From 6684d2882cd806f0f110afaad6e2aa5b83770cd0 Mon Sep 17 00:00:00 2001 From: auricom <27022259+auricom@users.noreply.github.com> Date: Thu, 13 Apr 2023 21:47:05 +0200 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20komf?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../komf/app/backups/kustomization.yaml | 7 ++ .../komf/app/backups/replicationsource.yaml | 21 ++++++ .../default/komf/app/backups/restic.sops.yaml | 34 +++++++++ .../default/komf/app/config/application.yml | 69 +++++++++++++++++ .../apps/default/komf/app/helmrelease.yaml | 75 +++++++++++++++++++ .../apps/default/komf/app/kustomization.yaml | 16 ++++ .../apps/default/komf/app/secret.sops.yaml | 30 ++++++++ kubernetes/apps/default/komf/app/volume.yaml | 17 +++++ kubernetes/apps/default/komf/ks.yaml | 26 +++++++ kubernetes/apps/default/kustomization.yaml | 1 + .../flux/vars/cluster-secrets.sops.yaml | 5 +- 11 files changed, 299 insertions(+), 2 deletions(-) create mode 100644 kubernetes/apps/default/komf/app/backups/kustomization.yaml create mode 100644 kubernetes/apps/default/komf/app/backups/replicationsource.yaml create mode 100644 kubernetes/apps/default/komf/app/backups/restic.sops.yaml create mode 100644 kubernetes/apps/default/komf/app/config/application.yml create mode 100644 kubernetes/apps/default/komf/app/helmrelease.yaml create mode 100644 kubernetes/apps/default/komf/app/kustomization.yaml create mode 100644 kubernetes/apps/default/komf/app/secret.sops.yaml create mode 100644 kubernetes/apps/default/komf/app/volume.yaml create mode 100644 kubernetes/apps/default/komf/ks.yaml diff --git a/kubernetes/apps/default/komf/app/backups/kustomization.yaml b/kubernetes/apps/default/komf/app/backups/kustomization.yaml new file mode 100644 index 000000000..57bca902d --- /dev/null +++ b/kubernetes/apps/default/komf/app/backups/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./replicationsource.yaml + - ./restic.sops.yaml diff --git a/kubernetes/apps/default/komf/app/backups/replicationsource.yaml b/kubernetes/apps/default/komf/app/backups/replicationsource.yaml new file mode 100644 index 000000000..b996247f8 --- /dev/null +++ b/kubernetes/apps/default/komf/app/backups/replicationsource.yaml @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: komf + namespace: default +spec: + sourcePVC: komf-config + trigger: + schedule: "0 0 * * *" + restic: + copyMethod: Snapshot + pruneIntervalDays: 10 + repository: komf-restic + cacheCapacity: 2Gi + volumeSnapshotClassName: csi-ceph-blockpool + storageClassName: rook-ceph-block + retain: + daily: 10 + within: 3d diff --git a/kubernetes/apps/default/komf/app/backups/restic.sops.yaml b/kubernetes/apps/default/komf/app/backups/restic.sops.yaml new file mode 100644 index 000000000..bd2855b7f --- /dev/null +++ b/kubernetes/apps/default/komf/app/backups/restic.sops.yaml @@ -0,0 +1,34 @@ +apiVersion: v1 +kind: Secret +metadata: + name: komf-restic +type: Opaque +stringData: + #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment] + RESTIC_REPOSITORY: ENC[AES256_GCM,data:BTZjdPn1Zekn3p5FPMWFGArvcXEBH9djqJ4erLrN5/iFufb+DJsV6ceFfEUeu5XJBhav31MF,iv:7ZZYnsytJ4E4rlHjM1AL5xvzQjZ1nSNt4CfqfB+x3hU=,tag:fJzP8Go+y/S07Ma//+FJKQ==,type:str] + #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment] + RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str] + #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment] + #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment] + AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str] + AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ + THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB + TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN + dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4 + 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-04-13T19:41:22Z" + mac: ENC[AES256_GCM,data:Yi7jUzER+TNjnTqyYoe0TAuTK2B10VNf0f6uvuFjn5aN6UANo9b6MMUnK0V+NYzFBuVGTPUXprDL+7/MrfR913GXj9bb7tPSvw8Y/rul0ctQQ7CdCXOsTOhI865G/lnB0ByFr1oXl8SWl/M5yve1s4Hdv9prwqOF3T5134oYSY0=,iv:lBpc24M9K9uRNj4mW4SvnQTyz+Gsbgjqaxw1W7suINg=,tag:c98GobgzPHFKW1qiz3JbYg==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.7.3 diff --git a/kubernetes/apps/default/komf/app/config/application.yml b/kubernetes/apps/default/komf/app/config/application.yml new file mode 100644 index 000000000..4cf0356fb --- /dev/null +++ b/kubernetes/apps/default/komf/app/config/application.yml @@ -0,0 +1,69 @@ +komga: + eventListener: + enabled: true # if disabled will not connect to komga and won't pick up newly added entries + libraries: [ ] # listen to all events if empty + notifications: + libraries: [ ] # Will send notifications if any notification source is enabled. If empty will send notifications for all libraries + metadataUpdate: + default: + updateModes: [ API ] # can use multiple options at once. available options are API, COMIC_INFO + aggregate: true # if enabled will search and aggregate metadata from all configured providers + mergeTags: true # if true and aggregate is enabled will merge tags from all providers + mergeGenres: true # if true and aggregate is enabled will merge genres from all providers + bookCovers: true # update book thumbnails + seriesCovers: true # update series thumbnails + postProcessing: + seriesTitle: true # update series title + seriesTitleLanguage: "en" # series title update language + alternativeSeriesTitles: false # use other title types as alternative title option + alternativeSeriesTitleLanguages: # alternative title languages + - "en" + - "ja" + - "ja-ro" + orderBooks: true # will order books using parsed volume or chapter number + scoreTag: true # adds score tag of format "score: 8" only uses integer part of rating. Can be used in search using query: tag:"score: 8" in komga + readingDirectionValue: # override reading direction for all series. should be one of these: LEFT_TO_RIGHT, RIGHT_TO_LEFT, VERTICAL, WEBTOON + languageValue: # set default language for series. Must use BCP 47 format e.g. "en" + +database: + file: ./database.sqlite # database file location. + +metadataProviders: + malClientId: "${SECRET_KOMF_MAL_CLIENT_ID}" # required for mal provider. See https://myanimelist.net/forum/?topicid=1973077 + defaultProviders: + mangaUpdates: + priority: 10 + enabled: true + mediaType: "MANGA" # filter used in matching. Can be NOVEL or MANGA. MANGA type includes everything except novels + authorRoles: [ "WRITER" ] # roles that will be mapped to author role + artistRoles: [ "PENCILLER","INKER","COLORIST","LETTERER","COVER" ] # roles that will be mapped to artist role + mal: + priority: 20 + enabled: true + mediaType: "MANGA" # filter used in matching. Can be NOVEL or MANGA. MANGA type includes everything except novels + nautiljon: + priority: 30 + enabled: false + aniList: + priority: 40 + enabled: false + mediaType: "MANGA" # filter used in matching. Can be NOVEL or MANGA. MANGA type includes everything except novels + tagsScoreThreshold: 60 # tags with this score or higher will be included + tagsSizeLimit: 15 # amount of tags that will be included + yenPress: + priority: 50 + enabled: false + mediaType: "MANGA" # filter used in matching. Can be NOVEL or MANGA. + kodansha: + priority: 60 + enabled: false + viz: + priority: 70 + enabled: false + bookWalker: + priority: 80 + enabled: false + mediaType: "MANGA" # filter used in matching. Can be NOVEL or MANGA. + mangaDex: + priority: 90 + enabled: false diff --git a/kubernetes/apps/default/komf/app/helmrelease.yaml b/kubernetes/apps/default/komf/app/helmrelease.yaml new file mode 100644 index 000000000..a9f2523a3 --- /dev/null +++ b/kubernetes/apps/default/komf/app/helmrelease.yaml @@ -0,0 +1,75 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: &app komf + namespace: default +spec: + interval: 15m + chart: + spec: + chart: app-template + version: 1.3.2 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + maxHistory: 3 + install: + createNamespace: true + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + controller: + annotations: + reloader.stakater.com/auto: "true" + image: + repository: sndxr/komf + tag: "0.25.4" + env: + KOMF_KOMGA_BASE_URI: http://komga.default.svc.cluster.local:8080 + KOMF_LOG_LEVEL: INFO + envFrom: + - secretRef: + name: komf-secret + service: + main: + ports: + http: + port: &port 8085 + ingress: + main: + enabled: true + ingressClassName: "nginx" + hosts: + - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - *host + persistence: + config: + enabled: true + existingClaim: komf-config + configmap: + enabled: true + type: configMap + name: komf-configmap + subPath: application.yml + mountPath: /config/application.yml + readOnly: true + resources: + requests: + memory: 4282M + cpu: 15m + limits: + memory: 4282M diff --git a/kubernetes/apps/default/komf/app/kustomization.yaml b/kubernetes/apps/default/komf/app/kustomization.yaml new file mode 100644 index 000000000..5e0385f61 --- /dev/null +++ b/kubernetes/apps/default/komf/app/kustomization.yaml @@ -0,0 +1,16 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: + - ./backups + - ./helmrelease.yaml + - ./secret.sops.yaml + - ./volume.yaml +configMapGenerator: + - name: komf-configmap + files: + - ./config/application.yml +generatorOptions: + disableNameSuffixHash: true diff --git a/kubernetes/apps/default/komf/app/secret.sops.yaml b/kubernetes/apps/default/komf/app/secret.sops.yaml new file mode 100644 index 000000000..a091ad335 --- /dev/null +++ b/kubernetes/apps/default/komf/app/secret.sops.yaml @@ -0,0 +1,30 @@ +# yamllint disable +apiVersion: v1 +kind: Secret +metadata: + name: komf-secret + namespace: default +type: Opaque +stringData: + KOMF_KOMGA_USER: ENC[AES256_GCM,data:5U3kwEcvNAIxP0DjE7J92LsrYJg=,iv:FHfnSSsvv1DuoMT1TuLYZRaq2xiw+/xDLa5DePqUV0Y=,tag:ioP+gGyrxr5uQKPiMiiSFg==,type:str] + KOMF_KOMGA_PASSWORD: ENC[AES256_GCM,data:3cJvjwREQ9LxeteU5bL5MI7Lj2s=,iv:2s/ZqHkOCDGPMxTMZ5bnmktPOBdLoof+/e17uDzMGvk=,tag:8TW4+ru40tayOJV2EsVGww==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJaU16anJNV2pBZmxPR3h2 + bWREUnpjcTFvd05ZQ2E4VVBDdm1FL2k4WEYwCkdQSStTNWtpdjNkUW51WS9MekdC + VkpTUUFjSjY2a1JMOUtqOVh5M0JRR2sKLS0tIDRmcWpJSEVvaUp4U1lsaTZYZGNw + OGVKWU0zNUZJSFh4aFJxQWFsYm1VeFkKaDeI/hl7z0Qh8t5W39Kxu9ert1dt4xo+ + LX+MjpVqxiZNcfwROD4bkWeQSN+VsxoGOOyj4L15BlggNnlg+L7Hww== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-04-13T19:48:38Z" + mac: ENC[AES256_GCM,data:at+0QzFrF5eAIsdqpgr6/3zP1vW2K2pm8UcrXQ6Yo+enPkwtG25i8/seIbGHXrmS2uy+cz3nQPrUAQkCI6Ga9NSMbQZ1w+5E1dTXSeDrdMKSziWKide1MvSae468147VWcfynA7cOrrrQmGJusQCsMbynlduqj1P4AUvR/222Ik=,iv:3NdkRseiRWxWE1K+o6x7ZjojzthQNq8N/R+0luKg4zU=,tag:f+5aOXowccxKwCxxqE8nUQ==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.7.3 diff --git a/kubernetes/apps/default/komf/app/volume.yaml b/kubernetes/apps/default/komf/app/volume.yaml new file mode 100644 index 000000000..a53807e9f --- /dev/null +++ b/kubernetes/apps/default/komf/app/volume.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: komf-config + namespace: default + labels: + app.kubernetes.io/name: &name komf + app.kubernetes.io/instance: *name + snapshot.home.arpa/enabled: "true" +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: rook-ceph-block diff --git a/kubernetes/apps/default/komf/ks.yaml b/kubernetes/apps/default/komf/ks.yaml new file mode 100644 index 000000000..f240d3d39 --- /dev/null +++ b/kubernetes/apps/default/komf/ks.yaml @@ -0,0 +1,26 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: cluster-apps-komf + namespace: flux-system + labels: + substitution.flux.home.arpa/enabled: "true" +spec: + dependsOn: + - name: cluster-apps-rook-ceph-cluster + - name: cluster-apps-volsync-app + path: ./kubernetes/apps/default/komf/app + prune: true + sourceRef: + kind: GitRepository + name: home-ops-kubernetes + healthChecks: + - apiVersion: helm.toolkit.fluxcd.io/v2beta1 + kind: HelmRelease + name: komf + namespace: default + interval: 30m + retryInterval: 1m + timeout: 3m diff --git a/kubernetes/apps/default/kustomization.yaml b/kubernetes/apps/default/kustomization.yaml index 8aef7e148..79ab5390d 100644 --- a/kubernetes/apps/default/kustomization.yaml +++ b/kubernetes/apps/default/kustomization.yaml @@ -25,6 +25,7 @@ resources: - ./jellyfin/ks.yaml - ./jellyseer/ks.yaml - ./joplin/ks.yaml + - ./komf/ks.yaml - ./komga/ks.yaml - ./lidarr/ks.yaml - ./libreddit/ks.yaml diff --git a/kubernetes/flux/vars/cluster-secrets.sops.yaml b/kubernetes/flux/vars/cluster-secrets.sops.yaml index 8a3bfe9a1..26d45ad73 100644 --- a/kubernetes/flux/vars/cluster-secrets.sops.yaml +++ b/kubernetes/flux/vars/cluster-secrets.sops.yaml @@ -22,6 +22,7 @@ stringData: SECRET_INVIDIOUS_DB_USER: ENC[AES256_GCM,data:snjA33syqy4X,iv:OF8LJSTdcIGgwAJPmS0HdCz0adsTuTwZ5zfuvJrA7fs=,tag:E4EnsKWITN4l6qnuxZ3A5g==,type:str] SECRET_IMMICH_OAUTH_CLIENT_SECRET: ENC[AES256_GCM,data:+MEpqgBm2kK0qOq0jl/BDKEUYB4=,iv:VDU2Dggxb/qoEoDcjNrk3O5gCprEMAdRvyW/DivTo9w=,tag:Dse5KTLDLduVGT0LSIBjVA==,type:str] SECRET_INVIDIOUS_DB_PASSWORD: ENC[AES256_GCM,data:jmHWk/hXAb9E97CEa4w=,iv:RYnGwoCy+RyVDdKVOXWFWPB/dqF2vPlx7ofRApEAsMg=,tag:nEydKLEw6mHJetEVa+NFzQ==,type:str] + SECRET_KOMF_MAL_CLIENT_ID: ENC[AES256_GCM,data:HuKHFrICgCj6nbcbix8u7qGeggFmmKht7Elk9dINZtE=,iv:c3mqFdFkIO9dctZ3ooPh4ajOZaY0ZudEeNWbG+lryPI=,tag:jWG2+pgkAf/XUgJyUvdrNg==,type:str] SECRET_KUBE_PROMETHEUS_STACK_ALERTMANAGER_PUSHOVER_USER_KEY: ENC[AES256_GCM,data:X1J9WLT26soYzlDb8+YtPotGw8p0lJKMuNkn69WX,iv:mW2cJOq5gfzSE+U24IuvPVL+dL2nZcTFpPAkG77Ohus=,tag:kxokidtuE5RAGJlj4Q4P2A==,type:str] SECRET_KUBE_PROMETHEUS_STACK_ALERTMANAGER_PUSHOVER_TOKEN: ENC[AES256_GCM,data:Bwvuy/jHIRduy/r1A8dOs0OE8ewdjCgs8g/br1oW,iv:PdnPH9I509MT6UJkUG1zLAGn9aV4AVrROgAVCD4a3Y0=,tag:59kBGx9qx3jeauokyoolQQ==,type:str] SECRET_KUBE_PROMETHEUS_STACK_GRAFANA_ADMIN_PASSWORD: ENC[AES256_GCM,data:L7LS6+tuwPCyb5HN4zg=,iv:JM2KTtDN/VrKicjp5qwqusWiJKHRZnfTtsZE2hkLq6Q=,tag:XGF3L5P6JxVBrlGuKosdZA==,type:str] @@ -51,8 +52,8 @@ sops: WG82VkdBMlNnRzBySFQzMk41cEtXSlEKBqOmq9UpO61C85+pj0ibdT31y4pmFsbm pTi4N0vv81kcf4ilqBU5h1gudNCb42Q2iL0eGNR4e3JzH4iaNsvnEg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-01-05T20:41:08Z" - mac: ENC[AES256_GCM,data:YrYr5LMKyK1riXBIIarreoLrNwS1ZwtlgZ8ryGE7H5V7LbspMuo5dSHv6skiXpqBifOde1zZpYYDz57neipSdP9hHfVB8vATVN2NGuADHbboxrsAQxHkj45+GX5r4r2ciQ7seBV6O2YUOR5WAM31fh/spwUurfGFqZNVr0h2wGI=,iv:D48m1daPRcQorU1WJKuoRcZ15YosWSaexnqNdeLCw7I=,tag:oMGi9w8yhhARa4XCJBMRqg==,type:str] + lastmodified: "2023-04-13T20:08:05Z" + mac: ENC[AES256_GCM,data:iSqYkW/MdDGfinlbdy3Vs8fVeowdeYS62MR3f6mUGd2cskt1mQLJY3wkLQoDkMFVm7JZWwi6Voo117MLyjdfku5IrTgJjcLsw2IxMHY44xSyOzLBEgDKXdT/hrvkxMHtCxQBAPWF72m0fcGIUR1xCpeUbTjDlve1Q6HyowxXMe0=,iv:PgO25xaJM7mFo4JnxQDiCxzEPhgaWDWmHr/ONIBixg0=,tag:CVxcqUsJcq9SJ1JPSe3qpw==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.7.3