github.io/sealed-secrets chart: sealed-secrets - targetRevision: 2.17.4 + targetRevision: 2.17.7 helm: valueFiles: - $values/system/SealedSecrets/values.yaml - - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog +# - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog + - repoURL: https://github.com/djpbessems/Kubernetes.K3s.installLog targetRevision: master ref: values