Everything changes lots works!

Chart.yaml

@@ -9,6 +9,3 @@ dependencies:
 - name: kubernetes-secret-generator
   repository: "https://helm.mittwald.de"
   version: ">= 1.0.0"
-- name: ingress-nginx
-  repository: "https://kubernetes.github.io/ingress-nginx"
-  version: ">= 1.12.0"

README.org

@@ -72,7 +72,6 @@ First Name Attribute: cn
 Surname Attribute: sn
 Email Attribute: mail
 
-
 * Jackett
 
-Go into "indexers" and add indexer (pirate bay)
+Go into "indexers" and add indexer

templates/dns.yaml

@@ -15,6 +15,7 @@ spec:
       labels:
         app: bind
     spec:
+      priorityClassName: system-node-critical
       containers:
         - name: bind
           image: cytopia/bind
@@ -22,22 +23,22 @@ spec:
           env:
             - name: WILDCARD_DNS
               value: "{{ .Values.homey.url }}={{ .Values.homey.ip }}"
+            - name: DNS_FORWARDER
+              value: "8.8.8.8,8.8.4.4"
+            - name: ALLOW_RECURSION
+              value: "any"
 ---
 apiVersion: v1
 kind: Service
 metadata:
-  name: bind-dns
+  name: bind-dns-udp
 spec:
+  type: NodePort
   selector:
     app: bind
   ports:
-  - port: 53
-    targetPort: 53
-    protocol: TCP
-    name: dns-tcp
   - port: 53
     targetPort: 53
     protocol: UDP
     name: dns-udp
-  externalIPs:
-  - {{ .Values.homey.ip }}
+    nodePort: 32053

templates/gitea.yaml

@@ -24,7 +24,7 @@ spec:
       - name: gitea
         image: gitea/gitea
         ports:
-        - containerPort: 2222
+        - containerPort: 22
           name: ssh
         - containerPort: 3000
           name: http
@@ -41,6 +41,21 @@ apiVersion: v1
 kind: Service
 metadata:
   name: gitea-svc
+spec:
+  selector:
+    app: gitea
+  ports:
+  - name: ssh
+    protocol: TCP
+    port: 3000
+    targetPort: http
+  selector:
+    app: gitea
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitea-svc-ssh
 spec:
   type: NodePort
   selector:
@@ -48,12 +63,9 @@ spec:
   ports:
   - name: ssh
     protocol: TCP
-    port: 2222
+    port: 22
     targetPort: ssh
-  - name: http
-    protocol: TCP
-    port: 3000
-    targetPort: 3000
+    nodePort: 32222
   selector:
     app: gitea
 ---
@@ -63,11 +75,8 @@ metadata:
   name: gitea-ingress
   annotations:
       kubernetes.io/ingress.allow-http: "false"
-      nginx.ingress.kubernetes.io/auth-url: http://ldap-auth.{{ .Release.Namespace }}.svc.cluster.local:80
-      nginx.ingress.kubernetes.io/auth-response-headers: 'X-Auth-Request-Access-Token, Authorization'
-      nginx.ingress.kubernetes.io/configuration-snippet: |
-            auth_request_set $token $upstream_http_x_auth_request_access_token;
-            add_header 'Authorization' $token;
+      ingress.kubernetes.io/auth-type: forward
+      ingress.kubernetes.io/auth-url: http://ldap-auth.{{ .Release.Namespace }}.svc.cluster.local:80
 spec:
   rules:
   - host: git.{{ .Values.homey.url }}

templates/jackett.yaml

@@ -47,7 +47,8 @@ metadata:
   name: jackett-ingress
   annotations:
     kubernetes.io/ingress.allow-http: "false"
-    nginx.ingress.kubernetes.io/auth-url: http://ldap-auth.{{ .Release.Namespace }}.svc.cluster.local:80
+    ingress.kubernetes.io/auth-type: forward
+    ingress.kubernetes.io/auth-url: http://ldap-auth.{{ .Release.Namespace }}.svc.cluster.local:80
 spec:
   tls:
     - hosts:

templates/jellyfin.yaml

@@ -0,0 +1,86 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: jellyfin
+  labels:
+    app: jellyfin
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: jellyfin
+  template:
+    metadata:
+      labels:
+        app: jellyfin
+        name: jellyfin
+    spec:
+      containers:
+      - name: jellyfin
+        image: docker.io/jellyfin/jellyfin
+        imagePullPolicy: Always
+        volumeMounts:
+        - name: jellyfin-volume
+          mountPath: "/config"
+          subPath: backup/jellyfin/config
+        - name: jellyfin-volume
+          mountPath: "/data/movies"
+          subPath: nobackup/downloads/complete/movies
+        - name: jellyfin-volume
+          mountPath: "/data/tvshows"
+          subPath: nobackup/downloads/complete/tvshows
+      volumes:
+      - name: jellyfin-volume
+        persistentVolumeClaim:
+          claimName: homey-pvc-nfs
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: jellyfin-web
+spec:
+  selector:
+    app: jellyfin
+  ports:
+  - port: 80
+    targetPort: 8096
+    name: jellyfin-web
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: jellyfin-external-ports
+spec:
+  type: NodePort
+  selector:
+    app: jellyfin
+  ports:
+  - port: 7359
+    targetPort: 7359
+    protocol: UDP
+    name: jellyfin-discovery-local
+    nodePort: 30059
+  - port: 1900
+    targetPort: 1900
+    protocol: UDP
+    name: jellyfin-discovery-dnla
+    nodePort: 31900
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: jellyfin-ingress
+  annotations:
+spec:
+  rules:
+   - host: jellyfin.{{ .Values.homey.url }}
+     http:
+       paths:
+       - path: /
+         pathType: Prefix
+         backend:
+           service:
+             name: jellyfin-web
+             port:
+               number: 80

templates/nefarious.yaml

@@ -49,7 +49,7 @@ spec:
           value: "/downloads"
         volumeMounts:
         - name: nefarious-persistent-storage
-          mountPath: /nefarius-db
+          mountPath: /nefarious-db
           subPath: backup/nefarious/nefarious-db
         - name: nefarious-persistent-storage
           mountPath: /downloads
@@ -86,13 +86,19 @@ spec:
           value: "sqlite:////nefarious-db/db.sqlite3"
         - name: REDIS_HOST
           value: "redis"
+        - name: REDIS_URL
+          value: "redis://redis:6379/"
+        - name: REDIS_PORT
+          value: "6379"
+        - name: REDIS_DB
+          value: "0"
         - name: HOST_DOWNLOAD_PATH
           value: "/downloads"
         - name: INTERNAL_DOWNLOAD_PATH
           value: "/downloads"
         volumeMounts:
         - name: celery-persistent-storage
-          mountPath: /nefarius-db
+          mountPath: /nefarious-db
           subPath: backup/nefarious/nefarious-db
         - name: celery-persistent-storage
           mountPath: /downloads
@@ -118,10 +124,8 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: nefarious-ingress
+  annotations:
 spec:
-  tls:
-    - hosts:
-      - nefarious.{{ .Values.homey.url }}
   rules:
    - host: nefarious.{{ .Values.homey.url }}
      http:

templates/nextcloud.yaml

@@ -0,0 +1,142 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: nextcloud-postgres-pass
+  annotations:
+    secret-generator.v1.mittwald.de/autogenerate: password
+---
+# apiVersion: extensions/v1beta1
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nextcloud-postgres-config
+  labels:
+    app: nextcloud-postgres
+data:
+  POSTGRES_DB: nextcloud_db
+  POSTGRES_USER: postgres
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nextcloud-postgres
+  labels:
+    app: nextcloud-postgres
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nextcloud-postgres
+  template:
+    metadata:
+      labels:
+        app: nextcloud-postgres
+        name: nextcloud-postgres
+    spec:
+      containers:
+      - name: nextcloud-postgres
+        image: postgres:10.4
+        imagePullPolicy: "IfNotPresent"
+        ports:
+        - containerPort: 5432
+        envFrom:
+        - configMapRef:
+            name: nextcloud-postgres-config
+        env:
+        - name: POSTGRES_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: nextcloud-postgres-pass
+              key: password
+        volumeMounts:
+        - mountPath: /var/lib/postgresql/data
+          subPath: backup/nextcloud/db
+          name: nextcloud-postgredb
+      volumes:
+      - name: nextcloud-postgredb
+        persistentVolumeClaim:
+          claimName: homey-pvc-nfs
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: nextcloud-postgres
+  labels:
+    app: nextcloud-postgres
+spec:
+  ports:
+   - port: 5432
+  selector:
+    app: nextcloud-postgres
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nextcloud
+  labels:
+    app: nextcloud
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nextcloud
+  template:
+    metadata:
+      labels:
+        app: nextcloud
+        name: nextcloud
+    spec:
+      containers:
+      - name: nextcloud
+        image: nextcloud
+        imagePullPolicy: Always
+        volumeMounts:
+        - name: nextcloud-volume
+          mountPath: "/var/www/html"
+          subPath: backup/nextcloud/html
+        envFrom:
+        - configMapRef:
+            name: nextcloud-postgres-config
+        env:
+        - name: POSTGRES_HOST
+          value: "nextcloud-postgres"
+        - name: POSTGRES_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: nextcloud-postgres-pass
+              key: password
+      volumes:
+      - name: nextcloud-volume
+        persistentVolumeClaim:
+          claimName: homey-pvc-nfs
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: nextcloud
+spec:
+  selector:
+    app: nextcloud
+  ports:
+  - port: 80
+    targetPort: 80
+    name: nextcloud
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nextcloud-ingress
+  annotations:
+spec:
+  rules:
+   - host: nextcloud.{{ .Values.homey.url }}
+     http:
+       paths:
+       - path: /
+         pathType: Prefix
+         backend:
+           service:
+             name: nextcloud
+             port:
+               number: 80

templates/photoprism.yaml

@@ -99,12 +99,16 @@ metadata:
   name: photoprism-ingress
   annotations:
       kubernetes.io/ingress.allow-http: "false"
-      nginx.ingress.kubernetes.io/auth-url: http://ldap-auth.{{ .Release.Namespace }}.svc.cluster.local:80
-      nginx.ingress.kubernetes.io/proxy-body-size: "600m"
-      nginx.org/client-max-body-size: "600m"
+      kubernete.io/ingress.classs: traefik
+      ingress.kubernetes.io/auth-type: forward
+      ingress.kubernetes.io/auth-url: http://ldap-auth.{{ .Release.Namespace }}.svc.cluster.local:80
+      traefik.ingress.kubernetes.io/frontend-entry-points: http
+      traefik.ingress.kubernetes.io/buffering: |
+        maxrequestbodybytes: 31457280
+        memrequestbodybytes: 62914560
 spec:
   rules:
-  - host: gallery.{{ .Values.homey.url }}
+  - host: album.{{ .Values.homey.url }}
     http:
       paths:
       - path: /

templates/phpldapadmin.yaml

@@ -39,18 +39,21 @@ spec:
   selector:
     app: phpldapadmin
 ---
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: phpldapadmin
+  annotations:
+      kubernetes.io/ingress.allow-http: "false"
 spec:
-  tls:
-    - hosts:
-      - phpldapadmin.{{ .Values.homey.url }}
   rules:
-  - host: phpldapadmin.{{ .Values.homey.url }}
+  - host: ldapadmin.{{ .Values.homey.url }}
     http:
       paths:
-      - backend:
-          serviceName: phpldapadmin
-          servicePort: 80
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: phpldapadmin
+            port:
+              number: 80

templates/transmission.yaml

@@ -20,22 +20,16 @@ spec:
       - name: transmission
         image: linuxserver/transmission
         imagePullPolicy: Always
+        env:
+        - name: TRANSMISSION_DOWNLOAD_DIR
+          value: "/downloads"
         volumeMounts:
         - name: transmission-persistent
           mountPath: /config
           subPath: backup/transmission/config
         - name: transmission-persistent
-          mountPath: /downloads/movies
-          subPath: nobackup/downloads/movies
-        - name: transmission-persistent
-          mountPath: /downloads/tvshows
-          subPath: nobackup/downloads/tvshows
-        - name: transmission-persistent
-          mountPath: /downloads/general
-          subPath: nobackup/downloads/general
-        - name: transmission-persistent
-          mountPath: /downloads/complete
-          subPath: nobackup/downloads/complete
+          mountPath: /downloads
+          subPath: nobackup/downloads
       volumes:
       - name: transmission-persistent
         persistentVolumeClaim:
@@ -59,11 +53,9 @@ metadata:
   name: transmission-ingress
   annotations:
     kubernetes.io/ingress.allow-http: "false"
-    nginx.ingress.kubernetes.io/auth-url: http://ldap-auth.{{ .Release.Namespace }}.svc.cluster.local:80
+    ingress.kubernetes.io/auth-type: forward
+    ingress.kubernetes.io/auth-url: http://ldap-auth.{{ .Release.Namespace }}.svc.cluster.local:80
 spec:
-  tls:
-    - hosts:
-      - torrent.{{ .Values.homey.url }}
   rules:
    - host: torrent.{{ .Values.homey.url }}
      http:

values.yaml

@@ -82,8 +82,8 @@ affinity: {}
 homey:
     organization: "Zakobar Home Server"
     storage:
-        ip: "192.168.0.101"
-        storageCapacity: 500Gi
+        ip: "192.168.0.10"
+        storageCapacity: 450Gi
     url: home.zakobar.io
-    ip: 192.168.0.101
+    ip: 192.168.0.10