From 89758de47777a1aa4eae9229c226312480928cc5 Mon Sep 17 00:00:00 2001 From: JJGadgets Date: Fri, 6 Oct 2023 20:06:51 +0800 Subject: [PATCH] feat: add audiobookshelf --- kube/clusters/biohazard/config/vars.sops.env | 14 +-- .../biohazard/flux/kustomization.yaml | 1 + kube/deploy/apps/audiobookshelf/app/hr.yaml | 88 +++++++++++++++++++ .../apps/audiobookshelf/app/volsync.yaml | 36 ++++++++ kube/deploy/apps/audiobookshelf/ks.yaml | 12 +++ .../apps/audiobookshelf/kustomization.yaml | 6 ++ kube/deploy/apps/audiobookshelf/ns.yaml | 5 ++ 7 files changed, 156 insertions(+), 6 deletions(-) create mode 100644 kube/deploy/apps/audiobookshelf/app/hr.yaml create mode 100644 kube/deploy/apps/audiobookshelf/app/volsync.yaml create mode 100644 kube/deploy/apps/audiobookshelf/ks.yaml create mode 100644 kube/deploy/apps/audiobookshelf/kustomization.yaml create mode 100644 kube/deploy/apps/audiobookshelf/ns.yaml diff --git a/kube/clusters/biohazard/config/vars.sops.env b/kube/clusters/biohazard/config/vars.sops.env index 511884f5..a72f2fbb 100644 --- a/kube/clusters/biohazard/config/vars.sops.env +++ b/kube/clusters/biohazard/config/vars.sops.env @@ -152,6 +152,8 @@ APP_DNS_PIPED_YTPROXY=ENC[AES256_GCM,data:ZENfx6QxT/f1ETdf7lZ9vfIGEfg=,iv:xHduYN APP_UID_PIPED=ENC[AES256_GCM,data:D0yen4k=,iv:Fl+HAcRCyVHKLj7MfRkEjN1H18nQBCTW+J9SN6Y4/30=,tag:AKHP2so3Dv2AZHpWXk9caA==,type:str] APP_DNS_PSONO=ENC[AES256_GCM,data:EbJv9qNUARI=,iv:X6L+tBZPqktQrXJyIwbrJrzSEfhYO57hTmyglgRSbHo=,tag:J3SQdZ/7J1W9WVg4yoUxkA==,type:str] APP_UID_PSONO=ENC[AES256_GCM,data:DKrojDA=,iv:Dvre4644JTo7vjYLSMAhft8mXOxe9TEzRnVfQkl4VIs=,tag:xwHbePe7E3Z6jhxm+8YZ/g==,type:str] +APP_DNS_AUDIOBOOKSHELF=ENC[AES256_GCM,data:kTRNlMPFpMgi,iv:80iNnmrfkc7MG4aaZLbDkTqZH+606PdutwKbz4WfUYE=,tag:wDK8jFP2iPY/xSXRx+3syQ==,type:str] +APP_UID_AUDIOBOOKSHELF=ENC[AES256_GCM,data:DGQ+bQ==,iv:kFL64SX84gkPlq82VK97w1y+5LZf+mdcpHGRj4Ke+/o=,tag:yjL3bOmFstKPWTgdsoA/Ew==,type:str] CONFIG_MINECRAFT_OPS=ENC[AES256_GCM,data:al3glJDrtuqtTM2z4W7n+tPNf6XVfK64Jdb9s5RAE5NUwxyK,iv:kYqlsOabsa2iBZKgqjOpFYJo0DMFuoo3ZWCqb/Xzi5c=,tag:nIqPXvBvxdi8crMj1CYsEw==,type:str] CONFIG_MINECRAFT_ICON=ENC[AES256_GCM,data:nNzsyRclLnPZ+8Td/WJg2u8V/QKf/xowrghmTaKRNb9a5BMOxtzmiyAt6Us8OoY=,iv:b7fHZQdOjc4oCCLtLhopNg6G7IS2u9NUdBLCN6CjSKc=,tag:+cPgP1oK/9+EK2tB9Y45zw==,type:str] CONFIG_MINECRAFT_NAME=ENC[AES256_GCM,data:1qSqJGmGON9BhJKRJA==,iv:Sdwq0LLLdBQlr3m+0Ey2IE9FcRtVKOtXsswLMMp9A5A=,tag:WpaTzqSO3+N+vnJkGI+pCQ==,type:str] @@ -169,12 +171,12 @@ CONFIG_OVENMEDIAENGINE_NAME=ENC[AES256_GCM,data:58CuH8bcUHWXBZA=,iv:BN7x6aAJPbzI CONFIG_THELOUNGE_USERNAME=ENC[AES256_GCM,data:+C2aABtqq8YG,iv:4DYpguAvmaqPedRgrflDlKfX5jJEhyWXKuRS+UVgHLo=,tag:vfJko+R2D8ct7KZC2Vnujw==,type:str] CONFIG_THELOUNGE_JOIN=ENC[AES256_GCM,data:ocuC,iv:9Cn9zp2+iIVrEXYxklEtkpftmJwTGsWnff2xIG9KNec=,tag:3UL9Gn+kHoXu+40CFkP7sg==,type:str] CONFIG_PSONO_TITLE=ENC[AES256_GCM,data:ORXmkTqtuka3l5M0pdu1NKxdX3Pes3xdEMw=,iv:Mbw/KUQJcIdYdcWby6qeCY4Q31Vc+dUOjLLprHL5P9E=,tag:HavoGugubPrunCoOkL40Mw==,type:str] -sops_pgp__list_0__map_enc=-----BEGIN PGP MESSAGE-----\n\nhF4DAAAAAAAAAAASAQdAbA35718t0WVKrjQFYUPviCb0lVuh8NpfSdJCHjHcWWww\n8ak4q4VL69tZLSjQHx+VsMmKooknxWz6pw0lGxyDYlZMQ81bodInjaZGFZSz8Uuh\n0l4BhDCNDBBALTrnTliz6/DAHvmavI4UxMHost5alFio9JPkTDNmXZyvcy1/R6aw\n/uhQXLUBRvm0TSOhBZb7d0SLkLfe02Um40w1TibpKXsZz1GOMbPRNBMHHra0QIuQ\n=0jA+\n-----END PGP MESSAGE-----\n -sops_pgp__list_0__map_fp=31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 sops_pgp__list_0__map_created_at=2023-06-01T18:01:04Z -sops_age__list_0__map_recipient=age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj -sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSXFvLzFQaFJ0OVJKUFV5\nTWh2OUltUlpJWFlVVytFYU9VajBHSnQ4SGdjCnRVbEVXdDVyUHJrR05Ba0xvUm1l\nTkt2YmNUZy90ZFA2b3QrODFKZ01EVG8KLS0tIEw2dkd1cnFCbnI5eWxKL2o1aDVB\nN0hveXZ2dWdxQ2k2L0pGR0ROMStVTmsK4dV/hNyDjsYnVUiFQ7kqdmcVHfYyVckz\nh/rwLjcZgsup72WDVP3v6Eul8B3LKFrSb8CDFA54tyQmSdFDCQC+Zg==\n-----END AGE ENCRYPTED FILE-----\n -sops_mac=ENC[AES256_GCM,data:9pvZrkKPkPe/XE4d6zitx2R8ClbqJA1Tjlm2BAIDywulujtyZPDOw1WwStxtfWkH9b11N2S89LkdAPmbFwamf0f0CqI/qxOug5NmdI+Bs7KqxxYaXyh0jKhZFo4Wwt0FjY0m7kqzCzTbr76UbRloLkJgaDbqDmdIy27QOVUJV0Q=,iv:SpNC3+fVj9dRZI/qFy4gWNWcil1eyPSgOeS1bXNaYkU=,tag:mv0RnWR+cVPhPaf9iT1j0g==,type:str] -sops_lastmodified=2023-09-30T14:55:36Z sops_unencrypted_suffix=_unencrypted +sops_age__list_0__map_recipient=age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj +sops_pgp__list_0__map_fp=31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 +sops_pgp__list_0__map_enc=-----BEGIN PGP MESSAGE-----\n\nhF4DAAAAAAAAAAASAQdAbA35718t0WVKrjQFYUPviCb0lVuh8NpfSdJCHjHcWWww\n8ak4q4VL69tZLSjQHx+VsMmKooknxWz6pw0lGxyDYlZMQ81bodInjaZGFZSz8Uuh\n0l4BhDCNDBBALTrnTliz6/DAHvmavI4UxMHost5alFio9JPkTDNmXZyvcy1/R6aw\n/uhQXLUBRvm0TSOhBZb7d0SLkLfe02Um40w1TibpKXsZz1GOMbPRNBMHHra0QIuQ\n=0jA+\n-----END PGP MESSAGE-----\n +sops_mac=ENC[AES256_GCM,data:+R9f/ghqFSl5IdQpdCG5AT2jgnx5RgsWFM74ZNqBafU/6h2HzNVx0PNvtJNgbTN6fnis9GJFQJar9GxYymZhuf6mGwZvi3bDRDIRaXbFP3w2TsvSEhe5OXIml0uL8Ux76NEUyBRPMMEdsmXE3PxpdiQWb0aXaUt4f7kmS5NbPa0=,iv:SRgiwdmm+6+bM1UeUHRNj2mO3GRMukSMu6qB412nZeg=,tag:gnqYuB4ZrgpUu2tzEit+CA==,type:str] +sops_lastmodified=2023-10-06T12:05:32Z +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSXFvLzFQaFJ0OVJKUFV5\nTWh2OUltUlpJWFlVVytFYU9VajBHSnQ4SGdjCnRVbEVXdDVyUHJrR05Ba0xvUm1l\nTkt2YmNUZy90ZFA2b3QrODFKZ01EVG8KLS0tIEw2dkd1cnFCbnI5eWxKL2o1aDVB\nN0hveXZ2dWdxQ2k2L0pGR0ROMStVTmsK4dV/hNyDjsYnVUiFQ7kqdmcVHfYyVckz\nh/rwLjcZgsup72WDVP3v6Eul8B3LKFrSb8CDFA54tyQmSdFDCQC+Zg==\n-----END AGE ENCRYPTED FILE-----\n sops_version=3.7.3 diff --git a/kube/clusters/biohazard/flux/kustomization.yaml b/kube/clusters/biohazard/flux/kustomization.yaml index 7737d287..b88ebc91 100644 --- a/kube/clusters/biohazard/flux/kustomization.yaml +++ b/kube/clusters/biohazard/flux/kustomization.yaml @@ -70,3 +70,4 @@ resources: - ../../../deploy/apps/piped/ - ../../../deploy/apps/phanpy/ - ../../../deploy/apps/psono/ + - ../../../deploy/apps/audiobookshelf/ \ No newline at end of file diff --git a/kube/deploy/apps/audiobookshelf/app/hr.yaml b/kube/deploy/apps/audiobookshelf/app/hr.yaml new file mode 100644 index 00000000..98fc0d63 --- /dev/null +++ b/kube/deploy/apps/audiobookshelf/app/hr.yaml @@ -0,0 +1,88 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: &app audiobookshelf + namespace: *app +spec: + chart: + spec: + chart: app-template + version: 2.0.2 + sourceRef: + name: bjw-s + kind: HelmRepository + namespace: flux-system + values: + controllers: + main: + type: statefulset + replicas: 1 + pod: + labels: + ingress.home.arpa/nginx: "allow" + egress.home.arpa/world: "allow" + containers: + main: + image: + repository: "ghcr.io/advplyr/audiobookshelf" + tag: "2.4.4" + env: + TZ: "${CONFIG_TZ}" + PORT: &http "8080" + CONFIG_PATH: &config "/config" + METADATA_PATH: &meta "/metadata" + resources: + requests: + cpu: 10m + memory: 128Mi + limits: + memory: 6000Mi + statefulset: + volumeClaimTemplates: + - name: config + mountPath: *config + accessMode: ReadWriteOnce + size: 20Gi + storageClass: block + # initContainers: + service: + main: + ports: + http: + port: *http + ingress: + main: + enabled: true + primary: true + className: nginx + hosts: + - host: &host "${APP_DNS_AUDIOBOOKSHELF}" + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - *host + persistence: + nfs: + enabled: true + type: nfs + server: "${IP_TRUENAS}" + path: "${PATH_NAS_MEDIA}" + advancedMounts: + main: + main: + - subPath: ".audiobookshelf-metadata" + path: *meta + - subPath: "Podcasts" + path: "/podcasts" + - subPath: "Audiobooks" + path: "/audiobooks" + defaultPodOptions: + automountServiceAccountToken: false + securityContext: + runAsUser: &uid ${APP_UID_AUDIOBOOKSHELF} + runAsGroup: *uid + fsGroup: *uid + fsGroupChangePolicy: Always \ No newline at end of file diff --git a/kube/deploy/apps/audiobookshelf/app/volsync.yaml b/kube/deploy/apps/audiobookshelf/app/volsync.yaml new file mode 100644 index 00000000..d5af0548 --- /dev/null +++ b/kube/deploy/apps/audiobookshelf/app/volsync.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: audiobookshelf-config-restic + namespace: audiobookshelf +type: Opaque +stringData: + RESTIC_REPOSITORY: ${SECRET_VOLSYNC_R2_REPO}/audiobookshelf/config + RESTIC_PASSWORD: ${SECRET_VOLSYNC_PASSWORD} + AWS_ACCESS_KEY_ID: ${SECRET_VOLSYNC_R2_ID} + AWS_SECRET_ACCESS_KEY: ${SECRET_VOLSYNC_R2_KEY} +--- +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: audiobookshelf-config-restic + namespace: audiobookshelf +spec: + sourcePVC: config-audiobookshelf-0 + trigger: + schedule: "0 6 * * *" + restic: + copyMethod: Snapshot + pruneIntervalDays: 14 + repository: audiobookshelf-config-restic + cacheCapacity: 2Gi + volumeSnapshotClassName: block + storageClassName: block + moverSecurityContext: + runAsUser: &uid ${APP_UID_AUDIOBOOKSHELF} + runAsGroup: *uid + fsGroup: *uid + retain: + daily: 14 + within: 7d diff --git a/kube/deploy/apps/audiobookshelf/ks.yaml b/kube/deploy/apps/audiobookshelf/ks.yaml new file mode 100644 index 00000000..4d9df694 --- /dev/null +++ b/kube/deploy/apps/audiobookshelf/ks.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: audiobookshelf-app + namespace: flux-system +spec: + path: ./kube/deploy/apps/audiobookshelf/app + dependsOn: + - name: 1-core-storage-rook-ceph-cluster + - name: 1-core-ingress-nginx-app + - name: 1-core-storage-volsync-app \ No newline at end of file diff --git a/kube/deploy/apps/audiobookshelf/kustomization.yaml b/kube/deploy/apps/audiobookshelf/kustomization.yaml new file mode 100644 index 00000000..5eeb2657 --- /dev/null +++ b/kube/deploy/apps/audiobookshelf/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ns.yaml + - ks.yaml diff --git a/kube/deploy/apps/audiobookshelf/ns.yaml b/kube/deploy/apps/audiobookshelf/ns.yaml new file mode 100644 index 00000000..01bc960e --- /dev/null +++ b/kube/deploy/apps/audiobookshelf/ns.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: audiobookshelf