media namespace

2026-02-04 13:09:53 +00:00 · 2023-12-14 13:39:17 -05:00
parent ef7dcebc86
commit 20e9740f9e
15 changed files with 52 additions and 23 deletions
--- a/media/prowlarr/deployment.yaml
+++ b/media/prowlarr/deployment.yaml
@@ -0,0 +1,30 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: prowlarr
+  namespace: media
+spec:
+  selector:
+    matchLabels:
+      app: prowlarr
+  template:
+    metadata:
+      labels:
+        app: prowlarr
+    spec:
+      containers:
+      - name: prowlarr
+        image: lscr.io/linuxserver/prowlarr:latest
+        ports:
+        - containerPort: 9696
+          name: http
+          protocol: TCP
+        volumeMounts:
+        - name: config
+          mountPath: /config
+      volumes:
+      - name: config
+        persistentVolumeClaim: 
+          claimName: prowlarr-config
+            
+          
--- a/media/prowlarr/dns-endpoint.yaml
+++ b/media/prowlarr/dns-endpoint.yaml
@@ -0,0 +1,12 @@
+apiVersion: externaldns.k8s.io/v1alpha1
+kind: DNSEndpoint
+metadata:
+  name: prowlarr.michaelthomson.dev
+  namespace: media
+spec:
+  endpoints:
+  - dnsName: prowlarr.michaelthomson.dev
+    recordTTL: 180
+    recordType: CNAME
+    targets:
+    - server.michaelthomson.dev
--- a/media/prowlarr/ingress.yaml
+++ b/media/prowlarr/ingress.yaml
@@ -0,0 +1,25 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: prowlarr
+  namespace: media
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
+    traefik.ingress.kubernetes.io/router.tls: "true"
+spec:
+  rules:
+  - host: prowlarr.michaelthomson.dev
+    http:
+      paths:
+      - pathType: ImplementationSpecific
+        path: /
+        backend:
+          service:
+            name: prowlarr
+            port: 
+              name: http
+  tls:
+    - hosts:
+        - prowlarr.michaelthomson.dev
+      secretName: letsencrypt-wildcard-cert-michaelthomson.dev
--- a/media/prowlarr/pvc-config.yaml
+++ b/media/prowlarr/pvc-config.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: prowlarr-config
+  namespace: media
+spec:
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: longhorn
+  accessModes:
+    - ReadWriteOnce
--- a/media/prowlarr/service.yaml
+++ b/media/prowlarr/service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: prowlarr
+  namespace: media
+spec:
+  selector:
+    app: prowlarr
+  ports:
+  - port: 80
+    targetPort: http
+    name: http
--- a/media/pvc-data.yaml
+++ b/media/pvc-data.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: media-data
+  namespace: media
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: 300Gi
--- a/media/transmission/config.yaml
+++ b/media/transmission/config.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: transmission-config
+  namespace: media
+data:
+  OPENVPN_PROVIDER: PROTONVPN
+  OPENVPN_CONFIG: node-ca-13.protonvpn.net.tcp
+  LOCAL_NETWORK: 10.0.0.0/8
+  OPENVPN_OPTS: --inactive 3600 --ping 10 --ping-exit 60
+  DISABLE_PORT_FORWARDER: "true"
+  DISABLE_PORT_UPDATER: "true"
+  GITHUB_CONFIG_SOURCE_REPO: michaelthomson0797/vpn-configs-contrib
--- a/media/transmission/deployment.yaml
+++ b/media/transmission/deployment.yaml
@@ -0,0 +1,82 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: transmission
+  namespace: media
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: transmission
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: transmission
+    spec:
+      containers:
+        - image: haugene/transmission-openvpn:dev
+          name: transmission
+          imagePullPolicy: Always
+          envFrom:
+            - configMapRef:
+                name: transmission-config
+                optional: false
+            - secretRef:
+                name: transmission-secret
+          livenessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 10
+            periodSeconds: 2
+            successThreshold: 1
+            tcpSocket:
+              port: 9091
+            timeoutSeconds: 2
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 10
+            periodSeconds: 2
+            successThreshold: 2
+            tcpSocket:
+              port: 9091
+            timeoutSeconds: 2
+          securityContext:
+            allowPrivilegeEscalation: true
+            capabilities:
+              add:
+              - NET_ADMIN
+            privileged: true
+          volumeMounts:
+            - mountPath: /data/downloads
+              name: data
+              subPath: downloads
+            - mountPath: /config
+              name: config
+      initContainers:
+      - name: init-media-filesystem
+        image: busybox
+        command:  
+        - mkdir
+        - -p
+        - -v
+        - /data/downloads/movies
+        - /data/downloads/tv
+        - /data/downloads/books
+        - /data/downloads/audiobooks
+        - /data/media/movies
+        - /data/media/tv
+        - /data/media/books
+        - /data/media/audiobooks
+        volumeMounts:
+          - mountPath: /data
+            name: data
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 30
+      volumes: 
+        - name: data
+          persistentVolumeClaim:
+            claimName: media-data
+        - name: config
+          persistentVolumeClaim:
+            claimName: transmission-config
--- a/media/transmission/dns-endpoint.yaml
+++ b/media/transmission/dns-endpoint.yaml
@@ -0,0 +1,12 @@
+apiVersion: externaldns.k8s.io/v1alpha1
+kind: DNSEndpoint
+metadata:
+  name: transmission.michaelthomson.dev
+  namespace: media
+spec:
+  endpoints:
+  - dnsName: transmission.michaelthomson.dev
+    recordTTL: 180
+    recordType: CNAME
+    targets:
+    - server.michaelthomson.dev
--- a/media/transmission/ingress.yaml
+++ b/media/transmission/ingress.yaml
@@ -0,0 +1,26 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: transmission
+  namespace: media
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
+    traefik.ingress.kubernetes.io/router.tls: "true"
+spec:
+  ingressClassName: traefik
+  rules:
+    - host: transmission.michaelthomson.dev
+      http:
+        paths:
+        - backend:
+            service:
+              name: transmission
+              port:
+                number: 80
+          path: /
+          pathType: ImplementationSpecific
+  tls:
+    - hosts:
+        - transmission.michaelthomson.dev
+      secretName: letsencrypt-wildcard-cert-michaelthomson.dev
--- a/media/transmission/pvc-config.yaml
+++ b/media/transmission/pvc-config.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: transmission-config
+  namespace: media
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: 1Gi
--- a/media/transmission/sealed-secret.yaml
+++ b/media/transmission/sealed-secret.yaml
@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: transmission-secret
+  namespace: media
+spec:
+  encryptedData:
+    OPENVPN_PASSWORD: AgDL/UEcrP9Vi49S7kwCuJFUqV7eXwMiXq7I+qDr0tWlzSwYQeEAhbpGIOUoDzR/dPWt8Z/cgvUtMjzJoFT0LJvLmAVApENWw58y54dQJUHM+aXc4C6C3gWaq/+Y2MFvOop8HWT1ZzP5vt2fyGq/kFbU/jnpofB3Uyv5tZVLKGMGtGfbcbiJC2id5I+fGDyS3lYtmZ08Jqbgs/1T7FSBve5H75gIDSKvSJgINHi73Mzk5rhQJFjat1Jgp2Ag+JryjrZGqgL1+9A07+68F35oYleEvHqHNHkdgeY4lihhp6puqNX58rA4sd++QQGi87nIzMKjTQBTTwyo/a8k/yWJQIFC6CbBZJqmsyACH2qg07mHP0Jz9UN9yiiqG+aU2OLdfYRQXpCbFRoANdRIJjlh3udPqkNknY6CY5VIa4eWGcjkPfKqo+xm9SfmAulgpDWNOi1PHh3gbnfBCN+EDDFnB8QGYtBmOftpAMItfzr3xvXmBNp7yjw7NYwxNe4tvvNWPXn5V4YnB7yvpMrAR88jnQSE2GamrcwRG2hTJDp/6L3iAlbRGoAsZsY0o+jWef07DlkIahLtSwlALCIhZYF8N9Y6Qbi8Q5VRcw8V25qmo4rYSYvbS6NS6CbnXLLb3o898/raASu9dcjajuNLZS8flLXJPLRVcI/U5dvSpkRwWp5988b+yBXz1AylK4jr+r5Td4tRbcHhbAJrE8pvdJUGnL78l8nJggCZ3xBbHXP/XFan9A==
+    OPENVPN_USERNAME: AgC6znv7/KFPRR1UELHBbq/hvdsrFjwUpYErBiPi4MwHbgPeDZ8WJaZEK5ECRWQl4IshasdO98DRZLZvf5xXK4UjasWRXblfhbZHgkAfpfoJnbBg8TvR1KFmpMlNZ0lYWziGbPzFTQw/jvAB5frc1d2sTK+leUte4OyOvpYIlAu2Kq8yIl2s1JD+R28vohvuCBXmyB7B3CBTlroW2S1jBlcqk0uBI7yZVFiOi6tORWCjYTKayJOcExOL3cycB32WgQRxhWmHP5JfUU4EbgDNwvfkBpLobibEYUeh41Hq6WPvMN7vTVOok4PADC2f4kCcTVNpirhsbc/T3acuU9hQ5g8xSiZXq0S0Zlr6yM43i8rXvztdv9HWEGrA6B6gcTeWge7dhPoSNyfnLlpwpXbsoXKXpZdZ6Re3HMXxWPTV3P3xWwMzv1+7O2VXOtM/dXWfPdPDE0qT1FEP+hdzyuZm3uX1X17HKJYD58isKWfEBxq+PaiTMToPvfYQswiOBy9GNfaRfcKxUIOedzuDLc9qOAl+OoLwgq1N+RIrImDepemMqvib/TEPRUrNlAcmwChabu1yHGr8F/cojFNRnyUDC3iWf+oflN/OgtPB02Fr2/3g/YEsuJQzGuavgp4B5D5e5z2lgO4F7EDQtAUsaWr40NH6tA9Rj2hGemSsG+MG+mylTUDULHV1BsGh0C8TVlZJ7v7oyn9xHy3ALQdWOZJnIohS
+  template:
+    metadata:
+      creationTimestamp: null
+      name: transmission-secret
+      namespace: media
+
--- a/media/transmission/service.yaml
+++ b/media/transmission/service.yaml
@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: transmission
+  namespace: media
+spec:
+  selector:
+    app: transmission
+  ports:
+  - port: 80
+    protocol: TCP
+    targetPort: 9091
+    name: transmission-ui
+  - protocol: TCP
+    port: 51413
+    targetPort: 51413
+    name: transmission-tcp
+  - protocol: UDP
+    port: 51413
+    targetPort: 51413
+    name: transmission-udp
+  sessionAffinity: None
+  type: ClusterIP