aggarwalakshun/k3s-at-home
0
0
Fork 0
Code Issues 1 Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Compare commits

base: aggarwalakshun:main
Branches Tags
aggarwalakshun:main
..
compare: aggarwalakshun:26127d1dd8c1c44cfe2e40431a88332c879dd9cd
Branches Tags
aggarwalakshun:main

1 Commits
main ... 26127d1dd8

Author SHA1 Message Date
Renovate Bot
26127d1dd8 Update searxng/searxng Docker digest to 4cf7a26 2025-11-25 00:01:43 +00:00
291 changed files with 474 additions and 18747 deletions
Expand all files Collapse all files

85
.gitea/workflows/kubeconform.yml
View File

@@ -1,85 +0,0 @@
name: Validate Kubernetes Manifests
on:
push:
paths:
- '**.yml'
- '**.yaml'
- '!.gitea/workflows/**'
- '!clusters/default/system-upgrade/crd.yml'
jobs:
kubeconform:
runs-on: ubuntu-latest
container:
image: gitea.akshun-lab.cc/aggarwalakshun/kube-tools:1.1.0
steps:
- name: Checkout code
uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v47
with:
files: |
**.yml
**.yaml
!.gitea/workflows/**
!clusters/default/system-upgrade/crd.yml
- name: Validate Manifests
if: steps.changed-files.outputs.any_changed == 'true'
env:
ALL_CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }}
shell: bash
run: |
set -o pipefail
declare -A SCHEMA_MAP=(
["HelmRelease"]="helm.toolkit.fluxcd.io/helmrelease_v2.json"
["HelmRepository"]="source.toolkit.fluxcd.io/helmrepository_v1.json"
["L2Advertisement"]="metallb.io/l2advertisement_v1beta1.json"
["IPAddressPool"]="metallb.io/ipaddresspool_v1beta1.json"
["SealedSecret"]="bitnami.com/sealedsecret_v1alpha1.json"
["ClusterPolicy"]="nvidia.com/clusterpolicy_v1.json"
["Plan"]="upgrade.cattle.io/plan_v1.json"
)
EXIT_CODE=0
for file in ${ALL_CHANGED_FILES}; do
[ -z "$file" ] && continue
echo "=== Validating: $file ==="
yq e -o=json '. as $item ireduce ([]; . + [$item])' "$file" | \
jq -c '.[] | select(.kind != null)' | \
while read -r manifest; do
KIND=$(echo "$manifest" | jq -r '.kind // ""')
if [[ -n "$KIND" && -n "${SCHEMA_MAP[$KIND]}" ]]; then
echo "Found $KIND - using custom schema"
SCHEMA_URL="https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/${SCHEMA_MAP[$KIND]}"
if ! echo "$manifest" | kubeconform \
-schema-location "$SCHEMA_URL" \
-output json \
-; then
EXIT_CODE=1
fi
else
echo "Validating with default schemas"
if ! echo "$manifest" | kubeconform \
-schema-location default \
-output json \
-; then
EXIT_CODE=1
fi
fi
done
echo ""
done
exit $EXIT_CODE

4
.gitea/workflows/renovate.yml
View File

@@ -9,11 +9,11 @@ jobs:
renovate:
runs-on: ubuntu-latest
container:
image: renovate/renovate:42.64.1
image: renovate/renovate:41.165.2
steps:
- name: Checkout repository
uses: actions/checkout@v6
uses: actions/checkout@v5
- name: Run Renovate
env:

2
.gitignore vendored
View File

@@ -1,2 +0,0 @@
/tmp-pod.yml
/Dockerfile

2
clusters/default/arr-stack/jellyseerr/jellyseerr.yml
View File

@@ -18,7 +18,7 @@ spec:
spec:
initContainers:
- name: gluetun
image: qmcgaw/gluetun:v3.41.0
image: qmcgaw/gluetun:v3.40.3
restartPolicy: Always
securityContext:
capabilities:

2
clusters/default/arr-stack/prowlarr/prowlarr.yml
View File

@@ -18,7 +18,7 @@ spec:
spec:
initContainers:
- name: gluetun
image: qmcgaw/gluetun:v3.41.0
image: qmcgaw/gluetun:v3.40.3
restartPolicy: Always
securityContext:
capabilities:

4
clusters/default/arr-stack/qbittorrent/qbittorrent-svc.yml
View File

@@ -12,5 +12,5 @@ spec:
selector:
app: qbittorrent
ports:
- port: 7070
targetPort: 7070
- port: 8080
targetPort: 8080

6
clusters/default/arr-stack/qbittorrent/qbittorrent.yml
View File

@@ -18,7 +18,7 @@ spec:
spec:
initContainers:
- name: gluetun
image: qmcgaw/gluetun:v3.41.0
image: qmcgaw/gluetun:v3.40.3
restartPolicy: Always
securityContext:
capabilities:
@@ -41,6 +41,8 @@ spec:
containers:
- name: qbittorrent
image: linuxserver/qbittorrent:5.1.4
ports:
- containerPort: 8080
env:
- name: PUID
value: "1000"
@@ -48,8 +50,6 @@ spec:
value: "1000"
- name: TZ
value: "Asia/Kolkata"
- name: WEBUI_PORT
value: "7070"
volumeMounts:
- name: downloads
mountPath: /downloads

14
clusters/default/arr-stack/sabnzbd/sabnzbd-pvc.yml
View File

@@ -1,14 +0,0 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: sabnzbd-longhorn
namespace: arr-stack
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 1Gi
storageClassName: longhorn

16
clusters/default/arr-stack/sabnzbd/sabnzbd-svc.yml
View File

@@ -1,16 +0,0 @@
---
apiVersion: v1
kind: Service
metadata:
name: sabnzbd-service
namespace: arr-stack
annotations:
metallb.io/allow-shared-ip: "shared-ip-1"
spec:
loadBalancerIP: 192.168.1.230
type: LoadBalancer
selector:
app: sabnzbd
ports:
- port: 8080
targetPort: 8080

40
clusters/default/arr-stack/sabnzbd/sabnzbd.yml
View File

@@ -1,40 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sabnzbd
namespace: arr-stack
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: sabnzbd
template:
metadata:
labels:
app: sabnzbd
spec:
containers:
- name: sabnzbd
image: lscr.io/linuxserver/sabnzbd:4.5.5
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: TZ
value: "Asia/Kolkata"
volumeMounts:
- name: sabnzbd-config
mountPath: /config
- name: downloads
mountPath: /downloads
volumes:
- name: sabnzbd-config
persistentVolumeClaim:
claimName: sabnzbd-longhorn
- name: downloads
nfs:
server: 10.0.0.123
path: /merge/downloads

84
clusters/default/flux-system/gotk-components.yaml
View File

@@ -1,6 +1,6 @@
---
# This manifest was generated by flux. DO NOT EDIT.
# Flux Version: v2.7.5
# Flux Version: v2.7.3
# Components: source-controller,kustomize-controller,helm-controller,notification-controller
apiVersion: v1
kind: Namespace
@@ -8,7 +8,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
pod-security.kubernetes.io/warn: restricted
pod-security.kubernetes.io/warn-version: latest
name: flux-system
@@ -19,7 +19,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
name: allow-egress
namespace: flux-system
spec:
@@ -39,7 +39,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
name: allow-scraping
namespace: flux-system
spec:
@@ -59,7 +59,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
name: allow-webhooks
namespace: flux-system
spec:
@@ -78,7 +78,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
name: critical-pods-flux-system
namespace: flux-system
spec:
@@ -98,7 +98,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
name: crd-controller-flux-system
rules:
- apiGroups:
@@ -204,7 +204,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: flux-edit-flux-system
@@ -212,7 +212,6 @@ rules:
- apiGroups:
- notification.toolkit.fluxcd.io
- source.toolkit.fluxcd.io
- source.extensions.fluxcd.io
- helm.toolkit.fluxcd.io
- image.toolkit.fluxcd.io
- kustomize.toolkit.fluxcd.io
@@ -231,7 +230,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
@@ -240,7 +239,6 @@ rules:
- apiGroups:
- notification.toolkit.fluxcd.io
- source.toolkit.fluxcd.io
- source.extensions.fluxcd.io
- helm.toolkit.fluxcd.io
- image.toolkit.fluxcd.io
- kustomize.toolkit.fluxcd.io
@@ -257,7 +255,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
name: cluster-reconciler-flux-system
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -277,7 +275,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
name: crd-controller-flux-system
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -315,7 +313,7 @@ metadata:
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
name: buckets.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
@@ -1086,7 +1084,7 @@ metadata:
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
name: externalartifacts.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
@@ -1282,7 +1280,7 @@ metadata:
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
name: gitrepositories.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
@@ -2236,7 +2234,7 @@ metadata:
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
name: helmcharts.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
@@ -2962,7 +2960,7 @@ metadata:
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
name: helmrepositories.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
@@ -3593,7 +3591,7 @@ metadata:
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
name: ocirepositories.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
@@ -4419,7 +4417,7 @@ metadata:
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
name: source-controller
namespace: flux-system
---
@@ -4430,7 +4428,7 @@ metadata:
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
control-plane: controller
name: source-controller
namespace: flux-system
@@ -4451,7 +4449,7 @@ metadata:
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
control-plane: controller
name: source-controller
namespace: flux-system
@@ -4472,7 +4470,7 @@ spec:
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
spec:
containers:
- args:
@@ -4495,7 +4493,7 @@ spec:
resourceFieldRef:
containerName: manager
resource: limits.memory
image: ghcr.io/fluxcd/source-controller:v1.7.4
image: ghcr.io/fluxcd/source-controller:v1.7.3
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -4559,7 +4557,7 @@ metadata:
app.kubernetes.io/component: kustomize-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
name: kustomizations.kustomize.toolkit.fluxcd.io
spec:
group: kustomize.toolkit.fluxcd.io
@@ -5929,7 +5927,7 @@ metadata:
app.kubernetes.io/component: kustomize-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
name: kustomize-controller
namespace: flux-system
---
@@ -5940,7 +5938,7 @@ metadata:
app.kubernetes.io/component: kustomize-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
control-plane: controller
name: kustomize-controller
namespace: flux-system
@@ -5959,7 +5957,7 @@ spec:
app.kubernetes.io/component: kustomize-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
spec:
containers:
- args:
@@ -5978,7 +5976,7 @@ spec:
resourceFieldRef:
containerName: manager
resource: limits.memory
image: ghcr.io/fluxcd/kustomize-controller:v1.7.3
image: ghcr.io/fluxcd/kustomize-controller:v1.7.2
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -6035,7 +6033,7 @@ metadata:
app.kubernetes.io/component: helm-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
name: helmreleases.helm.toolkit.fluxcd.io
spec:
group: helm.toolkit.fluxcd.io
@@ -8666,7 +8664,7 @@ metadata:
app.kubernetes.io/component: helm-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
name: helm-controller
namespace: flux-system
---
@@ -8677,7 +8675,7 @@ metadata:
app.kubernetes.io/component: helm-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
control-plane: controller
name: helm-controller
namespace: flux-system
@@ -8696,7 +8694,7 @@ spec:
app.kubernetes.io/component: helm-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
spec:
containers:
- args:
@@ -8715,7 +8713,7 @@ spec:
resourceFieldRef:
containerName: manager
resource: limits.memory
image: ghcr.io/fluxcd/helm-controller:v1.4.5
image: ghcr.io/fluxcd/helm-controller:v1.4.3
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -8772,7 +8770,7 @@ metadata:
app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
name: alerts.notification.toolkit.fluxcd.io
spec:
group: notification.toolkit.fluxcd.io
@@ -9162,7 +9160,7 @@ metadata:
app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
name: providers.notification.toolkit.fluxcd.io
spec:
group: notification.toolkit.fluxcd.io
@@ -9574,7 +9572,7 @@ metadata:
app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
name: receivers.notification.toolkit.fluxcd.io
spec:
group: notification.toolkit.fluxcd.io
@@ -10051,7 +10049,7 @@ metadata:
app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
name: notification-controller
namespace: flux-system
---
@@ -10062,7 +10060,7 @@ metadata:
app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
control-plane: controller
name: notification-controller
namespace: flux-system
@@ -10083,7 +10081,7 @@ metadata:
app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
control-plane: controller
name: webhook-receiver
namespace: flux-system
@@ -10104,7 +10102,7 @@ metadata:
app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
control-plane: controller
name: notification-controller
namespace: flux-system
@@ -10123,7 +10121,7 @@ spec:
app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.7.5
app.kubernetes.io/version: v2.7.3
spec:
containers:
- args:
@@ -10141,7 +10139,7 @@ spec:
resourceFieldRef:
containerName: manager
resource: limits.memory
image: ghcr.io/fluxcd/notification-controller:v1.7.5
image: ghcr.io/fluxcd/notification-controller:v1.7.4
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:

2
clusters/default/flux-system/gotk-sync.yaml
View File

@@ -11,7 +11,7 @@ spec:
branch: main
secretRef:
name: flux-system
url: ssh://git@gitea.akshun-lab.cc/aggarwalakshun/k3s-at-home.git
url: ssh://git@gitea.akshun-lab.cc:222/aggarwalakshun/k3s
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization

4
clusters/default/git-ops/gitea-act/gitea-act-secrets.yml
View File

@@ -6,8 +6,8 @@ metadata:
namespace: git-ops
spec:
encryptedData:
TOKEN: AgCCHSvlowNtj3ghhB/mYSnSlVMiB/yxLjWesHNtxiFLO4lGPfDp/KYMJ+0makytpQBlOS5nfSCh8u11Vh4vje0v2QLCkt8XCkDfpYOb/tJIaeMuojszaoaf3ZQqgzEbwy4hgaV8ur3K77jnHE+dnYMGNcd0Thg3nVhIs8rMK/2kBcTrp/Jfy61TAeyS3ObFgjayGqyUCc8BI1VjkKFXLPp82d7tqlGKTYlI+hVnWpSwS7MrybesTU8AGYC5GLRr3crfbff/H20m6aFb/4rDKQb7FIEOXYhbuxZw5OuFxlORnGNFWQP+aCyywOxmalNV1F2kZk0YRlWoaXrtyeT46cBI7WIgbFeUwlpRLxKGz8mBdJ8QluE2vu9HSUmMiFCOV6V0znUjz5jWyJ839FsUDHY78sRLaycu5fZNBeq0QndBDNYYkkhZ/uxvGsfdF8camCGNLIGC65nT3kHnWuZ0ZRSXJRf4Jb5TdK81aBceAEHqrtFkjger3v6ZEblTABV2fykRyFeK3eZ0TF5tsOa/8yNGI94sxjv/TXvdXNK2Z4VuaXRQpmCfnLkvKc4Fra0Pk2N1beI8NDTgqLBHWBPYeK1lryeYZ/nISj7W6hBasEPXdOYcJ8lCYwWmGmWO+B0zt8u0gvm0mkrZAZvluOYqRd+/Y8Cg9Q1S3lIFBd/JaPH/nTAXiHWU5ZNowGxuVYWIo6r85pv5oRJodVFhTZD/7mBsZHAh2XUVbLeN2ZfQHrSTFbZydkDz5f66
URL: AgATClAgHoLFuwCkQjQvl0MI0YRe7o2mCiaagecYvNgDH8uCMhY7vVFjmTmamfH0MBEbE+3QGQthlV+/aDjvpjJg3P5cFX+0EnU95SPPJHo0+oKAIxfP5DahCFl6nyyqZ57BTKNN5J4Mki4jCbkXxpnx5o2s+wjv4O56Al2yAK9ykk7vLo44VT9U8glxrEmpwQDp1Q/AVO0pk3NchvluAbq3PpcSQ2tPRK79aPGQyscfId9H/9WL4pNzyRFc+WLhMVuZWHxa2mEVYkl6tHU0BFjG0YZIkZTFfVBvhCXi8CRBWSMm9IeuIQGbLxnaH0SyVPqA2hO5YorQw54TL1gVnXIDo3zxyFYyYew/x7goq5Ab/pAHpb70RfCa9TSUjDVt9trrUyuh/Elvp6OX25FuPcOYiQlKcEnf4Hm/a5fiubZG53ejweEAx22O1KG0zWFTy6LzTXZqU6uhqcmslQgmSjQXCrbUfPV3yHXpRetilh4fHFLFsXHm9FoWqjCQ0qW//BwoNRj9jk7rR3/BDVDmOFYj+xau260TtbkqgE8uWHQw5jXM0AM6f1xDlF/ZdoHnvBs1VGF10SDLc0qr8+44L4MDRHhlLXcADlXBG0osfkXBFDqdYpC+Phsphhh81aV7Wg9u9dCKTbE3FcMGGaOT0mbnyrs2Jm7IS6EW3KeZrpm5taXmJLLjN0xwGPit1XUrKJw9RPngaXfi+SCX/MckEPIy2aLTssCqvKX2zD4=
TOKEN: AgACJkhEafIeRdcLRHBiyjAXz8aK4m1w8238FhwhX8cKDMg3J2hD11CDI5K6R+idPxfIxJSry7yarr4j+3hB9JOfrVTGSMyt8zadIjeE6MZMQFrE+Ufbo+JRqz9lBjY2enmxfjvFS5LiZGogUaomuvmeFywWWmqLlLcyANNIHN/sw/JVIZc32oLsElSCQc8GgWoLDHPFbTkoeqqCFtWiEYDhZDf5BsGHxNh2MOI0N55TPL5izKrgSUTHvDiehYddeIYz85K3WCDTGXBztIteM7+DrHGdyuYOimP4J3w9CExnf3ObtqcfnOgv9a1wiXER484q5fpaidWIVZm/dZiTFuLwAWpPNRP/WcTkMXEJVSAEWkdYxb8fk6Zn6VifT1fTSzTUN90TP0IXlrjP55nvG7oHvkBNWydSRxc3d2wwXKhSnAOk94cWPxilOkqhsc/aqCQzkxgHZXNV94jb8KzV5r1XCCD/kYd+crbfNs4uEKXNSa9KZqE4Did8eelEfst+VGhUpWwMLn9QNNlMxKUhWuqjEM30QTO51p7cB12dqQxi1nuXB6NREW8LtOOJ5uRDnSTY0ZTwioNZ5OqgMVfAPAY6HBZrYOQFvG5/rDRkkWLWdDRLJfz1OZq+qwoXBfXhKCEQnK2J8zIxjVJKjdK4U7myWzB9peN5XQN29aisxCY7k0ikpD8Crog7jnxAXo2hmLNaCt2xVgKpHc8RnuC9dNIlJUXI0KhTT649s6Jja09ZfuTF/3oboHBH
URL: AgAF2MrmaYUOGlLqyMhJpLyTT/qZbvSHC787uLNKwjqTqRIhU34DoR4F0ZxcDfiUl7KQgZVL+ujOU1MdpBxsMtsvLRFoQl+bGm4G1miE7BUpsETp2ll3kVbLMTk8eNeFdRq1P4WEtF6vidwVfJ0ggwyISdMpLm7tS/oFg4l0FImmpqjsycCMuwheB4azcU/1sEy046NLFQUm+ErKN88qRvFQwMlKj2DHKrtBxGZfdo7xo8hcBdq5IWDfMs8yAvalafp+O922mzF7ADp2IMoTgipCGiGNo8dengg18mfjqI7sUJHZag1apGmJmUSBK8xxFv7Cc8iS8PPpBZIROe8/rEwpNYH/JTVbfNZvdu5qVzmXs7BUppGG6dg5ASUkYW7lVf1Bo1M/dFreuHOlr1UucwJoIXcMFu/eOLcNbAchH4I4K1LQFPNNDkViAKozP5E8k1fIcpGPRSPK9hRnr21w3+kJ8ruJl7TFWY0aqi0kemtXq2lZenFlaUEk2pilINGNZ16AZBAnuzafPRC76c4EVtEKlffKC+/4Oq3hXHneVoikJZYuJ0CP/mqKVzFf/HgfOxzDyGbtXsAZ1m+dcl25U81VzbEuvzGrgt3q7FNLwQ4heSeDNDkkSvotDWji8VT1W3IN6ShXZ+gHmL7UrY3HuG3BsuuekSHvmc1gXGOHOO/qKYkHeJ2NzZODhgh/xo/vbXiilQrNBnuoJ1cxPY8Xz0jAx6WfWqsTtahe2h4=
template:
metadata:
name: gitea-act-runner-secret

25
clusters/default/git-ops/gitea-act/gitea-act.yml
View File

@@ -19,26 +19,29 @@ spec:
app: gitea-act-runner
spec:
restartPolicy: Always
hostNetwork: true
volumes:
- name: docker-certs
emptyDir: {}
- name: runner-data
persistentVolumeClaim:
claimName: gitea-act-runner-longhorn
initContainers:
- name: wait-for-gitea
image: busybox
command:
- sh
- -c
- |
while ! nc -z gitea.akshun-lab.cc 443; do
echo "Waiting for Gitea to be ready..."
sleep 5
done
echo "Gitea is ready!"
containers:
- name: runner
image: gitea/act_runner@sha256:8477d5b61b655caad4449888bae39f1f34bebd27db56cb15a62dccb3dcf3a944
command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; /sbin/tini -- run.sh"]
readinessProbe:
exec:
command:
- sh
- -c
- |
nc -z gitea-int-service.git-ops.svc.cluster.local 3000
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 3
env:
- name: DOCKER_HOST
value: tcp://localhost:2376
@@ -64,7 +67,7 @@ spec:
- name: runner-data
mountPath: /data
- name: daemon
image: docker:29.1.3-dind
image: docker:29.0.2-dind
env:
- name: DOCKER_TLS_CERTDIR
value: /certs

19
clusters/default/git-ops/gitea/gitea-db.yml
View File

@@ -1,15 +1,15 @@
---
apiVersion: apps/v1
kind: StatefulSet
kind: Deployment
metadata:
name: gitea-db
namespace: git-ops
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: gitea-db
serviceName: gitea-db
replicas: 1
template:
metadata:
labels:
@@ -40,12 +40,7 @@ spec:
volumeMounts:
- name: gitea-db
mountPath: /var/lib/postgresql
volumeClaimTemplates:
- metadata:
name: gitea-db
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 2Gi
storageClassName: longhorn
volumes:
- name: gitea-db
persistentVolumeClaim:
claimName: gitea-db-new-longhorn

15
clusters/default/git-ops/gitea/gitea-pvc.yml
View File

@@ -12,3 +12,18 @@ spec:
requests:
storage: 2Gi
storageClassName: longhorn
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitea-db-new-longhorn
namespace: git-ops
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 2Gi
storageClassName: longhorn

12
clusters/default/git-ops/gitea/gitea-svc.yml
View File

@@ -16,7 +16,7 @@ spec:
targetPort: 3000
protocol: TCP
name: http
- port: 22
- port: 222
targetPort: 22
name: ssh
@@ -38,12 +38,12 @@ spec:
apiVersion: v1
kind: Service
metadata:
name: gitea-db
name: gitea-db-service
namespace: git-ops
spec:
ports:
- port: 5432
targetPort: 5432
selector:
app: gitea-db
clusterIP: None
ports:
- protocol: TCP
port: 5432
targetPort: 5432

25
clusters/default/git-ops/gitea/gitea.yml
View File

@@ -16,19 +16,20 @@ spec:
labels:
app: gitea-app
spec:
initContainers:
- name: wait-for-db
image: busybox
command:
- sh
- -c
- |
until nc -z -v -w30 gitea-db-service 5432; do
echo "Waiting for psql database to be ready"
sleep 2
done
containers:
- name: gitea
image: gitea/gitea:1.25.3
readinessProbe:
exec:
command:
- sh
- -c
- |
nc -z gitea-db.git-ops.svc.cluster.local 5432
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 3
image: gitea/gitea:1.25.2
ports:
- containerPort: 22
name: ssh
@@ -42,7 +43,7 @@ spec:
- name: GITEA__database__DB_TYPE
value: "postgres"
- name: GITEA__database__HOST
value: "gitea-db.git-ops.svc.cluster.local:5432"
value: "gitea-db-service:5432"
- name: GITEA__database__NAME
value: "gitea"
- name: GITEA__database__USER

2
clusters/default/git-ops/semaphore/semaphore-configmap.yml
View File

@@ -6,7 +6,7 @@ metadata:
namespace: git-ops
data:
SEMAPHORE_DB_USER: "semaphore"
SEMAPHORE_DB_HOST: "semaphore-db"
SEMAPHORE_DB_HOST: "localhost"
SEMAPHORE_DB_PORT: "3306"
SEMAPHORE_DB_DIALECT: "mysql"
SEMAPHORE_DB: "semaphore"

46
clusters/default/git-ops/semaphore/semaphore-db.yml
View File

@@ -1,46 +0,0 @@
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: semaphore-db
namespace: git-ops
spec:
selector:
matchLabels:
app: semaphore-db
serviceName: semaphore-db
replicas: 1
template:
metadata:
labels:
app: semaphore-db
spec:
containers:
- name: mysql
image: mysql:9.5.0
ports:
- containerPort: 3306
env:
- name: MYSQL_RANDOM_ROOT_PASSWORD
value: "'yes'"
- name: MYSQL_DATABASE
value: "semaphore"
- name: MYSQL_USER
value: "semaphore"
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: semaphore-secrets
key: mysql_password
volumeMounts:
- name: semaphore-db
mountPath: /var/lib/mysql
volumeClaimTemplates:
- metadata:
name: semaphore-db
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 2Gi
storageClassName: longhorn

2
clusters/ipv6/git-ops/gitea/gitea-pvc.yml → clusters/default/git-ops/semaphore/semaphore-pvc.yml
View File

@@ -2,7 +2,7 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitea-app-longhorn
name: semaphore-longhorn
namespace: git-ops
spec:
accessModes:

17
clusters/default/git-ops/semaphore/semaphore-svc.yml
View File

@@ -12,20 +12,5 @@ spec:
selector:
app: semaphore
ports:
- name: http
port: 3002
- port: 3002
targetPort: 3000
---
apiVersion: v1
kind: Service
metadata:
name: semaphore-db
namespace: git-ops
spec:
selector:
app: semaphore-db
ports:
- port: 3306
targetPort: 3306
clusterIP: None

41
clusters/default/git-ops/semaphore/semaphore.yml
View File

@@ -16,22 +16,33 @@ spec:
labels:
app: semaphore
spec:
initContainers:
- name: mysql
image: mysql:9.5.0
restartPolicy: Always
ports:
- containerPort: 3306
env:
- name: MYSQL_RANDOM_ROOT_PASSWORD
value: "'yes'"
- name: MYSQL_DATABASE
value: "semaphore"
- name: MYSQL_USER
value: "semaphore"
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: semaphore-secrets
key: mysql_password
volumeMounts:
- name: db
mountPath: /var/lib/mysql
subPath: db
containers:
- name: semaphore
image: public.ecr.aws/semaphore/pro/server:v2.16.47
readinessProbe:
exec:
command:
- sh
- -c
- |
nc -z semaphore-db.git-ops.svc.cluster.local 3306
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 3
image: public.ecr.aws/semaphore/pro/server:v2.16.45
ports:
- name: http
containerPort: 3000
- containerPort: 3000
envFrom:
- configMapRef:
name: semaphore-config
@@ -51,3 +62,7 @@ spec:
secretKeyRef:
name: semaphore-secrets
key: key
volumes:
- name: db
persistentVolumeClaim:
claimName: semaphore-longhorn

6
clusters/default/helm/cert-manager/cert-manager-release.yml
View File

@@ -5,16 +5,16 @@ metadata:
name: cert-manager
namespace: cert-manager
spec:
interval: 6h
interval: 24h
chart:
spec:
chart: cert-manager
version: "v1.19.2"
version: "v1.19.1"
sourceRef:
kind: HelmRepository
name: jetstack
namespace: flux-system
interval: 6h
interval: 24h
install:
remediation:
retries: 3

2
clusters/default/helm/cert-manager/cert-manager-repo.yml
View File

@@ -5,5 +5,5 @@ metadata:
name: jetstack
namespace: flux-system
spec:
interval: 6h
interval: 24h
url: https://charts.jetstack.io

4
clusters/default/helm/csi-driver-smb/csi-driver-smb-release.yml
View File

@@ -5,7 +5,7 @@ metadata:
name: csi-driver-smb
namespace: kube-system
spec:
interval: 6h
interval: 24h
chart:
spec:
chart: csi-driver-smb
@@ -14,7 +14,7 @@ spec:
kind: HelmRepository
name: csi-driver-smb
namespace: flux-system
interval: 6h
interval: 24h
install:
createNamespace: true
upgrade:

2
clusters/default/helm/csi-driver-smb/csi-driver-smb-repo.yml
View File

@@ -5,5 +5,5 @@ metadata:
name: csi-driver-smb
namespace: flux-system
spec:
interval: 6h
interval: 24h
url: https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts

289
clusters/default/helm/gpu-operator/gpu-operator-policy.yml
View File

@@ -1,289 +0,0 @@
apiVersion: nvidia.com/v1
kind: ClusterPolicy
metadata:
annotations:
meta.helm.sh/release-name: gpu-operator
meta.helm.sh/release-namespace: gpu-operator
generation: 2
labels:
app.kubernetes.io/component: gpu-operator
app.kubernetes.io/instance: gpu-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: gpu-operator
app.kubernetes.io/version: v25.3.2
helm.sh/chart: gpu-operator-v25.3.2
helm.toolkit.fluxcd.io/name: gpu-operator
helm.toolkit.fluxcd.io/namespace: gpu-operator
name: cluster-policy
spec:
ccManager:
defaultMode: "off"
enabled: false
env: []
image: k8s-cc-manager
imagePullPolicy: IfNotPresent
repository: nvcr.io/nvidia/cloud-native
version: v0.1.1
cdi:
default: false
enabled: false
daemonsets:
labels:
app.kubernetes.io/managed-by: gpu-operator
helm.sh/chart: gpu-operator-v25.3.2
priorityClassName: system-node-critical
rollingUpdate:
maxUnavailable: "1"
tolerations:
- effect: NoSchedule
key: nvidia.com/gpu
operator: Exists
updateStrategy: RollingUpdate
dcgm:
enabled: false
image: dcgm
imagePullPolicy: IfNotPresent
repository: nvcr.io/nvidia/cloud-native
version: 4.2.3-1-ubuntu22.04
dcgmExporter:
enabled: true
env:
- name: DCGM_EXPORTER_LISTEN
value: :9400
- name: DCGM_EXPORTER_KUBERNETES
value: "true"
- name: DCGM_EXPORTER_COLLECTORS
value: /etc/dcgm-exporter/dcp-metrics-included.csv
image: dcgm-exporter
imagePullPolicy: IfNotPresent
repository: nvcr.io/nvidia/k8s
serviceMonitor:
additionalLabels: {}
enabled: false
honorLabels: false
interval: 15s
relabelings: []
version: 4.2.3-4.1.3-ubuntu22.04
devicePlugin:
config:
default: any
name: time-slicing-config
enabled: true
env:
- name: PASS_DEVICE_SPECS
value: "true"
- name: FAIL_ON_INIT_ERROR
value: "true"
- name: DEVICE_LIST_STRATEGY
value: envvar
- name: DEVICE_ID_STRATEGY
value: uuid
- name: NVIDIA_VISIBLE_DEVICES
value: all
- name: NVIDIA_DRIVER_CAPABILITIES
value: all
image: k8s-device-plugin
imagePullPolicy: IfNotPresent
repository: nvcr.io/nvidia
version: v0.17.3
driver:
certConfig:
name: ""
enabled: false
image: driver
imagePullPolicy: IfNotPresent
kernelModuleConfig:
name: ""
licensingConfig:
configMapName: ""
nlsEnabled: true
manager:
env:
- name: ENABLE_GPU_POD_EVICTION
value: "true"
- name: ENABLE_AUTO_DRAIN
value: "false"
- name: DRAIN_USE_FORCE
value: "false"
- name: DRAIN_POD_SELECTOR_LABEL
value: ""
- name: DRAIN_TIMEOUT_SECONDS
value: 0s
- name: DRAIN_DELETE_EMPTYDIR_DATA
value: "false"
image: k8s-driver-manager
imagePullPolicy: IfNotPresent
repository: nvcr.io/nvidia/cloud-native
version: v0.8.0
rdma:
enabled: false
useHostMofed: false
repoConfig:
configMapName: ""
repository: nvcr.io/nvidia
startupProbe:
failureThreshold: 120
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 60
upgradePolicy:
autoUpgrade: true
drain:
deleteEmptyDir: false
enable: false
force: false
timeoutSeconds: 300
maxParallelUpgrades: 1
maxUnavailable: 25%
podDeletion:
deleteEmptyDir: false
force: false
timeoutSeconds: 300
waitForCompletion:
timeoutSeconds: 0
useNvidiaDriverCRD: false
usePrecompiled: false
version: 570.148.08
virtualTopology:
config: ""
gdrcopy:
enabled: false
image: gdrdrv
imagePullPolicy: IfNotPresent
repository: nvcr.io/nvidia/cloud-native
version: v2.5
gfd:
enabled: true
env:
- name: GFD_SLEEP_INTERVAL
value: 60s
- name: GFD_FAIL_ON_INIT_ERROR
value: "true"
image: k8s-device-plugin
imagePullPolicy: IfNotPresent
repository: nvcr.io/nvidia
version: v0.17.3
hostPaths:
driverInstallDir: /run/nvidia/driver
rootFS: /
kataManager:
config:
artifactsDir: /opt/nvidia-gpu-operator/artifacts/runtimeclasses
runtimeClasses:
- artifacts:
pullSecret: ""
url: nvcr.io/nvidia/cloud-native/kata-gpu-artifacts:ubuntu22.04-535.54.03
name: kata-nvidia-gpu
nodeSelector: {}
- artifacts:
pullSecret: ""
url: nvcr.io/nvidia/cloud-native/kata-gpu-artifacts:ubuntu22.04-535.86.10-snp
name: kata-nvidia-gpu-snp
nodeSelector:
nvidia.com/cc.capable: "true"
enabled: false
image: k8s-kata-manager
imagePullPolicy: IfNotPresent
repository: nvcr.io/nvidia/cloud-native
version: v0.2.3
mig:
strategy: single
migManager:
config:
default: all-disabled
name: default-mig-parted-config
enabled: true
env:
- name: WITH_REBOOT
value: "false"
gpuClientsConfig:
name: ""
image: k8s-mig-manager
imagePullPolicy: IfNotPresent
repository: nvcr.io/nvidia/cloud-native
version: v0.12.2-ubuntu20.04
nodeStatusExporter:
enabled: false
image: gpu-operator-validator
imagePullPolicy: IfNotPresent
repository: nvcr.io/nvidia/cloud-native
version: v25.3.2
operator:
defaultRuntime: docker
initContainer:
image: cuda
imagePullPolicy: IfNotPresent
repository: nvcr.io/nvidia
version: 12.8.1-base-ubi9
runtimeClass: nvidia
psa:
enabled: false
sandboxDevicePlugin:
enabled: true
image: kubevirt-gpu-device-plugin
imagePullPolicy: IfNotPresent
repository: nvcr.io/nvidia
version: v1.3.1
sandboxWorkloads:
defaultWorkload: container
enabled: false
toolkit:
enabled: true
env:
- name: CONTAINERD_SOCKET
value: /run/k3s/containerd/containerd.sock
- name: CONTAINERD_CONFIG
value: /var/lib/rancher/k3s/agent/etc/containerd/config.toml
image: container-toolkit
imagePullPolicy: IfNotPresent
installDir: /usr/local/nvidia
repository: nvcr.io/nvidia/k8s
version: v1.17.8-ubuntu20.04
validator:
image: gpu-operator-validator
imagePullPolicy: IfNotPresent
plugin:
env:
- name: WITH_WORKLOAD
value: "false"
repository: nvcr.io/nvidia/cloud-native
version: v25.3.2
vfioManager:
driverManager:
env:
- name: ENABLE_GPU_POD_EVICTION
value: "false"
- name: ENABLE_AUTO_DRAIN
value: "false"
image: k8s-driver-manager
imagePullPolicy: IfNotPresent
repository: nvcr.io/nvidia/cloud-native
version: v0.8.0
enabled: true
image: cuda
imagePullPolicy: IfNotPresent
repository: nvcr.io/nvidia
version: 12.8.1-base-ubi9
vgpuDeviceManager:
config:
default: default
name: ""
enabled: true
image: vgpu-device-manager
imagePullPolicy: IfNotPresent
repository: nvcr.io/nvidia/cloud-native
version: v0.3.0
vgpuManager:
driverManager:
env:
- name: ENABLE_GPU_POD_EVICTION
value: "false"
- name: ENABLE_AUTO_DRAIN
value: "false"
image: k8s-driver-manager
imagePullPolicy: IfNotPresent
repository: nvcr.io/nvidia/cloud-native
version: v0.8.0
enabled: false
image: vgpu-manager
imagePullPolicy: IfNotPresent

6
clusters/default/helm/gpu-operator/gpu-operator-release.yml
View File

@@ -5,16 +5,16 @@ metadata:
name: gpu-operator
namespace: gpu-operator
spec:
interval: 6h
interval: 24h
chart:
spec:
chart: gpu-operator
version: "v25.10.1"
version: "v25.3.2"
sourceRef:
kind: HelmRepository
name: nvidia
namespace: flux-system
interval: 6h
interval: 24h
install:
createNamespace: true
upgrade:

2
clusters/default/helm/gpu-operator/gpu-operator-repo.yml
View File

@@ -5,5 +5,5 @@ metadata:
name: nvidia
namespace: flux-system
spec:
interval: 6h
interval: 24h
url: https://helm.ngc.nvidia.com/nvidia

2
clusters/default/helm/intel-gpu/intel-device-operator.yml
View File

@@ -9,7 +9,7 @@ spec:
chart:
spec:
chart: intel-device-plugins-operator
version: "0.34.1"
version: "0.34.0"
sourceRef:
kind: HelmRepository
name: intel

6
clusters/default/helm/intel-gpu/intel-plugin-operator.yml
View File

@@ -5,16 +5,16 @@ metadata:
name: gpu-device-plugin
namespace: gpu-operator
spec:
interval: 6h
interval: 24h
chart:
spec:
chart: intel-device-plugins-gpu
version: "0.34.1"
version: "0.34.0"
sourceRef:
kind: HelmRepository
name: intel
namespace: flux-system
interval: 6h
interval: 24h
install:
remediation:
retries: 3

2
clusters/default/helm/intel-gpu/intel-repo.yml
View File

@@ -5,5 +5,5 @@ metadata:
name: intel
namespace: flux-system
spec:
interval: 6h
interval: 24h
url: https://intel.github.io/helm-charts

4
clusters/default/helm/longhorn/longhorn-release.yml
View File

@@ -5,7 +5,7 @@ metadata:
name: longhorn
namespace: longhorn-system
spec:
interval: 6h
interval: 24h
chart:
spec:
chart: longhorn
@@ -14,7 +14,7 @@ spec:
kind: HelmRepository
name: longhorn
namespace: flux-system
interval: 6h
interval: 24h
install:
createNamespace: true
upgrade:

2
clusters/default/helm/longhorn/longhorn-repo.yml
View File

@@ -5,5 +5,5 @@ metadata:
name: longhorn
namespace: flux-system
spec:
interval: 6h
interval: 24h
url: https://charts.longhorn.io

6
clusters/default/helm/metallb/metallb-release.yml
View File

@@ -5,16 +5,16 @@ metadata:
name: metallb
namespace: metallb-system
spec:
interval: 6h
interval: 24h
chart:
spec:
chart: metallb
version: "0.15.3"
version: "0.15.2"
sourceRef:
kind: HelmRepository
name: metallb
namespace: flux-system
interval: 6h
interval: 24h
install:
createNamespace: true
upgrade:

2
clusters/default/helm/metallb/metallb-repo.yml
View File

@@ -5,5 +5,5 @@ metadata:
name: metallb
namespace: flux-system
spec:
interval: 6h
interval: 24h
url: https://metallb.github.io/metallb

14
clusters/default/helm/ollama/ollama-pvc.yml
View File

@@ -1,14 +0,0 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ollama-longhorn
namespace: tools
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 10Gi
storageClassName: longhorn

35
clusters/default/helm/ollama/ollama-release.yml
View File

@@ -1,35 +0,0 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: ollama
namespace: tools
spec:
interval: 6h
chart:
spec:
chart: ollama
version: "1.36.0"
sourceRef:
kind: HelmRepository
name: ollama
namespace: flux-system
interval: 6h
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
ollama:
gpu:
enabled: true
type: nvidia
service:
type: LoadBalancer
port: 2123
runtimeClassName: nvidia
persistentVolume:
enabled: true
existingClaim: ollama-longhorn

9
clusters/default/helm/ollama/ollama-repo.yml
View File

@@ -1,9 +0,0 @@
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: ollama
namespace: flux-system
spec:
interval: 6h
url: https://otwld.github.io/ollama-helm/

6
clusters/default/helm/prometheus/prometheus-release.yml
View File

@@ -5,16 +5,16 @@ metadata:
name: prometheus
namespace: monitoring
spec:
interval: 6h
interval: 24h
chart:
spec:
chart: prometheus
version: "28.0.0"
version: "27.46.0"
sourceRef:
kind: HelmRepository
name: prometheus-community
namespace: flux-system
interval: 6h
interval: 24h
install:
remediation:
retries: 3

2
clusters/default/helm/prometheus/prometheus-repo.yml
View File

@@ -5,5 +5,5 @@ metadata:
name: prometheus-community
namespace: flux-system
spec:
interval: 6h
interval: 24h
url: https://prometheus-community.github.io/helm-charts

2
clusters/default/helm/sealed-secrets/sealed-secrets-release.yaml
View File

@@ -15,7 +15,7 @@ spec:
version: '>=1.15.0-0'
install:
crds: Create
interval: 6h
interval: 24h
releaseName: sealed-secrets-controller
upgrade:
crds: CreateReplace

2
clusters/default/helm/sealed-secrets/sealed-secrets-repo.yml
View File

@@ -5,5 +5,5 @@ metadata:
name: sealed-secrets
namespace: flux-system
spec:
interval: 6h
interval: 24h
url: https://bitnami-labs.github.io/sealed-secrets

2
clusters/default/media/ersatztv/ersatztv.yml
View File

@@ -18,7 +18,7 @@ spec:
spec:
containers:
- name: ersatztv
image: jasongdove/ersatztv:v25.9.0
image: jasongdove/ersatztv:v25.8.0
ports:
- containerPort: 8409
volumeMounts:

41
clusters/default/media/immich/immich-db.yml
View File

@@ -1,33 +1,30 @@
---
apiVersion: apps/v1
kind: StatefulSet
kind: Deployment
metadata:
name: immich-psql
name: immich-db
namespace: media
spec:
selector:
matchLabels:
app: immich-psql
serviceName: immich-psql
replicas: 1
app: immich-db
template:
metadata:
labels:
app: immich-psql
app: immich-db
spec:
initContainers:
- name: cleanup
image: busybox
command: ['sh', '-c', 'rm -rf /var/lib/postgresql/data/lost+found']
volumeMounts:
- name: immich-db
mountPath: /var/lib/postgresql/data
containers:
- name: redis
image: docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571
env:
- name: REDIS_HOSTNAME
value: "localhost"
ports:
- containerPort: 6379
- name: immich-psql
image: ghcr.io/immich-app/postgres:14-vectorchord0.3.0-pgvectors0.2.0
ports:
- containerPort: 5432
name: postgres
env:
- name: POSTGRES_PASSWORD
valueFrom:
@@ -42,13 +39,9 @@ spec:
value: "--data-checksums"
volumeMounts:
- mountPath: /var/lib/postgresql/data
name: immich-db
volumeClaimTemplates:
- metadata:
name: immich-db
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 5Gi
storageClassName: longhorn
name: immich
volumes:
- name: immich
nfs:
server: 10.0.0.10
path: /home/akshun/immich-data

2
clusters/default/media/immich/immich-ml.yml
View File

@@ -19,7 +19,7 @@ spec:
runtimeClassName: nvidia
containers:
- name: immich-machine-learning
image: ghcr.io/immich-app/immich-machine-learning:v2.4.1-cuda
image: ghcr.io/immich-app/immich-machine-learning:v2.3.1-cuda
ports:
- containerPort: 3003
env:

23
clusters/default/media/immich/immich-redis.yml
View File

@@ -1,23 +0,0 @@
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: immich-redis
namespace: media
spec:
selector:
matchLabels:
app: immich-redis
serviceName: immich-redis
replicas: 1
template:
metadata:
labels:
app: immich-redis
spec:
containers:
- name: redis
image: docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571
ports:
- containerPort: 6379
name: redis

14
clusters/default/media/immich/immich-svc.yml
View File

@@ -36,28 +36,26 @@ spec:
apiVersion: v1
kind: Service
metadata:
name: immich-psql
name: immich-psql-service
namespace: media
spec:
selector:
app: immich-psql
app: immich-db
ports:
- name: postgres
- protocol: TCP
port: 5432
targetPort: 5432
clusterIP: None
---
apiVersion: v1
kind: Service
metadata:
name: immich-redis
name: immich-redis-service
namespace: media
spec:
selector:
app: immich-redis
app: immich-db
ports:
- name: redis
- protocol: TCP
port: 6379
targetPort: 6379
clusterIP: None

47
clusters/default/media/immich/immich.yml
View File

@@ -16,37 +16,48 @@ spec:
labels:
app: immich-app
spec:
initContainers:
- name: wait-for-redis
image: busybox
command:
- sh
- -c
- |
until nc -z -v -w30 immich-redis-service 6379; do
echo "Waiting for redis database to be ready..."
sleep 2
done
- name: wait-for-psql
image: busybox
command:
- sh
- -c
- |
until nc -z -v -w30 immich-psql-service 5432; do
echo "Waiting for psql database to be ready"
sleep 2
done
containers:
- name: immich-server
image: ghcr.io/immich-app/immich-server:v2.4.1
readinessProbe:
exec:
command:
- sh
- -c
- |
pg_isready -h immich-psql.media.svc.cluster.local -U postgres -p 5432
initialDelaySeconds: 10
periodSeconds: 5
failureThreshold: 5
image: ghcr.io/immich-app/immich-server:v2.3.1
ports:
- containerPort: 2283
env:
- name: TZ
value: "Asia/Kolkata"
- name: REDIS_HOSTNAME
value: "immich-redis.media.svc.cluster.local"
- name: DB_USERNAME
value: "postgres"
- name: DB_DATABASE_NAME
value: "immich"
- name: DB_HOSTNAME
value: "immich-psql.media.svc.cluster.local"
value: "immich-redis-service"
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: immich-postgres-secret
key: password
- name: DB_USERNAME
value: "postgres"
- name: DB_DATABASE_NAME
value: "immich"
- name: DB_HOSTNAME
value: "immich-psql-service"
volumeMounts:
- mountPath: /usr/src/app/upload
name: pictures

28
clusters/default/media/invidious/invidious-companion.yml
View File

@@ -1,28 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: invidious-companion
namespace: media
spec:
selector:
matchLabels:
app: invidious-companion
template:
metadata:
labels:
app: invidious-companion
spec:
containers:
- name: inv-companion
image: quay.io/invidious/invidious-companion@sha256:639c8b32dec2e0200c36ed369cf494eb0ca765fdb14d5890d7f460c89a34272d
env:
- name: SERVER_SECRET_KEY
valueFrom:
secretKeyRef:
name: invidious-secrets
key: INVIDIOUS_COMPANION_KEY
securityContext:
capabilities:
drop:
- ALL

4
clusters/default/media/invidious/invidious-config.yml
View File

@@ -10,10 +10,10 @@ data:
dbname: invidious
user: kemal
password: ${INVIDIOUS_DB_PASSWORD}
host: invidious-db.media.svc.cluster.local
host: localhost
port: 5432
check_tables: true
invidious_companion:
- private_url: "http://invidious-companion-service.media.svc.cluster.local:8282/companion"
- private_url: "http://localhost:8282/companion"
invidious_companion_key: ${INVIDIOUS_COMPANION_KEY}
hmac_key: ${INVIDIOUS_HMAC_KEY}

59
clusters/default/media/invidious/invidious-db.yml
View File

@@ -1,59 +0,0 @@
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: invidious-db
namespace: media
spec:
selector:
matchLabels:
app: invidious-db
serviceName: invidious-db
replicas: 1
template:
metadata:
labels:
app: invidious-db
spec:
initContainers:
- name: clean-db-dir
image: busybox
command:
- sh
- -c
- |
rm -rf /var/lib/postgresql/lost+found
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql
containers:
- name: postgres
image: postgres:18
env:
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
name: invidious-db-secrets
key: postgres-db
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: invidious-db-secrets
key: postgres-user
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: invidious-db-secrets
key: postgres-password
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql
volumeClaimTemplates:
- metadata:
name: postgres-data
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
storageClassName: longhorn

4
clusters/ipv6/tools/paperless-ngx/paperless-pvc.yml → clusters/default/media/invidious/invidious-pvc.yml
View File

@@ -2,8 +2,8 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: paperless-longhorn
namespace: tools
name: invidious-longhorn
namespace: media
spec:
accessModes:
- ReadWriteOnce

27
clusters/default/media/invidious/invidious-svc.yml
View File

@@ -15,30 +15,3 @@ spec:
- port: 3111
targetPort: 3000
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
name: invidious-companion-service
namespace: media
spec:
selector:
app: invidious-companion
ports:
- port: 8282
targetPort: 8282
---
apiVersion: v1
kind: Service
metadata:
name: invidious-db
namespace: media
spec:
selector:
app: invidious-db
ports:
- port: 5432
targetPort: 5432
clusterIP: None

55
clusters/default/media/invidious/invidious.yml
View File

@@ -33,6 +33,51 @@ spec:
- name: tmp
mountPath: /mnt
subPath: invidious.yml
- name: clean-db-dir
image: busybox
command:
- sh
- -c
- |
rm -rf /var/lib/postgresql/lost+found
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql
- name: postgres
image: postgres:18
restartPolicy: Always
env:
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
name: invidious-db-secrets
key: postgres-db
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: invidious-db-secrets
key: postgres-user
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: invidious-db-secrets
key: postgres-password
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql
- name: inv-companion
image: quay.io/invidious/invidious-companion@sha256:4f2902d95ed38569533812f2956ce2b07dd883562ebc735260ad82513fac6598
restartPolicy: Always
env:
- name: SERVER_SECRET_KEY
valueFrom:
secretKeyRef:
name: invidious-secrets
key: INVIDIOUS_COMPANION_KEY
securityContext:
capabilities:
drop:
- ALL
containers:
- name: invidious
image: quay.io/invidious/invidious@sha256:2836b5b8226a53a9cc2afdbd5f5fe6bccdd200f2e17cd92a828b4dc8d8b5cc06
@@ -42,13 +87,6 @@ spec:
- |
export INVIDIOUS_CONFIG="$(cat /mnt/invidious.yml)" &&
exec /invidious/invidious
readinessProbe:
exec:
command:
- sh
- -c
- |
nc -z invidious-db.media.svc.cluster.local 5432 && nc -z invidious-companion-service.media.svc.cluster.local 8282
env:
- name: INVIDIOUS_PORT
value: "3000"
@@ -68,3 +106,6 @@ spec:
- name: invidious-config
configMap:
name: invidious-config
- name: postgres-data
persistentVolumeClaim:
claimName: invidious-longhorn

12
clusters/default/media/jellyfin/jellyfin-pvc.yml
View File

@@ -2,13 +2,13 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jellyfin-pvc
name: jellyfin-longhorn
namespace: media
spec:
resources:
requests:
storage: 5Gi
storageClassName: longhorn
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 15Gi
storageClassName: longhorn

4
clusters/default/media/jellyfin/jellyfin.yml
View File

@@ -18,7 +18,7 @@ spec:
spec:
containers:
- name: jellyfin
image: jellyfin/jellyfin:10.11.5
image: jellyfin/jellyfin:10.11.3
ports:
- containerPort: 8096
volumeMounts:
@@ -40,7 +40,7 @@ spec:
volumes:
- name: config
persistentVolumeClaim:
claimName: jellyfin-pvc
claimName: jellyfin-longhorn
- name: cache
emptyDir: {}
- name: media

32
clusters/default/monitoring/homepage/home-secrets.yml
View File

@@ -6,23 +6,21 @@ metadata:
namespace: monitoring
spec:
encryptedData:
ALLOWED_HOSTS: AgAwNxnFMRAE5sHGwA+CWTVKGkL4ompOb2alObZfiM2x2GkuQoeNEIKAgW1nZSIJnn60NZd7zwG6xNS/hFXVEzLQ0+07Aqd9zORQr8MLe0rBJxXPjp2RHzHuW/DSh5cadjanwuazZ5LSfDGKtwI1xC2qdIpM+eUUxfu5QozSGiOuM8eSzi0t7uwa9yvYI80+J7NErJBhOiKiUf+CUtd6UA2upBXHNgs2fcu2o89XtjGzP3k+fjA4GcLugLJ8HOAcF5JWNAUlWBuLPoDiAbSsTYavpbl05bghbTqyPIhaX9ifDA1wyZOjYywITZ1SUE1Av61l8GT9DfHEvgORvweuONRoUyi8o1aLDc2idIlQQTSwzsP3O/Z+iiGLWi3fo4/4KuMDqDWNmTtiuRiYEqhE33bt4IXhiQDQweanqyb4QboXORmmKfuqyzgC1RFd2foKVSDaFUkKeQDiLUCTBt2QNJPPD+4Grxa/KDujIWBV9eDiWQIM7qsQPn+4/fZA+h8nn++o1u/Faz3fE3q1NznsvMXIeBqYx/s93K2M9pGvDjrwHs7nIXalg+QzIFLP3wHTbKshwBgF9zcRiioblBucTjvy2MRv9VgaJDjcMhfSSWuyFsSkQNNQUkyud1XbPZ/563LKArqmOONU/x9X0tx3cdL3X3KcmwaCNijulWG4UGTHVTfAKNHnRgtIy+S8LoAnnXq8Mw9y7gjqzECT4KfWiN7BGkc=
BAZARR_API_KEY: AgBEsWcgL2EBxfwz56b5qbTyeqY/5q40Sm2V2gmmb+y+/4irQi8CVdUdb3CwlIhoMrB7qCWyGMps9wHx+KMWWc2xqAN+0x0mw1KliVEPQhdbdTnn6/gEHar3mjVj6wFvgXy2I8YPlWNiqKtFyyNWs6KrbvwCh5qHPNqVRUgNAT64z+WWDsPbaDLta3+x6IV+zQLvQELU+R2F5uoJb/dkgmtl97NdUT+/esc61B1MkSkg5cy49N9jzuKsZpvtusSFIJvzr2tTJxviS3mzHk2SqmfZcjZhgo9YerJXnlLvW9dYME6FVMeWG4NkU1Nid4Obcr1UKc6zi6YnF7g6lCg1R3dehVkcdUacbxcaJGTX495ugWDJqKcGXJiHd+2iL9VVjGpRIK9mLy6a3FliPURfw4yjhbLh4GJAd9GJEpj943cJAOxookeiuimJwmtHszcxlUqXJI+n6NcTdesT/F+MzNTC10X7ikR3osBm5FdB1IXpLDlcyLZY/IjsnbGUtSica6HyPBenW7kZHsEDU+tVCggHCrLS7vPmK/Wjj3D9Ijza3guVOkvTf1pBI/9+9TDpXm93RLAAYf+e+TBOXIWtBBaPed9JGgxZZEmimedAjU0rc/mysPeZkfkgLUa6FafWEdiWhXHF4x85iSp3aXs8N5rY9bHswpht+U0F8DbquYSm74IPC9Af6GVUgFuxXpXnu8ePIGi9yRyi1u2QE8d3JZxJHzam6Fy/EFMhY/r4xSMr6A==
DOMAIN: AgAc/axtBDWTTaaefN4lv4mx0SAAxgIKGf1bnwtL9jsPolr+HwDCOHpkFZcvhA5BHvssRQM5w/3T8nSepCTsZ9V8AYhvKqPg9rRGEnmqnWiOdoBLT4yNXP6tDZ3vy/XawFRk//dA9aG9fbAzsJgqYrGOOOMEURb6U8GRS7+AamsEbsnm00D5xE0/16YUveW1pGNRm2EKlHJMGAnpnBqaVK4u7LyNyUf9UDt4KUyz+VdSB2Ij/bkuQyNRo2YFGnUBA0AxUo7ve4CdsRpcwL8TCPeUgng4A9p2Bmeo5Z1WuKExJWHfGWVX0fxNhHoVA462fg7HORc3asC/Gi+MnEDosE8NfpWhylW6TPzpuXu957jvZhs996JUFxGhgMRVn9KRRaXGdmNPo4BiD3JmKE9MX26nDO3tGrilc5d9vuhCchfu6RwWAxbbMpz9Y3LM6hP84bbeLbmEDZ6I/ILGxx1sggkcJF8IZ/QtC1JIg6p/T4+BfQzMIj00LVPxVEP97dw/hkiTP4xbwBTMRtCf8RF5DXprQXokE5hPtfpOpRyLFnlhvXkHPMl1HgRUSmB3JvnVTf4Pf0tmvr5wS0shDI0SbjxeQMBO8wkTQcLMPH4g3wM2YL+az9hRnv7ZZ+P4duUghUReYIjgjaoG0UU8wTNxIFKnzLP6S7Ys0/8FxqM4ML0KHy2uW/Ip869UVupQY17+qQ+ek8dbuMIqE1kW3lLH
GITEA_API_KEY: AgCDvcSCoZHlgXRV2EQ9Axi5uVbXiqeWrgu7v5dzzjmSHz36bftH+PCR/NQwj79uCPfyDCMEqfYDK0Bypn+K0vPlf3vktAxOc6sxjh61ciZo9lu/FTRsmDV9thQA+ZTxJtYg6ZfyFaVd2/XxA3Lsh3Un530qwu2wTFC5raoyqIBkyZm83T6dlz4GhrteOAvGibOYWaEPcJlVslARqrzHg/rJK0nCNS88OhvIVLcIUq0j82boEB2CUqlLfP36kx2y0eUdOfQYgzTF2uGL7oZTEkXrb4+QG2+SY1NUCg4SS6CJbqP5TPFYDCpCoi4YNCd0De/YgOKoUBDs0gV/VHNRs/YgDbYcC30I9UL9Da3KSYcQtS9SMs57RcBNHPGE0WurP+E36RbodfuIAP6XPTBPvP93XDLavHNJesHAmcNX13hqx3Otzca4zC0IbIl67jNzPS4bo3Spta9FCtN589PMEzhm/YOxAaklttKQ4IqGS+yadIgKRbfUOEUnGEtFyk6IpcccXuNE6A2OKqVEbDHr2JCuCpsC0WT/Ysvkic1yoScetzsHtM1m9ASOZGvwJZnIxfzF5wOzmYo3QLJAWcDH3956NU8J18orpiifU9yyRk7viQYH07AarjoRwR97nN1JlP1CJ9p3+vdxgBtnwpQDKeJUnVtq5OpqzyGJ7ZTlNb694rNE+rY1Ufm+1vVUUv/8B7yGxi6YT2kzQia7aWIkP2B3ngaZPt4EkJwCgITkB1qTl2SJZvjNDJxg
IMMICH_API_KEY: AgAsbCSTCRY3aiCtCEsg9uF49S3TF++x6tPr9MRiYt0xYLv28oZk1Y0E/aiX63MfRAh/WGu3zp0qPlQ6vb/Op8CT62uHZZ+Ngm33C1YS/ZyMzmyMqKaNg8kTpUdW9h6gb6HVdRtJmtCwjJMgpVocnItS7Swg/GPTPwNit2Vq6S5D/qK2uG+dkWFWaF11looSkpmG2l90LWRFK02p16vIdRW3wieJtBeo9mkuNPMu06toX6iAM3OaoWqFVeU0skTPvM55r7JN4kckpjxf+UwZw07tDAOyWlOoCpPy+tzr0Ezyd3mp4FwlgB5RVJwLsHRgqQ9QsBjKdQ5EOyhIo0g3J7jhkRTZblUcv+Q8zsMrE2uwYsSxx7Lu5bp1QjiZHAHZ7AepwSPl0uLpAx+9x03lr4Y+vKTfPcRHRBqo+A6/vGwqdeNahnrTTMG8dO3akN15f6ssZvcYAI3YD4PiSWYHr18mu5IZGRnwwZkfrJGeMvbJAnQAOOJMP+VE3Ca3cVpbHQ878Fc3ZbYVrhJveJY45i9OIiPjzm4h1hM/ISzMmeECb2unQsjzlwtbXMeRf9/HzwICBBa8XmBiDFb9p9Xl9SCwF7hgzdtHi7p8B+M13FShbwxplFHHLUBP/SR4TqWodMVad8JfgT7LUs2+qN0BqNX8Ogltx9MyHUEGH+VZMkYr6l3HY+y1X8gv1SHHFsxkDT00nbEHlgHp8CMxXydIAGQT/QCFTqXY/G+v2Lo159KXyVVcmsS9vyBIFfc=
JELLYFIN_API_KEY: AgAMLEPLxHadKP7Ln+Y/zYXpROzPqTib9hiDE9EKqwlhdv93XX7+NUPC22jrkRBkR3/ICwOJs32v8cqD/T+3ERmN5vPphRyBRroONMRSfUfFRA3cqRDfTXKYFwoKJFCZBiOSarNcOpY+hmFM++4lhnsOOG6tk2Gt+C8WGQSynJ45YFDgyOQUFBT5FdQTbdEOMts7RY6MXtS5S11Ej9Ri7fckxjeKCidoagdvZt27GegiqRdOc0Zc1DJelqTorSYi4UZL4Tho2H9EHcGPR2s3XBfFNWXH94Rw6yh8bvtvMkvzeL8RLUDq+diciRZw6k7TvluF92TcQxkjfnryb/nIGV1cy1ccTrW0XcnBYD6A6pe4CPCKiTmlDZmTNDqWiPg4rVyhqjeUiMUgIK367gYY2H9rFlrZms6+tJe0KtQnFS+lAck3sSeyjavL5fv0A2MgL1zXd41fOWibSLMPP9D/v/lE5YuqJVFfj/AsMgGZx2K5yY0le7bAeVbIq8f0eoroAwL5OLd91IQD+YUzqBWhe41VXC5nuPSstAVDkg6RYJVB4mrO/m2hc6KsWK29m11qAFUImut0P4j1Rb5FOy2MhORbDv18mQu0pqoKVxnJQVgdTJ5puDxlCFfe/jzR8UcKlICu2LR/R5uyY5T0SQ04aI5bLp+RiZjU2SS5GfXDrjz7C7h7j15aEBgZNNggvcSTFr/kNZVczmBWxCah5ckTF/4pWr8WlS17YSvSxQT3OgYDRQ==
JELLYSEERR_API_KEY: AgCmBjM6O/Y/gsb+BXwCFhDu3dea/itAx6zGvz+ammVzUSPJE4+N4u4PEkT8ZUIay9Q8Uf3BERiidu2wcMdT5BJ74JhLRZdxMAjC1MbSz92DRKntWDxNm5q0FgRYrbSV8qWNhwG9vNROObNTmgLuxMw5RF2Py0IJxA2Yy8Lc+Ff3d95mkijjuKf4Q3VdI1Zk1mGuZhQbw4+yJE0SzeEv+dQlqWTXMWc74K3xXpEipEJSUMXj856vnTvUJlp5vCWZS3nCfEZoCdMrZ8cvx8iV8tRqGk3zGVaAekZKq+YMLe5ERbAHlNj0f0imJZ7IesVBUdkYEWZUzepMidiEIkITrFfTUKHUCZzfThCKJrQtl8c7d8dtPyklqA0HLcD2TsqAF5XO6fBrBXUm3+9B7siTFAZCfuit5Q2hon+Sx+uIEEwZMmwzf2RbpXQxXViK+Hs7NpeGPUqOH4HpagBzwzyrXu76swelnKSgMMo/D9iTR1ymnsc05t3MAp3ypRfqfvRWbUmpWZYiz5CejuUXecm7osZuz3vMoopBUI/q/aaLhs4+6DOGIWCme20wDo/Me+im29sDyCmcws+OscbkqmlXO2sqOBmwPbF0qzNXkIeeg/zqvSIR47/Pm97oMecu4o9YY6hei4+0I2bpe+CEs2vYaU6+hXB8M6mGauNrLH/0LB0J1dmwNzHlXnHPj/OhmG9MDUp0muasHKdoTRPFuFoW/vtqNTpEV43Be3tJu0ky9+8XuVGOA22lGCiv4ZLvldzrfg0xthq4iVa7+wr1enllzeNFvSM+oQ==
NEXTCLOUD_PASSWORD: AgCc8eCMeOs5UR7jCf30qivGD4Bd6SXewfRKmME6WBYMACiYctORNgt+Smwm3oFSGS6Rjtc3gfNmU87gvVamCcrzxIdOH8pT/I7uJBkhRz+dWNAevW4WsZmBqDh5oYkNWa42wSTZQQRsfR2fYUQaQB+EAf8eo08fGY/thWuDpH+QBvqn1ODCXJiRl2SUpax47/jxTkRCIrpWQkndjlAmTHwONaWKFHVYayY4HkkRq2Wdtq13u0Iq4Zo1AMYaX3p+3s1Uthlk6jDJuAkifZUqTn6vyvI6nT6lFN10ilf3SDxWbQmyZn39vwYCzOUWG3niCYogJRWO0vRd6GnTu7ndzmiumMz1Cp/4qyUiWN9jass4+rgwCi33Qz5zP1+YDKWmuDs1uRf6m+ub9nG/TvcT/b5U8luv3RIoaMc8yRt8IC2bHZzSmDVZSG/wLh2YPaRfzmx4YxjXTsvliONbPpZavnIm0gHrQnwvEla+1xba/CtpVjQa3F6h2tCFJuc7AgP7fGYt1PLuim5y4GfNfmZV3ZljMPUqJ/YjgXJ+Z1A+XRLKRWBcNzy9k0D31Z9m4R80D2uT/1rtHR43RNnuugRJND6ejs66rM2rdBdXLnrLra2XpByh9TShrCQS5ir+Hnl4mnVmEqIDQ19mANJtYNtmEBTo3xiyEQCPiq/xaSjDm8U6QeqkhbfXvFm59RxdVPQA1iHQBknS+cqyF6qGaw==
PIHOLE_API_KEY: AgAkXqWweu5cFLjJAusl6l85l+TsYRZRKf+mUbV3Lo6gtN4n07zJrOzFYH4u2GYkgPftfOaRZ/CpUOEJflkakXoTwru1L4THk0irP6yNqGvBNJF1b53+zH1hO1tAUM0B101fCmnJ3yZ50onExfwHL/mDAqyl0LlWaZ+9M/S4Kr3lqePhwdBRUv9UXaVBe5BtF4nLwnux/Ya6+lgJ9SvyD4ZQF6ueDYT2woUz4cJa1wqOVZVueS/wYobma6I5wrY3oQVT/feFCDsd8vf7uOcJDjwn/GobBeEhpc3yyti3vW+y9B+tmfvGGk2voAtxVDiN6ysHQQfO5pfqb1q92BREIZ18+jPdQQGXJ7BCvS3TIYhfMcW0EvZb5GgOyp26DZyVHIt+HZHKz2FTISli/EtHsXKUaxUQIEs5VouIDjX3gGRWWaHfMu/2neWJmlZcrRAZsOEHF0C4VXTzq7NsaTgCL6Qbp9QIlDaXMLvroGT/HHGfIcLY5kL0xneHsQyZrp/PqbUkEGCNdYopAuwmSdSbZoTMv6yJNUZFa9OYXqLzees4L6c+3POuKdpdBI3cMMllEmWMQGYgSa6Dw5hIpAUsKP5methfAsr7ASah2vQu6GYFcc5cI9dM4jt8ZAkLKPIummC1REuwdD/JAa+7XQRVqae/D/j8dcftwpuHMez5iKsahdKVInaCgG+bMt6PsnPu0+fGAl6yGbJ+39zl
PIHOLE_PASSWORD: AgAcUZTYElvizIHDgtvMTkS2XSHRrYYAzq29uwa3lyigqOyvvsw6F2WEySm6j0Oowv2Wb3uvm0ZLCydRy/Zk8Ba0B/pvTTnZs1n6mdN6KSC9WYW1vXxy2dtSFCQvEnEmnJN+BrsCfNCEJyQKreoJr8GdowJc367f8eghH02sJrJIai9SFU/h/4hn1ALqozLOBDxtM5PPG6AqTFh4InYcO0iaLiMuic0c7kEA7AALV96/OtkNfi0wr1JOfLpicm8yKwSOo0isEyHyF9rLohUgH261LAcS99XYdefYas4w1C6ex60xcP7lxJVGggoO8YRZY6pYtOjfa2zpWJh9JHl5Mo906B7GbTtqBvn7quoElxKN+Gjsv2gdzR6I1MWlzwW0MXuUGwrhX0I8NITOP6twRQgqKsf8ncXUvNPwpKDQ63g+abb8eboebEdq2titFVLIrPGey1y6SVbH15jnsL1eCaNdMvbAL4/e1wOoSDVgAuUREHo6NKG+U9T+GQ1VJor1n88gcpWddHq/Kok+SiNLW2d1dXTg5CSr5I2p35J/ShojFm6tBwjqtwLUgPlPrxDlm9EAW0N3nk0ATUXObx8xoqU+zJM2Utf2RXAN5BUkXdvNrGDREja/IXLaHZKilqg5qRs/HVxJwTDOOcWqCnJNXvcl/RJchN5AHEnz/8PoFtsZfcOEaVtmHwm4gAH5FKEZIErnuWKZIEWt1O6sTA==
PROWLARR_API_KEY: AgBlA/pCQWKVAw925RVAhSILv/aWfexF0GvmsQrRGD+vFkpW2W9aZG7p1fV+5hJkzyJaTBva6xO5Jd+2lksZo8/CpGyTioZQAo+mZKAanJVKKo/TJO4R729GyfZND4T5P55Kqj+CoLn/0RFE/HIQNa0YefzsW1IWXQv1AS5vFXwqLigZBaOBS8twQOk80bMHtb0K+EP2hSa1GZG++MGIV3QIy1xJ087cizf/wSrNg1ohafhRHZfA97+vfbm2HdJ98Y4sInwf1bF53cFNpHkhW3MYFLU8Oaw+tTKmmtTT0zDmFcIdnkNp6Fm2evISbmNyeDut+2J98hqRuPEkUCfV6Rv8lrm2DXkLfzmedmRMPnJLpYNJiJXiAs63JTd4kjfLwCmGPo6PH8ECRlOWsrkBxuQ48eoBq9E61p42hpLdtZynW0Z6cZLAQTx2obEnbBtOoJ2rhKkizbbijRLKWa9cMXtzqyoAOk0aE1VtTw5BfjIzBA2XWe4/FALLEHOkzJWW+TFEOLkHjMCM6E0mkRcVkUyOB9V8vG7Rj6qzkazp7lKl9CgxTs1mZpdhrTnfFy1axwifB0NZcm+fjjKTTqs+zmr6nCcZG++mTgkrh5jK+aiV4ItrKbGbPTHYtsdvuzVWYeNCfqlxa7ZsaLmfAMXiC6qPNvosSef3IHIyrKE8raqrHNEM5vZ4hhYRKmlJCVnAoAl4W49lzUbpGvMn5i1WRcFoMtzE8g6oELhBBTxTk+Y8Ag==
PROXMOX_BACKUP_SERVER_PASSWORD: AgBHdIz2VxogpHvgYujwMmt3tWF90GcbCp0czkgHHESsd2m7bJGPZfY0yA+hmQ1t+iAorjGwOKUfZQFSfI20nktTHFTRhknIpu52259KrjroDftDbE75AlFSqZ1Nc2+6yUkZe1N4+SJT56JBumV9p0qEggxImKuP0hdTPFdcPYYQcE/vKJAYh4ysIcXrcUGA+RTrd10hQd96F1/wxc7ljbY0m7pg/LDSO6lcUf0lVrNRg0MgDt5WIZXM2HsSlSSbH81dDOOXMjmcylQSZkB2Tbe11KSEj/NcovhW0AFQS2D8J40s/dJ9ez4F0YSiz1UB5AQZhneBoSLwUhFE+5smyliGMeyYTai4N5l02A69/JdQa5qf3wJ+MDAPsCbw/sqsP8wz3+mG5aznCjJcwZomaGuUi3O1y/UKl+4hNbiWlcxXLAHKcTpyX/EHWYH9mucbsz9PqO9BniEF5d78D3gTZyGMLeeWjFgshx7eFsw0UV++PTneF0TMacwJA0bp3lm2VrW5Ae5aSdEL6/RUZmny0wkkVPy8YUYpjsfm8nPbxTG6RqOZie8q05lEGKPxWWTO5b5OrQ2sepUSvIxBS+TsLLEKqqiBtRa4TYXBh+ChwTetHLK5cDbpS5XJbnfunovPtfgBRjikbuf0Ez3d9Rhz8BOToEzHTSW+gsGbUJcnCD/NESCOYEZqpcFNGDFL3vDSQgFr0Fnyd3SFZC4uIm4dzRI5urrlTBkQPBhgOaACjVJEjUYvCIE=
PROXMOX_PASSWORD: AgACQWEwrEjBcb6Y4GGrvGKgmKf2V6OhAh+WblEBBPilDa2lITukc7kKLIMF0jYmVCILV8reZ/ByBTTD+7mNuGlZZ7sogyyQlo4LI94pM/fdZCGk3RIwNglQtDfN2+/tF7F6JruBOq5Pf/9u0ZRk20XBQsqZIlWmD7Y8Ul3Cz2OYHpP6KJCNJrzjYEo1f7fkYqg+Rz0z+UVULisUlqbFbEfXXP5N0Z+lSs5vGcFC4MSamQngDX1BKlXbpKsaqNahnffgS/tgQWpQ7xPvdyQR2w3fnEKngQVPk9RKcQaLqxwmndTqy7HGsqII6wcn40cFMrE09+bCZmdZQTaSgiUZcTFLTEsnC0exWVtHiCbSaM+oHM77Q7efcvWY1CEdeI8k7jOOGfmJGZhkc+eqLMvqKYX16dw4A2ffhNn3Fj1+Mu+J/GNsytk7rTFgxdPNqx+QQZsziYdlhDoOTMO9LgEa7l/cLxRrK2hz/2inyKyLTFIkhZJrDniebNM0QHGkSCPHyhDStcQ2zGIy6JOIQsGkMXmrqnZebaYDk4hAmXQS8iJQTb+oFGFXWCO6Fd/VfOBzcN0Fiss/BQLuMH8MYisIl3+oHFALQ1Ovvhzc13U7bqgMBN+6oqg1w0VsM5kqJ54zy2A1RQg77itLBOwfgz2ftpbcySCn4ZeDNgu8KeT/TeY0JoujmM4i83hq0XLiO2GAJgKrHiuIYomg5staK109DzSLeHI0n4MAqZGuNp6hOv4JgyKhMI4=
QBITTORRENT_PASSWORD: AgAdMAxiSrxWpdmrD6FrZXceFVqhqk1UqL3kruE7aEjmHVmpNqv6BM4u8CdxUIZS99U/Z0CtfAGZ9IEoKH5Ldq+kbtwHNXLxNqYLIkwk7aKJhISRwFAMpg6+FGbTIvoBJgC1xwTZhYC2L9HtwZPj2PN98uMlHpm48yv/qw7awE5o35MmUKyd8EwCi0iT8WaxpGguXyg0ITNSW9D1NZ5OZqVNeL7FJ0GuLWOrHImiZtNAbZuB6B0+3UeQiFE31FbchB7JzCIJu7NZ0+yqxfCBX/4cTR+gZZ6eyaUHIfve5PT2mKjQ2WTAEVbGaEjhE1V5B+bkAJUULtFbcsQUatQm/cj8pyDNT1nCleKRBUFOnB078jguhOLB7FzE1+e2xl2vbCSERS272OegGzf6/FPqXrOcELMKlSNCQlPwWZ94MomGbUKsjmPrFGrqP5aXfY2zCXrv2KSpcHDtUndeyE9OCIucx7dMFrIPpEi22J+oJY87quZqrpyjMypDfxcAJbAgQFBlHBgJZ/ACszqfoAr56x1xXZIM0QVK6Up7irt9rt1RBAkNlSywsqHEWcDgnx+tH0qz8y5NdACjK8xY5iWSGgifkq4kiecQdf4BRhiBLbe4FydQv/AZu1dNMJbGU2hnPESUIntTHqJQ0mM8d0aMNkOdSH9qc0NAJDFsC3oEjnuRXEOSwXSyzEqDBTVuLESyf2iabmPzyMqdbv7i
RADARR_API_KEY: AgA5tKo/V/uCwIpSKNSBrtgJst9n8JXYrlqWD0HgJM5ccUdvUdgwf+Mun+rQDNMDrPz/uIxkjNkUIoplatpQh0s4WlwaEkosf57gmq0TIiId6+x/Z9S4bDfrjqaaFJTDZRaiZWxMgOkSNzKdFh5itSdw0Vjh6ojB/fElB0zYENZAXI8uKIPeebdCYtPgVG+ap7tLlj2Y28zinJc6lHO73g+qgHeEx22N6rr5coY8OIB58KuZ6mcSUvEsPLItkvQ9vDxbv28uv+c9ktfwSDbK7+lbVHQdqfkk8QT1GQCS2Xlf9CXndxzhqQ6ME5W1PWs7znC2K+b7rJ1UInlUpXkzsP1nDsrrPeC14dQ80kR3+Yz/AbLvKBV9eK4FRMp5fLK9C2s5Gy5tcWJLoFA7N8tR2oAIkZCIEaJ34YQeGGP631UyIa1IUuN8ZotvZo3nUXKF0SJhc7SAvqxNYLKfw3Xk1fa/T1Mr4wWIbtfrO3NvoPkt5gHGfTi5ECjPsd72XV185323nOvVBmiYpQCA7RCEOm7cXR/EEcxX7nKHdsZIOULJElc3dYflsd61uKZdwIRXa8ACNLSuRAQRtxUVQ+t5UlWxmxYB5wjRwjSSJ5HXOqNrcr9Go/zh2XFY6XaWoCF97t9xCa+P3SSokfTFhfLutYmSPwZ5VyZTXyH+/bjd8stxeBeneWso7yK2cDdOLSX29/Ke2U1+k1qw4i0wTEC3XHvH3sy1TwE7LDdjjYiHNNeuxA==
SABNZBD_API_KEY: AgC5/8HHS6IYQfRI+H0pkkV1+JHeZvgVYYJ6RHU8sgquXDliGSGVa36UwgdmPFeoO4vpCDvvNPvv452rkwxrLwn7Tc2TC2k8zxDkzHlHsKl3T/9CqQ5gD/XKiA2sKETTGD5wVTAk9D7WpMQXZ+P0KDSW+j0s4hz1IOZGNHLn4TuzkV3HzQ+2madOOkfJ11OYoT9xp8HkKJdYy1OkCRB/izbWpwGGl8ul35CNOhHg/nNYLSm8d6YLzYMw7ix9ds1nsUQysco2Lf2cwlMDPvv2HNT16cPUm8+Pr5/FMYuIgMfoTE1ZG1bxRxW92GQqOWzpY91/UxGEaOSkvxoY8rn2KqshVG50l1/GDRTXM4kUaH6sfI2DszfAc0ZPQpV3RnMMRNesbKpebbTljYjut6V08spskHvbcN6cG2KoVBbwaW7xdEiWJtwc/wBLu5lEBCHSgzrgDI8F/EP108a8aCNVzjsl2G+uJsVFj0YcRImTICLDCMC4zW/QBVU5LRtnwWBM8z4IPvKc5c5P+ci1/PVF5qM3WY5Lh1giZsL61kvCfRgJLK2aotlt7VF5fCmi0xj5fpwnSF0A8SdLOrflpJwn+1e69Q8EP/ErEyuyV6o7Bd98j505JYkNTDZigFccZ5k4i2olaTJBSSJsPu0ds92b56bl2/dgwzw2RimrSuztWGysNaC5t8fu3ntpKj2GmqPY4c24boAeuhSoKIhqfa03musDQFhRTmEmT+SIgNZLOKbGaQ==
SONARR_API_KEY: AgCIs/MR1p1HjdA1zc9vtDViYqhpLR2V5npw7qd9ueylmh2mdvyNGP9Oh0/v5ZDXiilfar/rUgUed5AwDVx1Z7KG5GpYnkQwchK2/X0kMxCnZPLfmVb7PMHyQq9Bl2O0n/TVoBpyUsbMg5L6Hz5OhrcgtQysE3QCcWwcXeUsrFNf48FEnPXh4jhPqaKmxyyoCwdhRg9XzuZXrMa/66jBQ0aLcPsQgewOXK+UuAtoo7iVxxkaRsebnBo+KX3vMZzzxpeORaDvPAK/QSC1XWynaxAWFbxrDNjL4kFahSwh1bbBaEQ86fu58BMRjJBbLQsnrsqhETZMVpCDX9I6tPMCWzLcsyozmKv/S/lVDb3wIX3D1x6bXYBQr7XcFpVDlMldNIM6hA0Fai2xeou7A8F6orxnhNFkn7l7lhCD3dixuyhyrrM1MhYrQBtSGvRaHHr3c56CzgPR8ZMVLjl6dRObS+A42k/2rqjPeuxre6+vjgzy73PLVfpTxZrH1vJp0eO8tfKfpR3s7jLXxVBmaraI3VmnQgtTuwK19WtbCZBMuDY4faB//291JctfYcG0Ai+uTuMCHWsnXaHRMcVVU2OiQuiweRXkkPAs0Cfkrzr3pG0qNUL8KsCqwO54IM59vf/riFAE2e2w0hzbj80yXLwcqQxU27VtAIJuG/WzO3UOn9uwEk61nkmwEhPue377CA/n6OMf2lFyykTEGOwKS2dzpxFXUDnEhpDqNIx/thg0MEoO7Q==
ALLOWED_HOSTS: AgCyRYkyN6jBUOle+ezAJNEetq5FsaAQepIUuVgofjbksG+XmnZaIchXp+r5AmgrZMg0ZTKFXNE1Y1TewoYinASFhFEG5yFLHVBB4dO+0qOTum209gwZwlW4q346Y+gh3uZ7uk2PR3hCB9WYka6gPbzKWUwux+IrJsoUXiJSbIaXWftqob3vVMdKBAjEUZXkAl5QRaInhvlGgCp8pZV7o23g+7l1pNO1HEiuLCPhLFOgRNQvM99U2WsXIuSp7o5u7tqZKM1SELXY/ITL3OVrolJVABedcjvC5cS6ag55usO1/O+smvaHlqpoeshp3RM5FPIA0sEfhsvYkB9bVvfRio+DToWFyBUktbXHPpw01nLDUuMuRe+wl/Up7zIP4aLTH87zOLEeWiI0/vT4C3B5eNVEm4vljU6+pOavFVrJiJ4jurH9qHWpa2wy3TKvhw6VEehi6V/RBkQ6vAUPzok7c9LY2WFA/K0wvY6cvIUN1o/vkZtuTKTvrKGDJZhtQnUjTP8DO2O5Rd2i9IEc8zE5nwwfqqMy/JqAoBk8MY9xVkdyChdDYtkhiEtT0U5Zu4y4EIvoJMAZnjUOPV5kTK0YqDUh48H16BtvihOnFAwPGPIjBdAZYlggH/AE5gkdZR+zwW9iuMz8AFp3qccDB+yAFCLURyoBdi779Yz4HxCXtmCh0LYOPNeUoIKRHTe6ttySZfTuSBe2z4lxS9X4xMl2l/a8lio=
BAZARR_API_KEY: AgCUuUvh/1V+pOnehjOh/aJ3QgbS/dPsdFYZ6pAvFG9hS3VvLmuBTvRD3s+uysqxn/yFgvmCpjZD3Y57ahPOXoBwNrO6veXX8xl7PcECdsqfzWVD2p0koJt7Ci/ezPYJrFH8vY7PgYAti3GlK4y38g3JqRz9iAF2vCj4KosDPL1s8xVIVg+eGV7uHPZtjMMCOXLyYZ7SKblEdaicZYck2O3iUZpB7jTlug9Vn1Kht0LxgSlWcgrauGGrr+CjpdfnZsiT+0CBiaAwJfG6wyXh7vb3HbrSCQHTjHt8/Z2vqSuC8l60VfF5ONwgbOGMCNxSqW4szW8Cg4nF0VBPBZhltiWQ5h48iUkFEgNGFh9kW9DslU6JQkppa8GbPffSDc5RB27djoY9O/aqtygNHp/S+ZiHpShAfVROFDBRrLT4UHcVtZgJ+99NHrZBkQXieuyMmvAUNwdvi0AjmvqwiJW/vCt+LE4mPbPioLTh0sO7ThSyqp7NITq7bZm/EbxLuE9tQdMJI7xXt1Qff6g/Gxx4ykMyZ+LC0HS43YtLysJ/jyF66ZFzTHb5cf/dACERUxs/k5Zh3N4/0SQTqOO8EX4XXJzMz8rr9ZKpBkDPaQqhaKPwHi/OHyUUikDVCDKks1i190S4stbJ3JtZv8XTDTIO2XY27gyoSuP3fOTcmKdpCwZ28LkwwKSb9JFm14MSm/w1+8eewPsLqNoeKPsuhXj5i+wN/JjgMrEvh26mifDTSj+EBA==
DOMAIN: AgCJ5tcgzz2DqiHR8P8fzUE1/zz+8J/jW5/DMlrCJp9y/zSD1H2H4asGd/txOREfZXHbH7pWOe+MUjYtTB7tlMSs6nRY+Ng7Eow5MbToS8r2US67dk+d6ZYMZTCwEHtnubBD77wSHAx319CXyB5YIA7OBQ5iYMLwT0QYYWlfo/m1sG/sbHQYKJ239IwYInE9fonWOTw/7BxteXyyStpPSbxnZd9BfcjUhjh5pNv5Js+ip4LKVE9CMHqxou2cgqIfiQq6ul9l6mzB6D0IXXnaU4KUxY7utHZVGVjqZ/mefjtShgJ6zJYhOD9GUqA2VxvVf9aioHqHfY4rsqVgNLJ6w9gDf1XW9K4cvz3+ays0BhqeqRLLc8lVd51Q3lPs2R78MR7g5b6gryLKO87fGheY+WtqEAOhlq9GgrBmXSelWjVc0NvTY3S/MJJLooG6ruhTnOxEBO4wrQzNjdZ6iGUUZfsI2pJOREcng+85sUDrAlfLZXT6KG2m8HjnEKXYz52rDEcasOfuKxFsi3G4vk/YP7RFIlw7bMJujFiCtCuEXeJ/pZmSwUU4ikAGo70Ha9X52O2xevXDayVxnyN/ARXnex8NaD3BAKUcOt/tLtg9L1X2is4qlkUIYOV6SuRtGtXqZq+2uOiyWCFSUXSl7STjAifl7dmQXOVFNBzTRHP+sre4Mc58rXpxvi3qneZupUX1qV0S8FfA4qzvjptXThiJ
GITEA_API_KEY: AgBoVWmdNBwzRUp1CTplE7VSJZc+VTGv191G9UqeQKGeV5HIUyF9Bcd7+49uQ/0PfXJkRJFLn8vBEm+2CdHElvDn72JwhFO4QNklCtkQAecVAcHu+mHhU4JF4xoJzpjiajT64yBKiJpyNf05yvBmaByArAcMVfRkp57E6KpiVDQ67VNTF80qV+Bwr8wXYdgb9YFpPVvQAGg7n1Sw7M5xXk0YHQrLAAUcm5UF4FrvOY4FiG5evPvNsoVn8utRkOYUfgAYk95NilLjgZpC0v+sgX746PLODwKic+98dzzMeGCawTWLiHsQWIll5OOVjpGi1zVql0dUM2uJcOKSOStGFEqt8CrIqKI3JhA1k1fB6ro5i+WjW8cAf23FnyKzv7EsVGSkUfi2ilZVDUgK0h1IEAjy11iCjIkv0S4/muD7RWU+o13ExUUgViHQFj9ZgRCD0qF9t902bf4o0ZDn5hUNFGW0PgvltU3LYT1llNt/CZePkEtJNUkBO9GS1igri1vZo4V2ZXyjD47XqfWYIXx24oUAfSLPV8DorjorsWo50YqSNoqXoVyVr+oAuCiJQZGJ61HMFZggy0nRFyZfMZE9F6XHML4SdxW2u+m5teq4NTwnGqoowubgxn+9nasKw27oPPAcs3Bk4bzlnaQGdV5FgCt0yQqDtLTO/yG0CatuQ/WIXj1FsxpCwYL15hXmXwR2jkGpRrDOWxVXrtWUupXxzHRc+5GOSk/TNDI547gTwa0Z5Ez5Rkm6U+fY
IMMICH_API_KEY: AgA5J7L36M1XYLuwpRsdLGxLWh2SPdHewfueOLxlRoSL7ROz+PfXxkLtOzZVuu3dZ7op/QRL/yHt4YimIVHuerPCePmPxGovxX6a47BNkbe6kN+1yG0kc/t/EoAuwQqf7tGg3bBSIBf/opm7cy4Av83imbCsktwbjfiiu+omdTgiqB92bizWu/Av9FuG3f9i1WMX3L8jJWg9KE/IuONhfRzciE4K3r8ci6G5dIMGKk1WHGDGZGkquw0NWFk2dnRIMWKKB70QynfNcXdc6FRZRx2mZtXRNyWcbu+kvmC9LlcKWbrsrMW1HtN/+3CuUQvkUZjbQo2V97b5/zITe3aJGoC/Pjxk+uvwklhUD346Z//8tZEw/Z4FlZXOjyONIqs9DPx76bd5n2fc0mk8FbEZ2Bgj2HLtq6ZrCR0V6R0KwF4gIhV8YTMc0lYAWBNhckK2EEb+lN9etEDS8PJH7PI46QuFhi1xrP5W811wnzcqf3vs9O3JeFsX13/m2IokbPhc3hGVFyVGfNHCGENT4lfirN2Yct9EGkuHYMNWVpVKTsSQWdT03dJmCB84eKyskruz0XGukJIt9OFh79R3aeXVZB1JIyJX5u0Z6lFa4XGqGFKovry3JP7hGG98UNPMTBxqF2Ngu4Ei5jJ9azifF3oup80lq9bS1Zvin1AhAnrxW5m8Q2z4IKdVXWO3w80/qOBDmVzlUMuIjaEVj/zTZMZhP9QmXax7c8RO5nwW5J4x/yFxKNbnwF3PgsndMV0=
JELLYFIN_API_KEY: AgA7AncQWkgYfnBTLUj67lAYERi9AeKOt+UY5sk0pyVVIzrF62qZ6X8T3owLMFpDqYNDbRKMlqHNgbMjyo6O1Vj0mjMB1y9bPOfjjNKUEB/iI0Cxk9ZpoArEqjj0u0Yyts6Od7ASQ1JK0arkhT47FxQPBAqK/MMV9b8QOICb4/L6Tv5ciboBJHsiEaJnXrF2DHnc3A2ongsSZIYbOBvR6s7r7t17MNrOuidO7DHF+dw6gtIn07c3cKKmlCbQ5nDeXkRBk7fGR4jx5VDs8DdbaHxMCDeRXNTCT2jZawijyqBt8M/IE7CpRDeY4XKIVY3i59k9IiD5J/mfRSGmlhQeHvQQ+KbrumbVd+acNdABM3Gcc6qWPjZOJmmnl3BYET3uZm3yWAxU3FbKMhqyH27fySV8b+Eep+HqshiSTekwc6iphdHqPo1aW17xIxR9WJyrQycYH4N1KsDOlbI+T4HbAbXoR3obPpEbm9LyfXGp82/cnmxX5Sr3bbeBzjQ9BjtPTjsbvqR78nGktTVjwxi2fOdArx40IGI9dU3MEbxG6KP3nUHosAmHGcgpeX2tnKxCGChoEDB1AoxD2DfNiLK/WaqmiH2161X/+zEtki4tboCopO7Eb/dASJb43ix+5RlvxC7wS3MhLrzpHRTJogGdfN8OQtpCkkxUkWa4J1uEht6hqeDTagRXsP//SEJLFCt7ovuvIJrd37upn0wnEE/DfO6b/i97BcW3z+DQkqsW6nCAAA==
JELLYSEERR_API_KEY: AgCm/zo3jsGo4d7aWb7q07jfMnpwpdNiyp6Wpc4FsIhLmnaclr2+yrNC4N3nFvRK6h/s9nJaRC9fDXUQ673AcNcSujXQ8XzQ8SiS/47T3925ZZ1ni7ZJkpaxV1bJK4X8puq17NZ2XEUntdTNUtXywnMlAw0E/jEFF+um5BJuvwAo+cvKLY51eHR9sjxWCzrJIM3Ty6CjX2sixu/r+v9mtFxI3gnSvg3yw/bUXKBhYK7REPiIdlAnzX3Muh6IxB1Ag5tbSJJFMeJnoMXkvoEDfD7aCC256SbuPxr2skzQtL/Ai+glFPy8xVo2obgj03I7hHUJVLqi5lbYjO+gLTjIGPHSEmr0nv3/IKlxJDJDy/xzMwJbnCa40vtKmfvQLCR0e0jNfM0PZ7qcxx1UZTTE6Yvku0wWDgda/26fS4UNV/0MXmT9tjDK86ubJZwwuIDqMPi7H+HOFF7t+0O4OK4avPxF0G8xtejF1nhvAyGA0176qjeqEbo2MisNroc//F+lH3uSSaMa2G3BymIqjdVfBuI/RhEYpad8gFyu+/oBiGppfzjrz9qWLL+EcUyyarRMGNUPWAxgCn6wKbLc/OurfIBoXvZINucavo58S5OY4Yw4n2Fvff29GTszl0pzrOKuN1GisxdqsMvUsUxQjuf/HAazow1NAcKmj8pzVxlKvRDYcNzzkuvXI0FEoSB8mp+z2QAnzdHVvSHJlKZn5PBSKfQU8B4LKcZ3FTB1OETetqgIbB6G5Nfxk/Ibc/BD2jdbpf/olLQjH9zm8+UGFsgdX/ILRaZRHA==
NEXTCLOUD_PASSWORD: AgAQPkQEKvy8CzRTrpfxqz5YswiZSLkkzxf8H6k9KrNJFRim/qEbmAyyC+JdMdnuJMT84j5XuDcehPc42d6vfm+YaYF+cRA3xP/xkyyAB17UhLSJu8Go/JFqPLNcxEBmSsogh1MXUU2TFYl1uCQwBn0BoLjdBffEKTw9yL0Izizd9VbwBCNJFHWv5PMkcdquBhnfjNhb6fH7667YdCMBY++TVQ94X5AwgJrZgV2+C2b+7BR4QNmcCzevS3ahBfZFvQCVAnPuZ1Bzs2xKZw0eg77soGCXCh2KG6sjjYIx7+bPPMjRSxBOJYb/e4HdpDDscH27F7RYbSPdQx/+Xd3cwu7BU6S8+px/1RrX4w3HvpxjuSrelBje5qD9ezEx8+4OqQc/sd003j0pKJdv8U0V8qDgSjenmd/xujkgY3ooKwgj3cvdotR3RherUMYrfKtz2KEO0nfRH0nlwwkg+X2gfwTHRnM2ONWyLhuomwHRHlKH5XgPvjqQxm3wMGsShEXBJdQiNOHwyfcLG352dOFP6q2wRr98h/7vWZh0b5eR7d5rJmy4k5XF5R8auYkfzHGAUnDmWIhJweHmQJ/Xto2p3QjJVUm8ToPOYx/FDdHCHwf11Kz4qJIk48B4KKkr/7llwmw5/iQzvTyH/U04TBnltXosSbrndmWYm6fee+QbB9vVGOGdVYvCcISdmmjMzNuuXgoHpEknDE+O1P4SNA==
PIHOLE_PASSWORD: AgAFZHwzPUmNfWBDKHjdhmGJy4l+JzvYAKZ/95dmmNl4lFe9t8kwixy1gAoyoYHMUywTwSoD7HZkRqQigDrac0xyS2B/zglKg6MoIfGsMQ/WWGsHCZZLEt4E6FhSdz8BZYuT6aBtfRlGVI2Uwx1jfoO414LClNiYXv5mO4JvitQYOMo2tPxU7z02RZq5ZAA10bfC5yU6bbvNH+tnSWbmVVchptaYk9ssbk6TWtOu9oMYY9+Vkhyyg0UgVRTnTeBW8pA/HB6JsgCxwnXwzs+wD2LtO46Ev+aBrWtYAN3MyyeevGd41JqjCXowjCwVzT6SzCDcsN2NZT0EtHc7DwHYbrly1ZzMmSxRFhvMSDUht8Cfl+C36aBXz685rdj/+guzH+URxmMNXkUsoFXEnyvrrKbQnfBpeMsT//3YdO7Pd5MlkDwvqiNMSbNuZh5REk1f5XYDY5hubGQ1KMDxAPgEfPKOQSh+kbLLE5LOe9OngVrdEgY25nYYceJNZEE1z07biMQAS582QAyZjUWd2X1tzPyKLCLxkm8DC/FSkO86VTjkN3egJg+8F8Jn+w7mCyRlfYHVNzWxQ1Jt4sw7x9slH7Py03GeGGEoBsxG100RWMQqdiBcrZcow/psYzFaGeGvwDZHgQkzFpSAJTYcWoEoowfoFdAfxwEXEbkKf9FD+HQom5rrm/a1diPQZ/U3uqLmNffo2oaXGwad6jAOEQ==
PROWLARR_API_KEY: AgCj9aH1N2xav3cZzpdX7yrudiiwr6+k0bJwbUln3qkIviT2XrnjNOeCk4mridm25waYzIMGaoXe2qOsMX7xqASiSCkYTpP71RkC8XWme7SZGkpcuG3VZWr7PKhxHtSTKFxiHp+Dh0NfIFlaqm5bVRZMCfBVjjkaJgqOg06puyQ89ILsFvKkjLjBhYWfNQ9+exaFoAt6aZEbTjyENvjMnMdndfMcbM1UhWAVVmM6HAChlpg7nbrG4/RIL8I0Xu53vUF6WKslZ7sInNVFm8xakUn8oPBk+2quD8BqYgxp7jAO9IJUOskCkJYCG9Wa91Bn87iI7YYti1cdtFH6xYgx0tPWXZ6A6fShSB5ItWVvoZb2krTbdMC5W97yV9uQ+PBRhOzYslwLA1Wl3oYYfd6HUFi0i22UCG4YiZH9wSKBKKSxHVB/5IIDIMHhEl3kFVv4U2IP+UkQf14g5bIAbm8XZwKBlIKNDAjKjHHT0YQemmnQeRT1V8rb2bk6XLrhOAs2zE0hyjcYc6UvIz54a7Yrsxnu0qOauIaWtea7nNLCJoOoloYaBN8dsOxC3cElHVnay78psouaheMTkl4bd/raxoQjB5MeNXJgg+i57NC6XAYQOs+2HXrpRPkcWNn+SK0P/nYG9H/YOC8luB1CI76iNxETp59B/rsQmS99SNdT+pMd6NyuQ1LV83TPbK+N+GRUEAFk3PpvO2lErVbV860fXtMPrfzzBKlBxhh0gSIa1wcmNw==
PROXMOX_BACKUP_SERVER_PASSWORD: AgCVMXSjbcMi33l/lAvSpfK0hZIiem/BsAsytKLAgdCkhidl226OWm8zaecQdkE2lCLIJ9TBvk298QO7vK6Nh0snTTfJwTLDgMM6P5HnzwjmVG0zAYq0k8ilORC84IP5tKxvoK/9z3S7NNOi95aU17aMpugHRQKyAYEdnn6Qz6Le3cMc/asXaqdwxN3/jF8AjWcGP9kve+9sayiQDxeCoZD7HP+zN8UW1ts40SUM01wLvoMMVFWp9L+tzbxP+QogMIn75/SPhymRNK5YZg4Nb6NulJ2iQj7K8qPp1cwuaul3kJO6RD9QcSV0mvlIafFkzoISGSq6VFsPIMOvfGWS37u2aaBi7v7qiC4kudM2N3ArXyDA5aIWTbKG41QgVRxzwxkKSBHJWnUx7ZXyzldcAr9Sl+U6RQCATw93/o9JwAo2D36yvn5++SurfBP5GImGgI1aVNX6FbBeKUAte8sF7VV4usoeTdDQ/BQgEdaqtTtbc9+jv7G+6KacQcDvmEXN2L5cvw6C+KShEX0F8CnjjIoDg2RhzmGzJp4aWRaj8KXnqVJnlhpBVevoyNb651/eGc6c4ekj70drC/qvyM7EHPq4Lj/c/slsN9VxoZ+hjBNTM4G3eUBm2TsIfcmw03YRTd8Rl1iSDF41zb3oZe2167OGFPdxMqahZ1yqSSrw633mJBIz7DMLMbr2Bpt/Vb/8+8IJlBjhwOH6EViuQXuBDH+c06GWj7qzrG2mle7ZPOWDXzpo/74=
PROXMOX_PASSWORD: AgBQo8cxn6yQ/l6OyQBc6LJlvY46ddDIDVc8UcY210eGpUbmF7apcYp7uf62b/Z3qgZCTcfimlOeMTWnLqlWAHkp5ARE1H6ou8Z/X8kH7aaYoGR4mTlIaIASvkn5WAUfsnW/+AZRoMkwJc0l1Ns4XATbn7sMTexVqZei407iW8/yDshVsIbnv2en0np9vBB+cHwkjfCrJViLxc8vKhXuxNeJYG/w2qsnbQQeiAYFQ8KtC4J3J6xylVSLA5Qpur5r+XsElDSbxuB1V2R9BPRIz6pIutk99RhFeU1xkDrcyxYUBbiWg2w0c6c6Alp5GtkEQs+pOSpoaXbpBUcRJq4FEWPRt9mFIdtCtP1LK31lAL9K/Be+i5pHr1glCvtGM/IaFtgdU+LF7V1SxEHB37sRvInbsf00RN3rUUFy3lOsYVx9RzsrFLjFufJ/uZlYjiMoOUQV93v05LtBqSQhLj8IHGLuPUSp4c81sGKnyRj+j2Mp2gVdxmg0mDYZPopOpE7rh1s6F35hr/dYzaKVKCUo02XcmextvOEbmdHvJwsDeqmntbUh1C7aXN5wG4XXtTJkvyTvOA81wZxlkMuQHRnB1w6lUo8pGAbdTd+QIzibvnHbqpOEi5Z69GYfF8F5lPEEFSsidobu9ybRAGfKyAM/F3RQa5t515UDNJZxRAiEwaNukS6bI2/i9P+lj5EEisO3vf533cgpuDoersEHFaByr60vAz0P1/0WbfFnVs2ckBOlBq0JJ0I=
QBITTORRENT_PASSWORD: AgAwLB/GGtFpjQKwRdlxFjp5+r3J7UKNAnz86KaxEEDUyBrmed0KjdXskX5HUn2lbzktDD94MRCbez4mVODr2XjXunzNW+kY96qG1+Z632eC19FTRv/Ve4TVOOx75DVsjWp+UaPUHPJUuh+ojPER8IhhFNi1Yrr6EwljnBGSP9aKjazi6cAIYgcYm+n0UgMWOwVJ1sJiPB/EqJY7nh8QbnwxPIDL1lSuSq2VAcAUIAKDzT1GUYDux1BVM6qVaHEt+JVS6pa4Gyi3ArzfTYvX1Ph5e67BdTpjXoNOBeiQLLcrBRtqx7Q7WmoC1jsyReZRtIOvJzbA3IFYUuHgqMYD/sd1roW529Z7IHWmc38pEdbPS+VuTLw0Za1Oh1mFKTDVFepvIa97+aBOK1P1JJA+oFy3YSdk0pcjdRQ88jFLYUcS3IKnTi1oFNPjP5Y0PDUDTIDFA/26lTgEfraaHmCeEZ5vZaQr8uFQ8bsghpbiQAmIzLhg7+XlcGMcOaTWFtPuui8XVgmoStF7pCoIDZ+/RDXqAJ4YDZCW/Aw8BrIh8H3tbFGn+9xt4XDmoD/ORcwXn4PhAo8QTajnrsRd2z7zhK2EO7vJND2YzJ7Yi2E7wbBddUQApg4gTt3h+IO4doxNiRH+1SL/fR129Ofh2icofeQa4AugJERJBXz5ySOJkGz2iwrgQKFK6nYGkJQIqwZRV9nuYy7uq47NigSB
RADARR_API_KEY: AgC9iADuhEDNFW8tW9yl/Mut43g98t6xGe2TwxDubHRYUgAloJXbWvSh5LYW/O5UytjXoXC7XqLntqKDm2JOl1iKjtsXsHFM4Gyt9oPebfYdgMD2S8UZR5RI/O1gS81nerOZprO4ad6jzP0i5+wFf5q/7UaYRQuhaqPrDy5ecBwgdTHJTXbiw1UVzeWcidiyuTI7rKeUW7oBHbRFWY+7fb1M4kv+NWJA/BozzlA4NvtRLoaXQkPpqj4BqYJF5jdL9jvj6TuFZd5uBFKY5urM4jvbPM+ZrpRx6QM3BdzG7O4rnaVPUm1+O1Zkv3UJn3mx+7+h6HRzaCti8i2HklB8Qo6kAS/geBdnPwP/bBMfdfIhvpA4WUeGJ+Fsr3pmrrB07O2RtNfnrtAq4gy7Zx/e5TbxZm2QUNcWDTKHkgFd4UZQMDDZL0BTNOYCW+970Ozljh9Q+TlMwboH8fLwllvcjomkINKEt/ljwJ1gJqh2ioAe9SuGFw0X89pR7tP8CAWo5piJPZ1f/CbjJmL4frjE7NFCH4hWTQMV6x9Z5uDnu3zEuQDIlV692Gkrh3XFnQsBmWheR3ASoApP64gb/HVg5V/rZM2bP7+HUKR9S1A8ipn9M/chIbb5r07Q42iPsoJ9KjMB5v+IJgZX0xkX2API16l6rGib4/phFbCj+Yvl37EEwyPVvVlYi6G/PyIH/sAk5QAGVUteh1xENpG/1MM91xMxCSwaVN/1XK2HgFIrx04jJQ==
SONARR_API_KEY: AgAOgN6pcsz+r8JD+LCeytbSN3MM6qu+fJlfBWV/CHIoqap7HKTpny4jf9P5/sCXRuoNvqhECnGic6cn5HTukR6nbt+/J21hBYs1rQ99l1/QwF69x5K/6N0tG1gB8dD5B/ELsJO0bOask9yl0Bg5xj2gmZLXVRXMvyZZLG4j4+yxcgdaZbv7JbIAPQVxLkR7ijL7ZCir3rjcQ7DDDvjTNFpqYLgLRAhZ82rlMH3UB/pXpNu/44bnJ20jzwxwqjym1aVTL7YjdBg0w2Po03TnAOnX52Cesug1Q0MRwInrgWF7xPOqufd3BZOSFC5LGVVYyhc3wW/ZfvlY4U+bxy+WNUoJdsoWErW8MkmV7C9qN9v7b8jP6JR5r+gAVvw7reLo45KilxGek3ZHtzzbi8t+9KXJmyFVLhrrERhO4qQTFZKOR+6C61zSg1C1hTZ9OxRVbGsvHABo6TB2BOcctMLZBwh7AukPqBp4JfHWxmXEBpZhzeKKw/+x01c79V73BbowweKrfTrVrD/i9SW/veHsG1aosLSLkJhTNvH1iyQC+Kf5HJgQKL54yJWbS0dd9a7cNzo6gCOdUTsemGRK7/kA2WbOK++zJ+/j804K3JLBKsmG9qb+xZ22KJFsWg8A+Mx17CbAE7DP0AKhPxkOFx9b8ud5IhwKTQRt4JiLMpPpSa1Q2lhXEjGtyL0piBKOqkqBCxPPUJwHdEa4y0y+tGXshV9khpSb6hyHXiHdFzbXWDI7NA==
template:
metadata:
name: homepage-secrets

32
clusters/default/monitoring/homepage/homepage-config.yml
View File

@@ -118,18 +118,7 @@ data:
type: qbittorrent
username: admin
password: "${QBITTORRENT_PASSWORD}"
url: http://qbittorrent-service.arr-stack.svc.cluster.local:7070
- Sabnzbd:
href: https://sabnzbd.${DOMAIN}
description: nzb client
icon: sabnzbd.png
namespace: arr-stack
podSelector: app=sabnzbd
app: sabnzbd
widget:
type: sabnzbd
url: http://sabnzbd-service.arr-stack.svc.cluster.local:8080
key: "${SABNZBD_API_KEY}"
url: http://qbittorrent-service.arr-stack.svc.cluster.local:8080
- Jellyseerr:
href: https://jellyseerr.${DOMAIN}
description: request movies and shows
@@ -213,18 +202,6 @@ data:
password: "${PROXMOX_BACKUP_SERVER_PASSWORD}"
datastore: backups
fields: ["datastore_usage", "cpu_usage", "memory_usage"]
- Pi-hole:
href: https://pihole.${DOMAIN}/admin
description: network adblocker
icon: pi-hole.png
namespace: tools
podSelector: app=pihole
app: pihole
widget:
type: pihole
url: http://192.168.1.212
key: "${PIHOLE_API_KEY}"
version: 6
- Invidious:
href: https://invidious.${DOMAIN}
description: youtube frontend
@@ -281,13 +258,6 @@ data:
namespace: tools
podSelector: app=searxng
app: searxng
- Pulse:
icon: pulse.png
description: Proxmox monitoring
href: https://pulse.${DOMAIN}
namespace: monitoring
podSelector: app=pulse
app: pulse
- Open Media Vault:
href: http://192.168.1.4
description: NAS

2
clusters/default/monitoring/homepage/homepage.yml
View File

@@ -41,7 +41,7 @@ spec:
subPath: services.yaml
containers:
- name: homepage
image: "ghcr.io/gethomepage/homepage:v1.8.0"
image: "ghcr.io/gethomepage/homepage:v1.7.0"
imagePullPolicy: IfNotPresent
env:
- name: HOMEPAGE_ALLOWED_HOSTS

46
clusters/default/monitoring/jellystat/jellystat-db.yml
View File

@@ -1,46 +0,0 @@
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: jellystat-db
namespace: monitoring
spec:
selector:
matchLabels:
app: jellystat-db
serviceName: jellystat-db
replicas: 1
template:
metadata:
labels:
app: jellystat-db
spec:
containers:
- name: jellystat-db
image: postgres:18-alpine
ports:
- containerPort: 5432
env:
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: jellystat-secret
key: password
- name: POSTGRES_DB
value: "jfstat"
- name: POSTGRES_USER
value: "postgres"
- name: PGDATA
value: /mnt/postgres/data
volumeMounts:
- name: postgres-data
mountPath: /mnt/postgres
volumeClaimTemplates:
- metadata:
name: postgres-data
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
storageClassName: longhorn

15
clusters/default/monitoring/jellystat/jellystat-pvc.yml
View File

@@ -1,3 +1,18 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jellystat-longhorn
namespace: monitoring
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 1Gi
storageClassName: longhorn
---
apiVersion: v1
kind: PersistentVolumeClaim

14
clusters/default/monitoring/jellystat/jellystat-svc.yml
View File

@@ -15,17 +15,3 @@ spec:
- port: 3001
targetPort: 3000
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
name: jellystat-db
namespace: monitoring
spec:
selector:
app: jellystat-db
ports:
- port: 5432
targetPort: 5432
clusterIP: None

52
clusters/default/monitoring/jellystat/jellystat.yml
View File

@@ -16,40 +16,56 @@ spec:
labels:
app: jellystat
spec:
containers:
- name: jellystat
image: cyfershepard/jellystat:1.1.7
readinessProbe:
exec:
command:
- bash
- -c
- |
(echo >/dev/tcp/jellystat-db.monitoring.svc.cluster.local/5432)
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 3
initContainers:
- name: jellystat-db
image: postgres:alpine
restartPolicy: Always
ports:
- containerPort: 5432
env:
- name: JWT_SECRET
- name: POSTGRES_DB
value: "jfstat"
- name: POSTGRES_USER
value: "postgres"
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: jellystat-secret
key: jwt
key: password
- name: PGDATA
value: /mnt/postgres/data
volumeMounts:
- name: postgres-data
mountPath: /mnt/postgres
containers:
- name: jellystat
image: cyfershepard/jellystat:1.1.6
ports:
- containerPort: 3000
env:
- name: POSTGRES_USER
value: "postgres"
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: jellystat-secret
key: password
- name: POSTGRES_IP
value: "jellystat-db.monitoring.svc.cluster.local"
value: "localhost"
- name: POSTGRES_PORT
value: "5432"
- name: POSTGRES_USER
value: "postgres"
- name: JWT_SECRET
valueFrom:
secretKeyRef:
name: jellystat-secret
key: jwt
volumeMounts:
- name: backups
mountPath: /app/backend/backup-data
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: jellystat-longhorn
- name: backups
persistentVolumeClaim:
claimName: jellystat-backups-longhorn

2
clusters/default/monitoring/pulse/pulse.yml
View File

@@ -17,7 +17,7 @@ spec:
spec:
containers:
- name: pulse
image: rcourtman/pulse:5.0.10
image: rcourtman/pulse:4.32.3
volumeMounts:
- name: pulse-data
mountPath: /data

2
clusters/default/monitoring/speedtest/speedtest.yml
View File

@@ -18,7 +18,7 @@ spec:
spec:
containers:
- name: speedtest
image: lscr.io/linuxserver/speedtest-tracker:1.13.4
image: lscr.io/linuxserver/speedtest-tracker:1.8.0
ports:
- containerPort: 80
env:

2
clusters/default/system-upgrade/system-upgrade-controller.yml → clusters/default/system-upgrade/system-upgrade-controller.yaml
View File

@@ -264,7 +264,7 @@ spec:
envFrom:
- configMapRef:
name: default-controller-env
image: rancher/system-upgrade-controller:v0.18.0
image: rancher/system-upgrade-controller:v0.16.3
imagePullPolicy: IfNotPresent
name: system-upgrade-controller
securityContext:

4
clusters/default/system-upgrade/system-upgrade-plan.yml
View File

@@ -16,7 +16,7 @@ spec:
serviceAccountName: system-upgrade
upgrade:
image: rancher/k3s-upgrade
channel: https://update.k3s.io/v1-release/channels/v1.33
channel: https://update.k3s.io/v1-release/channels/stable
---
# Agent plan
apiVersion: upgrade.cattle.io/v1
@@ -39,4 +39,4 @@ spec:
serviceAccountName: system-upgrade
upgrade:
image: rancher/k3s-upgrade
channel: https://update.k3s.io/v1-release/channels/v1.33
channel: https://update.k3s.io/v1-release/channels/stable

2
clusters/default/tools/code-server/code-server.yml
View File

@@ -18,7 +18,7 @@ spec:
spec:
containers:
- name: code-server
image: lscr.io/linuxserver/code-server:4.107.0
image: lscr.io/linuxserver/code-server:4.106.2
ports:
- containerPort: 8443
env:

2
clusters/default/tools/nextcloud/collabora.yml
View File

@@ -17,7 +17,7 @@ spec:
spec:
containers:
- name: collabora
image: collabora/code:25.04.8.1.1
image: collabora/code:25.04.7.2.1
ports:
- containerPort: 9980
env:

19
clusters/default/tools/nextcloud/nextcloud-db.yml
View File

@@ -1,6 +1,6 @@
---
apiVersion: apps/v1
kind: StatefulSet
kind: Deployment
metadata:
name: nextcloud-db
namespace: tools
@@ -8,8 +8,6 @@ spec:
selector:
matchLabels:
app: nextcloud-db
serviceName: nextcloud-db
replicas: 1
template:
metadata:
labels:
@@ -38,14 +36,9 @@ spec:
- name: MARIADB_AUTO_UPGRADE
value: "1"
volumeMounts:
- name: nextcloud-db
- name: nextcloud-db-storage
mountPath: /var/lib/mysql
volumeClaimTemplates:
- metadata:
name: nextcloud-db
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 2Gi
storageClassName: longhorn
volumes:
- name: nextcloud-db-storage
persistentVolumeClaim:
claimName: nextcloud-db-longhorn

15
clusters/default/tools/nextcloud/nextcloud-pvc.yml
View File

@@ -1,3 +1,18 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nextcloud-db-longhorn
namespace: tools
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 2Gi
storageClassName: longhorn
---
apiVersion: v1
kind: PersistentVolumeClaim

3
clusters/default/tools/nextcloud/nextcloud-svc.yml
View File

@@ -38,7 +38,7 @@ spec:
apiVersion: v1
kind: Service
metadata:
name: nextcloud-db
name: nextcloud-db-service
namespace: tools
spec:
selector:
@@ -47,4 +47,3 @@ spec:
- protocol: TCP
port: 3306
targetPort: 3306
clusterIP: None

22
clusters/default/tools/nextcloud/nextcloud.yml
View File

@@ -15,18 +15,20 @@ spec:
labels:
app: nextcloud
spec:
initContainers:
- name: wait-for-db
image: busybox
command:
- sh
- -c
- |
until nc -z -v -w30 nextcloud-db-service 3306; do
echo "Waiting for database to be ready..."
sleep 2
done
containers:
- name: nextcloud
image: lscr.io/linuxserver/nextcloud:32.0.3
readinessProbe:
exec:
command:
- sh
- -c
- nc -z nextcloud-db.tools.svc.cluster.local 3306
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 3
image: lscr.io/linuxserver/nextcloud:32.0.2
ports:
- containerPort: 443
env:

14
clusters/default/tools/open-webui/open-webui-pvc.yml
View File

@@ -1,14 +0,0 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: open-webui-longhorn
namespace: tools
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 2Gi
storageClassName: longhorn

16
clusters/default/tools/open-webui/open-webui-svc.yml
View File

@@ -1,16 +0,0 @@
---
apiVersion: v1
kind: Service
metadata:
name: open-webui-service
namespace: tools
annotations:
metallb.io/allow-shared-ip: "shared-ip-1"
spec:
loadBalancerIP: 192.168.1.230
type: LoadBalancer
selector:
app: open-webui
ports:
- port: 8123
targetPort: 8080

32
clusters/default/tools/open-webui/open-webui.yml
View File

@@ -1,32 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: open-webui
namespace: tools
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: open-webui
template:
metadata:
labels:
app: open-webui
spec:
containers:
- name: open-webui
image: ghcr.io/open-webui/open-webui:0.6.43
ports:
- containerPort: 8080
env:
- name: OLLAMA_BASE_URL
value: "http://ollama.tools.svc.cluster.local:2123"
volumeMounts:
- name: config
mountPath: /app/backend/data
volumes:
- name: config
persistentVolumeClaim:
claimName: open-webui-longhorn

35
clusters/default/tools/paperless-ngx/paperless-ngx-db.yml
View File

@@ -1,35 +0,0 @@
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: paperless-ngx-db
namespace: tools
spec:
selector:
matchLabels:
app: paperless-ngx-db
serviceName: paperless-ngx-db
replicas: 1
template:
metadata:
labels:
app: paperless-ngx-db
spec:
containers:
- name: paperless-ngx-db
image: docker.io/library/redis:8
ports:
- containerPort: 6379
volumeMounts:
- name: paperless-ngx-db
mountPath: /data
subPath: redis
volumeClaimTemplates:
- metadata:
name: paperless-ngx-db
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 500Mi
storageClassName: longhorn

13
clusters/default/tools/paperless-ngx/paperless-ngx-svc.yml
View File

@@ -14,16 +14,3 @@ spec:
ports:
- port: 8001
targetPort: 8000
---
apiVersion: v1
kind: Service
metadata:
name: paperless-ngx-db
namespace: tools
spec:
selector:
app: paperless-ngx-db
ports:
- port: 6379
targetPort: 6379

28
clusters/default/tools/paperless-ngx/paperless-ngx.yml
View File

@@ -15,24 +15,24 @@ spec:
labels:
app: paperless-ngx
spec:
initContainers:
- name: paperless-ngx-db
image: docker.io/library/redis:8
restartPolicy: Always
ports:
- containerPort: 6379
volumeMounts:
- name: data
mountPath: /data
subPath: redis
containers:
- name: paperless-ngx
image: ghcr.io/paperless-ngx/paperless-ngx:2.20.3
readinessProbe:
exec:
command:
- bash
- -c
- |
(echo >/dev/tcp/paperless-ngx-db.tools.svc.cluster.local/6379)
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 3
image: ghcr.io/paperless-ngx/paperless-ngx:2.20.0
ports:
- containerPort: 8000
env:
- name: PAPERLESS_REDIS
value: "redis://paperless-ngx-db.tools.svc.cluster.local:6379"
value: "redis://localhost:6379"
- name: PAPERLESS_URL
valueFrom:
secretKeyRef:
@@ -53,9 +53,9 @@ spec:
- name: PAPERLESS_TIKA_ENABLED
value: "1"
- name: PAPERLESS_TIKA_ENDPOINT
value: "http://tika-service.tools.svc.cluster.local:9998"
value: "http://tika-service:9998"
- name: PAPERLESS_TIKA_GOTENBERG_ENDPOINT
value: "http://gotenberg-service.tools.svc.cluster.local:3000"
value: "http://gotenberg-service:3000"
volumeMounts:
- name: data
mountPath: /usr/src/paperless/data

2
clusters/default/tools/paperless-ngx/paperless-pvc.yml
View File

@@ -10,5 +10,5 @@ spec:
volumeMode: Filesystem
resources:
requests:
storage: 2Gi
storage: 1Gi
storageClassName: longhorn

18
clusters/default/tools/pihole/pihole-cm.yml
View File

@@ -1,18 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: keepalived-config
namespace: tools
data:
keepalived.conf: |
vrrp_instance PIHOLE_VIP {
state MASTER
interface eth0
virtual_router_id 212
priority 50
advert_int 1
virtual_ipaddress {
192.168.1.212/24
}
}

90
clusters/default/tools/pihole/pihole.yml
View File

@@ -1,90 +0,0 @@
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: pihole
namespace: tools
spec:
selector:
matchLabels:
app: pihole
template:
metadata:
labels:
app: pihole
spec:
hostNetwork: true
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: NotIn
values:
- "kube-01"
initContainers:
- name: init-keepalived
image: osixia/keepalived:2.0.20
command:
- sh
- -c
- |
cp -r /container/service/keepalived/assets/* /etc/keepalived/
cp /config/keepalived.conf /etc/keepalived/keepalived.conf
volumeMounts:
- name: keepalived-config
mountPath: /config
- name: keepalived-runtime
mountPath: /etc/keepalived
containers:
- name: pihole
image: pihole/pihole:latest
securityContext:
capabilities:
add: ["NET_ADMIN"]
env:
- name: TZ
value: "Asia/Kolkata"
- name: FTLCONF_webserver_api_password
valueFrom:
secretKeyRef:
name: pihole-webpassword
key: password
ports:
- containerPort: 53
protocol: UDP
- containerPort: 53
protocol: TCP
- containerPort: 67
protocol: UDP
- containerPort: 80
protocol: TCP
volumeMounts:
- name: pihole-data
mountPath: /etc/pihole
- name: keepalived
image: osixia/keepalived:2.0.20
securityContext:
capabilities:
add: ["NET_ADMIN", "NET_BROADCAST", "NET_RAW"]
volumeMounts:
- name: keepalived-runtime
mountPath: /container/service/keepalived/assets
volumes:
- name: keepalived-config
configMap:
name: keepalived-config
- name: keepalived-runtime
emptyDir: {}
- name: pihole-data
persistentVolumeClaim:
claimName: pihole-longhorn

2
clusters/default/tools/searxng/searxng.yml
View File

@@ -18,7 +18,7 @@ spec:
spec:
containers:
- name: searxng
image: searxng/searxng@sha256:472dd0c84b8e2a05bca773b4a430b9fc9e4e92cd4fa0afaa223efab925ab752a
image: searxng/searxng@sha256:4cf7a26323427642f28a9f98f342b3ac91d356d7de0828ad2646f60647919ed4
ports:
- containerPort: 8080
env:

2
clusters/default/tools/vaultwarden/vaultwarden.yml
View File

@@ -18,7 +18,7 @@ spec:
spec:
containers:
- name: vaultwarden
image: vaultwarden/server:1.35.1
image: vaultwarden/server:1.34.3
ports:
- containerPort: 80
env:

28
clusters/ipv6/arr-stack/bazarr/bazarr-ingress.yml
View File

@@ -1,28 +0,0 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: bazarr-ingress
namespace: arr-stack
annotations:
cert-manager.io/cluster-issuer: letsencrypt-cloudflare
traefik.ingress.kubernetes.io/router.middlewares: tools-authelia@kubernetescrd
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: traefik
tls:
- hosts:
- bazarr.akshun-lab.cc
secretName: bazarr-tls
rules:
- host: bazarr.akshun-lab.cc
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: bazarr-service
port:
number: 6767

15
clusters/ipv6/arr-stack/bazarr/bazarr-pvc.yml
View File

@@ -1,15 +0,0 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: bazarr-longhorn
namespace: arr-stack
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 2Gi
storageClassName: longhorn

13
clusters/ipv6/arr-stack/bazarr/bazarr-svc.yml
View File

@@ -1,13 +0,0 @@
---
apiVersion: v1
kind: Service
metadata:
name: bazarr-service
namespace: arr-stack
spec:
selector:
app: bazarr
ports:
- protocol: TCP
port: 6767
targetPort: 6767

48
clusters/ipv6/arr-stack/bazarr/bazarr.yml
View File

@@ -1,48 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: bazarr
namespace: arr-stack
spec:
strategy:
type: Recreate
replicas: 1
selector:
matchLabels:
app: bazarr
template:
metadata:
labels:
app: bazarr
spec:
containers:
- name: bazarr
image: linuxserver/bazarr:1.5.4
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: TZ
value: "Asia/Kolkata"
volumeMounts:
- name: movies
mountPath: /movies
- name: tv
mountPath: /tv
- name: config
mountPath: /config
volumes:
- name: config
persistentVolumeClaim:
claimName: bazarr-longhorn
- name: tv
nfs:
server: 10.0.0.123
path: /merge/series
- name: movies
nfs:
server: 10.0.0.123
path: /merge/movies

28
clusters/ipv6/arr-stack/jellyseerr/jellyseerr-ingress.yml
View File

@@ -1,28 +0,0 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: jellyseerr-ingress
namespace: arr-stack
annotations:
cert-manager.io/cluster-issuer: letsencrypt-cloudflare
traefik.ingress.kubernetes.io/router.middlewares: tools-authelia@kubernetescrd
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: traefik
tls:
- hosts:
- jellyseerr.akshun-lab.cc
secretName: jellyseerr-tls
rules:
- host: jellyseerr.akshun-lab.cc
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: jellyseerr-service
port:
number: 5055

15
clusters/ipv6/arr-stack/jellyseerr/jellyseerr-pvc.yml
View File

@@ -1,15 +0,0 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jellyseerr-longhorn
namespace: arr-stack
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 1Gi
storageClassName: longhorn

14
clusters/ipv6/arr-stack/jellyseerr/jellyseerr-svc.yml
View File

@@ -1,14 +0,0 @@
---
apiVersion: v1
kind: Service
metadata:
name: jellyseerr-service
namespace: arr-stack
spec:
selector:
app: jellyseerr
ports:
- port: 5055
targetPort: 5055
protocol: TCP

58
clusters/ipv6/arr-stack/jellyseerr/jellyseerr.yml
View File

@@ -1,58 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: jellyseerr
namespace: arr-stack
spec:
strategy:
type: Recreate
replicas: 1
selector:
matchLabels:
app: jellyseerr
template:
metadata:
labels:
app: jellyseerr
spec:
initContainers:
- name: gluetun
image: qmcgaw/gluetun:v3.41.0
restartPolicy: Always
securityContext:
capabilities:
add:
- NET_ADMIN
envFrom:
- configMapRef:
name: gluetun-config
env:
- name: OPENVPN_PASSWORD
valueFrom:
secretKeyRef:
name: openvpn-secrets
key: OPENVPN_PASSWORD
- name: OPENVPN_USER
valueFrom:
secretKeyRef:
name: openvpn-secrets
key: OPENVPN_USER
containers:
- name: jellyseerr
image: fallenbagel/jellyseerr:2.7.3
ports:
- containerPort: 5055
env:
- name: LOG_LEVEL
value: "info"
- name: TZ
value: "Asia/Kolkata"
volumeMounts:
- name: config
mountPath: /app/config
volumes:
- name: config
persistentVolumeClaim:
claimName: jellyseerr-longhorn

7
clusters/ipv6/arr-stack/namespace.yml
View File

@@ -1,7 +0,0 @@
---
kind: Namespace
apiVersion: v1
metadata:
name: arr-stack
labels:
name: arr-stack

13
clusters/ipv6/arr-stack/openvpn/gluetun-config.yml
View File

@@ -1,13 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: gluetun-config
namespace: arr-stack
data:
VPN_SERVICE_PROVIDER: "surfshark"
SERVER_COUNTRIES: "Netherlands"
HTTPPROXY: "ON"
FIREWALL_OUTBOUND_SUBNETS: "192.168.1.0/24,10.42.0.0/16,10.43.0.0/16"
DNS_ADDRESS: "8.8.8.8"

15
clusters/ipv6/arr-stack/openvpn/gluetun-secrets-sealed.yml
View File

@@ -1,15 +0,0 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: openvpn-secrets
namespace: arr-stack
spec:
encryptedData:
OPENVPN_PASSWORD: AgCq8+4OOOqt0Z0zTiVdtjz5uWoH7flNKwreecXW7zZ3gMi7t2dg9YApYV5lBzIxXSCx1DhMWqbgBx545n4SFkZhJhJeJRxRMYYV1b034W4TCzyJXU9d1kcUY4zesutK/HVY2R6riUdGLZzxJ9RPEa62LfdmjCc7ilOnMG2zqGwUF8g7+/I8ANnxNKYZ6WF6kmD96C6RdMMO5D2AUs7YppppsADkoQmHyTjx5geceDm7nGHSyy5ieFuvg7qd7S5s7E+GpsMWsXgl1RGD2nsyJ94h7FH0/krWR4DBu7YivgKtehTf/fK1tkqbxuqPUDJG2QVhmYwLmcEMhfajV8tmJrptfgxQ0nRbqIM/kcJeopPhbcHg/HMMfp7GwiTjfub6gxti9JQPBgMjoOdyMrYsdWPbIF8CaScF9S5owPx0sI1oHlS/q4vhQs/2jh5rIrwLTJbmo1Xwrkd86TJfuUv2G7khUDF1xLBOX9gHQFiCF+F2/JC08CKuodJ5NyYIbQ3jTFMbZHnwlsONKAgbVz40s90OumD4ujk+CtB89/p4Pz8zJC26qB3mFSiFAIQ4RbAwygA9jsFXmsuS86dxinWD+XZYWGAXvG9GHtmV1lRG55CGQ4SAKmAgECqvE0q3MCmmhIquUgl0HolkkDRC+eJadb0w2z3bpFQ9K8ZdFP50Gj37hxcaVY/CREkAuiRhpxBOzbjwQShnly4qW6mB6/r0VF8THYPOsDy5DfQ=
OPENVPN_USER: AgC/5sKPgHylU/nDJ/S63t/07I1Ll9gdBipIyWtL0Fl+OStZ1DAzt7n4oGZ+HRqZA1bLJ4ZB0xgOIL7JjFN+1AqvybrCrIrira7AwxwsRWHzboFzA8St81pQR2Bu6O6B+cfFUiFNI43yOVAn1LRWzPFjRc6wtJTym2tQbzDaFL5pdvnMRHRlDSrGfWMHvl/iNDwL4CUctBSLYNsSbew15g/KavkEfNT6DqVhGZ8LNA+223x6Xs2tsscAYZo9zEX4qxYO1jk0WxfMXA8iFqjl2icI3y6FMLtnfM4dA+4LK+5rrlyLQVoBWznwPTMSvRLEKmstKQAe4jSel/DxL0oa0SnfAty1n+weM5uA4UIvo3mgDX2tGNIeibV6Hn6aG0jTAWgSaWVjIDe/NCVKOks18nnqOI9p91MS93EoYU7gRwwpVCNYWoXQoul6G1P4EkiqtDbwKPOMgVPWIdu0unP1Af7K/QhqaelEMM/EageSXdMeZ/hDA9vMTNQlhNf+eowU0KwpQ9MXYre4m8N4twPzRQfXvU4+SNr1QsrlpB52Y0QJJJZvG9HOPfLK52Re42TxbLxGap1oQLyHhRscsQ6XIDszpEDBlXj8RYxhgaCIKfywK2Z5v0tbjdAWJuQ3Cw/kcaEa8dGT2x6BenU+XxwNIsyFkCCR5+0bJLdKZFPaT3J1wpIP8JQ/HuAWW89lxXFQ74935oecAwr93eN2rRAvdNmL71sDJoUGoSU=
template:
metadata:
name: openvpn-secrets
namespace: arr-stack
type: Opaque

28
clusters/ipv6/arr-stack/prowlarr/prowlarr-ingress.yml
View File

@@ -1,28 +0,0 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: prowlarr-ingress
namespace: arr-stack
annotations:
cert-manager.io/cluster-issuer: letsencrypt-cloudflare
traefik.ingress.kubernetes.io/router.middlewares: tools-authelia@kubernetescrd
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: traefik
tls:
- hosts:
- prowlarr.akshun-lab.cc
secretName: prowlarr-tls
rules:
- host: prowlarr.akshun-lab.cc
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: prowlarr-service
port:
number: 9696

14
clusters/ipv6/arr-stack/prowlarr/prowlarr-pvc.yml
View File

@@ -1,14 +0,0 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: prowlarr-longhorn
namespace: arr-stack
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 1Gi
storageClassName: longhorn

13
clusters/ipv6/arr-stack/prowlarr/prowlarr-svc.yml
View File

@@ -1,13 +0,0 @@
---
apiVersion: v1
kind: Service
metadata:
name: prowlarr-service
namespace: arr-stack
spec:
selector:
app: prowlarr
ports:
- port: 9696
targetPort: 9696
clusterIP: 10.43.0.142

Some files were not shown because too many files have changed in this diff Show More