infra/kube-cascade
3
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add lidarr

Browse Source
This commit is contained in:
James Andariese 2024-02-27 01:28:21 -06:00
parent 1724f21938
commit d4aec9b753
4 changed files with 262 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

124
lidarr/deployment.yaml Normal file
View File

@ -0,0 +1,124 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: lidarr
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: lidarr
namespace: lidarr
spec:
ingressClassName: haproxy
rules:
- host: lidarr.strudelline.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: lidarr
port:
name: http
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: lidarr
name: lidarr
spec:
replicas: 1
selector:
matchLabels:
app: lidarr
strategy:
type: Recreate
template:
metadata:
labels:
app: lidarr
spec:
terminationGracePeriodSeconds: 0
restartPolicy: Always
initContainers:
- name: killswitch
image: xjasonlyu/tun2socks:latest
command: ["sh","-c"]
args:
- |
iptables -t mangle -A POSTROUTING -o eth0 -d 172.16.0.0/12 -j ACCEPT
iptables -t mangle -A POSTROUTING -o eth0 -d 10.0.0.0/8 -j ACCEPT
iptables -t mangle -A POSTROUTING -o eth0 -d 192.168.0.0/16 -j ACCEPT
iptables -t mangle -A POSTROUTING -o eth0 -j DROP
securityContext:
capabilities:
add: ["NET_ADMIN","SYS_TIME"]
volumes:
- name: config
persistentVolumeClaim:
claimName: lidarr-config
- name: dropbox
nfs:
server: 172.16.18.1
path: /volume1/dropbox
- name: music
nfs:
server: 172.16.18.1
path: /volume1/music
containers:
- name: lidarr
image: lscr.io/linuxserver/lidarr:latest
env:
- name: TZ
value: America/Chicago
- name: PUID
value: "1029"
- name: PGID
value: "101"
volumeMounts:
- mountPath: /volume1/music
name: music
- mountPath: /volume1/dropbox
name: dropbox
- mountPath: /config
name: config
- name: vpn
image: xjasonlyu/tun2socks:latest
command: ["sh","-c"]
args:
- |
mkdir -p /dev/net
mknod /dev/net/tun c 10 200
exec /entrypoint.sh
env:
- name: TUN
value: tun0
- name: PROXY
value: socks5://172.16.17.180:1080
- name: TUN_EXCLUDED_ROUTES
value: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
securityContext:
capabilities:
add: ["NET_ADMIN","SYS_TIME"]
---
apiVersion: v1
kind: Service
metadata:
labels:
app: lidarr
name: lidarr
namespace: lidarr
spec:
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: http
port: 8686
protocol: TCP
selector:
app: lidarr
sessionAffinity: None
type: ClusterIP

39
lidarr/package-registry-secret.yaml Normal file
View File

@ -0,0 +1,39 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: "gitea-package-registry-secret"
labels:
app: "gitea"
spec:
secretStoreRef:
name: bitwarden
kind: ClusterSecretStore
refreshInterval: "5m"
target:
template:
type: kubernetes.io/dockerconfigjson
engineVersion: v2
data:
.dockerconfigjson: |
{
"auths": {
{{ .host | toJson }}: {
"username": {{ .username | toJson }},
"password": {{ .password | toJson }},
"auth": {{ printf "%v:%v" .username .password | b64enc | toJson }}
}
}
}
data:
- secretKey: username
remoteRef:
key: "gitea package registry token"
property: username
- secretKey: password
remoteRef:
key: "gitea package registry token"
property: password
- secretKey: host
remoteRef:
key: "gitea package registry token"
property: host

14
lidarr/pvc.yaml Normal file
View File

@ -0,0 +1,14 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: lidarr-config
namespace: lidarr
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: longhorn
volumeMode: Filesystem

85
lidarr/youtube-downloader.yaml Normal file
View File

@ -0,0 +1,85 @@
---
apiVersion: batch/v1
kind: CronJob
metadata:
namespace: lidarr
name: youtube-downloader
spec:
schedule: "0 1 * * *"
concurrencyPolicy: Forbid
jobTemplate:
spec:
template:
spec:
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: lidarr
topologyKey: kubernetes.io/hostname
restartPolicy: OnFailure
initContainers:
- name: killswitch
image: xjasonlyu/tun2socks:latest
command: ["sh","-c"]
args:
- |
iptables -t mangle -A POSTROUTING -o eth0 -d 172.16.0.0/12 -j ACCEPT
iptables -t mangle -A POSTROUTING -o eth0 -d 10.0.0.0/8 -j ACCEPT
iptables -t mangle -A POSTROUTING -o eth0 -d 192.168.0.0/16 -j ACCEPT
iptables -t mangle -A POSTROUTING -o eth0 -j DROP
securityContext:
capabilities:
add: ["NET_ADMIN","SYS_TIME"]
volumes:
- name: config
persistentVolumeClaim:
claimName: lidarr-config
- name: dropbox
nfs:
server: 172.16.18.1
path: /volume1/dropbox
- name: music
nfs:
server: 172.16.18.1
path: /volume1/music
securityContext:
fsGroup: 101
containers:
- name: youtube-downloader
image: git.strudelline.net/infra/lidarr-youtube-downloader:main
env:
- name: LIDARR_URL
value: https://lidarr.strudelline.net
- name: LIDARR_API_KEY
value: f371b7b67584461085bf1004520f0fe8
- name: LIDARR_DB
value: /config/lidarr.db
- name: LIDARR_MUSIC_PATH
value: /volume1/music
volumeMounts:
- mountPath: /volume1/music
name: music
- mountPath: /volume1/dropbox
name: dropbox
- mountPath: /config
name: config
- name: vpn
image: xjasonlyu/tun2socks:latest
command: ["sh","-c"]
args:
- |
mkdir -p /dev/net
mknod /dev/net/tun c 10 200
exec /entrypoint.sh
env:
- name: TUN
value: tun0
- name: PROXY
value: socks5://172.16.17.180:1080
- name: TUN_EXCLUDED_ROUTES
value: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
securityContext:
capabilities:
add: ["NET_ADMIN","SYS_TIME"]