diff --git a/media/jellyfin/deployment.yaml b/media/jellyfin/deployment.yaml new file mode 100644 index 0000000..8a7b799 --- /dev/null +++ b/media/jellyfin/deployment.yaml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: jellyfin + namespace: media +spec: + selector: + matchLabels: + app: jellyfin + template: + metadata: + labels: + app: jellyfin + spec: + containers: + - name: jellyfin + image: lscr.io/linuxserver/jellyfin:latest + securityContext: + privileged: true + ports: + - containerPort: 8096 + name: http + protocol: TCP + volumeMounts: + - name: config + mountPath: /config + - mountPath: /data/media + name: data + subPath: media + - name: dev-dri + mountPath: /dev/dri + volumes: + - name: config + persistentVolumeClaim: + claimName: jellyfin-config + - name: data + persistentVolumeClaim: + claimName: media-data + - name: dev-dri + hostPath: + path: /dev/dri + + diff --git a/media/jellyfin/dns-endpoint.yaml b/media/jellyfin/dns-endpoint.yaml new file mode 100644 index 0000000..df6dc4d --- /dev/null +++ b/media/jellyfin/dns-endpoint.yaml @@ -0,0 +1,12 @@ +apiVersion: externaldns.k8s.io/v1alpha1 +kind: DNSEndpoint +metadata: + name: jellyfin.michaelthomson.dev + namespace: media +spec: + endpoints: + - dnsName: jellyfin.michaelthomson.dev + recordTTL: 180 + recordType: CNAME + targets: + - server.michaelthomson.dev diff --git a/media/jellyfin/ingress.yaml b/media/jellyfin/ingress.yaml new file mode 100644 index 0000000..a7c0d35 --- /dev/null +++ b/media/jellyfin/ingress.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: jellyfin + namespace: media + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.tls: "true" + # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd +spec: + rules: + - host: jellyfin.michaelthomson.dev + http: + paths: + - pathType: ImplementationSpecific + path: / + backend: + service: + name: jellyfin + port: + name: http + tls: + - hosts: + - jellyfin.michaelthomson.dev + secretName: letsencrypt-wildcard-cert-michaelthomson.dev diff --git a/media/jellyfin/pvc-config.yaml b/media/jellyfin/pvc-config.yaml new file mode 100644 index 0000000..3e886e8 --- /dev/null +++ b/media/jellyfin/pvc-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: jellyfin-config + namespace: media +spec: + resources: + requests: + storage: 60Gi + storageClassName: longhorn + accessModes: + - ReadWriteOnce diff --git a/media/jellyfin/service.yaml b/media/jellyfin/service.yaml new file mode 100644 index 0000000..982ceff --- /dev/null +++ b/media/jellyfin/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: jellyfin + namespace: media +spec: + selector: + app: jellyfin + ports: + - port: 80 + targetPort: http + name: http diff --git a/media/pvc-data.yaml b/media/pvc-data.yaml new file mode 100644 index 0000000..3fc12c2 --- /dev/null +++ b/media/pvc-data.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: media-data + namespace: media +spec: + accessModes: + - ReadWriteMany + storageClassName: longhorn + resources: + requests: + storage: 230Gi diff --git a/media/radarr/config.yaml b/media/radarr/config.yaml new file mode 100644 index 0000000..9431722 --- /dev/null +++ b/media/radarr/config.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: radarr-config + namespace: media +data: + PUID: "1000" + PGID: "1000" diff --git a/media/radarr/deployment.yaml b/media/radarr/deployment.yaml new file mode 100644 index 0000000..4eee725 --- /dev/null +++ b/media/radarr/deployment.yaml @@ -0,0 +1,39 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: radarr + namespace: media +spec: + selector: + matchLabels: + app: radarr + template: + metadata: + labels: + app: radarr + spec: + containers: + - name: radarr + image: lscr.io/linuxserver/radarr:latest + envFrom: + - configMapRef: + name: radarr-config + optional: false + ports: + - containerPort: 7878 + name: http + protocol: TCP + volumeMounts: + - name: config + mountPath: /config + - mountPath: /data + name: data + volumes: + - name: config + persistentVolumeClaim: + claimName: radarr-config + - name: data + persistentVolumeClaim: + claimName: media-data + + diff --git a/media/radarr/dns-endpoint.yaml b/media/radarr/dns-endpoint.yaml new file mode 100644 index 0000000..fccee4b --- /dev/null +++ b/media/radarr/dns-endpoint.yaml @@ -0,0 +1,12 @@ +apiVersion: externaldns.k8s.io/v1alpha1 +kind: DNSEndpoint +metadata: + name: radarr.michaelthomson.dev + namespace: media +spec: + endpoints: + - dnsName: radarr.michaelthomson.dev + recordTTL: 180 + recordType: CNAME + targets: + - server.michaelthomson.dev diff --git a/media/radarr/ingress.yaml b/media/radarr/ingress.yaml new file mode 100644 index 0000000..c1cc5f8 --- /dev/null +++ b/media/radarr/ingress.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: radarr + namespace: media + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd + traefik.ingress.kubernetes.io/router.tls: "true" +spec: + rules: + - host: radarr.michaelthomson.dev + http: + paths: + - pathType: ImplementationSpecific + path: / + backend: + service: + name: radarr + port: + name: http + tls: + - hosts: + - radarr.michaelthomson.dev + secretName: letsencrypt-wildcard-cert-michaelthomson.dev diff --git a/media/radarr/pvc-config.yaml b/media/radarr/pvc-config.yaml new file mode 100644 index 0000000..2ac984c --- /dev/null +++ b/media/radarr/pvc-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: radarr-config + namespace: media +spec: + resources: + requests: + storage: 1Gi + storageClassName: longhorn + accessModes: + - ReadWriteOnce diff --git a/media/radarr/service.yaml b/media/radarr/service.yaml new file mode 100644 index 0000000..14db49f --- /dev/null +++ b/media/radarr/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: radarr + namespace: media +spec: + selector: + app: radarr + ports: + - port: 80 + targetPort: http + name: http diff --git a/media/readarr/config.yaml b/media/readarr/config.yaml new file mode 100644 index 0000000..61d07de --- /dev/null +++ b/media/readarr/config.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: readarr-config + namespace: media +data: + PUID: "1000" + PGID: "1000" diff --git a/media/readarr/deployment.yaml b/media/readarr/deployment.yaml new file mode 100644 index 0000000..3bb4cd7 --- /dev/null +++ b/media/readarr/deployment.yaml @@ -0,0 +1,39 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: readarr + namespace: media +spec: + selector: + matchLabels: + app: readarr + template: + metadata: + labels: + app: readarr + spec: + containers: + - name: readarr + image: lscr.io/linuxserver/readarr:nightly + envFrom: + - configMapRef: + name: readarr-config + optional: false + ports: + - containerPort: 8787 + name: http + protocol: TCP + volumeMounts: + - name: config + mountPath: /config + - mountPath: /data + name: data + volumes: + - name: config + persistentVolumeClaim: + claimName: readarr-config + - name: data + persistentVolumeClaim: + claimName: media-data + + diff --git a/media/readarr/dns-endpoint.yaml b/media/readarr/dns-endpoint.yaml new file mode 100644 index 0000000..e11387c --- /dev/null +++ b/media/readarr/dns-endpoint.yaml @@ -0,0 +1,12 @@ +apiVersion: externaldns.k8s.io/v1alpha1 +kind: DNSEndpoint +metadata: + name: readarr.michaelthomson.dev + namespace: media +spec: + endpoints: + - dnsName: readarr.michaelthomson.dev + recordTTL: 180 + recordType: CNAME + targets: + - server.michaelthomson.dev diff --git a/media/readarr/ingress.yaml b/media/readarr/ingress.yaml new file mode 100644 index 0000000..14a81aa --- /dev/null +++ b/media/readarr/ingress.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: readarr + namespace: media + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd + traefik.ingress.kubernetes.io/router.tls: "true" +spec: + rules: + - host: readarr.michaelthomson.dev + http: + paths: + - pathType: ImplementationSpecific + path: / + backend: + service: + name: readarr + port: + name: http + tls: + - hosts: + - readarr.michaelthomson.dev + secretName: letsencrypt-wildcard-cert-michaelthomson.dev diff --git a/media/readarr/pvc-config.yaml b/media/readarr/pvc-config.yaml new file mode 100644 index 0000000..8648de3 --- /dev/null +++ b/media/readarr/pvc-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: readarr-config + namespace: media +spec: + resources: + requests: + storage: 1Gi + storageClassName: longhorn + accessModes: + - ReadWriteOnce diff --git a/media/readarr/service.yaml b/media/readarr/service.yaml new file mode 100644 index 0000000..b8f7053 --- /dev/null +++ b/media/readarr/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: readarr + namespace: media +spec: + selector: + app: readarr + ports: + - port: 80 + targetPort: http + name: http diff --git a/media/sonarr/config.yaml b/media/sonarr/config.yaml new file mode 100644 index 0000000..041753a --- /dev/null +++ b/media/sonarr/config.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: sonarr-config + namespace: media +data: + PUID: "1000" + PGID: "1000" diff --git a/media/sonarr/deployment.yaml b/media/sonarr/deployment.yaml new file mode 100644 index 0000000..c19beaa --- /dev/null +++ b/media/sonarr/deployment.yaml @@ -0,0 +1,39 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: sonarr + namespace: media +spec: + selector: + matchLabels: + app: sonarr + template: + metadata: + labels: + app: sonarr + spec: + containers: + - name: sonarr + image: lscr.io/linuxserver/sonarr:latest + envFrom: + - configMapRef: + name: sonarr-config + optional: false + ports: + - containerPort: 8989 + name: http + protocol: TCP + volumeMounts: + - name: config + mountPath: /config + - mountPath: /data + name: data + volumes: + - name: config + persistentVolumeClaim: + claimName: sonarr-config + - name: data + persistentVolumeClaim: + claimName: media-data + + diff --git a/media/sonarr/dns-endpoint.yaml b/media/sonarr/dns-endpoint.yaml new file mode 100644 index 0000000..2d2a904 --- /dev/null +++ b/media/sonarr/dns-endpoint.yaml @@ -0,0 +1,12 @@ +apiVersion: externaldns.k8s.io/v1alpha1 +kind: DNSEndpoint +metadata: + name: sonarr.michaelthomson.dev + namespace: media +spec: + endpoints: + - dnsName: sonarr.michaelthomson.dev + recordTTL: 180 + recordType: CNAME + targets: + - server.michaelthomson.dev diff --git a/media/sonarr/ingress.yaml b/media/sonarr/ingress.yaml new file mode 100644 index 0000000..e96f65f --- /dev/null +++ b/media/sonarr/ingress.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: sonarr + namespace: media + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd + traefik.ingress.kubernetes.io/router.tls: "true" +spec: + rules: + - host: sonarr.michaelthomson.dev + http: + paths: + - pathType: ImplementationSpecific + path: / + backend: + service: + name: sonarr + port: + name: http + tls: + - hosts: + - sonarr.michaelthomson.dev + secretName: letsencrypt-wildcard-cert-michaelthomson.dev diff --git a/media/sonarr/pvc-config.yaml b/media/sonarr/pvc-config.yaml new file mode 100644 index 0000000..a8eedcd --- /dev/null +++ b/media/sonarr/pvc-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: sonarr-config + namespace: media +spec: + resources: + requests: + storage: 1Gi + storageClassName: longhorn + accessModes: + - ReadWriteOnce diff --git a/media/sonarr/service.yaml b/media/sonarr/service.yaml new file mode 100644 index 0000000..8038b68 --- /dev/null +++ b/media/sonarr/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: sonarr + namespace: media +spec: + selector: + app: sonarr + ports: + - port: 80 + targetPort: http + name: http diff --git a/media/transmission/config.yaml b/media/transmission/config.yaml new file mode 100644 index 0000000..c35810c --- /dev/null +++ b/media/transmission/config.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: transmission-config + namespace: media +data: + PUID: "1000" + PGID: "1000" + OPENVPN_PROVIDER: PROTONVPN + OPENVPN_CONFIG: node-ca-13.protonvpn.net.tcp + LOCAL_NETWORK: 10.0.0.0/8 + OPENVPN_OPTS: --inactive 3600 --ping 10 --ping-exit 60 + DISABLE_PORT_FORWARDER: "true" + DISABLE_PORT_UPDATER: "true" + GITHUB_CONFIG_SOURCE_REPO: michaelthomson0797/vpn-configs-contrib + TRANSMISSION_DOWNLOAD_DIR: /data/downloads diff --git a/media/transmission/deployment.yaml b/media/transmission/deployment.yaml new file mode 100644 index 0000000..920363d --- /dev/null +++ b/media/transmission/deployment.yaml @@ -0,0 +1,80 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: transmission + namespace: media +spec: + replicas: 1 + selector: + matchLabels: + app: transmission + strategy: + type: Recreate + template: + metadata: + labels: + app: transmission + spec: + containers: + - image: haugene/transmission-openvpn:dev + name: transmission + imagePullPolicy: Always + envFrom: + - configMapRef: + name: transmission-config + optional: false + - secretRef: + name: transmission-secret + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 2 + successThreshold: 1 + tcpSocket: + port: 9091 + timeoutSeconds: 2 + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 2 + successThreshold: 2 + tcpSocket: + port: 9091 + timeoutSeconds: 2 + securityContext: + capabilities: + add: + - NET_ADMIN + volumeMounts: + - mountPath: /data/downloads + name: data + subPath: downloads + - mountPath: /config + name: config + initContainers: + - name: init-media-filesystem + image: busybox + command: + - mkdir + - -p + - -v + - /data/downloads/movies + - /data/downloads/tv + - /data/downloads/books + - /data/downloads/audiobooks + - /data/media/movies + - /data/media/tv + - /data/media/books + - /data/media/audiobooks + volumeMounts: + - mountPath: /data + name: data + restartPolicy: Always + terminationGracePeriodSeconds: 30 + volumes: + - name: data + persistentVolumeClaim: + claimName: media-data + - name: config + persistentVolumeClaim: + claimName: transmission-config diff --git a/media/transmission/dns-endpoint.yaml b/media/transmission/dns-endpoint.yaml new file mode 100644 index 0000000..d4781c7 --- /dev/null +++ b/media/transmission/dns-endpoint.yaml @@ -0,0 +1,12 @@ +apiVersion: externaldns.k8s.io/v1alpha1 +kind: DNSEndpoint +metadata: + name: transmission.michaelthomson.dev + namespace: media +spec: + endpoints: + - dnsName: transmission.michaelthomson.dev + recordTTL: 180 + recordType: CNAME + targets: + - server.michaelthomson.dev diff --git a/media/transmission/ingress.yaml b/media/transmission/ingress.yaml new file mode 100644 index 0000000..dcf6de4 --- /dev/null +++ b/media/transmission/ingress.yaml @@ -0,0 +1,26 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: transmission + namespace: media + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd + traefik.ingress.kubernetes.io/router.tls: "true" +spec: + ingressClassName: traefik + rules: + - host: transmission.michaelthomson.dev + http: + paths: + - backend: + service: + name: transmission + port: + number: 80 + path: / + pathType: ImplementationSpecific + tls: + - hosts: + - transmission.michaelthomson.dev + secretName: letsencrypt-wildcard-cert-michaelthomson.dev diff --git a/media/transmission/pvc-config.yaml b/media/transmission/pvc-config.yaml new file mode 100644 index 0000000..7073a05 --- /dev/null +++ b/media/transmission/pvc-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: transmission-config + namespace: media +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn + resources: + requests: + storage: 1Gi diff --git a/media/transmission/secret.yaml b/media/transmission/secret.yaml new file mode 100644 index 0000000..25519e9 --- /dev/null +++ b/media/transmission/secret.yaml @@ -0,0 +1,15 @@ +kind: SealedSecret +apiVersion: bitnami.com/v1alpha1 +metadata: + name: transmission-secret + namespace: media + creationTimestamp: +spec: + template: + metadata: + name: transmission-secret + namespace: media + creationTimestamp: + encryptedData: + OPENVPN_PASSWORD: AgBYLwbZCo8elG5weUpoYEwJvcZiOQr/mGhORWV7Qt+fe810IzY8dMSLDNb82ob/mp9lFTWmcMCeVTNd05HiYgFCc1K/BFzUvU/KT1TLgf05ze8noyoDh8Ot5PZ8U2p4VE1b54mvTJrXthZ9ckoyOJuCWjymssBOAUfBJdQYnohbLOEpw5GiSvPsp5r7QMK7FCnou4oNNivZJBn53c9Q4YNftJ96YFWAj1ydXPPY8E8n6JH+txeDjPRM42RTZm2GzPqbprdyATJzgcDg27jJPTkGD3iDWmfy/QaEoFsUVi4ZrL+KWAJ6oYOx0pf0heiW043Gc0Xhkbcsca/t6bk7Jyd3OUbv90zJZrzvJd37uax6zzAhO6eEA19OzWK7LD/rKU7XD8CEyIsw7z8Xby4ZusbfzkZJjRDPVQhIHMK+kDFKGkBMccBZaYepNJdTd+f/iBiJ06zfPln8FlLAoEmK8/74WphHjXspIt9el+lCcs3+FBd/SRO96s7+CoWNMvwq4RIl5fF+0QxEIce9w0FwpN3heiFl8l7LyCWWAH+0Zud+rCQZaPctlccCOP5t95eLcIhP6XBhHyqIElWUNaGulpruIFwpoD1qgHt/hz3opBIoUi3VwnyoYPDlW/JU6ECzmMXvBaOtnvXU08ygRjWxry0RvzXq7x15j8Jn0RI/09W52bkQGb9KHCGebkt0Z5vx+YKBrhCOxiAhDKzWTceX3OTamx4ofJsoF2IlSTLjCQueAA== + OPENVPN_USERNAME: AgA/DHbUeCestT6mZjfwJ/JbUJ3wfhD3M5q2XP8xM6708uSxG+B6EDlcrIkM5+QAxioZCfeRtuv8pxCgb9qgc685ogOv+/C6k3S9hgtTlAmUMxCCLqgCG+HhSwVBj1YNpGcBrnpsbTbvM3NlaRJbMf+fFtYqYHS8WelqEZisAECIAuYkswxX/0wcViMlgTUk+vsd8KtM4z4AeH3d6u6ZczQTHnBxxbiOni8nwXepPo+aN5PcAsAuUVvp4g/gL0Uum3WxkjBnYA3C1+ez1liHXA36pqd/LVafLEcBNQyo45nhCi/Oy8QyGI7M4voU3A2dOJddn0Gssc99HyHEj6QjVr1sAE2K2gyFlqB90Hk/RkhbWSVnkJtJwgG0hFgD5NHLh+H0GcvOqUMOEVcYyL//k2Hw3dRvtQkvDdYZ16Kddpcueu8Q5Yi5k0cBs6c/cc7+iHVioKiJaT8OO1MiYGwR1FhwkILMvSt7ozkOsAFpqYxETwYpSeTYxoPyNyc0LfLdXdJ4aDzgZyW9cV7gc4yg7sOjM0wqv/FlGz8RQv+/iQLhoYh5kkm2zA68Of0ytIgitpBWecmuEnCFC9gR9llx+M3qkoQB3Dfvwom8DR7Xs4NOyvx8YzR9adPArc9jHIvqZfW7LVLubCS7PhhMsaKaF7brixPLNija0hCFv6JDn247MJ97KK+1byA9ZpCgKlINO+DyxJqA3Ljq/Vea9asgy9vA diff --git a/media/transmission/service.yaml b/media/transmission/service.yaml new file mode 100644 index 0000000..765d7be --- /dev/null +++ b/media/transmission/service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: transmission + namespace: media +spec: + selector: + app: transmission + ports: + - port: 80 + protocol: TCP + targetPort: 9091 + name: transmission-ui + - protocol: TCP + port: 51413 + targetPort: 51413 + name: transmission-tcp + - protocol: UDP + port: 51413 + targetPort: 51413 + name: transmission-udp + sessionAffinity: None + type: ClusterIP