diff --git a/clusters/default/media/invidious/invidious-config.yml b/clusters/default/media/invidious/invidious-config.yml new file mode 100644 index 0000000..7970693 --- /dev/null +++ b/clusters/default/media/invidious/invidious-config.yml @@ -0,0 +1,19 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: invidious-config + namespace: media +data: + invidious.yml: | + db: + dbname: invidious + user: kemal + password: ${INVIDIOUS_DB_PASSWORD} + host: localhost + port: 5432 + check_tables: true + invidious_companion: + - private_url: "http://localhost:8282/companion" + invidious_companion_key: ${INVIDIOUS_COMPANION_KEY} + hmac_key: ${INVIDIOUS_HMAC_KEY} diff --git a/clusters/default/media/invidious/invidious-db-secrets.yml b/clusters/default/media/invidious/invidious-db-secrets.yml new file mode 100644 index 0000000..4685443 --- /dev/null +++ b/clusters/default/media/invidious/invidious-db-secrets.yml @@ -0,0 +1,16 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: invidious-db-secrets + namespace: media +spec: + encryptedData: + postgres-db: AgA3wmrLcXT6zd9/GthzLyIDkc5CoyqBFJN7BbMO8lTdn6i+JIiMSf/pEWcla03EUmiqCRlUcaTVVlcCuzIeN9ayfjCDYSbxGjpKvdQmQEXZFf+5CQVcYZjIv6F2I33ZNvHelQFsHaypugx8rhnoIx/UYEA2S5hGoafqXTHJ3YYKUhbynsRi9NRRF2HFvuRQ/cgl0cvwbjtoZSTE9IEP4yNlUC8mDhZDkW3nmX+irVrAqO9sQxJl4/2pMimYCiP4cWbeMV1lulFucI0uL5tycm6CDtOAB5Z7Ysmkwx9ww1nnTr75zBJPydhQab9OUBFe19xIaRNNJVzohXzT39yWY3urdva19Racz7vSduyIVQ8ijWwo6qxOmwUc9Q5dcWU703wAuNl8mzEomy3HKvF57JxY0U2CEId/Q4WgOAmCShTkIqDzTrLUeEFQkrPppCq8Y/jKVDHWxmsP/OaFMTiCs/c9E/Ph5b3J2bVRls/sMGlNy4Q/4tvNt5yYL2I0GrFmNiF6Qb+zgMb5AXv0nPmTBCxksz4dpI99poMbV3DH6yU4CaYFNW3BdyZHygAXb22Kd5R6SGPqwdxduYd3MC6uedTGVFVTRpotnq2JIBLXZG+VB9wiav7P5VKjgBSy+ZnnqnqYbYdaRKPzGHv2wpl0qvEWzWxi8yYh0YKh7GsMlA9lrxPWFum7n98/h9fz+2Y9hdf9zcgVwtqKowc= + postgres-password: AgA8wn9Rs8BChdpPT2I4EYohTIJeN7lqxD9EYKsEjB/OyHvOfQ1DGnnEGs5TWiJHYJIvg0X+WvwKyB30EYHTIcfp+yd4iR/PIZJuTlpWTaZ2x/MhLPwb1zZgxaQD4H3c0EGWy+0bTwgudDfOBMVIbz3azZQRKOyHE6/nOvSY98lvIWvkkARBSY0MYDEUdb06+TA6wwT7y02tlWFu8SAbsmPtIDTX47/vkEVaHP1nB5J4bdgHCvxJx1HDcfR/K1bM8bKfYA4TSGFDFioTtJqPjRbrSGTI7R9xGDxBoUAiURt0jzR6DxanzyEOFf0tcs5VkybvKx40O+qX7BFb8XLi6AY5FL0MQmUDd+xmQRUozJaJtxRgR/4B/aauDxHJm2zxGgY3UwJ/4/AfBieRmHdIK2JlGoeRA+42aFJxtiEVfcXiyf3ZGh/iSSw7/78i+jhD74OhgNICTRsHI+J+ABASm6CG1TSByiSTdkpe+ZGjU/nV+IA0XBFvulqEY67IfXsTFhTaHadWZpS5FTnZdSWras4xb595IwtfXqQ2W0t+6PTOJNWpSRm6aSbyLeDCbA9VjK58nSR2lonA4xMxLmWczWIfrq3G/s5QOVTWwsVMIPdhTXAvApevqlpNZOxvNqCsCLsLnqR4+KSApRO1PYpMD50LrakVsXf0ETOanu6XWuK8J84pLyLJyDNu20mVAfmCYzbPM7eZOkNCR6Da6g== + postgres-user: AgAiCUAQ1lnZPmopNXDU1lKXdbuGrV6+EjGQRoxnyUolfcxg/4g+a654kyXajQlogYkm41WLgWWhvmulZ5vDlD16IftUuEhornBZgllJS57UIbTq2GDB7cAfqeGh3o0IqtMwu2kaHtssVwIeKpuYkBM3ZfmWWdLXL5ba4mk02PqJRDnfUojINc9Ap7bpHhmhzo3X3JVT9LuLPvhMch2t9e6j6ViVKPKWmS07KDxW8vC6vJJecc+WnsZLd2NGdD3LWyWLWyvMYzaf+hkCD2Ly881cCoyvLsN3HkUfCisgBbfxbbf0abZ9ltCDbGpSYfrOMi1Nd2C9WHPfU5veUl9f9uZ25+SqhU5rBkDnlm5O9aCK0PCFoZJvrZiMpcqp4XtKxLSkvSO25ZhDrF18JYeg9az1RSZNchD+VUyG1bYyVdRzHYAG3uRoa47hPBP/P6hyMHnuiGA6UwNwq4zesiGJ2A2kD3wJnqzwqemoh06Rz16qhQhNn0F9Rm4soW2JXgLxUWyPvPiEd2+oZn89vUQgkPSAP3XVVjq6JKrADU4KgfkJ/eXLIqF13Vmurff8S2WtitBRy4ZcixoL7kruHnHb3UypTyDx60c9TQKc04xYbqV5xM2XIwrwRVZCmUsvEf7Kw0NotQeEkhxP9rcLgDey7iPkyxgguyrVZeKEAE+y33V7iM3BLWjW7fB7trPizkaLLFsUTHMmWw== + template: + metadata: + name: invidious-db-secrets + namespace: media + type: Opaque diff --git a/clusters/default/media/invidious/invidious-pvc.yml b/clusters/default/media/invidious/invidious-pvc.yml new file mode 100644 index 0000000..01a4360 --- /dev/null +++ b/clusters/default/media/invidious/invidious-pvc.yml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: invidious-longhorn + namespace: media +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 1Gi + storageClassName: longhorn diff --git a/clusters/default/media/invidious/invidious-secrets.yml b/clusters/default/media/invidious/invidious-secrets.yml new file mode 100644 index 0000000..bd690a2 --- /dev/null +++ b/clusters/default/media/invidious/invidious-secrets.yml @@ -0,0 +1,16 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: invidious-secrets + namespace: media +spec: + encryptedData: + INVIDIOUS_COMPANION_KEY: AgADzaTr1SfMN71XtE8WY/03cJcCi4cBM93oLl0xVkgEVz1Rcwa2Stzp204me+06eDe11baegDYw5vk/dBEOT3CSnPbDkKWjjrCQYxWfx/hi6VwVWRHNX+JC7nQwPNrof7GxwGQIyLiEPXjckn/hf45ujzX381oWpKh5EAXtKyczf6x5ACUOWmo7+f8NVM15d2TgxPNrX/ayifwo9Chk2NiujRR0VvLR3AivbuFLoWFyX5Pxv0GNQD/mqQMOiNu6hpQp5X6vuPPYDP+Z+9am3mMc2dkxDlhCc9HkF95eHaHVFpFZVk3dBN1nQZKzU2BAAdLujOroHY5XykpfJ+xPUJ/5Qz2i0nWjosMJ4KaWZe4S6mgpOPI9AymCrGZrWufy6JRIauWNMlT+T/+mZD/Ln2PbJtaBbTq4b6pffZiW6LHrxtxS2tdn75ZtHfzWA+q7qfHQnsqFQ0T0dbJpHk2pq942Jr0WdGqSVBDwqGdJfpLqsivv0tglOcakdKWG6fZZO9fxP9a/Fo8am3Yo9G46WG4WPCrVuFRwm26Nte9idMoLFJtGxfCEhbngzETE3J0qNvt78LTWRhG0wO3uKL3k6f1w3aWYp4/DmSSMcBU6+xXXCbCqdxR9zmI2HtMfCbdaghxinJU/K3xmJRJoTa5fjt7V6RNKejRwwxRYZzne9nUSLjib9PwkXeVPvYEzA5BRFNUP20GyaMJZ/4obWP66d0QI + INVIDIOUS_DB_PASSWORD: AgAryk5AACMNHG20BmHC/WAmuOLm/SemOGMJ+kDDqc1wDYzrWytvlQ73OhsMNuI+OWUTBNN3AZ5G/mnLGIFymDbA2NxFjBRWCDDRzGixKoMbjZqmMjqsm861RMmcBxbC4LnIfIICghjC9CyST13tztS3QNKRWPmkabdbbDuMSZ5U1QJAPUXnFs6MtKlhpwfh538lFKHRgF3U8sfKw8HYA25o170frQWrlqt38pHHh3LuAiAfGLn2D+qLY8ynvmW35UK/S682+cvyQwazNKI6Mkg/x2Xr3AUstnlhuwlTvn/QVsFL1EYjNnPlqtfcXHIZb8aPJ1L+zz9UaTwmSi1JqdtpCEEajHzogAvbvGj8FgwzDQfbudSB/GgL8kYv4BcYFe+6UxmaFUwFg5yECR98ueWw1CmW2Sy/i6TPKsGkyoIi+ip7lpNzO/G6cFSHqwgT01Wdsq9JXyuAXVQHhwdBoQiTeoFWgbEIc5HxvgKuWOlVNpUyaA7o8DofApjRVQmN+mWsRqAaeWIzoCGzqEKynyvG1dAdtVK4fK0GZieAt16oJjTi3Ilf8JOACw9WJltIP1GD0bQioSvvsb2dMGjSDO2FcfnwuGHfEM+EA9KSwsQI5Hlgb979clyQn6fCSJS6/pCfjGozydCsLI9GiSnOuKs29laAjNeQgSs2WYKykkkjpekyqo9hZDbI5tVm95Na5Zeh5dp+RqlYJ4Si3A== + INVIDIOUS_HMAC_KEY: AgBHpwItvaGulTBI3AjKagYIpztLqLc022YYV9GlivFfNvdBrroS10vVou9mXdSnGtnSTYiC8Kiee3YtSYow6WsAXku8dk3gL3QgZQ8q+3XYzY8MpiVXvEu2KJYY72dBXmW9xgcYTXLpn0QRYie5O9m+f90IKvo01W+xZ+yTX72aBhHX1pzJfGz53TaJEdfRTGQsGFJxKzaeDwjuWWVQ1ssfAhL7+qjLlllu6l7fyEAd5d2yjxiaMQ4w3ibiaBa5BetVngdZFVTdux67WorzqdswefgsU3PAoHtUdkJAvofb3SbCQPBEwFH13Zu3NA5eBwp1jQ+dRAWL4dFqpso/75F1Ta1ogmKeHwGDX+lKS3p9L1mUA+/6ZzUs7B90BmKn5sc/4s0ktuZD9u5Q7eP6xn3v3dRMVpzcxfqyGqDQzyldBx5sO3j5NtGRb5MbH3HFdYA59/39smguu5Cm+ulVeStcSz7ire/xD03rZIcH2bcgqllb86MT8jlx7OsvPzx/DWfNUB3MnCYgUi+XaE53b7i1mf/L1uKVdRtztcFV5VP7xJLbCeRRwhImas7ap935xTRf04HI4p7spTTtXL+x40D6IM1JyV9hgBbix4mwmbHAxar8sZkoVdeP2kEl/jIRD80TtlmX6BoJ6D+EKwDjJWhWsywhN/F5NHhXr9kOv/PYi4HHlb1sE8oRTo4kGM1cpdG8tqfGpCFTKEHSR8WRZsZ3 + template: + metadata: + name: invidious-secrets + namespace: media + type: Opaque diff --git a/clusters/default/media/invidious/invidious-svc.yml b/clusters/default/media/invidious/invidious-svc.yml new file mode 100644 index 0000000..6d2bc85 --- /dev/null +++ b/clusters/default/media/invidious/invidious-svc.yml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: invidious-service + namespace: media +spec: + type: LoadBalancer + selector: + app: invidious + ports: + - port: 3111 + targetPort: 3000 + protocol: TCP diff --git a/clusters/default/media/invidious/invidious.yml b/clusters/default/media/invidious/invidious.yml new file mode 100644 index 0000000..3180854 --- /dev/null +++ b/clusters/default/media/invidious/invidious.yml @@ -0,0 +1,111 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: invidious + namespace: media +spec: + strategy: + type: Recreate + replicas: 1 + selector: + matchLabels: + app: invidious + template: + metadata: + labels: + app: invidious + spec: + initContainers: + - name: substitute-config + image: alpine + envFrom: + - secretRef: + name: invidious-secrets + command: + - sh + - -c + - apk add gettext && envsubst < /mnt/init/invidious.yml > /mnt/invidious.yml + volumeMounts: + - name: invidious-config + mountPath: /mnt/init/invidious.yml + subPath: invidious.yml + - name: tmp + mountPath: /mnt + subPath: invidious.yml + - name: clean-db-dir + image: busybox + command: + - sh + - -c + - | + rm -rf /var/lib/postgresql/data/lost+found + volumeMounts: + - name: postgres-data + mountPath: /var/lib/postgresql/data + - name: postgres + image: postgres:15.14 + restartPolicy: Always + env: + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + name: invidious-db-secrets + key: postgres-db + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: invidious-db-secrets + key: postgres-user + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: invidious-db-secrets + key: postgres-password + volumeMounts: + - name: postgres-data + mountPath: /var/lib/postgresql/data + - name: inv-companion + image: quay.io/invidious/invidious-companion@sha256:919112d8c7b40315f815eba5a70ebe55718cdbac2dc9cb4ae2acafbbafb47d8b + restartPolicy: Always + env: + - name: SERVER_SECRET_KEY + valueFrom: + secretKeyRef: + name: invidious-secrets + key: INVIDIOUS_COMPANION_KEY + securityContext: + capabilities: + drop: + - ALL + containers: + - name: invidious + image: quay.io/invidious/invidious@sha256:2836b5b8226a53a9cc2afdbd5f5fe6bccdd200f2e17cd92a828b4dc8d8b5cc06 + command: + - sh + - -c + - | + export INVIDIOUS_CONFIG="$(cat /mnt/invidious.yml)" && + exec /invidious/invidious + env: + - name: INVIDIOUS_PORT + value: "3000" + ports: + - containerPort: 3000 + volumeMounts: + - name: logging + mountPath: /var/log/invidious + - name: tmp + mountPath: /mnt + subPath: invidious.yml + volumes: + - name: logging + emptyDir: {} + - name: tmp + emptyDir: {} + - name: invidious-config + configMap: + name: invidious-config + - name: postgres-data + persistentVolumeClaim: + claimName: invidious-longhorn