first commit

2025-07-04 19:51:51 +05:30
commit 42895beb8c
72 changed files with 2584 additions and 0 deletions
--- a/clusters/default/apps/invidious/templates/invidious-config.yaml
+++ b/clusters/default/apps/invidious/templates/invidious-config.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "{{ .Values.name }}-config"
+  namespace: default
+data:
+  invidious.yml: |
+    db:
+      dbname: invidious
+      user: kemal
+      password: ${INVIDIOUS_DB_PASSWORD}
+      host: localhost
+      port: 5432
+    check_tables: true
+    signature_server: localhost:12999
+    visitor_data: ${VISITOR_DATA}
+    po_token: ${PO_TOKEN}
+    port: 3000
+    hmac_key: ${INVIDIOUS_HMAC_KEY}
--- a/clusters/default/apps/invidious/templates/invidious-pvc.yaml
+++ b/clusters/default/apps/invidious/templates/invidious-pvc.yaml
@@ -0,0 +1,17 @@
+---
+{{- if .Values.persistence.enabled }}
+  {{- if not .Values.persistence.existingClaim }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: "longhorn-{{ .Values.name }}-config"
+  namespace: {{ .Values.namespace }}
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size }}
+  {{- end }}
+{{- end }}
--- a/clusters/default/apps/invidious/templates/invidious-svc.yaml
+++ b/clusters/default/apps/invidious/templates/invidious-svc.yaml
@@ -0,0 +1,21 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: "{{ .Values.name }}-service"
+  namespace: {{ .Values.namespace }}
+spec:
+  {{- if eq .Values.service.type "LoadBalancer" }}
+  type: LoadBalancer
+  {{- else if eq .Values.service.type "NodePort" }}
+  type: NodePort
+  {{- end }}
+  selector:
+    app: {{ .Values.name }}
+  ports:
+  - targetPort: 3000
+    protocol: TCP
+    {{- if eq .Values.service.type "LoadBalancer" }}
+    port: {{ .Values.service.port }}
+    {{- else if eq .Values.service.type "NodePort" }}
+    nodePort: {{ .Values.service.nodePort }}
--- a/clusters/default/apps/invidious/templates/invidious.yaml
+++ b/clusters/default/apps/invidious/templates/invidious.yaml
@@ -0,0 +1,115 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Values.name }}
+  namespace: {{ .Values.namespace }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: {{ .Values.name }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Values.name }}
+    spec:
+      initContainers:
+      - name: substitute-config
+        image: alpine
+        envFrom:
+        - secretRef:
+            name: {{ .Values.secrets.configSecretName }}
+        command:
+        - sh
+        - -c
+        - apk add gettext && envsubst < /mnt/init/invidious.yml > /mnt/invidious.yml
+        volumeMounts:
+        - name: "{{ .Values.name }}-config"
+          mountPath: /mnt/init/invidious.yml
+          subPath: invidious.yml
+        - name: tmp
+          mountPath: /mnt
+          subPath: invidious.yml
+      - name: clean-db-dir
+        image: busybox
+        command:
+        - sh
+        - -c
+        - |
+          rm -rf /var/lib/postgresql/data/lost+found
+        volumeMounts:
+        - name: postgres-data
+          mountPath: /var/lib/postgresql/data
+      - name: postgres
+        image: "{{ .Values.image.db.repository }}:{{ .Values.image.db.tag }}"
+        restartPolicy: Always
+        env:
+        - name: POSTGRES_DB
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.secrets.dbName.Name }}
+              key: {{ .Values.secrets.dbName.Key }}
+        - name: POSTGRES_USER
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.secrets.dbUser.User }}
+              key: {{ .Values.secrets.dbUser.Key }}
+        - name: POSTGRES_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.secrets.dbPassword.Password }}
+              key: {{ .Values.secrets.dbPassword.Key }}
+        volumeMounts:
+        - name: postgres-data
+          mountPath: /var/lib/postgresql/data
+      - name: inv-sig-helper
+        image: "{{ .Values.image.signatureHelper.repository }}@{{ .Values.image.signatureHelper.tag }}"
+        restartPolicy: Always
+        args: ["--tcp", "0.0.0.0:12999"]
+        env:
+        - name: RUST_LOG
+          value: "info"
+        securityContext:
+          readOnlyRootFilesystem: true
+          capabilities:
+            drop:
+            - ALL
+      containers:
+      - name: invidious
+        image: "{{ .Values.image.app.repository }}@{{ .Values.image.app.tag }}"
+        command:
+        - sh
+        - -c
+        - |
+          export INVIDIOUS_CONFIG="$(cat /mnt/invidious.yml)" &&
+          exec /invidious/invidious
+        env:
+        - name: INVIDIOUS_PORT
+          value: "3000"
+        volumeMounts:
+        - name: logging
+          mountPath: /var/log/invidious
+        - name: tmp
+          mountPath: /mnt
+          subPath: invidious.yml
+      volumes:
+      - name: logging
+        emptyDir: {}
+      - name: tmp
+        emptyDir: {}
+      - name: invidious-config
+        configMap:
+          name: "{{ .Values.name }}-config"
+      {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }}
+      - name: postgres-data
+        persistentVolumeClaim:
+          claimName: "{{ .Values.persistence.claimName }}"
+      {{- else if .Values.persistence.enabled }}
+      - name: postgres-data
+        persistentVolumeClaim:
+          claimName: "longhorn-{{ .Values.name }}-config"
+      {{- else }}
+      - name: postgres-data
+        emptyDir: {}
+      {{- end }}