dogfalo/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

new setup

Browse Source
This commit is contained in:
Alvin Wang 2026-04-22 14:31:16 -07:00
parent 0a5c149c5f
commit 28c23faf24
54 changed files with 316 additions and 179 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
.sops.yaml Normal file → Executable file
View File

0
AGENTS.md Normal file → Executable file
View File

6
Headlamp.md Normal file
View File

@ -0,0 +1,6 @@
kubectl -n apps create serviceaccount headlamp-admin
kubectl create clusterrolebinding headlamp-admin \
--serviceaccount=apps:headlamp-admin \
--clusterrole=cluster-admin
kubectl -n apps create token headlamp-admin

7
MetalLB.md Normal file
View File

@ -0,0 +1,7 @@
helm repo add metallb https://metallb.github.io/metallb
helm repo update
helm search repo metallb
helm dependency build charts/metallb
helm upgrade --install metallb charts/metallb -n kube-system --wait

20
README.md Normal file → Executable file
View File

@ -162,18 +162,24 @@ sops -e -i secrets/secrets.enc.yaml
Or deploy individually: Or deploy individually:
```bash ```bash
helm upgrade --install metallb charts/metallb -n kube-system --wait
helm upgrade --install traefik-internal charts/traefik-internal -n kube-system --wait
# Traefik config goes in kube-system (managed by k3s)
helm upgrade --install traefik-config charts/traefik-config -n kube-system
kubectl create namespace apps
helm upgrade --install headlamp charts/headlamp -n apps
helm upgrade --install dashboards charts/dashboards -n apps
helm upgrade --install paperless charts/paperless -n apps
helm upgrade --install mealie charts/mealie -n apps
kubectl create namespace media kubectl create namespace media
helm upgrade --install media charts/media -n media helm upgrade --install media charts/media -n media
kubectl create namespace apps
helm upgrade --install paperless charts/paperless -n apps
helm upgrade --install mealie charts/mealie -n apps
helm upgrade --install dashboards charts/dashboards -n apps
helm upgrade --install headlamp charts/headlamp -n apps
helm upgrade --install utils charts/utils -n apps helm upgrade --install utils charts/utils -n apps
# Traefik config goes in kube-system (managed by k3s)
helm upgrade --install traefik-config charts/traefik-config -n kube-system
``` ```
## Verifying ## Verifying

0
charts/dashboards/Chart.yaml Normal file → Executable file
View File

0
charts/dashboards/templates/glance-ingressroute.yaml Normal file → Executable file
View File

0
charts/dashboards/templates/glance.yaml Normal file → Executable file
View File

0
charts/dashboards/templates/homepage-ingressroute.yaml Normal file → Executable file
View File

0
charts/dashboards/templates/homepage.yaml Normal file → Executable file
View File

0
charts/dashboards/values.yaml Normal file → Executable file
View File

0
charts/headlamp/Chart.yaml Normal file → Executable file
View File

0
charts/headlamp/templates/headlamp-ingressroute.yaml Normal file → Executable file
View File

0
charts/headlamp/templates/headlamp.yaml Normal file → Executable file
View File

0
charts/headlamp/values.yaml Normal file → Executable file
View File

0
charts/mealie/Chart.yaml Normal file → Executable file
View File

0
charts/mealie/templates/mealie-ingressroute.yaml Normal file → Executable file
View File

0
charts/mealie/templates/mealie.yaml Normal file → Executable file
View File

0
charts/mealie/values.yaml Normal file → Executable file
View File

0
charts/media/Chart.yaml Normal file → Executable file
View File

5
charts/media/templates/_helpers.tpl Normal file → Executable file
View File

@ -11,3 +11,8 @@ app.kubernetes.io/part-of: media
- name: TZ - name: TZ
value: {{ .Values.tz | quote }} value: {{ .Values.tz | quote }}
{{- end -}} {{- end -}}
{{- define "media.requireMacWorker" -}}
nodeSelector:
homelab/node-role: worker
{{- end -}}

57
charts/media/templates/bazarr.yaml Normal file → Executable file
View File

@ -1,17 +1,3 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: bazarr-config
labels:
app: bazarr
{{- include "media.labels" . | nindent 4 }}
spec:
accessModes: [ReadWriteOnce]
storageClassName: {{ .Values.storageClass }}
resources:
requests:
storage: {{ .Values.bazarr.configSize }}
---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
@ -31,6 +17,7 @@ spec:
labels: labels:
app: bazarr app: bazarr
spec: spec:
{{- include "media.requireMacWorker" . | nindent 6 }}
containers: containers:
- name: bazarr - name: bazarr
image: {{ .Values.bazarr.image }} image: {{ .Values.bazarr.image }}
@ -47,15 +34,16 @@ spec:
mountPath: /tv mountPath: /tv
volumes: volumes:
- name: config - name: config
persistentVolumeClaim: hostPath:
claimName: bazarr-config path: {{ .Values.serviceData }}/bazarr/config
type: DirectoryOrCreate
- name: movies - name: movies
hostPath: hostPath:
path: {{ .Values.dogstore }}/sonarr/data/radarr-library path: /dogstore/sonarr/data/radarr-library
type: DirectoryOrCreate type: DirectoryOrCreate
- name: tv - name: tv
hostPath: hostPath:
path: {{ .Values.dogstore }}/sonarr/data/library path: /dogstore/sonarr/data/library
type: DirectoryOrCreate type: DirectoryOrCreate
--- ---
apiVersion: v1 apiVersion: v1
@ -70,3 +58,36 @@ spec:
ports: ports:
- port: 6767 - port: 6767
targetPort: 6767 targetPort: 6767
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: bazarr-internal
annotations:
kubernetes.io/ingress.class: traefik-internal
spec:
entryPoints:
- web
routes:
- match: Host(`bazarr.{{ .Values.internalDomain }}`)
kind: Rule
services:
- name: bazarr
port: 6767
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: bazarr-internal-tls
annotations:
kubernetes.io/ingress.class: traefik-internal
spec:
entryPoints:
- websecure
routes:
- match: Host(`bazarr.{{ .Values.internalDomain }}`)
kind: Rule
services:
- name: bazarr
port: 6767
tls: {}

3
charts/media/templates/plex.yaml Normal file → Executable file
View File

@ -17,8 +17,7 @@ spec:
labels: labels:
app: plex app: plex
spec: spec:
nodeSelector: {{- include "media.requireMacWorker" . | nindent 6 }}
homelab/node-role: worker
containers: containers:
- name: plex - name: plex
image: {{ .Values.plex.image }} image: {{ .Values.plex.image }}

53
charts/media/templates/prowlarr.yaml Normal file → Executable file
View File

@ -1,17 +1,3 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: prowlarr-config
labels:
app: prowlarr
{{- include "media.labels" . | nindent 4 }}
spec:
accessModes: [ReadWriteOnce]
storageClassName: {{ .Values.storageClass }}
resources:
requests:
storage: {{ .Values.prowlarr.configSize }}
---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
@ -31,6 +17,7 @@ spec:
labels: labels:
app: prowlarr app: prowlarr
spec: spec:
{{- include "media.requireMacWorker" . | nindent 6 }}
containers: containers:
- name: prowlarr - name: prowlarr
image: {{ .Values.prowlarr.image }} image: {{ .Values.prowlarr.image }}
@ -43,8 +30,9 @@ spec:
mountPath: /config mountPath: /config
volumes: volumes:
- name: config - name: config
persistentVolumeClaim: hostPath:
claimName: prowlarr-config path: {{ .Values.serviceData }}/prowlarr/config
type: DirectoryOrCreate
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
@ -58,3 +46,36 @@ spec:
ports: ports:
- port: 9696 - port: 9696
targetPort: 9696 targetPort: 9696
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: prowlarr-internal
annotations:
kubernetes.io/ingress.class: traefik-internal
spec:
entryPoints:
- web
routes:
- match: Host(`prowlarr.{{ .Values.internalDomain }}`)
kind: Rule
services:
- name: prowlarr
port: 9696
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: prowlarr-internal-tls
annotations:
kubernetes.io/ingress.class: traefik-internal
spec:
entryPoints:
- websecure
routes:
- match: Host(`prowlarr.{{ .Values.internalDomain }}`)
kind: Rule
services:
- name: prowlarr
port: 9696
tls: {}

55
charts/media/templates/qbittorrent.yaml Normal file → Executable file
View File

@ -1,17 +1,3 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: qbittorrent-config
labels:
app: qbittorrent
{{- include "media.labels" . | nindent 4 }}
spec:
accessModes: [ReadWriteOnce]
storageClassName: {{ .Values.storageClass }}
resources:
requests:
storage: {{ .Values.qbittorrent.configSize }}
---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
@ -31,6 +17,7 @@ spec:
labels: labels:
app: qbittorrent app: qbittorrent
spec: spec:
{{- include "media.requireMacWorker" . | nindent 6 }}
containers: containers:
- name: qbittorrent - name: qbittorrent
image: {{ .Values.qbittorrent.image }} image: {{ .Values.qbittorrent.image }}
@ -52,11 +39,12 @@ spec:
mountPath: /data mountPath: /data
volumes: volumes:
- name: config - name: config
persistentVolumeClaim: hostPath:
claimName: qbittorrent-config path: {{ .Values.serviceData }}/qbittorrent/config
type: DirectoryOrCreate
- name: data - name: data
hostPath: hostPath:
path: {{ .Values.dogstore }}/sonarr/data path: /dogstore/sonarr/data
type: DirectoryOrCreate type: DirectoryOrCreate
--- ---
apiVersion: v1 apiVersion: v1
@ -80,3 +68,36 @@ spec:
port: 34034 port: 34034
targetPort: 34034 targetPort: 34034
protocol: UDP protocol: UDP
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: qbittorrent-internal
annotations:
kubernetes.io/ingress.class: traefik-internal
spec:
entryPoints:
- web
routes:
- match: Host(`qbittorrent.{{ .Values.internalDomain }}`)
kind: Rule
services:
- name: qbittorrent
port: {{ .Values.qbittorrent.webuiPort }}
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: qbittorrent-internal-tls
annotations:
kubernetes.io/ingress.class: traefik-internal
spec:
entryPoints:
- websecure
routes:
- match: Host(`qbittorrent.{{ .Values.internalDomain }}`)
kind: Rule
services:
- name: qbittorrent
port: {{ .Values.qbittorrent.webuiPort }}
tls: {}

67
charts/media/templates/radarr.yaml Normal file → Executable file
View File

@ -1,17 +1,3 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: radarr-config
labels:
app: radarr
{{- include "media.labels" . | nindent 4 }}
spec:
accessModes: [ReadWriteOnce]
storageClassName: {{ .Values.storageClass }}
resources:
requests:
storage: {{ .Values.radarr.configSize }}
---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
@ -31,6 +17,7 @@ spec:
labels: labels:
app: radarr app: radarr
spec: spec:
{{- include "media.requireMacWorker" . | nindent 6 }}
containers: containers:
- name: radarr - name: radarr
image: {{ .Values.radarr.image }} image: {{ .Values.radarr.image }}
@ -45,11 +32,12 @@ spec:
mountPath: /data mountPath: /data
volumes: volumes:
- name: config - name: config
persistentVolumeClaim: hostPath:
claimName: radarr-config path: {{ .Values.serviceData }}/radarr/config
type: DirectoryOrCreate
- name: data - name: data
hostPath: hostPath:
path: {{ .Values.dogstore }}/sonarr/data path: /dogstore/sonarr/data # Media
type: DirectoryOrCreate type: DirectoryOrCreate
--- ---
apiVersion: v1 apiVersion: v1
@ -65,22 +53,35 @@ spec:
- port: 7878 - port: 7878
targetPort: 7878 targetPort: 7878
--- ---
apiVersion: networking.k8s.io/v1 apiVersion: traefik.io/v1alpha1
kind: Ingress kind: IngressRoute
metadata: metadata:
name: radarr name: radarr-internal
annotations: annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure kubernetes.io/ingress.class: traefik-internal
traefik.ingress.kubernetes.io/router.tls.certresolver: {{ .Values.certResolver }}
spec: spec:
rules: entryPoints:
- host: radarr.{{ .Values.domain }} - web
http: routes:
paths: - match: Host(`radarr.{{ .Values.internalDomain }}`)
- path: / kind: Rule
pathType: Prefix services:
backend: - name: radarr
service: port: 7878
name: radarr ---
port: apiVersion: traefik.io/v1alpha1
number: 7878 kind: IngressRoute
metadata:
name: radarr-internal-tls
annotations:
kubernetes.io/ingress.class: traefik-internal
spec:
entryPoints:
- websecure
routes:
- match: Host(`radarr.{{ .Values.internalDomain }}`)
kind: Rule
services:
- name: radarr
port: 7878
tls: {}

59
charts/utils/templates/seerr.yaml → charts/media/templates/seerr.yaml
View File

@ -1,22 +1,10 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: seerr-config
labels:
app: seerr
spec:
accessModes: [ReadWriteOnce]
storageClassName: {{ .Values.storageClass }}
resources:
requests:
storage: {{ .Values.seerr.storageSize }}
---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: seerr name: seerr
labels: labels:
app: seerr app: seerr
{{- include "media.labels" . | nindent 4 }}
spec: spec:
replicas: 1 replicas: 1
strategy: strategy:
@ -29,14 +17,15 @@ spec:
labels: labels:
app: seerr app: seerr
spec: spec:
nodeSelector:
node-role.kubernetes.io/control-plane: "true"
containers: containers:
- name: seerr - name: seerr
image: {{ .Values.seerr.image }} image: {{ .Values.seerr.image }}
ports: ports:
- containerPort: 5055 - containerPort: 5055
env: env:
- name: TZ {{- include "media.commonEnv" . | nindent 12 }}
value: {{ .Values.tz | quote }}
readinessProbe: readinessProbe:
httpGet: httpGet:
path: /api/v1/settings/public path: /api/v1/settings/public
@ -56,13 +45,16 @@ spec:
mountPath: /app/config mountPath: /app/config
volumes: volumes:
- name: config - name: config
persistentVolumeClaim: hostPath:
claimName: seerr-config path: {{ .Values.dogboxServiceData }}/seerr/config
type: Directory
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: seerr name: seerr
labels:
app: seerr
spec: spec:
selector: selector:
app: seerr app: seerr
@ -89,3 +81,36 @@ spec:
name: seerr name: seerr
port: port:
number: 5055 number: 5055
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: seerr-internal
annotations:
kubernetes.io/ingress.class: traefik-internal
spec:
entryPoints:
- web
routes:
- match: Host(`seerr.{{ .Values.internalDomain }}`)
kind: Rule
services:
- name: seerr
port: 5055
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: seerr-internal-tls
annotations:
kubernetes.io/ingress.class: traefik-internal
spec:
entryPoints:
- websecure
routes:
- match: Host(`seerr.{{ .Values.internalDomain }}`)
kind: Rule
services:
- name: seerr
port: 5055
tls: {}

67
charts/media/templates/sonarr.yaml Normal file → Executable file
View File

@ -1,17 +1,3 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: sonarr-config
labels:
app: sonarr
{{- include "media.labels" . | nindent 4 }}
spec:
accessModes: [ReadWriteOnce]
storageClassName: {{ .Values.storageClass }}
resources:
requests:
storage: {{ .Values.sonarr.configSize }}
---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
@ -31,6 +17,7 @@ spec:
labels: labels:
app: sonarr app: sonarr
spec: spec:
{{- include "media.requireMacWorker" . | nindent 6 }}
containers: containers:
- name: sonarr - name: sonarr
image: {{ .Values.sonarr.image }} image: {{ .Values.sonarr.image }}
@ -45,11 +32,12 @@ spec:
mountPath: /data mountPath: /data
volumes: volumes:
- name: config - name: config
persistentVolumeClaim: hostPath:
claimName: sonarr-config path: {{ .Values.serviceData }}/sonarr/config
type: DirectoryOrCreate
- name: data - name: data
hostPath: hostPath:
path: {{ .Values.dogstore }}/sonarr/data path: /dogstore/sonarr/data # TV + Movies Library
type: DirectoryOrCreate type: DirectoryOrCreate
--- ---
apiVersion: v1 apiVersion: v1
@ -65,22 +53,35 @@ spec:
- port: 8989 - port: 8989
targetPort: 8989 targetPort: 8989
--- ---
apiVersion: networking.k8s.io/v1 apiVersion: traefik.io/v1alpha1
kind: Ingress kind: IngressRoute
metadata: metadata:
name: sonarr name: sonarr-internal
annotations: annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure kubernetes.io/ingress.class: traefik-internal
traefik.ingress.kubernetes.io/router.tls.certresolver: {{ .Values.certResolver }}
spec: spec:
rules: entryPoints:
- host: sonarr.{{ .Values.domain }} - web
http: routes:
paths: - match: Host(`sonarr.{{ .Values.internalDomain }}`)
- path: / kind: Rule
pathType: Prefix services:
backend: - name: sonarr
service: port: 8989
name: sonarr ---
port: apiVersion: traefik.io/v1alpha1
number: 8989 kind: IngressRoute
metadata:
name: sonarr-internal-tls
annotations:
kubernetes.io/ingress.class: traefik-internal
spec:
entryPoints:
- websecure
routes:
- match: Host(`sonarr.{{ .Values.internalDomain }}`)
kind: Rule
services:
- name: sonarr
port: 8989
tls: {}

5
charts/media/templates/unpackerr.yaml Normal file → Executable file
View File

@ -17,6 +17,7 @@ spec:
labels: labels:
app: unpackerr app: unpackerr
spec: spec:
{{- include "media.requireMacWorker" . | nindent 6 }}
containers: containers:
- name: unpackerr - name: unpackerr
image: {{ .Values.unpackerr.image }} image: {{ .Values.unpackerr.image }}
@ -85,9 +86,9 @@ spec:
volumes: volumes:
- name: data - name: data
hostPath: hostPath:
path: {{ .Values.dogstore }}/sonarr/data path: /dogstore/sonarr/data
type: DirectoryOrCreate type: DirectoryOrCreate
- name: logs - name: logs
hostPath: hostPath:
path: {{ .Values.dogstore }}/logs/unpackerr path: {{ .Values.serviceData }}/unpackerr/logs
type: DirectoryOrCreate type: DirectoryOrCreate

14
charts/media/values.yaml Normal file → Executable file
View File

@ -5,13 +5,11 @@ tz: America/Los_Angeles
puid: "1000" puid: "1000"
pgid: "1000" pgid: "1000"
dogstore: /dogstore dogboxServiceData: /home/alvin/service-data
serviceData: /service-data
secretName: media-secrets secretName: media-secrets
storageClass: longhorn
configStorageSize: 2Gi
plex: plex:
image: plexinc/pms-docker:latest image: plexinc/pms-docker:latest
advertiseIp: "https://plex.ratboo.me:443" advertiseIp: "https://plex.ratboo.me:443"
@ -19,24 +17,22 @@ plex:
sonarr: sonarr:
image: ghcr.io/hotio/sonarr:latest image: ghcr.io/hotio/sonarr:latest
configSize: 2Gi
radarr: radarr:
image: ghcr.io/hotio/radarr:latest image: ghcr.io/hotio/radarr:latest
configSize: 2Gi
bazarr: bazarr:
image: lscr.io/linuxserver/bazarr:latest image: lscr.io/linuxserver/bazarr:latest
configSize: 1Gi
prowlarr: prowlarr:
image: ghcr.io/hotio/prowlarr:latest image: ghcr.io/hotio/prowlarr:latest
configSize: 1Gi
qbittorrent: qbittorrent:
image: ghcr.io/hotio/qbittorrent:latest image: ghcr.io/hotio/qbittorrent:latest
configSize: 1Gi
webuiPort: 9191 webuiPort: 9191
unpackerr: unpackerr:
image: golift/unpackerr image: golift/unpackerr
seerr:
image: ghcr.io/seerr-team/seerr:latest

0
charts/metallb/Chart.lock Normal file → Executable file
View File

0
charts/metallb/Chart.yaml Normal file → Executable file
View File

6
charts/metallb/templates/pool.yaml Normal file → Executable file
View File

@ -3,6 +3,9 @@ apiVersion: metallb.io/v1beta1
kind: IPAddressPool kind: IPAddressPool
metadata: metadata:
name: {{ .Values.pool.name }} name: {{ .Values.pool.name }}
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-weight": "0"
spec: spec:
autoAssign: false autoAssign: false
addresses: addresses:
@ -14,6 +17,9 @@ apiVersion: metallb.io/v1beta1
kind: L2Advertisement kind: L2Advertisement
metadata: metadata:
name: {{ .Values.pool.name }} name: {{ .Values.pool.name }}
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-weight": "1"
spec: spec:
ipAddressPools: ipAddressPools:
- {{ .Values.pool.name }} - {{ .Values.pool.name }}

0
charts/metallb/values.yaml Normal file → Executable file
View File

0
charts/paperless/Chart.yaml Normal file → Executable file
View File

0
charts/paperless/templates/paperless-ingressroute.yaml Normal file → Executable file
View File

0
charts/paperless/templates/postgres.yaml Normal file → Executable file
View File

0
charts/paperless/templates/redis.yaml Normal file → Executable file
View File

0
charts/paperless/templates/webserver.yaml Normal file → Executable file
View File

0
charts/paperless/values.yaml Normal file → Executable file
View File

0
charts/traefik-config/Chart.yaml Normal file → Executable file
View File

0
charts/traefik-config/templates/middleware-redirect.yaml Normal file → Executable file
View File

4
charts/traefik-config/templates/traefik-config.yaml Normal file → Executable file
View File

@ -41,8 +41,8 @@ spec:
additionalVolumes: additionalVolumes:
- name: acme - name: acme
hostPath: hostPath:
path: /home/alvin/docker-volumes/.letsencrypt path: /dogstore/service-data/.letsencrypt
type: DirectoryOrCreate type: Directory
additionalVolumeMounts: additionalVolumeMounts:
- name: acme - name: acme
mountPath: /letsencrypt mountPath: /letsencrypt

0
charts/traefik-config/values.yaml Normal file → Executable file
View File

0
charts/traefik-internal/Chart.yaml Normal file → Executable file
View File

0
charts/traefik-internal/templates/tls-store.yaml Normal file → Executable file
View File

0
charts/traefik-internal/templates/traefik-internal.yaml Normal file → Executable file
View File

0
charts/traefik-internal/values.yaml Normal file → Executable file
View File

2
charts/utils/Chart.yaml Normal file → Executable file
View File

@ -1,5 +1,5 @@
apiVersion: v2 apiVersion: v2
name: utils name: utils
description: Utility services -- Zerobyte backup and Seerr media requests description: Utility services -- Zerobyte backup
version: 0.1.0 version: 0.1.0
type: application type: application

32
charts/utils/templates/zerobyte-ingressroute.yaml Normal file
View File

@ -0,0 +1,32 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: zerobyte
annotations:
kubernetes.io/ingress.class: traefik-internal
spec:
entryPoints:
- web
routes:
- match: Host(`zerobyte.{{ .Values.internalDomain }}`)
kind: Rule
services:
- name: zerobyte
port: 4096
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: zerobyte-tls
annotations:
kubernetes.io/ingress.class: traefik-internal
spec:
entryPoints:
- websecure
routes:
- match: Host(`zerobyte.{{ .Values.internalDomain }}`)
kind: Rule
services:
- name: zerobyte
port: 4096
tls: {}

22
charts/utils/templates/zerobyte.yaml Normal file → Executable file
View File

@ -1,16 +1,3 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: zerobyte-data
labels:
app: zerobyte
spec:
accessModes: [ReadWriteOnce]
storageClassName: {{ .Values.storageClass }}
resources:
requests:
storage: {{ .Values.zerobyte.storageSize }}
---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
@ -38,12 +25,12 @@ spec:
- name: TZ - name: TZ
value: {{ .Values.tz | quote }} value: {{ .Values.tz | quote }}
- name: BASE_URL - name: BASE_URL
value: http://{{ .Values.hostIp }}:4096 value: http://zerobyte.dog
- name: APP_SECRET - name: APP_SECRET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ .Values.zerobyte.secretName }} name: {{ .Values.zerobyte.secretName }}
key: APP_SECRET key: ZEROBYTE_APP_SECRET
volumeMounts: volumeMounts:
- name: data - name: data
mountPath: /var/lib/zerobyte mountPath: /var/lib/zerobyte
@ -52,8 +39,9 @@ spec:
readOnly: true readOnly: true
volumes: volumes:
- name: data - name: data
persistentVolumeClaim: hostPath:
claimName: zerobyte-data path: /home/alvin/service-data/zerobyte
type: DirectoryOrCreate
- name: localtime - name: localtime
hostPath: hostPath:
path: /etc/localtime path: /etc/localtime

6
charts/utils/values.yaml Normal file → Executable file
View File

@ -1,14 +1,10 @@
domain: ratboo.me domain: ratboo.me
internalDomain: dog
certResolver: myresolver certResolver: myresolver
tz: America/Los_Angeles tz: America/Los_Angeles
hostIp: "10.0.1.2" hostIp: "10.0.1.2"
storageClass: longhorn
zerobyte: zerobyte:
image: ghcr.io/nicotsx/zerobyte:v0.33 image: ghcr.io/nicotsx/zerobyte:v0.33
storageSize: 1Gi
secretName: zerobyte-secrets secretName: zerobyte-secrets
seerr:
image: ghcr.io/seerr-team/seerr:latest
storageSize: 1Gi

0
secrets/secrets.enc.yaml Normal file → Executable file
View File

5
tasks.TODO Normal file
View File

@ -0,0 +1,5 @@
[] Backup zerobyte restic
[] setup litestream vs litefs https://chatgpt.com/c/69e93964-aa84-83ea-83f1-2cbd0125b748
[]
migrate sqllite to postgres