diff --git a/kubernetes/apps/default/kustomization.yaml b/kubernetes/apps/default/kustomization.yaml
index 0dbc1af..48af3eb 100644
--- a/kubernetes/apps/default/kustomization.yaml
+++ b/kubernetes/apps/default/kustomization.yaml
@@ -6,5 +6,6 @@ resources:
# Flux-Kustomizations
- ./jellyfin/ks.yaml
- ./prowlarr/ks.yaml
+ - ./radarr/ks.yaml
- ./sabnzbd/ks.yaml
- ./qbittorrent/ks.yaml
diff --git a/kubernetes/apps/default/radarr/app/externalsecret.yaml b/kubernetes/apps/default/radarr/app/externalsecret.yaml
new file mode 100644
index 0000000..3ea97c0
--- /dev/null
+++ b/kubernetes/apps/default/radarr/app/externalsecret.yaml
@@ -0,0 +1,25 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+ name: radarr
+spec:
+ secretStoreRef:
+ kind: ClusterSecretStore
+ name: onepassword-connect
+ target:
+ name: radarr-secret
+ template:
+ engineVersion: v2
+ data:
+ RADARR__API_KEY: "{{ .api_key }}"
+ RADARR__POSTGRES_MAIN_DB: radarr_main
+ RADARR__POSTGRES_LOG_DB: radarr_log
+ PUSHOVER_TOKEN: "{{ .radarr_token }}"
+ PUSHOVER_USER_KEY: "{{ .userkey_jahanson }}"
+ dataFrom:
+ - extract:
+ key: pushover
+ - extract:
+ key: radarr
diff --git a/kubernetes/apps/default/radarr/app/helmrelease.yaml b/kubernetes/apps/default/radarr/app/helmrelease.yaml
new file mode 100644
index 0000000..edc418b
--- /dev/null
+++ b/kubernetes/apps/default/radarr/app/helmrelease.yaml
@@ -0,0 +1,124 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+ name: radarr
+spec:
+ interval: 30m
+ chart:
+ spec:
+ chart: app-template
+ version: 2.5.0
+ sourceRef:
+ kind: HelmRepository
+ name: bjw-s
+ namespace: flux-system
+ install:
+ remediation:
+ retries: 3
+ upgrade:
+ cleanupOnFail: true
+ remediation:
+ retries: 3
+ uninstall:
+ keepHistory: false
+ dependsOn:
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
+ values:
+ controllers:
+ main:
+ annotations:
+ reloader.stakater.com/auto: "true"
+ containers:
+ main:
+ image:
+ repository: ghcr.io/onedr0p/radarr
+ tag: 5.2.6.8376@sha256:2de39930de91ae698f9461bb959d93b9d59610f88e0c026e96bc5d9c99aeea89
+ env:
+ # Ref: https://github.com/Radarr/Radarr/issues/7030#issuecomment-1039689518
+ # Ref: https://github.com/dotnet/runtime/issues/9336
+ COMPlus_EnableDiagnostics: "0"
+ PUSHOVER_DEBUG: "false"
+ RADARR__AUTHENTICATION_METHOD: External
+ RADARR__AUTHENTICATION_REQUIRED: DisabledForLocalAddresses
+ RADARR__INSTANCE_NAME: Radarr
+ RADARR__PORT: &port 80
+ RADARR__LOG_LEVEL: info
+ RADARR__THEME: dark
+ TZ: America/Chicago
+ envFrom:
+ - secretRef:
+ name: radarr-secret
+ probes:
+ liveness: &probes
+ enabled: true
+ custom: true
+ spec:
+ httpGet:
+ path: /ping
+ port: *port
+ initialDelaySeconds: 0
+ periodSeconds: 10
+ timeoutSeconds: 1
+ failureThreshold: 3
+ readiness: *probes
+ startup:
+ enabled: false
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ capabilities: { drop: ["ALL"] }
+ resources:
+ requests:
+ cpu: 10m
+ limits:
+ memory: 1Gi
+ pod:
+ securityContext:
+ runAsUser: 568
+ runAsGroup: 568
+ runAsNonRoot: true
+ fsGroup: 568
+ fsGroupChangePolicy: OnRootMismatch
+ supplementalGroups: [10000]
+ service:
+ main:
+ ports:
+ http:
+ port: *port
+ ingress:
+ main:
+ enabled: true
+ className: internal
+ hosts:
+ - host: &host "{{ .Release.Name }}.jahanson.tech"
+ paths:
+ - path: /
+ service:
+ name: main
+ port: http
+ tls:
+ - hosts:
+ - *host
+ persistence:
+ config:
+ enabled: true
+ existingClaim: radarr
+ pushover-notify:
+ type: configMap
+ name: radarr-configmap
+ defaultMode: 0775
+ globalMounts:
+ - path: /scripts/pushover-notify.sh
+ subPath: pushover-notify.sh
+ readOnly: true
+ tmp:
+ type: emptyDir
+ media:
+ type: nfs
+ server: 10.1.1.11
+ path: /volume1/Media
+ globalMounts:
+ - path: /data/nas-media
diff --git a/kubernetes/apps/default/radarr/app/kustomization.yaml b/kubernetes/apps/default/radarr/app/kustomization.yaml
new file mode 100644
index 0000000..11d79af
--- /dev/null
+++ b/kubernetes/apps/default/radarr/app/kustomization.yaml
@@ -0,0 +1,17 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+ - ./externalsecret.yaml
+ - ./postgresCluster.yaml
+ - ./pvc.yaml
+ - ./helmrelease.yaml
+configMapGenerator:
+ - name: radarr-configmap
+ files:
+ - pushover-notify.sh=./resources/pushover-notify.sh
+generatorOptions:
+ disableNameSuffixHash: true
+ annotations:
+ kustomize.toolkit.fluxcd.io/substitute: disabled
diff --git a/kubernetes/apps/default/radarr/app/postgresCluster.yaml b/kubernetes/apps/default/radarr/app/postgresCluster.yaml
new file mode 100644
index 0000000..361f670
--- /dev/null
+++ b/kubernetes/apps/default/radarr/app/postgresCluster.yaml
@@ -0,0 +1,87 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/postgres-operator.crunchydata.com/postgrescluster_v1beta1.json
+apiVersion: postgres-operator.crunchydata.com/v1beta1
+kind: PostgresCluster
+metadata:
+ name: "${APP}"
+spec:
+ postgresVersion: 16
+ dataSource:
+ pgbackrest:
+ stanza: db
+ configuration:
+ - secret:
+ name: pgo-s3-creds
+ global:
+ repo1-path: "/${APP}/repo1"
+ repo1-s3-uri-style: path
+ repo:
+ name: repo1
+ s3:
+ bucket: "crunchy-postgres"
+ endpoint: "s3.hsn.dev"
+ region: "us-east-1"
+ patroni:
+ dynamicConfiguration:
+ synchronous_mode: true
+ postgresql:
+ synchronous_commit: "on"
+ pg_hba:
+ - hostnossl all all 10.32.0.0/16 md5
+ - hostssl all all all md5
+ instances:
+ - name: postgres
+ metadata:
+ labels:
+ app.kubernetes.io/name: pgo-${APP}
+ replicas: 2
+ dataVolumeClaimSpec:
+ storageClassName: local-hostpath
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 5Gi
+ topologySpreadConstraints:
+ - maxSkew: 1
+ topologyKey: "kubernetes.io/hostname"
+ whenUnsatisfiable: "DoNotSchedule"
+ labelSelector:
+ matchLabels:
+ postgres-operator.crunchydata.com/cluster: ${APP}
+ postgres-operator.crunchydata.com/data: postgres
+ users:
+ - name: "${DB_USER}"
+ databases:
+ - "radarr_main"
+ - "radarr_logs"
+ options: "SUPERUSER"
+ password:
+ type: AlphaNumeric
+ backups:
+ pgbackrest:
+ configuration:
+ - secret:
+ name: pgo-s3-creds
+ global:
+ archive-push-queue-max: 4GiB
+ repo1-retention-full: "14"
+ repo1-retention-full-type: time
+ repo1-path: "/${APP}/repo1"
+ repo1-s3-uri-style: path
+ manual:
+ repoName: repo1
+ options:
+ - --type=full
+ metadata:
+ labels:
+ app.kubernetes.io/name: pgo-${APP}-backup
+ repos:
+ - name: repo1
+ schedules:
+ full: "0 1 * * 0"
+ differential: "0 1 * * 1-6"
+ s3:
+ bucket: "crunchy-postgres"
+ endpoint: "s3.hsn.dev"
+ region: "us-east-1"
diff --git a/kubernetes/apps/default/radarr/app/pvc.yaml b/kubernetes/apps/default/radarr/app/pvc.yaml
new file mode 100644
index 0000000..356db49
--- /dev/null
+++ b/kubernetes/apps/default/radarr/app/pvc.yaml
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: radarr
+spec:
+ accessModes: ["ReadWriteMany"]
+ resources:
+ requests:
+ storage: 15Gi
+ storageClassName: ceph-filesystem
diff --git a/kubernetes/apps/default/radarr/app/resources/pushover-notify.sh b/kubernetes/apps/default/radarr/app/resources/pushover-notify.sh
new file mode 100644
index 0000000..e7cf5e4
--- /dev/null
+++ b/kubernetes/apps/default/radarr/app/resources/pushover-notify.sh
@@ -0,0 +1,109 @@
+#!/usr/bin/env bash
+# shellcheck disable=SC2154
+
+PUSHOVER_DEBUG="${PUSHOVER_DEBUG:-"true"}"
+# kubectl port-forward service/radarr -n default 7878:80
+# export PUSHOVER_TOKEN="";
+# export PUSHOVER_USER_KEY="";
+# export radarr_eventtype=Download;
+# ./notify.sh
+
+CONFIG_FILE="/config/config.xml" && [[ "${PUSHOVER_DEBUG}" == "true" ]] && CONFIG_FILE="config.xml"
+ERRORS=()
+
+#
+# Configurable variables
+#
+# Required
+PUSHOVER_USER_KEY="${PUSHOVER_USER_KEY:-}" && [[ -z "${PUSHOVER_USER_KEY}" ]] && ERRORS+=("PUSHOVER_USER_KEY not defined")
+PUSHOVER_TOKEN="${PUSHOVER_TOKEN:-}" && [[ -z "${PUSHOVER_TOKEN}" ]] && ERRORS+=("PUSHOVER_TOKEN not defined")
+# Optional
+PUSHOVER_DEVICE="${PUSHOVER_DEVICE:-}"
+PUSHOVER_PRIORITY="${PUSHOVER_PRIORITY:-"-2"}"
+PUSHOVER_SOUND="${PUSHOVER_SOUND:-}"
+
+#
+# Print defined variables
+#
+for pushover_vars in ${!PUSHOVER_*}
+do
+ declare -n var="${pushover_vars}"
+ [[ -n "${var}" && "${PUSHOVER_DEBUG}" = "true" ]] && printf "%s - %s=%s\n" "$(date)" "${!var}" "${var}"
+done
+
+#
+# Validate required variables are set
+#
+if [ ${#ERRORS[@]} -gt 0 ]; then
+ for err in "${ERRORS[@]}"; do printf "%s - Undefined variable %s\n" "$(date)" "${err}" >&2; done
+ exit 1
+fi
+
+#
+# Send Notification on Test
+#
+if [[ "${radarr_eventtype:-}" == "Test" ]]; then
+ PUSHOVER_TITLE="Test Notification"
+ PUSHOVER_MESSAGE="Howdy this is a test notification from ${radarr_instancename:-Radarr}"
+fi
+
+#
+# Send notification on Download or Upgrade
+#
+if [[ "${radarr_eventtype:-}" == "Download" ]]; then
+ if [[ "${radarr_isupgrade}" == "True" ]]; then pushover_title="Upgraded"; else pushover_title="Downloaded"; fi
+ printf -v PUSHOVER_TITLE "Movie %s" "${pushover_title}"
+ printf -v PUSHOVER_MESSAGE "%s (%s)\n%s\n\nClient: %s\nQuality: %s\nSize: %s" \
+ "${radarr_movie_title}" \
+ "${radarr_movie_year}" \
+ "${radarr_movie_overview}" \
+ "${radarr_download_client}" \
+ "${radarr_moviefile_quality}" \
+ "$(numfmt --to iec --format "%8.2f" "${radarr_release_size}")"
+ printf -v PUSHOVER_URL "%s/movie/%s" "${radarr_applicationurl:-localhost}" "${radarr_movie_tmdbid}"
+ printf -v PUSHOVER_URL_TITLE "View movie in %s" "${radarr_instancename:-Radarr}"
+fi
+
+#
+# Send notification on Manual Interaction Required
+#
+if [[ "${radarr_eventtype:-}" == "ManualInteractionRequired" ]]; then
+ PUSHOVER_PRIORITY="1"
+ printf -v PUSHOVER_TITLE "Movie requires manual interaction"
+ printf -v PUSHOVER_MESSAGE "%s (%s)\nClient: %s" \
+ "${radarr_movie_title}" \
+ "${radarr_movie_year}" \
+ "${radarr_download_client}"
+ printf -v PUSHOVER_URL "%s/activity/queue" "${radarr_applicationurl:-localhost}"
+ printf -v PUSHOVER_URL_TITLE "View queue in %s" "${radarr_instancename:-Radarr}"
+fi
+
+notification=$(jq -n \
+ --arg token "${PUSHOVER_TOKEN}" \
+ --arg user "${PUSHOVER_USER_KEY}" \
+ --arg title "${PUSHOVER_TITLE}" \
+ --arg message "${PUSHOVER_MESSAGE}" \
+ --arg url "${PUSHOVER_URL}" \
+ --arg url_title "${PUSHOVER_URL_TITLE}" \
+ --arg priority "${PUSHOVER_PRIORITY}" \
+ --arg sound "${PUSHOVER_SOUND}" \
+ --arg device "${PUSHOVER_DEVICE}" \
+ --arg html "1" \
+ '{token: $token, user: $user, title: $title, message: $message, url: $url, url_title: $url_title, priority: $priority, sound: $sound, device: $device, html: $html}' \
+)
+
+status_code=$(curl \
+ --write-out "%{http_code}" \
+ --silent \
+ --output /dev/null \
+ --header "Content-Type: application/json" \
+ --data-binary "${notification}" \
+ --request POST "https://api.pushover.net/1/messages.json" \
+)
+
+if [[ "${status_code}" -ne 200 ]] ; then
+ printf "%s - Unable to send notification with status code %s and payload: %s\n" "$(date)" "${status_code}" "$(echo "${notification}" | jq -c)" >&2
+ exit 1
+else
+ printf "%s - Sent notification with status code %s and payload: %s\n" "$(date)" "${status_code}" "$(echo "${notification}" | jq -c)"
+fi
diff --git a/kubernetes/apps/default/radarr/ks.yaml b/kubernetes/apps/default/radarr/ks.yaml
new file mode 100644
index 0000000..81b9d5e
--- /dev/null
+++ b/kubernetes/apps/default/radarr/ks.yaml
@@ -0,0 +1,29 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: &app radarr
+ namespace: flux-system
+spec:
+ targetNamespace: default
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: *app
+ dependsOn:
+ - name: crunchy-postgres-operator
+ - name: external-secrets-stores
+ path: ./kubernetes/apps/default/radarr/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: homelab
+ wait: false
+ interval: 30m
+ retryInterval: 1m
+ timeout: 5m
+ postBuild:
+ substitute:
+ APP: *app
+ DB_NAME: radarr
+ DB_USER: radarr