✨ new talos cluster

kubernetes/cluster-0/apps/media-automation/radarr/helm-release.yaml

@@ -0,0 +1,102 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: &app radarr
+  namespace: default
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: app-template
+      version: 1.0.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    createNamespace: true
+    remediation:
+      retries: 5
+  upgrade:
+    remediation:
+      retries: 5
+  values:
+    image:
+      repository: ghcr.io/onedr0p/radarr-develop
+      tag: 4.3.0.6671@sha256:fe42cc40dc92d9710fa03e5f5874baaeb72351c4c278a890b89c8413958323c6
+    env:
+      TZ: "${TIMEZONE}"
+      PUSHOVER_DEBUG: "false"
+      PUSHOVER_APP_URL: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
+      RADARR__INSTANCE_NAME: Radarr
+      RADARR__PORT: &port 80
+      RADARR__APPLICATION_URL: "https://{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
+      RADARR__LOG_LEVEL: info
+    envFrom:
+      - secretRef:
+          name: *app
+    service:
+      main:
+        ports:
+          http:
+            port: *port
+    ingress:
+      main:
+        enabled: true
+        ingressClassName: "nginx"
+        annotations:
+          auth.home.arpa/enabled: "true"
+          nginx.ingress.kubernetes.io/configuration-snippet: |
+            proxy_set_header Accept-Encoding "";
+            sub_filter '</head>' '<link rel="stylesheet" type="text/css" href="https://theme-park.${SECRET_CLUSTER_DOMAIN}/css/base/radarr/nord.css"></head>';
+            sub_filter_once on;
+        hosts:
+          - host: *host
+            paths:
+              - path: /
+                pathType: Prefix
+        tls:
+          - hosts:
+              - *host
+    podSecurityContext:
+      runAsUser: 568
+      runAsGroup: 568
+      fsGroup: 568
+      fsGroupChangePolicy: "OnRootMismatch"
+      supplementalGroups:
+        - 100
+    persistence:
+      config:
+        enabled: true
+        existingClaim: radarr-config
+        mountPath: /config
+      downloads:
+        enabled: true
+        type: nfs
+        server: "${LOCAL_LAN_TRUENAS}"
+        path: /mnt/storage/downloads
+        mountPath: /mnt/storage/downloads
+      video:
+        enabled: true
+        type: nfs
+        server: "${LOCAL_LAN_TRUENAS}"
+        path: /mnt/storage/video
+        mountPath: /mnt/storage/video
+      scripts:
+        enabled: true
+        type: configMap
+        name: radarr-pushover
+        subPath: pushover-notify.sh
+        mountPath: /scripts/pushover-notify.sh
+        defaultMode: 0775
+        readOnly: true
+    podAnnotations:
+      configmap.reloader.stakater.com/reload: radarr-pushover
+      secret.reloader.stakater.com/reload: *app
+    resources:
+      requests:
+        cpu: 500m
+        memory: 500Mi
+      limits:
+        memory: 2000Mi

kubernetes/cluster-0/apps/media-automation/radarr/kustomization.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+  - secret.sops.yaml
+  - volume.yaml
+  - helm-release.yaml
+configMapGenerator:
+  - name: radarr-pushover
+    files:
+      - ./scripts/pushover-notify.sh
+generatorOptions:
+  disableNameSuffixHash: true
+  annotations:
+    kustomize.toolkit.fluxcd.io/substitute: disabled

kubernetes/cluster-0/apps/media-automation/radarr/scripts/pushover-notify.sh

@@ -0,0 +1,105 @@
+#!/usr/bin/env bash
+
+PUSHOVER_DEBUG="${PUSHOVER_DEBUG:-"true"}"
+# kubectl port-forward service/radarr -n default 7878:7878
+# export PUSHOVER_STARR_INSTANCE_NAME=Radarr;
+# export PUSHOVER_APP_URL="";
+# export PUSHOVER_TOKEN="";
+# export PUSHOVER_USER_KEY="";
+# export radarr_eventtype=Download;
+# ./notify.sh
+
+CONFIG_FILE="/config/config.xml" && [[ "${PUSHOVER_DEBUG}" == "true" ]] && CONFIG_FILE="config.xml"
+ERRORS=()
+
+#
+# Discoverable variables
+#
+# shellcheck disable=SC2086
+PUSHOVER_STARR_PORT="$(xmlstarlet sel -t -v "//Port" -nl ${CONFIG_FILE})" && [[ -z "${PUSHOVER_STARR_PORT}" ]] && ERRORS+=("PUSHOVER_STARR_PORT not defined")
+PUSHOVER_STARR_APIKEY="$(xmlstarlet sel -t -v "//ApiKey" -nl ${CONFIG_FILE})" && [[ -z "${PUSHOVER_STARR_APIKEY}" ]] && ERRORS+=("PUSHOVER_STARR_APIKEY not defined")
+PUSHOVER_STARR_INSTANCE_NAME="$(xmlstarlet sel -t -v "//InstanceName" -nl ${CONFIG_FILE})" && [[ -z "${PUSHOVER_STARR_INSTANCE_NAME}" ]] && ERRORS+=("PUSHOVER_STARR_INSTANCE_NAME not defined")
+
+#
+# Configurable variables
+#
+# Required
+PUSHOVER_APP_URL="${PUSHOVER_APP_URL:-}" && [[ -z "${PUSHOVER_APP_URL}" ]] && ERRORS+=("PUSHOVER_APP_URL not defined")
+PUSHOVER_USER_KEY="${PUSHOVER_USER_KEY:-}" && [[ -z "${PUSHOVER_USER_KEY}" ]] && ERRORS+=("PUSHOVER_USER_KEY not defined")
+PUSHOVER_TOKEN="${PUSHOVER_TOKEN:-}" && [[ -z "${PUSHOVER_TOKEN}" ]] && ERRORS+=("PUSHOVER_TOKEN not defined")
+# Optional
+PUSHOVER_DEVICE="${PUSHOVER_DEVICE:-}"
+PUSHOVER_PRIORITY="${PUSHOVER_PRIORITY:-"-2"}"
+PUSHOVER_SOUND="${PUSHOVER_SOUND:-}"
+
+#
+# Print defined variables
+#
+for pushover_vars in ${!PUSHOVER_*}
+do
+    declare -n var="${pushover_vars}"
+    [[ -n "${var}" && "${PUSHOVER_DEBUG}" = "true" ]] && printf "%s - %s=%s\n" "$(date)" "${!var}" "${var}"
+done
+
+#
+# Validate required variables are set
+#
+if [ ${#ERRORS[@]} -gt 0 ]; then
+    for err in "${ERRORS[@]}"; do printf "%s - Undefined variable %s\n" "$(date)" "${err}" >&2; done
+    exit 1
+fi
+
+#
+# Send Notification on Test
+#
+if [[ "${radarr_eventtype:-}" == "Test" ]]; then
+    PUSHOVER_TITLE="Test Notification"
+    PUSHOVER_MESSAGE="Howdy this is a test notification from ${PUSHOVER_STARR_INSTANCE_NAME}"
+fi
+
+#
+# Send notification on Download or Upgrade
+#
+if [[ "${radarr_eventtype:-}" == "Download" ]]; then
+    printf -v PUSHOVER_TITLE "%s (%s) [%s]" \
+        "${radarr_movie_title:-"The Lord of the Rings: The Return of the King"}" \
+        "${radarr_movie_year:-"2003"}" \
+        "${radarr_moviefile_quality:-"Bluray-1080p"}"
+    printf -v PUSHOVER_MESSAGE "%s" \
+        "$(curl --silent --header "X-Api-Key:${PUSHOVER_STARR_APIKEY}" "http://localhost:${PUSHOVER_STARR_PORT}/api/v3/movie/${radarr_movie_id:-"2619"}" \
+            | jq -r ".overview")"
+    printf -v PUSHOVER_URL "https://%s/movie/%s" \
+        "${PUSHOVER_APP_URL}" \
+        "${radarr_movie_tmdbid:-"122"}"
+    printf -v PUSHOVER_URL_TITLE "View movie in %s" \
+        "${PUSHOVER_STARR_INSTANCE_NAME}"
+fi
+
+notification=$(jq -n \
+    --arg token "${PUSHOVER_TOKEN}" \
+    --arg user "${PUSHOVER_USER_KEY}" \
+    --arg title "${PUSHOVER_TITLE}" \
+    --arg message "${PUSHOVER_MESSAGE:-"Unable to obtain plot summary"}" \
+    --arg url "${PUSHOVER_URL}" \
+    --arg url_title "${PUSHOVER_URL_TITLE}" \
+    --arg priority "${PUSHOVER_PRIORITY}" \
+    --arg sound "${PUSHOVER_SOUND}" \
+    --arg device "${PUSHOVER_DEVICE}" \
+    '{token: $token, user: $user, title: $title, message: $message, url: $url, url_title: $url_title, priority: $priority, sound: $sound, device: $device}' \
+)
+
+status_code=$(curl \
+    --write-out "%{http_code}" \
+    --silent \
+    --output /dev/null \
+    --header "Content-Type: application/json" \
+    --data-binary "${notification}" \
+    --request POST "https://api.pushover.net/1/messages.json" \
+)
+
+if [[ "${status_code}" -ne 200 ]] ; then
+    printf "%s - Unable to send notification with status code %s and payload: %s\n" "$(date)" "${status_code}" "$(echo "${notification}" | jq -c)" >&2
+    exit 1
+else
+    printf "%s - Sent notification with status code %s and payload: %s\n" "$(date)" "${status_code}" "$(echo "${notification}" | jq -c)"
+fi

kubernetes/cluster-0/apps/media-automation/radarr/secret.sops.yaml

@@ -0,0 +1,31 @@
+# yamllint disable
+apiVersion: v1
+kind: Secret
+metadata:
+    name: radarr
+    namespace: default
+type: Opaque
+stringData:
+    PUSHOVER_TOKEN: ENC[AES256_GCM,data:lhRZiBDtUEYQUFh5JkbzToDGjxshew/6NCGTvLgU,iv:0p1ITxTMSSrKy63eGOsX9/cKGxAsDhg7W+pgOyTIp30=,tag:6okXUgaHq134hQAb5Vf09Q==,type:str]
+    PUSHOVER_USER_KEY: ENC[AES256_GCM,data:9GOEKsbOEP+d9XzDjanfuNehROa9tJrArdCX6uvy,iv:3IFKbkFs5X2T+HrnwFZImf123jp4nWnafJOy1RFqMtY=,tag:XmnqhAk9oSLSSHi5OYtjEw==,type:str]
+    RADARR__API_KEY: ENC[AES256_GCM,data:451DYlNmSDGoHNeiK7+MyTsI26CoICs/isxiWFcpPJo=,iv:1HGC0TgKcL6ShlMgYwx/WSvOG5SFprG/sgmi6lQOvNU=,tag:uPX3JggXwXrNp7qhetG/Mw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJaU16anJNV2pBZmxPR3h2
+            bWREUnpjcTFvd05ZQ2E4VVBDdm1FL2k4WEYwCkdQSStTNWtpdjNkUW51WS9MekdC
+            VkpTUUFjSjY2a1JMOUtqOVh5M0JRR2sKLS0tIDRmcWpJSEVvaUp4U1lsaTZYZGNw
+            OGVKWU0zNUZJSFh4aFJxQWFsYm1VeFkKaDeI/hl7z0Qh8t5W39Kxu9ert1dt4xo+
+            LX+MjpVqxiZNcfwROD4bkWeQSN+VsxoGOOyj4L15BlggNnlg+L7Hww==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2022-09-15T04:09:09Z"
+    mac: ENC[AES256_GCM,data:O3b3cHpmP2MFjNo2xN+pCm99b8QZoF0XAMVkWLwWf+vMRTnj7f7cCmvqsbfESZzNLUA7n1OUvTXPO2YtavGovy1F1iS98xYDCI/WLRUJTXwOGxqOVnXrFyqD/lE71pANJWFa0Q6GAtNjhl6k6KST1wAmZQCkYlPWQgMXmipOb6s=,iv:ejZ4wuXuUTodyl8wbetG+CcPNGfBaiAu9HNTof7cgm0=,tag:j7kv5V7GsItkjVKyK7GDuw==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.7.3

kubernetes/cluster-0/apps/media-automation/radarr/volume.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: radarr-config
+  namespace: default
+  labels:
+    app.kubernetes.io/name: &name radarr
+    app.kubernetes.io/instance: *name
+    snapshot.home.arpa/enabled: "true"
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi
+  storageClassName: rook-ceph-block