diff --git a/kubernetes/apps/default/kustomization.yaml b/kubernetes/apps/default/kustomization.yaml index 68f66dd48..3048c9452 100644 --- a/kubernetes/apps/default/kustomization.yaml +++ b/kubernetes/apps/default/kustomization.yaml @@ -27,6 +27,7 @@ resources: - ./lidarr/ks.yaml - ./libreddit/ks.yaml - ./lychee/ks.yaml + - ./mailrise/ks.yaml - ./media-browser/ks.yaml - ./music-transcode/ks.yaml - ./navidrome/ks.yaml diff --git a/kubernetes/apps/default/mailrise/app/helmrelease.yaml b/kubernetes/apps/default/mailrise/app/helmrelease.yaml new file mode 100644 index 000000000..a5968bf0d --- /dev/null +++ b/kubernetes/apps/default/mailrise/app/helmrelease.yaml @@ -0,0 +1,84 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: &app mailrise + namespace: default +spec: + interval: 15m + chart: + spec: + chart: app-template + version: 1.2.0 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + maxHistory: 3 + install: + createNamespace: true + remediation: + retries: 3 + upgrade: + remediation: + retries: 3 + values: + controller: + replicas: 1 + strategy: RollingUpdate + annotations: + reloader.stakater.com/auto: "true" + image: + repository: docker.io/yoryan/mailrise + tag: 1.3.0 + env: + TZ: ${TIMEZONE} + envFrom: + - secretRef: + name: *app + service: + main: + type: LoadBalancer + loadBalancerIP: "${CLUSTER_LB_MAILRISE}" + externalTrafficPolicy: Local + ports: + http: + port: 8025 + ingress: + main: + enabled: true + ingressClassName: nginx + annotations: + hajimari.io/enable: "false" + hosts: + - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - *host + persistence: + config: + enabled: true + type: configMap + name: mailrise-configmap + subPath: mailrise.conf + mountPath: /etc/mailrise.conf + readOnly: true + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app.kubernetes.io/name: *app + podAnnotations: + secret.reloader.stakater.com/reload: *app + resources: + requests: + cpu: 10m + memory: 10Mi + limits: + memory: 200Mi diff --git a/kubernetes/apps/default/mailrise/app/kustomization.yaml b/kubernetes/apps/default/mailrise/app/kustomization.yaml new file mode 100644 index 000000000..f847833c0 --- /dev/null +++ b/kubernetes/apps/default/mailrise/app/kustomization.yaml @@ -0,0 +1,16 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: + - ./helmrelease.yaml + - ./secret.sops.yaml +configMapGenerator: + - name: mailrise-configmap + files: + - mailrise.conf=./mailrise.yaml +generatorOptions: + disableNameSuffixHash: true + annotations: + kustomize.toolkit.fluxcd.io/substitute: disabled diff --git a/kubernetes/apps/default/mailrise/app/mailrise.yaml b/kubernetes/apps/default/mailrise/app/mailrise.yaml new file mode 100644 index 000000000..8dd8c87cf --- /dev/null +++ b/kubernetes/apps/default/mailrise/app/mailrise.yaml @@ -0,0 +1,7 @@ +--- +configs: + truenas@mailrise.home.arpa: + mailrise: + title_template: "TRUENAS" + urls: + - !env_var PUSHOVER_TRUENAS diff --git a/kubernetes/apps/default/mailrise/app/secret.sops.yaml b/kubernetes/apps/default/mailrise/app/secret.sops.yaml new file mode 100644 index 000000000..1ead4b1e1 --- /dev/null +++ b/kubernetes/apps/default/mailrise/app/secret.sops.yaml @@ -0,0 +1,29 @@ +# yamllint disable +apiVersion: v1 +kind: Secret +metadata: + name: mailrise + namespace: default +type: Opaque +stringData: + PUSHOVER_TRUENAS: ENC[AES256_GCM,data:0sViJTQ7VNLccJLzJpwYQGbX0wP3oMCdMng/OFMW85Vfkejag0EEIP6HBCo/rOetq6VAtjvDoUNIx7I2HlHmm0uE7+oM,iv:bz43yn8QOG2/oWnxISTd5Y/JHVdhVfemcNWi62OGD2Q=,tag:YckZYWnKnhXB+0vUO9T5Tg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJaU16anJNV2pBZmxPR3h2 + bWREUnpjcTFvd05ZQ2E4VVBDdm1FL2k4WEYwCkdQSStTNWtpdjNkUW51WS9MekdC + VkpTUUFjSjY2a1JMOUtqOVh5M0JRR2sKLS0tIDRmcWpJSEVvaUp4U1lsaTZYZGNw + OGVKWU0zNUZJSFh4aFJxQWFsYm1VeFkKaDeI/hl7z0Qh8t5W39Kxu9ert1dt4xo+ + LX+MjpVqxiZNcfwROD4bkWeQSN+VsxoGOOyj4L15BlggNnlg+L7Hww== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2022-12-29T15:53:20Z" + mac: ENC[AES256_GCM,data:NwSRgt+Qr/suY+xca7c9hAAivYTPr9Uo9dJ5bzJzN8F1Tj4jxQcD/NHYvn+8OiPg9PCOlVDLzwcuuwUBwDc01diUMmkH5VTz50nQIO+CNlESJrVCDLEId8qgw3qU9AlBg9ik1lmNtggwl5X8NLduzrmYqS3mi+/jgt/3spZuLOA=,iv:FDe5+AEFs+76sP4PkwLIoofKcg0AbEqITp7nZKfab7o=,tag:zwcklTcIo4qeGxFLasidEw==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.7.3 diff --git a/kubernetes/apps/default/mailrise/ks.yaml b/kubernetes/apps/default/mailrise/ks.yaml new file mode 100644 index 000000000..a794cf583 --- /dev/null +++ b/kubernetes/apps/default/mailrise/ks.yaml @@ -0,0 +1,23 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: cluster-apps-mailrise + namespace: flux-system + labels: + substitution.flux.home.arpa/enabled: "true" +spec: + path: ./kubernetes/apps/default/mailrise/app + prune: true + sourceRef: + kind: GitRepository + name: home-ops-kubernetes + healthChecks: + - apiVersion: helm.toolkit.fluxcd.io/v2beta1 + kind: HelmRelease + name: mailrise + namespace: default + interval: 30m + retryInterval: 1m + timeout: 3m diff --git a/kubernetes/apps/default/music-transcode/app/cronjob.yaml b/kubernetes/apps/default/music-transcode/app/cronjob.yaml index 5837bee8b..7ac94f233 100644 --- a/kubernetes/apps/default/music-transcode/app/cronjob.yaml +++ b/kubernetes/apps/default/music-transcode/app/cronjob.yaml @@ -36,8 +36,13 @@ spec: - | #!/bin/bash - /app/transcode.sh -c - /app/transcode.sh -r + cp /app/transcode/transcode.sh /tmp/transcode.sh + cp /app/transcode/transcode_exclude.cfg /tmp/transcode_exclude.cfg + chmod +x /tmp/transcode.sh + + cd /tmp + ./transcode.sh -c + ./transcode.sh -r volumeMounts: - name: music-transcoded @@ -45,14 +50,14 @@ spec: - name: music mountPath: /mnt/music - name: scripts - mountPath: /app + mountPath: /app/scripts readOnly: true volumes: - name: music-transcoded nfs: server: "${LOCAL_LAN_TRUENAS}" - path: /mnt/music_transcoded + path: /mnt/storage/music_transcoded - name: music nfs: server: "${LOCAL_LAN_TRUENAS}" diff --git a/kubernetes/flux/vars/cluster-settings.yaml b/kubernetes/flux/vars/cluster-settings.yaml index 70f9047c7..3b27c1e4b 100644 --- a/kubernetes/flux/vars/cluster-settings.yaml +++ b/kubernetes/flux/vars/cluster-settings.yaml @@ -19,6 +19,7 @@ data: CLUSTER_LB_EMQX: 192.168.169.109 CLUSTER_LB_JELLYFIN: 192.168.169.110 CLUSTER_LB_RESILIOSYNC_HELENE: 192.168.169.111 + CLUSTER_LB_MAILRISE: 192.168.169.112 LOCAL_LAN: 192.168.8.0/22 LOCAL_LAN_OPNSENSE: 192.168.8.1 LOCAL_LAN_TRUENAS: 192.168.9.10