wheatley/kubernetes
1
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity Actions

Compare commits

base: wheatley:73e2d721148b3774b36c23efcebfe95c52cc5a4b
Branches Tags
wheatley:main
wheatley:pgi-add-workflow
wheatley:renovate/cilium-1.x
...
compare: wheatley:f873fd191bf3a6053781f06d705e0144a757edf5
Branches Tags
wheatley:pgi-add-workflow
wheatley:main
wheatley:renovate/cilium-1.x

12 commits
73e2d72114 ... f873fd191b

Author SHA1 Message Date
Renovate
f873fd191b chore(deps): pin dependencies 2026-05-14 20:03:30 +00:00
pgijsbertsen
d1c6ac7202
chore(lidarr): Switch to nightly builds 2026-05-14 21:57:46 +02:00
pgijsbertsen
dfd74ecc6d
fix(lidarr): Increase pvc size 2026-05-14 21:40:06 +02:00
pgijsbertsen
6a9c153f5c
feat: Add RomM 2026-05-14 21:09:05 +02:00
pgijsbertsen
50a206c943
chore: Bump Cilium to 1.18.10 2026-05-14 16:38:55 +02:00
pgijsbertsen
bae217dc34
refactor(nfs-media): Refactor into subdirectory PVCs 2026-05-14 15:53:43 +02:00
pgijsbertsen
3ac9c8071c
feat: share downloads dir 2026-05-10 12:59:42 +02:00
pgijsbertsen
5b910059ea
feat: Set correct download dir 2026-05-09 22:05:37 +02:00
pgijsbertsen
a14da8e3b1
feat: Authenticate to soulseek 2026-05-09 21:32:38 +02:00
pgijsbertsen
b1d4b32fdb
feat: include secrets 2026-05-09 21:12:40 +02:00
pgijsbertsen
7682efd256
feat: Enable inputport 2026-05-09 21:09:18 +02:00
pgijsbertsen
cadd4fe9a5
feat: Enable webui 2026-05-09 21:05:33 +02:00
38 changed files with 720 additions and 102 deletions
Download patch file Download diff file Expand all files Collapse all files

2
k8s-peterg/argo-workflows/values.yaml
View file

@ -155,7 +155,7 @@ server:
# -- Repository to use for the server # -- Repository to use for the server
repository: argoproj/argocli repository: argoproj/argocli
# -- Image tag for the Argo Workflows server. Defaults to `.Values.images.tag`. # -- Image tag for the Argo Workflows server. Defaults to `.Values.images.tag`.
tag: "" tag: "@sha256:4bd385f07e5245fb7028923cc03fc47515623f553a7e4ffcdd66fb3009133f15"
rbac: rbac:
# -- Adds Role and RoleBinding for the server. # -- Adds Role and RoleBinding for the server.
create: true create: true

19
k8s-peterg/argocd/applications-wheatley.yaml
View file

@ -216,3 +216,22 @@ spec:
automated: automated:
prune: true prune: true
selfHeal: true selfHeal: true
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: romm
namespace: argocd
spec:
project: default
source:
repoURL: https://code.peterg.nl/wheatley/kubernetes.git
path: k8s-wheatley/romm
targetRevision: HEAD
destination:
server: https://10.13.37.10:6443
namespace: romm
syncPolicy:
automated:
prune: true
selfHeal: true

13
k8s-wheatley/lidarr/deployments.yaml
View file

@ -28,8 +28,10 @@ spec:
volumeMounts: volumeMounts:
- mountPath: /config - mountPath: /config
name: lidarr-config name: lidarr-config
- mountPath: /shared/media - mountPath: /shared/media/music
name: nfs-media name: nfs-media-music
- mountPath: /shared/media/downloads
name: nfs-media-downloads
securityContext: securityContext:
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
@ -45,6 +47,9 @@ spec:
- name: lidarr-config - name: lidarr-config
persistentVolumeClaim: persistentVolumeClaim:
claimName: lidarr-storage claimName: lidarr-storage
- name: nfs-media - name: nfs-media-music
persistentVolumeClaim: persistentVolumeClaim:
claimName: nfs-media claimName: nfs-media-music
- name: nfs-media-downloads
persistentVolumeClaim:
claimName: nfs-media-downloads

29
k8s-wheatley/lidarr/kustomization.yaml
View file

@ -4,7 +4,6 @@ kind: Kustomization
namespace: lidarr namespace: lidarr
resources: resources:
- ../../kustomize-bases/nfs-media
- configmap.yaml - configmap.yaml
- deployments.yaml - deployments.yaml
- ingress.yaml - ingress.yaml
@ -12,22 +11,40 @@ resources:
- services.yaml - services.yaml
- namespace.yaml - namespace.yaml
components:
- ../../kustomize-bases/nfs-media/components/music
- ../../kustomize-bases/nfs-media/components/downloads
patches: patches:
- target: - target:
kind: PersistentVolume kind: PersistentVolume
name: nfs-media name: nfs-media-music
patch: | patch: |
- op: replace - op: replace
path: /metadata/name path: /metadata/name
value: nfs-media-lidarr value: nfs-media-lidarr-music
- target: - target:
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
name: nfs-media name: nfs-media-music
patch: | patch: |
- op: replace - op: replace
path: /spec/volumeName path: /spec/volumeName
value: nfs-media-lidarr value: nfs-media-lidarr-music
- target:
kind: PersistentVolume
name: nfs-media-downloads
patch: |
- op: replace
path: /metadata/name
value: nfs-media-lidarr-downloads
- target:
kind: PersistentVolumeClaim
name: nfs-media-downloads
patch: |
- op: replace
path: /spec/volumeName
value: nfs-media-lidarr-downloads
images: images:
- name: linuxserver/lidarr - name: linuxserver/lidarr
newTag: 3.1.0@sha256:d2f944115de2ca6754ad142ee92f9db481b1574c7bc030974d624584106b78d7 newTag: 3.1.2-nightly@sha256:854684b3df33139a8907fa3e316a3c030676e8e753b7fac78b98d297b8cc6fe0

2
k8s-wheatley/lidarr/pvc.yaml
View file

@ -9,4 +9,4 @@ spec:
- ReadWriteOnce - ReadWriteOnce
resources: resources:
requests: requests:
storage: 5Gi storage: 10Gi

18
k8s-wheatley/plex/deployments.yaml
View file

@ -28,8 +28,12 @@ spec:
volumeMounts: volumeMounts:
- mountPath: /config - mountPath: /config
name: plex-config name: plex-config
- mountPath: /data - mountPath: /data/movies
name: nfs-media name: nfs-media-movies
- mountPath: /data/series
name: nfs-media-series
- mountPath: /data/anime
name: nfs-media-anime
securityContext: securityContext:
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
@ -45,6 +49,12 @@ spec:
- name: plex-config - name: plex-config
persistentVolumeClaim: persistentVolumeClaim:
claimName: plex-storage claimName: plex-storage
- name: nfs-media - name: nfs-media-movies
persistentVolumeClaim: persistentVolumeClaim:
claimName: nfs-media claimName: nfs-media-movies
- name: nfs-media-series
persistentVolumeClaim:
claimName: nfs-media-series
- name: nfs-media-anime
persistentVolumeClaim:
claimName: nfs-media-anime

54
k8s-wheatley/plex/kustomization.yaml
View file

@ -4,7 +4,6 @@ kind: Kustomization
namespace: plex namespace: plex
resources: resources:
- ../../kustomize-bases/nfs-media
- configmap.yaml - configmap.yaml
- deployments.yaml - deployments.yaml
- ingress.yaml - ingress.yaml
@ -13,24 +12,69 @@ resources:
- services.yaml - services.yaml
- namespace.yaml - namespace.yaml
components:
- ../../kustomize-bases/nfs-media/components/movies
- ../../kustomize-bases/nfs-media/components/series
- ../../kustomize-bases/nfs-media/components/anime
patches: patches:
- target: - target:
kind: PersistentVolume kind: PersistentVolume
name: nfs-media name: nfs-media-movies
patch: | patch: |
- op: replace - op: replace
path: /metadata/name path: /metadata/name
value: nfs-media-plex value: nfs-media-plex-movies
- op: replace - op: replace
path: /spec/accessModes/0 path: /spec/accessModes/0
value: ReadOnlyMany value: ReadOnlyMany
- target: - target:
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
name: nfs-media name: nfs-media-movies
patch: | patch: |
- op: replace - op: replace
path: /spec/volumeName path: /spec/volumeName
value: nfs-media-plex value: nfs-media-plex-movies
- op: replace
path: /spec/accessModes/0
value: ReadOnlyMany
- target:
kind: PersistentVolume
name: nfs-media-series
patch: |
- op: replace
path: /metadata/name
value: nfs-media-plex-series
- op: replace
path: /spec/accessModes/0
value: ReadOnlyMany
- target:
kind: PersistentVolumeClaim
name: nfs-media-series
patch: |
- op: replace
path: /spec/volumeName
value: nfs-media-plex-series
- op: replace
path: /spec/accessModes/0
value: ReadOnlyMany
- target:
kind: PersistentVolume
name: nfs-media-anime
patch: |
- op: replace
path: /metadata/name
value: nfs-media-plex-anime
- op: replace
path: /spec/accessModes/0
value: ReadOnlyMany
- target:
kind: PersistentVolumeClaim
name: nfs-media-anime
patch: |
- op: replace
path: /spec/volumeName
value: nfs-media-plex-anime
- op: replace - op: replace
path: /spec/accessModes/0 path: /spec/accessModes/0
value: ReadOnlyMany value: ReadOnlyMany

6
k8s-wheatley/qbittorrent/configmap.yaml
View file

@ -12,7 +12,7 @@ data:
VPN_PORT_FORWARDING_UP_COMMAND: "/scripts/port-up.sh" VPN_PORT_FORWARDING_UP_COMMAND: "/scripts/port-up.sh"
VPN_PORT_FORWARDING_DOWN_COMMAND: "/scripts/port-down.sh" VPN_PORT_FORWARDING_DOWN_COMMAND: "/scripts/port-down.sh"
FIREWALL_OUTBOUND_SUBNETS: 10.244.0.0/16,10.96.0.0/12 FIREWALL_OUTBOUND_SUBNETS: 10.244.0.0/16,10.96.0.0/12
FIREWALL_INPUT_PORTS: "8112" FIREWALL_INPUT_PORTS: "8112,5030"
--- ---
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
@ -49,7 +49,9 @@ data:
TZ: Europe/Amsterdam TZ: Europe/Amsterdam
PUID: "1000" PUID: "1000"
PGID: "1000" PGID: "1000"
SLSKD_HEADLESS: "true" SLSKD_DOWNLOADS_DIR: /shared/media/downloads/_slsk-downloads
SLSKD_INCOMPLETE_DIR: /shared/media/downloads/_slsk-incomplete
SLSKD_SHARED_DIR: "[Music]/shared/media/downloads/_slsk-downloads"
SLSKD_REMOTE_CONFIGURATION: "true" SLSKD_REMOTE_CONFIGURATION: "true"
SLSKD_VPN: "true" SLSKD_VPN: "true"
SLSKD_VPN_PORT_FORWARDING: "true" SLSKD_VPN_PORT_FORWARDING: "true"

12
k8s-wheatley/qbittorrent/deployments.yaml
View file

@ -94,7 +94,7 @@ spec:
- mountPath: /config - mountPath: /config
name: qbittorrent-config name: qbittorrent-config
- mountPath: /shared/media/downloads - mountPath: /shared/media/downloads
name: nfs-media name: nfs-media-downloads
securityContext: securityContext:
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
@ -114,7 +114,7 @@ spec:
name: unpackerr-env-secrets name: unpackerr-env-secrets
volumeMounts: volumeMounts:
- mountPath: /shared/media/downloads - mountPath: /shared/media/downloads
name: nfs-media name: nfs-media-downloads
securityContext: securityContext:
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
@ -130,11 +130,13 @@ spec:
envFrom: envFrom:
- configMapRef: - configMapRef:
name: slskd-envs name: slskd-envs
- secretRef:
name: slskd-env-secrets
volumeMounts: volumeMounts:
- mountPath: /config - mountPath: /config
name: slskd-config name: slskd-config
- mountPath: /shared/media/downloads - mountPath: /shared/media/downloads
name: nfs-media name: nfs-media-downloads
securityContext: securityContext:
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
@ -166,6 +168,6 @@ spec:
defaultMode: 0755 defaultMode: 0755
- name: gluetun-tmp - name: gluetun-tmp
emptyDir: {} emptyDir: {}
- name: nfs-media - name: nfs-media-downloads
persistentVolumeClaim: persistentVolumeClaim:
claimName: nfs-media claimName: nfs-media-downloads

17
k8s-wheatley/qbittorrent/kustomization.yaml
View file

@ -4,7 +4,6 @@ kind: Kustomization
namespace: qbittorrent namespace: qbittorrent
resources: resources:
- ../../kustomize-bases/nfs-media
- configmap.yaml - configmap.yaml
- deployments.yaml - deployments.yaml
- ingress.yaml - ingress.yaml
@ -12,24 +11,24 @@ resources:
- secrets.yaml - secrets.yaml
- namespace.yaml - namespace.yaml
components:
- ../../kustomize-bases/nfs-media/components/downloads
patches: patches:
- target: - target:
kind: PersistentVolume kind: PersistentVolume
name: nfs-media name: nfs-media-downloads
patch: | patch: |
- op: replace - op: replace
path: /metadata/name path: /metadata/name
value: nfs-media-qbittorrent value: nfs-media-qbittorrent-downloads
- op: replace
path: /spec/nfs/path
value: /tank/media/downloads
- target: - target:
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
name: nfs-media name: nfs-media-downloads
patch: | patch: |
- op: replace - op: replace
path: /spec/volumeName path: /spec/volumeName
value: nfs-media-qbittorrent value: nfs-media-qbittorrent-downloads
images: images:
- name: ghcr.io/qdm12/gluetun - name: ghcr.io/qdm12/gluetun
@ -37,4 +36,4 @@ images:
- name: docker.io/qbittorrentofficial/qbittorrent-nox - name: docker.io/qbittorrentofficial/qbittorrent-nox
newTag: 5.1.4-2@sha256:85fe2690f418dabffc4907276b3cdffcb7880c7114157b32f932d3b97bac45af newTag: 5.1.4-2@sha256:85fe2690f418dabffc4907276b3cdffcb7880c7114157b32f932d3b97bac45af
- name: docker.io/slskd/slskd - name: docker.io/slskd/slskd
newTag: 0.25.1 newTag: 0.25.1@sha256:ab9ed50e028b524cefdb7c1dd8ebca368a076e18441ee8ac2326473eb850b4c3

8
k8s-wheatley/qbittorrent/secrets.yaml
View file

@ -34,6 +34,14 @@ spec:
remoteRef: remoteRef:
key: secrets/managed/qbittorrent/slskd-env-secrets key: secrets/managed/qbittorrent/slskd-env-secrets
property: GLUETUN_API_KEY property: GLUETUN_API_KEY
- secretKey: SLSKD_SLSK_USERNAME
remoteRef:
key: secrets/managed/qbittorrent/slskd-env-secrets
property: SLSK_USERNAME
- secretKey: SLSKD_SLSK_PASSWORD
remoteRef:
key: secrets/managed/qbittorrent/slskd-env-secrets
property: SLSK_PASSWORD
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1

13
k8s-wheatley/radarr/deployments.yaml
View file

@ -28,8 +28,10 @@ spec:
volumeMounts: volumeMounts:
- mountPath: /config - mountPath: /config
name: radarr-config name: radarr-config
- mountPath: /shared/media - mountPath: /shared/media/movies
name: nfs-media name: nfs-media-movies
- mountPath: /shared/media/downloads
name: nfs-media-downloads
securityContext: securityContext:
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
@ -45,6 +47,9 @@ spec:
- name: radarr-config - name: radarr-config
persistentVolumeClaim: persistentVolumeClaim:
claimName: radarr-storage claimName: radarr-storage
- name: nfs-media - name: nfs-media-movies
persistentVolumeClaim: persistentVolumeClaim:
claimName: nfs-media claimName: nfs-media-movies
- name: nfs-media-downloads
persistentVolumeClaim:
claimName: nfs-media-downloads

27
k8s-wheatley/radarr/kustomization.yaml
View file

@ -4,7 +4,6 @@ kind: Kustomization
namespace: radarr namespace: radarr
resources: resources:
- ../../kustomize-bases/nfs-media
- configmap.yaml - configmap.yaml
- deployments.yaml - deployments.yaml
- ingress.yaml - ingress.yaml
@ -13,21 +12,39 @@ resources:
- services.yaml - services.yaml
- namespace.yaml - namespace.yaml
components:
- ../../kustomize-bases/nfs-media/components/movies
- ../../kustomize-bases/nfs-media/components/downloads
patches: patches:
- target: - target:
kind: PersistentVolume kind: PersistentVolume
name: nfs-media name: nfs-media-movies
patch: | patch: |
- op: replace - op: replace
path: /metadata/name path: /metadata/name
value: nfs-media-radarr value: nfs-media-radarr-movies
- target: - target:
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
name: nfs-media name: nfs-media-movies
patch: | patch: |
- op: replace - op: replace
path: /spec/volumeName path: /spec/volumeName
value: nfs-media-radarr value: nfs-media-radarr-movies
- target:
kind: PersistentVolume
name: nfs-media-downloads
patch: |
- op: replace
path: /metadata/name
value: nfs-media-radarr-downloads
- target:
kind: PersistentVolumeClaim
name: nfs-media-downloads
patch: |
- op: replace
path: /spec/volumeName
value: nfs-media-radarr-downloads
images: images:
- name: linuxserver/radarr - name: linuxserver/radarr

21
k8s-wheatley/romm/configmap.yaml Normal file
View file

@ -0,0 +1,21 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: romm-db-envs
data:
MARIADB_DATABASE: romm
MARIADB_USER: romm
TZ: Europe/Amsterdam
---
apiVersion: v1
kind: ConfigMap
metadata:
name: romm-envs
data:
DB_HOST: 127.0.0.1
DB_NAME: romm
DB_USER: romm
ROMM_PORT: "8080"
HASHEOUS_API_ENABLED: "true"
TZ: Europe/Amsterdam

83
k8s-wheatley/romm/deployments.yaml Normal file
View file

@ -0,0 +1,83 @@
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: romm
labels:
app: romm
spec:
replicas: 1
serviceName: romm
selector:
matchLabels:
app: romm
template:
metadata:
labels:
app: romm
spec:
initContainers:
- name: romm-db
image: mariadb
envFrom:
- configMapRef:
name: romm-db-envs
- secretRef:
name: romm-db-env-secrets
volumeMounts:
- mountPath: /var/lib/mysql
name: romm-db-data
restartPolicy: Always
readinessProbe:
exec:
command:
- sh
- -c
- "healthcheck.sh --connect --innodb_initialized"
initialDelaySeconds: 5
periodSeconds: 3
timeoutSeconds: 2
failureThreshold: 3
livenessProbe:
exec:
command:
- sh
- -c
- "healthcheck.sh --connect --innodb_initialized"
initialDelaySeconds: 10
periodSeconds: 15
timeoutSeconds: 2
failureThreshold: 3
containers:
- name: romm
image: rommapp/romm
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
envFrom:
- configMapRef:
name: romm-envs
- secretRef:
name: romm-env-secrets
volumeMounts:
- mountPath: /romm
name: romm-data
- mountPath: /romm/library
name: nfs-media-roms
readOnly: true
- mountPath: /romm/downloads
name: nfs-media-downloads
readOnly: true
volumes:
- name: romm-db-data
persistentVolumeClaim:
claimName: romm-db-storage
- name: romm-data
persistentVolumeClaim:
claimName: romm-storage
- name: nfs-media-roms
persistentVolumeClaim:
claimName: nfs-media-roms
- name: nfs-media-downloads
persistentVolumeClaim:
claimName: nfs-media-downloads

16
k8s-wheatley/romm/ingress.yaml Normal file
View file

@ -0,0 +1,16 @@
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: romm-route
spec:
parentRefs:
- name: internal
namespace: kube-system
sectionName: https
hostnames:
- "roms.wheatley.in"
rules:
- backendRefs:
- name: romm
port: 80

53
k8s-wheatley/romm/kustomization.yaml Normal file
View file

@ -0,0 +1,53 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: romm
resources:
- configmap.yaml
- deployments.yaml
- ingress.yaml
- pvc.yaml
- secrets.yaml
- services.yaml
- namespace.yaml
components:
- ../../kustomize-bases/nfs-media/components/roms
- ../../kustomize-bases/nfs-media/components/downloads
patches:
- target:
kind: PersistentVolume
name: nfs-media-roms
patch: |
- op: replace
path: /metadata/name
value: nfs-media-romm-roms
- target:
kind: PersistentVolume
name: nfs-media-downloads
patch: |
- op: replace
path: /metadata/name
value: nfs-media-romm-downloads
- target:
kind: PersistentVolumeClaim
name: nfs-media-roms
patch: |
- op: replace
path: /spec/volumeName
value: nfs-media-romm-roms
- target:
kind: PersistentVolumeClaim
name: nfs-media-downloads
patch: |
- op: replace
path: /spec/volumeName
value: nfs-media-romm-downloads
images:
- name: mariadb
newTag: lts@sha256:78a5047d3ba33975f183f183c2464cc7f1eab13ec8667e57cc9a5821d6da7577
- name: rommapp/romm
newTag: 4.8.1@sha256:2b7a1714b287f69b081ad2a63bb8c2fa673666a17b2f21322b580b0cd51cb266

5
k8s-wheatley/romm/namespace.yaml Normal file
View file

@ -0,0 +1,5 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: romm

24
k8s-wheatley/romm/pvc.yaml Normal file
View file

@ -0,0 +1,24 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: romm-db-storage
spec:
storageClassName: piraeus-lvmthin
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: romm-storage
spec:
storageClassName: piraeus-lvmthin
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi

52
k8s-wheatley/romm/secrets.yaml Normal file
View file

@ -0,0 +1,52 @@
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: romm-db-env-secrets
spec:
secretStoreRef:
name: vault-wheatley
kind: ClusterSecretStore
target:
name: romm-db-env-secrets
data:
- secretKey: MARIADB_ROOT_PASSWORD
remoteRef:
key: secrets/managed/romm/romm-db
property: ROOT_PASSWORD
- secretKey: MARIADB_PASSWORD
remoteRef:
key: secrets/managed/romm/romm-db
property: PASSWORD
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: romm-env-secrets
spec:
secretStoreRef:
name: vault-wheatley
kind: ClusterSecretStore
target:
name: romm-env-secrets
data:
- secretKey: DB_PASSWD
remoteRef:
key: secrets/managed/romm/romm-db
property: PASSWORD
- secretKey: ROMM_AUTH_SECRET_KEY
remoteRef:
key: secrets/managed/romm/romm
property: SECRET_KEY
- secretKey: IGDB_CLIENT_ID
remoteRef:
key: secrets/managed/romm/romm
property: IGDB_CLIENT_ID
- secretKey: IGDB_CLIENT_SECRET
remoteRef:
key: secrets/managed/romm/romm
property: IGDB_CLIENT_SECRET
- secretKey: STEAMGRIDDB_API_KEY
remoteRef:
key: secrets/managed/romm/romm
property: STEAMGRIDDB_API_KEY

12
k8s-wheatley/romm/services.yaml Normal file
View file

@ -0,0 +1,12 @@
---
apiVersion: v1
kind: Service
metadata:
name: romm
spec:
selector:
app: romm
ports:
- port: 80
protocol: TCP
targetPort: 8080

18
k8s-wheatley/sonarr/deployments.yaml
View file

@ -28,8 +28,12 @@ spec:
volumeMounts: volumeMounts:
- mountPath: /config - mountPath: /config
name: sonarr-config name: sonarr-config
- mountPath: /shared/media - mountPath: /shared/media/series
name: nfs-media name: nfs-media-series
- mountPath: /shared/media/anime
name: nfs-media-anime
- mountPath: /shared/media/downloads
name: nfs-media-downloads
securityContext: securityContext:
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
@ -45,6 +49,12 @@ spec:
- name: sonarr-config - name: sonarr-config
persistentVolumeClaim: persistentVolumeClaim:
claimName: sonarr-storage claimName: sonarr-storage
- name: nfs-media - name: nfs-media-series
persistentVolumeClaim: persistentVolumeClaim:
claimName: nfs-media claimName: nfs-media-series
- name: nfs-media-anime
persistentVolumeClaim:
claimName: nfs-media-anime
- name: nfs-media-downloads
persistentVolumeClaim:
claimName: nfs-media-downloads

42
k8s-wheatley/sonarr/kustomization.yaml
View file

@ -4,7 +4,6 @@ kind: Kustomization
namespace: sonarr namespace: sonarr
resources: resources:
- ../../kustomize-bases/nfs-media
- configmap.yaml - configmap.yaml
- deployments.yaml - deployments.yaml
- ingress.yaml - ingress.yaml
@ -13,21 +12,54 @@ resources:
- services.yaml - services.yaml
- namespace.yaml - namespace.yaml
components:
- ../../kustomize-bases/nfs-media/components/series
- ../../kustomize-bases/nfs-media/components/anime
- ../../kustomize-bases/nfs-media/components/downloads
patches: patches:
- target: - target:
kind: PersistentVolume kind: PersistentVolume
name: nfs-media name: nfs-media-series
patch: | patch: |
- op: replace - op: replace
path: /metadata/name path: /metadata/name
value: nfs-media-sonarr value: nfs-media-sonarr-series
- target: - target:
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
name: nfs-media name: nfs-media-series
patch: | patch: |
- op: replace - op: replace
path: /spec/volumeName path: /spec/volumeName
value: nfs-media-sonarr value: nfs-media-sonarr-series
- target:
kind: PersistentVolume
name: nfs-media-anime
patch: |
- op: replace
path: /metadata/name
value: nfs-media-sonarr-anime
- target:
kind: PersistentVolumeClaim
name: nfs-media-anime
patch: |
- op: replace
path: /spec/volumeName
value: nfs-media-sonarr-anime
- target:
kind: PersistentVolume
name: nfs-media-downloads
patch: |
- op: replace
path: /metadata/name
value: nfs-media-sonarr-downloads
- target:
kind: PersistentVolumeClaim
name: nfs-media-downloads
patch: |
- op: replace
path: /spec/volumeName
value: nfs-media-sonarr-downloads
images: images:
- name: linuxserver/sonarr - name: linuxserver/sonarr

2
kustomize-bases/cilium/kustomization.yaml
View file

@ -13,5 +13,5 @@ helmCharts:
repo: https://helm.cilium.io repo: https://helm.cilium.io
namespace: kube-system namespace: kube-system
releaseName: cilium releaseName: cilium
version: 1.18.6 version: 1.18.10
valuesFile: values.yaml valuesFile: values.yaml

5
kustomize-bases/nfs-media/components/anime/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- pvc.yaml

33
kustomize-bases/nfs-media/components/anime/pvc.yaml Normal file
View file

@ -0,0 +1,33 @@
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: nfs-media-anime
spec:
capacity:
storage: 40Ti
accessModes:
- ReadWriteMany
nfs:
server: 10.0.69.10
path: /tank/media/anime
mountOptions:
- vers=4.1
- rsize=1048576
- wsize=1048576
- hard
- timeo=600
- noatime
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs-media-anime
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 40Ti
volumeName: nfs-media-anime

5
kustomize-bases/nfs-media/components/downloads/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- pvc.yaml

33
kustomize-bases/nfs-media/components/downloads/pvc.yaml Normal file
View file

@ -0,0 +1,33 @@
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: nfs-media-downloads
spec:
capacity:
storage: 40Ti
accessModes:
- ReadWriteMany
nfs:
server: 10.0.69.10
path: /tank/media/downloads
mountOptions:
- vers=4.1
- rsize=1048576
- wsize=1048576
- hard
- timeo=600
- noatime
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs-media-downloads
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 40Ti
volumeName: nfs-media-downloads

5
kustomize-bases/nfs-media/components/movies/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- pvc.yaml

33
kustomize-bases/nfs-media/components/movies/pvc.yaml Normal file
View file

@ -0,0 +1,33 @@
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: nfs-media-movies
spec:
capacity:
storage: 40Ti
accessModes:
- ReadWriteMany
nfs:
server: 10.0.69.10
path: /tank/media/movies
mountOptions:
- vers=4.1
- rsize=1048576
- wsize=1048576
- hard
- timeo=600
- noatime
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs-media-movies
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 40Ti
volumeName: nfs-media-movies

5
kustomize-bases/nfs-media/components/music/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- pvc.yaml

33
kustomize-bases/nfs-media/components/music/pvc.yaml Normal file
View file

@ -0,0 +1,33 @@
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: nfs-media-music
spec:
capacity:
storage: 40Ti
accessModes:
- ReadWriteMany
nfs:
server: 10.0.69.10
path: /tank/media/music
mountOptions:
- vers=4.1
- rsize=1048576
- wsize=1048576
- hard
- timeo=600
- noatime
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs-media-music
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 40Ti
volumeName: nfs-media-music

5
kustomize-bases/nfs-media/components/roms/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- pvc.yaml

33
kustomize-bases/nfs-media/components/roms/pvc.yaml Normal file
View file

@ -0,0 +1,33 @@
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: nfs-media-roms
spec:
capacity:
storage: 40Ti
accessModes:
- ReadWriteMany
nfs:
server: 10.0.69.10
path: /tank/media/roms
mountOptions:
- vers=4.1
- rsize=1048576
- wsize=1048576
- hard
- timeo=600
- noatime
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs-media-roms
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 40Ti
volumeName: nfs-media-roms

5
kustomize-bases/nfs-media/components/series/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- pvc.yaml

33
kustomize-bases/nfs-media/components/series/pvc.yaml Normal file
View file

@ -0,0 +1,33 @@
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: nfs-media-series
spec:
capacity:
storage: 40Ti
accessModes:
- ReadWriteMany
nfs:
server: 10.0.69.10
path: /tank/media/series
mountOptions:
- vers=4.1
- rsize=1048576
- wsize=1048576
- hard
- timeo=600
- noatime
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs-media-series
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 40Ti
volumeName: nfs-media-series

6
kustomize-bases/nfs-media/kustomization.yaml
View file

@ -1,6 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- pvc.yaml

40
kustomize-bases/nfs-media/pvc.yaml
View file

@ -1,40 +0,0 @@
# Shared NFS media storage template — used by plex, sonarr, radarr, and qbittorrent.
# All apps on k8s-wheatley mount the same NFS server: 10.0.69.10
#
# Each app overlays this base with JSON patches in its kustomization.yaml:
# - Always: rename PV (metadata.name) and update PVC volumeName to match
# - plex only: patch accessModes to ReadOnlyMany on both PV and PVC
# - qbittorrent only: patch nfs.path to /tank/media/downloads
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: nfs-media # renamed per-app via JSON patch
spec:
capacity:
storage: 40Ti
accessModes:
- ReadWriteMany
nfs:
server: 10.0.69.10
path: /tank/media
mountOptions:
- vers=4.1
- rsize=1048576
- wsize=1048576
- hard
- timeo=600
- noatime
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs-media
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 40Ti
volumeName: nfs-media # patched per-app to match PV name