feat: overhaul

2025-09-17 18:24:14 +02:00 · 2025-01-04 00:00:04 +01:00
parent b14022014b
commit 0c9529c7a2
408 changed files with 3187 additions and 2380 deletions
--- a/kubernetes/apps/default/lidarr/app/externalsecret.yaml
+++ b/kubernetes/apps/default/lidarr/app/externalsecret.yaml
@@ -14,26 +14,34 @@ spec:
    template:
      engineVersion: v2
      data:
-        # App
        LIDARR__API_KEY: "{{ .LIDARR__API_KEY }}"
-        LIDARR__POSTGRES_HOST: &dbHost postgres16-rw.database.svc.cluster.local
-        LIDARR__POSTGRES_PORT: "5432"
-        LIDARR__POSTGRES_USER: &dbUser "{{ .LIDARR__POSTGRES_USER }}"
-        LIDARR__POSTGRES_PASSWORD: &dbPass "{{ .LIDARR__POSTGRES_PASSWORD }}"
-        LIDARR__POSTGRES_MAIN_DB: lidarr_main
-        LIDARR__POSTGRES_LOG_DB: lidarr_log
        PUSHOVER_API_TOKEN: "{{ .PUSHOVER_API_TOKEN }}"
        PUSHOVER_USER_KEY: "{{ .PUSHOVER_USER_KEY }}"
-        # Postgres Init
-        INIT_POSTGRES_DBNAME: lidarr_main lidarr_log
-        INIT_POSTGRES_HOST: *dbHost
-        INIT_POSTGRES_USER: *dbUser
-        INIT_POSTGRES_PASS: *dbPass
-        INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}"
  dataFrom:
-    - extract:
-        key: cloudnative-pg
    - extract:
        key: pushover
    - extract:
        key: lidarr
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: lidarr-db
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: crunchy-pgo-secrets
+  target:
+    name: lidarr-db-secret
+    template:
+      engineVersion: v2
+      data:
+        LIDARR__POSTGRES__MAINDB: '{{ index . "dbname" }}'
+        LIDARR__POSTGRES__LOGDB: lidarr_log
+        LIDARR__POSTGRES__HOST: '{{ index . "host" }}'
+        LIDARR__POSTGRES__USER: '{{ index . "user" }}'
+        LIDARR__POSTGRES__PASSWORD: '{{ index . "password" }}'
+        LIDARR__POSTGRES__PORT: '{{ index . "port" }}'
+  dataFrom:
+    - extract:
+        key: postgres-pguser-lidarr
--- a/kubernetes/apps/default/lidarr/app/helmrelease.yaml
+++ b/kubernetes/apps/default/lidarr/app/helmrelease.yaml
@@ -4,7 +4,6 @@ apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
  name: &app lidarr
-  namespace: default
 spec:
  interval: 30m
  chart:
@@ -39,15 +38,7 @@ spec:
        annotations:
          reloader.stakater.com/auto: "true"
          configmap.reloader.stakater.com/reload: lidarr-pushover
-        initContainers:
-          init-db:
-            image:
-              repository: ghcr.io/onedr0p/postgres-init
-              tag: 16
-              pullPolicy: IfNotPresent
-            envFrom: &envFrom
-              - secretRef:
-                  name: lidarr-secret
+          secret.reloader.stakater.com/reload: lidarr-db-secret
        containers:
          app:
            image:
@@ -55,9 +46,9 @@ spec:
              tag: 2.9.0.4506@sha256:192f559e751fa123b752073beb4e840bd9c019825dd09a36beaa128cb7bc07e8
            env:
              TZ: "${TIMEZONE}"
-              LIDARR__INSTANCE_NAME: Lidarr
-              LIDARR__PORT: &port 8080
-              LIDARR__LOG_LEVEL: info
+              LIDARR__APP__INSTANCENAME: Lidarr
+              LIDARR__SERVER__PORT: &port 8080
+              LIDARR__LOG__LEVEL: info
              PUSHOVER_APP_URL: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
              PUSHOVER_PRIORITY: "0"
            envFrom:
@@ -78,13 +69,13 @@ spec:
    ingress:
      app:
        enabled: true
-        className: nginx
+        className: internal
        annotations:
-          # nginx.ingress.kubernetes.io/auth-method: GET
-          # nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
-          # nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
-          # nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
-          # nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
+          nginx.ingress.kubernetes.io/auth-method: GET
+          nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
+          nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
+          nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
+          nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
          hajimari.io/icon: mdi:headphones
        hosts:
          - host: *host
@@ -117,7 +108,7 @@ spec:
      scripts:
        type: configMap
        name: lidarr-pushover
-        defaultMode: 0775
+        defaultMode: 0775 # trunk-ignore(yamllint/octal-values)
        globalMounts:
          - path: /scripts/pushover-notify.sh
            subPath: pushover-notify.sh
--- a/kubernetes/apps/default/lidarr/ks.yaml
+++ b/kubernetes/apps/default/lidarr/ks.yaml
@@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
@@ -12,6 +12,7 @@ spec:
      app.kubernetes.io/name: *app

  dependsOn:
+    - name: crunchy-postgres-operator-cluster
    - name: external-secrets-stores
    - name: rook-ceph-cluster
    - name: volsync