Compare commits

..

1 commit

Author SHA1 Message Date
80b9849efd Update image ghcr.io/siderolabs/kubelet to v1.31.3 2024-12-02 05:05:15 +00:00
63 changed files with 192 additions and 458 deletions

View file

@ -1,21 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: matter-server-gatus-ep
labels:
gatus.io/enabled: "true"
data:
config.yaml: |
endpoints:
- name: matter-server
group: infrastructure
url: ws://matter-server.default.svc.cluster.local:5580
interval: 1m
ui:
hide-url: true
hide-hostname: true
conditions:
- "[CONNECTED] == true"
alerts:
- type: pushover

View file

@ -1,80 +0,0 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app matter-server
spec:
interval: 30m
chart:
spec:
chart: app-template
version: 3.5.1
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
retries: 3
strategy: rollback
values:
controllers:
matter-server:
annotations:
reloader.stakater.com/auto: "true"
containers:
app:
image:
repository: ghcr.io/home-assistant-libs/python-matter-server
tag: 6.6.1
pullPolicy: IfNotPresent
env:
TZ: "America/Chicago"
MATTER_SERVER__INSTANCE_NAME: *app
MATTER_SERVER__PORT: &port 5580
MATTER_SERVER__APPLICATION_URL: &host matter.jahanson.tech
MATTER_SERVER__LOG_LEVEL: debug
resources:
requests:
memory: "100Mi"
limits:
memory: "300Mi"
defaultPodOptions:
securityContext:
runAsNonRoot: true
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
seccompProfile: { type: RuntimeDefault }
service:
app:
controller: matter-server
type: LoadBalancer
annotations:
external-dns.alpha.kubernetes.io/hostname: *host
io.cilium/lb-ipam-ips: 10.1.1.40
ports:
http:
port: *port
ingress:
app:
className: internal-nginx
hosts:
- host: *host
paths:
- path: /
service:
identifier: app
port: *port
tls:
- hosts:
- *host
persistence:
data:
existingClaim: *app

View file

@ -1,8 +0,0 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./gatus.yaml
- ./helmrelease.yaml
- ../../../../templates/volsync

View file

@ -1,24 +0,0 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app matter-server
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/apps/default/matter-server/app
prune: true
sourceRef:
kind: GitRepository
name: theshire
wait: false # no flux ks dependents
interval: 30m
timeout: 5m
postBuild:
substitute:
APP: *app
VOLSYNC_CAPACITY: 1Gi

View file

@ -1,3 +1,5 @@
; https://editorconfig.org/
root = true root = true
[*] [*]

View file

@ -4,7 +4,7 @@
{ {
"description": ["Loose versioning for non-semver packages"], "description": ["Loose versioning for non-semver packages"],
"matchDatasources": ["docker"], "matchDatasources": ["docker"],
"matchPackagePatterns": ["plex"], "matchPackagePatterns": ["cross-seed", "plex"],
"versioning": "loose" "versioning": "loose"
}, },
{ {

View file

@ -18,20 +18,6 @@ tasks:
| xargs -P 4 -L 1 bash -c \ | xargs -P 4 -L 1 bash -c \
'kubectl -n $0 annotate kustomization/$1 reconcile.fluxcd.io/requestedAt="$(date +%s)" --field-manager=flux-client-side-apply --overwrite' 'kubectl -n $0 annotate kustomization/$1 reconcile.fluxcd.io/requestedAt="$(date +%s)" --field-manager=flux-client-side-apply --overwrite'
ks-suspend:
desc: Suspend all Flux Kustomizations
cmds:
- |
flux get kustomizations --all-namespaces --no-header | awk '{print $1, $2}' \
| xargs -L 1 bash -c 'flux -n $0 suspend kustomization $1'
ks-resume:
desc: Resume all Flux Kustomizations
cmds:
- |
flux get kustomizations --all-namespaces --no-header | awk '{print $1, $2}' \
| xargs -L 1 bash -c 'flux -n $0 resume kustomization $1'
hr-sync: hr-sync:
desc: Sync all Flux HelmReleases desc: Sync all Flux HelmReleases
cmds: cmds:

View file

@ -15,6 +15,7 @@
"hack": "scripts", "hack": "scripts",
"repositories": "database", "repositories": "database",
"vars": "other", "vars": "other",
// namespaces
"cert-manager": "guard", "cert-manager": "guard",
"external-secrets": "keys", "external-secrets": "keys",
"kube-system": "kubernetes", "kube-system": "kubernetes",

View file

@ -14,6 +14,8 @@ spec:
kind: HelmRepository kind: HelmRepository
name: bjw-s name: bjw-s
namespace: flux-system namespace: flux-system
dependsOn:
- name: ollama
install: install:
remediation: remediation:
retries: 3 retries: 3
@ -31,7 +33,7 @@ spec:
app: app:
image: image:
repository: ghcr.io/open-webui/open-webui repository: ghcr.io/open-webui/open-webui
tag: v0.4.8 tag: v0.4.5
env: env:
- name: OLLAMA_BASE_URL - name: OLLAMA_BASE_URL
value: http://10.1.1.61:11434 value: http://10.1.1.61:11434

View file

@ -31,7 +31,7 @@ spec:
app: app:
image: image:
repository: ghcr.io/onedr0p/radarr-develop repository: ghcr.io/onedr0p/radarr-develop
tag: 5.16.1.9508 tag: 5.15.1.9463
env: env:
RADARR__APP__INSTANCENAME: Radarr-Anime RADARR__APP__INSTANCENAME: Radarr-Anime
RADARR__APP__THEME: dark RADARR__APP__THEME: dark
@ -66,6 +66,11 @@ spec:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
capabilities: { drop: ["ALL"] } capabilities: { drop: ["ALL"] }
resources:
requests:
cpu: 10m
limits:
memory: 6Gi
pod: pod:
securityContext: securityContext:
runAsUser: 568 runAsUser: 568
@ -102,7 +107,7 @@ spec:
type: emptyDir type: emptyDir
media: media:
type: nfs type: nfs
server: 10.1.1.61 server: 10.1.1.13
path: /eru/media path: /eru/media
globalMounts: globalMounts:
- path: /data/nas-media - path: /data/nas-media

View file

@ -31,7 +31,7 @@ spec:
app: app:
image: image:
repository: ghcr.io/onedr0p/sonarr-develop repository: ghcr.io/onedr0p/sonarr-develop
tag: 4.0.11.2743 tag: 4.0.11.2697
env: env:
SONARR__APP__INSTANCENAME: Sonarr-Anime SONARR__APP__INSTANCENAME: Sonarr-Anime
SONARR__APP__THEME: dark SONARR__APP__THEME: dark
@ -66,6 +66,11 @@ spec:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
capabilities: { drop: ["ALL"] } capabilities: { drop: ["ALL"] }
resources:
requests:
cpu: 10m
limits:
memory: 6Gi
pod: pod:
securityContext: securityContext:
runAsUser: 568 runAsUser: 568
@ -102,7 +107,7 @@ spec:
type: emptyDir type: emptyDir
media: media:
type: nfs type: nfs
server: 10.1.1.61 server: 10.1.1.13
path: /eru/media path: /eru/media
globalMounts: globalMounts:
- path: /data/nas-media - path: /data/nas-media
@ -112,14 +117,3 @@ spec:
path: /moria/media/ path: /moria/media/
globalMounts: globalMounts:
- path: /data/moria-media - path: /data/moria-media
scripts:
type: configMap
name: sonarr-configmap
defaultMode: 0775
globalMounts:
- path: /scripts/pushover-notify.sh
subPath: pushover-notify.sh
readOnly: true
- path: /scripts/refresh-series.sh
subPath: refresh-series.sh
readOnly: true

View file

@ -6,12 +6,3 @@ resources:
- ./externalsecret.yaml - ./externalsecret.yaml
- ./helmrelease.yaml - ./helmrelease.yaml
- ../../../../templates/volsync - ../../../../templates/volsync
configMapGenerator:
- name: sonarr-configmap
files:
- pushover-notify.sh=./resources/pushover-notify.sh
- refresh-series.sh=./resources/refresh-series.sh
generatorOptions:
disableNameSuffixHash: true
annotations:
kustomize.toolkit.fluxcd.io/substitute: disabled

View file

@ -1,85 +0,0 @@
#!/usr/bin/env bash
# shellcheck disable=SC2154
set -euo pipefail
# User defined variables for pushover
PUSHOVER_USER_KEY="${PUSHOVER_USER_KEY:-required}"
PUSHOVER_TOKEN="${PUSHOVER_TOKEN:-required}"
PUSHOVER_PRIORITY="${PUSHOVER_PRIORITY:-"-2"}"
if [[ "${sonarr_eventtype:-}" == "Test" ]]; then
PUSHOVER_PRIORITY="1"
printf -v PUSHOVER_TITLE \
"Test Notification"
printf -v PUSHOVER_MESSAGE \
"Howdy this is a test notification from %s" \
"${sonarr_instancename:-Sonarr}"
printf -v PUSHOVER_URL \
"%s" \
"${sonarr_applicationurl:-localhost}"
printf -v PUSHOVER_URL_TITLE \
"Open %s" \
"${sonarr_instancename:-Sonarr}"
fi
if [[ "${sonarr_eventtype:-}" == "Download" ]]; then
printf -v PUSHOVER_TITLE \
"Episode %s" \
"$( [[ "${sonarr_isupgrade}" == "True" ]] && echo "Upgraded" || echo "Downloaded" )"
printf -v PUSHOVER_MESSAGE \
"<b>%s (S%02dE%02d)</b><small>\n%s</small><small>\n\n<b>Quality:</b> %s</small><small>\n<b>Client:</b> %s</small>" \
"${sonarr_series_title}" \
"${sonarr_episodefile_seasonnumber}" \
"${sonarr_episodefile_episodenumbers}" \
"${sonarr_episodefile_episodetitles}" \
"${sonarr_episodefile_quality:-Unknown}" \
"${sonarr_download_client:-Unknown}"
printf -v PUSHOVER_URL \
"%s/series/%s" \
"${sonarr_applicationurl:-localhost}" \
"${sonarr_series_titleslug}"
printf -v PUSHOVER_URL_TITLE \
"View series in %s" \
"${sonarr_instancename:-Sonarr}"
fi
if [[ "${sonarr_eventtype:-}" == "ManualInteractionRequired" ]]; then
PUSHOVER_PRIORITY="1"
printf -v PUSHOVER_TITLE \
"Episode import requires intervention"
printf -v PUSHOVER_MESSAGE \
"<b>%s</b><small>\n<b>Client:</b> %s</small>" \
"${sonarr_series_title}" \
"${sonarr_download_client:-Unknown}"
printf -v PUSHOVER_URL \
"%s/activity/queue" \
"${sonarr_applicationurl:-localhost}"
printf -v PUSHOVER_URL_TITLE \
"View queue in %s" \
"${sonarr_instancename:-Sonarr}"
fi
json_data=$(jo \
token="${PUSHOVER_TOKEN}" \
user="${PUSHOVER_USER_KEY}" \
title="${PUSHOVER_TITLE}" \
message="${PUSHOVER_MESSAGE}" \
url="${PUSHOVER_URL}" \
url_title="${PUSHOVER_URL_TITLE}" \
priority="${PUSHOVER_PRIORITY}" \
html="1"
)
status_code=$(curl \
--silent \
--write-out "%{http_code}" \
--output /dev/null \
--request POST \
--header "Content-Type: application/json" \
--data-binary "${json_data}" \
"https://api.pushover.net/1/messages.json" \
)
printf "pushover notification returned with HTTP status code %s and payload: %s\n" \
"${status_code}" \
"$(echo "${json_data}" | jq --compact-output)" >&2

View file

@ -1,21 +0,0 @@
#!/usr/bin/env bash
# shellcheck disable=SC2154
set -euo pipefail
CURL_CMD=(curl -fsSL --header "X-Api-Key: ${SONARR__AUTH__APIKEY:-}")
SONARR_API_URL="http://localhost:${SONARR__SERVER__PORT:-}/api/v3"
if [[ "${sonarr_eventtype:-}" == "Grab" ]]; then
tba=$("${CURL_CMD[@]}" "${SONARR_API_URL}/episode?seriesId=${sonarr_series_id:-}" | jq --raw-output '
[.[] | select((.title == "TBA") or (.title == "TBD"))] | length
')
if (( tba > 0 )); then
echo "INFO: Refreshing series ${sonarr_series_id:-} due to TBA/TBD episodes found"
"${CURL_CMD[@]}" \
--request POST \
--header "Content-Type: application/json" \
--data-binary '{"name": "RefreshSeries", "seriesId": '"${sonarr_series_id:-}"'}' \
"${SONARR_API_URL}/command" &>/dev/null
fi
fi

View file

@ -30,7 +30,7 @@ spec:
runner-register: runner-register:
image: image:
repository: code.forgejo.org/forgejo/runner repository: code.forgejo.org/forgejo/runner
tag: 5.0.3 tag: 5.0.2
command: command:
- "forgejo-runner" - "forgejo-runner"
- "register" - "register"
@ -63,7 +63,7 @@ spec:
daemon: daemon:
image: image:
repository: docker repository: docker
tag: 27.4.0-dind tag: 27.3.1-dind
securityContext: securityContext:
privileged: true privileged: true
env: env:
@ -72,7 +72,7 @@ spec:
app: app:
image: image:
repository: code.forgejo.org/forgejo/runner repository: code.forgejo.org/forgejo/runner
tag: 5.0.3 tag: 5.0.2
command: command:
- "sh" - "sh"
- "-c" - "-c"

View file

@ -9,7 +9,7 @@ spec:
chart: chart:
spec: spec:
chart: coder chart: coder
version: 2.18.0 version: 2.16.1
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: coder name: coder
@ -29,6 +29,8 @@ spec:
env: env:
- name: CODER_ACCESS_URL - name: CODER_ACCESS_URL
value: https://coder.hsn.dev value: https://coder.hsn.dev
- name: CODER_WILDCARD_ACCESS_URL
value: "*.coder.hsn.dev"
- name: CODER_PROMETHEUS_ENABLE - name: CODER_PROMETHEUS_ENABLE
value: "true" value: "true"
envFrom: envFrom:
@ -42,3 +44,4 @@ spec:
external-dns.alpha.kubernetes.io/target: external.hsn.dev external-dns.alpha.kubernetes.io/target: external.hsn.dev
host: "coder.hsn.dev" host: "coder.hsn.dev"
wildcardHost: "*.coder.hsn.dev"

View file

@ -5,7 +5,7 @@ kind: EMQX
metadata: metadata:
name: emqx name: emqx
spec: spec:
image: public.ecr.aws/emqx/emqx:5.8.3 image: public.ecr.aws/emqx/emqx:5.8.2
config: config:
mode: Merge mode: Merge
coreTemplate: coreTemplate:

View file

@ -31,7 +31,7 @@ spec:
app: app:
image: image:
repository: docker.io/influxdb repository: docker.io/influxdb
tag: 2.7.11-alpine tag: 2.7.10-alpine
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
INFLUXDB_ADMIN_USER_PASSWORD: "admin" INFLUXDB_ADMIN_USER_PASSWORD: "admin"

View file

@ -10,4 +10,4 @@ resources:
- ./dragonfly/ks.yaml - ./dragonfly/ks.yaml
- ./emqx/ks.yaml - ./emqx/ks.yaml
- ./influxdb/ks.yaml - ./influxdb/ks.yaml
# - ./mariadb/ks.yaml - ./mariadb/ks.yaml

View file

@ -31,7 +31,7 @@ spec:
app: app:
image: image:
repository: ghcr.io/autobrr/autobrr repository: ghcr.io/autobrr/autobrr
tag: v1.53.0@sha256:0c3f93c653cfc8a20e722bd26a5d597a496c9ba714300ba7974a5aeb19bd6e31 tag: v1.51.1@sha256:747c682d8d59e72a202ee4239bafbd7cfa10b0fc3a6220b61446de73dbd0c956
env: env:
AUTOBRR__CHECK_FOR_UPDATES: "false" AUTOBRR__CHECK_FOR_UPDATES: "false"
AUTOBRR__HOST: 0.0.0.0 AUTOBRR__HOST: 0.0.0.0

View file

@ -9,6 +9,7 @@ resources:
- ./atuin/ks.yaml - ./atuin/ks.yaml
- ./autobrr/ks.yaml - ./autobrr/ks.yaml
- ./excalidraw/ks.yaml - ./excalidraw/ks.yaml
- ./home-assistant/ks.yaml
- ./it-tools/ks.yaml - ./it-tools/ks.yaml
- ./linkwarden/ks.yaml - ./linkwarden/ks.yaml
- ./maintainerr/ks.yaml - ./maintainerr/ks.yaml
@ -17,7 +18,7 @@ resources:
- ./overseerr/ks.yaml - ./overseerr/ks.yaml
- ./plex/ks.yaml - ./plex/ks.yaml
- ./prowlarr/ks.yaml - ./prowlarr/ks.yaml
# - ./pterodactyl/ks.yaml - ./pterodactyl/ks.yaml
- ./radarr/ks.yaml - ./radarr/ks.yaml
- ./recyclarr/ks.yaml - ./recyclarr/ks.yaml
- ./redlib/ks.yaml - ./redlib/ks.yaml

View file

@ -31,7 +31,7 @@ spec:
app: app:
image: image:
repository: ghcr.io/linkwarden/linkwarden repository: ghcr.io/linkwarden/linkwarden
tag: v2.8.4@sha256:8a8e6323508f97ddaa863281b9ff52949fc153eea1ec07cb84539436371caf28 tag: v2.8.3@sha256:7f80a03d688c3e5d9ec6b34f5b65cd861ff8c9eb08d12932dc8fc7482991f238
env: env:
TIMEZONE: "America/Chicago" TIMEZONE: "America/Chicago"
NEXTAUTH_URL: "https://{{ .Release.Name }}.jahanson.tech/api/v1/auth" NEXTAUTH_URL: "https://{{ .Release.Name }}.jahanson.tech/api/v1/auth"

View file

@ -31,7 +31,7 @@ spec:
app: app:
image: image:
repository: ghcr.io/onedr0p/prowlarr-develop repository: ghcr.io/onedr0p/prowlarr-develop
tag: 1.28.0.4862@sha256:ff83bcd009f4556e5ee9a40e596dfaa3dd8313fe40246c1244416ffd8fc03ab5 tag: 1.27.0.4852@sha256:6e1041a558cceee6356efe74cc9a9138909f4a8bac5eb714a420a37e4b478c77
env: env:
# Ref: https://github.com/Radarr/Radarr/issues/7030#issuecomment-1039689518 # Ref: https://github.com/Radarr/Radarr/issues/7030#issuecomment-1039689518
# Ref: https://github.com/dotnet/runtime/issues/9336 # Ref: https://github.com/dotnet/runtime/issues/9336

View file

@ -4,7 +4,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ../../../../templates/volsync - ../../../../templates/volsync
# - ../../../../templates/gatus/external - ../../../../templates/gatus/external
- ./externalsecret.yaml - ./externalsecret.yaml
# - ./helmrelease.yaml # - ./helmrelease.yaml
- ./mariadb.yaml - ./mariadb.yaml

View file

@ -31,7 +31,7 @@ spec:
app: app:
image: image:
repository: ghcr.io/onedr0p/radarr-develop repository: ghcr.io/onedr0p/radarr-develop
tag: 5.16.1.9508 tag: 5.15.1.9463
env: env:
RADARR__APP__INSTANCENAME: Radarr RADARR__APP__INSTANCENAME: Radarr
RADARR__APP__THEME: dark RADARR__APP__THEME: dark
@ -64,6 +64,11 @@ spec:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
capabilities: { drop: ["ALL"] } capabilities: { drop: ["ALL"] }
resources:
requests:
cpu: 10m
limits:
memory: 16Gi
pod: pod:
securityContext: securityContext:
runAsUser: 568 runAsUser: 568
@ -100,7 +105,7 @@ spec:
type: emptyDir type: emptyDir
media: media:
type: nfs type: nfs
server: 10.1.1.61 server: 10.1.1.13
path: /eru/media path: /eru/media
globalMounts: globalMounts:
- path: /data/nas-media - path: /data/nas-media

View file

@ -38,7 +38,7 @@ spec:
app: app:
image: image:
repository: quay.io/redlib/redlib repository: quay.io/redlib/redlib
tag: latest@sha256:d04e722091fe17424425499882a548507a70654f37aaf8cbc71081ef29b7b341 tag: latest@sha256:1f120c85fc33bdac67c97d5d1a6c84a920be40742fbf311c970ab2749a435778
env: env:
REDLIB_DEFAULT_SHOW_NSFW: on REDLIB_DEFAULT_SHOW_NSFW: on
REDLIB_DEFAULT_WIDE: on REDLIB_DEFAULT_WIDE: on

View file

@ -36,7 +36,7 @@ spec:
app: app:
image: image:
repository: ghcr.io/onedr0p/sabnzbd repository: ghcr.io/onedr0p/sabnzbd
tag: 4.4.0@sha256:d2dbde184900504bf3636d2df74e466e223d6b2474b4d21a58c72eadfffa7e99 tag: 4.3.3@sha256:86c645db93affcbf01cc2bce2560082bfde791009e1506dba68269b9c50bc341
env: env:
TZ: America/Chicago TZ: America/Chicago
SABNZBD__PORT: &port 80 SABNZBD__PORT: &port 80
@ -76,6 +76,8 @@ spec:
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
capabilities: { drop: ["ALL"] } capabilities: { drop: ["ALL"] }
defaultPodOptions: defaultPodOptions:
nodeSelector: # ~~testing~~
kubernetes.io/hostname: gandalf-01
securityContext: securityContext:
runAsNonRoot: true runAsNonRoot: true
runAsUser: 568 runAsUser: 568
@ -118,7 +120,7 @@ spec:
- readOnly: true - readOnly: true
media: media:
type: nfs type: nfs
server: 10.1.1.61 server: 10.1.1.13
path: /eru/media path: /eru/media
globalMounts: globalMounts:
- path: /data/nas-media - path: /data/nas-media

View file

@ -31,7 +31,7 @@ spec:
app: app:
image: image:
repository: ghcr.io/onedr0p/sonarr-develop repository: ghcr.io/onedr0p/sonarr-develop
tag: 4.0.11.2743 tag: 4.0.11.2697
env: env:
SONARR__APP__INSTANCENAME: Sonarr SONARR__APP__INSTANCENAME: Sonarr
SONARR__APP__THEME: dark SONARR__APP__THEME: dark
@ -64,6 +64,11 @@ spec:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
capabilities: { drop: ["ALL"] } capabilities: { drop: ["ALL"] }
resources:
requests:
cpu: 10m
limits:
memory: 16Gi
pod: pod:
securityContext: securityContext:
runAsUser: 568 runAsUser: 568
@ -100,7 +105,7 @@ spec:
type: emptyDir type: emptyDir
media: media:
type: nfs type: nfs
server: 10.1.1.61 server: 10.1.1.13
path: /eru/media path: /eru/media
globalMounts: globalMounts:
- path: /data/nas-media - path: /data/nas-media
@ -110,14 +115,3 @@ spec:
path: /moria/media/ path: /moria/media/
globalMounts: globalMounts:
- path: /data/moria-media - path: /data/moria-media
scripts:
type: configMap
name: sonarr-configmap
defaultMode: 0775
globalMounts:
- path: /scripts/pushover-notify.sh
subPath: pushover-notify.sh
readOnly: true
- path: /scripts/refresh-series.sh
subPath: refresh-series.sh
readOnly: true

View file

@ -6,12 +6,3 @@ resources:
- ./externalsecret.yaml - ./externalsecret.yaml
- ./helmrelease.yaml - ./helmrelease.yaml
- ../../../../templates/volsync - ../../../../templates/volsync
configMapGenerator:
- name: sonarr-configmap
files:
- pushover-notify.sh=./resources/pushover-notify.sh
- refresh-series.sh=./resources/refresh-series.sh
generatorOptions:
disableNameSuffixHash: true
annotations:
kustomize.toolkit.fluxcd.io/substitute: disabled

View file

@ -1,85 +0,0 @@
#!/usr/bin/env bash
# shellcheck disable=SC2154
set -euo pipefail
# User defined variables for pushover
PUSHOVER_USER_KEY="${PUSHOVER_USER_KEY:-required}"
PUSHOVER_TOKEN="${PUSHOVER_TOKEN:-required}"
PUSHOVER_PRIORITY="${PUSHOVER_PRIORITY:-"-2"}"
if [[ "${sonarr_eventtype:-}" == "Test" ]]; then
PUSHOVER_PRIORITY="1"
printf -v PUSHOVER_TITLE \
"Test Notification"
printf -v PUSHOVER_MESSAGE \
"Howdy this is a test notification from %s" \
"${sonarr_instancename:-Sonarr}"
printf -v PUSHOVER_URL \
"%s" \
"${sonarr_applicationurl:-localhost}"
printf -v PUSHOVER_URL_TITLE \
"Open %s" \
"${sonarr_instancename:-Sonarr}"
fi
if [[ "${sonarr_eventtype:-}" == "Download" ]]; then
printf -v PUSHOVER_TITLE \
"Episode %s" \
"$( [[ "${sonarr_isupgrade}" == "True" ]] && echo "Upgraded" || echo "Downloaded" )"
printf -v PUSHOVER_MESSAGE \
"<b>%s (S%02dE%02d)</b><small>\n%s</small><small>\n\n<b>Quality:</b> %s</small><small>\n<b>Client:</b> %s</small>" \
"${sonarr_series_title}" \
"${sonarr_episodefile_seasonnumber}" \
"${sonarr_episodefile_episodenumbers}" \
"${sonarr_episodefile_episodetitles}" \
"${sonarr_episodefile_quality:-Unknown}" \
"${sonarr_download_client:-Unknown}"
printf -v PUSHOVER_URL \
"%s/series/%s" \
"${sonarr_applicationurl:-localhost}" \
"${sonarr_series_titleslug}"
printf -v PUSHOVER_URL_TITLE \
"View series in %s" \
"${sonarr_instancename:-Sonarr}"
fi
if [[ "${sonarr_eventtype:-}" == "ManualInteractionRequired" ]]; then
PUSHOVER_PRIORITY="1"
printf -v PUSHOVER_TITLE \
"Episode import requires intervention"
printf -v PUSHOVER_MESSAGE \
"<b>%s</b><small>\n<b>Client:</b> %s</small>" \
"${sonarr_series_title}" \
"${sonarr_download_client:-Unknown}"
printf -v PUSHOVER_URL \
"%s/activity/queue" \
"${sonarr_applicationurl:-localhost}"
printf -v PUSHOVER_URL_TITLE \
"View queue in %s" \
"${sonarr_instancename:-Sonarr}"
fi
json_data=$(jo \
token="${PUSHOVER_TOKEN}" \
user="${PUSHOVER_USER_KEY}" \
title="${PUSHOVER_TITLE}" \
message="${PUSHOVER_MESSAGE}" \
url="${PUSHOVER_URL}" \
url_title="${PUSHOVER_URL_TITLE}" \
priority="${PUSHOVER_PRIORITY}" \
html="1"
)
status_code=$(curl \
--silent \
--write-out "%{http_code}" \
--output /dev/null \
--request POST \
--header "Content-Type: application/json" \
--data-binary "${json_data}" \
"https://api.pushover.net/1/messages.json" \
)
printf "pushover notification returned with HTTP status code %s and payload: %s\n" \
"${status_code}" \
"$(echo "${json_data}" | jq --compact-output)" >&2

View file

@ -1,21 +0,0 @@
#!/usr/bin/env bash
# shellcheck disable=SC2154
set -euo pipefail
CURL_CMD=(curl -fsSL --header "X-Api-Key: ${SONARR__AUTH__APIKEY:-}")
SONARR_API_URL="http://localhost:${SONARR__SERVER__PORT:-}/api/v3"
if [[ "${sonarr_eventtype:-}" == "Grab" ]]; then
tba=$("${CURL_CMD[@]}" "${SONARR_API_URL}/episode?seriesId=${sonarr_series_id:-}" | jq --raw-output '
[.[] | select((.title == "TBA") or (.title == "TBD"))] | length
')
if (( tba > 0 )); then
echo "INFO: Refreshing series ${sonarr_series_id:-} due to TBA/TBD episodes found"
"${CURL_CMD[@]}" \
--request POST \
--header "Content-Type: application/json" \
--data-binary '{"name": "RefreshSeries", "seriesId": '"${sonarr_series_id:-}"'}' \
"${SONARR_API_URL}/command" &>/dev/null
fi
fi

View file

@ -31,7 +31,7 @@ spec:
app: app:
image: image:
repository: ghcr.io/stirling-tools/s-pdf repository: ghcr.io/stirling-tools/s-pdf
tag: 0.36.0@sha256:56a2a83fda76eb6a4fa21a03484d9cea9b2af25cce2c3bfdca45fcd1dafd6533 tag: 0.34.0@sha256:42ceaa84712f9271ca4af1c4d892899996424cbc5378f7dd168828091657c0f0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
TZ: America/Chicago TZ: America/Chicago

View file

@ -76,7 +76,7 @@ spec:
persistence: persistence:
media: media:
type: nfs type: nfs
server: 10.1.1.61 server: 10.1.1.13
path: /eru/media path: /eru/media
advancedMounts: advancedMounts:
unpackerr: unpackerr:

View file

@ -36,7 +36,7 @@ spec:
app: app:
image: image:
repository: ghcr.io/zwave-js/zwave-js-ui repository: ghcr.io/zwave-js/zwave-js-ui
tag: 9.27.8@sha256:2299383f92f62bda3887d28375cb392d502326628cd2c8212b79cbe18788f019 tag: 9.27.7@sha256:b7327c74e9cb228af9fc2817330319d4e57e041767dc40e550fd6577a436ad7d
env: env:
TZ: America/Chicago TZ: America/Chicago
PORT: &port 80 PORT: &port 80

View file

@ -10,7 +10,7 @@ spec:
chart: chart:
spec: spec:
chart: cilium chart: cilium
version: 1.16.4 version: 1.16.3
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: cilium name: cilium

View file

@ -9,7 +9,7 @@ spec:
chart: chart:
spec: spec:
chart: coredns chart: coredns
version: 1.37.0 version: 1.36.1
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: coredns name: coredns

View file

@ -7,7 +7,7 @@ spec:
# nodeName: nenya # nodeName: nenya
containers: containers:
- name: fstrim - name: fstrim
image: ghcr.io/onedr0p/kubanetics:2024.12.0 image: ghcr.io/onedr0p/kubanetics:2024.11.1
securityContext: securityContext:
privileged: true privileged: true
command: ["/bin/bash", "-c", "while true; do sleep 10; done"] command: ["/bin/bash", "-c", "while true; do sleep 10; done"]

View file

@ -33,7 +33,7 @@ spec:
app: app:
image: image:
repository: ghcr.io/onedr0p/kubanetics repository: ghcr.io/onedr0p/kubanetics
tag: 2024.12.0@sha256:3766252a7011d870a4c24bb107c9aa505dde35f4baf8101466c623b052bdbb4f tag: 2024.11.1@sha256:875b7c22fbb046958ae0116b4a7e9ea81062cf60f54d5b27e53ebf29078bdcc4
env: env:
SCRIPT_NAME: fstrim.sh SCRIPT_NAME: fstrim.sh
probes: probes:

View file

@ -1,2 +1,2 @@
--- ---
providerRegex: ^bilbo|^frodo|^sam|^merry|^pippin|^rosie$ providerRegex: ^bilbo|^frodo|^sam|^merry|^pippin|^rosie|^gandalf-01$

View file

@ -10,7 +10,7 @@ spec:
chart: chart:
spec: spec:
chart: reloader chart: reloader
version: 1.2.0 version: 1.1.0
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: stakater name: stakater

View file

@ -35,7 +35,7 @@ spec:
app: app:
image: image:
repository: ghcr.io/onedr0p/kubanetics repository: ghcr.io/onedr0p/kubanetics
tag: 2024.12.0 tag: 2024.11.1
env: env:
SCRIPT_NAME: alertmanager-silencer.sh SCRIPT_NAME: alertmanager-silencer.sh
ALERTMANAGER_URL: http://alertmanager.observability.svc.cluster.local:9093 ALERTMANAGER_URL: http://alertmanager.observability.svc.cluster.local:9093

View file

@ -31,7 +31,7 @@ spec:
init-config: init-config:
image: image:
repository: ghcr.io/kiwigrid/k8s-sidecar repository: ghcr.io/kiwigrid/k8s-sidecar
tag: 1.28.1@sha256:707875abfd38af450ff420c6f271e883fc28e9ce4d3742741af993b25ae93f85 tag: 1.28.0@sha256:4166a019eeafd1f0fef4d867dc5f224f18d84ec8681dbb31f3ca258ecf07bcf2
env: env:
FOLDER: /config FOLDER: /config
LABEL: gatus.io/enabled LABEL: gatus.io/enabled

View file

@ -239,7 +239,7 @@ spec:
prometheus: prometheus:
# renovate: depName="Prometheus" # renovate: depName="Prometheus"
gnetId: 19105 gnetId: 19105
revision: 6 revision: 5
datasource: Prometheus datasource: Prometheus
victoria-agent: victoria-agent:
# renovate: depName="VictoriaMetrics - vmagent" # renovate: depName="VictoriaMetrics - vmagent"

View file

@ -18,6 +18,17 @@ spec:
controllers: controllers:
smartctl-exporter: smartctl-exporter:
type: daemonset type: daemonset
pod:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: NotIn
values:
- gandalf-01
- shadowfax-01
containers: containers:
app: app:
image: &image image: &image
@ -40,12 +51,43 @@ spec:
port: &port 9633 port: &port 9633
path: / path: /
readiness: *probes readiness: *probes
smartctl-exporter-vms:
type: daemonset
pod:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- gandalf-01
- shadowfax-01
containers:
app:
image: *image
args:
- --smartctl.path=/usr/sbin/smartctl
- --smartctl.interval=120s
- --web.listen-address=0.0.0.0:9633
- --web.telemetry-path=/metrics
- --smartctl.device=/dev/nvme0
securityContext: *securityContext
probes:
liveness: *probes
readiness: *probes
service: service:
smartctl-exporter: smartctl-exporter:
controller: smartctl-exporter controller: smartctl-exporter
ports: ports:
exporter: exporter:
port: *port port: *port
smartctl-exporter-vms:
controller: smartctl-exporter-vms
ports:
exporter:
port: *port
persistence: persistence:
dev: dev:
type: hostPath type: hostPath
@ -63,3 +105,15 @@ spec:
path: /metrics path: /metrics
interval: 1m interval: 1m
scrapeTimeout: 10s scrapeTimeout: 10s
smartctl-exporter-vms:
selector:
matchLabels:
app.kubernetes.io/instance: smartctl-exporter
app.kubernetes.io/name: smartctl-exporter
app.kubernetes.io/service: smartctl-exporter-smartctl-exporter-vms
endpoints:
- port: exporter
scheme: http
path: /metrics
interval: 1m
scrapeTimeout: 10s

View file

@ -9,7 +9,7 @@ spec:
chart: chart:
spec: spec:
chart: vector chart: vector
version: 0.38.0 version: 0.37.0
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: vector name: vector

View file

@ -9,7 +9,7 @@ spec:
chart: chart:
spec: spec:
chart: vector chart: vector
version: 0.38.0 version: 0.37.0
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: vector name: vector

View file

@ -5,4 +5,5 @@ kind: Kustomization
resources: resources:
- vmagent.yaml - vmagent.yaml
- vmalert.yaml - vmalert.yaml
- vmscrapeconfig.yaml
- vmsingle.yaml - vmsingle.yaml

View file

@ -0,0 +1,16 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/operator.victoriametrics.com/vmscrapeconfig_v1beta1.json
apiVersion: operator.victoriametrics.com/v1beta1
kind: VMScrapeConfig
metadata:
name: &name zfs-exporter
spec:
staticConfigs:
- targets:
- "shadowfax.jahanson.tech:9134"
- "gandalf.jahanson.tech:9134"
path: /metrics
relabelConfigs:
- action: replace
targetLabel: job
replacement: *name

View file

@ -35,7 +35,7 @@ spec:
app: app:
image: image:
repository: ghcr.io/cross-seed/cross-seed repository: ghcr.io/cross-seed/cross-seed
tag: 6.1.1@sha256:5cb54b46a614f362c0332a91e5754d6998d45ae27ccc2c77b04b1a3493816331 tag: 6.1.0@sha256:91fbb2a6a411b7d63cccabffb5f623e6931579d2fd652512b6a3df0a9ba97066
env: env:
TZ: America/Chicago TZ: America/Chicago
args: ["daemon"] args: ["daemon"]
@ -86,7 +86,7 @@ spec:
readOnly: true readOnly: true
media: media:
type: nfs type: nfs
server: 10.1.1.61 server: 10.1.1.13
path: /eru/media path: /eru/media
globalMounts: globalMounts:
- path: /data/nas-media - path: /data/nas-media

View file

@ -43,7 +43,7 @@ spec:
app: app:
image: image:
repository: jesec/flood repository: jesec/flood
tag: master@sha256:db3f3fb70d7ffb034183a78d0bfbfae270ae507202c2bad9e73af070440a61e4 tag: master@sha256:04196de98223a193e4913c00e0ab1b48a27a370ef159989e52c29864afc2b2e4
envFrom: envFrom:
- secretRef: - secretRef:
name: flood-secret name: flood-secret

View file

@ -34,7 +34,7 @@ spec:
nameOverride: qbittorrent nameOverride: qbittorrent
image: image:
repository: ghcr.io/onedr0p/qbittorrent-beta repository: ghcr.io/onedr0p/qbittorrent-beta
tag: 5.0.2@sha256:2dab641cd7399c896db120f8f4b8c0e9fce2744810a391e89591c6ab546c922a tag: 5.0.2@sha256:adfd625f9cc7226eabad8aa117a551d42d5818c914850ef7fa3be60111383107
env: env:
UMASK: "022" UMASK: "022"
QBT_WEBUI_PORT: &port 80 QBT_WEBUI_PORT: &port 80
@ -67,6 +67,8 @@ spec:
drop: drop:
- ALL - ALL
defaultPodOptions: defaultPodOptions:
nodeSelector: # ~~testing~~
kubernetes.io/hostname: gandalf-01
securityContext: securityContext:
runAsNonRoot: true runAsNonRoot: true
runAsUser: 568 runAsUser: 568
@ -120,7 +122,7 @@ spec:
- path: /tmp - path: /tmp
media: media:
type: nfs type: nfs
server: 10.1.1.61 server: gandalf.jahanson.tech
path: /eru/media path: /eru/media
advancedMounts: advancedMounts:
qbittorrent: qbittorrent:

View file

@ -39,7 +39,7 @@ spec:
tagging: &container tagging: &container
image: image:
repository: ghcr.io/buroa/qbtools repository: ghcr.io/buroa/qbtools
tag: v0.19.11@sha256:a133bd7f02ecb9ea0111a4016724f33404136c41295217f163991910e1d2784c tag: v0.19.9@sha256:f5405e3c00256d7911d2abb839084a5147c108586adb281e97587cf93729c89b
env: env:
TZ: *timeZone TZ: *timeZone
POD_NAMESPACE: POD_NAMESPACE:
@ -136,7 +136,7 @@ spec:
readOnly: true readOnly: true
media: media:
type: nfs type: nfs
server: 10.1.1.61 server: 10.1.1.13
path: /eru/media path: /eru/media
advancedMounts: advancedMounts:
orphaned: orphaned:

View file

@ -67,7 +67,7 @@ spec:
storage: storage:
useAllNodes: true useAllNodes: true
useAllDevices: false useAllDevices: false
deviceFilter: "nvme[0-9]+n1" deviceFilter: "nvme0n1"
resources: resources:
mgr: mgr:
requests: requests:

View file

@ -10,7 +10,7 @@ spec:
chart: chart:
spec: spec:
chart: external-secrets chart: external-secrets
version: 0.11.0 version: 0.10.7
interval: 30m interval: 30m
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository

View file

@ -23,7 +23,7 @@ releases:
- name: cilium - name: cilium
namespace: kube-system namespace: kube-system
chart: cilium/cilium chart: cilium/cilium
version: 1.16.4 version: 1.16.3
values: values:
- ../apps/kube-system/cilium/app/helm-values.yml - ../apps/kube-system/cilium/app/helm-values.yml
needs: needs:
@ -31,7 +31,7 @@ releases:
- name: coredns - name: coredns
namespace: kube-system namespace: kube-system
chart: coredns/coredns chart: coredns/coredns
version: 1.37.0 version: 1.36.1
values: values:
- ../apps/kube-system/coredns/app/helm-values.yml - ../apps/kube-system/coredns/app/helm-values.yml
needs: needs:

View file

@ -5,7 +5,7 @@ clusterName: theshire
# renovate: datasource=github-releases depName=siderolabs/talos # renovate: datasource=github-releases depName=siderolabs/talos
talosVersion: v1.8.3 talosVersion: v1.8.3
# renovate: datasource=docker depName=ghcr.io/siderolabs/kubelet # renovate: datasource=docker depName=ghcr.io/siderolabs/kubelet
kubernetesVersion: 1.31.4 kubernetesVersion: 1.31.3
endpoint: "https://10.1.1.57:6444" endpoint: "https://10.1.1.57:6444"
additionalApiServerCertSans: additionalApiServerCertSans:
@ -74,6 +74,42 @@ nodes:
networkInterfaces: networkInterfaces:
- interface: eno1 - interface: eno1
dhcp: true dhcp: true
- hostname: gandalf-01
disableSearchDomain: true
ipAddress: 10.1.1.68
controlPlane: false
installDisk: /dev/sda
networkInterfaces:
- interface: enp5s0
dhcp: true
- hostname: shadowfax-01
disableSearchDomain: true
ipAddress: 10.1.1.69
controlPlane: false
installDiskSelector:
busPath: /pci0000:00/0000:00:01.1/0000:02:00.0/virtio6/host0/target0:0:0/0:0:0:1/
networkInterfaces:
- interface: enp5s0
dhcp: true
patches:
- |-
machine:
sysctls:
net.core.bpf_jit_harden: 1
kernelModules:
- name: nvidia
- name: nvidia_uvm
- name: nvidia_drm
- name: nvidia_modeset
schematic:
customization:
systemExtensions:
officialExtensions:
- siderolabs/amd-ucode
- siderolabs/nonfree-kmod-nvidia-production
- siderolabs/nvidia-container-toolkit-production
worker: worker:
schematic: schematic:

View file

@ -12,4 +12,4 @@ spec:
operation: copy operation: copy
url: oci://ghcr.io/grafana/helm-charts/grafana url: oci://ghcr.io/grafana/helm-charts/grafana
ref: ref:
tag: 8.6.4 tag: 8.6.3

View file

@ -2,12 +2,6 @@
"$schema": "https://docs.renovatebot.com/renovate-schema.json", "$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [ "extends": [
"config:recommended", "config:recommended",
":automergeBranch",
":dependencyDashboard",
":disableRateLimiting",
":skipStatusChecks",
":timezone(America/Chicago)",
"docker:enableMajor",
"local>jahanson/theshire//.renovate/autoMerge.json5", "local>jahanson/theshire//.renovate/autoMerge.json5",
"local>jahanson/theshire//.renovate/commitMessage.json5", "local>jahanson/theshire//.renovate/commitMessage.json5",
"local>jahanson/theshire//.renovate/customManagers.json5", "local>jahanson/theshire//.renovate/customManagers.json5",

View file

@ -24,6 +24,5 @@ pkgs.mkShell {
kustomize kustomize
yq-go yq-go
go-task go-task
kubectl
]; ];
} }