diff --git a/k8s/apps/jellyfin/app.yaml b/k8s/apps/jellyfin/app.yaml new file mode 100644 index 0000000..b4e553e --- /dev/null +++ b/k8s/apps/jellyfin/app.yaml @@ -0,0 +1,21 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: jellyfin + namespace: argocd +spec: + project: apps + destination: + namespace: jellyfin + server: https://kubernetes.default.svc + source: + repoURL: ssh://git@gt.hexor.cy:30022/ab/homelab.git + targetRevision: HEAD + path: k8s/apps/jellyfin + syncPolicy: + automated: + selfHeal: true + prune: true + syncOptions: + - CreateNamespace=true + diff --git a/k8s/apps/jellyfin/kustomization.yaml b/k8s/apps/jellyfin/kustomization.yaml new file mode 100644 index 0000000..dd81784 --- /dev/null +++ b/k8s/apps/jellyfin/kustomization.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - app.yaml + - qbittorent.yaml + +helmCharts: + - name: jellyfin + repo: https://utkuozdemir.org/helm-charts + version: 2.0.0 + releaseName: jellyfin + namespace: jellyfin + valuesFile: values.yaml + includeCRDs: true + diff --git a/k8s/apps/jellyfin/qbittorent.yaml b/k8s/apps/jellyfin/qbittorent.yaml new file mode 100644 index 0000000..db38823 --- /dev/null +++ b/k8s/apps/jellyfin/qbittorent.yaml @@ -0,0 +1,99 @@ +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: vpn-creds + namespace: jellyfin +spec: + target: + name: vpn-creds + deletionPolicy: Delete + template: + type: Opaque + data: + ss_link: |- + {{ .ss_link }} + data: + - secretKey: ss_link + sourceRef: + storeRef: + name: vaultwarden-login + kind: ClusterSecretStore + remoteRef: + key: cfee6f62-fb06-4a4c-b6d8-92da4908c65a + property: fields[0].value +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: qbittorrent + namespace: jellyfin + labels: + app: qbittorrent + annotations: + reloader.stakater.com/auto: "true" +spec: + selector: + matchLabels: + app: qbittorrent + replicas: 1 + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + template: + metadata: + labels: + app: qbittorrent + spec: + nodeSelector: + kubernetes.io/hostname: master.tail2fe2d.ts.net + volumes: + - name: config + hostPath: + path: /k8s/qbt-config + type: DirectoryOrCreate + - name: media + hostPath: + path: /k8s/jellyfin/media + type: DirectoryOrCreate + containers: + - name: qbittorrent + image: 'linuxserver/qbittorrent:latest' + ports: + - name: http + containerPort: 8080 + protocol: TCP + volumeMounts: + - name: config + mountPath: /config + - name: media + mountPath: /downloads + - name: shadowsocks-proxy + image: teddysun/shadowsocks-rust:latest + env: + - name: SS_LINK + valueFrom: + secretKeyRef: + name: vpn-creds + key: ss_link + command: ["/bin/bash", "-c", "rm /etc/shadowsocks-rust/config.json && sslocal --online-config-url $SS_LINK --local-addr 127.0.0.1:8081 -U --protocol http"] + resources: + requests: + memory: "64Mi" + cpu: "200m" +--- +apiVersion: v1 +kind: Service +metadata: + name: qbittorrent + namespace: jellyfin +spec: + selector: + app: qbittorrent + ports: + - protocol: TCP + port: 80 + targetPort: 8080 + diff --git a/k8s/apps/jellyfin/values.yaml b/k8s/apps/jellyfin/values.yaml new file mode 100644 index 0000000..46e3e54 --- /dev/null +++ b/k8s/apps/jellyfin/values.yaml @@ -0,0 +1,36 @@ +image: + tag: 10.10.6 +nodeSelector: + kubernetes.io/hostname: master.tail2fe2d.ts.net +persistence: + config: + enabled: true + isPvc: false + customVolume: + hostPath: + path: /k8s/jellyfin + type: DirectoryOrCreate + data: + enabled: true + isPvc: false + customVolume: + hostPath: + path: /k8s/jellyfin/media + type: DirectoryOrCreate + +ingress: + enabled: true + className: traefik + annotations: + cert-manager.io/cluster-issuer: letsencrypt + traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd + hosts: + - host: jf.hexor.cy + paths: + - path: / + pathType: Prefix + tls: + - secretName: jellyfin-tls + hosts: + - 'jf.hexor.cy' +