From d4aec9b7539f583446bc88ed46bc2246e49683ba Mon Sep 17 00:00:00 2001 From: James Andariese Date: Tue, 27 Feb 2024 01:28:21 -0600 Subject: [PATCH] add lidarr --- lidarr/deployment.yaml | 124 ++++++++++++++++++++++++++++ lidarr/package-registry-secret.yaml | 39 +++++++++ lidarr/pvc.yaml | 14 ++++ lidarr/youtube-downloader.yaml | 85 +++++++++++++++++++ 4 files changed, 262 insertions(+) create mode 100644 lidarr/deployment.yaml create mode 100644 lidarr/package-registry-secret.yaml create mode 100644 lidarr/pvc.yaml create mode 100644 lidarr/youtube-downloader.yaml diff --git a/lidarr/deployment.yaml b/lidarr/deployment.yaml new file mode 100644 index 0000000..4ff4729 --- /dev/null +++ b/lidarr/deployment.yaml @@ -0,0 +1,124 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: lidarr +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: lidarr + namespace: lidarr +spec: + ingressClassName: haproxy + rules: + - host: lidarr.strudelline.net + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: lidarr + port: + name: http +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: lidarr + name: lidarr +spec: + replicas: 1 + selector: + matchLabels: + app: lidarr + strategy: + type: Recreate + template: + metadata: + labels: + app: lidarr + spec: + terminationGracePeriodSeconds: 0 + restartPolicy: Always + initContainers: + - name: killswitch + image: xjasonlyu/tun2socks:latest + command: ["sh","-c"] + args: + - | + iptables -t mangle -A POSTROUTING -o eth0 -d 172.16.0.0/12 -j ACCEPT + iptables -t mangle -A POSTROUTING -o eth0 -d 10.0.0.0/8 -j ACCEPT + iptables -t mangle -A POSTROUTING -o eth0 -d 192.168.0.0/16 -j ACCEPT + iptables -t mangle -A POSTROUTING -o eth0 -j DROP + securityContext: + capabilities: + add: ["NET_ADMIN","SYS_TIME"] + volumes: + - name: config + persistentVolumeClaim: + claimName: lidarr-config + - name: dropbox + nfs: + server: 172.16.18.1 + path: /volume1/dropbox + - name: music + nfs: + server: 172.16.18.1 + path: /volume1/music + containers: + - name: lidarr + image: lscr.io/linuxserver/lidarr:latest + env: + - name: TZ + value: America/Chicago + - name: PUID + value: "1029" + - name: PGID + value: "101" + volumeMounts: + - mountPath: /volume1/music + name: music + - mountPath: /volume1/dropbox + name: dropbox + - mountPath: /config + name: config + - name: vpn + image: xjasonlyu/tun2socks:latest + command: ["sh","-c"] + args: + - | + mkdir -p /dev/net + mknod /dev/net/tun c 10 200 + exec /entrypoint.sh + env: + - name: TUN + value: tun0 + - name: PROXY + value: socks5://172.16.17.180:1080 + - name: TUN_EXCLUDED_ROUTES + value: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 + securityContext: + capabilities: + add: ["NET_ADMIN","SYS_TIME"] +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: lidarr + name: lidarr + namespace: lidarr +spec: + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: http + port: 8686 + protocol: TCP + selector: + app: lidarr + sessionAffinity: None + type: ClusterIP diff --git a/lidarr/package-registry-secret.yaml b/lidarr/package-registry-secret.yaml new file mode 100644 index 0000000..33531e2 --- /dev/null +++ b/lidarr/package-registry-secret.yaml @@ -0,0 +1,39 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: "gitea-package-registry-secret" + labels: + app: "gitea" +spec: + secretStoreRef: + name: bitwarden + kind: ClusterSecretStore + refreshInterval: "5m" + target: + template: + type: kubernetes.io/dockerconfigjson + engineVersion: v2 + data: + .dockerconfigjson: | + { + "auths": { + {{ .host | toJson }}: { + "username": {{ .username | toJson }}, + "password": {{ .password | toJson }}, + "auth": {{ printf "%v:%v" .username .password | b64enc | toJson }} + } + } + } + data: + - secretKey: username + remoteRef: + key: "gitea package registry token" + property: username + - secretKey: password + remoteRef: + key: "gitea package registry token" + property: password + - secretKey: host + remoteRef: + key: "gitea package registry token" + property: host diff --git a/lidarr/pvc.yaml b/lidarr/pvc.yaml new file mode 100644 index 0000000..1ee43ed --- /dev/null +++ b/lidarr/pvc.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: lidarr-config + namespace: lidarr +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: longhorn + volumeMode: Filesystem diff --git a/lidarr/youtube-downloader.yaml b/lidarr/youtube-downloader.yaml new file mode 100644 index 0000000..e9fad7a --- /dev/null +++ b/lidarr/youtube-downloader.yaml @@ -0,0 +1,85 @@ +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + namespace: lidarr + name: youtube-downloader +spec: + schedule: "0 1 * * *" + concurrencyPolicy: Forbid + jobTemplate: + spec: + template: + spec: + affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app: lidarr + topologyKey: kubernetes.io/hostname + restartPolicy: OnFailure + initContainers: + - name: killswitch + image: xjasonlyu/tun2socks:latest + command: ["sh","-c"] + args: + - | + iptables -t mangle -A POSTROUTING -o eth0 -d 172.16.0.0/12 -j ACCEPT + iptables -t mangle -A POSTROUTING -o eth0 -d 10.0.0.0/8 -j ACCEPT + iptables -t mangle -A POSTROUTING -o eth0 -d 192.168.0.0/16 -j ACCEPT + iptables -t mangle -A POSTROUTING -o eth0 -j DROP + securityContext: + capabilities: + add: ["NET_ADMIN","SYS_TIME"] + volumes: + - name: config + persistentVolumeClaim: + claimName: lidarr-config + - name: dropbox + nfs: + server: 172.16.18.1 + path: /volume1/dropbox + - name: music + nfs: + server: 172.16.18.1 + path: /volume1/music + securityContext: + fsGroup: 101 + containers: + - name: youtube-downloader + image: git.strudelline.net/infra/lidarr-youtube-downloader:main + env: + - name: LIDARR_URL + value: https://lidarr.strudelline.net + - name: LIDARR_API_KEY + value: f371b7b67584461085bf1004520f0fe8 + - name: LIDARR_DB + value: /config/lidarr.db + - name: LIDARR_MUSIC_PATH + value: /volume1/music + volumeMounts: + - mountPath: /volume1/music + name: music + - mountPath: /volume1/dropbox + name: dropbox + - mountPath: /config + name: config + - name: vpn + image: xjasonlyu/tun2socks:latest + command: ["sh","-c"] + args: + - | + mkdir -p /dev/net + mknod /dev/net/tun c 10 200 + exec /entrypoint.sh + env: + - name: TUN + value: tun0 + - name: PROXY + value: socks5://172.16.17.180:1080 + - name: TUN_EXCLUDED_ROUTES + value: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 + securityContext: + capabilities: + add: ["NET_ADMIN","SYS_TIME"]