diff --git a/kube/deploy/apps/rclone-retro/app/hr.yaml b/kube/deploy/apps/rclone-retro/app/hr.yaml index 80b8b9a5..696ff129 100644 --- a/kube/deploy/apps/rclone-retro/app/hr.yaml +++ b/kube/deploy/apps/rclone-retro/app/hr.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/app-template-4.1.1/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/app-template-4.1.2/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: @@ -10,32 +10,35 @@ spec: chart: spec: chart: app-template - version: 4.1.1 + version: 4.1.2 sourceRef: name: bjw-s kind: HelmRepository namespace: flux-system values: controllers: - # TODO: add sync from Vita and serve FTP for Apollo save tool - 3ds: &rclone - type: cronjob - cronjob: - schedule: "@hourly" + app: + type: deployment + replicas: 1 pod: labels: + ingress.home.arpa/nginx-internal: allow + prom.home.arpa/kps: allow egress.home.arpa/retro-consoles: allow containers: - main: &rclct + app: image: &img - repository: "jank.ing/jjgadgets/rclone" - tag: "1.70.2@sha256:b8dad82933961be28ebbe4aab87e14f2d2fcd23ed3e8335a43a837209cb46f5f" - args: ["sync", "3ds:/", "/data/", "--progress", "--exclude", "/Nintendo 3DS/title/**/**/content/*.app", "--exclude", "**/*.cia", "--exclude", "**/*.fbi", "--exclude", "/GBA/**", "--exclude", "/GBA/*"] + repository: ghcr.io/rclone/rclone + tag: 1.70.2@sha256:b8dad82933961be28ebbe4aab87e14f2d2fcd23ed3e8335a43a837209cb46f5f + args: ["serve", "ftp", "local:", "--addr=:$(FTP_PORT)", "--rc", "--rc-addr=:$(HTTP_PORT)", "--rc-serve", "--rc-serve-no-modtime", "--rc-web-gui", "--rc-web-gui-no-open-browser", "--rc-user=$(RC_USER)", "--rc-pass=$(RC_PASS)", "--rc-enable-metrics", "--metrics-addr=:$(METRICS_PORT)"] env: &env TZ: "${CONFIG_TZ}" - # envFrom: &envFrom - # - secretRef: - # name: rclone-retro-secrets + FTP_PORT: &ftp 2121 + HTTP_PORT: &http 8080 + METRICS_PORT: &metrics 9090 + envFrom: &envFrom + - secretRef: + name: rclone-retro-secrets securityContext: &sc readOnlyRootFilesystem: true allowPrivilegeEscalation: false @@ -47,64 +50,109 @@ spec: limits: cpu: "1" memory: "128Mi" + probes: + liveness: + enabled: true + readiness: + enabled: true + 3ds: &cron + type: cronjob + cronjob: + schedule: "@hourly" + containers: + main: &rclct + image: *img + args: ["rc", "sync/sync", "3ds:/", "/data/3ds/", "_filter='{$(FILTER)}'", "_config='{$(CONFIG)}'"] + env: + <<: *env + FILTER: | + "IncludeRule": [ "/Nintendo 3DS/title/**/**/content/*.app", "**/*.cia", "**/*.fbi", "**/*.nds", "/GBA/**", "/GBA/*", "**/*.mp3", "**/*.m4a", "**/*.aac", "**/*.wav", "**/*.flac" ] + CONFIG: | + "Progress": true + envFrom: *envFrom + securityContext: *sc + resources: + requests: + cpu: "10m" + limits: + cpu: "1" + memory: "128Mi" 3ds-gba: - <<: *rclone + <<: *cron containers: main: <<: *rclct - args: ["bisync", "3ds:GBA/", "/data/", "--progress"] - # service: - # rclone-retro: - # controller: rclone-retro - # ports: - # http: - # port: 80 - # targetPort: 8080 - # protocol: HTTP - # appProtocol: http - # expose: - # primary: false - # controller: rclone-retro - # type: LoadBalancer - # annotations: - # coredns.io/hostname: "${APP_DNS_RCLONE-RETRO:=rclone-retro}" - # "io.cilium/lb-ipam-ips": "${APP_IP_RCLONE-RETRO:=127.0.0.1}" - # ports: - # http: - # port: 443 - # targetPort: 8443 - # protocol: HTTPS - # ldap-tcp: - # port: 636 - # targetPort: 3636 - # protocol: TCP - # ldap-udp: - # port: 636 - # targetPort: 3636 - # protocol: UDP + args: ["rc", "sync/sync", "3ds:GBA/", "/data/3ds-gba/", "_config='{$(CONFIG)}'"] + env: + <<: *env + FILTER: | + "IncludeRule": [ "**/*.nds", "**/*.mp3", "**/*.m4a", "**/*.aac", "**/*.wav", "**/*.flac" ] + CONFIG: | + "Progress": true + ds: + <<: *cron + containers: + main: + <<: *rclct + args: ["rc", "sync/sync", "ds:/", "/data/ds/", "_filter='{$(FILTER)}'", "_config='{$(CONFIG)}'"] + env: + <<: *env + FILTER: | + "IncludeRule": [ "**/*.nds", "**/*.mp3", "**/*.m4a", "**/*.aac", "**/*.wav", "**/*.flac" ] + CONFIG: | + "Progress": true + service: + app: + primary: false + controller: app + ports: + http: + port: 80 + targetPort: *http + protocol: HTTP + appProtocol: http + expose: + controller: app + type: LoadBalancer + annotations: + coredns.io/hostname: "${APP_DNS_RCLONE_RETRO_FTP:=rclone-retro}" + lbipam.cilium.io/ips: "${APP_IP_RCLONE_RETRO_FTP:=127.0.0.1}" + ports: + ftp: + port: 21 + targetPort: *ftp + protocol: TCP + appProtocol: ftp + ingress: + main: + className: nginx-internal + annotations: + nginx.ingress.kubernetes.io/whitelist-source-range: "${IP_JJ_V4:=127.0.0.1/32}" + hosts: + - host: &host "${APP_DNS_RCLONE_RETRO:=rclone-retro}" + paths: &paths + - path: / + pathType: Prefix + service: + identifier: app + port: http + tls: + - hosts: [*host] persistence: config: type: configMap - name: rclone-retro-config + identifier: config globalMounts: - subPath: "rclone.conf" path: "/.rclone.conf" readOnly: true data: existingClaim: rclone-retro-data - advancedMounts: - 3ds: - main: - - subPath: 3ds - path: /data - - subPath: cache-3ds - path: /.cache - 3ds-gba: - main: - - subPath: 3ds-gba - path: /data - - subPath: cache-3ds-gba - path: /.cache + globalMounts: + - subPath: data + path: /data + - subPath: cache + path: /.cache # nfs: # type: nfs # server: "${IP_TRUENAS:=127.0.0.1}" @@ -120,8 +168,6 @@ spec: path: /tmp configMaps: config: - enabled: true - suffix: config data: rclone.conf: | [3ds] @@ -132,7 +178,27 @@ spec: pass = PyY5-F-6MhsVR9BYdBGEQy0 concurrency = 1 idle_timeout = 0s - writing_mdtm = true # needed for modtime support, use `rclone backend features 3ds:` to verify + writing_mdtm = true + # needed for modtime support, use `rclone backend features 3ds:` to verify + [ds] + type = ftp + host = ds.internal + port = 5000 + user = anonymous + pass = PyY5-F-6MhsVR9BYdBGEQy0 + concurrency = 1 + idle_timeout = 0s + writing_mdtm = true + # needed for modtime support, use `rclone backend features ds:` to verify + [vita] + type = ftp + host = 3ds.internal + port = 5000 + user = anonymous + pass = PyY5-F-6MhsVR9BYdBGEQy0 + concurrency = 1 + idle_timeout = 0s + writing_mdtm = true defaultPodOptions: automountServiceAccountToken: false enableServiceLinks: false @@ -157,11 +223,32 @@ spec: whenUnsatisfiable: DoNotSchedule labelSelector: matchLabels: - app.kubernetes.io/name: *app + app.kubernetes.io/name: "{{ .Release.Name }}" affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - - key: fuckoff.home.arpa/{{ .Release.Name }} + - key: "fuckoff.home.arpa/{{ .Release.Name }}" operator: DoesNotExist + networkpolicies: + same-ns: + podSelector: {} + policyTypes: [Ingress, Egress] + rules: + ingress: [from: [{podSelector: {}}]] + egress: [to: [{podSelector: {}}]] + conosoles: + controller: app + policyTypes: [Ingress, Egress] + rules: + ingress: + - from: &consoles + - ipBlock: + cidr: "${IP_VLAN_RETROCONSOLES_CIDR:=127.0.0.1/32}" + - ipBlock: + cidr: "${IP_VLAN_NDS_CIDR:=127.0.0.1/32}" + # from: [{ podSelector: {} }]] + egress: + - to: *consoles + # serviceMonitor: # TODO: add serviceMonitors diff --git a/kube/deploy/apps/rclone-retro/ks.yaml b/kube/deploy/apps/rclone-retro/ks.yaml index 0fe5f7ad..919ae17a 100644 --- a/kube/deploy/apps/rclone-retro/ks.yaml +++ b/kube/deploy/apps/rclone-retro/ks.yaml @@ -12,8 +12,25 @@ spec: labels: *l path: ./kube/deploy/apps/rclone-retro/app components: - - ../../../core/storage/volsync/component/ - ../../../core/flux-system/alerts/template/ + dependsOn: + - name: crds + namespace: flux-system + - name: rclone-retro-pvc +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: rclone-retro-pvc + namespace: flux-system + labels: &l + app.kubernetes.io/name: rclone-retro + pvc.home.arpa/volsync: "true" +spec: + targetNamespace: rclone-retro + commonMetadata: + labels: *l + path: ./kube/deploy/core/storage/volsync/template dependsOn: - name: crds namespace: flux-system @@ -28,3 +45,4 @@ spec: RUID: &uid "1000" RGID: *uid RFSG: *uid + VS_APP_CURRENT_VERSION: "{{.IMAGENAME}}:{{.IMAGETAG}}" diff --git a/kube/deploy/apps/rclone-retro/kustomization.yaml b/kube/deploy/apps/rclone-retro/kustomization.yaml index 45bc3673..5eeb2657 100644 --- a/kube/deploy/apps/rclone-retro/kustomization.yaml +++ b/kube/deploy/apps/rclone-retro/kustomization.yaml @@ -2,5 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - # - ns.yaml + - ns.yaml - ks.yaml diff --git a/kube/deploy/apps/rclone-retro/app/ns.yaml b/kube/deploy/apps/rclone-retro/ns.yaml similarity index 100% rename from kube/deploy/apps/rclone-retro/app/ns.yaml rename to kube/deploy/apps/rclone-retro/ns.yaml