From cbb307b124cd0b39fb1b4679bf58985a2a215f5b Mon Sep 17 00:00:00 2001 From: Aner Zakobar Date: Tue, 10 May 2022 15:48:31 +0300 Subject: [PATCH] Fixed certs, better URLs --- templates/dns.yaml | 2 +- templates/jackett.yaml | 10 ++++++---- templates/jellyfin.yaml | 1 + templates/nefarious.yaml | 13 +++++++++---- templates/photoprism.yaml | 8 +++++--- templates/phpldapadmin.yaml | 7 +++++-- templates/transmission.yaml | 20 ++++++++++++++++---- values.yaml | 1 - 8 files changed, 43 insertions(+), 19 deletions(-) diff --git a/templates/dns.yaml b/templates/dns.yaml index 0a3f804..781c71d 100644 --- a/templates/dns.yaml +++ b/templates/dns.yaml @@ -22,7 +22,7 @@ spec: imagePullPolicy: "Always" env: - name: DNS_A - value: "*.{{ .Values.homey.url }}={{ .Values.homey.ip }}, {{ .Values.homey.url }}={{ .Values.homey.ip }}, *.{{ .Values.homey.internal_url }}={{ .Values.homey.ip }}, {{ .Values.homey.internal_url }}={{ .Values.homey.ip}}" + value: "*.{{ .Values.homey.url }}={{ .Values.homey.ip }}, {{ .Values.homey.url }}={{ .Values.homey.ip }}" - name: DNS_FORWARDER value: "8.8.8.8,8.8.4.4" - name: ALLOW_RECURSION diff --git a/templates/jackett.yaml b/templates/jackett.yaml index b28c805..435e543 100644 --- a/templates/jackett.yaml +++ b/templates/jackett.yaml @@ -46,15 +46,17 @@ kind: Ingress metadata: name: jackett-ingress annotations: - ingress.kubernetes.io/auth-type: forward - ingress.kubernetes.io/auth-url: http://ldap-auth.{{ .Release.Namespace }}.svc.cluster.local:80 + # ingress.kubernetes.io/auth-type: forward + # ingress.kubernetes.io/auth-url: http://ldap-auth.{{ .Release.Namespace }}.svc.cluster.local:80 + nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.1.0/24" spec: ingressClassName: {{ .Values.homey.ingress_class }} tls: - hosts: - - jackett.{{ .Values.homey.internal_url }} + - jackett.{{ .Values.homey.url }} + secretName: {{ .Values.homey.certname }} rules: - - host: jackett.{{ .Values.homey.internal_url }} + - host: jackett.{{ .Values.homey.url }} http: paths: - path: / diff --git a/templates/jellyfin.yaml b/templates/jellyfin.yaml index f5e198a..3f3e6fb 100644 --- a/templates/jellyfin.yaml +++ b/templates/jellyfin.yaml @@ -86,6 +86,7 @@ kind: Ingress metadata: name: jellyfin-ingress annotations: + nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.0.0/16" spec: ingressClassName: {{ .Values.homey.ingress_class }} tls: diff --git a/templates/nefarious.yaml b/templates/nefarious.yaml index cc1e4d2..c56b846 100644 --- a/templates/nefarious.yaml +++ b/templates/nefarious.yaml @@ -59,8 +59,11 @@ spec: mountPath: /nefarious-db subPath: backup/nefarious/nefarious-db - name: nefarious-persistent-storage - mountPath: /downloads - subPath: nobackup/downloads + mountPath: /downloads/complete/movies + subPath: nobackup/downloads/complete/movies + - name: nefarious-persistent-storage + mountPath: /downloads/complete/tvshows + subPath: nobackup/downloads/complete/tvshows volumes: - name: nefarious-persistent-storage persistentVolumeClaim: @@ -132,13 +135,15 @@ kind: Ingress metadata: name: nefarious-ingress annotations: + nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.0.0/8" spec: ingressClassName: {{ .Values.homey.ingress_class }} tls: - hosts: - - nefarious.{{ .Values.homey.internal_url }} + - nefarious.{{ .Values.homey.url }} + secretName: {{ .Values.homey.certname }} rules: - - host: nefarious.{{ .Values.homey.internal_url }} + - host: nefarious.{{ .Values.homey.url }} http: paths: - path: / diff --git a/templates/photoprism.yaml b/templates/photoprism.yaml index 696f72b..8c8a316 100644 --- a/templates/photoprism.yaml +++ b/templates/photoprism.yaml @@ -62,7 +62,7 @@ spec: - name: PHOTOPRISM_DATABASE_DRIVER value: "sqlite" - name: PHOTOPRISM_SITE_URL - value: "http://gallery.{{ .Values.homey.internal_url }}" + value: "http://gallery.{{ .Values.homey.url }}" - name: PHOTOPRISM_SITE_TITLE value: "PhotoPrism" - name: PHOTOPRISM_SITE_CAPTION @@ -106,13 +106,15 @@ metadata: annotations: ingress.kubernetes.io/auth-type: forward ingress.kubernetes.io/auth-url: http://ldap-auth.{{ .Release.Namespace }}.svc.cluster.local:80 + nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.0.0/16" spec: ingressClassName: {{ .Values.homey.ingress_class }} tls: - hosts: - - album.{{ .Values.homey.internal_url }} + - album.{{ .Values.homey.url }} + secretName: {{ .Values.homey.certname }} rules: - - host: album.{{ .Values.homey.internal_url }} + - host: album.{{ .Values.homey.url }} http: paths: - path: / diff --git a/templates/phpldapadmin.yaml b/templates/phpldapadmin.yaml index 93bb44a..cfd7575 100644 --- a/templates/phpldapadmin.yaml +++ b/templates/phpldapadmin.yaml @@ -43,13 +43,16 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: phpldapadmin + annotations: + nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.0.0/16" spec: ingressClassName: {{ .Values.homey.ingress_class }} tls: - hosts: - - ldapadmin.{{ .Values.homey.internal_url }} + - ldapadmin.{{ .Values.homey.url }} + secretName: {{ .Values.homey.certname }} rules: - - host: ldapadmin.{{ .Values.homey.internal_url }} + - host: ldapadmin.{{ .Values.homey.url }} http: paths: - path: / diff --git a/templates/transmission.yaml b/templates/transmission.yaml index af25bc2..efc903b 100644 --- a/templates/transmission.yaml +++ b/templates/transmission.yaml @@ -21,6 +21,10 @@ spec: image: linuxserver/transmission imagePullPolicy: Always env: + - name: PUID + value: "0" + - name: PGID + value: "0" - name: TRANSMISSION_DOWNLOAD_DIR value: "/downloads" volumeMounts: @@ -28,8 +32,14 @@ spec: mountPath: /config subPath: backup/transmission/config - name: transmission-persistent - mountPath: /downloads - subPath: nobackup/downloads + mountPath: /downloads/complete/movies + subPath: nobackup/downloads/complete/movies + - name: transmission-persistent + mountPath: /downloads/complete/tvshows + subPath: nobackup/downloads/complete/tvshows + - name: transmission-persistent + mountPath: /downloads/incomplete + subPath: nobackup/downloads/incomplete volumes: - name: transmission-persistent persistentVolumeClaim: @@ -54,13 +64,15 @@ metadata: annotations: ingress.kubernetes.io/auth-type: forward ingress.kubernetes.io/auth-url: http://ldap-auth.{{ .Release.Namespace }}.svc.cluster.local:80 + nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.0.0/16" spec: ingressClassName: {{ .Values.homey.ingress_class }} tls: - hosts: - - torrent.{{ .Values.homey.internal_url }} + - torrent.{{ .Values.homey.url }} + secretName: {{ .Values.homey.certname }} rules: - - host: torrent.{{ .Values.homey.internal_url }} + - host: torrent.{{ .Values.homey.url }} http: paths: - path: / diff --git a/values.yaml b/values.yaml index b6218e8..3fa355f 100644 --- a/values.yaml +++ b/values.yaml @@ -62,7 +62,6 @@ homey: ip: "192.168.1.2" storageCapacity: 450Gi url: zakobar.com - internal_url: zakobar.home ip: 192.168.1.2 certname: zakobarcert ingress_class: nginx