✨ new talos cluster

kubernetes/cluster-0/apps/storage/resilio-sync/claude/config/sync.conf

@@ -0,0 +1,15 @@
+{
+    "listening_port" : 55555,
+    "storage_path" : "/config",
+    "vendor" : "docker",
+    "display_new_version": false,
+
+    "directory_root_policy" : "belowroot",
+    "directory_root" : "/sync/",
+    "webui" :
+    {
+  "listen" : "0.0.0.0:8888",
+  "allow_empty_password" : false,
+        "dir_whitelist" : [ "/sync" ]
+    }
+}

kubernetes/cluster-0/apps/storage/resilio-sync/claude/helm-release.yaml

@@ -0,0 +1,104 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: &app resilio-claude
+  namespace: default
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: app-template
+      version: 1.0.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    createNamespace: true
+    remediation:
+      retries: 5
+  upgrade:
+    remediation:
+      retries: 5
+  values:
+    image:
+      repository: ghcr.io/auricom/resilio-sync
+      tag: 2.7.3.1381-1@sha256:ec9c45bc0d04f9622d00009b4c8f431ddbf83e53d1942e00282f7059f7dc5ae7
+      env:
+        - name: TZ
+          value: "${TIMEZONE}"
+    service:
+      main:
+        ports:
+          http:
+            port: 8888
+          com:
+            port: 55555
+    ingress:
+      main:
+        enabled: true
+        ingressClassName: "nginx"
+        hosts:
+          - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
+            paths:
+              - path: /
+                pathType: Prefix
+        tls:
+          - hosts:
+              - *host
+    persistence:
+      config:
+        enabled: true
+        existingClaim: resilio-claude-config
+      sync-conf:
+        enabled: true
+        type: configMap
+        configMap:
+        name: resilio-claude-sync-conf
+        mountPath: /config/sync.conf
+        subPath: sync.conf
+      backups:
+        enabled: true
+        type: nfs
+        server: "${LOCAL_LAN_TRUENAS}"
+        path: /mnt/storage/backups
+        mountPath: /sync/backup
+      home-claude:
+        enabled: true
+        type: nfs
+        server: "${LOCAL_LAN_TRUENAS}"
+        path: /mnt/storage/home/claude
+        mountPath: /sync/home/claude
+      music-transcoded:
+        enabled: true
+        type: nfs
+        server: "${LOCAL_LAN_TRUENAS}"
+        path: /mnt/storage/music_transcoded
+        mountPath: /sync/music_transcoded
+      photo:
+        enabled: true
+        type: nfs
+        server: "${LOCAL_LAN_TRUENAS}"
+        path: /mnt/storage/photo
+        mountPath: /sync/photo
+      shared-documents:
+        enabled: true
+        type: nfs
+        server: "${LOCAL_LAN_TRUENAS}"
+        path: /mnt/storage/shared-documents
+        mountPath: /sync/shared-documents
+      video:
+        enabled: true
+        type: nfs
+        server: "${LOCAL_LAN_TRUENAS}"
+        path: /mnt/storage/video
+        mountPath: /sync/video
+    podSecurityContext:
+      runAsUser: 0
+    resources:
+      requests:
+        cpu: 250m
+        memory: 512Mi
+      limits:
+        memory: 2Gi

kubernetes/cluster-0/apps/storage/resilio-sync/claude/kustomization.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - helm-release.yaml
+  - volume.yaml
+configMapGenerator:
+  - name: resilio-claude-sync-conf
+    namespace: default
+    files:
+      - config/sync.conf
+generatorOptions:
+  disableNameSuffixHash: true

kubernetes/cluster-0/apps/storage/resilio-sync/claude/volume.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: resilio-claude-config
+  namespace: default
+  labels:
+    app.kubernetes.io/name: &name resilio-claude
+    app.kubernetes.io/instance: *name
+    snapshot.home.arpa/enabled: "true"
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: rook-ceph-block
+  resources:
+    requests:
+      storage: 1Gi

kubernetes/cluster-0/apps/storage/resilio-sync/helene/config/sync.conf

@@ -0,0 +1,15 @@
+{
+    "listening_port" : 55556,
+    "storage_path" : "/config",
+    "vendor" : "docker",
+    "display_new_version": false,
+
+    "directory_root_policy" : "belowroot",
+    "directory_root" : "/sync/",
+    "webui" :
+    {
+  "listen" : "0.0.0.0:8889",
+  "allow_empty_password" : false,
+        "dir_whitelist" : [ "/sync" ]
+    }
+}

kubernetes/cluster-0/apps/storage/resilio-sync/helene/helm-release.yaml

@@ -0,0 +1,81 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: &app resilio-helene
+  namespace: default
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: app-template
+      version: 1.0.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    createNamespace: true
+    remediation:
+      retries: 5
+  upgrade:
+    remediation:
+      retries: 5
+
+  values:
+    image:
+      repository: ghcr.io/auricom/resilio-sync
+      tag: 2.7.3.1381-1@sha256:ec9c45bc0d04f9622d00009b4c8f431ddbf83e53d1942e00282f7059f7dc5ae7
+      env:
+        - name: TZ
+          value: "${TIMEZONE}"
+    service:
+      main:
+        ports:
+          http:
+            port: 8889
+          com:
+            port: 55556
+    ingress:
+      main:
+        enabled: true
+        ingressClassName: "nginx"
+        hosts:
+          - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
+            paths:
+              - path: /
+                pathType: Prefix
+        tls:
+          - hosts:
+              - *host
+    persistence:
+      config:
+        enabled: true
+        existingClaim: resilio-helene-config
+      sync-conf:
+        enabled: true
+        type: configMap
+        configMap:
+        name: resilio-helene-sync-conf
+        mountPath: /config/sync.conf
+        subPath: sync.conf
+      backups:
+        enabled: true
+        type: nfs
+        server: "${LOCAL_LAN_TRUENAS}"
+        path: /mnt/storage/backups
+        mountPath: /sync/backup
+      home-helene:
+        enabled: true
+        type: nfs
+        server: "${LOCAL_LAN_TRUENAS}"
+        path: /mnt/storage/home/helene
+        mountPath: /sync/home
+    podSecurityContext:
+      runAsUser: 0
+    resources:
+      requests:
+        cpu: 250m
+        memory: 512Mi
+      limits:
+        memory: 2Gi

kubernetes/cluster-0/apps/storage/resilio-sync/helene/kustomization.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - helm-release.yaml
+  - volume.yaml
+configMapGenerator:
+  - name: resilio-helene-sync-conf
+    namespace: default
+    files:
+      - config/sync.conf
+generatorOptions:
+  disableNameSuffixHash: true

kubernetes/cluster-0/apps/storage/resilio-sync/helene/volume.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: resilio-helene-config
+  namespace: default
+  labels:
+    app.kubernetes.io/name: &name resilio-helene
+    app.kubernetes.io/instance: *name
+    snapshot.home.arpa/enabled: "true"
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: rook-ceph-block
+  resources:
+    requests:
+      storage: 1Gi

kubernetes/cluster-0/apps/storage/resilio-sync/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - claude
+  - helene