--- # yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: &app scrypted spec: interval: 30m chart: spec: chart: app-template version: 3.5.1 interval: 30m sourceRef: kind: HelmRepository name: bjw-s namespace: flux-system values: controllers: scrypted: annotations: reloader.stakater.com/auto: "true" pod: nodeSelector: google.feature.node.kubernetes.io/coral: "true" nvidia.com/gpu.present: "true" securityContext: supplementalGroups: - 568 containers: app: image: repository: ghcr.io/koush/scrypted tag: v0.119.1-jammy-nvidia probes: liveness: enabled: true readiness: enabled: true startup: enabled: true spec: failureThreshold: 30 periodSeconds: 5 resources: requests: cpu: 136m memory: 1024Mi limits: nvidia.com/gpu: 1 memory: 8192Mi securityContext: privileged: true service: app: controller: *app type: LoadBalancer annotations: io.cilium/lb-ipam-ips: 10.1.1.33 nameOverride: *app ports: http: port: 11080 primary: true rebroadcast1: # driveway port: 39655 rebroadcast2: # sideyard port: 46561 rebroadcast3: # doorbell port: 44759 homekit: # homekit port: 42010 homekit-bridge: # bridge port: 33961 ingress: app: className: "internal-nginx" annotations: hosts: - host: &host scrypted.jahanson.tech paths: - path: / service: identifier: app port: http tls: - hosts: - *host persistence: config: existingClaim: scrypted advancedMounts: scrypted: app: - path: /server/volume cache: type: emptyDir globalMounts: - path: /.cache cache-npm: type: emptyDir globalMounts: - path: /.npm dev-bus-usb: type: hostPath hostPath: /dev/bus/usb hostPathType: Directory sys-bus-usb: type: hostPath hostPath: /sys/bus/usb hostPathType: Directory recordings: type: nfs server: shadowfax.jahanson.tech path: /nahar/scrypted globalMounts: - path: /recordings