chore(deps): update helm release renovate-operator to v4.8.0

chore: Bump Cilium to 1.18.10
refactor(nfs-media): Refactor into subdirectory PVCs
2026-05-14 19:04:18 +00:00 · 2026-05-14 16:38:55 +02:00 · 2026-05-14 15:53:43 +02:00 · 2026-05-10 12:59:42 +02:00 · 2026-05-09 22:05:37 +02:00 · 2026-05-09 21:32:38 +02:00
31 changed files with 568 additions and 112 deletions
--- a/k8s-peterg/renovate-operator/kustomization.yaml
+++ b/k8s-peterg/renovate-operator/kustomization.yaml
@ -15,5 +15,5 @@ helmCharts:
    repo: https://helm.mogenius.com/public
    namespace: renovate-operator
    releaseName: renovate-operator
-    version: "4.7.0"
+    version: "4.8.0"
    valuesFile: values.yaml
--- a/k8s-wheatley/lidarr/deployments.yaml
+++ b/k8s-wheatley/lidarr/deployments.yaml
@ -28,8 +28,10 @@ spec:
          volumeMounts:
            - mountPath: /config
              name: lidarr-config
-            - mountPath: /shared/media
-              name: nfs-media
+            - mountPath: /shared/media/music
+              name: nfs-media-music
+            - mountPath: /shared/media/downloads
+              name: nfs-media-downloads
          securityContext:
            seccompProfile:
              type: RuntimeDefault
@ -45,6 +47,9 @@ spec:
        - name: lidarr-config
          persistentVolumeClaim:
            claimName: lidarr-storage
-        - name: nfs-media
+        - name: nfs-media-music
          persistentVolumeClaim:
-            claimName: nfs-media
+            claimName: nfs-media-music
+        - name: nfs-media-downloads
+          persistentVolumeClaim:
+            claimName: nfs-media-downloads
--- a/k8s-wheatley/lidarr/kustomization.yaml
+++ b/k8s-wheatley/lidarr/kustomization.yaml
@ -4,7 +4,6 @@ kind: Kustomization
 namespace: lidarr

 resources:
-  - ../../kustomize-bases/nfs-media
  - configmap.yaml
  - deployments.yaml
  - ingress.yaml
@ -12,21 +11,39 @@ resources:
  - services.yaml
  - namespace.yaml

+components:
+  - ../../kustomize-bases/nfs-media/components/music
+  - ../../kustomize-bases/nfs-media/components/downloads
+
 patches:
  - target:
      kind: PersistentVolume
-      name: nfs-media
+      name: nfs-media-music
    patch: |
      - op: replace
        path: /metadata/name
-        value: nfs-media-lidarr
+        value: nfs-media-lidarr-music
  - target:
      kind: PersistentVolumeClaim
-      name: nfs-media
+      name: nfs-media-music
    patch: |
      - op: replace
        path: /spec/volumeName
-        value: nfs-media-lidarr
+        value: nfs-media-lidarr-music
+  - target:
+      kind: PersistentVolume
+      name: nfs-media-downloads
+    patch: |
+      - op: replace
+        path: /metadata/name
+        value: nfs-media-lidarr-downloads
+  - target:
+      kind: PersistentVolumeClaim
+      name: nfs-media-downloads
+    patch: |
+      - op: replace
+        path: /spec/volumeName
+        value: nfs-media-lidarr-downloads

 images:
  - name: linuxserver/lidarr
--- a/k8s-wheatley/plex/deployments.yaml
+++ b/k8s-wheatley/plex/deployments.yaml
@ -28,8 +28,12 @@ spec:
          volumeMounts:
            - mountPath: /config
              name: plex-config
-            - mountPath: /data
-              name: nfs-media
+            - mountPath: /data/movies
+              name: nfs-media-movies
+            - mountPath: /data/series
+              name: nfs-media-series
+            - mountPath: /data/anime
+              name: nfs-media-anime
          securityContext:
            seccompProfile:
              type: RuntimeDefault
@ -45,6 +49,12 @@ spec:
        - name: plex-config
          persistentVolumeClaim:
            claimName: plex-storage
-        - name: nfs-media
+        - name: nfs-media-movies
          persistentVolumeClaim:
-            claimName: nfs-media
+            claimName: nfs-media-movies
+        - name: nfs-media-series
+          persistentVolumeClaim:
+            claimName: nfs-media-series
+        - name: nfs-media-anime
+          persistentVolumeClaim:
+            claimName: nfs-media-anime
--- a/k8s-wheatley/plex/kustomization.yaml
+++ b/k8s-wheatley/plex/kustomization.yaml
@ -4,7 +4,6 @@ kind: Kustomization
 namespace: plex

 resources:
-  - ../../kustomize-bases/nfs-media
  - configmap.yaml
  - deployments.yaml
  - ingress.yaml
@ -13,24 +12,69 @@ resources:
  - services.yaml
  - namespace.yaml

+components:
+  - ../../kustomize-bases/nfs-media/components/movies
+  - ../../kustomize-bases/nfs-media/components/series
+  - ../../kustomize-bases/nfs-media/components/anime
+
 patches:
  - target:
      kind: PersistentVolume
-      name: nfs-media
+      name: nfs-media-movies
    patch: |
      - op: replace
        path: /metadata/name
-        value: nfs-media-plex
+        value: nfs-media-plex-movies
      - op: replace
        path: /spec/accessModes/0
        value: ReadOnlyMany
  - target:
      kind: PersistentVolumeClaim
-      name: nfs-media
+      name: nfs-media-movies
    patch: |
      - op: replace
        path: /spec/volumeName
-        value: nfs-media-plex
+        value: nfs-media-plex-movies
+      - op: replace
+        path: /spec/accessModes/0
+        value: ReadOnlyMany
+  - target:
+      kind: PersistentVolume
+      name: nfs-media-series
+    patch: |
+      - op: replace
+        path: /metadata/name
+        value: nfs-media-plex-series
+      - op: replace
+        path: /spec/accessModes/0
+        value: ReadOnlyMany
+  - target:
+      kind: PersistentVolumeClaim
+      name: nfs-media-series
+    patch: |
+      - op: replace
+        path: /spec/volumeName
+        value: nfs-media-plex-series
+      - op: replace
+        path: /spec/accessModes/0
+        value: ReadOnlyMany
+  - target:
+      kind: PersistentVolume
+      name: nfs-media-anime
+    patch: |
+      - op: replace
+        path: /metadata/name
+        value: nfs-media-plex-anime
+      - op: replace
+        path: /spec/accessModes/0
+        value: ReadOnlyMany
+  - target:
+      kind: PersistentVolumeClaim
+      name: nfs-media-anime
+    patch: |
+      - op: replace
+        path: /spec/volumeName
+        value: nfs-media-plex-anime
      - op: replace
        path: /spec/accessModes/0
        value: ReadOnlyMany
--- a/k8s-wheatley/qbittorrent/configmap.yaml
+++ b/k8s-wheatley/qbittorrent/configmap.yaml
@ -12,7 +12,7 @@ data:
  VPN_PORT_FORWARDING_UP_COMMAND: "/scripts/port-up.sh"
  VPN_PORT_FORWARDING_DOWN_COMMAND: "/scripts/port-down.sh"
  FIREWALL_OUTBOUND_SUBNETS: 10.244.0.0/16,10.96.0.0/12
-  FIREWALL_INPUT_PORTS: "8112"
+  FIREWALL_INPUT_PORTS: "8112,5030"
 ---
 apiVersion: v1
 kind: ConfigMap
@ -43,6 +43,22 @@ data:
 ---
 apiVersion: v1
 kind: ConfigMap
+metadata:
+  name: slskd-envs
+data:
+  TZ: Europe/Amsterdam
+  PUID: "1000"
+  PGID: "1000"
+  SLSKD_DOWNLOADS_DIR: /shared/media/downloads/_slsk-downloads
+  SLSKD_INCOMPLETE_DIR: /shared/media/downloads/_slsk-incomplete
+  SLSKD_SHARED_DIR: "[Music]/shared/media/downloads/_slsk-downloads"
+  SLSKD_REMOTE_CONFIGURATION: "true"
+  SLSKD_VPN: "true"
+  SLSKD_VPN_PORT_FORWARDING: "true"
+  SLSKD_VPN_GLUETUN_URL: http://localhost:8000
+---
+apiVersion: v1
+kind: ConfigMap
 metadata:
  name: unpackerr-envs
 data:
--- a/k8s-wheatley/qbittorrent/deployments.yaml
+++ b/k8s-wheatley/qbittorrent/deployments.yaml
@ -21,16 +21,21 @@ spec:
        - name: gluetun
          image: ghcr.io/qdm12/gluetun
          ports:
-            - name: http
+            - name: qbit-http
              containerPort: 8112
              protocol: TCP
+            - name: slskd-http
+              containerPort: 5030
+              protocol: TCP
          envFrom:
            - configMapRef:
                name: gluetun-envs
+            - secretRef:
+                name: gluetun-env-secrets
          volumeMounts:
            - mountPath: /dev/net/tun
              name: dev-tun
-            - mountPath: "/gluetun/wireguard"
+            - mountPath: /gluetun/wireguard
              name: gluetun-wgconfig
              readOnly: true
            - name: gluetun-scripts
@ -89,7 +94,7 @@ spec:
            - mountPath: /config
              name: qbittorrent-config
            - mountPath: /shared/media/downloads
-              name: nfs-media
+              name: nfs-media-downloads
          securityContext:
            seccompProfile:
              type: RuntimeDefault
@ -109,7 +114,7 @@ spec:
                name: unpackerr-env-secrets
          volumeMounts:
            - mountPath: /shared/media/downloads
-              name: nfs-media
+              name: nfs-media-downloads
          securityContext:
            seccompProfile:
              type: RuntimeDefault
@ -119,6 +124,30 @@ spec:
            capabilities:
              drop:
                - "ALL"
+        - name: slskd
+          image: docker.io/slskd/slskd
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - configMapRef:
+                name: slskd-envs
+            - secretRef:
+                name: slskd-env-secrets
+          volumeMounts:
+            - mountPath: /config
+              name: slskd-config
+            - mountPath: /shared/media/downloads
+              name: nfs-media-downloads
+          securityContext:
+            seccompProfile:
+              type: RuntimeDefault
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - "ALL"
+              add:
+                - "CHOWN"
+                - "SETUID"
+                - "SETGID"
      volumes:
        - name: dev-tun
          hostPath:
@ -127,6 +156,9 @@ spec:
        - name: qbittorrent-config
          persistentVolumeClaim:
            claimName: qbittorrent-storage
+        - name: slskd-config
+          persistentVolumeClaim:
+            claimName: slskd-storage
        - name: gluetun-wgconfig
          secret:
            secretName: gluetun-wgconfig
@ -136,6 +168,6 @@ spec:
            defaultMode: 0755
        - name: gluetun-tmp
          emptyDir: {}
-        - name: nfs-media
+        - name: nfs-media-downloads
          persistentVolumeClaim:
-            claimName: nfs-media
+            claimName: nfs-media-downloads
--- a/k8s-wheatley/qbittorrent/ingress.yaml
+++ b/k8s-wheatley/qbittorrent/ingress.yaml
@ -14,3 +14,46 @@ spec:
    - backendRefs:
        - name: qbittorrent
          port: 80
+
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: slskd-route
+spec:
+  parentRefs:
+    - name: internal
+      namespace: kube-system
+      sectionName: https
+  hostnames:
+    - "slskd.wheatley.in"
+  rules:
+    - backendRefs:
+        - name: slskd
+          port: 80
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: qbittorrent
+spec:
+  selector:
+    app: qbittorrent
+  ports:
+    - port: 80
+      protocol: TCP
+      targetPort: 8112
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: slskd
+spec:
+  selector:
+    app: qbittorrent
+  ports:
+    - port: 80
+      protocol: TCP
+      targetPort: 5030
--- a/k8s-wheatley/qbittorrent/kustomization.yaml
+++ b/k8s-wheatley/qbittorrent/kustomization.yaml
@ -4,36 +4,36 @@ kind: Kustomization
 namespace: qbittorrent

 resources:
-  - ../../kustomize-bases/nfs-media
  - configmap.yaml
  - deployments.yaml
  - ingress.yaml
  - pvc.yaml
  - secrets.yaml
-  - services.yaml
  - namespace.yaml

+components:
+  - ../../kustomize-bases/nfs-media/components/downloads
+
 patches:
  - target:
      kind: PersistentVolume
-      name: nfs-media
+      name: nfs-media-downloads
    patch: |
      - op: replace
        path: /metadata/name
-        value: nfs-media-qbittorrent
-      - op: replace
-        path: /spec/nfs/path
-        value: /tank/media/downloads
+        value: nfs-media-qbittorrent-downloads
  - target:
      kind: PersistentVolumeClaim
-      name: nfs-media
+      name: nfs-media-downloads
    patch: |
      - op: replace
        path: /spec/volumeName
-        value: nfs-media-qbittorrent
+        value: nfs-media-qbittorrent-downloads

 images:
  - name: ghcr.io/qdm12/gluetun
    newTag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
  - name: docker.io/qbittorrentofficial/qbittorrent-nox
    newTag: 5.1.4-2@sha256:85fe2690f418dabffc4907276b3cdffcb7880c7114157b32f932d3b97bac45af
+  - name: docker.io/slskd/slskd
+    newTag: 0.25.1
--- a/k8s-wheatley/qbittorrent/pvc.yaml
+++ b/k8s-wheatley/qbittorrent/pvc.yaml
@ -10,3 +10,15 @@ spec:
  resources:
    requests:
      storage: 5Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: slskd-storage
+spec:
+  storageClassName: piraeus-lvmthin
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
--- a/k8s-wheatley/qbittorrent/secrets.yaml
+++ b/k8s-wheatley/qbittorrent/secrets.yaml
@ -17,6 +17,49 @@ spec:
      remoteRef:
        key: secrets/managed/qbittorrent/protonvpn-wgconfig
        property: config
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: slskd-env-secrets
+spec:
+  secretStoreRef:
+    name: vault-wheatley
+    kind: ClusterSecretStore
+  target:
+    name: slskd-env-secrets
+  data:
+    - secretKey: SLSKD_VPN_GLUETUN_API_KEY
+      remoteRef:
+        key: secrets/managed/qbittorrent/slskd-env-secrets
+        property: GLUETUN_API_KEY
+    - secretKey: SLSKD_SLSK_USERNAME
+      remoteRef:
+        key: secrets/managed/qbittorrent/slskd-env-secrets
+        property: SLSK_USERNAME
+    - secretKey: SLSKD_SLSK_PASSWORD
+      remoteRef:
+        key: secrets/managed/qbittorrent/slskd-env-secrets
+        property: SLSK_PASSWORD
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: gluetun-env-secrets
+spec:
+  secretStoreRef:
+    name: vault-wheatley
+    kind: ClusterSecretStore
+  target:
+    name: gluetun-env-secrets
+  data:
+    - secretKey: HTTP_CONTROL_SERVER_AUTH_DEFAULT_ROLE
+      remoteRef:
+        key: secrets/managed/qbittorrent/gluetun-env-secrets
+        property: HTTP_CONTROL_SERVER_AUTH_DEFAULT_ROLE
+
 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
--- a/k8s-wheatley/qbittorrent/services.yaml
+++ b/k8s-wheatley/qbittorrent/services.yaml
@ -1,12 +0,0 @@
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: qbittorrent
-spec:
-  selector:
-    app: qbittorrent
-  ports:
-    - port: 80
-      protocol: TCP
-      targetPort: 8112
--- a/k8s-wheatley/radarr/deployments.yaml
+++ b/k8s-wheatley/radarr/deployments.yaml
@ -28,8 +28,10 @@ spec:
          volumeMounts:
            - mountPath: /config
              name: radarr-config
-            - mountPath: /shared/media
-              name: nfs-media
+            - mountPath: /shared/media/movies
+              name: nfs-media-movies
+            - mountPath: /shared/media/downloads
+              name: nfs-media-downloads
          securityContext:
            seccompProfile:
              type: RuntimeDefault
@ -45,6 +47,9 @@ spec:
        - name: radarr-config
          persistentVolumeClaim:
            claimName: radarr-storage
-        - name: nfs-media
+        - name: nfs-media-movies
          persistentVolumeClaim:
-            claimName: nfs-media
+            claimName: nfs-media-movies
+        - name: nfs-media-downloads
+          persistentVolumeClaim:
+            claimName: nfs-media-downloads
--- a/k8s-wheatley/radarr/kustomization.yaml
+++ b/k8s-wheatley/radarr/kustomization.yaml
@ -4,7 +4,6 @@ kind: Kustomization
 namespace: radarr

 resources:
-  - ../../kustomize-bases/nfs-media
  - configmap.yaml
  - deployments.yaml
  - ingress.yaml
@ -13,21 +12,39 @@ resources:
  - services.yaml
  - namespace.yaml

+components:
+  - ../../kustomize-bases/nfs-media/components/movies
+  - ../../kustomize-bases/nfs-media/components/downloads
+
 patches:
  - target:
      kind: PersistentVolume
-      name: nfs-media
+      name: nfs-media-movies
    patch: |
      - op: replace
        path: /metadata/name
-        value: nfs-media-radarr
+        value: nfs-media-radarr-movies
  - target:
      kind: PersistentVolumeClaim
-      name: nfs-media
+      name: nfs-media-movies
    patch: |
      - op: replace
        path: /spec/volumeName
-        value: nfs-media-radarr
+        value: nfs-media-radarr-movies
+  - target:
+      kind: PersistentVolume
+      name: nfs-media-downloads
+    patch: |
+      - op: replace
+        path: /metadata/name
+        value: nfs-media-radarr-downloads
+  - target:
+      kind: PersistentVolumeClaim
+      name: nfs-media-downloads
+    patch: |
+      - op: replace
+        path: /spec/volumeName
+        value: nfs-media-radarr-downloads

 images:
  - name: linuxserver/radarr
--- a/k8s-wheatley/sonarr/deployments.yaml
+++ b/k8s-wheatley/sonarr/deployments.yaml
@ -28,8 +28,12 @@ spec:
          volumeMounts:
            - mountPath: /config
              name: sonarr-config
-            - mountPath: /shared/media
-              name: nfs-media
+            - mountPath: /shared/media/series
+              name: nfs-media-series
+            - mountPath: /shared/media/anime
+              name: nfs-media-anime
+            - mountPath: /shared/media/downloads
+              name: nfs-media-downloads
          securityContext:
            seccompProfile:
              type: RuntimeDefault
@ -45,6 +49,12 @@ spec:
        - name: sonarr-config
          persistentVolumeClaim:
            claimName: sonarr-storage
-        - name: nfs-media
+        - name: nfs-media-series
          persistentVolumeClaim:
-            claimName: nfs-media
+            claimName: nfs-media-series
+        - name: nfs-media-anime
+          persistentVolumeClaim:
+            claimName: nfs-media-anime
+        - name: nfs-media-downloads
+          persistentVolumeClaim:
+            claimName: nfs-media-downloads
--- a/k8s-wheatley/sonarr/kustomization.yaml
+++ b/k8s-wheatley/sonarr/kustomization.yaml
@ -4,7 +4,6 @@ kind: Kustomization
 namespace: sonarr

 resources:
-  - ../../kustomize-bases/nfs-media
  - configmap.yaml
  - deployments.yaml
  - ingress.yaml
@ -13,21 +12,54 @@ resources:
  - services.yaml
  - namespace.yaml

+components:
+  - ../../kustomize-bases/nfs-media/components/series
+  - ../../kustomize-bases/nfs-media/components/anime
+  - ../../kustomize-bases/nfs-media/components/downloads
+
 patches:
  - target:
      kind: PersistentVolume
-      name: nfs-media
+      name: nfs-media-series
    patch: |
      - op: replace
        path: /metadata/name
-        value: nfs-media-sonarr
+        value: nfs-media-sonarr-series
  - target:
      kind: PersistentVolumeClaim
-      name: nfs-media
+      name: nfs-media-series
    patch: |
      - op: replace
        path: /spec/volumeName
-        value: nfs-media-sonarr
+        value: nfs-media-sonarr-series
+  - target:
+      kind: PersistentVolume
+      name: nfs-media-anime
+    patch: |
+      - op: replace
+        path: /metadata/name
+        value: nfs-media-sonarr-anime
+  - target:
+      kind: PersistentVolumeClaim
+      name: nfs-media-anime
+    patch: |
+      - op: replace
+        path: /spec/volumeName
+        value: nfs-media-sonarr-anime
+  - target:
+      kind: PersistentVolume
+      name: nfs-media-downloads
+    patch: |
+      - op: replace
+        path: /metadata/name
+        value: nfs-media-sonarr-downloads
+  - target:
+      kind: PersistentVolumeClaim
+      name: nfs-media-downloads
+    patch: |
+      - op: replace
+        path: /spec/volumeName
+        value: nfs-media-sonarr-downloads

 images:
  - name: linuxserver/sonarr
--- a/kustomize-bases/cilium/kustomization.yaml
+++ b/kustomize-bases/cilium/kustomization.yaml
@ -13,5 +13,5 @@ helmCharts:
    repo: https://helm.cilium.io
    namespace: kube-system
    releaseName: cilium
-    version: 1.18.6
+    version: 1.18.10
    valuesFile: values.yaml
--- a/kustomize-bases/nfs-media/components/anime/kustomization.yaml
+++ b/kustomize-bases/nfs-media/components/anime/kustomization.yaml
@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+resources:
+  - pvc.yaml
--- a/kustomize-bases/nfs-media/components/anime/pvc.yaml
+++ b/kustomize-bases/nfs-media/components/anime/pvc.yaml
@ -0,0 +1,33 @@
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: nfs-media-anime
+spec:
+  capacity:
+    storage: 40Ti
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    server: 10.0.69.10
+    path: /tank/media/anime
+  mountOptions:
+    - vers=4.1
+    - rsize=1048576
+    - wsize=1048576
+    - hard
+    - timeo=600
+    - noatime
+  persistentVolumeReclaimPolicy: Retain
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nfs-media-anime
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 40Ti
+  volumeName: nfs-media-anime
--- a/kustomize-bases/nfs-media/components/downloads/kustomization.yaml
+++ b/kustomize-bases/nfs-media/components/downloads/kustomization.yaml
@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+resources:
+  - pvc.yaml
--- a/kustomize-bases/nfs-media/components/downloads/pvc.yaml
+++ b/kustomize-bases/nfs-media/components/downloads/pvc.yaml
@ -0,0 +1,33 @@
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: nfs-media-downloads
+spec:
+  capacity:
+    storage: 40Ti
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    server: 10.0.69.10
+    path: /tank/media/downloads
+  mountOptions:
+    - vers=4.1
+    - rsize=1048576
+    - wsize=1048576
+    - hard
+    - timeo=600
+    - noatime
+  persistentVolumeReclaimPolicy: Retain
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nfs-media-downloads
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 40Ti
+  volumeName: nfs-media-downloads
--- a/kustomize-bases/nfs-media/components/movies/kustomization.yaml
+++ b/kustomize-bases/nfs-media/components/movies/kustomization.yaml
@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+resources:
+  - pvc.yaml
--- a/kustomize-bases/nfs-media/components/movies/pvc.yaml
+++ b/kustomize-bases/nfs-media/components/movies/pvc.yaml
@ -0,0 +1,33 @@
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: nfs-media-movies
+spec:
+  capacity:
+    storage: 40Ti
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    server: 10.0.69.10
+    path: /tank/media/movies
+  mountOptions:
+    - vers=4.1
+    - rsize=1048576
+    - wsize=1048576
+    - hard
+    - timeo=600
+    - noatime
+  persistentVolumeReclaimPolicy: Retain
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nfs-media-movies
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 40Ti
+  volumeName: nfs-media-movies
--- a/kustomize-bases/nfs-media/components/music/kustomization.yaml
+++ b/kustomize-bases/nfs-media/components/music/kustomization.yaml
@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+resources:
+  - pvc.yaml
--- a/kustomize-bases/nfs-media/components/music/pvc.yaml
+++ b/kustomize-bases/nfs-media/components/music/pvc.yaml
@ -0,0 +1,33 @@
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: nfs-media-music
+spec:
+  capacity:
+    storage: 40Ti
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    server: 10.0.69.10
+    path: /tank/media/music
+  mountOptions:
+    - vers=4.1
+    - rsize=1048576
+    - wsize=1048576
+    - hard
+    - timeo=600
+    - noatime
+  persistentVolumeReclaimPolicy: Retain
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nfs-media-music
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 40Ti
+  volumeName: nfs-media-music
--- a/kustomize-bases/nfs-media/components/roms/kustomization.yaml
+++ b/kustomize-bases/nfs-media/components/roms/kustomization.yaml
@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+resources:
+  - pvc.yaml
--- a/kustomize-bases/nfs-media/components/roms/pvc.yaml
+++ b/kustomize-bases/nfs-media/components/roms/pvc.yaml
@ -0,0 +1,33 @@
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: nfs-media-roms
+spec:
+  capacity:
+    storage: 40Ti
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    server: 10.0.69.10
+    path: /tank/media/roms
+  mountOptions:
+    - vers=4.1
+    - rsize=1048576
+    - wsize=1048576
+    - hard
+    - timeo=600
+    - noatime
+  persistentVolumeReclaimPolicy: Retain
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nfs-media-roms
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 40Ti
+  volumeName: nfs-media-roms
--- a/kustomize-bases/nfs-media/components/series/kustomization.yaml
+++ b/kustomize-bases/nfs-media/components/series/kustomization.yaml
@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+resources:
+  - pvc.yaml
--- a/kustomize-bases/nfs-media/components/series/pvc.yaml
+++ b/kustomize-bases/nfs-media/components/series/pvc.yaml
@ -0,0 +1,33 @@
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: nfs-media-series
+spec:
+  capacity:
+    storage: 40Ti
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    server: 10.0.69.10
+    path: /tank/media/series
+  mountOptions:
+    - vers=4.1
+    - rsize=1048576
+    - wsize=1048576
+    - hard
+    - timeo=600
+    - noatime
+  persistentVolumeReclaimPolicy: Retain
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nfs-media-series
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 40Ti
+  volumeName: nfs-media-series
--- a/kustomize-bases/nfs-media/kustomization.yaml
+++ b/kustomize-bases/nfs-media/kustomization.yaml
@ -1,6 +0,0 @@
---
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
-  - pvc.yaml
--- a/kustomize-bases/nfs-media/pvc.yaml
+++ b/kustomize-bases/nfs-media/pvc.yaml
@ -1,40 +0,0 @@
-# Shared NFS media storage template — used by plex, sonarr, radarr, and qbittorrent.
-# All apps on k8s-wheatley mount the same NFS server: 10.0.69.10
-#
-# Each app overlays this base with JSON patches in its kustomization.yaml:
-#   - Always: rename PV (metadata.name) and update PVC volumeName to match
-#   - plex only: patch accessModes to ReadOnlyMany on both PV and PVC
-#   - qbittorrent only: patch nfs.path to /tank/media/downloads
---
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: nfs-media  # renamed per-app via JSON patch
-spec:
-  capacity:
-    storage: 40Ti
-  accessModes:
-    - ReadWriteMany
-  nfs:
-    server: 10.0.69.10
-    path: /tank/media
-  mountOptions:
-    - vers=4.1
-    - rsize=1048576
-    - wsize=1048576
-    - hard
-    - timeo=600
-    - noatime
-  persistentVolumeReclaimPolicy: Retain
---
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: nfs-media
-spec:
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 40Ti
-  volumeName: nfs-media  # patched per-app to match PV name
Author	SHA1	Message	Date
Renovate	01d906da39	chore(deps): update helm release renovate-operator to v4.8.0	2026-05-14 19:04:18 +00:00
pgijsbertsen	50a206c943	chore: Bump Cilium to 1.18.10	2026-05-14 16:38:55 +02:00
pgijsbertsen	bae217dc34	refactor(nfs-media): Refactor into subdirectory PVCs	2026-05-14 15:53:43 +02:00
pgijsbertsen	3ac9c8071c	feat: share downloads dir	2026-05-10 12:59:42 +02:00
pgijsbertsen	5b910059ea	feat: Set correct download dir	2026-05-09 22:05:37 +02:00
pgijsbertsen	a14da8e3b1	feat: Authenticate to soulseek	2026-05-09 21:32:38 +02:00
pgijsbertsen	b1d4b32fdb	feat: include secrets	2026-05-09 21:12:40 +02:00
pgijsbertsen	7682efd256	feat: Enable inputport	2026-05-09 21:09:18 +02:00
pgijsbertsen	cadd4fe9a5	feat: Enable webui	2026-05-09 21:05:33 +02:00
pgijsbertsen	b3565458c9	fix: Use unique name	2026-05-09 21:01:18 +02:00
pgijsbertsen	ea84f908d2	feat: Enable Gluetun API	2026-05-09 21:00:11 +02:00
pgijsbertsen	1271ce3e91	fix: Use unique httproute name	2026-05-09 20:27:44 +02:00
pgijsbertsen	d37318dbd5	feat: Add ingress	2026-05-09 20:26:40 +02:00
pgijsbertsen	e3e9e3b6e7	fix: Set correct app port	2026-05-09 20:21:01 +02:00
pgijsbertsen	85af131c88	fix: Set less strict securityContext for slskd	2026-05-09 20:16:36 +02:00
pgijsbertsen	96f08c8dfd	fix: Shorten portname	2026-05-09 20:14:02 +02:00
pgijsbertsen	a3d532de93	feat: Add slskd	2026-05-09 20:10:51 +02:00