Compare commits

..

1 commit

Author SHA1 Message Date
f7afe7c498 Update image code.forgejo.org/forgejo/runner to v4 2024-10-29 14:04:01 +00:00
36 changed files with 340 additions and 699 deletions

View file

@ -4,7 +4,7 @@
{
"description": ["Loose versioning for non-semver packages"],
"matchDatasources": ["docker"],
"matchPackagePatterns": ["cross-seed", "plex"],
"matchPackagePatterns": ["cross-seed"],
"versioning": "loose"
},
{

View file

@ -2,13 +2,14 @@
version: "3"
tasks:
cleanup-pods:
desc: Clean up leftover Pods
hubble:
desc: forward the hubble relay
cmds:
- for:
matrix:
PHASE: [Failed, Succeeded, Pending]
cmd: kubectl delete pods --field-selector status.phase={{.ITEM.PHASE}} -A --ignore-not-found=true
- cilium hubble port-forward &
hubble-ui:
desc: port-forward hubble to 8888
cmds:
- kubectl port-forward -n kube-system svc/hubble-ui 8888:80
sync-secrets:
desc: Sync ExternalSecret resources
vars:

View file

@ -30,7 +30,7 @@ spec:
runner-register:
image:
repository: code.forgejo.org/forgejo/runner
tag: 4.0.1
tag: 4.0.0
command:
- "forgejo-runner"
- "register"
@ -72,7 +72,7 @@ spec:
app:
image:
repository: code.forgejo.org/forgejo/runner
tag: 4.0.1
tag: 4.0.0
command:
- "sh"
- "-c"

View file

@ -30,7 +30,7 @@ spec:
app:
image:
repository: docker.io/excalidraw/excalidraw
tag: latest@sha256:697f4354cbef54492bf3acdf6a487469418ff8db483fae8e601ab89c5f3205a2
tag: latest@sha256:687708a6c879b9120c82b61faf9ff242367395be1d5f90c385989405e51b5433
pullPolicy: IfNotPresent
probes:
liveness:

View file

@ -13,7 +13,6 @@ resources:
- ./it-tools/ks.yaml
- ./linkwarden/ks.yaml
- ./maintainerr/ks.yaml
- ./morphos/ks.yaml
- ./omegabrr/ks.yaml
- ./overseerr/ks.yaml
- ./piped/ks.yaml
@ -26,7 +25,6 @@ resources:
- ./scrypted/ks.yaml
- ./searxng/ks.yaml
- ./sonarr/ks.yaml
- ./stirling-pdf/ks.yaml
- ./tautulli/ks.yaml
- ./unpackerr/ks.yaml
- ./zwave/ks.yaml

View file

@ -1,87 +0,0 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: morphos
spec:
interval: 30m
chart:
spec:
chart: app-template
version: 3.5.1
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
strategy: rollback
retries: 3
values:
controllers:
morphos:
annotations:
reloader.stakater.com/auto: "true"
containers:
app:
image:
repository: ghcr.io/danvergara/morphos-server
tag: 0.6.0@sha256:3d6f64ef386cbb6a7c5d55526e1a69da2d3661a1996d757897e92bf4369088f5
probes:
liveness: &probes
enabled: true
custom: true
spec:
httpGet:
path: /healthz
port: &port 8080
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
readiness: *probes
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities: { drop: ["ALL"] }
resources:
requests:
cpu: 100m
limits:
memory: 2Gi
defaultPodOptions:
securityContext:
runAsNonRoot: true
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
supplementalGroups: [10000]
seccompProfile: { type: RuntimeDefault }
service:
app:
controller: morphos
ports:
http:
port: *port
ingress:
app:
className: internal-nginx
hosts:
- host: &host "{{ .Release.Name }}.jahanson.tech"
paths:
- path: /
service:
identifier: app
port: http
tls:
- hosts:
- *host
persistence:
tmp:
type: emptyDir

View file

@ -1,7 +0,0 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helmrelease.yaml
- ../../../../templates/gatus/internal

View file

@ -1,23 +0,0 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app morphos
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/apps/default/morphos/app
prune: true
sourceRef:
kind: GitRepository
name: theshire
wait: false
interval: 30m
timeout: 5m
postBuild:
substitute:
APP: *app

View file

@ -61,7 +61,7 @@ spec:
app:
image:
repository: ghcr.io/bjw-s-labs/piped-frontend
tag: 2024.10.31@sha256:70cc08faeeabd6f2fa202a89994eed2fdb8ac2eb74033c0266faffc88fcdb5bf
tag: 2024.10.28@sha256:32787f43c388a6d1016fa07e41d0099a9bb87bf5a43cacf1b8b65ba79d62dc03
env:
BACKEND_HOSTNAME: piped-api.hsn.dev
probes:

View file

@ -38,7 +38,7 @@ spec:
app:
image:
repository: ghcr.io/onedr0p/plex
tag: 1.41.1.9057-af5eaea7a@sha256:5926b77196bb7c9f75b52f431d0483abea0fef1f576b7201592b385449201456
tag: 1.41.0.8992-8463ad060@sha256:d4c31adff5f2ed92152de7c2fb73464e71bea72c28fc7b4ebe74eefab2d9d048
env:
TZ: America/Chicago
PLEX_ADVERTISE_URL: https://plex.hsn.dev:443,http://10.1.1.39:32400

View file

@ -8,11 +8,98 @@ sonarr:
delete_old_custom_formats: true
replace_existing_custom_formats: true
include:
- template: sonarr-quality-definition-series
- template: sonarr-v4-quality-profile-web-1080p-alternative
- template: sonarr-v4-custom-formats-web-1080p
quality_definition:
type: series
quality_profiles:
- name: Web 1080p
reset_unmatched_scores:
enabled: true
upgrade:
allowed: true
until_quality: Web-1080p
until_score: 10000
min_format_score: 0
quality_sort: top
qualities:
- name: Web-1080p
qualities:
- WEBDL-1080p
- WEBRip-1080p
- name: HDTV-1080p
- name: Web-720p
qualities:
- WEBDL-720p
- WEBRip-720p
- name: HDTV-720p
- name: Web-480p
qualities:
- WEBDL-480p
- WEBRip-480p
- name: DVD
- name: SDTV
- name: Web 720p
reset_unmatched_scores:
enabled: true
upgrade:
allowed: true
until_quality: Web-720p
until_score: 10000
min_format_score: 0
quality_sort: top
qualities:
- name: Web-720p
qualities:
- WEBDL-720p
- WEBRip-720p
- name: HDTV-720p
- name: Web-480p
qualities:
- WEBDL-480p
- WEBRip-480p
- name: DVD
- name: SDTV
custom_formats:
- trash_ids:
# Unwanted
- 85c61753df5da1fb2aab6f2a47426b09 # BR-DISK
- 9c11cd3f07101cdba90a2d81cf0e56b4 # LQ
- 47435ece6b99a0b477caf360e79ba0bb # x265 (HD)
- fbcb31d8dabd2a319072b84fc0b7249c # Extras
# Misc
- ec8fa7296b64e8cd390a1600981f3923 # Repack/Proper
- eb3d5cc0a2be0db205fb823640db6a3c # Repack v2
- 44e7c4de10ae50265753082e5dc76047 # Repack v3
# Streaming Services
- d660701077794679fd59e8bdf4ce3a29 # AMZN
- f67c9ca88f463a48346062e8ad07713f # ATVP
- 4e9a630db98d5391aec1368a0256e2fe # CRAV
- 36b72f59f4ea20aad9316f475f2d9fbb # DCU
- 89358767a60cc28783cdc3d0be9388a4 # DSNP
- 7a235133c87f7da4c8cccceca7e3c7a6 # HBO
- a880d6abc21e7c16884f3ae393f84179 # HMAX
- f6cce30f1733d5c8194222a7507909bb # HULU
- 0ac24a2a68a9700bcb7eeca8e5cd644c # iT
- 81d1fbf600e2540cee87f3a23f9d3c1c # MAX
- d34870697c9db575f17700212167be23 # NF
- b2b980877494b560443631eb1f473867 # NLZ
- fb1a91cdc0f26f7ca0696e0e95274645 # OViD
- 1656adc6d7bb2c8cca6acfb6592db421 # PCOK
- c67a75ae4a1715f2bb4d492755ba4195 # PMTP
- 3ac5d84fce98bab1b531393e9c82f467 # QIBI
- c30d2958827d1867c73318a5a2957eb1 # RED
- ae58039e1319178e6be73caab5c42166 # SHO
- 1efe8da11bfd74fbbcd4d8117ddb9213 # STAN
- 5d2317d99af813b6529c7ebf01c83533 # VDL
- 77a7b25585c18af08f60b1547bb9b4fb # CC
# HQ Source Groups
- e6258996055b9fbab7e9cb2f75819294 # WEB Tier 01
- 58790d4e2fdcd9733aa7ae68ba2bb503 # WEB Tier 02
- d84935abd3f8556dcd51d4f27e22d0a6 # WEB Tier 03
- d0c516558625b04b363fa6c5c2c7cfd4 # WEB Scene
assign_scores_to:
- name: Web 1080p
- name: Web 720p
sonarr-anime:
base_url: http://sonarr-anime.anime.svc.cluster.local
api_key: !env_var SONARR_ANIME_API_KEY
@ -54,6 +141,29 @@ radarr:
quality_definition:
type: movie
quality_profiles:
- name: Remux/Web 1080p
reset_unmatched_scores:
enabled: true
upgrade:
allowed: true
until_quality: Remux-1080p
until_score: 10000
min_format_score: 0
quality_sort: top
qualities:
- name: Remux-1080p
- name: Bluray-1080p
enabled: false
- name: Web-1080p
qualities:
- WEBDL-1080p
- WEBRip-1080p
- name: HDTV-1080p
- name: SQP-1 (1080p)
reset_unmatched_scores:
enabled: true
include:
- template: radarr-quality-definition-sqp-streaming
- template: radarr-quality-profile-sqp-1-1080p
@ -61,6 +171,73 @@ radarr:
custom_formats:
- trash_ids:
# Audio
- 496f355514737f7d83bf7aa4d24f8169 # TrueHD Atmos
- 2f22d89048b01681dde8afe203bf2e95 # DTS X
- 417804f7f2c4308c1f4c5d380d4c4475 # ATMOS (undefined)
- 1af239278386be2919e1bcee0bde047e # DD+ ATMOS
- 3cafb66171b47f226146a0770576870f # TrueHD
- dcf3ec6938fa32445f590a4da84256cd # DTS-HD MA
- a570d4a0e56a2874b64e5bfa55202a1b # FLAC
- e7c2fcae07cbada050a0af3357491d7b # PCM
- 8e109e50e0a0b83a5098b056e13bf6db # DTS-HD HRA
- 185f1dd7264c4562b9022d963ac37424 # DD+
- f9f847ac70a0af62ea4a08280b859636 # DTS-ES
- 1c1a4c5e823891c75bc50380a6866f73 # DTS
- 240770601cc226190c367ef59aba7463 # AAC
- c2998bd0d90ed5621d8df281e839436e # DD
# Movie Versions
- 0f12c086e289cf966fa5948eac571f44 # Hybrid
- 570bc9ebecd92723d2d21500f4be314c # Remaster
- eca37840c13c6ef2dd0262b141a5482f # 4K Remaster
- e0c07d59beb37348e975a930d5e50319 # Criterion Collection
- 9d27d9d2181838f76dee150882bdc58c # Masters of Cinema
- db9b4c4b53d312a3ca5f1378f6440fc9 # Vinegar Syndrome
- 957d0f44b592285f26449575e8b1167e # Special Edition
- eecf3a857724171f968a66cb5719e152 # IMAX
- 9f6cbff8cfe4ebbc1bde14c7b7bec0de # IMAX Enhanced
# HQ Release Groups
- 3a3ff47579026e76d6504ebea39390de # Remux Tier 01
- 9f98181fe5a3fbeb0cc29340da2a468a # Remux Tier 02
- 8baaf0b3142bf4d94c42a724f034e27a # Remux Tier 03
- c20f169ef63c5f40c2def54abaf4438e # WEB Tier 01
- 403816d65392c79236dcb6dd591aeda4 # WEB Tier 02
- af94e0fe497124d1f9ce732069ec8c3b # WEB Tier 03
# Misc
- e7718d7a3ce595f289bfee26adc178f5 # Repack/Proper
- ae43b294509409a6a13919dedd4764c4 # Repack2
# Unwanted
- ed38b889b31be83fda192888e2286d83 # BR-DISK
- 90a6f9a284dff5103f6346090e6280c8 # LQ
- dc98083864ea246d05a42df0d05f81cc # x265 (HD)
- b8cd450cbfa689c0259a01d9e29ba3d6 # 3D
# Streaming Services
- cc5e51a9e85a6296ceefe097a77f12f4 # BCORE
- 2a6039655313bf5dab1e43523b62c374 # MA
- 16622a6911d1ab5d5b8b713d5b0036d4 # CRiT
assign_scores_to:
- name: Remux/Web 1080p
- trash_ids:
# Streaming Services
- b3b3a6ac74ecbd56bcdbefa4799fb9df # AMZN
- 40e9380490e748672c2522eaaeb692f7 # ATVP
- f6ff65b3f4b464a79dcc75950fe20382 # CRAV
- 84272245b2988854bfb76a16e60baea5 # DSNP
- 509e5f41146e278f9eab1ddaceb34515 # HBO
- 5763d1b0ce84aff3b21038eea8e9b8ad # HMAX
- 526d445d4c16214309f0fd2b3be18a89 # Hulu
- 6a061313d22e51e0f25b7cd4dc065233 # MAX
- 170b1d363bd8516fbf3a3eb05d4faff6 # NF
- fbca986396c5e695ef7b2def3c755d01 # OViD
- bf7e73dd1d85b12cc527dc619761c840 # Pathe
- c9fd353f8f5f1baf56dc601c4cb29920 # PCOK
- e36a0ba1bc902b26ee40818a1d59b8bd # PMTP
- c2863d2a50c9acad1fb50e53ece60817 # STAN
assign_scores_to:
- name: Remux/Web 1080p
score: 0
- trash_ids:
- 9f6cbff8cfe4ebbc1bde14c7b7bec0de # IMAX Enhanced
- b6832f586342ef70d9c128d40c07b872 # Bad Dual Groups
- 90cedc1fea7ea5d11298bebd3d1d3223 # EVO (no WEBDL)
- ae9b7c9ebde1f3bd336a8cbd1ec4c5e5 # No-RlsGroup

View file

@ -38,7 +38,7 @@ spec:
app:
image:
repository: quay.io/redlib/redlib
tag: latest@sha256:26c521ec7646148f3f05d3817ce6525a5a8dba41644c802ad4f31b79423d59da
tag: latest@sha256:a3f1eca3ebfc043eea4bc8274b1e9fe86ec15d0efa13536bd519f36eb18f763d
env:
REDLIB_DEFAULT_SHOW_NSFW: on
REDLIB_DEFAULT_WIDE: on

View file

@ -13,15 +13,8 @@ spec:
template:
engineVersion: v2
data:
CROSS_SEED_API_KEY: "{{ .CROSS_SEED_API_KEY }}"
PUSHOVER_TOKEN: "{{ .sabz_token }}"
PUSHOVER_USER_KEY: "{{ .userkey_jahanson }}"
SABNZBD__API_KEY: "{{ .api_key }}"
SABNZBD__NZB_KEY: "{{ .nzb_key }}"
dataFrom:
- extract:
key: cross-seed
- extract:
key: pushover
- extract:
key: sabnzbd

View file

@ -22,11 +22,6 @@ spec:
remediation:
retries: 3
strategy: rollback
dependsOn:
- name: rook-ceph-cluster
namespace: rook-ceph
- name: volsync
namespace: volsync-system
values:
controllers:
sabnzbd:
@ -48,11 +43,6 @@ spec:
sabnzbd.default.svc.cluster.local,
sabz.jahanson.tech,
sabnzbd.jahanson.tech
CROSS_SEED_ENABLED: true
CROSS_SEED_HOST: cross-seed.qbittorrent.svc.cluster.local
CROSS_SEED_PORT: 80
CROSS_SEED_SLEEP_INTERVAL: 30
PUSHOVER_ENABLED: true
envFrom:
- secretRef:
name: sabnzbd-secret
@ -80,15 +70,14 @@ spec:
cpu: 100m
limits:
memory: 16Gi
defaultPodOptions:
pod:
securityContext:
runAsNonRoot: true
runAsUser: 568
runAsGroup: 568
runAsNonRoot: true
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
supplementalGroups: [10000]
seccompProfile: { type: RuntimeDefault }
service:
app:
controller: sabnzbd
@ -115,12 +104,6 @@ spec:
existingClaim: sabnzbd
tmp:
type: emptyDir
scripts:
type: configMap
name: sabnzbd-scripts
defaultMode: 0775
globalMounts:
- readOnly: true
media:
type: nfs
server: 10.1.1.13

View file

@ -6,11 +6,3 @@ resources:
- ./externalsecret.yaml
- ./helmrelease.yaml
- ../../../../templates/volsync
configMapGenerator:
- name: sabnzbd-scripts
files:
- post-process.sh=./resources/post-process.sh
generatorOptions:
disableNameSuffixHash: true
annotations:
kustomize.toolkit.fluxcd.io/substitute: disabled

View file

@ -1,121 +0,0 @@
#!/usr/bin/env bash
# shellcheck disable=SC2154
set -euo pipefail
# User-defined variables
CROSS_SEED_ENABLED="${CROSS_SEED_ENABLED:-false}"
CROSS_SEED_HOST="${CROSS_SEED_HOST:-required}"
CROSS_SEED_PORT="${CROSS_SEED_PORT:-required}"
CROSS_SEED_API_KEY="${CROSS_SEED_API_KEY:-required}"
CROSS_SEED_SLEEP_INTERVAL="${CROSS_SEED_SLEEP_INTERVAL:-30}"
PUSHOVER_ENABLED="${PUSHOVER_ENABLED:-false}"
PUSHOVER_USER_KEY="${PUSHOVER_USER_KEY:-required}"
PUSHOVER_TOKEN="${PUSHOVER_TOKEN:-required}"
# Function to set release variables from SABnzbd
set_sab_vars() {
RELEASE_NAME="${SAB_FILENAME:-}"
RELEASE_DIR="${SAB_COMPLETE_DIR:-}"
RELEASE_CAT="${SAB_CAT:-}"
RELEASE_SIZE="${SAB_BYTES:-}"
RELEASE_STATUS="${SAB_PP_STATUS:-}"
RELEASE_INDEXER="${SAB_URL:-}"
RELEASE_TYPE="NZB"
}
# Function to set release variables from qBittorrent
set_qb_vars() {
RELEASE_NAME="$1" # %N
RELEASE_DIR="$2" # %F
RELEASE_CAT="$3" # %L
RELEASE_SIZE="$4" # %Z
RELEASE_INDEXER="$5" # %T
RELEASE_STATUS=0 # Always 0 for qBittorrent
RELEASE_TYPE="Torrent"
}
# Function to send pushover notification
send_pushover_notification() {
local pushover_message status_code json_data
printf -v pushover_message \
"<b>%s</b><small>\n<b>Category:</b> %s</small><small>\n<b>Indexer:</b> %s</small><small>\n<b>Size:</b> %s</small>" \
"${RELEASE_NAME%.*}" \
"${RELEASE_CAT}" \
"$(trurl --url "${RELEASE_INDEXER}" --get '{idn:host}')" \
"$(numfmt --to iec --format "%8.2f" "${RELEASE_SIZE}")"
json_data=$(jo \
token="${PUSHOVER_TOKEN}" \
user="${PUSHOVER_USER_KEY}" \
title="${RELEASE_TYPE} Downloaded" \
message="${pushover_message}" \
priority="-2" \
html="1"
)
status_code=$(curl \
--silent \
--write-out "%{http_code}" \
--output /dev/null \
--request POST \
--header "Content-Type: application/json" \
--data-binary "${json_data}" \
"https://api.pushover.net/1/messages.json"
)
printf "pushover notification returned with HTTP status code %s and payload: %s\n" \
"${status_code}" \
"$(echo "${json_data}" | jq --compact-output)" >&2
}
# Function to search for cross-seed
search_cross_seed() {
local status_code
status_code=$(curl \
--silent \
--output /dev/null \
--write-out "%{http_code}" \
--request POST \
--data-urlencode "path=${RELEASE_DIR}" \
--header "X-Api-Key: ${CROSS_SEED_API_KEY}" \
"http://${CROSS_SEED_HOST}:${CROSS_SEED_PORT}/api/webhook"
)
printf "cross-seed search returned with HTTP status code %s and path %s\n" \
"${status_code}" \
"${RELEASE_DIR}" >&2
sleep "${CROSS_SEED_SLEEP_INTERVAL}"
}
main() {
# Determine the source and set release variables accordingly
if env | grep -q "^SAB_"; then
set_sab_vars
else
set_qb_vars "$@"
fi
# Check if post-processing was successful
if [[ "${RELEASE_STATUS}" -ne 0 ]]; then
printf "post-processing failed with sabnzbd status code %s\n" \
"${RELEASE_STATUS}" >&2
exit 1
fi
# Update permissions on the release directory
chmod -R 750 "${RELEASE_DIR}"
# Send pushover notification
if [[ "${PUSHOVER_ENABLED}" == "true" ]]; then
send_pushover_notification
fi
# Search for cross-seed
if [[ "${CROSS_SEED_ENABLED}" == "true" ]]; then
search_cross_seed
fi
}
main "$@"

View file

@ -32,7 +32,7 @@ spec:
app:
image:
repository: ghcr.io/koush/scrypted
tag: v0.122.0-jammy-nvidia
tag: v0.121.0-jammy-nvidia
probes:
liveness:
enabled: true

View file

@ -1,81 +0,0 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app stirling-pdf
spec:
interval: 30m
chart:
spec:
chart: app-template
version: 3.5.1
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
strategy: rollback
retries: 3
values:
controllers:
stirling-pdf:
annotations:
reloader.stakater.com/auto: "true"
containers:
app:
image:
repository: ghcr.io/stirling-tools/s-pdf
tag: 0.31.1@sha256:fefbcbdc851bfdb29e172df03d8ac280efdd3eada92b16c46b0fc15932152c6c
pullPolicy: IfNotPresent
env:
TZ: America/Chicago
DOCKER_ENABLE_SECURITY: false
SECURITY_ENABLE_LOGIN: false
probes:
liveness: &probes
enabled: false
readiness: *probes
startup: *probes
resources:
requests:
cpu: 10m
memory: 500Mi
limits:
memory: 2Gi
service:
app:
controller: stirling-pdf
ports:
http:
port: &port 8080
ingress:
app:
enabled: true
className: internal-nginx
hosts:
- host: &host pdf.jahanson.tech
paths:
- path: /
service:
identifier: app
port: http
tls:
- hosts:
- *host
persistence:
config:
type: emptyDir
globalMounts:
- path: /configs
logs:
type: emptyDir
tessdata:
type: emptyDir
globalMounts:
- path: /usr/share/tessdata

View file

@ -1,9 +0,0 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
# App
- ./helmrelease.yaml
# Templates
- ../../../../templates/gatus/internal

View file

@ -1,23 +0,0 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app stirling-pdf
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
interval: 10m
path: ./kubernetes/apps/default/stirling-pdf/app
prune: true
sourceRef:
kind: GitRepository
name: theshire
wait: false
postBuild:
substitute:
APP: *app
GATUS_SUBDOMAIN: pdf

View file

@ -36,7 +36,7 @@ spec:
app:
image:
repository: ghcr.io/zwave-js/zwave-js-ui
tag: 9.26.0@sha256:dd945bf63aca8c31763d90addf36db1f0d809c232b806d193173c329c03a183f
tag: 9.25.0@sha256:f00866bdc2376e19bad2b8db94d056107279efd5277447c9229d16315f33cd82
env:
TZ: America/Chicago
PORT: &port 80

View file

@ -10,7 +10,7 @@ spec:
chart:
spec:
chart: node-feature-discovery
version: 0.16.6
version: 0.16.5
sourceRef:
kind: HelmRepository
name: kubernetes-sigs-nfd

View file

@ -10,7 +10,7 @@ spec:
chart:
spec:
chart: kyverno
version: 3.3.0
version: 3.2.7
sourceRef:
kind: HelmRepository
name: kyverno
@ -33,52 +33,44 @@ spec:
annotations:
grafana_folder: System
backgroundController:
serviceMonitor:
enabled: true
rbac:
clusterRole:
extraResources:
- apiGroups:
- '*'
- ""
resources:
- '*'
- pods
verbs:
- get
- list
- watch
- create
- update
- patch
resources:
requests:
cpu: 100m
limits:
memory: 1Gi
- delete
- get
- list
cleanupController:
serviceMonitor:
enabled: true
reportsController:
clusterRole:
extraResources:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- get
- list
- watch
serviceMonitor:
enabled: true
admissionController:
replicas: 1
serviceMonitor:
enabled: true
rbac:
clusterRole:
extraResources:
- apiGroups:
- '*'
- ""
resources:
- '*'
- pods
- nodes
verbs:
- get
- list
- watch
serviceMonitor:
enabled: true
- create
- update
- delete
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
@ -93,24 +85,24 @@ spec:
# These are joined together without spaces, run through `tpl`, and the result is set in the config map.
# @default -- See [values.yaml](https://github.com/kyverno/kyverno/blob/ed1906a0dc281c2aeb9b7046b843708825310330/charts/kyverno/values.yaml#L207C3-L316C1)
resourceFilters:
- "[Event,*,*]"
# - "[*/*,kube-system,*]"
- "[*/*,kube-public,*]"
- "[*/*,kube-node-lease,*]"
- "[Node,*,*]"
- "[Node/*,*,*]"
- "[APIService,*,*]"
- "[APIService/*,*,*]"
- "[TokenReview,*,*]"
- "[SubjectAccessReview,*,*]"
- "[SelfSubjectAccessReview,*,*]"
- '[Event,*,*]'
- '[*/*,kube-system,*]'
- '[*/*,kube-public,*]'
- '[*/*,kube-node-lease,*]'
- '[Node,*,*]'
- '[Node/*,*,*]'
- '[APIService,*,*]'
- '[APIService/*,*,*]'
- '[TokenReview,*,*]'
- '[SubjectAccessReview,*,*]'
- '[SelfSubjectAccessReview,*,*]'
# remove the following to allow for schematic-to-pod.yaml to work
# - '[Binding,*,*]'
# - '[Pod/binding,*,*]'
- "[ReplicaSet,*,*]"
- "[ReplicaSet/*,*,*]"
- "[EphemeralReport,*,*]"
- "[ClusterEphemeralReport,*,*]"
- '[ReplicaSet,*,*]'
- '[ReplicaSet/*,*,*]'
- '[EphemeralReport,*,*]'
- '[ClusterEphemeralReport,*,*]'
# exclude resources from the chart
- '[ClusterRole,*,{{ template "kyverno.admission-controller.roleName" . }}]'
- '[ClusterRole,*,{{ template "kyverno.admission-controller.roleName" . }}:core]'

View file

@ -3,6 +3,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
# - ./remove-cpu-limits.yaml
- ./remove-cpu-limits.yaml
- ./schematic-to-pod.yaml
- ./volsync-movers.yaml

View file

@ -13,6 +13,7 @@ metadata:
This policy removes CPU limits from all Pods.
pod-policies.kyverno.io/autogen-controllers: none
spec:
generateExistingOnPolicyUpdate: true
rules:
- name: remove-containers-cpu-limits
match:
@ -20,9 +21,6 @@ spec:
- resources:
kinds: ["Pod"]
mutate:
targets:
- apiVersion: v1
kind: Pod
foreach:
- list: "request.object.spec.containers"
patchesJson6902: |-
@ -39,9 +37,6 @@ spec:
operator: GreaterThanOrEquals
value: 1
mutate:
targets:
- apiVersion: v1
kind: Pod
foreach:
- list: "request.object.spec.initContainers"
patchesJson6902: |-

View file

@ -3,10 +3,10 @@
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: add-talos-factory-schematic-to-node
name: mutate-pod-binding
annotations:
pod-policies.kyverno.io/autogen-controllers: none
policies.kyverno.io/title: Adds talos factory schematic to node
policies.kyverno.io/title: Mutate Pod Add Schematic
policies.kyverno.io/category: Other
policies.kyverno.io/subject: Pod
kyverno.io/kyverno-version: 1.10.0

View file

@ -10,17 +10,18 @@ metadata:
This policy sets custom configuration on the Volsync mover Jobs.
policies.kyverno.io/subject: Pod
spec:
generateExistingOnPolicyUpdate: true
rules:
- name: mutate-volsync-src-movers
- name: set-volsync-movers-custom-config
match:
any:
- resources:
resources:
kinds: ["batch/v1/Job"]
names: ["volsync-src-*"]
namespaces: ["*"]
selector:
matchLabels:
app.kubernetes.io/created-by: volsync
namespaceSelector:
matchLabels:
volsync.backube/privileged-movers: "true"
mutate:
patchStrategicMerge:
spec:
@ -37,7 +38,6 @@ spec:
initContainers:
- name: jitter
image: docker.io/library/busybox:latest
imagePullPolicy: IfNotPresent
command: ['sh', '-c', 'sleep $(shuf -i 0-60 -n 1)']
containers:
- name: restic
@ -49,28 +49,3 @@ spec:
nfs:
server: shadowfax.jahanson.tech
path: /nahar/volsync
- name: mutate-volsync-dst-movers
match:
any:
- resources:
kinds: ["batch/v1/Job"]
names: ["volsync-dst-*"]
namespaces: ["*"]
selector:
matchLabels:
app.kubernetes.io/created-by: volsync
mutate:
patchStrategicMerge:
spec:
template:
spec:
containers:
- name: restic
volumeMounts:
- name: repository
mountPath: /repository
volumes:
- name: repository
nfs:
server: shadowfax.jahanson.tech
path: /nahar/volsync

View file

@ -165,6 +165,12 @@ spec:
gnetId: 15038
revision: 3
datasource: Prometheus
minio:
# renovate: depName="MinIO Dashboard"
gnetId: 13502
revision: 26
datasource:
- { name: DS_PROMETHEUS, value: Prometheus }
node-exporter-full:
# renovate: depName="Node Exporter Full"
gnetId: 1860

View file

@ -5,7 +5,6 @@ kind: ExternalSecret
metadata:
name: cross-seed
spec:
refreshInterval: 5m
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
@ -18,39 +17,22 @@ spec:
module.exports = {
action: "inject",
apiKey: "{{.CROSS_SEED_API_KEY}}",
dataCategory: "cross-seed",
delay: 30,
duplicateCategories: false,
flatLinking: false,
duplicateCategories: true,
includeEpisodes: true,
includeNonVideos: true,
includeSingleEpisodes: true,
linkCategory: "cross-seed",
linkDir: "/data/nas-media/qb/downloads/complete/cross-seed",
linkType: "hardlink",
matchMode: "safe",
outputDir: "/config",
port: 80,
qbittorrentUrl: "http://qbittorrent.qbittorrent.svc.cluster.local",
radarr: ["http://radarr.default.svc.cluster.local/?apikey={{ .RADARR_API_KEY }}"],
skipRecheck: true,
sonarr: ["http://sonarr.default.svc.cluster.local/?apikey={{ .SONARR_API_KEY }}"],
torrentDir: "/qbittorrent/qBittorrent/BT_backup",
// torznab: []
torznab: [
6, // ANT
8, // BLU
9, // TL
10, // FL
12, // FNP
14, // TD
].map(i => `http://prowlarr.default.svc.cluster.local/$${i}/api?apikey={{ .PROWLARR_API_KEY }}`),
torznab: []
};
dataFrom:
- extract:
key: cross-seed
- extract:
key: radarr
- extract:
key: sonarr
- extract:
key: prowlarr

View file

@ -15,10 +15,6 @@ spec:
engineVersion: v2
data:
CROSS_SEED_API_KEY: "{{ .CROSS_SEED_API_KEY }}"
PUSHOVER_TOKEN: "{{ .qb_token }}"
PUSHOVER_USER_KEY: "{{ .userkey_jahanson }}"
dataFrom:
- extract:
key: cross-seed
- extract:
key: pushover

View file

@ -29,34 +29,37 @@ spec:
annotations:
configmap.reloader.stakater.com/reload: qbittorrent-scripts
secret.reloader.stakater.com/reload: qbittorrent-secret
pod:
securityContext:
fsGroup: 568
fsGroupChangePolicy: "OnRootMismatch"
containers:
app:
nameOverride: qbittorrent
image:
repository: ghcr.io/onedr0p/qbittorrent-beta
tag: 5.0.1@sha256:684422cab9fe3cba04812cf4207398bb72aa0f0283c92fddecd833648ac3f7bf
repository: ghcr.io/onedr0p/qbittorrent
tag: 4.6.7@sha256:5391f94b321d563c3b44136a5e799b7e4e4888926c1c31d3081a1cf3e74a9aec
env:
UMASK: "022"
QBT_WEBUI_PORT: &port 80
QBT_TORRENTING_PORT: &bittorrentPort 50413
CROSS_SEED_ENABLED: true
QBITTORRENT__PORT: &port 80
QBITTORRENT__BT_PORT: &bittorrentPort 50413
QBT_Preferences__WebUI__AlternativeUIEnabled: false
QBT_Preferences__WebUI__AuthSubnetWhitelistEnabled: true
QBT_Preferences__WebUI__AuthSubnetWhitelist: |-
10.244.0.0/16, 10.1.2.0/24
QBT_Preferences__WebUI__LocalHostAuth: false
CROSS_SEED_HOST: cross-seed.qbittorrent.svc.cluster.local
CROSS_SEED_PORT: 80
CROSS_SEED_SLEEP_INTERVAL: 0
PUSHOVER_ENABLED: true
envFrom:
- secretRef:
name: qbittorrent-secret
probes:
liveness:
enabled: true
readiness:
enabled: true
startup:
enabled: true
spec:
failureThreshold: 30
periodSeconds: 10
resources:
requests:
cpu: 49m
memory: 1024Mi
limits:
memory: 24Gi
securityContext:
runAsUser: 568
runAsGroup: 568
@ -66,24 +69,7 @@ spec:
capabilities:
drop:
- ALL
resources:
requests:
cpu: 100m
memory: 1024Mi
limits:
memory: 8Gi
defaultPodOptions:
nodeSelector: # ~~testing~~
kubernetes.io/hostname: shadowfax-01
securityContext:
runAsNonRoot: true
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
supplementalGroups: [10000]
seccompProfile: { type: RuntimeDefault }
terminationGracePeriodSeconds: 300
service:
app:
controller: *app
@ -121,16 +107,21 @@ spec:
name: qbittorrent-scripts
defaultMode: 0775
globalMounts:
- readOnly: true
tmp:
type: emptyDir
globalMounts:
- path: /tmp
- path: /scripts/cross-seed.sh
subPath: cross-seed.sh
readOnly: true
media:
type: nfs
server: gandalf.jahanson.tech
server: 10.1.1.13
path: /eru/media
advancedMounts:
qbittorrent:
app:
- path: /data/nas-media
qbtun:
type: hostPath
hostPath: /dev/net
advancedMounts:
qbittorrent:
gluetun:
- path: /dev/net

View file

@ -9,7 +9,7 @@ resources:
configMapGenerator:
- name: qbittorrent-scripts
files:
- post-process.sh=./resources/post-process.sh
- cross-seed.sh=./resources/cross-seed.sh
generatorOptions:
disableNameSuffixHash: true
annotations:

View file

@ -0,0 +1,32 @@
#!/usr/bin/env bash
export CROSS_SEED_HOST=${CROSS_SEED_HOST:-cross-seed.default.svc.cluster.local}
export CROSS_SEED_PORT=${CROSS_SEED_PORT:-80}
export CROSS_SEED_API_KEY=${CROSS_SEED_API_KEY:-unset}
export CROSS_SEED_SLEEP_INTERVAL=${CROSS_SEED_SLEEP_INTERVAL:-30}
SEARCH_PATH=$1
# Update permissions on the search path
chmod -R 750 "${SEARCH_PATH}"
# Search for cross-seed
response=$(
curl \
--silent \
--output /dev/null \
--write-out "%{http_code}" \
--request POST \
--data-urlencode "path=${SEARCH_PATH}" \
--header "X-Api-Key: ${CROSS_SEED_API_KEY}" \
"http://${CROSS_SEED_HOST}:${CROSS_SEED_PORT}/api/webhook"
)
if [[ "${response}" != "204" ]]; then
printf "Failed to search cross-seed for '%s'\n" "${SEARCH_PATH}"
exit 1
fi
printf "Successfully searched cross-seed for '%s'\n" "${SEARCH_PATH}"
sleep "${CROSS_SEED_SLEEP_INTERVAL}"

View file

@ -1,121 +0,0 @@
#!/usr/bin/env bash
# shellcheck disable=SC2154
set -euo pipefail
# User-defined variables
CROSS_SEED_ENABLED="${CROSS_SEED_ENABLED:-false}"
CROSS_SEED_HOST="${CROSS_SEED_HOST:-required}"
CROSS_SEED_PORT="${CROSS_SEED_PORT:-required}"
CROSS_SEED_API_KEY="${CROSS_SEED_API_KEY:-required}"
CROSS_SEED_SLEEP_INTERVAL="${CROSS_SEED_SLEEP_INTERVAL:-30}"
PUSHOVER_ENABLED="${PUSHOVER_ENABLED:-false}"
PUSHOVER_USER_KEY="${PUSHOVER_USER_KEY:-required}"
PUSHOVER_TOKEN="${PUSHOVER_TOKEN:-required}"
# Function to set release variables from SABnzbd
set_sab_vars() {
RELEASE_NAME="${SAB_FILENAME:-}"
RELEASE_DIR="${SAB_COMPLETE_DIR:-}"
RELEASE_CAT="${SAB_CAT:-}"
RELEASE_SIZE="${SAB_BYTES:-}"
RELEASE_STATUS="${SAB_PP_STATUS:-}"
RELEASE_INDEXER="${SAB_URL:-}"
RELEASE_TYPE="NZB"
}
# Function to set release variables from qBittorrent
set_qb_vars() {
RELEASE_NAME="$1" # %N
RELEASE_DIR="$2" # %F
RELEASE_CAT="$3" # %L
RELEASE_SIZE="$4" # %Z
RELEASE_INDEXER="$5" # %T
RELEASE_STATUS=0 # Always 0 for qBittorrent
RELEASE_TYPE="Torrent"
}
# Function to send pushover notification
send_pushover_notification() {
local pushover_message status_code json_data
printf -v pushover_message \
"<b>%s</b><small>\n<b>Category:</b> %s</small><small>\n<b>Indexer:</b> %s</small><small>\n<b>Size:</b> %s</small>" \
"${RELEASE_NAME%.*}" \
"${RELEASE_CAT}" \
"$(trurl --url "${RELEASE_INDEXER}" --get '{idn:host}')" \
"$(numfmt --to iec --format "%8.2f" "${RELEASE_SIZE}")"
json_data=$(jo \
token="${PUSHOVER_TOKEN}" \
user="${PUSHOVER_USER_KEY}" \
title="${RELEASE_TYPE} Downloaded" \
message="${pushover_message}" \
priority="-2" \
html="1"
)
status_code=$(curl \
--silent \
--write-out "%{http_code}" \
--output /dev/null \
--request POST \
--header "Content-Type: application/json" \
--data-binary "${json_data}" \
"https://api.pushover.net/1/messages.json"
)
printf "pushover notification returned with HTTP status code %s and payload: %s\n" \
"${status_code}" \
"$(echo "${json_data}" | jq --compact-output)" >&2
}
# Function to search for cross-seed
search_cross_seed() {
local status_code
status_code=$(curl \
--silent \
--output /dev/null \
--write-out "%{http_code}" \
--request POST \
--data-urlencode "path=${RELEASE_DIR}" \
--header "X-Api-Key: ${CROSS_SEED_API_KEY}" \
"http://${CROSS_SEED_HOST}:${CROSS_SEED_PORT}/api/webhook"
)
printf "cross-seed search returned with HTTP status code %s and path %s\n" \
"${status_code}" \
"${RELEASE_DIR}" >&2
sleep "${CROSS_SEED_SLEEP_INTERVAL}"
}
main() {
# Determine the source and set release variables accordingly
if env | grep -q "^SAB_"; then
set_sab_vars
else
set_qb_vars "$@"
fi
# Check if post-processing was successful
if [[ "${RELEASE_STATUS}" -ne 0 ]]; then
printf "post-processing failed with sabnzbd status code %s\n" \
"${RELEASE_STATUS}" >&2
exit 1
fi
# Update permissions on the release directory
chmod -R 750 "${RELEASE_DIR}"
# Send pushover notification
if [[ "${PUSHOVER_ENABLED}" == "true" ]]; then
send_pushover_notification
fi
# Search for cross-seed
if [[ "${CROSS_SEED_ENABLED}" == "true" ]]; then
search_cross_seed
fi
}
main "$@"

View file

@ -39,7 +39,7 @@ spec:
tagging: &container
image:
repository: ghcr.io/buroa/qbtools
tag: v0.19.7@sha256:ceb38f6794b10a8f1147dbc8a4df24857e0dae72341eaf2d435796937d77ba3a
tag: v0.19.6@sha256:16ae2000e5e795c5e7f3bf21ec72c09070b1494b8b55ba18275e37796fd19b31
env:
TZ: *timeZone
POD_NAMESPACE:

View file

@ -12,4 +12,4 @@ spec:
operation: copy
url: oci://ghcr.io/grafana/helm-charts/grafana
ref:
tag: 8.5.11
tag: 8.5.8