scottk/Biohazard
1
0
Fork 0
mirror of https://github.com/outbackdingo/Biohazard.git synced 2026-03-22 02:39:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add komga

Browse Source
This commit is contained in:
JJGadgets
2024-05-25 06:24:05 +08:00
parent 7ebcfddabc
commit 857911fa28
6 changed files with 235 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
kube/clusters/biohazard/flux/kustomization.yaml
View File

@@ -124,6 +124,7 @@ resources:
- ../../../deploy/apps/davis/
- ../../../deploy/apps/immich/
- ../../../deploy/apps/kromgo/
- ../../../deploy/apps/komga/
- ../../../deploy/vm/_kubevirt/
#- ../../../deploy/vm/_base/
- ../../../deploy/vm/ad/

41
kube/deploy/apps/komga/app/es.yaml Normal file
View File

@@ -0,0 +1,41 @@
---
# yaml-language-server: $schema=https://crds.jank.ing/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: &name komga-secrets
namespace: komga
spec:
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: 1p
dataFrom:
- extract:
key: "komga - ${CLUSTER_NAME}"
target:
creationPolicy: Owner
deletionPolicy: Retain
name: *name
template:
type: "Opaque"
data:
application.yml: |
spring:
security:
oauth2:
client:
registration:
authentik:
provider: authentik # this must match the provider below
client-name: Login with JJGadgets
client-id: "{{ .SECRET_KOMGA_AUTHENTIK_CLIENT_ID }}"
client-secret: "{{ .SECRET_KOMGA_AUTHENTIK_CLIENT_SECRET }}"
scope: openid,email
authorization-grant-type: authorization_code
# the placeholders in {} will be replaced automatically, you don't need to change this line
redirect-uri: "{baseUrl}/{action}/oauth2/code/{registrationId}"
provider:
authentik:
user-name-attribute: preferred_username
issuer-uri: https://${APP_DNS_AUTHENTIK}/application/o/komga/

133
kube/deploy/apps/komga/app/hr.yaml Normal file
View File

@@ -0,0 +1,133 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: &app komga
namespace: *app
spec:
interval: 5m
chart:
spec:
chart: app-template
version: 3.1.0
sourceRef:
name: bjw-s
kind: HelmRepository
namespace: flux-system
values:
controllers:
komga:
type: deployment
replicas: 1
pod:
labels:
ingress.home.arpa/nginx-internal: allow
authentik.home.arpa/https: allow
egress.home.arpa/internet: allow # metadata
containers:
main:
image: &img
repository: ghcr.io/gotson/komga
tag: 1.11.1@sha256:a21459c33136d2d65336e15683e8dba8330dece8747036edaae02d6ebc0fabbe
env: &env
TZ: "${CONFIG_TZ}"
KOMGA_CONFIGDIR: &pvc /config
SERVER_PORT: "8080"
LOGGING_FILE_NAME: /dev/stdout
KOMGA_OAUTH2_ACCOUNT_CREATION: "true"
KOMGA_OIDC_EMAIL_VERIFICATION: "true"
securityContext: &sc
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
resources:
requests:
cpu: "10m"
memory: "1Gi"
limits:
cpu: "3000m"
memory: "4Gi"
probes:
liveness:
enabled: true
readiness:
enabled: true
service:
komga:
controller: komga
ports:
http:
port: 8080
protocol: HTTP
appProtocol: http
ingress:
main:
className: nginx-internal
hosts:
- host: &host "${APP_DNS_KOMGA}"
paths: &paths
- path: /
pathType: Prefix
service:
name: main
port: http
tls:
- hosts: [*host]
tailscale:
primary: false
className: tailscale
hosts:
- host: &host "${APP_DNS_TS_KOMGA}"
paths: *paths
tls:
- hosts: [*host]
persistence:
config:
type: secret
name: komga-secrets
defaultMode: 0400
globalMounts:
- subPath: application.yml
path: /config/application.yml
data:
existingClaim: komga-data
globalMounts:
- subPath: data
path: *pvc
- subPath: media
path: /ceph
nfs:
type: nfs
server: "${IP_TRUENAS}"
path: "${PATH_NAS_MEDIA}"
globalMounts:
- path: /nas
readOnly: true
defaultPodOptions:
automountServiceAccountToken: false
enableServiceLinks: false
hostAliases:
- ip: "${APP_IP_AUTHENTIK}"
hostnames: ["${APP_DNS_AUTHENTIK}"]
securityContext:
runAsNonRoot: true
runAsUser: &uid ${APP_UID_KOMGA:=1000}
runAsGroup: *uid
fsGroup: *uid
fsGroupChangePolicy: Always
seccompProfile: { type: "RuntimeDefault" }
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/name: *app
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: fuckoff.home.arpa/komga
operator: DoesNotExist

44
kube/deploy/apps/komga/ks.yaml Normal file
View File

@@ -0,0 +1,44 @@
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: komga-app
namespace: flux-system
labels: &l
app.kubernetes.io/name: "komga"
spec:
commonMetadata:
labels: *l
path: ./kube/deploy/apps/komga/app
targetNamespace: "komga"
dependsOn:
- name: komga-pvc
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: komga-pvc
namespace: flux-system
labels: &l
app.kubernetes.io/name: "komga"
spec:
commonMetadata:
labels: *l
path: ./kube/deploy/core/storage/volsync/template
targetNamespace: "komga"
dependsOn:
- name: 1-core-storage-volsync-app
- name: 1-core-storage-rook-ceph-cluster
postBuild:
substitute:
PVC: "komga-data"
SIZE: "200Gi"
SC: &sc "file"
SNAP: *sc
ACCESSMODE: "ReadWriteMany"
RUID: !!str &uid |
${APP_UID_KOMGA}
RGID: !!str |
${APP_UID_KOMGA}
RFSG: !!str |
${APP_UID_KOMGA}

6
kube/deploy/apps/komga/kustomization.yaml Normal file
View File

@@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ns.yaml
- ks.yaml

10
kube/deploy/apps/komga/ns.yaml Normal file
View File

@@ -0,0 +1,10 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: komga
labels:
kustomize.toolkit.fluxcd.io/prune: disabled
pod-security.kubernetes.io/enforce: &ps baseline
pod-security.kubernetes.io/audit: *ps
pod-security.kubernetes.io/warn: *ps