Compare commits
1 Commits
main
...
c95893a692
| Author | SHA1 | Date | |
|---|---|---|---|
|
c95893a692 |
@@ -1,85 +1,95 @@
|
||||
name: Validate Kubernetes Manifests
|
||||
|
||||
on:
|
||||
push:
|
||||
paths:
|
||||
- '**.yml'
|
||||
- '**.yaml'
|
||||
- '!.gitea/workflows/**'
|
||||
- '!clusters/default/system-upgrade/crd.yml'
|
||||
pull_request:
|
||||
branches: [main]
|
||||
|
||||
jobs:
|
||||
kubeconform:
|
||||
runs-on: ubuntu-latest
|
||||
container:
|
||||
image: gitea.akshun-lab.cc/aggarwalakshun/kube-tools:1.1.0
|
||||
image: ghcr.io/yannh/kubeconform:v0.7.0-alpine
|
||||
steps:
|
||||
|
||||
- name: Install dependencies
|
||||
run: |
|
||||
apk add --no-cache \
|
||||
yq \
|
||||
findutils \
|
||||
curl \
|
||||
jq \
|
||||
npm \
|
||||
nodejs \
|
||||
bash
|
||||
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Get changed files
|
||||
id: changed-files
|
||||
uses: tj-actions/changed-files@v47
|
||||
with:
|
||||
files: |
|
||||
**.yml
|
||||
**.yaml
|
||||
!.gitea/workflows/**
|
||||
!clusters/default/system-upgrade/crd.yml
|
||||
- name: Create kubeconform configuration
|
||||
run: |
|
||||
cat > /tmp/kubeconform-config.yaml << 'EOF'
|
||||
schema_location:
|
||||
- default
|
||||
- "https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/{{ .ResourceKind }}_{{ .ResourceAPIVersion }}.json"
|
||||
EOF
|
||||
|
||||
- name: Validate Manifests
|
||||
if: steps.changed-files.outputs.any_changed == 'true'
|
||||
env:
|
||||
ALL_CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }}
|
||||
shell: bash
|
||||
run: |
|
||||
set -o pipefail
|
||||
|
||||
# Define schema mappings
|
||||
declare -A SCHEMA_MAP=(
|
||||
["HelmRelease"]="helm.toolkit.fluxcd.io/helmrelease_v2.json"
|
||||
["HelmRepository"]="source.toolkit.fluxcd.io/helmrepository_v1.json"
|
||||
["L2Advertisement"]="metallb.io/l2advertisement_v1beta1.json"
|
||||
["IPAddressPool"]="metallb.io/ipaddresspool_v1beta1.json"
|
||||
["SealedSecret"]="bitnami.com/sealedsecret_v1alpha1.json"
|
||||
["ClusterPolicy"]="nvidia.com/clusterpolicy_v1.json"
|
||||
["Plan"]="upgrade.cattle.io/plan_v1.json"
|
||||
)
|
||||
|
||||
|
||||
# Create cache directory
|
||||
export KUBECONFORM_CACHE_DIR="/tmp/kubeconform-cache"
|
||||
mkdir -p "$KUBECONFORM_CACHE_DIR"
|
||||
|
||||
# Exit code tracking
|
||||
EXIT_CODE=0
|
||||
|
||||
for file in ${ALL_CHANGED_FILES}; do
|
||||
[ -z "$file" ] && continue
|
||||
|
||||
# Process all YAML files
|
||||
while IFS= read -r file; do
|
||||
echo "=== Validating: $file ==="
|
||||
|
||||
yq e -o=json '. as $item ireduce ([]; . + [$item])' "$file" | \
|
||||
jq -c '.[] | select(.kind != null)' | \
|
||||
while read -r manifest; do
|
||||
KIND=$(echo "$manifest" | jq -r '.kind // ""')
|
||||
|
||||
if [[ -n "$KIND" && -n "${SCHEMA_MAP[$KIND]}" ]]; then
|
||||
echo "Found $KIND - using custom schema"
|
||||
SCHEMA_URL="https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/${SCHEMA_MAP[$KIND]}"
|
||||
|
||||
if ! echo "$manifest" | kubeconform \
|
||||
-schema-location "$SCHEMA_URL" \
|
||||
-output json \
|
||||
-; then
|
||||
EXIT_CODE=1
|
||||
fi
|
||||
else
|
||||
echo "Validating with default schemas"
|
||||
if ! echo "$manifest" | kubeconform \
|
||||
-schema-location default \
|
||||
-output json \
|
||||
-; then
|
||||
EXIT_CODE=1
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
|
||||
# Skip excluded paths
|
||||
if [[ "$file" == *".gitea/"* ]] || [[ "$file" == *"clusters/default/system-upgrade/"* ]]; then
|
||||
echo "Skipping excluded file"
|
||||
continue
|
||||
fi
|
||||
|
||||
# Detect resource kind
|
||||
KIND=$(yq -r '.kind // ""' "$file" 2>/dev/null || echo "")
|
||||
|
||||
if [[ -n "$KIND" && -n "${SCHEMA_MAP[$KIND]}" ]]; then
|
||||
echo "Found $KIND - using custom schema"
|
||||
SCHEMA_URL="https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/${SCHEMA_MAP[$KIND]}"
|
||||
|
||||
if ! /kubeconform \
|
||||
-schema-location "$SCHEMA_URL" \
|
||||
-cache "$KUBECONFORM_CACHE_DIR" \
|
||||
-output json \
|
||||
"$file"; then
|
||||
EXIT_CODE=1
|
||||
fi
|
||||
else
|
||||
echo "Validating with default schemas"
|
||||
if ! /kubeconform \
|
||||
-schema-location default \
|
||||
-cache "$KUBECONFORM_CACHE_DIR" \
|
||||
-output json \
|
||||
"$file"; then
|
||||
EXIT_CODE=1
|
||||
fi
|
||||
fi
|
||||
|
||||
echo ""
|
||||
done
|
||||
|
||||
done < <(find . -type f \( -name "*.yml" \) -print)
|
||||
|
||||
exit $EXIT_CODE
|
||||
|
||||
@@ -9,11 +9,11 @@ jobs:
|
||||
renovate:
|
||||
runs-on: ubuntu-latest
|
||||
container:
|
||||
image: renovate/renovate:42.64.1
|
||||
image: renovate/renovate:42.26.11
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v5
|
||||
|
||||
- name: Run Renovate
|
||||
env:
|
||||
|
||||
1
.gitignore
vendored
1
.gitignore
vendored
@@ -1,2 +1 @@
|
||||
/tmp-pod.yml
|
||||
/Dockerfile
|
||||
|
||||
@@ -18,7 +18,7 @@ spec:
|
||||
spec:
|
||||
initContainers:
|
||||
- name: gluetun
|
||||
image: qmcgaw/gluetun:v3.41.0
|
||||
image: qmcgaw/gluetun:v3.40.3
|
||||
restartPolicy: Always
|
||||
securityContext:
|
||||
capabilities:
|
||||
|
||||
@@ -18,7 +18,7 @@ spec:
|
||||
spec:
|
||||
initContainers:
|
||||
- name: gluetun
|
||||
image: qmcgaw/gluetun:v3.41.0
|
||||
image: qmcgaw/gluetun:v3.40.3
|
||||
restartPolicy: Always
|
||||
securityContext:
|
||||
capabilities:
|
||||
|
||||
@@ -18,7 +18,7 @@ spec:
|
||||
spec:
|
||||
initContainers:
|
||||
- name: gluetun
|
||||
image: qmcgaw/gluetun:v3.41.0
|
||||
image: qmcgaw/gluetun:v3.40.3
|
||||
restartPolicy: Always
|
||||
securityContext:
|
||||
capabilities:
|
||||
|
||||
@@ -17,7 +17,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: sabnzbd
|
||||
image: lscr.io/linuxserver/sabnzbd:4.5.5
|
||||
image: lscr.io/linuxserver/sabnzbd:latest
|
||||
env:
|
||||
- name: PUID
|
||||
value: "1000"
|
||||
|
||||
@@ -11,7 +11,7 @@ spec:
|
||||
branch: main
|
||||
secretRef:
|
||||
name: flux-system
|
||||
url: ssh://git@gitea.akshun-lab.cc/aggarwalakshun/k3s-at-home.git
|
||||
url: ssh://git@gitea.akshun-lab.cc/aggarwalakshun/k3s
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
|
||||
@@ -19,26 +19,29 @@ spec:
|
||||
app: gitea-act-runner
|
||||
spec:
|
||||
restartPolicy: Always
|
||||
hostNetwork: true
|
||||
volumes:
|
||||
- name: docker-certs
|
||||
emptyDir: {}
|
||||
- name: runner-data
|
||||
persistentVolumeClaim:
|
||||
claimName: gitea-act-runner-longhorn
|
||||
initContainers:
|
||||
- name: wait-for-gitea
|
||||
image: busybox
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
while ! nc -z gitea.akshun-lab.cc 443; do
|
||||
echo "Waiting for Gitea to be ready..."
|
||||
sleep 5
|
||||
done
|
||||
echo "Gitea is ready!"
|
||||
containers:
|
||||
- name: runner
|
||||
image: gitea/act_runner@sha256:8477d5b61b655caad4449888bae39f1f34bebd27db56cb15a62dccb3dcf3a944
|
||||
command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; /sbin/tini -- run.sh"]
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
nc -z gitea-int-service.git-ops.svc.cluster.local 3000
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
failureThreshold: 3
|
||||
env:
|
||||
- name: DOCKER_HOST
|
||||
value: tcp://localhost:2376
|
||||
@@ -64,7 +67,7 @@ spec:
|
||||
- name: runner-data
|
||||
mountPath: /data
|
||||
- name: daemon
|
||||
image: docker:29.1.3-dind
|
||||
image: docker:29.1.1-dind
|
||||
env:
|
||||
- name: DOCKER_TLS_CERTDIR
|
||||
value: /certs
|
||||
|
||||
@@ -1,15 +1,15 @@
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: gitea-db
|
||||
namespace: git-ops
|
||||
spec:
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: gitea-db
|
||||
serviceName: gitea-db
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
@@ -40,12 +40,7 @@ spec:
|
||||
volumeMounts:
|
||||
- name: gitea-db
|
||||
mountPath: /var/lib/postgresql
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: gitea-db
|
||||
spec:
|
||||
accessModes: ["ReadWriteOnce"]
|
||||
resources:
|
||||
requests:
|
||||
storage: 2Gi
|
||||
storageClassName: longhorn
|
||||
volumes:
|
||||
- name: gitea-db
|
||||
persistentVolumeClaim:
|
||||
claimName: gitea-db-new-longhorn
|
||||
|
||||
@@ -12,3 +12,18 @@ spec:
|
||||
requests:
|
||||
storage: 2Gi
|
||||
storageClassName: longhorn
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: gitea-db-new-longhorn
|
||||
namespace: git-ops
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
volumeMode: Filesystem
|
||||
resources:
|
||||
requests:
|
||||
storage: 2Gi
|
||||
storageClassName: longhorn
|
||||
|
||||
@@ -38,12 +38,12 @@ spec:
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: gitea-db
|
||||
name: gitea-db-service
|
||||
namespace: git-ops
|
||||
spec:
|
||||
ports:
|
||||
- port: 5432
|
||||
targetPort: 5432
|
||||
selector:
|
||||
app: gitea-db
|
||||
clusterIP: None
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 5432
|
||||
targetPort: 5432
|
||||
|
||||
@@ -16,19 +16,20 @@ spec:
|
||||
labels:
|
||||
app: gitea-app
|
||||
spec:
|
||||
initContainers:
|
||||
- name: wait-for-db
|
||||
image: busybox
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
until nc -z -v -w30 gitea-db-service 5432; do
|
||||
echo "Waiting for psql database to be ready"
|
||||
sleep 2
|
||||
done
|
||||
containers:
|
||||
- name: gitea
|
||||
image: gitea/gitea:1.25.3
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
nc -z gitea-db.git-ops.svc.cluster.local 5432
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
failureThreshold: 3
|
||||
image: gitea/gitea:1.25.2
|
||||
ports:
|
||||
- containerPort: 22
|
||||
name: ssh
|
||||
@@ -42,7 +43,7 @@ spec:
|
||||
- name: GITEA__database__DB_TYPE
|
||||
value: "postgres"
|
||||
- name: GITEA__database__HOST
|
||||
value: "gitea-db.git-ops.svc.cluster.local:5432"
|
||||
value: "gitea-db-service:5432"
|
||||
- name: GITEA__database__NAME
|
||||
value: "gitea"
|
||||
- name: GITEA__database__USER
|
||||
|
||||
@@ -6,7 +6,7 @@ metadata:
|
||||
namespace: git-ops
|
||||
data:
|
||||
SEMAPHORE_DB_USER: "semaphore"
|
||||
SEMAPHORE_DB_HOST: "semaphore-db"
|
||||
SEMAPHORE_DB_HOST: "localhost"
|
||||
SEMAPHORE_DB_PORT: "3306"
|
||||
SEMAPHORE_DB_DIALECT: "mysql"
|
||||
SEMAPHORE_DB: "semaphore"
|
||||
|
||||
@@ -1,46 +0,0 @@
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: semaphore-db
|
||||
namespace: git-ops
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: semaphore-db
|
||||
serviceName: semaphore-db
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: semaphore-db
|
||||
spec:
|
||||
containers:
|
||||
- name: mysql
|
||||
image: mysql:9.5.0
|
||||
ports:
|
||||
- containerPort: 3306
|
||||
env:
|
||||
- name: MYSQL_RANDOM_ROOT_PASSWORD
|
||||
value: "'yes'"
|
||||
- name: MYSQL_DATABASE
|
||||
value: "semaphore"
|
||||
- name: MYSQL_USER
|
||||
value: "semaphore"
|
||||
- name: MYSQL_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: semaphore-secrets
|
||||
key: mysql_password
|
||||
volumeMounts:
|
||||
- name: semaphore-db
|
||||
mountPath: /var/lib/mysql
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: semaphore-db
|
||||
spec:
|
||||
accessModes: ["ReadWriteOnce"]
|
||||
resources:
|
||||
requests:
|
||||
storage: 2Gi
|
||||
storageClassName: longhorn
|
||||
@@ -2,7 +2,7 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: gitea-app-longhorn
|
||||
name: semaphore-longhorn
|
||||
namespace: git-ops
|
||||
spec:
|
||||
accessModes:
|
||||
@@ -12,20 +12,5 @@ spec:
|
||||
selector:
|
||||
app: semaphore
|
||||
ports:
|
||||
- name: http
|
||||
port: 3002
|
||||
- port: 3002
|
||||
targetPort: 3000
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: semaphore-db
|
||||
namespace: git-ops
|
||||
spec:
|
||||
selector:
|
||||
app: semaphore-db
|
||||
ports:
|
||||
- port: 3306
|
||||
targetPort: 3306
|
||||
clusterIP: None
|
||||
|
||||
@@ -16,22 +16,33 @@ spec:
|
||||
labels:
|
||||
app: semaphore
|
||||
spec:
|
||||
initContainers:
|
||||
- name: mysql
|
||||
image: mysql:9.5.0
|
||||
restartPolicy: Always
|
||||
ports:
|
||||
- containerPort: 3306
|
||||
env:
|
||||
- name: MYSQL_RANDOM_ROOT_PASSWORD
|
||||
value: "'yes'"
|
||||
- name: MYSQL_DATABASE
|
||||
value: "semaphore"
|
||||
- name: MYSQL_USER
|
||||
value: "semaphore"
|
||||
- name: MYSQL_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: semaphore-secrets
|
||||
key: mysql_password
|
||||
volumeMounts:
|
||||
- name: db
|
||||
mountPath: /var/lib/mysql
|
||||
subPath: db
|
||||
containers:
|
||||
- name: semaphore
|
||||
image: public.ecr.aws/semaphore/pro/server:v2.16.47
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
nc -z semaphore-db.git-ops.svc.cluster.local 3306
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
failureThreshold: 3
|
||||
image: public.ecr.aws/semaphore/pro/server:v2.16.45
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 3000
|
||||
- containerPort: 3000
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: semaphore-config
|
||||
@@ -51,3 +62,7 @@ spec:
|
||||
secretKeyRef:
|
||||
name: semaphore-secrets
|
||||
key: key
|
||||
volumes:
|
||||
- name: db
|
||||
persistentVolumeClaim:
|
||||
claimName: semaphore-longhorn
|
||||
|
||||
@@ -5,16 +5,16 @@ metadata:
|
||||
name: cert-manager
|
||||
namespace: cert-manager
|
||||
spec:
|
||||
interval: 6h
|
||||
interval: 24h
|
||||
chart:
|
||||
spec:
|
||||
chart: cert-manager
|
||||
version: "v1.19.2"
|
||||
version: "v1.19.1"
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: jetstack
|
||||
namespace: flux-system
|
||||
interval: 6h
|
||||
interval: 24h
|
||||
install:
|
||||
remediation:
|
||||
retries: 3
|
||||
|
||||
@@ -5,5 +5,5 @@ metadata:
|
||||
name: jetstack
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 6h
|
||||
interval: 24h
|
||||
url: https://charts.jetstack.io
|
||||
|
||||
@@ -5,7 +5,7 @@ metadata:
|
||||
name: csi-driver-smb
|
||||
namespace: kube-system
|
||||
spec:
|
||||
interval: 6h
|
||||
interval: 24h
|
||||
chart:
|
||||
spec:
|
||||
chart: csi-driver-smb
|
||||
@@ -14,7 +14,7 @@ spec:
|
||||
kind: HelmRepository
|
||||
name: csi-driver-smb
|
||||
namespace: flux-system
|
||||
interval: 6h
|
||||
interval: 24h
|
||||
install:
|
||||
createNamespace: true
|
||||
upgrade:
|
||||
|
||||
@@ -5,5 +5,5 @@ metadata:
|
||||
name: csi-driver-smb
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 6h
|
||||
interval: 24h
|
||||
url: https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts
|
||||
|
||||
@@ -1,289 +0,0 @@
|
||||
apiVersion: nvidia.com/v1
|
||||
kind: ClusterPolicy
|
||||
metadata:
|
||||
annotations:
|
||||
meta.helm.sh/release-name: gpu-operator
|
||||
meta.helm.sh/release-namespace: gpu-operator
|
||||
generation: 2
|
||||
labels:
|
||||
app.kubernetes.io/component: gpu-operator
|
||||
app.kubernetes.io/instance: gpu-operator
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: gpu-operator
|
||||
app.kubernetes.io/version: v25.3.2
|
||||
helm.sh/chart: gpu-operator-v25.3.2
|
||||
helm.toolkit.fluxcd.io/name: gpu-operator
|
||||
helm.toolkit.fluxcd.io/namespace: gpu-operator
|
||||
name: cluster-policy
|
||||
spec:
|
||||
ccManager:
|
||||
defaultMode: "off"
|
||||
enabled: false
|
||||
env: []
|
||||
image: k8s-cc-manager
|
||||
imagePullPolicy: IfNotPresent
|
||||
repository: nvcr.io/nvidia/cloud-native
|
||||
version: v0.1.1
|
||||
cdi:
|
||||
default: false
|
||||
enabled: false
|
||||
daemonsets:
|
||||
labels:
|
||||
app.kubernetes.io/managed-by: gpu-operator
|
||||
helm.sh/chart: gpu-operator-v25.3.2
|
||||
priorityClassName: system-node-critical
|
||||
rollingUpdate:
|
||||
maxUnavailable: "1"
|
||||
tolerations:
|
||||
- effect: NoSchedule
|
||||
key: nvidia.com/gpu
|
||||
operator: Exists
|
||||
updateStrategy: RollingUpdate
|
||||
dcgm:
|
||||
enabled: false
|
||||
image: dcgm
|
||||
imagePullPolicy: IfNotPresent
|
||||
repository: nvcr.io/nvidia/cloud-native
|
||||
version: 4.2.3-1-ubuntu22.04
|
||||
dcgmExporter:
|
||||
enabled: true
|
||||
env:
|
||||
- name: DCGM_EXPORTER_LISTEN
|
||||
value: :9400
|
||||
- name: DCGM_EXPORTER_KUBERNETES
|
||||
value: "true"
|
||||
- name: DCGM_EXPORTER_COLLECTORS
|
||||
value: /etc/dcgm-exporter/dcp-metrics-included.csv
|
||||
image: dcgm-exporter
|
||||
imagePullPolicy: IfNotPresent
|
||||
repository: nvcr.io/nvidia/k8s
|
||||
serviceMonitor:
|
||||
additionalLabels: {}
|
||||
enabled: false
|
||||
honorLabels: false
|
||||
interval: 15s
|
||||
relabelings: []
|
||||
version: 4.2.3-4.1.3-ubuntu22.04
|
||||
devicePlugin:
|
||||
config:
|
||||
default: any
|
||||
name: time-slicing-config
|
||||
enabled: true
|
||||
env:
|
||||
- name: PASS_DEVICE_SPECS
|
||||
value: "true"
|
||||
- name: FAIL_ON_INIT_ERROR
|
||||
value: "true"
|
||||
- name: DEVICE_LIST_STRATEGY
|
||||
value: envvar
|
||||
- name: DEVICE_ID_STRATEGY
|
||||
value: uuid
|
||||
- name: NVIDIA_VISIBLE_DEVICES
|
||||
value: all
|
||||
- name: NVIDIA_DRIVER_CAPABILITIES
|
||||
value: all
|
||||
image: k8s-device-plugin
|
||||
imagePullPolicy: IfNotPresent
|
||||
repository: nvcr.io/nvidia
|
||||
version: v0.17.3
|
||||
driver:
|
||||
certConfig:
|
||||
name: ""
|
||||
enabled: false
|
||||
image: driver
|
||||
imagePullPolicy: IfNotPresent
|
||||
kernelModuleConfig:
|
||||
name: ""
|
||||
licensingConfig:
|
||||
configMapName: ""
|
||||
nlsEnabled: true
|
||||
manager:
|
||||
env:
|
||||
- name: ENABLE_GPU_POD_EVICTION
|
||||
value: "true"
|
||||
- name: ENABLE_AUTO_DRAIN
|
||||
value: "false"
|
||||
- name: DRAIN_USE_FORCE
|
||||
value: "false"
|
||||
- name: DRAIN_POD_SELECTOR_LABEL
|
||||
value: ""
|
||||
- name: DRAIN_TIMEOUT_SECONDS
|
||||
value: 0s
|
||||
- name: DRAIN_DELETE_EMPTYDIR_DATA
|
||||
value: "false"
|
||||
image: k8s-driver-manager
|
||||
imagePullPolicy: IfNotPresent
|
||||
repository: nvcr.io/nvidia/cloud-native
|
||||
version: v0.8.0
|
||||
rdma:
|
||||
enabled: false
|
||||
useHostMofed: false
|
||||
repoConfig:
|
||||
configMapName: ""
|
||||
repository: nvcr.io/nvidia
|
||||
startupProbe:
|
||||
failureThreshold: 120
|
||||
initialDelaySeconds: 60
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 60
|
||||
upgradePolicy:
|
||||
autoUpgrade: true
|
||||
drain:
|
||||
deleteEmptyDir: false
|
||||
enable: false
|
||||
force: false
|
||||
timeoutSeconds: 300
|
||||
maxParallelUpgrades: 1
|
||||
maxUnavailable: 25%
|
||||
podDeletion:
|
||||
deleteEmptyDir: false
|
||||
force: false
|
||||
timeoutSeconds: 300
|
||||
waitForCompletion:
|
||||
timeoutSeconds: 0
|
||||
useNvidiaDriverCRD: false
|
||||
usePrecompiled: false
|
||||
version: 570.148.08
|
||||
virtualTopology:
|
||||
config: ""
|
||||
gdrcopy:
|
||||
enabled: false
|
||||
image: gdrdrv
|
||||
imagePullPolicy: IfNotPresent
|
||||
repository: nvcr.io/nvidia/cloud-native
|
||||
version: v2.5
|
||||
gfd:
|
||||
enabled: true
|
||||
env:
|
||||
- name: GFD_SLEEP_INTERVAL
|
||||
value: 60s
|
||||
- name: GFD_FAIL_ON_INIT_ERROR
|
||||
value: "true"
|
||||
image: k8s-device-plugin
|
||||
imagePullPolicy: IfNotPresent
|
||||
repository: nvcr.io/nvidia
|
||||
version: v0.17.3
|
||||
hostPaths:
|
||||
driverInstallDir: /run/nvidia/driver
|
||||
rootFS: /
|
||||
kataManager:
|
||||
config:
|
||||
artifactsDir: /opt/nvidia-gpu-operator/artifacts/runtimeclasses
|
||||
runtimeClasses:
|
||||
- artifacts:
|
||||
pullSecret: ""
|
||||
url: nvcr.io/nvidia/cloud-native/kata-gpu-artifacts:ubuntu22.04-535.54.03
|
||||
name: kata-nvidia-gpu
|
||||
nodeSelector: {}
|
||||
- artifacts:
|
||||
pullSecret: ""
|
||||
url: nvcr.io/nvidia/cloud-native/kata-gpu-artifacts:ubuntu22.04-535.86.10-snp
|
||||
name: kata-nvidia-gpu-snp
|
||||
nodeSelector:
|
||||
nvidia.com/cc.capable: "true"
|
||||
enabled: false
|
||||
image: k8s-kata-manager
|
||||
imagePullPolicy: IfNotPresent
|
||||
repository: nvcr.io/nvidia/cloud-native
|
||||
version: v0.2.3
|
||||
mig:
|
||||
strategy: single
|
||||
migManager:
|
||||
config:
|
||||
default: all-disabled
|
||||
name: default-mig-parted-config
|
||||
enabled: true
|
||||
env:
|
||||
- name: WITH_REBOOT
|
||||
value: "false"
|
||||
gpuClientsConfig:
|
||||
name: ""
|
||||
image: k8s-mig-manager
|
||||
imagePullPolicy: IfNotPresent
|
||||
repository: nvcr.io/nvidia/cloud-native
|
||||
version: v0.12.2-ubuntu20.04
|
||||
nodeStatusExporter:
|
||||
enabled: false
|
||||
image: gpu-operator-validator
|
||||
imagePullPolicy: IfNotPresent
|
||||
repository: nvcr.io/nvidia/cloud-native
|
||||
version: v25.3.2
|
||||
operator:
|
||||
defaultRuntime: docker
|
||||
initContainer:
|
||||
image: cuda
|
||||
imagePullPolicy: IfNotPresent
|
||||
repository: nvcr.io/nvidia
|
||||
version: 12.8.1-base-ubi9
|
||||
runtimeClass: nvidia
|
||||
psa:
|
||||
enabled: false
|
||||
sandboxDevicePlugin:
|
||||
enabled: true
|
||||
image: kubevirt-gpu-device-plugin
|
||||
imagePullPolicy: IfNotPresent
|
||||
repository: nvcr.io/nvidia
|
||||
version: v1.3.1
|
||||
sandboxWorkloads:
|
||||
defaultWorkload: container
|
||||
enabled: false
|
||||
toolkit:
|
||||
enabled: true
|
||||
env:
|
||||
- name: CONTAINERD_SOCKET
|
||||
value: /run/k3s/containerd/containerd.sock
|
||||
- name: CONTAINERD_CONFIG
|
||||
value: /var/lib/rancher/k3s/agent/etc/containerd/config.toml
|
||||
image: container-toolkit
|
||||
imagePullPolicy: IfNotPresent
|
||||
installDir: /usr/local/nvidia
|
||||
repository: nvcr.io/nvidia/k8s
|
||||
version: v1.17.8-ubuntu20.04
|
||||
validator:
|
||||
image: gpu-operator-validator
|
||||
imagePullPolicy: IfNotPresent
|
||||
plugin:
|
||||
env:
|
||||
- name: WITH_WORKLOAD
|
||||
value: "false"
|
||||
repository: nvcr.io/nvidia/cloud-native
|
||||
version: v25.3.2
|
||||
vfioManager:
|
||||
driverManager:
|
||||
env:
|
||||
- name: ENABLE_GPU_POD_EVICTION
|
||||
value: "false"
|
||||
- name: ENABLE_AUTO_DRAIN
|
||||
value: "false"
|
||||
image: k8s-driver-manager
|
||||
imagePullPolicy: IfNotPresent
|
||||
repository: nvcr.io/nvidia/cloud-native
|
||||
version: v0.8.0
|
||||
enabled: true
|
||||
image: cuda
|
||||
imagePullPolicy: IfNotPresent
|
||||
repository: nvcr.io/nvidia
|
||||
version: 12.8.1-base-ubi9
|
||||
vgpuDeviceManager:
|
||||
config:
|
||||
default: default
|
||||
name: ""
|
||||
enabled: true
|
||||
image: vgpu-device-manager
|
||||
imagePullPolicy: IfNotPresent
|
||||
repository: nvcr.io/nvidia/cloud-native
|
||||
version: v0.3.0
|
||||
vgpuManager:
|
||||
driverManager:
|
||||
env:
|
||||
- name: ENABLE_GPU_POD_EVICTION
|
||||
value: "false"
|
||||
- name: ENABLE_AUTO_DRAIN
|
||||
value: "false"
|
||||
image: k8s-driver-manager
|
||||
imagePullPolicy: IfNotPresent
|
||||
repository: nvcr.io/nvidia/cloud-native
|
||||
version: v0.8.0
|
||||
enabled: false
|
||||
image: vgpu-manager
|
||||
imagePullPolicy: IfNotPresent
|
||||
@@ -5,7 +5,7 @@ metadata:
|
||||
name: gpu-operator
|
||||
namespace: gpu-operator
|
||||
spec:
|
||||
interval: 6h
|
||||
interval: 24h
|
||||
chart:
|
||||
spec:
|
||||
chart: gpu-operator
|
||||
@@ -14,7 +14,7 @@ spec:
|
||||
kind: HelmRepository
|
||||
name: nvidia
|
||||
namespace: flux-system
|
||||
interval: 6h
|
||||
interval: 24h
|
||||
install:
|
||||
createNamespace: true
|
||||
upgrade:
|
||||
|
||||
@@ -5,5 +5,5 @@ metadata:
|
||||
name: nvidia
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 6h
|
||||
interval: 24h
|
||||
url: https://helm.ngc.nvidia.com/nvidia
|
||||
|
||||
@@ -9,7 +9,7 @@ spec:
|
||||
chart:
|
||||
spec:
|
||||
chart: intel-device-plugins-operator
|
||||
version: "0.34.1"
|
||||
version: "0.34.0"
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: intel
|
||||
|
||||
@@ -5,16 +5,16 @@ metadata:
|
||||
name: gpu-device-plugin
|
||||
namespace: gpu-operator
|
||||
spec:
|
||||
interval: 6h
|
||||
interval: 24h
|
||||
chart:
|
||||
spec:
|
||||
chart: intel-device-plugins-gpu
|
||||
version: "0.34.1"
|
||||
version: "0.34.0"
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: intel
|
||||
namespace: flux-system
|
||||
interval: 6h
|
||||
interval: 24h
|
||||
install:
|
||||
remediation:
|
||||
retries: 3
|
||||
|
||||
@@ -5,5 +5,5 @@ metadata:
|
||||
name: intel
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 6h
|
||||
interval: 24h
|
||||
url: https://intel.github.io/helm-charts
|
||||
|
||||
@@ -5,7 +5,7 @@ metadata:
|
||||
name: longhorn
|
||||
namespace: longhorn-system
|
||||
spec:
|
||||
interval: 6h
|
||||
interval: 24h
|
||||
chart:
|
||||
spec:
|
||||
chart: longhorn
|
||||
@@ -14,7 +14,7 @@ spec:
|
||||
kind: HelmRepository
|
||||
name: longhorn
|
||||
namespace: flux-system
|
||||
interval: 6h
|
||||
interval: 24h
|
||||
install:
|
||||
createNamespace: true
|
||||
upgrade:
|
||||
|
||||
@@ -5,5 +5,5 @@ metadata:
|
||||
name: longhorn
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 6h
|
||||
interval: 24h
|
||||
url: https://charts.longhorn.io
|
||||
|
||||
@@ -5,16 +5,16 @@ metadata:
|
||||
name: metallb
|
||||
namespace: metallb-system
|
||||
spec:
|
||||
interval: 6h
|
||||
interval: 24h
|
||||
chart:
|
||||
spec:
|
||||
chart: metallb
|
||||
version: "0.15.3"
|
||||
version: "0.15.2"
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: metallb
|
||||
namespace: flux-system
|
||||
interval: 6h
|
||||
interval: 24h
|
||||
install:
|
||||
createNamespace: true
|
||||
upgrade:
|
||||
|
||||
@@ -5,5 +5,5 @@ metadata:
|
||||
name: metallb
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 6h
|
||||
interval: 24h
|
||||
url: https://metallb.github.io/metallb
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: ollama-longhorn
|
||||
namespace: tools
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
volumeMode: Filesystem
|
||||
resources:
|
||||
requests:
|
||||
storage: 10Gi
|
||||
storageClassName: longhorn
|
||||
@@ -1,35 +0,0 @@
|
||||
---
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: ollama
|
||||
namespace: tools
|
||||
spec:
|
||||
interval: 6h
|
||||
chart:
|
||||
spec:
|
||||
chart: ollama
|
||||
version: "1.36.0"
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: ollama
|
||||
namespace: flux-system
|
||||
interval: 6h
|
||||
install:
|
||||
remediation:
|
||||
retries: 3
|
||||
upgrade:
|
||||
remediation:
|
||||
retries: 3
|
||||
values:
|
||||
ollama:
|
||||
gpu:
|
||||
enabled: true
|
||||
type: nvidia
|
||||
service:
|
||||
type: LoadBalancer
|
||||
port: 2123
|
||||
runtimeClassName: nvidia
|
||||
persistentVolume:
|
||||
enabled: true
|
||||
existingClaim: ollama-longhorn
|
||||
@@ -1,9 +0,0 @@
|
||||
---
|
||||
apiVersion: source.toolkit.fluxcd.io/v1
|
||||
kind: HelmRepository
|
||||
metadata:
|
||||
name: ollama
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 6h
|
||||
url: https://otwld.github.io/ollama-helm/
|
||||
@@ -5,16 +5,16 @@ metadata:
|
||||
name: prometheus
|
||||
namespace: monitoring
|
||||
spec:
|
||||
interval: 6h
|
||||
interval: 24h
|
||||
chart:
|
||||
spec:
|
||||
chart: prometheus
|
||||
version: "28.0.0"
|
||||
version: "27.49.0"
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: prometheus-community
|
||||
namespace: flux-system
|
||||
interval: 6h
|
||||
interval: 24h
|
||||
install:
|
||||
remediation:
|
||||
retries: 3
|
||||
|
||||
@@ -5,5 +5,5 @@ metadata:
|
||||
name: prometheus-community
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 6h
|
||||
interval: 24h
|
||||
url: https://prometheus-community.github.io/helm-charts
|
||||
|
||||
@@ -15,7 +15,7 @@ spec:
|
||||
version: '>=1.15.0-0'
|
||||
install:
|
||||
crds: Create
|
||||
interval: 6h
|
||||
interval: 24h
|
||||
releaseName: sealed-secrets-controller
|
||||
upgrade:
|
||||
crds: CreateReplace
|
||||
|
||||
@@ -5,5 +5,5 @@ metadata:
|
||||
name: sealed-secrets
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 6h
|
||||
interval: 24h
|
||||
url: https://bitnami-labs.github.io/sealed-secrets
|
||||
|
||||
@@ -1,33 +1,30 @@
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: immich-psql
|
||||
name: immich-db
|
||||
namespace: media
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: immich-psql
|
||||
serviceName: immich-psql
|
||||
replicas: 1
|
||||
app: immich-db
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: immich-psql
|
||||
app: immich-db
|
||||
spec:
|
||||
initContainers:
|
||||
- name: cleanup
|
||||
image: busybox
|
||||
command: ['sh', '-c', 'rm -rf /var/lib/postgresql/data/lost+found']
|
||||
volumeMounts:
|
||||
- name: immich-db
|
||||
mountPath: /var/lib/postgresql/data
|
||||
containers:
|
||||
- name: redis
|
||||
image: docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571
|
||||
env:
|
||||
- name: REDIS_HOSTNAME
|
||||
value: "localhost"
|
||||
ports:
|
||||
- containerPort: 6379
|
||||
- name: immich-psql
|
||||
image: ghcr.io/immich-app/postgres:14-vectorchord0.3.0-pgvectors0.2.0
|
||||
ports:
|
||||
- containerPort: 5432
|
||||
name: postgres
|
||||
env:
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
@@ -42,13 +39,9 @@ spec:
|
||||
value: "--data-checksums"
|
||||
volumeMounts:
|
||||
- mountPath: /var/lib/postgresql/data
|
||||
name: immich-db
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: immich-db
|
||||
spec:
|
||||
accessModes: ["ReadWriteOnce"]
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
storageClassName: longhorn
|
||||
name: immich
|
||||
volumes:
|
||||
- name: immich
|
||||
nfs:
|
||||
server: 10.0.0.10
|
||||
path: /home/akshun/immich-data
|
||||
|
||||
@@ -19,7 +19,7 @@ spec:
|
||||
runtimeClassName: nvidia
|
||||
containers:
|
||||
- name: immich-machine-learning
|
||||
image: ghcr.io/immich-app/immich-machine-learning:v2.4.1-cuda
|
||||
image: ghcr.io/immich-app/immich-machine-learning:v2.3.1-cuda
|
||||
ports:
|
||||
- containerPort: 3003
|
||||
env:
|
||||
|
||||
@@ -1,23 +0,0 @@
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: immich-redis
|
||||
namespace: media
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: immich-redis
|
||||
serviceName: immich-redis
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: immich-redis
|
||||
spec:
|
||||
containers:
|
||||
- name: redis
|
||||
image: docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571
|
||||
ports:
|
||||
- containerPort: 6379
|
||||
name: redis
|
||||
@@ -36,28 +36,26 @@ spec:
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: immich-psql
|
||||
name: immich-psql-service
|
||||
namespace: media
|
||||
spec:
|
||||
selector:
|
||||
app: immich-psql
|
||||
app: immich-db
|
||||
ports:
|
||||
- name: postgres
|
||||
- protocol: TCP
|
||||
port: 5432
|
||||
targetPort: 5432
|
||||
clusterIP: None
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: immich-redis
|
||||
name: immich-redis-service
|
||||
namespace: media
|
||||
spec:
|
||||
selector:
|
||||
app: immich-redis
|
||||
app: immich-db
|
||||
ports:
|
||||
- name: redis
|
||||
- protocol: TCP
|
||||
port: 6379
|
||||
targetPort: 6379
|
||||
clusterIP: None
|
||||
|
||||
@@ -16,37 +16,48 @@ spec:
|
||||
labels:
|
||||
app: immich-app
|
||||
spec:
|
||||
initContainers:
|
||||
- name: wait-for-redis
|
||||
image: busybox
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
until nc -z -v -w30 immich-redis-service 6379; do
|
||||
echo "Waiting for redis database to be ready..."
|
||||
sleep 2
|
||||
done
|
||||
- name: wait-for-psql
|
||||
image: busybox
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
until nc -z -v -w30 immich-psql-service 5432; do
|
||||
echo "Waiting for psql database to be ready"
|
||||
sleep 2
|
||||
done
|
||||
containers:
|
||||
- name: immich-server
|
||||
image: ghcr.io/immich-app/immich-server:v2.4.1
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
pg_isready -h immich-psql.media.svc.cluster.local -U postgres -p 5432
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 5
|
||||
failureThreshold: 5
|
||||
image: ghcr.io/immich-app/immich-server:v2.3.1
|
||||
ports:
|
||||
- containerPort: 2283
|
||||
env:
|
||||
- name: TZ
|
||||
value: "Asia/Kolkata"
|
||||
- name: REDIS_HOSTNAME
|
||||
value: "immich-redis.media.svc.cluster.local"
|
||||
- name: DB_USERNAME
|
||||
value: "postgres"
|
||||
- name: DB_DATABASE_NAME
|
||||
value: "immich"
|
||||
- name: DB_HOSTNAME
|
||||
value: "immich-psql.media.svc.cluster.local"
|
||||
value: "immich-redis-service"
|
||||
- name: DB_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: immich-postgres-secret
|
||||
key: password
|
||||
- name: DB_USERNAME
|
||||
value: "postgres"
|
||||
- name: DB_DATABASE_NAME
|
||||
value: "immich"
|
||||
- name: DB_HOSTNAME
|
||||
value: "immich-psql-service"
|
||||
volumeMounts:
|
||||
- mountPath: /usr/src/app/upload
|
||||
name: pictures
|
||||
|
||||
@@ -1,28 +0,0 @@
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: invidious-companion
|
||||
namespace: media
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: invidious-companion
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: invidious-companion
|
||||
spec:
|
||||
containers:
|
||||
- name: inv-companion
|
||||
image: quay.io/invidious/invidious-companion@sha256:639c8b32dec2e0200c36ed369cf494eb0ca765fdb14d5890d7f460c89a34272d
|
||||
env:
|
||||
- name: SERVER_SECRET_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: invidious-secrets
|
||||
key: INVIDIOUS_COMPANION_KEY
|
||||
securityContext:
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
@@ -10,10 +10,10 @@ data:
|
||||
dbname: invidious
|
||||
user: kemal
|
||||
password: ${INVIDIOUS_DB_PASSWORD}
|
||||
host: invidious-db.media.svc.cluster.local
|
||||
host: localhost
|
||||
port: 5432
|
||||
check_tables: true
|
||||
invidious_companion:
|
||||
- private_url: "http://invidious-companion-service.media.svc.cluster.local:8282/companion"
|
||||
- private_url: "http://localhost:8282/companion"
|
||||
invidious_companion_key: ${INVIDIOUS_COMPANION_KEY}
|
||||
hmac_key: ${INVIDIOUS_HMAC_KEY}
|
||||
|
||||
@@ -1,59 +0,0 @@
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: invidious-db
|
||||
namespace: media
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: invidious-db
|
||||
serviceName: invidious-db
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: invidious-db
|
||||
spec:
|
||||
initContainers:
|
||||
- name: clean-db-dir
|
||||
image: busybox
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
rm -rf /var/lib/postgresql/lost+found
|
||||
volumeMounts:
|
||||
- name: postgres-data
|
||||
mountPath: /var/lib/postgresql
|
||||
containers:
|
||||
- name: postgres
|
||||
image: postgres:18
|
||||
env:
|
||||
- name: POSTGRES_DB
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: invidious-db-secrets
|
||||
key: postgres-db
|
||||
- name: POSTGRES_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: invidious-db-secrets
|
||||
key: postgres-user
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: invidious-db-secrets
|
||||
key: postgres-password
|
||||
volumeMounts:
|
||||
- name: postgres-data
|
||||
mountPath: /var/lib/postgresql
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: postgres-data
|
||||
spec:
|
||||
accessModes: ["ReadWriteOnce"]
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
storageClassName: longhorn
|
||||
@@ -2,8 +2,8 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: paperless-longhorn
|
||||
namespace: tools
|
||||
name: invidious-longhorn
|
||||
namespace: media
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
@@ -15,30 +15,3 @@ spec:
|
||||
- port: 3111
|
||||
targetPort: 3000
|
||||
protocol: TCP
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: invidious-companion-service
|
||||
namespace: media
|
||||
spec:
|
||||
selector:
|
||||
app: invidious-companion
|
||||
ports:
|
||||
- port: 8282
|
||||
targetPort: 8282
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: invidious-db
|
||||
namespace: media
|
||||
spec:
|
||||
selector:
|
||||
app: invidious-db
|
||||
ports:
|
||||
- port: 5432
|
||||
targetPort: 5432
|
||||
clusterIP: None
|
||||
|
||||
@@ -33,6 +33,51 @@ spec:
|
||||
- name: tmp
|
||||
mountPath: /mnt
|
||||
subPath: invidious.yml
|
||||
- name: clean-db-dir
|
||||
image: busybox
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
rm -rf /var/lib/postgresql/lost+found
|
||||
volumeMounts:
|
||||
- name: postgres-data
|
||||
mountPath: /var/lib/postgresql
|
||||
- name: postgres
|
||||
image: postgres:18
|
||||
restartPolicy: Always
|
||||
env:
|
||||
- name: POSTGRES_DB
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: invidious-db-secrets
|
||||
key: postgres-db
|
||||
- name: POSTGRES_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: invidious-db-secrets
|
||||
key: postgres-user
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: invidious-db-secrets
|
||||
key: postgres-password
|
||||
volumeMounts:
|
||||
- name: postgres-data
|
||||
mountPath: /var/lib/postgresql
|
||||
- name: inv-companion
|
||||
image: quay.io/invidious/invidious-companion@sha256:a9de6b495fcad1de80d18b4452409e3f328af1f93cd0729c18fc833012efa9c8
|
||||
restartPolicy: Always
|
||||
env:
|
||||
- name: SERVER_SECRET_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: invidious-secrets
|
||||
key: INVIDIOUS_COMPANION_KEY
|
||||
securityContext:
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
containers:
|
||||
- name: invidious
|
||||
image: quay.io/invidious/invidious@sha256:2836b5b8226a53a9cc2afdbd5f5fe6bccdd200f2e17cd92a828b4dc8d8b5cc06
|
||||
@@ -42,13 +87,6 @@ spec:
|
||||
- |
|
||||
export INVIDIOUS_CONFIG="$(cat /mnt/invidious.yml)" &&
|
||||
exec /invidious/invidious
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
nc -z invidious-db.media.svc.cluster.local 5432 && nc -z invidious-companion-service.media.svc.cluster.local 8282
|
||||
env:
|
||||
- name: INVIDIOUS_PORT
|
||||
value: "3000"
|
||||
@@ -68,3 +106,6 @@ spec:
|
||||
- name: invidious-config
|
||||
configMap:
|
||||
name: invidious-config
|
||||
- name: postgres-data
|
||||
persistentVolumeClaim:
|
||||
claimName: invidious-longhorn
|
||||
|
||||
@@ -2,13 +2,13 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: jellyfin-pvc
|
||||
name: jellyfin-longhorn
|
||||
namespace: media
|
||||
spec:
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
storageClassName: longhorn
|
||||
volumeMode: Filesystem
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
volumeMode: Filesystem
|
||||
resources:
|
||||
requests:
|
||||
storage: 15Gi
|
||||
storageClassName: longhorn
|
||||
|
||||
@@ -18,7 +18,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: jellyfin
|
||||
image: jellyfin/jellyfin:10.11.5
|
||||
image: jellyfin/jellyfin:10.11.4
|
||||
ports:
|
||||
- containerPort: 8096
|
||||
volumeMounts:
|
||||
@@ -40,7 +40,7 @@ spec:
|
||||
volumes:
|
||||
- name: config
|
||||
persistentVolumeClaim:
|
||||
claimName: jellyfin-pvc
|
||||
claimName: jellyfin-longhorn
|
||||
- name: cache
|
||||
emptyDir: {}
|
||||
- name: media
|
||||
|
||||
@@ -6,23 +6,22 @@ metadata:
|
||||
namespace: monitoring
|
||||
spec:
|
||||
encryptedData:
|
||||
ALLOWED_HOSTS: AgAwNxnFMRAE5sHGwA+CWTVKGkL4ompOb2alObZfiM2x2GkuQoeNEIKAgW1nZSIJnn60NZd7zwG6xNS/hFXVEzLQ0+07Aqd9zORQr8MLe0rBJxXPjp2RHzHuW/DSh5cadjanwuazZ5LSfDGKtwI1xC2qdIpM+eUUxfu5QozSGiOuM8eSzi0t7uwa9yvYI80+J7NErJBhOiKiUf+CUtd6UA2upBXHNgs2fcu2o89XtjGzP3k+fjA4GcLugLJ8HOAcF5JWNAUlWBuLPoDiAbSsTYavpbl05bghbTqyPIhaX9ifDA1wyZOjYywITZ1SUE1Av61l8GT9DfHEvgORvweuONRoUyi8o1aLDc2idIlQQTSwzsP3O/Z+iiGLWi3fo4/4KuMDqDWNmTtiuRiYEqhE33bt4IXhiQDQweanqyb4QboXORmmKfuqyzgC1RFd2foKVSDaFUkKeQDiLUCTBt2QNJPPD+4Grxa/KDujIWBV9eDiWQIM7qsQPn+4/fZA+h8nn++o1u/Faz3fE3q1NznsvMXIeBqYx/s93K2M9pGvDjrwHs7nIXalg+QzIFLP3wHTbKshwBgF9zcRiioblBucTjvy2MRv9VgaJDjcMhfSSWuyFsSkQNNQUkyud1XbPZ/563LKArqmOONU/x9X0tx3cdL3X3KcmwaCNijulWG4UGTHVTfAKNHnRgtIy+S8LoAnnXq8Mw9y7gjqzECT4KfWiN7BGkc=
|
||||
BAZARR_API_KEY: AgBEsWcgL2EBxfwz56b5qbTyeqY/5q40Sm2V2gmmb+y+/4irQi8CVdUdb3CwlIhoMrB7qCWyGMps9wHx+KMWWc2xqAN+0x0mw1KliVEPQhdbdTnn6/gEHar3mjVj6wFvgXy2I8YPlWNiqKtFyyNWs6KrbvwCh5qHPNqVRUgNAT64z+WWDsPbaDLta3+x6IV+zQLvQELU+R2F5uoJb/dkgmtl97NdUT+/esc61B1MkSkg5cy49N9jzuKsZpvtusSFIJvzr2tTJxviS3mzHk2SqmfZcjZhgo9YerJXnlLvW9dYME6FVMeWG4NkU1Nid4Obcr1UKc6zi6YnF7g6lCg1R3dehVkcdUacbxcaJGTX495ugWDJqKcGXJiHd+2iL9VVjGpRIK9mLy6a3FliPURfw4yjhbLh4GJAd9GJEpj943cJAOxookeiuimJwmtHszcxlUqXJI+n6NcTdesT/F+MzNTC10X7ikR3osBm5FdB1IXpLDlcyLZY/IjsnbGUtSica6HyPBenW7kZHsEDU+tVCggHCrLS7vPmK/Wjj3D9Ijza3guVOkvTf1pBI/9+9TDpXm93RLAAYf+e+TBOXIWtBBaPed9JGgxZZEmimedAjU0rc/mysPeZkfkgLUa6FafWEdiWhXHF4x85iSp3aXs8N5rY9bHswpht+U0F8DbquYSm74IPC9Af6GVUgFuxXpXnu8ePIGi9yRyi1u2QE8d3JZxJHzam6Fy/EFMhY/r4xSMr6A==
|
||||
DOMAIN: AgAc/axtBDWTTaaefN4lv4mx0SAAxgIKGf1bnwtL9jsPolr+HwDCOHpkFZcvhA5BHvssRQM5w/3T8nSepCTsZ9V8AYhvKqPg9rRGEnmqnWiOdoBLT4yNXP6tDZ3vy/XawFRk//dA9aG9fbAzsJgqYrGOOOMEURb6U8GRS7+AamsEbsnm00D5xE0/16YUveW1pGNRm2EKlHJMGAnpnBqaVK4u7LyNyUf9UDt4KUyz+VdSB2Ij/bkuQyNRo2YFGnUBA0AxUo7ve4CdsRpcwL8TCPeUgng4A9p2Bmeo5Z1WuKExJWHfGWVX0fxNhHoVA462fg7HORc3asC/Gi+MnEDosE8NfpWhylW6TPzpuXu957jvZhs996JUFxGhgMRVn9KRRaXGdmNPo4BiD3JmKE9MX26nDO3tGrilc5d9vuhCchfu6RwWAxbbMpz9Y3LM6hP84bbeLbmEDZ6I/ILGxx1sggkcJF8IZ/QtC1JIg6p/T4+BfQzMIj00LVPxVEP97dw/hkiTP4xbwBTMRtCf8RF5DXprQXokE5hPtfpOpRyLFnlhvXkHPMl1HgRUSmB3JvnVTf4Pf0tmvr5wS0shDI0SbjxeQMBO8wkTQcLMPH4g3wM2YL+az9hRnv7ZZ+P4duUghUReYIjgjaoG0UU8wTNxIFKnzLP6S7Ys0/8FxqM4ML0KHy2uW/Ip869UVupQY17+qQ+ek8dbuMIqE1kW3lLH
|
||||
GITEA_API_KEY: AgCDvcSCoZHlgXRV2EQ9Axi5uVbXiqeWrgu7v5dzzjmSHz36bftH+PCR/NQwj79uCPfyDCMEqfYDK0Bypn+K0vPlf3vktAxOc6sxjh61ciZo9lu/FTRsmDV9thQA+ZTxJtYg6ZfyFaVd2/XxA3Lsh3Un530qwu2wTFC5raoyqIBkyZm83T6dlz4GhrteOAvGibOYWaEPcJlVslARqrzHg/rJK0nCNS88OhvIVLcIUq0j82boEB2CUqlLfP36kx2y0eUdOfQYgzTF2uGL7oZTEkXrb4+QG2+SY1NUCg4SS6CJbqP5TPFYDCpCoi4YNCd0De/YgOKoUBDs0gV/VHNRs/YgDbYcC30I9UL9Da3KSYcQtS9SMs57RcBNHPGE0WurP+E36RbodfuIAP6XPTBPvP93XDLavHNJesHAmcNX13hqx3Otzca4zC0IbIl67jNzPS4bo3Spta9FCtN589PMEzhm/YOxAaklttKQ4IqGS+yadIgKRbfUOEUnGEtFyk6IpcccXuNE6A2OKqVEbDHr2JCuCpsC0WT/Ysvkic1yoScetzsHtM1m9ASOZGvwJZnIxfzF5wOzmYo3QLJAWcDH3956NU8J18orpiifU9yyRk7viQYH07AarjoRwR97nN1JlP1CJ9p3+vdxgBtnwpQDKeJUnVtq5OpqzyGJ7ZTlNb694rNE+rY1Ufm+1vVUUv/8B7yGxi6YT2kzQia7aWIkP2B3ngaZPt4EkJwCgITkB1qTl2SJZvjNDJxg
|
||||
IMMICH_API_KEY: AgAsbCSTCRY3aiCtCEsg9uF49S3TF++x6tPr9MRiYt0xYLv28oZk1Y0E/aiX63MfRAh/WGu3zp0qPlQ6vb/Op8CT62uHZZ+Ngm33C1YS/ZyMzmyMqKaNg8kTpUdW9h6gb6HVdRtJmtCwjJMgpVocnItS7Swg/GPTPwNit2Vq6S5D/qK2uG+dkWFWaF11looSkpmG2l90LWRFK02p16vIdRW3wieJtBeo9mkuNPMu06toX6iAM3OaoWqFVeU0skTPvM55r7JN4kckpjxf+UwZw07tDAOyWlOoCpPy+tzr0Ezyd3mp4FwlgB5RVJwLsHRgqQ9QsBjKdQ5EOyhIo0g3J7jhkRTZblUcv+Q8zsMrE2uwYsSxx7Lu5bp1QjiZHAHZ7AepwSPl0uLpAx+9x03lr4Y+vKTfPcRHRBqo+A6/vGwqdeNahnrTTMG8dO3akN15f6ssZvcYAI3YD4PiSWYHr18mu5IZGRnwwZkfrJGeMvbJAnQAOOJMP+VE3Ca3cVpbHQ878Fc3ZbYVrhJveJY45i9OIiPjzm4h1hM/ISzMmeECb2unQsjzlwtbXMeRf9/HzwICBBa8XmBiDFb9p9Xl9SCwF7hgzdtHi7p8B+M13FShbwxplFHHLUBP/SR4TqWodMVad8JfgT7LUs2+qN0BqNX8Ogltx9MyHUEGH+VZMkYr6l3HY+y1X8gv1SHHFsxkDT00nbEHlgHp8CMxXydIAGQT/QCFTqXY/G+v2Lo159KXyVVcmsS9vyBIFfc=
|
||||
JELLYFIN_API_KEY: AgAMLEPLxHadKP7Ln+Y/zYXpROzPqTib9hiDE9EKqwlhdv93XX7+NUPC22jrkRBkR3/ICwOJs32v8cqD/T+3ERmN5vPphRyBRroONMRSfUfFRA3cqRDfTXKYFwoKJFCZBiOSarNcOpY+hmFM++4lhnsOOG6tk2Gt+C8WGQSynJ45YFDgyOQUFBT5FdQTbdEOMts7RY6MXtS5S11Ej9Ri7fckxjeKCidoagdvZt27GegiqRdOc0Zc1DJelqTorSYi4UZL4Tho2H9EHcGPR2s3XBfFNWXH94Rw6yh8bvtvMkvzeL8RLUDq+diciRZw6k7TvluF92TcQxkjfnryb/nIGV1cy1ccTrW0XcnBYD6A6pe4CPCKiTmlDZmTNDqWiPg4rVyhqjeUiMUgIK367gYY2H9rFlrZms6+tJe0KtQnFS+lAck3sSeyjavL5fv0A2MgL1zXd41fOWibSLMPP9D/v/lE5YuqJVFfj/AsMgGZx2K5yY0le7bAeVbIq8f0eoroAwL5OLd91IQD+YUzqBWhe41VXC5nuPSstAVDkg6RYJVB4mrO/m2hc6KsWK29m11qAFUImut0P4j1Rb5FOy2MhORbDv18mQu0pqoKVxnJQVgdTJ5puDxlCFfe/jzR8UcKlICu2LR/R5uyY5T0SQ04aI5bLp+RiZjU2SS5GfXDrjz7C7h7j15aEBgZNNggvcSTFr/kNZVczmBWxCah5ckTF/4pWr8WlS17YSvSxQT3OgYDRQ==
|
||||
JELLYSEERR_API_KEY: AgCmBjM6O/Y/gsb+BXwCFhDu3dea/itAx6zGvz+ammVzUSPJE4+N4u4PEkT8ZUIay9Q8Uf3BERiidu2wcMdT5BJ74JhLRZdxMAjC1MbSz92DRKntWDxNm5q0FgRYrbSV8qWNhwG9vNROObNTmgLuxMw5RF2Py0IJxA2Yy8Lc+Ff3d95mkijjuKf4Q3VdI1Zk1mGuZhQbw4+yJE0SzeEv+dQlqWTXMWc74K3xXpEipEJSUMXj856vnTvUJlp5vCWZS3nCfEZoCdMrZ8cvx8iV8tRqGk3zGVaAekZKq+YMLe5ERbAHlNj0f0imJZ7IesVBUdkYEWZUzepMidiEIkITrFfTUKHUCZzfThCKJrQtl8c7d8dtPyklqA0HLcD2TsqAF5XO6fBrBXUm3+9B7siTFAZCfuit5Q2hon+Sx+uIEEwZMmwzf2RbpXQxXViK+Hs7NpeGPUqOH4HpagBzwzyrXu76swelnKSgMMo/D9iTR1ymnsc05t3MAp3ypRfqfvRWbUmpWZYiz5CejuUXecm7osZuz3vMoopBUI/q/aaLhs4+6DOGIWCme20wDo/Me+im29sDyCmcws+OscbkqmlXO2sqOBmwPbF0qzNXkIeeg/zqvSIR47/Pm97oMecu4o9YY6hei4+0I2bpe+CEs2vYaU6+hXB8M6mGauNrLH/0LB0J1dmwNzHlXnHPj/OhmG9MDUp0muasHKdoTRPFuFoW/vtqNTpEV43Be3tJu0ky9+8XuVGOA22lGCiv4ZLvldzrfg0xthq4iVa7+wr1enllzeNFvSM+oQ==
|
||||
NEXTCLOUD_PASSWORD: AgCc8eCMeOs5UR7jCf30qivGD4Bd6SXewfRKmME6WBYMACiYctORNgt+Smwm3oFSGS6Rjtc3gfNmU87gvVamCcrzxIdOH8pT/I7uJBkhRz+dWNAevW4WsZmBqDh5oYkNWa42wSTZQQRsfR2fYUQaQB+EAf8eo08fGY/thWuDpH+QBvqn1ODCXJiRl2SUpax47/jxTkRCIrpWQkndjlAmTHwONaWKFHVYayY4HkkRq2Wdtq13u0Iq4Zo1AMYaX3p+3s1Uthlk6jDJuAkifZUqTn6vyvI6nT6lFN10ilf3SDxWbQmyZn39vwYCzOUWG3niCYogJRWO0vRd6GnTu7ndzmiumMz1Cp/4qyUiWN9jass4+rgwCi33Qz5zP1+YDKWmuDs1uRf6m+ub9nG/TvcT/b5U8luv3RIoaMc8yRt8IC2bHZzSmDVZSG/wLh2YPaRfzmx4YxjXTsvliONbPpZavnIm0gHrQnwvEla+1xba/CtpVjQa3F6h2tCFJuc7AgP7fGYt1PLuim5y4GfNfmZV3ZljMPUqJ/YjgXJ+Z1A+XRLKRWBcNzy9k0D31Z9m4R80D2uT/1rtHR43RNnuugRJND6ejs66rM2rdBdXLnrLra2XpByh9TShrCQS5ir+Hnl4mnVmEqIDQ19mANJtYNtmEBTo3xiyEQCPiq/xaSjDm8U6QeqkhbfXvFm59RxdVPQA1iHQBknS+cqyF6qGaw==
|
||||
PIHOLE_API_KEY: AgAkXqWweu5cFLjJAusl6l85l+TsYRZRKf+mUbV3Lo6gtN4n07zJrOzFYH4u2GYkgPftfOaRZ/CpUOEJflkakXoTwru1L4THk0irP6yNqGvBNJF1b53+zH1hO1tAUM0B101fCmnJ3yZ50onExfwHL/mDAqyl0LlWaZ+9M/S4Kr3lqePhwdBRUv9UXaVBe5BtF4nLwnux/Ya6+lgJ9SvyD4ZQF6ueDYT2woUz4cJa1wqOVZVueS/wYobma6I5wrY3oQVT/feFCDsd8vf7uOcJDjwn/GobBeEhpc3yyti3vW+y9B+tmfvGGk2voAtxVDiN6ysHQQfO5pfqb1q92BREIZ18+jPdQQGXJ7BCvS3TIYhfMcW0EvZb5GgOyp26DZyVHIt+HZHKz2FTISli/EtHsXKUaxUQIEs5VouIDjX3gGRWWaHfMu/2neWJmlZcrRAZsOEHF0C4VXTzq7NsaTgCL6Qbp9QIlDaXMLvroGT/HHGfIcLY5kL0xneHsQyZrp/PqbUkEGCNdYopAuwmSdSbZoTMv6yJNUZFa9OYXqLzees4L6c+3POuKdpdBI3cMMllEmWMQGYgSa6Dw5hIpAUsKP5methfAsr7ASah2vQu6GYFcc5cI9dM4jt8ZAkLKPIummC1REuwdD/JAa+7XQRVqae/D/j8dcftwpuHMez5iKsahdKVInaCgG+bMt6PsnPu0+fGAl6yGbJ+39zl
|
||||
PIHOLE_PASSWORD: AgAcUZTYElvizIHDgtvMTkS2XSHRrYYAzq29uwa3lyigqOyvvsw6F2WEySm6j0Oowv2Wb3uvm0ZLCydRy/Zk8Ba0B/pvTTnZs1n6mdN6KSC9WYW1vXxy2dtSFCQvEnEmnJN+BrsCfNCEJyQKreoJr8GdowJc367f8eghH02sJrJIai9SFU/h/4hn1ALqozLOBDxtM5PPG6AqTFh4InYcO0iaLiMuic0c7kEA7AALV96/OtkNfi0wr1JOfLpicm8yKwSOo0isEyHyF9rLohUgH261LAcS99XYdefYas4w1C6ex60xcP7lxJVGggoO8YRZY6pYtOjfa2zpWJh9JHl5Mo906B7GbTtqBvn7quoElxKN+Gjsv2gdzR6I1MWlzwW0MXuUGwrhX0I8NITOP6twRQgqKsf8ncXUvNPwpKDQ63g+abb8eboebEdq2titFVLIrPGey1y6SVbH15jnsL1eCaNdMvbAL4/e1wOoSDVgAuUREHo6NKG+U9T+GQ1VJor1n88gcpWddHq/Kok+SiNLW2d1dXTg5CSr5I2p35J/ShojFm6tBwjqtwLUgPlPrxDlm9EAW0N3nk0ATUXObx8xoqU+zJM2Utf2RXAN5BUkXdvNrGDREja/IXLaHZKilqg5qRs/HVxJwTDOOcWqCnJNXvcl/RJchN5AHEnz/8PoFtsZfcOEaVtmHwm4gAH5FKEZIErnuWKZIEWt1O6sTA==
|
||||
PROWLARR_API_KEY: AgBlA/pCQWKVAw925RVAhSILv/aWfexF0GvmsQrRGD+vFkpW2W9aZG7p1fV+5hJkzyJaTBva6xO5Jd+2lksZo8/CpGyTioZQAo+mZKAanJVKKo/TJO4R729GyfZND4T5P55Kqj+CoLn/0RFE/HIQNa0YefzsW1IWXQv1AS5vFXwqLigZBaOBS8twQOk80bMHtb0K+EP2hSa1GZG++MGIV3QIy1xJ087cizf/wSrNg1ohafhRHZfA97+vfbm2HdJ98Y4sInwf1bF53cFNpHkhW3MYFLU8Oaw+tTKmmtTT0zDmFcIdnkNp6Fm2evISbmNyeDut+2J98hqRuPEkUCfV6Rv8lrm2DXkLfzmedmRMPnJLpYNJiJXiAs63JTd4kjfLwCmGPo6PH8ECRlOWsrkBxuQ48eoBq9E61p42hpLdtZynW0Z6cZLAQTx2obEnbBtOoJ2rhKkizbbijRLKWa9cMXtzqyoAOk0aE1VtTw5BfjIzBA2XWe4/FALLEHOkzJWW+TFEOLkHjMCM6E0mkRcVkUyOB9V8vG7Rj6qzkazp7lKl9CgxTs1mZpdhrTnfFy1axwifB0NZcm+fjjKTTqs+zmr6nCcZG++mTgkrh5jK+aiV4ItrKbGbPTHYtsdvuzVWYeNCfqlxa7ZsaLmfAMXiC6qPNvosSef3IHIyrKE8raqrHNEM5vZ4hhYRKmlJCVnAoAl4W49lzUbpGvMn5i1WRcFoMtzE8g6oELhBBTxTk+Y8Ag==
|
||||
PROXMOX_BACKUP_SERVER_PASSWORD: AgBHdIz2VxogpHvgYujwMmt3tWF90GcbCp0czkgHHESsd2m7bJGPZfY0yA+hmQ1t+iAorjGwOKUfZQFSfI20nktTHFTRhknIpu52259KrjroDftDbE75AlFSqZ1Nc2+6yUkZe1N4+SJT56JBumV9p0qEggxImKuP0hdTPFdcPYYQcE/vKJAYh4ysIcXrcUGA+RTrd10hQd96F1/wxc7ljbY0m7pg/LDSO6lcUf0lVrNRg0MgDt5WIZXM2HsSlSSbH81dDOOXMjmcylQSZkB2Tbe11KSEj/NcovhW0AFQS2D8J40s/dJ9ez4F0YSiz1UB5AQZhneBoSLwUhFE+5smyliGMeyYTai4N5l02A69/JdQa5qf3wJ+MDAPsCbw/sqsP8wz3+mG5aznCjJcwZomaGuUi3O1y/UKl+4hNbiWlcxXLAHKcTpyX/EHWYH9mucbsz9PqO9BniEF5d78D3gTZyGMLeeWjFgshx7eFsw0UV++PTneF0TMacwJA0bp3lm2VrW5Ae5aSdEL6/RUZmny0wkkVPy8YUYpjsfm8nPbxTG6RqOZie8q05lEGKPxWWTO5b5OrQ2sepUSvIxBS+TsLLEKqqiBtRa4TYXBh+ChwTetHLK5cDbpS5XJbnfunovPtfgBRjikbuf0Ez3d9Rhz8BOToEzHTSW+gsGbUJcnCD/NESCOYEZqpcFNGDFL3vDSQgFr0Fnyd3SFZC4uIm4dzRI5urrlTBkQPBhgOaACjVJEjUYvCIE=
|
||||
PROXMOX_PASSWORD: AgACQWEwrEjBcb6Y4GGrvGKgmKf2V6OhAh+WblEBBPilDa2lITukc7kKLIMF0jYmVCILV8reZ/ByBTTD+7mNuGlZZ7sogyyQlo4LI94pM/fdZCGk3RIwNglQtDfN2+/tF7F6JruBOq5Pf/9u0ZRk20XBQsqZIlWmD7Y8Ul3Cz2OYHpP6KJCNJrzjYEo1f7fkYqg+Rz0z+UVULisUlqbFbEfXXP5N0Z+lSs5vGcFC4MSamQngDX1BKlXbpKsaqNahnffgS/tgQWpQ7xPvdyQR2w3fnEKngQVPk9RKcQaLqxwmndTqy7HGsqII6wcn40cFMrE09+bCZmdZQTaSgiUZcTFLTEsnC0exWVtHiCbSaM+oHM77Q7efcvWY1CEdeI8k7jOOGfmJGZhkc+eqLMvqKYX16dw4A2ffhNn3Fj1+Mu+J/GNsytk7rTFgxdPNqx+QQZsziYdlhDoOTMO9LgEa7l/cLxRrK2hz/2inyKyLTFIkhZJrDniebNM0QHGkSCPHyhDStcQ2zGIy6JOIQsGkMXmrqnZebaYDk4hAmXQS8iJQTb+oFGFXWCO6Fd/VfOBzcN0Fiss/BQLuMH8MYisIl3+oHFALQ1Ovvhzc13U7bqgMBN+6oqg1w0VsM5kqJ54zy2A1RQg77itLBOwfgz2ftpbcySCn4ZeDNgu8KeT/TeY0JoujmM4i83hq0XLiO2GAJgKrHiuIYomg5staK109DzSLeHI0n4MAqZGuNp6hOv4JgyKhMI4=
|
||||
QBITTORRENT_PASSWORD: AgAdMAxiSrxWpdmrD6FrZXceFVqhqk1UqL3kruE7aEjmHVmpNqv6BM4u8CdxUIZS99U/Z0CtfAGZ9IEoKH5Ldq+kbtwHNXLxNqYLIkwk7aKJhISRwFAMpg6+FGbTIvoBJgC1xwTZhYC2L9HtwZPj2PN98uMlHpm48yv/qw7awE5o35MmUKyd8EwCi0iT8WaxpGguXyg0ITNSW9D1NZ5OZqVNeL7FJ0GuLWOrHImiZtNAbZuB6B0+3UeQiFE31FbchB7JzCIJu7NZ0+yqxfCBX/4cTR+gZZ6eyaUHIfve5PT2mKjQ2WTAEVbGaEjhE1V5B+bkAJUULtFbcsQUatQm/cj8pyDNT1nCleKRBUFOnB078jguhOLB7FzE1+e2xl2vbCSERS272OegGzf6/FPqXrOcELMKlSNCQlPwWZ94MomGbUKsjmPrFGrqP5aXfY2zCXrv2KSpcHDtUndeyE9OCIucx7dMFrIPpEi22J+oJY87quZqrpyjMypDfxcAJbAgQFBlHBgJZ/ACszqfoAr56x1xXZIM0QVK6Up7irt9rt1RBAkNlSywsqHEWcDgnx+tH0qz8y5NdACjK8xY5iWSGgifkq4kiecQdf4BRhiBLbe4FydQv/AZu1dNMJbGU2hnPESUIntTHqJQ0mM8d0aMNkOdSH9qc0NAJDFsC3oEjnuRXEOSwXSyzEqDBTVuLESyf2iabmPzyMqdbv7i
|
||||
RADARR_API_KEY: AgA5tKo/V/uCwIpSKNSBrtgJst9n8JXYrlqWD0HgJM5ccUdvUdgwf+Mun+rQDNMDrPz/uIxkjNkUIoplatpQh0s4WlwaEkosf57gmq0TIiId6+x/Z9S4bDfrjqaaFJTDZRaiZWxMgOkSNzKdFh5itSdw0Vjh6ojB/fElB0zYENZAXI8uKIPeebdCYtPgVG+ap7tLlj2Y28zinJc6lHO73g+qgHeEx22N6rr5coY8OIB58KuZ6mcSUvEsPLItkvQ9vDxbv28uv+c9ktfwSDbK7+lbVHQdqfkk8QT1GQCS2Xlf9CXndxzhqQ6ME5W1PWs7znC2K+b7rJ1UInlUpXkzsP1nDsrrPeC14dQ80kR3+Yz/AbLvKBV9eK4FRMp5fLK9C2s5Gy5tcWJLoFA7N8tR2oAIkZCIEaJ34YQeGGP631UyIa1IUuN8ZotvZo3nUXKF0SJhc7SAvqxNYLKfw3Xk1fa/T1Mr4wWIbtfrO3NvoPkt5gHGfTi5ECjPsd72XV185323nOvVBmiYpQCA7RCEOm7cXR/EEcxX7nKHdsZIOULJElc3dYflsd61uKZdwIRXa8ACNLSuRAQRtxUVQ+t5UlWxmxYB5wjRwjSSJ5HXOqNrcr9Go/zh2XFY6XaWoCF97t9xCa+P3SSokfTFhfLutYmSPwZ5VyZTXyH+/bjd8stxeBeneWso7yK2cDdOLSX29/Ke2U1+k1qw4i0wTEC3XHvH3sy1TwE7LDdjjYiHNNeuxA==
|
||||
SABNZBD_API_KEY: AgC5/8HHS6IYQfRI+H0pkkV1+JHeZvgVYYJ6RHU8sgquXDliGSGVa36UwgdmPFeoO4vpCDvvNPvv452rkwxrLwn7Tc2TC2k8zxDkzHlHsKl3T/9CqQ5gD/XKiA2sKETTGD5wVTAk9D7WpMQXZ+P0KDSW+j0s4hz1IOZGNHLn4TuzkV3HzQ+2madOOkfJ11OYoT9xp8HkKJdYy1OkCRB/izbWpwGGl8ul35CNOhHg/nNYLSm8d6YLzYMw7ix9ds1nsUQysco2Lf2cwlMDPvv2HNT16cPUm8+Pr5/FMYuIgMfoTE1ZG1bxRxW92GQqOWzpY91/UxGEaOSkvxoY8rn2KqshVG50l1/GDRTXM4kUaH6sfI2DszfAc0ZPQpV3RnMMRNesbKpebbTljYjut6V08spskHvbcN6cG2KoVBbwaW7xdEiWJtwc/wBLu5lEBCHSgzrgDI8F/EP108a8aCNVzjsl2G+uJsVFj0YcRImTICLDCMC4zW/QBVU5LRtnwWBM8z4IPvKc5c5P+ci1/PVF5qM3WY5Lh1giZsL61kvCfRgJLK2aotlt7VF5fCmi0xj5fpwnSF0A8SdLOrflpJwn+1e69Q8EP/ErEyuyV6o7Bd98j505JYkNTDZigFccZ5k4i2olaTJBSSJsPu0ds92b56bl2/dgwzw2RimrSuztWGysNaC5t8fu3ntpKj2GmqPY4c24boAeuhSoKIhqfa03musDQFhRTmEmT+SIgNZLOKbGaQ==
|
||||
SONARR_API_KEY: AgCIs/MR1p1HjdA1zc9vtDViYqhpLR2V5npw7qd9ueylmh2mdvyNGP9Oh0/v5ZDXiilfar/rUgUed5AwDVx1Z7KG5GpYnkQwchK2/X0kMxCnZPLfmVb7PMHyQq9Bl2O0n/TVoBpyUsbMg5L6Hz5OhrcgtQysE3QCcWwcXeUsrFNf48FEnPXh4jhPqaKmxyyoCwdhRg9XzuZXrMa/66jBQ0aLcPsQgewOXK+UuAtoo7iVxxkaRsebnBo+KX3vMZzzxpeORaDvPAK/QSC1XWynaxAWFbxrDNjL4kFahSwh1bbBaEQ86fu58BMRjJBbLQsnrsqhETZMVpCDX9I6tPMCWzLcsyozmKv/S/lVDb3wIX3D1x6bXYBQr7XcFpVDlMldNIM6hA0Fai2xeou7A8F6orxnhNFkn7l7lhCD3dixuyhyrrM1MhYrQBtSGvRaHHr3c56CzgPR8ZMVLjl6dRObS+A42k/2rqjPeuxre6+vjgzy73PLVfpTxZrH1vJp0eO8tfKfpR3s7jLXxVBmaraI3VmnQgtTuwK19WtbCZBMuDY4faB//291JctfYcG0Ai+uTuMCHWsnXaHRMcVVU2OiQuiweRXkkPAs0Cfkrzr3pG0qNUL8KsCqwO54IM59vf/riFAE2e2w0hzbj80yXLwcqQxU27VtAIJuG/WzO3UOn9uwEk61nkmwEhPue377CA/n6OMf2lFyykTEGOwKS2dzpxFXUDnEhpDqNIx/thg0MEoO7Q==
|
||||
ALLOWED_HOSTS: AgAUKCAFKds1pbbKlF45HLQC238Ueg2kaS83tp23uE7MCUrzFDMF8OrRwVg79cLFcQlKVMNj4FYHqMpkRHfueOAN9shIXMPfEK+IzQvzl4r0cMopuuBRumq2/ObGOLudeK3JWQm5CygmRFGi3auJS8EBD+a3xGPJPlgb6b7J7SrMka0DjIUZxLAknSVLP6fI05ZUQjnP4M0Rv1FaO63VrXOhQ+1boReiuc0mSFA0HR1M+Jv3NscUhxx9KwWdJL3igH+84PUC6JfvFyrY5E+V+HVCf//W4yIT+tTiWIQ03ySCA3+Fpdsm+RqvUC3Hqpf/CC/HpTx8pSLeVYFT3Bak5OgQNen4HBANwBuns8CJLMKKLe7OQfluzc81EnGjcBOYJRjZTXIyrkvLBsRdNodK/ho+YeO65f1ZOZVVL1XsCa2R/YemvPiRYhjyIiCNNi+HSzDUwc8hSuO8JHIO6NK+pswQgL0IqbGudl7JOJzcbEfpFwV4NUZLbO/McWpr5h/L0ZHmjf8weD52YKkoppjLbr9SXPRqGsHQkURoVQcGEerd/+IWWeV/6dT7Do6GRZGUWBuiCuxnXFgVnkUx3FnDSZ9Pd5nj5oGKrhzs3F89aeD50FkVEoXhW9FTXh+WPwfzyRfj6UyhthUE/sjs93aghjXqKrdEcNE3aUEQee2FTEQ0HC7XpEXmYnjqoD15kD/+azBaCeyddbVpfZJ9eovy+ribwWg=
|
||||
BAZARR_API_KEY: AgDFkohbhrDZ2yYGHRCmu29+jqwxjp+KVIivRMiCMoFGglFA6HZYvGuwpNtYH8uFCmRmOx9ew8/xzhGLfsjye7Flnrt8FZ9l9MvgVVkSa4YaQBlM9mFx+esM4Q0B4LUoswKD4+jdvqAlEB427TZLYUgeZ4EMNJnhIfT+HtlRTIZdSA9i8GzFu0W1FyLf/KyF9IUtn+6sUAuHBpj0aqiYxyhkW6jXFIQ8suG8PpQPWsXKBotdGu3tei0dCsCs76phqDFONEWlhhpLdPGEFtkfF+HXaf4mZnOUhqguKVMPsmjEfUWOm7KWUqF/ya80k2eSXu/GT5FtofISNAsyth5iU5F/f4QdJaQb1T0ZMOzVvBURD4ddCEAWI1v+Ea+P/dvOEULpi2QN6VSLSkUagXgKJV5CKEDKHJayw3lY2t/8wCO3qvuNgl8029asuAML6MYSnI5c3aKcDbIRyEgu2j1yJdWlS4RI/2u+Ga0pWr5sC6E9ehufUI8hdcMe5dxlTfySp/rgZ9wV7c42MgyDsIKsUef/8fN2WlqVMbiocS8eUYxVrjTgUhoaDYgaGIl+ex48Tz14OH9wCNtUfL39p6sxKl1XW5slUz0mdtnQoOajdSwGRfVCVeACiKs/jTnsAM4DEy0Uuz/q0l7SH53gN/8oQNAqEgJbVwofsC3Ka5EnjZEv54zcLQuya2VojsR6IdwRK6ju2oTa7kvQZiL6GrF9yz0UDLYo7iEJsk9Bw2J5fAGxQw==
|
||||
DOMAIN: AgAKkN95LerXHe/p1CS3O/foK+ouRxBVwgOpinqC5Rk5shz2CQ8YYR0AsTeh2mN2zHYB5jyrAdCTxsSGbe/ZbwdwWm9MiDKHwYZKiHI8UazXfIKm4sFLlDtyi57ChdkQLzHALvnAILygMzSGz8uZjJDan88ByeFW2rTqYYQnylbHJi0TTIeOAGoYWbxD6FdQQbG07DYLLb/1gSDtDoAV/omD2xIOttii8m54ZzTzJpThCZWVige4Bjdl+h+BRCkZJ6AwMRrXZ7hyb/0Qzo0LDYog+TYVKaX8jDnIsszudGlOikVtdVhhu1OeLYB+ma7+zYRC0tq87LryFvSc7lR7gMh2QwHnkNmqsWK0MuXvg+F04i+xJFcj8wpEUKH4DvcApGRG7AbYi9CCk29O+jZzvbaEVvO571cIaJd1SP/CtBjiuArVU826IW3wNxu9Wz0bOtZEkcMMqdst41Q2d5ESm0LDFlrrHZZG5Bc/2NCCAVMjiOgsRRaGLvLWUwaDoZO2rrmx7q5d6plmTplmNS2AP/TVITdpG4MIKe+VtZ842uF3tXbeQt7y624c9db+R8wSun5QPZ1nS7c9m9SRi+dIe9liTnaeNRw/HQDawwwxeHpYWEfMKjRYon7JicBV0EL5/HAXlrhOEKSGgGLT8U3zeLT8uvIcBpU8AcMWJZoGOSi/XTgsI5jy7H0JO6B6OBd4nGlW5N0Mrg1B9RH1Dp0X
|
||||
GITEA_API_KEY: AgBDJSM/3KOBDpL2u3aBUWP4Dczx0X669QmNb7bMDft7UY4P07MDIZGgLe19Gu39nsFvp0La9SGv7xPz42jSwM4dB4vEifnD98b86fD2GdVMTUwfScH2E6KatNuI4f713kLFryYqBGxcFQ1ka/2MmXUHaEwo//MhL+pcVzaK/WDej6coGb11Cp51W8R2OOxSHr1wToErtfOEn/0ucVop01QrMbEmj3dnuGGAXPZthmZ00vTzuUfNFJQqKEboNE0kt0EsqiAdHCTdYyRVFOEMMjSgxYecfnn/nJ3feXRimVdspzRAm9pOclbASrq3KUOmdyRyABAfHW2HZq3tt8O2nAE2ZkQ7o3+g0uZkgclq6Duhnehn0cvcUzfDkVKuzz6SAMVo550VsvtFVbmyu3RgzLJXZDA1UYooV7f1PzEL8ejO6Y7FTfr6b+0sGzLGiwBDpjJsmVFSdMvVnJ38bvwmyOQxp1CFsmNxY5zlQk6vjQv6A0M/hZ8K7/E/9oVw9asfDeO9Tiy43IQiyn7egTty6loOSXrNwb3shcndctLyYNAt0wtmyfWUmoQnbpd6ME73VSf+KIpgp4ypiKMY/Ec6bUPYxCl0GM126pg8UPVPvBcB0JEL6+8x6fsB9z+kqfIohT6gzekdPN2FArDWBfoBg0Tro2uKAqEcpXROGfjSDe+NMWxGeTPCto5bBCs2z5VM6IiDLe6QItfy2BOsAqIaYxgrhvHdQK36Y/KvhxTpqLtyeHVe7RhVwIvF
|
||||
IMMICH_API_KEY: AgB302QdlUawaxR6aVH5HhOlHWRIHtievkVaeFecOWwH0+N2hUvSFt0N7IQQD4G+cZFjoIgStHuAuaFFvYmDI8iw5523ui94nXFKXJ04Dz+/4IIwl/rzqEWBVLI/GP/XWsknh9hnZtaPTCSp8IpXji6+k4ZU8vPBQFVr9IgdXO/Raz7yzGTEwP1rNu3mkizVn6RWuy4LwLrPxq4tdJ2mVN0zqfaSpQZTPBs0AbMvtN7EBfNTnnxqHFMn+Zqt/EfUHkhMwHd9bAop+XMDyc7eoFgwCtGZATV7Z1NmQX5+HKGIfIONf7HVvygCWqhKRTn7fShQj5W9/kAkKm98WfyPrCerF21fid9sCYJ4u6p4Jhzi/sqKV5YPhNTBD4d8p7dRvo3f9U/aPj/y8IpIrsXDhdquXOypN69YNKv98R7bqdcuZ7BMd/B447byR2MCe3F40SsQwmUr7jHAql75q1F4CMjcUMIUGwN4pxLTdOTmHKSdHaN9VnmDK4rmfawph1iE8Spx7NS8fxQ5oLUPat+VTENHv7agVNvrowcxZIAtT1t7EMe5i5Gqr8pzddg0HiH4DfmbKtioUxfrGDr7rVpHHgirm2S/KFGEJD78hc17QYUQIYtXYL6DB6PZ3cZ6nDq9R5Y1QuTP/cieYfLVtPsmBq85WscFWzzB7cc3mKvmd6gHrNZ0ldxpQZhsfEQohRAjEF3GQKhglbeY8FIIBOAOaDoch/qCr7dmDJ6ARz81x5wBwAajmScHHD5bdTg=
|
||||
JELLYFIN_API_KEY: AgC2gPgvLMIxZkyvGJvLXqFOTDOiz3PZyt2JVAlQaqZpDJf7gsZ0vQ5u4CeFqgB5xLYYOuds7ShaRhqopFC7PO/YOVRRthU84AGYBBer51y3Ind7SwHzJVfjqcexkuqh/an4wqWvsgl2ESu5kisii5FIgMEdAXrnq77/E3Qnlv5Fw6HSl+MGAX5rw0sGzAhpRMCCDJFoYBcECXIhCKnZKfTxE1TQne+NPmj/oymvQGCY3eKnv0LbjdbFzRHWWmfK4QbiC2L8fnrZ3Iuumhorjb2u/aa++21JwL9UfvAhaioZn/KAbVTgWphQMARpOZBw9kfvU+GLW3I+Jkzt39KYFhgT4euce0LwgLwdnYjw81o+CsS8U5IaVRAuLNCwlcYkWLmg/R9JcwyjznbNt+mYP1iUPhpiLD7n/iV7JtLI0GvqSZHohBa9Pu5gNQ/+NN4XG3ujaDRvjVSdfb/ZTxnxWFgpbEjkLDs6aLnjRkGa1aMOczli5GRJPJ65N4oBT2kTSz14Z9LqF3eeiEb0HMZcvbIe/WGguPWM/5y3jcCH82JDUJNBeEOtgm4UT8zWnrFRce8p1CKy/CPeAjTkoVyQJ8hRRv6SsKUNd2Vqs4FP/PrvfdmQxNZcUEithuZ2afrXEshg01KORBm0g8eWoSXTrKUFL0mdsoHGLrzB6U56FJN1+L9FE6w//qbuxkP703NmWeSiHLWfk0hLrEt7ntczt/ZCOopu4FX/FKKnhyN7Usp9oA==
|
||||
JELLYSEERR_API_KEY: AgAt/JMmEK2igQQmQYF3/eCmoRTh58GUmA7F7jfkzmjyswSljX2kyRSC6SouxNQ+NxtqoQ3toJnuc2twN4g1uWZabRZf9nNxlFYswItex7hWQela5YMGXzvkhk+peStfn3chrWqrvUuFDswK907tf9T5jf0xA4ZIglDocckLH58zqFYSPin+i7Dl3xN9R1Y7fpFDMKjFlnZ/6NvWBLd7kOBJtEfxxFiBIPpBc0X8ygQWv5v31DTVjaXOxglAtS2rtf4DUZYadjAGFCZ6M1NIUHg2Uwga/C/uDAMBjN/umnsrDDjS9Zug/n9D5WKpLzAwiLs3JbXVvfbpbJKUJEI2GpPh4msokFR+NmXwT2HhA4pFpzoOQxS2SFT6Jx2AQs8fVNGazEP+PrOXw+L8MM0Z3NDP5gqFwasgu6kopCK+2hOObZq9GBEXcb2OJmg/xVWHL+IAJTf5afVAIEuu6k//I/W8VVn2VlfTnwDLPrxbr3ILHILaMZbuZR9nY8zQ1TL+4vvji9RLQ3E3fTSeqvhu8+dvCRg2oG8nPSLD5BRrmiV8jHh3fT410RKzXmWJTgN9mNADSePsOH760KsfB25U+4xUBvqYuab08/NvYkrSrn87SpZ2rS3IebKSyLjyK6rqhzHLzR9iNBlC/YCdyYxVBN7WHPevZBCxEr9uPSxt557n8JY8qpDTPncr7y5yeNnPs9gHCLbgoaFL9TKAHux40sdQRA6LwhD5MraKwxrNHqjch8hP8gqiWo5klwYnrA+NMTXhjCh/zn3YG6V6JCEv2HFvkwoJ1A==
|
||||
NEXTCLOUD_PASSWORD: AgC1Qd25JG72huqwQQquQ+J3pzdRwdKA5SmJr2apSCwSp/CDgj3J+du7HdcOv0e72xbf87cKyfG3bKJibYhsLvem4bg3fd6nMd9JghC38gAC+QEQ+eXb1sFcAuMk8pfHC0RKuZYhvi1o3TO7KOPID3uAPD3zscM0AczSREzqHSn1nei7jSQ0+fT9ZmmHC+nO1iWJdahlgWNVYCqrd5lO3zJjVpRjDH3nnz7zAyle7lEx6CWJDkLPS6sDaRYw2wepqRcYZ4rbC+91Nh5qr9Fphnf3S38VZDkkfiYLZY6o9Baqz2I8Wj2XCz1oIV7Ui6hkc5zVVDLmQGqZSED9zMV0YznCU7c5HNglYCrWUWiEu+kBetGPeiUQjx444PWoQYxTOgBoBAQD4EM8QeK5O+pjBfhrOrTLO3S2nmf3bSJVp5VA6JE8FfG0zuPQOJU4cbLdZ7HKyLaHsTvrKxz4KI6jo9Ic4bN7jC0pLNWFloSOFTfd4qwl7Sd5TK8Yf9lNFDLJFIErN4j4D9OOh1SMp5jA3/2KJsYu0yOtbNdNOetvoWSot0FCTsA7IdXL0fLLfo9LvAUlsRKehyow+cRg7c/MrRz34WZCMBDiDu4vXJp8L+8kA7yepUfdvrt/VqpblZisqspdJWPkUxfuMWIzT/bu6bd0nkWaxZjM46n9KMgkD9SMDqIdUlZaKQKrXLJWojMMtpaad9GmOREig6T+7A==
|
||||
PIHOLE_PASSWORD: AgAeo1207dqEPIRKom8exZkq3gZfN4//avKzparh7fZ1SrvmzuU/cnPwvhMJrUnjziuq6mssFmMppUHLDqdNL/jkHHBfwyacI5ZWJJ0YL9/oMKhs5ujlsOOlgJcUBm6FZZ2YOX47uuBrF+OPYNzDSyVALJiRAdKGnRNEc1HiQ4LBHjuGqVvEeFmv4XXpyF6D/67lFRm3TSt8gTWtddSBlVDLZxAv/IunTpsgC+q1n7EiYCFTwqbhN09MnT9bVy5UVQ4cGiGIpZyZoJA/+7I1HkRxzOi14ZcEy12qcEhQUdaMkBxjUN8aUjm5tiwl47H+6ChPzakK2IWF1FVJseGTTthXKjXZwIRwy5h4ujEQ9kyPpeUTIz6T9xk9npFU4BmKpdtSdq39NyWtiuO/kJRbd38iNWdjQkcr50Ycc0HYbH2EuzmUJvK92RnsiFDkT+UppI/rAu3Uvl8OFdfnZp59gOEEuIdQmNDhP31KfCWp8A8Wqt/lX4AKwaQdXzv5jTZQMm0hhQttt0QuEnS12/hwJoC4O6Cu3gCAjlAxAUVrTye//8Lf7pd+/ZxxB1gLtWDMy45AXQOQvm/g0t5OLhb/3Ib9uH4im6dPlSo8EqX6UGcDcCbROxNOytZkpgaslsEpSese8q8lgbEE7j8UIkOof+UbsikzPslyLqdtO7GVINWkQw3SpdUlu5dybqlXk0cgQusCZ72BRjut23l3vQ==
|
||||
PROWLARR_API_KEY: AgB6vNTTovXWjFCFxtZinPT2iEcesapI9iHEXVAmvYjzz+14BDNHisskMkToVg4wa1gLrF1bSWjKvYSI6Sb5LWlu8qyjjjvcpzQtFTL4VseXaDtm/hkgz/w0RwDwmkASphgJ4tMEW3noCzENZCldNlAgnAUsy829CDRqgdfyHU9SnXYe/X+LyNql+JkswvK4YoEntk79E3hl4c9wUc6PnRUV3bfs51I8vkUlPkDxwg5xKTl5eWk2ZcrJv9NXaO+C808RKjNlQAdN5Nx3j/PWgrSA40j+YW90WYjds32Gqtxo7Jh1KSevjQaLul2C4zcMcSJU+6XtYRNlKsgdfD8luDm22zW6fGIfS3TZV+TlXF8haJSmKQEle9dm0bCdbff/wAHcyudTesv314UnI4Ff5zGKfHRL6vvzsLa6WQ+W16qx18WzLXuLJV3AduzAXCAKPswcY6r/xGpse6KmTi9g10wf0zJ7v8Fj8QYXIcU594a1As4Cg8aVxCTHiZrKTdiBkV/HvHu+dFUi1J4tWDE93BKCFtDRFtpv67FZyQ1jd2CcI9t7lJGtfJqVoVcPCvEczLu9vNAiGyp6pQt0MEOP053ndHmhjL8kQz35dXQeV5qGT8yVBPXaP4m6ib5OV+zVhQEQuqlnd/hQ1IrD28Gh0yNw7mdwVxUTCUdFZYX6VuKkDm66QxQqyW1vAy2JKewTbjQW2vhlj3EPleIETi5fSVbKrOwioM7qlpAUxDkmr1FXbA==
|
||||
PROXMOX_BACKUP_SERVER_PASSWORD: AgBtWazeVChipqazWVp5IDp3u2KY+4uGCjxjhydZ0thfptGhegppNEfaqqYFT2+F1bHYXDEZFQwuuVHLBRD5ArT89jib/xks92/pBR4SDVf5kfkGiUKAz1n8R8os+YIN3XfQ9nxCoePpmfCVkmJnz3iFYM47shNYc8r39YVBAsMYV7WH2au1xbIwj1sQ4E6azwCo6/Scl9Cb0z/voHlwGxo92KXcryHSQNjDQM4o6NlzniJ0MK0OpFMPy78JB7G/VpS0wQFC7J234Xjc1vqW0gSqjadoThTirVhBGqRGcIY95I4ogb8lNBErcwvBvUx7k11of1978v5R7DcYV8mD0ef40fxVE0UECARnAz7c+zoTvqqAUmjGw/znHbuKECEdLEFUd+ogu6zgH0euik0wmoBwvAwOmTSgvKdKogJQee7swOnYoI7ytQixZv42f9K7HSd7QrRKLZNNMSHkcQ5sSQIT+2KPCj9vpZWT7b0gD6w5HxEFc5FUQW9a4XuNw4TX4HSz1tTKJGhLha+7ulmknsDnmsQl7lrkCG+6B33EMsteoBUro/4AuLwwjgp27hoTG/RmW3hA26UaJkujXpSzurkclKrHfcpUP3RmrFYGYGv+eH2vx3hNkuZgfEslCuOu4H+i3zslNsbwy2x1MtqRQsjNQ+guKJTEVsYcN/QT9tR2PnHpJu1IdH8/ZALHYNYaKHxXAzgPwyioeBFtQz/8pT9E+TMKZjam+3nPoA+2EaWLEA3L3Gc=
|
||||
PROXMOX_PASSWORD: AgDAyutvM9QB3MoZYUrEuqnG7HthwshmDaDA4hV2zyURkzk72u9LjpFwKicvFf4+2lVocDfYebqU9mWEVRjnNBHELaN1xSWXSd4jwOndlIrNMJVGeuhi/ohMIYN0MgRGw0FkvdpN2//akgmLdaP4ugZ3N8QV19qCYAi6QyjMJE8U1ASuJDdkAZddOgqmLwamEk2ss32gTj0cHsw4P7VTtKhBCTctoPZzC6hfuaOI8Gn2k0eRHgh+yLgZzXxzQDUUx2I8n3iEuTq8j0hTxZ0D0BZRnsLVRE7CTlT9eWMud6vHLCbqlTUwA8f54t7eB6eFbADHsBbreDImDyzLW76FYo9OtcVYZ+LEDRplh9LYQjlvStvHDRsG/H4GbkQNZRUkUUwiDbAVvNClxC3kk6WzsX/TvJErDDV+1fKxdEYLowlDR3/w/T1h59zjgOw3ZUU+CUZIqXsOwFNd5/JWxqwdHZaSJe17OxsNUFx9ARyLkFAm8tZvgyfiw5SzMUaPEZrQNcjwDnf960OhUKaeWHory99StqOfnbB5HqROltnlWZDdoxzKwzkdkSYrWv6OhUR5WvwDKW5I3biVMYflwXrFSvH0+q3DMB3hQ8ydx/JTUmjMB5vVntRBjiiofyUGkG5jjL3I2kcAPEJKCEsng3PPhaNzR8KqaAEdPixAArNPmL/KkZetNpUFR1EPppwSfh5BspP0cg5n05V2mv09XOT1J8J9Urt2mJ4fQON++LxfPHQcvNqFans=
|
||||
QBITTORRENT_PASSWORD: AgCCcxImOsReceVf9/euw4xQZXwnJbT1ete2Vmcxbqk3859SMKDWi/KZzGsbsnI8fbljdmxxBIODf4VBOsNs8Jxv5ciQLJmZa6VNAxqNXOFWZ7urVb33dwwQqUyLFJ9UhdAXeWFPbz4vkK6Mr4x+kn6UBYyI20xos3AqDHCbdih4N1foy+aW874xZZ13kH7rxAiF537MkZZPc2VVQMMovphJuKTDXctPzjRHTsGZb3YmUnjbGCRkQGwJqxMr1CincgPyrI9EHFCnj8+xZpWd6CNgFgADNaNTquOtb6W4od6SVGw78/xUd/TNM3KRscH9wnU8nsrJumMslqGPSy2Btu6uFjAfDJo3DC5bh1ZB/kIlMz64r6fI8V5hogl6Iq8C4QBZA0jwyfeHVP9pZmityLDADvwFlnNUd1yfCskp6lfrDd3vobHslLeelIQBsYNDqd05AYwg4tOpvjtIt3jUOYGNo09Rx8DyzJ4fOS9oU6tX8Ut+bB0RKV+k3fKmQx8oYtR8gXxtApILzLRqReRTO0S9PNdCKPR7kA+QBdc78DDhgJECJCEPZMwtAWff6UnEzh48+PYfcf/R6aljw15LpyR2eQk/LYmaLk1Wupuyu/kWhQYakzjWfoEoKs+K8DyKkR8D2ihNlCJx8/hjNZ4QodBBeIQJ1D/Sc7xScpkY1B5bItXDGj6y89GjHH3pfvFcMpmi8eEVEVk7+9xL
|
||||
RADARR_API_KEY: AgCYpnUSNjkjnAE54Z+2TmK4OtiukA5r2BAHUpD6C2d8lrduH1xw/WZ+omnB1qAGG4U/zDw/3PwqyumpTn7Iryq0ZmxVuS+2aaYKeK5LNVpV1I1eGTPrVnjdAZ+t8xdm13Qq/+uqu/yUbn7+yoqD5lfV63LEgqUQNWyZRFdAc2qbg87ETyElNv1NDqT3X06A7byANILETAzktOuWcB/zqPi4hsPpyeFrIESaOiuJMZUi2UIzbKbfoVzpW2ksSspm3Qga855HmnhKEiCQIEuUSMxUaECRwZbKrPjrmTcJGiUV+CQXNz6MKYT284TURtOs3Q9CpRAfLfgIXSDopi33bBl+6IczJYXqCnzQOe0X+2dAomfvC1F2suW5nabgfU2D4wGzjPJFXSys7t9q1wDCNvxvx1gG1euh/Uhb1/xhFstXA4ZKqK1wb/va1wt6ZfAbt2kXhqYv6bAEiU50XebNtxKw4o+DPPfoa58sfBkd3NgODCgHFxbExw1LVBBh5bcJzncHGeK+F2xSpZfERNWrbXdPdeDqRocyOT3N/GGaMWEBZmYYMpoGzlkbB26eYQRUsihXB91OfMSTfDJ+uVgbE7qZde9Oyt87q7Il3FT7F7GektHgcllmeOPTZa4JS2RyhEPU25+0jQlkWKmj6Cd+9qyLJ0+Xxkhs0wmutfWcDIvBKbgeq0ygIdzb+PffCm8mWxR1Nf0fnapX8oQ0q0SDfSUIWuy4o1D8fGvioowlTZmbmQ==
|
||||
SABNZBD_API_KEY: AgAna64TkVRcAbxKt1lgnxVzpUHrdxey0qOIF3H4VEcX4o5fGPOBukuUaU4RPeM20fOaqAlllKIQKISUZbKEioPey5CY663SM5pTys1HhicMQUlfPNhUejzYgewJ85cWsHlsF5MdjNd+rMZnW6JGGbVoDfDnU1wmi5YEr5KzalSyWwxGUH641xhwHN+itG9n4+254RAX3Jq5ijWwyO3zmagDEEv3+MgVdChPmzMh580Ugdi8O3PNE9O6kalXslDcs6QnndNqXJVJfuClREu9QYXQSugSjkcD8hRS26pnIr6RMjZQW7n0aR5wSgfLCT2CIAB9AGzP9Pltn/98kBJgsgFTJpWnQvh9yNbIDMeF1C2MhAxKn1kQg6TPNGBRosI6mxuOXMqUmTAN6oMr5lTuciIOQQdL7s08pmNISZtCT9QT/kiIth/MBei3R2pJGRUDHJ3xFlMZjbXv125zKIoIkSf2bcvPI9HJG5QUbyEh9q5tEwpBHLqg+ftMxlCbBxBednCV4Rtg/nKTs8BP+KZhkBpqsDLJdFRmFRsedSndbpRKIEGvQCqBGdmu9817mZXOU/yjboLLDloWk4Yw142sGEzsq/YlQqmQer4QKdxc8j/gQICSiGFAGdDhnIVy7pnOsAKpIxNHWXb7wjGgU9yp/jTBolyLJ3TxDPDkM1d2ZNmTWHvKWBniTnJr1v44qoPwJ2Gx53iiN8WhDFCfY6TIAtLNVfApKT5vdUbYs/uq6/rnrg==
|
||||
SONARR_API_KEY: AgA4+fLrXQkajYR1t0bSJ7g4C+EfnxmapbTFehIf5tFmqyxtLj5JeixrZ+Gfb5v4x0NGb9q68ahP+6VWhrjRCZsWMNQ71fuySk6069AG4P1JFyaNOCrTmSb+HGh6+L2FEd/IUK5QW8a0j7NiEfmhFuiippEYeLkv4XYtDDXs9z8qNIrJGzRBibVupRTkgvMmvt7z+BnzW7Y/rSr7yNth6n9APXzhhcPMOZCy2tmvGLMmdsfhRI/t9PmAmyfcgYWi4ntDYPZfqNTRsj70fEDn2rK1Ts6TyIX+GBcpQW9qn3WPpoNYfUcTwfsUQRwZOOub63eMt/wM6xVMY0AuSmRBMj8HKh+aXtMgqiu5PtPJlj/Pp4bdtiY380uYjHxh2The6LaWY0Nobr6VRL4lqrfWo9tNajGSBx9uQmHU8oa+l9ISXpuigMQ7HGtoKbZSkE+8AycB3d4Wd22GoEDZQnx4uhbaPpeN53OnsDTV0sTU7pHxdZEGmN52DFcl5aEcoogz8PzRpbZwNqD4vVecCua7wHE4mskuVAHElltD0TN9yCnX+mEcECNgKx+diwginwMgrj2DCAbUPZwOoEh5ITzZiqatOP/yk848sigvLo7S2h1Sc0geJH1O7ddw50pBvLx+4S6eS1DdUe/BIt9B4SkhfxJRMavrkVvsRJbaWfzOiKq39FkqShMgH62QewFl8w13XvujaVGdNqgpLasRJl5pb4ch3GHs2KpNM9fDKjfIkD22lQ==
|
||||
template:
|
||||
metadata:
|
||||
name: homepage-secrets
|
||||
|
||||
@@ -213,18 +213,6 @@ data:
|
||||
password: "${PROXMOX_BACKUP_SERVER_PASSWORD}"
|
||||
datastore: backups
|
||||
fields: ["datastore_usage", "cpu_usage", "memory_usage"]
|
||||
- Pi-hole:
|
||||
href: https://pihole.${DOMAIN}/admin
|
||||
description: network adblocker
|
||||
icon: pi-hole.png
|
||||
namespace: tools
|
||||
podSelector: app=pihole
|
||||
app: pihole
|
||||
widget:
|
||||
type: pihole
|
||||
url: http://192.168.1.212
|
||||
key: "${PIHOLE_API_KEY}"
|
||||
version: 6
|
||||
- Invidious:
|
||||
href: https://invidious.${DOMAIN}
|
||||
description: youtube frontend
|
||||
@@ -282,7 +270,7 @@ data:
|
||||
podSelector: app=searxng
|
||||
app: searxng
|
||||
- Pulse:
|
||||
icon: pulse.png
|
||||
icon: proxmox.png
|
||||
description: Proxmox monitoring
|
||||
href: https://pulse.${DOMAIN}
|
||||
namespace: monitoring
|
||||
|
||||
@@ -41,7 +41,7 @@ spec:
|
||||
subPath: services.yaml
|
||||
containers:
|
||||
- name: homepage
|
||||
image: "ghcr.io/gethomepage/homepage:v1.8.0"
|
||||
image: "ghcr.io/gethomepage/homepage:v1.7.0"
|
||||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: HOMEPAGE_ALLOWED_HOSTS
|
||||
|
||||
@@ -1,46 +0,0 @@
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: jellystat-db
|
||||
namespace: monitoring
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: jellystat-db
|
||||
serviceName: jellystat-db
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: jellystat-db
|
||||
spec:
|
||||
containers:
|
||||
- name: jellystat-db
|
||||
image: postgres:18-alpine
|
||||
ports:
|
||||
- containerPort: 5432
|
||||
env:
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: jellystat-secret
|
||||
key: password
|
||||
- name: POSTGRES_DB
|
||||
value: "jfstat"
|
||||
- name: POSTGRES_USER
|
||||
value: "postgres"
|
||||
- name: PGDATA
|
||||
value: /mnt/postgres/data
|
||||
volumeMounts:
|
||||
- name: postgres-data
|
||||
mountPath: /mnt/postgres
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: postgres-data
|
||||
spec:
|
||||
accessModes: ["ReadWriteOnce"]
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
storageClassName: longhorn
|
||||
@@ -1,3 +1,18 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: jellystat-longhorn
|
||||
namespace: monitoring
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
volumeMode: Filesystem
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
storageClassName: longhorn
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
|
||||
@@ -15,17 +15,3 @@ spec:
|
||||
- port: 3001
|
||||
targetPort: 3000
|
||||
protocol: TCP
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: jellystat-db
|
||||
namespace: monitoring
|
||||
spec:
|
||||
selector:
|
||||
app: jellystat-db
|
||||
ports:
|
||||
- port: 5432
|
||||
targetPort: 5432
|
||||
clusterIP: None
|
||||
|
||||
@@ -16,40 +16,56 @@ spec:
|
||||
labels:
|
||||
app: jellystat
|
||||
spec:
|
||||
containers:
|
||||
- name: jellystat
|
||||
image: cyfershepard/jellystat:1.1.7
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- bash
|
||||
- -c
|
||||
- |
|
||||
(echo >/dev/tcp/jellystat-db.monitoring.svc.cluster.local/5432)
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
failureThreshold: 3
|
||||
initContainers:
|
||||
- name: jellystat-db
|
||||
image: postgres:alpine
|
||||
restartPolicy: Always
|
||||
ports:
|
||||
- containerPort: 5432
|
||||
env:
|
||||
- name: JWT_SECRET
|
||||
- name: POSTGRES_DB
|
||||
value: "jfstat"
|
||||
- name: POSTGRES_USER
|
||||
value: "postgres"
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: jellystat-secret
|
||||
key: jwt
|
||||
key: password
|
||||
- name: PGDATA
|
||||
value: /mnt/postgres/data
|
||||
volumeMounts:
|
||||
- name: postgres-data
|
||||
mountPath: /mnt/postgres
|
||||
containers:
|
||||
- name: jellystat
|
||||
image: cyfershepard/jellystat:1.1.6
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
env:
|
||||
- name: POSTGRES_USER
|
||||
value: "postgres"
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: jellystat-secret
|
||||
key: password
|
||||
- name: POSTGRES_IP
|
||||
value: "jellystat-db.monitoring.svc.cluster.local"
|
||||
value: "localhost"
|
||||
- name: POSTGRES_PORT
|
||||
value: "5432"
|
||||
- name: POSTGRES_USER
|
||||
value: "postgres"
|
||||
- name: JWT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: jellystat-secret
|
||||
key: jwt
|
||||
volumeMounts:
|
||||
- name: backups
|
||||
mountPath: /app/backend/backup-data
|
||||
volumes:
|
||||
- name: postgres-data
|
||||
persistentVolumeClaim:
|
||||
claimName: jellystat-longhorn
|
||||
- name: backups
|
||||
persistentVolumeClaim:
|
||||
claimName: jellystat-backups-longhorn
|
||||
|
||||
@@ -17,7 +17,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: pulse
|
||||
image: rcourtman/pulse:5.0.10
|
||||
image: rcourtman/pulse:4.36.0
|
||||
volumeMounts:
|
||||
- name: pulse-data
|
||||
mountPath: /data
|
||||
|
||||
@@ -18,7 +18,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: speedtest
|
||||
image: lscr.io/linuxserver/speedtest-tracker:1.13.4
|
||||
image: lscr.io/linuxserver/speedtest-tracker:1.10.3
|
||||
ports:
|
||||
- containerPort: 80
|
||||
env:
|
||||
|
||||
@@ -264,7 +264,7 @@ spec:
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: default-controller-env
|
||||
image: rancher/system-upgrade-controller:v0.18.0
|
||||
image: rancher/system-upgrade-controller:v0.16.3
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: system-upgrade-controller
|
||||
securityContext:
|
||||
@@ -1,42 +0,0 @@
|
||||
# Server plan
|
||||
apiVersion: upgrade.cattle.io/v1
|
||||
kind: Plan
|
||||
metadata:
|
||||
name: server-plan
|
||||
namespace: system-upgrade
|
||||
spec:
|
||||
concurrency: 1
|
||||
cordon: true
|
||||
nodeSelector:
|
||||
matchExpressions:
|
||||
- key: node-role.kubernetes.io/control-plane
|
||||
operator: In
|
||||
values:
|
||||
- "true"
|
||||
serviceAccountName: system-upgrade
|
||||
upgrade:
|
||||
image: rancher/k3s-upgrade
|
||||
channel: https://update.k3s.io/v1-release/channels/v1.33
|
||||
---
|
||||
# Agent plan
|
||||
apiVersion: upgrade.cattle.io/v1
|
||||
kind: Plan
|
||||
metadata:
|
||||
name: agent-plan
|
||||
namespace: system-upgrade
|
||||
spec:
|
||||
concurrency: 1
|
||||
cordon: true
|
||||
nodeSelector:
|
||||
matchExpressions:
|
||||
- key: node-role.kubernetes.io/control-plane
|
||||
operator: DoesNotExist
|
||||
prepare:
|
||||
args:
|
||||
- prepare
|
||||
- server-plan
|
||||
image: rancher/k3s-upgrade
|
||||
serviceAccountName: system-upgrade
|
||||
upgrade:
|
||||
image: rancher/k3s-upgrade
|
||||
channel: https://update.k3s.io/v1-release/channels/v1.33
|
||||
@@ -18,7 +18,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: code-server
|
||||
image: lscr.io/linuxserver/code-server:4.107.0
|
||||
image: lscr.io/linuxserver/code-server:4.106.3
|
||||
ports:
|
||||
- containerPort: 8443
|
||||
env:
|
||||
|
||||
@@ -17,7 +17,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: collabora
|
||||
image: collabora/code:25.04.8.1.1
|
||||
image: collabora/code:25.04.7.3.1
|
||||
ports:
|
||||
- containerPort: 9980
|
||||
env:
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: nextcloud-db
|
||||
namespace: tools
|
||||
@@ -8,8 +8,6 @@ spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: nextcloud-db
|
||||
serviceName: nextcloud-db
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
@@ -38,14 +36,9 @@ spec:
|
||||
- name: MARIADB_AUTO_UPGRADE
|
||||
value: "1"
|
||||
volumeMounts:
|
||||
- name: nextcloud-db
|
||||
- name: nextcloud-db-storage
|
||||
mountPath: /var/lib/mysql
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: nextcloud-db
|
||||
spec:
|
||||
accessModes: ["ReadWriteOnce"]
|
||||
resources:
|
||||
requests:
|
||||
storage: 2Gi
|
||||
storageClassName: longhorn
|
||||
volumes:
|
||||
- name: nextcloud-db-storage
|
||||
persistentVolumeClaim:
|
||||
claimName: nextcloud-db-longhorn
|
||||
|
||||
@@ -1,3 +1,18 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: nextcloud-db-longhorn
|
||||
namespace: tools
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
volumeMode: Filesystem
|
||||
resources:
|
||||
requests:
|
||||
storage: 2Gi
|
||||
storageClassName: longhorn
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
|
||||
@@ -38,7 +38,7 @@ spec:
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: nextcloud-db
|
||||
name: nextcloud-db-service
|
||||
namespace: tools
|
||||
spec:
|
||||
selector:
|
||||
@@ -47,4 +47,3 @@ spec:
|
||||
- protocol: TCP
|
||||
port: 3306
|
||||
targetPort: 3306
|
||||
clusterIP: None
|
||||
|
||||
@@ -15,18 +15,20 @@ spec:
|
||||
labels:
|
||||
app: nextcloud
|
||||
spec:
|
||||
initContainers:
|
||||
- name: wait-for-db
|
||||
image: busybox
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
until nc -z -v -w30 nextcloud-db-service 3306; do
|
||||
echo "Waiting for database to be ready..."
|
||||
sleep 2
|
||||
done
|
||||
containers:
|
||||
- name: nextcloud
|
||||
image: lscr.io/linuxserver/nextcloud:32.0.3
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- nc -z nextcloud-db.tools.svc.cluster.local 3306
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
failureThreshold: 3
|
||||
image: lscr.io/linuxserver/nextcloud:32.0.2
|
||||
ports:
|
||||
- containerPort: 443
|
||||
env:
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: open-webui-longhorn
|
||||
namespace: tools
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
volumeMode: Filesystem
|
||||
resources:
|
||||
requests:
|
||||
storage: 2Gi
|
||||
storageClassName: longhorn
|
||||
@@ -1,16 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: open-webui-service
|
||||
namespace: tools
|
||||
annotations:
|
||||
metallb.io/allow-shared-ip: "shared-ip-1"
|
||||
spec:
|
||||
loadBalancerIP: 192.168.1.230
|
||||
type: LoadBalancer
|
||||
selector:
|
||||
app: open-webui
|
||||
ports:
|
||||
- port: 8123
|
||||
targetPort: 8080
|
||||
@@ -1,32 +0,0 @@
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: open-webui
|
||||
namespace: tools
|
||||
spec:
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: open-webui
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: open-webui
|
||||
spec:
|
||||
containers:
|
||||
- name: open-webui
|
||||
image: ghcr.io/open-webui/open-webui:0.6.43
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
env:
|
||||
- name: OLLAMA_BASE_URL
|
||||
value: "http://ollama.tools.svc.cluster.local:2123"
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /app/backend/data
|
||||
volumes:
|
||||
- name: config
|
||||
persistentVolumeClaim:
|
||||
claimName: open-webui-longhorn
|
||||
@@ -1,35 +0,0 @@
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: paperless-ngx-db
|
||||
namespace: tools
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: paperless-ngx-db
|
||||
serviceName: paperless-ngx-db
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: paperless-ngx-db
|
||||
spec:
|
||||
containers:
|
||||
- name: paperless-ngx-db
|
||||
image: docker.io/library/redis:8
|
||||
ports:
|
||||
- containerPort: 6379
|
||||
volumeMounts:
|
||||
- name: paperless-ngx-db
|
||||
mountPath: /data
|
||||
subPath: redis
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: paperless-ngx-db
|
||||
spec:
|
||||
accessModes: ["ReadWriteOnce"]
|
||||
resources:
|
||||
requests:
|
||||
storage: 500Mi
|
||||
storageClassName: longhorn
|
||||
@@ -14,16 +14,3 @@ spec:
|
||||
ports:
|
||||
- port: 8001
|
||||
targetPort: 8000
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: paperless-ngx-db
|
||||
namespace: tools
|
||||
spec:
|
||||
selector:
|
||||
app: paperless-ngx-db
|
||||
ports:
|
||||
- port: 6379
|
||||
targetPort: 6379
|
||||
|
||||
@@ -15,24 +15,24 @@ spec:
|
||||
labels:
|
||||
app: paperless-ngx
|
||||
spec:
|
||||
initContainers:
|
||||
- name: paperless-ngx-db
|
||||
image: docker.io/library/redis:8
|
||||
restartPolicy: Always
|
||||
ports:
|
||||
- containerPort: 6379
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /data
|
||||
subPath: redis
|
||||
containers:
|
||||
- name: paperless-ngx
|
||||
image: ghcr.io/paperless-ngx/paperless-ngx:2.20.3
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- bash
|
||||
- -c
|
||||
- |
|
||||
(echo >/dev/tcp/paperless-ngx-db.tools.svc.cluster.local/6379)
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
failureThreshold: 3
|
||||
image: ghcr.io/paperless-ngx/paperless-ngx:2.20.1
|
||||
ports:
|
||||
- containerPort: 8000
|
||||
env:
|
||||
- name: PAPERLESS_REDIS
|
||||
value: "redis://paperless-ngx-db.tools.svc.cluster.local:6379"
|
||||
value: "redis://localhost:6379"
|
||||
- name: PAPERLESS_URL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
@@ -53,9 +53,9 @@ spec:
|
||||
- name: PAPERLESS_TIKA_ENABLED
|
||||
value: "1"
|
||||
- name: PAPERLESS_TIKA_ENDPOINT
|
||||
value: "http://tika-service.tools.svc.cluster.local:9998"
|
||||
value: "http://tika-service:9998"
|
||||
- name: PAPERLESS_TIKA_GOTENBERG_ENDPOINT
|
||||
value: "http://gotenberg-service.tools.svc.cluster.local:3000"
|
||||
value: "http://gotenberg-service:3000"
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /usr/src/paperless/data
|
||||
|
||||
@@ -10,5 +10,5 @@ spec:
|
||||
volumeMode: Filesystem
|
||||
resources:
|
||||
requests:
|
||||
storage: 2Gi
|
||||
storage: 1Gi
|
||||
storageClassName: longhorn
|
||||
|
||||
@@ -18,7 +18,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: searxng
|
||||
image: searxng/searxng@sha256:472dd0c84b8e2a05bca773b4a430b9fc9e4e92cd4fa0afaa223efab925ab752a
|
||||
image: searxng/searxng@sha256:6dd0dffc05a75d92bbacd858953b4e93b8f709403c3fb1fb8a33ca8fd02e40a4
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
env:
|
||||
|
||||
@@ -18,7 +18,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: vaultwarden
|
||||
image: vaultwarden/server:1.35.1
|
||||
image: vaultwarden/server:1.34.3
|
||||
ports:
|
||||
- containerPort: 80
|
||||
env:
|
||||
|
||||
@@ -1,28 +0,0 @@
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: bazarr-ingress
|
||||
namespace: arr-stack
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-cloudflare
|
||||
traefik.ingress.kubernetes.io/router.middlewares: tools-authelia@kubernetescrd
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
spec:
|
||||
ingressClassName: traefik
|
||||
tls:
|
||||
- hosts:
|
||||
- bazarr.akshun-lab.cc
|
||||
secretName: bazarr-tls
|
||||
rules:
|
||||
- host: bazarr.akshun-lab.cc
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: bazarr-service
|
||||
port:
|
||||
number: 6767
|
||||
|
||||
@@ -1,15 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: bazarr-longhorn
|
||||
namespace: arr-stack
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
volumeMode: Filesystem
|
||||
resources:
|
||||
requests:
|
||||
storage: 2Gi
|
||||
storageClassName: longhorn
|
||||
|
||||
@@ -1,13 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: bazarr-service
|
||||
namespace: arr-stack
|
||||
spec:
|
||||
selector:
|
||||
app: bazarr
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 6767
|
||||
targetPort: 6767
|
||||
@@ -1,48 +0,0 @@
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bazarr
|
||||
namespace: arr-stack
|
||||
spec:
|
||||
strategy:
|
||||
type: Recreate
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bazarr
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bazarr
|
||||
spec:
|
||||
containers:
|
||||
- name: bazarr
|
||||
image: linuxserver/bazarr:1.5.4
|
||||
env:
|
||||
- name: PUID
|
||||
value: "1000"
|
||||
- name: PGID
|
||||
value: "1000"
|
||||
- name: TZ
|
||||
value: "Asia/Kolkata"
|
||||
volumeMounts:
|
||||
- name: movies
|
||||
mountPath: /movies
|
||||
- name: tv
|
||||
mountPath: /tv
|
||||
- name: config
|
||||
mountPath: /config
|
||||
volumes:
|
||||
- name: config
|
||||
persistentVolumeClaim:
|
||||
claimName: bazarr-longhorn
|
||||
- name: tv
|
||||
nfs:
|
||||
server: 10.0.0.123
|
||||
path: /merge/series
|
||||
- name: movies
|
||||
nfs:
|
||||
server: 10.0.0.123
|
||||
path: /merge/movies
|
||||
|
||||
@@ -1,28 +0,0 @@
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: jellyseerr-ingress
|
||||
namespace: arr-stack
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-cloudflare
|
||||
traefik.ingress.kubernetes.io/router.middlewares: tools-authelia@kubernetescrd
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
spec:
|
||||
ingressClassName: traefik
|
||||
tls:
|
||||
- hosts:
|
||||
- jellyseerr.akshun-lab.cc
|
||||
secretName: jellyseerr-tls
|
||||
rules:
|
||||
- host: jellyseerr.akshun-lab.cc
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: jellyseerr-service
|
||||
port:
|
||||
number: 5055
|
||||
|
||||
@@ -1,15 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: jellyseerr-longhorn
|
||||
namespace: arr-stack
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
volumeMode: Filesystem
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
storageClassName: longhorn
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: jellyseerr-service
|
||||
namespace: arr-stack
|
||||
spec:
|
||||
selector:
|
||||
app: jellyseerr
|
||||
ports:
|
||||
- port: 5055
|
||||
targetPort: 5055
|
||||
protocol: TCP
|
||||
|
||||
@@ -1,58 +0,0 @@
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: jellyseerr
|
||||
namespace: arr-stack
|
||||
spec:
|
||||
strategy:
|
||||
type: Recreate
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: jellyseerr
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: jellyseerr
|
||||
spec:
|
||||
initContainers:
|
||||
- name: gluetun
|
||||
image: qmcgaw/gluetun:v3.41.0
|
||||
restartPolicy: Always
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_ADMIN
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: gluetun-config
|
||||
env:
|
||||
- name: OPENVPN_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: openvpn-secrets
|
||||
key: OPENVPN_PASSWORD
|
||||
- name: OPENVPN_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: openvpn-secrets
|
||||
key: OPENVPN_USER
|
||||
containers:
|
||||
- name: jellyseerr
|
||||
image: fallenbagel/jellyseerr:2.7.3
|
||||
ports:
|
||||
- containerPort: 5055
|
||||
env:
|
||||
- name: LOG_LEVEL
|
||||
value: "info"
|
||||
- name: TZ
|
||||
value: "Asia/Kolkata"
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /app/config
|
||||
volumes:
|
||||
- name: config
|
||||
persistentVolumeClaim:
|
||||
claimName: jellyseerr-longhorn
|
||||
|
||||
@@ -1,7 +0,0 @@
|
||||
---
|
||||
kind: Namespace
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: arr-stack
|
||||
labels:
|
||||
name: arr-stack
|
||||
@@ -1,13 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: gluetun-config
|
||||
namespace: arr-stack
|
||||
data:
|
||||
VPN_SERVICE_PROVIDER: "surfshark"
|
||||
SERVER_COUNTRIES: "Netherlands"
|
||||
HTTPPROXY: "ON"
|
||||
FIREWALL_OUTBOUND_SUBNETS: "192.168.1.0/24,10.42.0.0/16,10.43.0.0/16"
|
||||
DNS_ADDRESS: "8.8.8.8"
|
||||
|
||||
@@ -1,15 +0,0 @@
|
||||
---
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
name: openvpn-secrets
|
||||
namespace: arr-stack
|
||||
spec:
|
||||
encryptedData:
|
||||
OPENVPN_PASSWORD: AgCq8+4OOOqt0Z0zTiVdtjz5uWoH7flNKwreecXW7zZ3gMi7t2dg9YApYV5lBzIxXSCx1DhMWqbgBx545n4SFkZhJhJeJRxRMYYV1b034W4TCzyJXU9d1kcUY4zesutK/HVY2R6riUdGLZzxJ9RPEa62LfdmjCc7ilOnMG2zqGwUF8g7+/I8ANnxNKYZ6WF6kmD96C6RdMMO5D2AUs7YppppsADkoQmHyTjx5geceDm7nGHSyy5ieFuvg7qd7S5s7E+GpsMWsXgl1RGD2nsyJ94h7FH0/krWR4DBu7YivgKtehTf/fK1tkqbxuqPUDJG2QVhmYwLmcEMhfajV8tmJrptfgxQ0nRbqIM/kcJeopPhbcHg/HMMfp7GwiTjfub6gxti9JQPBgMjoOdyMrYsdWPbIF8CaScF9S5owPx0sI1oHlS/q4vhQs/2jh5rIrwLTJbmo1Xwrkd86TJfuUv2G7khUDF1xLBOX9gHQFiCF+F2/JC08CKuodJ5NyYIbQ3jTFMbZHnwlsONKAgbVz40s90OumD4ujk+CtB89/p4Pz8zJC26qB3mFSiFAIQ4RbAwygA9jsFXmsuS86dxinWD+XZYWGAXvG9GHtmV1lRG55CGQ4SAKmAgECqvE0q3MCmmhIquUgl0HolkkDRC+eJadb0w2z3bpFQ9K8ZdFP50Gj37hxcaVY/CREkAuiRhpxBOzbjwQShnly4qW6mB6/r0VF8THYPOsDy5DfQ=
|
||||
OPENVPN_USER: AgC/5sKPgHylU/nDJ/S63t/07I1Ll9gdBipIyWtL0Fl+OStZ1DAzt7n4oGZ+HRqZA1bLJ4ZB0xgOIL7JjFN+1AqvybrCrIrira7AwxwsRWHzboFzA8St81pQR2Bu6O6B+cfFUiFNI43yOVAn1LRWzPFjRc6wtJTym2tQbzDaFL5pdvnMRHRlDSrGfWMHvl/iNDwL4CUctBSLYNsSbew15g/KavkEfNT6DqVhGZ8LNA+223x6Xs2tsscAYZo9zEX4qxYO1jk0WxfMXA8iFqjl2icI3y6FMLtnfM4dA+4LK+5rrlyLQVoBWznwPTMSvRLEKmstKQAe4jSel/DxL0oa0SnfAty1n+weM5uA4UIvo3mgDX2tGNIeibV6Hn6aG0jTAWgSaWVjIDe/NCVKOks18nnqOI9p91MS93EoYU7gRwwpVCNYWoXQoul6G1P4EkiqtDbwKPOMgVPWIdu0unP1Af7K/QhqaelEMM/EageSXdMeZ/hDA9vMTNQlhNf+eowU0KwpQ9MXYre4m8N4twPzRQfXvU4+SNr1QsrlpB52Y0QJJJZvG9HOPfLK52Re42TxbLxGap1oQLyHhRscsQ6XIDszpEDBlXj8RYxhgaCIKfywK2Z5v0tbjdAWJuQ3Cw/kcaEa8dGT2x6BenU+XxwNIsyFkCCR5+0bJLdKZFPaT3J1wpIP8JQ/HuAWW89lxXFQ74935oecAwr93eN2rRAvdNmL71sDJoUGoSU=
|
||||
template:
|
||||
metadata:
|
||||
name: openvpn-secrets
|
||||
namespace: arr-stack
|
||||
type: Opaque
|
||||
@@ -1,28 +0,0 @@
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: prowlarr-ingress
|
||||
namespace: arr-stack
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-cloudflare
|
||||
traefik.ingress.kubernetes.io/router.middlewares: tools-authelia@kubernetescrd
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
spec:
|
||||
ingressClassName: traefik
|
||||
tls:
|
||||
- hosts:
|
||||
- prowlarr.akshun-lab.cc
|
||||
secretName: prowlarr-tls
|
||||
rules:
|
||||
- host: prowlarr.akshun-lab.cc
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: prowlarr-service
|
||||
port:
|
||||
number: 9696
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: prowlarr-longhorn
|
||||
namespace: arr-stack
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
volumeMode: Filesystem
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
storageClassName: longhorn
|
||||
@@ -1,13 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: prowlarr-service
|
||||
namespace: arr-stack
|
||||
spec:
|
||||
selector:
|
||||
app: prowlarr
|
||||
ports:
|
||||
- port: 9696
|
||||
targetPort: 9696
|
||||
clusterIP: 10.43.0.142
|
||||
@@ -1,59 +0,0 @@
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: prowlarr
|
||||
namespace: arr-stack
|
||||
spec:
|
||||
strategy:
|
||||
type: Recreate
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: prowlarr
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: prowlarr
|
||||
spec:
|
||||
initContainers:
|
||||
- name: gluetun
|
||||
image: qmcgaw/gluetun:v3.41.0
|
||||
restartPolicy: Always
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_ADMIN
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: gluetun-config
|
||||
env:
|
||||
- name: OPENVPN_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: openvpn-secrets
|
||||
key: OPENVPN_PASSWORD
|
||||
- name: OPENVPN_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: openvpn-secrets
|
||||
key: OPENVPN_USER
|
||||
containers:
|
||||
- name: prowlarr
|
||||
image: lscr.io/linuxserver/prowlarr:2.3.0
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /config
|
||||
ports:
|
||||
- containerPort: 9696
|
||||
env:
|
||||
- name: PUID
|
||||
value: "1000"
|
||||
- name: PGID
|
||||
value: "1000"
|
||||
- name: TZ
|
||||
value: "Asia/Kolkata"
|
||||
volumes:
|
||||
- name: config
|
||||
persistentVolumeClaim:
|
||||
claimName: prowlarr-longhorn
|
||||
@@ -1,27 +0,0 @@
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: qbittorrent-ingress
|
||||
namespace: arr-stack
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-cloudflare
|
||||
traefik.ingress.kubernetes.io/router.middlewares: tools-authelia@kubernetescrd
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
spec:
|
||||
ingressClassName: traefik
|
||||
tls:
|
||||
- hosts:
|
||||
- qbittorrent.akshun-lab.cc
|
||||
secretName: qbittorrent-tls
|
||||
rules:
|
||||
- host: qbittorrent.akshun-lab.cc
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: qbittorrent-service
|
||||
port:
|
||||
number: 8080
|
||||
@@ -1,14 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: qbittorrent-longhorn
|
||||
namespace: arr-stack
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
volumeMode: Filesystem
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
storageClassName: longhorn
|
||||
@@ -1,12 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: qbittorrent-service
|
||||
namespace: arr-stack
|
||||
spec:
|
||||
selector:
|
||||
app: qbittorrent
|
||||
ports:
|
||||
- port: 8080
|
||||
targetPort: 8080
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user