Add jellyseerr

kubernetes/apps/default/jellyseerr/app/externalsecret.yaml

@@ -0,0 +1,28 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: jellyseerr
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: jellyseerr-secret
+    template:
+      engineVersion: v2
+      data:
+        DB_TYPE: "postgres" # Which DB engine to use. The default is "sqlite". To use postgres, this needs to be set to "postgres"
+        DB_HOST: "postgres-primary-real.database.svc"
+        DB_PORT: "5432"
+        DB_USER: "{{ .JELLYSEERR_POSTGRES_USER }}"
+        DB_PASS: "{{ .JELLYSEERR_POSTGRES_PASSWORD }}"
+        DB_NAME: "jellyseerr"
+        DB_LOG_QUERIES: 'false' # Whether to log the DB queries for debugging
+        DB_USE_SSL: 'false' # Whether to enable ssl for database connection
+  dataFrom:
+    - extract:
+        key: pushover
+    - extract:
+        key: jellyseerr

kubernetes/apps/default/jellyseerr/app/helmrelease.yaml

@@ -0,0 +1,93 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: jellyseerr
+spec:
+  chart:
+    spec:
+      chart: app-template
+      version: 3.2.1
+      interval: 30m
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+      strategy: rollback
+  interval: 30m
+  valuesFrom:
+    - kind: Secret
+      name: jellyseerr-secret
+  values:
+    controllers:
+      jellyseerr:
+        annotations:
+          reloader.stakater.com/auto: "true"
+        containers:
+          app:
+            env:
+              NODE_ENV: production
+            image:
+              repository: ghcr.io/jahanson/jellyseerr
+              tag: v1.9.2-postgresql
+            probes:
+              liveness:
+                enabled: true
+              readiness:
+                enabled: true
+            resources:
+              limits:
+                memory: 390Mi
+              requests:
+                cpu: 50m
+                memory: 390Mi
+            securityContext:
+              allowPrivilegeEscalation: false
+              capabilities:
+                drop:
+                  - ALL
+              readOnlyRootFilesystem: true
+        statefulset:
+          podManagementPolicy: Parallel
+          volumeClaimTemplates:
+            - accessMode: ReadWriteOnce
+              globalMounts:
+                - path: /usr/lib/jellyseerr/config
+              name: config
+              size: 1Mi
+        type: statefulset
+    defaultPodOptions:
+      securityContext:
+        fsGroup: 568
+        runAsGroup: 568
+        runAsNonRoot: true
+        runAsUser: 568
+        seccompProfile:
+          type: RuntimeDefault
+    ingress:
+      app:
+        annotations:
+          external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
+          external-dns.alpha.kubernetes.io/target: external.hsn.dev
+        className: nginx-external
+        hosts:
+          - host: jellyseerr.hsn.dev
+            paths:
+              - path: /
+                service:
+                  identifier: app
+                  port: http
+    service:
+      app:
+        controller: jellyseerr
+        ports:
+          http:
+            port: 5055

kubernetes/apps/default/jellyseerr/app/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./externalsecret.yaml
+  - ./helmrelease.yaml

kubernetes/apps/default/jellyseerr/ks.yaml

@@ -0,0 +1,29 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app jellyseerr
+  namespace: flux-system
+spec:
+  targetNamespace: default
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  interval: 10m
+  path: "./kubernetes/apps/default/jellyseerr/app"
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: homelab
+  wait: false
+  dependsOn:
+    - name: openebs
+    - name: crunchy-postgres-operator
+    - name: external-secrets-stores
+  postBuild:
+    substitute:
+      APP: *app
+      VOLSYNC_CAPACITY: 1Gi
+      APP_GID: "1000"
+      APP_UID: "1000"

shell.nix

@@ -18,25 +18,4 @@ pkgs.mkShell {
     pre-commit
     sops
   ];
-  # Possible inputs needed. Keeping here for posterity
-  # age
-  # ansible
-  # cilium-cli
-  # direnv
-  # derailed/k9s/k9s
-  # fluxcd/tap/flux
-  # go-task/tap/go-task
-  # helm
-  # ipcalc
-  # jq
-  # kubernetes-cli
-  # kustomize
-  # pre-commit
-  # prettier
-  # shellcheck
-  # sops
-  # stern
-  # talhelper
-  # yamllint
-  # yq
 }