shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

new talos cluster

Browse Source
This commit is contained in:
auricom
2022-11-19 04:47:32 +01:00
parent 42346bd99b
commit 4ac38f95e9
548 changed files with 1642 additions and 2331 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
kubernetes/cluster-0/apps/media-automation/bazarr/helm-release.yaml Normal file
View File

@@ -0,0 +1,80 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: &app bazarr
namespace: default
spec:
interval: 15m
chart:
spec:
chart: app-template
version: 1.0.1
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
install:
createNamespace: true
remediation:
retries: 5
upgrade:
remediation:
retries: 5
values:
image:
repository: ghcr.io/onedr0p/bazarr
tag: 1.1.2@sha256:0089b1c62241ea61a3d020cbd82dcfb3fd7b6b97e6e9d58fcdfd90b779b47193
env:
TZ: "${TIMEZONE}"
envFrom:
- secretRef:
name: *app
service:
main:
ports:
http:
port: 6767
ingress:
main:
enabled: true
ingressClassName: "nginx"
annotations:
auth.home.arpa/enabled: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Accept-Encoding "";
sub_filter '</head>' '<link rel="stylesheet" type="text/css" href="https://theme-park.${SECRET_CLUSTER_DOMAIN}/css/base/bazarr/nord.css"></head>';
sub_filter_once on;
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
podSecurityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: "OnRootMismatch"
supplementalGroups:
- 100
persistence:
config:
enabled: true
existingClaim: bazarr-config
video:
enabled: true
type: nfs
server: "${LOCAL_LAN_TRUENAS}"
path: /mnt/storage/video
mountPath: /mnt/storage/video
podAnnotations:
secret.reloader.stakater.com/reload: *app
resources:
requests:
cpu: 23m
memory: 204M
limits:
memory: 1Gi

8
kubernetes/cluster-0/apps/media-automation/bazarr/kustomization.yaml Normal file
View File

@@ -0,0 +1,8 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: default
resources:
- secret.sops.yaml
- volume.yaml
- helm-release.yaml

29
kubernetes/cluster-0/apps/media-automation/bazarr/secret.sops.yaml Normal file
View File

@@ -0,0 +1,29 @@
# yamllint disable
apiVersion: v1
kind: Secret
metadata:
name: bazarr
namespace: default
type: Opaque
stringData:
BAZARR__API_KEY: ENC[AES256_GCM,data:JP0q+GSWGKQsAWAL+vOpJUzWVNcG6ncjHxiZ8vplk1o=,iv:rUxiwvF1kyTX9SHrAMmml9lmbKhRqXYYFZ2djWlUsaU=,tag:xSPaQCULmLvFy08QgCV1kQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJaU16anJNV2pBZmxPR3h2
bWREUnpjcTFvd05ZQ2E4VVBDdm1FL2k4WEYwCkdQSStTNWtpdjNkUW51WS9MekdC
VkpTUUFjSjY2a1JMOUtqOVh5M0JRR2sKLS0tIDRmcWpJSEVvaUp4U1lsaTZYZGNw
OGVKWU0zNUZJSFh4aFJxQWFsYm1VeFkKaDeI/hl7z0Qh8t5W39Kxu9ert1dt4xo+
LX+MjpVqxiZNcfwROD4bkWeQSN+VsxoGOOyj4L15BlggNnlg+L7Hww==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-09-15T04:37:34Z"
mac: ENC[AES256_GCM,data:8NbT9oTRIKRY/GlyeasQGaQpypHoa7HJtzTf7QX3sn8sN0eQoH9H8nZMcwGm9yS1YzOti8MugQVfkkQiwp6nknY7Xk93tyZ8UO9IOo1SybI12WnaYuXf0CUfGVpv9Fsisc0DHonnxTgsymkJDYqXZgJP9L8JwiNeZx6jtCoaO0I=,iv:AfNP3QP5iK9Jx0Juey/EpIdQNZL2VNyjJLmQxO4AV7w=,tag:3dfYfYElHQk/KTQ6AwUB8A==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.7.3

17
kubernetes/cluster-0/apps/media-automation/bazarr/volume.yaml Normal file
View File

@@ -0,0 +1,17 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: bazarr-config
namespace: default
labels:
app.kubernetes.io/name: &name bazarr
app.kubernetes.io/instance: *name
snapshot.home.arpa/enabled: "true"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: rook-ceph-block

69
kubernetes/cluster-0/apps/media-automation/jellyseerr/helm-release.yaml Normal file
View File

@@ -0,0 +1,69 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: &app jellyseerr
namespace: default
spec:
interval: 15m
chart:
spec:
chart: app-template
version: 1.0.1
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
install:
createNamespace: true
remediation:
retries: 5
upgrade:
remediation:
retries: 5
values:
image:
repository: docker.io/fallenbagel/jellyseerr
tag: 1.2.1
env:
TZ: "${TIMEZONE}"
LOG_LEVEL: "info"
PORT: &port 80
service:
main:
ports:
http:
port: *port
ingress:
main:
enabled: true
ingressClassName: "nginx"
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
paths:
- path: /
pathType: Prefix
- host: &host2 "requests.${SECRET_CLUSTER_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
- *host2
podSecurityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: "OnRootMismatch"
persistence:
config:
enabled: true
existingClaim: jellyseerr-config
mountPath: /app/config
resources:
requests:
cpu: 10m
memory: 250Mi
limits:
memory: 500Mi

7
kubernetes/cluster-0/apps/media-automation/jellyseerr/kustomization.yaml Normal file
View File

@@ -0,0 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: default
resources:
- volume.yaml
- helm-release.yaml

17
kubernetes/cluster-0/apps/media-automation/jellyseerr/volume.yaml Normal file
View File

@@ -0,0 +1,17 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jellyseerr-config
namespace: default
labels:
app.kubernetes.io/name: &name jellyseerr
app.kubernetes.io/instance: *name
snapshot.home.arpa/enabled: "true"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: rook-ceph-block

14
kubernetes/cluster-0/apps/media-automation/kustomization.yaml Normal file
View File

@@ -0,0 +1,14 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: default
resources:
- bazarr
- jellyseerr
- lidarr
- music-transcode
- prowlarr
- radarr
- readarr
- recyclarr
- sonarr

90
kubernetes/cluster-0/apps/media-automation/lidarr/helm-release.yaml Normal file
View File

@@ -0,0 +1,90 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: &app lidarr
namespace: default
spec:
interval: 15m
chart:
spec:
chart: app-template
version: 1.0.1
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
install:
createNamespace: true
remediation:
retries: 5
upgrade:
remediation:
retries: 5
values:
image:
repository: ghcr.io/onedr0p/lidarr-develop
tag: 1.1.0.2649@sha256:d0bd888a5213af6eb7e22cf034fd900f66d9e41c14c57e9b82ba4522465adcd2
env:
TZ: "${TIMEZONE}"
LIDARR__INSTANCE_NAME: Lidarr
LIDARR__PORT: &port 80
LIDARR__LOG_LEVEL: info
envFrom:
- secretRef:
name: *app
service:
main:
ports:
http:
port: *port
ingress:
main:
enabled: true
ingressClassName: "nginx"
annotations:
auth.home.arpa/enabled: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Accept-Encoding "";
sub_filter '</head>' '<link rel="stylesheet" type="text/css" href="https://theme-park.${SECRET_CLUSTER_DOMAIN}/css/base/lidarr/nord.css"></head>';
sub_filter_once on;
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
podSecurityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: "OnRootMismatch"
supplementalGroups:
- 100
persistence:
config:
enabled: true
existingClaim: lidarr-config
mountPath: /config
music:
enabled: true
type: nfs
server: "${LOCAL_LAN_TRUENAS}"
path: /mnt/storage/music
mountPath: /mnt/storage/music
downloads:
enabled: true
type: nfs
server: "${LOCAL_LAN_TRUENAS}"
path: /mnt/storage/downloads
mountPath: /mnt/storage/downloads
podAnnotations:
secret.reloader.stakater.com/reload: *app
resources:
requests:
cpu: 10m
memory: 250Mi
limits:
memory: 2000Mi

7
kubernetes/cluster-0/apps/media-automation/lidarr/kustomization.yaml Normal file
View File

@@ -0,0 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- volume.yaml
- secret.sops.yaml
- helm-release.yaml

29
kubernetes/cluster-0/apps/media-automation/lidarr/secret.sops.yaml Normal file
View File

@@ -0,0 +1,29 @@
# yamllint disable
apiVersion: v1
kind: Secret
metadata:
name: lidarr
namespace: default
type: Opaque
stringData:
LIDARR__API_KEY: ENC[AES256_GCM,data:DuE9DXc6hYZn1mL5BPuvzFY94SKHnm0Q5UtFiHYre0g=,iv:5/PWpqpeKBK6eqzQ8/1b14m8c+ZiVfpDfzE/mm0FITE=,tag:P6aRHxO6cmduylFvNOgxDg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3dDVhQnh6WHlrSU1DVndU
VGRXdUtLUjQxT21rUHQ3YmtsMllYQWlLRkVVCmM2VVNqTFZrLyswSllPR3ZNaVM3
S21SQ01Wei9PU1FJU2h3NzBEQVdKNEUKLS0tIHhXandQa2xiUFZLRDFxaVZveGRV
T21JelR0V0Q0NlJidTZhV3JkbTlkc0kKHsDVi+zO23YBslrf+MXhLfNF5U+AQvMv
L6kCzz+h1RmLrleC/8cJ9/n4wo1FZZqGXFZHAjLTRGESA7ccWc+DSw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-09-15T03:56:24Z"
mac: ENC[AES256_GCM,data:tDosIpLi/N/8NAsVctp4zTyIQlcQt+JnJpyp+J1dsSFG4ERAwpe9taD3VUwlMim2VccRKUtnEgES3H66sFB9iAhuf/txMbNTd22DWauBiFMoqPjAU8GyvPgwFdWjSSW71CrOLjOlpdMUxV3DKjLjwQDQ/aRJ/oqxNeV90KcU/BU=,iv:3bmvzERWc8u/7sEwlmbEozPmR4gwnemzmF7YkIMDcc4=,tag:RVA4y7nz5MaWXgRJWWhPzA==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.7.3

17
kubernetes/cluster-0/apps/media-automation/lidarr/volume.yaml Normal file
View File

@@ -0,0 +1,17 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: lidarr-config
namespace: default
labels:
app.kubernetes.io/name: &name lidarr
app.kubernetes.io/instance: *name
snapshot.home.arpa/enabled: "true"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
storageClassName: rook-ceph-block

64
kubernetes/cluster-0/apps/media-automation/music-transcode/cronjob.yaml Normal file
View File

@@ -0,0 +1,64 @@
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: music-transcode
namespace: default
spec:
schedule: "0 2 * * *"
suspend: true
concurrencyPolicy: "Forbid"
successfulJobsHistoryLimit: 3
failedJobsHistoryLimit: 5
jobTemplate:
spec:
backoffLimit: 3
ttlSecondsAfterFinished: 300
template:
spec:
automountServiceAccountToken: false
restartPolicy: OnFailure
initContainers:
containers:
- name: transcode-incremental
image: ghcr.io/auricom/freac:1.1.6@sha256:596e72016ca4fea9767a68377722694c5005a4eec6e1400a5d1119160481656b
imagePullPolicy: IfNotPresent
env:
- name: TRANSCODE_INPUT_DIR
value: /mnt/music/
- name: TRANSCODE_OUTPUT_DIR
value: /mnt/music_transcoded/
- name: TRANSCODE_FREAC_BIN
value: /app/freaccmd
command:
- "/bin/bash"
- "-c"
- |
#!/bin/bash
HEALTHCHECKS=true
curl --location raw.githubusercontent.com/auricom/home-ops/main/scripts/transcode_music/transcode.bash --output /tmp/transcode.bash
chmod a+x /tmp/transcode.bash
curl --location raw.githubusercontent.com/auricom/home-ops/main/scripts/transcode_music/transcode_exclude.cfg --output /tmp/transcode_exclude.cfg
cd /tmp
./transcode.bash -c
test $? -ne 0 && HEALTHCHECKS=false
./transcode.bash -r
test $? -ne 0 && HEALTHCHECK=false
test FLAG && curl -m 10 --retry 5 http://healthchecks.default.svc.cluster.local.:/ping/${SECRET_HEALTHCHECKS_PING_KEY}/k3s-transcode-music
volumeMounts:
- name: music-transcoded
mountPath: /mnt/music_transcoded
- name: music
mountPath: /mnt/music
volumes:
- name: music-transcoded
nfs:
server: "${LOCAL_LAN_TRUENAS}"
path: /mnt/music_transcoded
- name: music
nfs:
server: "${LOCAL_LAN_TRUENAS}"
path: /mnt/storage/music

5
kubernetes/cluster-0/apps/media-automation/music-transcode/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cronjob.yaml

75
kubernetes/cluster-0/apps/media-automation/prowlarr/helm-release.yaml Normal file
View File

@@ -0,0 +1,75 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: &app prowlarr
namespace: default
spec:
interval: 15m
chart:
spec:
chart: app-template
version: 1.0.1
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
install:
createNamespace: true
remediation:
retries: 5
upgrade:
remediation:
retries: 5
values:
image:
repository: ghcr.io/onedr0p/prowlarr-nightly
tag: 0.4.10.2086@sha256:5c772a00fd925ee590231f62ad12557c5d1b40f25da964ff282dcbafdc14d2ad
env:
TZ: "${TIMEZONE}"
PROWLARR__INSTANCE_NAME: Prowlarr
PROWLARR__PORT: &port 80
PROWLARR__LOG_LEVEL: info
envFrom:
- secretRef:
name: *app
service:
main:
ports:
http:
port: *port
ingress:
main:
enabled: true
ingressClassName: "nginx"
annotations:
auth.home.arpa/enabled: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Accept-Encoding "";
sub_filter '</head>' '<link rel="stylesheet" type="text/css" href="https://theme-park.${SECRET_CLUSTER_DOMAIN}/css/base/prowlarr/nord.css"></head>';
sub_filter_once on;
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
podSecurityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: "OnRootMismatch"
persistence:
config:
enabled: true
existingClaim: prowlarr-config
podAnnotations:
secret.reloader.stakater.com/reload: *app
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
memory: 500Mi

7
kubernetes/cluster-0/apps/media-automation/prowlarr/kustomization.yaml Normal file
View File

@@ -0,0 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- volume.yaml
- secret.sops.yaml
- helm-release.yaml

29
kubernetes/cluster-0/apps/media-automation/prowlarr/secret.sops.yaml Normal file
View File

@@ -0,0 +1,29 @@
# yamllint disable
apiVersion: v1
kind: Secret
metadata:
name: prowlarr
namespace: default
type: Opaque
stringData:
PROWLARR__API_KEY: ENC[AES256_GCM,data:wHw+BL6aLWhVecJ2Pr0qEtdI6VIK3kG0Xa75WWgKy5g=,iv:TclbMhXHpV66KX5Pf8J0JUun2NfRYYFpENUfw3WFKUU=,tag:IntUJuSu7mExXZAyT1daqw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkaC9OUGczTHBOSmtHT3Q5
Z0dsQWc3TCs1N2lPbWtOWU5jVW5SaHJ5Sm4wClRldUlHTnJOVGMyVUI4T0F1Snd0
TmY1N3RQUFIyTkd4OWg1VGtCOVBoSXcKLS0tIDJWdGI1S0hPVEN0UTF5OVZINll2
cFg3Y2RVMjNGSUo4YTNHcUJwTFBhcUEKdDUnJq4rf8fxsHm+Ftt7kHdIKkvnj9Sv
kHrE4pYYDOzY19GUHuRlhRWXZxsymgfEEb162C3IWRek/AP9njYzHQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-09-15T04:02:46Z"
mac: ENC[AES256_GCM,data:U4eOLJRlSshwVbJyECusFoYeLP+HZUsAEDXj8Tur/8f43oe4zIChfND+h8yG8c7hLir9rhGy9rDfb7fGHV5gL+v2FSoC2m/YYU+V9gJmFAUzg6c+4TR+3EOQdsuNGqkcsA/SVts08W+9K501VsaOXujMVzoZvtGYxqjIDZHhmBE=,iv:OLMzqFKB38FFYslh4KSLtrDKDeK4wc9NN3li31YNsrk=,tag:vyXftB8iKCY3Z27bZ3fQPw==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.7.3

17
kubernetes/cluster-0/apps/media-automation/prowlarr/volume.yaml Normal file
View File

@@ -0,0 +1,17 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: prowlarr-config
namespace: default
labels:
app.kubernetes.io/name: &name prowlarr
app.kubernetes.io/instance: *name
snapshot.home.arpa/enabled: "true"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: rook-ceph-block

102
kubernetes/cluster-0/apps/media-automation/radarr/helm-release.yaml Normal file
View File

@@ -0,0 +1,102 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: &app radarr
namespace: default
spec:
interval: 15m
chart:
spec:
chart: app-template
version: 1.0.1
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
install:
createNamespace: true
remediation:
retries: 5
upgrade:
remediation:
retries: 5
values:
image:
repository: ghcr.io/onedr0p/radarr-develop
tag: 4.3.0.6671@sha256:fe42cc40dc92d9710fa03e5f5874baaeb72351c4c278a890b89c8413958323c6
env:
TZ: "${TIMEZONE}"
PUSHOVER_DEBUG: "false"
PUSHOVER_APP_URL: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
RADARR__INSTANCE_NAME: Radarr
RADARR__PORT: &port 80
RADARR__APPLICATION_URL: "https://{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
RADARR__LOG_LEVEL: info
envFrom:
- secretRef:
name: *app
service:
main:
ports:
http:
port: *port
ingress:
main:
enabled: true
ingressClassName: "nginx"
annotations:
auth.home.arpa/enabled: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Accept-Encoding "";
sub_filter '</head>' '<link rel="stylesheet" type="text/css" href="https://theme-park.${SECRET_CLUSTER_DOMAIN}/css/base/radarr/nord.css"></head>';
sub_filter_once on;
hosts:
- host: *host
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
podSecurityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: "OnRootMismatch"
supplementalGroups:
- 100
persistence:
config:
enabled: true
existingClaim: radarr-config
mountPath: /config
downloads:
enabled: true
type: nfs
server: "${LOCAL_LAN_TRUENAS}"
path: /mnt/storage/downloads
mountPath: /mnt/storage/downloads
video:
enabled: true
type: nfs
server: "${LOCAL_LAN_TRUENAS}"
path: /mnt/storage/video
mountPath: /mnt/storage/video
scripts:
enabled: true
type: configMap
name: radarr-pushover
subPath: pushover-notify.sh
mountPath: /scripts/pushover-notify.sh
defaultMode: 0775
readOnly: true
podAnnotations:
configmap.reloader.stakater.com/reload: radarr-pushover
secret.reloader.stakater.com/reload: *app
resources:
requests:
cpu: 500m
memory: 500Mi
limits:
memory: 2000Mi

16
kubernetes/cluster-0/apps/media-automation/radarr/kustomization.yaml Normal file
View File

@@ -0,0 +1,16 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: default
resources:
- secret.sops.yaml
- volume.yaml
- helm-release.yaml
configMapGenerator:
- name: radarr-pushover
files:
- ./scripts/pushover-notify.sh
generatorOptions:
disableNameSuffixHash: true
annotations:
kustomize.toolkit.fluxcd.io/substitute: disabled

105
kubernetes/cluster-0/apps/media-automation/radarr/scripts/pushover-notify.sh Executable file
View File

@@ -0,0 +1,105 @@
#!/usr/bin/env bash
PUSHOVER_DEBUG="${PUSHOVER_DEBUG:-"true"}"
# kubectl port-forward service/radarr -n default 7878:7878
# export PUSHOVER_STARR_INSTANCE_NAME=Radarr;
# export PUSHOVER_APP_URL="";
# export PUSHOVER_TOKEN="";
# export PUSHOVER_USER_KEY="";
# export radarr_eventtype=Download;
# ./notify.sh
CONFIG_FILE="/config/config.xml" && [[ "${PUSHOVER_DEBUG}" == "true" ]] && CONFIG_FILE="config.xml"
ERRORS=()
#
# Discoverable variables
#
# shellcheck disable=SC2086
PUSHOVER_STARR_PORT="$(xmlstarlet sel -t -v "//Port" -nl ${CONFIG_FILE})" && [[ -z "${PUSHOVER_STARR_PORT}" ]] && ERRORS+=("PUSHOVER_STARR_PORT not defined")
PUSHOVER_STARR_APIKEY="$(xmlstarlet sel -t -v "//ApiKey" -nl ${CONFIG_FILE})" && [[ -z "${PUSHOVER_STARR_APIKEY}" ]] && ERRORS+=("PUSHOVER_STARR_APIKEY not defined")
PUSHOVER_STARR_INSTANCE_NAME="$(xmlstarlet sel -t -v "//InstanceName" -nl ${CONFIG_FILE})" && [[ -z "${PUSHOVER_STARR_INSTANCE_NAME}" ]] && ERRORS+=("PUSHOVER_STARR_INSTANCE_NAME not defined")
#
# Configurable variables
#
# Required
PUSHOVER_APP_URL="${PUSHOVER_APP_URL:-}" && [[ -z "${PUSHOVER_APP_URL}" ]] && ERRORS+=("PUSHOVER_APP_URL not defined")
PUSHOVER_USER_KEY="${PUSHOVER_USER_KEY:-}" && [[ -z "${PUSHOVER_USER_KEY}" ]] && ERRORS+=("PUSHOVER_USER_KEY not defined")
PUSHOVER_TOKEN="${PUSHOVER_TOKEN:-}" && [[ -z "${PUSHOVER_TOKEN}" ]] && ERRORS+=("PUSHOVER_TOKEN not defined")
# Optional
PUSHOVER_DEVICE="${PUSHOVER_DEVICE:-}"
PUSHOVER_PRIORITY="${PUSHOVER_PRIORITY:-"-2"}"
PUSHOVER_SOUND="${PUSHOVER_SOUND:-}"
#
# Print defined variables
#
for pushover_vars in ${!PUSHOVER_*}
do
declare -n var="${pushover_vars}"
[[ -n "${var}" && "${PUSHOVER_DEBUG}" = "true" ]] && printf "%s - %s=%s\n" "$(date)" "${!var}" "${var}"
done
#
# Validate required variables are set
#
if [ ${#ERRORS[@]} -gt 0 ]; then
for err in "${ERRORS[@]}"; do printf "%s - Undefined variable %s\n" "$(date)" "${err}" >&2; done
exit 1
fi
#
# Send Notification on Test
#
if [[ "${radarr_eventtype:-}" == "Test" ]]; then
PUSHOVER_TITLE="Test Notification"
PUSHOVER_MESSAGE="Howdy this is a test notification from ${PUSHOVER_STARR_INSTANCE_NAME}"
fi
#
# Send notification on Download or Upgrade
#
if [[ "${radarr_eventtype:-}" == "Download" ]]; then
printf -v PUSHOVER_TITLE "%s (%s) [%s]" \
"${radarr_movie_title:-"The Lord of the Rings: The Return of the King"}" \
"${radarr_movie_year:-"2003"}" \
"${radarr_moviefile_quality:-"Bluray-1080p"}"
printf -v PUSHOVER_MESSAGE "%s" \
"$(curl --silent --header "X-Api-Key:${PUSHOVER_STARR_APIKEY}" "http://localhost:${PUSHOVER_STARR_PORT}/api/v3/movie/${radarr_movie_id:-"2619"}" \
| jq -r ".overview")"
printf -v PUSHOVER_URL "https://%s/movie/%s" \
"${PUSHOVER_APP_URL}" \
"${radarr_movie_tmdbid:-"122"}"
printf -v PUSHOVER_URL_TITLE "View movie in %s" \
"${PUSHOVER_STARR_INSTANCE_NAME}"
fi
notification=$(jq -n \
--arg token "${PUSHOVER_TOKEN}" \
--arg user "${PUSHOVER_USER_KEY}" \
--arg title "${PUSHOVER_TITLE}" \
--arg message "${PUSHOVER_MESSAGE:-"Unable to obtain plot summary"}" \
--arg url "${PUSHOVER_URL}" \
--arg url_title "${PUSHOVER_URL_TITLE}" \
--arg priority "${PUSHOVER_PRIORITY}" \
--arg sound "${PUSHOVER_SOUND}" \
--arg device "${PUSHOVER_DEVICE}" \
'{token: $token, user: $user, title: $title, message: $message, url: $url, url_title: $url_title, priority: $priority, sound: $sound, device: $device}' \
)
status_code=$(curl \
--write-out "%{http_code}" \
--silent \
--output /dev/null \
--header "Content-Type: application/json" \
--data-binary "${notification}" \
--request POST "https://api.pushover.net/1/messages.json" \
)
if [[ "${status_code}" -ne 200 ]] ; then
printf "%s - Unable to send notification with status code %s and payload: %s\n" "$(date)" "${status_code}" "$(echo "${notification}" | jq -c)" >&2
exit 1
else
printf "%s - Sent notification with status code %s and payload: %s\n" "$(date)" "${status_code}" "$(echo "${notification}" | jq -c)"
fi

31
kubernetes/cluster-0/apps/media-automation/radarr/secret.sops.yaml Normal file
View File

@@ -0,0 +1,31 @@
# yamllint disable
apiVersion: v1
kind: Secret
metadata:
name: radarr
namespace: default
type: Opaque
stringData:
PUSHOVER_TOKEN: ENC[AES256_GCM,data:lhRZiBDtUEYQUFh5JkbzToDGjxshew/6NCGTvLgU,iv:0p1ITxTMSSrKy63eGOsX9/cKGxAsDhg7W+pgOyTIp30=,tag:6okXUgaHq134hQAb5Vf09Q==,type:str]
PUSHOVER_USER_KEY: ENC[AES256_GCM,data:9GOEKsbOEP+d9XzDjanfuNehROa9tJrArdCX6uvy,iv:3IFKbkFs5X2T+HrnwFZImf123jp4nWnafJOy1RFqMtY=,tag:XmnqhAk9oSLSSHi5OYtjEw==,type:str]
RADARR__API_KEY: ENC[AES256_GCM,data:451DYlNmSDGoHNeiK7+MyTsI26CoICs/isxiWFcpPJo=,iv:1HGC0TgKcL6ShlMgYwx/WSvOG5SFprG/sgmi6lQOvNU=,tag:uPX3JggXwXrNp7qhetG/Mw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJaU16anJNV2pBZmxPR3h2
bWREUnpjcTFvd05ZQ2E4VVBDdm1FL2k4WEYwCkdQSStTNWtpdjNkUW51WS9MekdC
VkpTUUFjSjY2a1JMOUtqOVh5M0JRR2sKLS0tIDRmcWpJSEVvaUp4U1lsaTZYZGNw
OGVKWU0zNUZJSFh4aFJxQWFsYm1VeFkKaDeI/hl7z0Qh8t5W39Kxu9ert1dt4xo+
LX+MjpVqxiZNcfwROD4bkWeQSN+VsxoGOOyj4L15BlggNnlg+L7Hww==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-09-15T04:09:09Z"
mac: ENC[AES256_GCM,data:O3b3cHpmP2MFjNo2xN+pCm99b8QZoF0XAMVkWLwWf+vMRTnj7f7cCmvqsbfESZzNLUA7n1OUvTXPO2YtavGovy1F1iS98xYDCI/WLRUJTXwOGxqOVnXrFyqD/lE71pANJWFa0Q6GAtNjhl6k6KST1wAmZQCkYlPWQgMXmipOb6s=,iv:ejZ4wuXuUTodyl8wbetG+CcPNGfBaiAu9HNTof7cgm0=,tag:j7kv5V7GsItkjVKyK7GDuw==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.7.3

17
kubernetes/cluster-0/apps/media-automation/radarr/volume.yaml Normal file
View File

@@ -0,0 +1,17 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: radarr-config
namespace: default
labels:
app.kubernetes.io/name: &name radarr
app.kubernetes.io/instance: *name
snapshot.home.arpa/enabled: "true"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
storageClassName: rook-ceph-block

90
kubernetes/cluster-0/apps/media-automation/readarr/helm-release.yaml Normal file
View File

@@ -0,0 +1,90 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: &app readarr
namespace: default
spec:
interval: 15m
chart:
spec:
chart: app-template
version: 1.0.1
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
install:
createNamespace: true
remediation:
retries: 5
upgrade:
remediation:
retries: 5
values:
image:
repository: ghcr.io/onedr0p/readarr-nightly
tag: 0.1.1.1459@sha256:67241b71406e3a69a0463d56ccc4f7857096c1f16120a2576d2ddc0c23f572c7
env:
TZ: "${TIMEZONE}"
READARR__INSTANCE_NAME: Readarr (Audio)
READARR__PORT: &port 80
READARR__LOG_LEVEL: info
envFrom:
- secretRef:
name: *app
service:
main:
ports:
http:
port: *port
ingress:
main:
enabled: true
ingressClassName: "nginx"
annotations:
auth.home.arpa/enabled: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |-
proxy_set_header Accept-Encoding "";
sub_filter '</head>' '<link rel="stylesheet" type="text/css" href="https://theme-park.${SECRET_CLUSTER_DOMAIN}/css/base/readarr/nord.css"></head>';
sub_filter_once on;
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
podSecurityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: "OnRootMismatch"
supplementalGroups:
- 100
persistence:
config:
enabled: true
existingClaim: readarr-config
mountPath: /config
books:
enabled: true
type: nfs
server: "${LOCAL_LAN_TRUENAS}"
path: /mnt/storage/home/claude/books
mountPath: /mnt/storage/home/claude/books
downloads:
enabled: true
type: nfs
server: "${LOCAL_LAN_TRUENAS}"
path: /mnt/storage/downloads
mountPath: /mnt/storage/downloads
podAnnotations:
secret.reloader.stakater.com/reload: *app
resources:
requests:
cpu: 10m
memory: 250Mi
limits:
memory: 1000Mi

7
kubernetes/cluster-0/apps/media-automation/readarr/kustomization.yaml Normal file
View File

@@ -0,0 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- volume.yaml
- secret.sops.yaml
- helm-release.yaml

29
kubernetes/cluster-0/apps/media-automation/readarr/secret.sops.yaml Normal file
View File

@@ -0,0 +1,29 @@
# yamllint disable
apiVersion: v1
kind: Secret
metadata:
name: readarr
namespace: default
type: Opaque
stringData:
READARR__API_KEY: ENC[AES256_GCM,data:Vx735p7czaTKQVxQfUkkX22QN+mza1ms/Ob/qeYqNPk=,iv:AMLS+5V6+22R7IULKEyac4eEXd8yzh+qF/TO9xpbTII=,tag:KG5OWB4SYc1evdJ8Trn2NQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJaHh2UDcvUnF1eHJXWXMv
a1JQaXJYZi9MTmx3OHZ5bmVLVjVsekFyZERNCjdjVk5wb3U1bjROeE5kM1JXRVZi
QTJIeTMzUDZDWnF2c0NMRm1YUS95Q28KLS0tIGJPdzJLSzJEMGpuQTIwRHYvNmR0
WU1mNWFQTE1uU0JiOU9CVmFsWXlHRDgKgTLlh8lIOxTDBpHT1kfCerY0KQL96UU7
gTqR0QIxjJ1qf+KLyKAEonHtNMb1mg/eJUBPeFfhuu3HE6T9bsAIFA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-09-15T04:12:05Z"
mac: ENC[AES256_GCM,data:T/nPAUI8PP6vq8uMCefTpbKCVr747HGmLxBhVw1sWhfb6KylYj8JIRRfT4IEoPQlEcXO9ar72nEYj0AogRJJ3pf/17x3NTd0Qg8F1Xy0ZLAS5g0EHjAYBlG9FJ+2D+7qD3Clej5uWW3oXWlCZcAVYv0vjd4efuKDvyDLNzvopIk=,iv:Uj91JlLiC6Ck+e/7afPUfetc2zyThB2Nk5bi6Oc4Skg=,tag:xvwCp/8WT5EBSTMZ643Ylg==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.7.3

17
kubernetes/cluster-0/apps/media-automation/readarr/volume.yaml Normal file
View File

@@ -0,0 +1,17 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: readarr-config
namespace: default
labels:
app.kubernetes.io/name: &name readarr
app.kubernetes.io/instance: *name
snapshot.home.arpa/enabled: "true"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: rook-ceph-block

160
kubernetes/cluster-0/apps/media-automation/recyclarr/config/recyclarr.yaml Normal file
View File

@@ -0,0 +1,160 @@
---
# A starter config to use with Trash Updater. Most values are set to "reasonable defaults".
# Update the values below as needed for your instance. You will be required to update the
# API Key and URL for each instance you want to use.
#
# Many optional settings have been omitted to keep this template simple.
#
# For more details on the configuration, see the Configuration Reference on the wiki here:
# https://github.com/rcdailey/trash-updater/wiki/Configuration-Reference
sonarr:
- base_url: http://sonarr
api_key: ${SONARR_APIKEY}
quality_definition: hybrid
delete_old_custom_formats: true
custom_formats:
- trash_ids:
# Streaming Services
- d660701077794679fd59e8bdf4ce3a29 # AMZN
- f67c9ca88f463a48346062e8ad07713f # ATVP
- 36b72f59f4ea20aad9316f475f2d9fbb # DCU
- 89358767a60cc28783cdc3d0be9388a4 # DSNP
- 7a235133c87f7da4c8cccceca7e3c7a6 # HBO
- a880d6abc21e7c16884f3ae393f84179 # HMAX
- f6cce30f1733d5c8194222a7507909bb # HULU
- 0ac24a2a68a9700bcb7eeca8e5cd644c # iT
- d34870697c9db575f17700212167be23 # NF
- 1656adc6d7bb2c8cca6acfb6592db421 # PCOK
- c67a75ae4a1715f2bb4d492755ba4195 # PMTP
- 3ac5d84fce98bab1b531393e9c82f467 # QIBI
- c30d2958827d1867c73318a5a2957eb1 # RED
- ae58039e1319178e6be73caab5c42166 # SHO
# Allowed Scene groups and tiered P2P groups
- d0c516558625b04b363fa6c5c2c7cfd4 # WEB Scene (allowed Scene groups)
- e6258996055b9fbab7e9cb2f75819294 # WEB Tier 01
- 58790d4e2fdcd9733aa7ae68ba2bb503 # WEB Tier 02
- d84935abd3f8556dcd51d4f27e22d0a6 # WEB Tier 03
# Repacks / Propers
- ec8fa7296b64e8cd390a1600981f3923 # Repack/Proper
- eb3d5cc0a2be0db205fb823640db6a3c # Repack v2
- 44e7c4de10ae50265753082e5dc76047 # Repack v3
# HDR Metadata
- 7878c33f1963fefb3d6c8657d46c2f0a # DV HDR10
- 1f733af03141f068a540eec352589a89 # DV HLG
- 27954b0a80aab882522a88a4d9eae1cd # DV SDR
- 6d0d8de7b57e35518ac0308b0ddf404e # DV
- bb019e1cd00f304f80971c965de064dc # HDR (undefined)
- 3e2c4e748b64a1a1118e0ea3f4cf6875 # HDR
- 3497799d29a085e2ac2df9d468413c94 # HDR10
- a3d82cbef5039f8d295478d28a887159 # HDR10+
- 17e889ce13117940092308f48b48b45b # HLG
- 2a7e3be05d3861d6df7171ec74cad727 # PQ
# Unwanted
- 32b367365729d530ca1c124a0b180c64 # Bad Dual Groups
- 85c61753df5da1fb2aab6f2a47426b09 # BR-DISK
- 9c14d194486c4014d422adc64092d794 # Dubs Only
- 9c11cd3f07101cdba90a2d81cf0e56b4 # LQ
- 82d40da2bc6923f41e14394075dd4b03 # No-RlsGroup
- e1a997ddb54e3ecbfe06341ad323c458 # Obfuscated
- 06d66ab109d4d2eddb2794d21526d140 # Retags
- 47435ece6b99a0b477caf360e79ba0bb # x265 (HD)
quality_profiles:
- name: Any
reset_unmatched_scores: true
- name: HD
reset_unmatched_scores: true
- name: SD
reset_unmatched_scores: true
radarr:
- base_url: http://radarr
api_key: ${RADARR_APIKEY}
delete_old_custom_formats: true
quality_definition:
type: movie
preferred_ratio: 0.5
custom_formats:
- trash_ids:
- ff5bc9e8ce91d46c997ca3ac6994d6f8 # UHD FraMeSToR (set to 0, 1 or 3200)
quality_profiles:
- name: Any
score: 1
- name: HD
score: 1
- name: Remux
score: 1
- trash_ids:
- 496f355514737f7d83bf7aa4d24f8169 # TrueHD Atmos
- 2f22d89048b01681dde8afe203bf2e95 # DTS X
- 417804f7f2c4308c1f4c5d380d4c4475 # ATMOS (undefined)
- 1af239278386be2919e1bcee0bde047e # DD+ Atmos
- 3cafb66171b47f226146a0770576870f # TrueHD
- dcf3ec6938fa32445f590a4da84256cd # DTS-HD MA
- a570d4a0e56a2874b64e5bfa55202a1b # FLAC
- e7c2fcae07cbada050a0af3357491d7b # PCM
- 8e109e50e0a0b83a5098b056e13bf6db # DTS-HD HRA
- 185f1dd7264c4562b9022d963ac37424 # DD+
- f9f847ac70a0af62ea4a08280b859636 # DTS-ES
- 1c1a4c5e823891c75bc50380a6866f73 # DTS
- 240770601cc226190c367ef59aba7463 # ACC
- c2998bd0d90ed5621d8df281e839436e # DD
- e23edd2482476e595fb990b12e7c609c # DV HDR10 HDR/DV Custom Formats
- 58d6a88f13e2db7f5059c41047876f00 # DV
- 55d53828b9d81cbe20b02efd00aa0efd # DV HLG HDR/DV Custom Formats
- a3e19f8f627608af0211acd02bf89735 # DV SDR HDR/DV Custom Formats
- b974a6cd08c1066250f1f177d7aa1225 # HDR10Plus
- dfb86d5941bc9075d6af23b09c2aeecd # HDR10
- e61e28db95d22bedcadf030b8f156d96 # HDR
- 2a4d9069cc1fe3242ff9bdaebed239bb # HDR (Undefined)
- 08d6d8834ad9ec87b1dc7ec8148e7a1f # PQ several HDR/DV Custom Formats
- 9364dd386c9b4a1100dde8264690add7 # HLG
- 0f12c086e289cf966fa5948eac571f44 # Hybrid
- 570bc9ebecd92723d2d21500f4be314c # Remaster
- eca37840c13c6ef2dd0262b141a5482f # 4K Remaster
- e0c07d59beb37348e975a930d5e50319 # Criterion Collection
- 957d0f44b592285f26449575e8b1167e # Special Edition
- eecf3a857724171f968a66cb5719e152 # IMAX
- 9f6cbff8cfe4ebbc1bde14c7b7bec0de # IMAX Enhanced
- 403f3f6266b90439cacc1e07cae4dc2d # HQ-Remux
- 26fa26253af4001701fedb56cec376dc # HQ-Webdl
- 66aaa8c2c03c0191a95f0d655b75ab10 # UHD CtrlHD
- 4da96773192a51cf96178212642ca3bb # UHD LEGi0N
- 96848626e1570c122aba8642fe2714a2 # UHD HQMUX
- ffebc267e9c98d3d383f37b238550079 # UHD W4NK3R
- ac49fdbf6a662d380556f40ff4856f29 # UHD WEBDV
- afeb99e5db09290546f742503ce1cdb6 # UHD DON
- e7718d7a3ce595f289bfee26adc178f5 # Repack
- ed38b889b31be83fda192888e2286d83 # BR-DISK -10000
- 90cedc1fea7ea5d11298bebd3d1d3223 # EVO (no WEBDL) -1000
- 90a6f9a284dff5103f6346090e6280c8 # LQ -10000
- b8cd450cbfa689c0259a01d9e29ba3d6 # 3D -10000
- 7357cf5161efbf8c4d5d0c30b4815ee2 # Obfuscated
- ae9b7c9ebde1f3bd336a8cbd1ec4c5e5 # No-RlsGroup removed do avoid multiple downloads
- dc98083864ea246d05a42df0d05f81cc # x265 (720/1080p)
quality_profiles:
- name: Any
reset_unmatched_scores: true
- name: HD
reset_unmatched_scores: true
- name: SD
reset_unmatched_scores: true
- trash_ids:
- 1c7d7b04b15cc53ea61204bebbcc1ee2 # HQ
quality_profiles:
- name: Any
score: 0
- name: HD
score: 0
- name: SD
score: 0
- trash_ids:
- 4b900e171accbfb172729b63323ea8ca # Optional: Multi
- 923b6abef9b17f937fab56cfcf89e1f1 # Optional: DV (WEBDL) without fallback to HDR, set to manual score 0 or -10000
quality_profiles:
- name: Any
score: 0
- name: HD
score: 0
- name: SD
score: 0

101
kubernetes/cluster-0/apps/media-automation/recyclarr/helm-release.yaml Normal file
View File

@@ -0,0 +1,101 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: &app recyclarr
namespace: &namespace default
spec:
interval: 15m
chart:
spec:
chart: raw
version: v0.3.1
sourceRef:
kind: HelmRepository
name: dysnix
namespace: flux-system
install:
createNamespace: true
remediation:
retries: 5
upgrade:
remediation:
retries: 5
dependsOn:
- name: sonarr
namespace: default
- name: radarr
namespace: default
values:
resources:
- apiVersion: batch/v1
kind: CronJob
metadata:
name: *app
namespace: *namespace
spec:
schedule: "@daily"
jobTemplate:
spec:
ttlSecondsAfterFinished: 86400
template:
spec:
automountServiceAccountToken: false
restartPolicy: OnFailure
initContainers:
- name: render-configs
image: ghcr.io/onedr0p/recyclarr:2.6.1@sha256:365025bc338e6941c40f8e7cb545a6847181ff3864cadda50583b46ce9994c87
envFrom:
- secretRef:
name: *app
command:
- "/bin/bash"
- -c
args:
- "envsubst < /config/recyclarr.yaml > /shared/recyclarr.yaml"
volumeMounts:
- name: config
mountPath: /config
- name: shared
mountPath: /shared
containers:
- name: sonarr
image: ghcr.io/onedr0p/recyclarr:2.6.1@sha256:365025bc338e6941c40f8e7cb545a6847181ff3864cadda50583b46ce9994c87
env:
- name: TZ
value: "${TIMEZONE}"
command:
- "/bin/bash"
- "-c"
- |
#!/bin/bash
/app/recyclarr sonarr --config /config/recyclarr.yaml && curl -fsS -m 10 --retry 5 -o /dev/null http://healthchecks.default.svc.cluster.local./ping/${SECRET_HEALTHCHECKS_PING_KEY}/k3s-recyclarr-sonarr
volumeMounts:
- name: shared
mountPath: /config/recyclarr.yaml
subPath: recyclarr.yaml
readOnly: true
- name: radarr
image: ghcr.io/onedr0p/recyclarr:2.6.1@sha256:365025bc338e6941c40f8e7cb545a6847181ff3864cadda50583b46ce9994c87
env:
- name: TZ
value: "${TIMEZONE}"
command:
- "/bin/bash"
- "-c"
- |
#!/bin/bash
/app/recyclarr radarr --config /config/recyclarr.yaml && curl -fsS -m 10 --retry 5 -o /dev/null http://healthchecks.default.svc.cluster.local./ping/${SECRET_HEALTHCHECKS_PING_KEY}/k3s-recyclarr-radarr
volumeMounts:
- name: shared
mountPath: /config/recyclarr.yaml
subPath: recyclarr.yaml
readOnly: true
volumes:
- name: config
configMap:
name: *app
- name: shared
emptyDir: {}

15
kubernetes/cluster-0/apps/media-automation/recyclarr/kustomization.yaml Normal file
View File

@@ -0,0 +1,15 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- secret.sops.yaml
- helm-release.yaml
namespace: default
configMapGenerator:
- name: recyclarr
files:
- config/recyclarr.yaml
generatorOptions:
disableNameSuffixHash: true
annotations:
kustomize.toolkit.fluxcd.io/substitute: disabled

30
kubernetes/cluster-0/apps/media-automation/recyclarr/secret.sops.yaml Normal file
View File

@@ -0,0 +1,30 @@
# yamllint disable
apiVersion: v1
kind: Secret
metadata:
name: recyclarr
namespace: default
type: Opaque
stringData:
RADARR_APIKEY: ENC[AES256_GCM,data:1QbSAMl0/rSOq3wPx8lkAkLGKlUzoSPQoYgSb5bh7kI=,iv:lhxNvMvl13E+a1PHViyhHZJ5w6ugr6YnR7to/d2m7w4=,tag:t4YYyJ9Nfsd5Ey19TyQ+4Q==,type:str]
SONARR_APIKEY: ENC[AES256_GCM,data:OfRJVHh/i8kp1C3DBvhVmBmu0cDMtotzVCBlqyo0Gms=,iv:2q2e/LIZvJHG3ensZSC14M06OH5rf8WF/C6dw8rLxLc=,tag:xuOIAoTOLoVdfmNZpxAUpg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWWEg2ZW0zS2VVWVBsMTgx
bVdydkN3aW5GSHczd2xod2owc2VwWVBLQUFRCnBmVGFvYmttVmFMaGNSeW9kTCtM
cEpSWm5tYkhZRGJhRUNIM0lKWStoS28KLS0tIE5pWHp1Tk0yTXlJYXNOWFNONmhz
Z0MvSzFZcU4zM3JZWDlNZ01KTW94emcKVNr7SDcNgGF/HoPk/qk72DCFUQm9mfdp
ZFdxh8Fe3eEoUKuqNyuMq9HIJJaYxj3vyHKer8f1pfiUdmKkBFTT3Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-09-15T04:13:16Z"
mac: ENC[AES256_GCM,data:R0HGv0eYumPHjSFF4yhqnv7MyEljF0S4LfDejz+v8gMlkffPXXdgG8JAedEVEGpbUC1tsc5e8X7QR69vZ6zt+LApyKKTOBG9i2gfhr986uexbmPuL1fMjT5eCI+Rddi8VSUWDTFPDI4YIKWowW1MSKLdV7KiSHUsPD2dwwQ8aJM=,iv:uNREYlkdZOxGZyU3LX0vW+GEkGPr2Uuzzx+jZrffJLw=,tag:cuT2n58cmStbLrgbwV6jOw==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.7.3

102
kubernetes/cluster-0/apps/media-automation/sonarr/helm-release.yaml Normal file
View File

@@ -0,0 +1,102 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: &app sonarr
namespace: default
spec:
interval: 15m
chart:
spec:
chart: app-template
version: 1.0.1
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
install:
createNamespace: true
remediation:
retries: 5
upgrade:
remediation:
retries: 5
values:
image:
repository: ghcr.io/onedr0p/sonarr-develop
tag: 4.0.0.151@sha256:780f96b9bc37e85e1aa9d123fa9e534e6c285df5da700a7613cf204c914c49af
env:
TZ: "${TIMEZONE}"
PUSHOVER_DEBUG: "false"
PUSHOVER_APP_URL: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
SONARR__INSTANCE_NAME: Sonarr
SONARR__PORT: &port 80
SONARR__APPLICATION_URL: "https://{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
SONARR__LOG_LEVEL: info
envFrom:
- secretRef:
name: *app
service:
main:
ports:
http:
port: *port
ingress:
main:
enabled: true
ingressClassName: "nginx"
annotations:
auth.home.arpa/enabled: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Accept-Encoding "";
sub_filter '</head>' '<link rel="stylesheet" type="text/css" href="https://theme-park.${SECRET_CLUSTER_DOMAIN}/css/base/sonarr/nord.css"></head>';
sub_filter_once on;
hosts:
- host: *host
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
podSecurityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: "OnRootMismatch"
supplementalGroups:
- 100
persistence:
config:
enabled: true
existingClaim: sonarr-config
mountPath: /config
downloads:
enabled: true
type: nfs
server: "${LOCAL_LAN_TRUENAS}"
path: /mnt/storage/downloads
mountPath: /mnt/storage/downloads
video:
enabled: true
type: nfs
server: "${LOCAL_LAN_TRUENAS}"
path: /mnt/storage/video
mountPath: /mnt/storage/video
scripts:
enabled: true
type: configMap
name: sonarr-pushover
subPath: pushover-notify.sh
mountPath: /scripts/pushover-notify.sh
defaultMode: 0775
readOnly: true
podAnnotations:
configmap.reloader.stakater.com/reload: sonarr-pushover
secret.reloader.stakater.com/reload: *app
resources:
requests:
cpu: 500m
memory: 500Mi
limits:
memory: 2000Mi

16
kubernetes/cluster-0/apps/media-automation/sonarr/kustomization.yaml Normal file
View File

@@ -0,0 +1,16 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: default
resources:
- secret.sops.yaml
- volume.yaml
- helm-release.yaml
configMapGenerator:
- name: sonarr-pushover
files:
- ./scripts/pushover-notify.sh
generatorOptions:
disableNameSuffixHash: true
annotations:
kustomize.toolkit.fluxcd.io/substitute: disabled

107
kubernetes/cluster-0/apps/media-automation/sonarr/scripts/pushover-notify.sh Executable file
View File

@@ -0,0 +1,107 @@
#!/usr/bin/env bash
PUSHOVER_DEBUG="${PUSHOVER_DEBUG:-"true"}"
# kubectl port-forward service/sonarr -n default 8989:8989
# export PUSHOVER_APP_URL="";
# export PUSHOVER_TOKEN="";
# export PUSHOVER_USER_KEY="";
# export sonarr_eventtype=Download;
# ./notify.sh
CONFIG_FILE="/config/config.xml" && [[ "${PUSHOVER_DEBUG}" == "true" ]] && CONFIG_FILE="config.xml"
ERRORS=()
#
# Discoverable variables
#
# shellcheck disable=SC2086
PUSHOVER_STARR_PORT="$(xmlstarlet sel -t -v "//Port" -nl ${CONFIG_FILE})" && [[ -z "${PUSHOVER_STARR_PORT}" ]] && ERRORS+=("PUSHOVER_STARR_PORT not defined")
PUSHOVER_STARR_APIKEY="$(xmlstarlet sel -t -v "//ApiKey" -nl ${CONFIG_FILE})" && [[ -z "${PUSHOVER_STARR_APIKEY}" ]] && ERRORS+=("PUSHOVER_STARR_APIKEY not defined")
PUSHOVER_STARR_INSTANCE_NAME="$(xmlstarlet sel -t -v "//InstanceName" -nl ${CONFIG_FILE})" && [[ -z "${PUSHOVER_STARR_INSTANCE_NAME}" ]] && ERRORS+=("PUSHOVER_STARR_INSTANCE_NAME not defined")
#
# Configurable variables
#
# Required
PUSHOVER_APP_URL="${PUSHOVER_APP_URL:-}" && [[ -z "${PUSHOVER_APP_URL}" ]] && ERRORS+=("PUSHOVER_APP_URL not defined")
PUSHOVER_USER_KEY="${PUSHOVER_USER_KEY:-}" && [[ -z "${PUSHOVER_USER_KEY}" ]] && ERRORS+=("PUSHOVER_USER_KEY not defined")
PUSHOVER_TOKEN="${PUSHOVER_TOKEN:-}" && [[ -z "${PUSHOVER_TOKEN}" ]] && ERRORS+=("PUSHOVER_TOKEN not defined")
# Optional
PUSHOVER_DEVICE="${PUSHOVER_DEVICE:-}"
PUSHOVER_PRIORITY="${PUSHOVER_PRIORITY:-"-2"}"
PUSHOVER_SOUND="${PUSHOVER_SOUND:-}"
#
# Print defined variables
#
for pushover_vars in ${!PUSHOVER_*}
do
declare -n var="${pushover_vars}"
[[ -n "${var}" && "${PUSHOVER_DEBUG}" = "true" ]] && printf "%s - %s=%s\n" "$(date)" "${!var}" "${var}"
done
#
# Validate required variables are set
#
if [ ${#ERRORS[@]} -gt 0 ]; then
for err in "${ERRORS[@]}"; do printf "%s - Undefined variable %s\n" "$(date)" "${err}" >&2; done
exit 1
fi
#
# Send Notification on Test
#
if [[ "${sonarr_eventtype:-}" == "Test" ]]; then
PUSHOVER_TITLE="Test Notification"
PUSHOVER_MESSAGE="Howdy this is a test notification from ${PUSHOVER_STARR_INSTANCE_NAME}"
fi
#
# Send notification on Download or Upgrade
#
if [[ "${sonarr_eventtype:-}" == "Download" ]]; then
printf -v PUSHOVER_TITLE "%s - S%02dE%02d - %s [%s]" \
"${sonarr_series_title:-"That '70s Show"}" \
"${sonarr_episodefile_seasonnumber:-"8"}" \
"${sonarr_episodefile_episodenumbers:-"22"}" \
"${sonarr_episodefile_episodetitles:-"That '70s Finale"}" \
"${sonarr_episodefile_quality:-"Bluray-720p"}"
printf -v PUSHOVER_MESSAGE "%s" \
"$(curl --silent --header "X-Api-Key:${PUSHOVER_STARR_APIKEY}" "http://localhost:${PUSHOVER_STARR_PORT}/api/v3/episode?seriesId=${sonarr_series_id:-"1653"}" \
| jq -r ".[] | select(.episodeFileId==${sonarr_episodefile_id:-"167750"}) | .overview")"
printf -v PUSHOVER_URL "https://%s/series/%s" \
"${PUSHOVER_APP_URL}" \
"$(curl --silent --header "X-Api-Key:${PUSHOVER_STARR_APIKEY}" "http://localhost:${PUSHOVER_STARR_PORT}/api/v3/series/${sonarr_series_id:-"1653"}" \
| jq -r ".titleSlug")"
printf -v PUSHOVER_URL_TITLE "View series in %s" \
"${PUSHOVER_STARR_INSTANCE_NAME}"
fi
notification=$(jq -n \
--arg token "${PUSHOVER_TOKEN}" \
--arg user "${PUSHOVER_USER_KEY}" \
--arg title "${PUSHOVER_TITLE}" \
--arg message "${PUSHOVER_MESSAGE:-"Unable to obtain plot summary"}" \
--arg url "${PUSHOVER_URL}" \
--arg url_title "${PUSHOVER_URL_TITLE}" \
--arg priority "${PUSHOVER_PRIORITY}" \
--arg sound "${PUSHOVER_SOUND}" \
--arg device "${PUSHOVER_DEVICE}" \
'{token: $token, user: $user, title: $title, message: $message, url: $url, url_title: $url_title, priority: $priority, sound: $sound, device: $device}' \
)
status_code=$(curl \
--write-out "%{http_code}" \
--silent \
--output /dev/null \
--header "Content-Type: application/json" \
--data-binary "${notification}" \
--request POST "https://api.pushover.net/1/messages.json" \
)
if [[ "${status_code}" -ne 200 ]] ; then
printf "%s - Unable to send notification with status code %s and payload: %s\n" "$(date)" "${status_code}" "$(echo "${notification}" | jq -c)" >&2
exit 1
else
printf "%s - Sent notification with status code %s and payload: %s\n" "$(date)" "${status_code}" "$(echo "${notification}" | jq -c)"
fi

31
kubernetes/cluster-0/apps/media-automation/sonarr/secret.sops.yaml Normal file
View File

@@ -0,0 +1,31 @@
# yamllint disable
apiVersion: v1
kind: Secret
metadata:
name: sonarr
namespace: default
type: Opaque
stringData:
PUSHOVER_TOKEN: ENC[AES256_GCM,data:k19SYCSuG2e3SZA2oOc+ORF0/Awd3pbPRMh0rZVf,iv:iNjc9LCjZ1MBEnfibTVnjisyxtm7QtjRNYUnKZn8emk=,tag:uEDCKAshQpybMY/dzR/M1Q==,type:str]
PUSHOVER_USER_KEY: ENC[AES256_GCM,data:VYp2lrBDk0yW4QcLbeH3p/bJ6mQ7hoA2luljU5lS,iv:8Yp48tC1N+1MdeW1lDDoMKyyE6qiZqd7D6qcY25tQRs=,tag:51G1vkr+vRJx29y9/FZ+DQ==,type:str]
SONARR__API_KEY: ENC[AES256_GCM,data:KheRN0LzO3Fb5P78lIt8mVZBydQH+xD+uQ8lBVEGieI=,iv:jG4RqKbprdfyqXmBlbXM8BVtwc3xdHof7p2NeP+dGss=,tag:z1nW7D5X+OCXIVcSEDbLog==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwWTJrS2pINFd3d2pRK0Z2
K3RUOWZwdXlUa2R2S2tVcldjUkJISTJDa2hFCnA0eThHNUhocisxVGZ1Z21PUno2
NXo4UjN6cXI1UWZVdjNmUzA5MHdUSDgKLS0tIEx5aFZydDRjTEhnUC94cC9kUlpn
LzZ0MXorcXRtVFRFNGhEUVAvTEs0UUkKo3F84muItufqs61yKmUVOVg/EORHYRHL
VNOHwINciH7lSknIZYPP+epMVDYCAe4AFmn2CPmtW6uRDScJAnBidw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-09-15T04:29:06Z"
mac: ENC[AES256_GCM,data:2uaAEPBB/v3k5WnUrGvp4fWW/SmrA306b4fru18NdEcLi8e070DJeThxF+/eHRYWIBDHBOhGDBe5Yv3U3tOnNjrQR8aqL9wWoatHqulGrwm/HiSbJZlDXRqO9DSItisBtTs2Tp5PhxBqsXlG5oEvQiV6/w+N44I2IrDnDW0P0C0=,iv:dAh6cKA3SqdZGBLPBTHkztO2wcgO1xUUbcE2d39eNXA=,tag:S5gtSNWzp/X3X+74y/vycQ==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.7.3

17
kubernetes/cluster-0/apps/media-automation/sonarr/volume.yaml Normal file
View File

@@ -0,0 +1,17 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: sonarr-config
namespace: default
labels:
app.kubernetes.io/name: &name sonarr
app.kubernetes.io/instance: *name
snapshot.home.arpa/enabled: "true"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
storageClassName: rook-ceph-block