✨ new talos cluster

kubernetes/cluster-0/apps/media-automation/sonarr/helm-release.yaml

@@ -0,0 +1,102 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: &app sonarr
+  namespace: default
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: app-template
+      version: 1.0.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    createNamespace: true
+    remediation:
+      retries: 5
+  upgrade:
+    remediation:
+      retries: 5
+  values:
+    image:
+      repository: ghcr.io/onedr0p/sonarr-develop
+      tag: 4.0.0.151@sha256:780f96b9bc37e85e1aa9d123fa9e534e6c285df5da700a7613cf204c914c49af
+    env:
+      TZ: "${TIMEZONE}"
+      PUSHOVER_DEBUG: "false"
+      PUSHOVER_APP_URL: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
+      SONARR__INSTANCE_NAME: Sonarr
+      SONARR__PORT: &port 80
+      SONARR__APPLICATION_URL: "https://{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
+      SONARR__LOG_LEVEL: info
+    envFrom:
+      - secretRef:
+          name: *app
+    service:
+      main:
+        ports:
+          http:
+            port: *port
+    ingress:
+      main:
+        enabled: true
+        ingressClassName: "nginx"
+        annotations:
+          auth.home.arpa/enabled: "true"
+          nginx.ingress.kubernetes.io/configuration-snippet: |
+            proxy_set_header Accept-Encoding "";
+            sub_filter '</head>' '<link rel="stylesheet" type="text/css" href="https://theme-park.${SECRET_CLUSTER_DOMAIN}/css/base/sonarr/nord.css"></head>';
+            sub_filter_once on;
+        hosts:
+          - host: *host
+            paths:
+              - path: /
+                pathType: Prefix
+        tls:
+          - hosts:
+              - *host
+    podSecurityContext:
+      runAsUser: 568
+      runAsGroup: 568
+      fsGroup: 568
+      fsGroupChangePolicy: "OnRootMismatch"
+      supplementalGroups:
+        - 100
+    persistence:
+      config:
+        enabled: true
+        existingClaim: sonarr-config
+        mountPath: /config
+      downloads:
+        enabled: true
+        type: nfs
+        server: "${LOCAL_LAN_TRUENAS}"
+        path: /mnt/storage/downloads
+        mountPath: /mnt/storage/downloads
+      video:
+        enabled: true
+        type: nfs
+        server: "${LOCAL_LAN_TRUENAS}"
+        path: /mnt/storage/video
+        mountPath: /mnt/storage/video
+      scripts:
+        enabled: true
+        type: configMap
+        name: sonarr-pushover
+        subPath: pushover-notify.sh
+        mountPath: /scripts/pushover-notify.sh
+        defaultMode: 0775
+        readOnly: true
+    podAnnotations:
+      configmap.reloader.stakater.com/reload: sonarr-pushover
+      secret.reloader.stakater.com/reload: *app
+    resources:
+      requests:
+        cpu: 500m
+        memory: 500Mi
+      limits:
+        memory: 2000Mi

kubernetes/cluster-0/apps/media-automation/sonarr/kustomization.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+  - secret.sops.yaml
+  - volume.yaml
+  - helm-release.yaml
+configMapGenerator:
+  - name: sonarr-pushover
+    files:
+      - ./scripts/pushover-notify.sh
+generatorOptions:
+  disableNameSuffixHash: true
+  annotations:
+    kustomize.toolkit.fluxcd.io/substitute: disabled

kubernetes/cluster-0/apps/media-automation/sonarr/scripts/pushover-notify.sh

@@ -0,0 +1,107 @@
+#!/usr/bin/env bash
+
+PUSHOVER_DEBUG="${PUSHOVER_DEBUG:-"true"}"
+# kubectl port-forward service/sonarr -n default 8989:8989
+# export PUSHOVER_APP_URL="";
+# export PUSHOVER_TOKEN="";
+# export PUSHOVER_USER_KEY="";
+# export sonarr_eventtype=Download;
+# ./notify.sh
+
+CONFIG_FILE="/config/config.xml" && [[ "${PUSHOVER_DEBUG}" == "true" ]] && CONFIG_FILE="config.xml"
+ERRORS=()
+
+#
+# Discoverable variables
+#
+# shellcheck disable=SC2086
+PUSHOVER_STARR_PORT="$(xmlstarlet sel -t -v "//Port" -nl ${CONFIG_FILE})" && [[ -z "${PUSHOVER_STARR_PORT}" ]] && ERRORS+=("PUSHOVER_STARR_PORT not defined")
+PUSHOVER_STARR_APIKEY="$(xmlstarlet sel -t -v "//ApiKey" -nl ${CONFIG_FILE})" && [[ -z "${PUSHOVER_STARR_APIKEY}" ]] && ERRORS+=("PUSHOVER_STARR_APIKEY not defined")
+PUSHOVER_STARR_INSTANCE_NAME="$(xmlstarlet sel -t -v "//InstanceName" -nl ${CONFIG_FILE})" && [[ -z "${PUSHOVER_STARR_INSTANCE_NAME}" ]] && ERRORS+=("PUSHOVER_STARR_INSTANCE_NAME not defined")
+
+#
+# Configurable variables
+#
+# Required
+PUSHOVER_APP_URL="${PUSHOVER_APP_URL:-}" && [[ -z "${PUSHOVER_APP_URL}" ]] && ERRORS+=("PUSHOVER_APP_URL not defined")
+PUSHOVER_USER_KEY="${PUSHOVER_USER_KEY:-}" && [[ -z "${PUSHOVER_USER_KEY}" ]] && ERRORS+=("PUSHOVER_USER_KEY not defined")
+PUSHOVER_TOKEN="${PUSHOVER_TOKEN:-}" && [[ -z "${PUSHOVER_TOKEN}" ]] && ERRORS+=("PUSHOVER_TOKEN not defined")
+# Optional
+PUSHOVER_DEVICE="${PUSHOVER_DEVICE:-}"
+PUSHOVER_PRIORITY="${PUSHOVER_PRIORITY:-"-2"}"
+PUSHOVER_SOUND="${PUSHOVER_SOUND:-}"
+
+#
+# Print defined variables
+#
+for pushover_vars in ${!PUSHOVER_*}
+do
+    declare -n var="${pushover_vars}"
+    [[ -n "${var}" && "${PUSHOVER_DEBUG}" = "true" ]] && printf "%s - %s=%s\n" "$(date)" "${!var}" "${var}"
+done
+
+#
+# Validate required variables are set
+#
+if [ ${#ERRORS[@]} -gt 0 ]; then
+    for err in "${ERRORS[@]}"; do printf "%s - Undefined variable %s\n" "$(date)" "${err}" >&2; done
+    exit 1
+fi
+
+#
+# Send Notification on Test
+#
+if [[ "${sonarr_eventtype:-}" == "Test" ]]; then
+    PUSHOVER_TITLE="Test Notification"
+    PUSHOVER_MESSAGE="Howdy this is a test notification from ${PUSHOVER_STARR_INSTANCE_NAME}"
+fi
+
+#
+# Send notification on Download or Upgrade
+#
+if [[ "${sonarr_eventtype:-}" == "Download" ]]; then
+    printf -v PUSHOVER_TITLE "%s - S%02dE%02d - %s [%s]" \
+        "${sonarr_series_title:-"That '70s Show"}" \
+        "${sonarr_episodefile_seasonnumber:-"8"}" \
+        "${sonarr_episodefile_episodenumbers:-"22"}" \
+        "${sonarr_episodefile_episodetitles:-"That '70s Finale"}" \
+        "${sonarr_episodefile_quality:-"Bluray-720p"}"
+    printf -v PUSHOVER_MESSAGE "%s" \
+        "$(curl --silent --header "X-Api-Key:${PUSHOVER_STARR_APIKEY}" "http://localhost:${PUSHOVER_STARR_PORT}/api/v3/episode?seriesId=${sonarr_series_id:-"1653"}" \
+            | jq -r ".[] | select(.episodeFileId==${sonarr_episodefile_id:-"167750"}) | .overview")"
+    printf -v PUSHOVER_URL "https://%s/series/%s" \
+        "${PUSHOVER_APP_URL}" \
+        "$(curl --silent --header "X-Api-Key:${PUSHOVER_STARR_APIKEY}" "http://localhost:${PUSHOVER_STARR_PORT}/api/v3/series/${sonarr_series_id:-"1653"}" \
+            | jq -r ".titleSlug")"
+    printf -v PUSHOVER_URL_TITLE "View series in %s" \
+        "${PUSHOVER_STARR_INSTANCE_NAME}"
+fi
+
+notification=$(jq -n \
+    --arg token "${PUSHOVER_TOKEN}" \
+    --arg user "${PUSHOVER_USER_KEY}" \
+    --arg title "${PUSHOVER_TITLE}" \
+    --arg message "${PUSHOVER_MESSAGE:-"Unable to obtain plot summary"}" \
+    --arg url "${PUSHOVER_URL}" \
+    --arg url_title "${PUSHOVER_URL_TITLE}" \
+    --arg priority "${PUSHOVER_PRIORITY}" \
+    --arg sound "${PUSHOVER_SOUND}" \
+    --arg device "${PUSHOVER_DEVICE}" \
+    '{token: $token, user: $user, title: $title, message: $message, url: $url, url_title: $url_title, priority: $priority, sound: $sound, device: $device}' \
+)
+
+status_code=$(curl \
+    --write-out "%{http_code}" \
+    --silent \
+    --output /dev/null \
+    --header "Content-Type: application/json" \
+    --data-binary "${notification}" \
+    --request POST "https://api.pushover.net/1/messages.json" \
+)
+
+if [[ "${status_code}" -ne 200 ]] ; then
+    printf "%s - Unable to send notification with status code %s and payload: %s\n" "$(date)" "${status_code}" "$(echo "${notification}" | jq -c)" >&2
+    exit 1
+else
+    printf "%s - Sent notification with status code %s and payload: %s\n" "$(date)" "${status_code}" "$(echo "${notification}" | jq -c)"
+fi

kubernetes/cluster-0/apps/media-automation/sonarr/secret.sops.yaml

@@ -0,0 +1,31 @@
+# yamllint disable
+apiVersion: v1
+kind: Secret
+metadata:
+    name: sonarr
+    namespace: default
+type: Opaque
+stringData:
+    PUSHOVER_TOKEN: ENC[AES256_GCM,data:k19SYCSuG2e3SZA2oOc+ORF0/Awd3pbPRMh0rZVf,iv:iNjc9LCjZ1MBEnfibTVnjisyxtm7QtjRNYUnKZn8emk=,tag:uEDCKAshQpybMY/dzR/M1Q==,type:str]
+    PUSHOVER_USER_KEY: ENC[AES256_GCM,data:VYp2lrBDk0yW4QcLbeH3p/bJ6mQ7hoA2luljU5lS,iv:8Yp48tC1N+1MdeW1lDDoMKyyE6qiZqd7D6qcY25tQRs=,tag:51G1vkr+vRJx29y9/FZ+DQ==,type:str]
+    SONARR__API_KEY: ENC[AES256_GCM,data:KheRN0LzO3Fb5P78lIt8mVZBydQH+xD+uQ8lBVEGieI=,iv:jG4RqKbprdfyqXmBlbXM8BVtwc3xdHof7p2NeP+dGss=,tag:z1nW7D5X+OCXIVcSEDbLog==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwWTJrS2pINFd3d2pRK0Z2
+            K3RUOWZwdXlUa2R2S2tVcldjUkJISTJDa2hFCnA0eThHNUhocisxVGZ1Z21PUno2
+            NXo4UjN6cXI1UWZVdjNmUzA5MHdUSDgKLS0tIEx5aFZydDRjTEhnUC94cC9kUlpn
+            LzZ0MXorcXRtVFRFNGhEUVAvTEs0UUkKo3F84muItufqs61yKmUVOVg/EORHYRHL
+            VNOHwINciH7lSknIZYPP+epMVDYCAe4AFmn2CPmtW6uRDScJAnBidw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2022-09-15T04:29:06Z"
+    mac: ENC[AES256_GCM,data:2uaAEPBB/v3k5WnUrGvp4fWW/SmrA306b4fru18NdEcLi8e070DJeThxF+/eHRYWIBDHBOhGDBe5Yv3U3tOnNjrQR8aqL9wWoatHqulGrwm/HiSbJZlDXRqO9DSItisBtTs2Tp5PhxBqsXlG5oEvQiV6/w+N44I2IrDnDW0P0C0=,iv:dAh6cKA3SqdZGBLPBTHkztO2wcgO1xUUbcE2d39eNXA=,tag:S5gtSNWzp/X3X+74y/vycQ==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.7.3

kubernetes/cluster-0/apps/media-automation/sonarr/volume.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: sonarr-config
+  namespace: default
+  labels:
+    app.kubernetes.io/name: &name sonarr
+    app.kubernetes.io/instance: *name
+    snapshot.home.arpa/enabled: "true"
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi
+  storageClassName: rook-ceph-block