nzbget

media/nzbget/deployment.yaml

@@ -0,0 +1,62 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nzbget
+  namespace: media
+spec:
+  selector:
+    matchLabels:
+      app: nzbget
+  template:
+    metadata:
+      labels:
+        app: nzbget
+    spec:
+      securityContext:
+        sysctls:
+        - name: net.ipv4.conf.all.src_valid_mark
+          value: "1"
+      containers:
+      - name: nzbget
+        image: lscr.io/linuxserver/nzbget:latest
+        envFrom:
+        - configMapRef:
+            name: nzbget-config
+            optional: false
+        ports:
+        - containerPort: 6789
+          name: http
+          protocol: TCP
+        volumeMounts:
+        - name: nzbget-config
+          mountPath: /config
+        - name: data
+          mountPath: /data/downloads
+          subPath: downloads
+      - name: wireguard
+        image: lscr.io/linuxserver/wireguard:latest
+        envFrom:
+        - configMapRef:
+            name: nzbget-wireguard-config
+        securityContext:
+          capabilities:
+            add:
+            - NET_ADMIN
+        volumeMounts:
+        - name: nzbget-wireguard-config-secret
+          mountPath: /config/wg_confs
+        - name: nzbget-wireguard-config
+          mountPath: /config
+      volumes:
+      - name: nzbget-config
+        persistentVolumeClaim:
+          claimName: nzbget-config
+      - name: data
+        persistentVolumeClaim:
+          claimName: media-data
+      - name: nzbget-wireguard-config
+        persistentVolumeClaim:
+          claimName: wireguard-config
+      - name: nzbget-wireguard-config-secret
+        secret:
+          secretName: nzbget-wireguard-config-secret

media/nzbget/dns-endpoint.yaml

@@ -0,0 +1,12 @@
+apiVersion: externaldns.k8s.io/v1alpha1
+kind: DNSEndpoint
+metadata:
+  name: nzbget.michaelthomson.dev
+  namespace: media
+spec:
+  endpoints:
+  - dnsName: nzbget.michaelthomson.dev
+    recordTTL: 180
+    recordType: CNAME
+    targets:
+    - server.michaelthomson.dev

media/nzbget/ingress.yaml

@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nzbget
+  namespace: media
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
+spec:
+  rules:
+  - host: nzbget.michaelthomson.dev
+    http:
+      paths:
+      - pathType: ImplementationSpecific
+        path: /
+        backend:
+          service:
+            name: nzbget
+            port: 
+              name: http
+  tls:
+    - hosts:
+        - nzbget.michaelthomson.dev
+      secretName: letsencrypt-wildcard-cert-michaelthomson.dev

media/nzbget/nzbget-config.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nzbget-config
+  namespace: media
+data:
+  PUID: "1000"
+  PGID: "1000"
+  TZ: "America/Toronto"

media/nzbget/nzbget-wireguard-config-secret.yaml

@@ -0,0 +1,21 @@
+{
+  "kind": "SealedSecret",
+  "apiVersion": "bitnami.com/v1alpha1",
+  "metadata": {
+    "name": "nzbget-wireguard-config-secret",
+    "namespace": "media",
+    "creationTimestamp": null
+  },
+  "spec": {
+    "template": {
+      "metadata": {
+        "name": "nzbget-wireguard-config-secret",
+        "namespace": "media",
+        "creationTimestamp": null
+      }
+    },
+    "encryptedData": {
+      "wg0.conf": "AgBQTqVFsZHrTNLF1gbT3jB7oyKgLue/NU27Tk+a6NC3MzISm13HUYPy5nUS9qtJBVTaaKNEOU7ekq9WHPr9vsJ4mVAkTuh1TnYp9yPeuHmtrQ5rRgqEJghji2PwM3IQrBrnNMUL5OWhbxMmZWA7uTEBAjCeKiNMNJ5uKmCKDy0i/6gzv2hQhLAix/apQ37lGPHpNsk/NauiFujYO3PuMCJemZ0kgKcvAjGI2f6+QNh+C/1573nBNBXc/7sAEzfX6tHI719l6tmg+D5snZX0jUq5cwgDbTTo5eh/RaFAPcIunoUfQk6qOjluiQEA2sfDmwhxno7YL5t/WvnjCNCtQwSEvTSds5f0KiZFN8NeJOvrrzIM4ZWeH4YtznIcaPFwPemUsSvwz/cXMO8AzyO/FELg0tOVPwYYx5MGdcr1Wh+6DOA6R8VTFs2E3DLMeOqkXznd35rvI6kFdinJCK/sHyq2Qwj24C1UoQiEoV+V4a8YtkMTrV23pQULO7DkMTf12ohDDd9Vpq0y9mZFpoMIYYtFe/+a93EM08KuYux6OveZcSY5H8L7nJP2Oy5FyNL286be9XKsJ1Nsy35i33cXjSa2QdtIBt2JslG4YySltDfITY6/AWFjOP7cdO8dSyoTzNKLIz0G4hjBSwqoSHRLaejBYfTnAR93Teg0ibD6m+kBKQGIF5KF2ZWtjePy4C9hs8n3+CkwTXL8RECTodwR5Lglwddx1LrAgEcLfQ/OH0sO3OmMsFY6r4wjnTHbnbYycT3GWpS3bSqgVg6fq5Fy1CDVTGAm55H3SGSAvmnv6a7uy0uaxp8iknDIV3oNsKvqZW5Lc0mBDeH6xGW73/lIIFDR9h+fV+8XoZRMHZZo1Ese+Jo51Q+wp35doa7zFQnHgYIYkItpvUJOEWR0fyL2r04aN2M7UjXJaOA/Coie6/eq2BDT39KdAibZnSi88FBFRnt1OyYdYF7qSkXOsETrrraGYSqGOCD83ybk8+JqQObZnpVeUjYP0miZjQ8uCr6K7YrWBIOpkGfByrQwzaY/8PEZb0rVhb7NL8VrNXf7wbdBl0LX4Ei54DZgn2ZPpnVWBljqlRAb39lVyum8mjEOH0Ag15xT2LZgcmkLsvJvroyf7JviChBAJ70vtUoKmyIHqjvdGX22h0xRllBs2rk7K6QvjMVsSnxy"
+    }
+  }
+}

media/nzbget/nzbget-wireguard-config.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nzbget-wireguard-config
+  namespace: media
+data:
+  PUID: "1000"
+  GUID: "1000"
+  TZ: America/Toronto

media/nzbget/pvc-nzbget-config.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nzbget-config
+  namespace: media
+spec:
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: longhorn
+  accessModes:
+    - ReadWriteOnce

media/nzbget/pvc-wireguard-config.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nzbget-wireguard-config
+  namespace: media
+spec:
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: longhorn
+  accessModes:
+    - ReadWriteOnce

media/nzbget/service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: nzbget
+  namespace: media
+spec:
+  selector:
+    app: nzbget
+  ports:
+  - port: 80
+    targetPort: http
+    name: http