diff --git a/README.org b/README.org index 0acde4b..09ec8b8 100644 --- a/README.org +++ b/README.org @@ -13,3 +13,66 @@ Install using * Backing up We must find a better solution + +https://perfectmediaserver.com/day-two/top10apps.html + +Nefarious + +* LDAP Configuration + +Logins are done to PHPLDAPADMIN + +DN is like: + +cn=admin,dc=home,dc=,dc=io +get-secret-val.sh homey openldap-admin password + +First thing we do is create an organization unit called users + +To add a new user, we create a child entry to ou=users + +It has to be of type inetOrgPerson + +cn = Common Name, sn = Sur Name. +Select RDN = User Name (uid) (FROM DROP DOWN MENU) +UID = USERNAME, that is what is important. (In PHPLdapAdmin it is under User Name) + +Now we may continue! + +* GITEA + +Site Title: whatever + +SSH Server Domain: git. +SSH Server Port: 2222 +Gitea Base URL: http://git. + +Then add Administrator Account Settings: + +Administrator Username: gitea-admin +Password: from gitea-admin-pass +Email address must be populated + +That will work after a few minutes. + +Now we go into Authentication Sources + +Add a new LDAP Authentication source + +Authentication name: Home LDAP +Host: openldap +Port: 389 +Bind DN = cn=readonly,dc=home,dc=,dc=io +Bind Password: openldap-ro password +User Search Base: ou=users,dc=home,dc=,dc=io +user search filter = (uid=%s) +Admin filter (title=admin) +Username Attribute: uid +First Name Attribute: cn +Surname Attribute: sn +Email Attribute: mail + + +* Jackett + +Go into "indexers" and add indexer (pirate bay) diff --git a/templates/gitea.yaml b/templates/gitea.yaml index 0587619..c200b51 100644 --- a/templates/gitea.yaml +++ b/templates/gitea.yaml @@ -2,73 +2,10 @@ apiVersion: v1 kind: Secret metadata: - name: gitea-postgres-pass + name: gitea-admin-pass annotations: secret-generator.v1.mittwald.de/autogenerate: password --- -apiVersion: v1 -kind: ConfigMap -metadata: - name: gitea-postgres-config - labels: - app: gitea-postgres -data: - POSTGRES_DB: gitea - POSTGRES_USER: gitea ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: gitea-postgres - labels: - app: gitea-postgres -spec: - replicas: 1 - selector: - matchLabels: - app: gitea-postgres - template: - metadata: - labels: - app: gitea-postgres - name: gitea-postgres - spec: - containers: - - name: gitea-postgres - image: postgres:10.4 - imagePullPolicy: "IfNotPresent" - ports: - - containerPort: 5432 - envFrom: - - configMapRef: - name: gitea-postgres-config - env: - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: gitea-postgres-pass - key: password - volumeMounts: - - mountPath: /var/lib/postgresql/data - subPath: backup/gitea/db - name: gitea-postgredb - volumes: - - name: gitea-postgredb - persistentVolumeClaim: - claimName: homey-pvc-nfs ---- -apiVersion: v1 -kind: Service -metadata: - name: gitea-postgres-service - labels: - app: gitea-postgres -spec: - ports: - - port: 5432 - selector: - app: gitea-postgres ---- apiVersion: apps/v1 kind: Deployment metadata: @@ -87,24 +24,10 @@ spec: - name: gitea image: gitea/gitea ports: - - containerPort: 22 + - containerPort: 2222 name: ssh - containerPort: 3000 name: http - env: - - name: GITEA_database_DB_TYPE - value: "postgres" - - name: GITEA_database_HOST - value: "gitea-postgres-service:5432" - - name: GITEA_database_NAME - value: "gitea" - - name: GITEA_database_USER - value: "gitea" - - name: GITEA_database_PASSWD - valueFrom: - secretKeyRef: - name: gitea-postgres-pass - key: password volumeMounts: - name: gitea-persistent-storage mountPath: /data @@ -138,6 +61,13 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: gitea-ingress + annotations: + kubernetes.io/ingress.allow-http: "false" + nginx.ingress.kubernetes.io/auth-url: http://ldap-auth.{{ .Release.Namespace }}.svc.cluster.local:80 + nginx.ingress.kubernetes.io/auth-response-headers: 'X-Auth-Request-Access-Token, Authorization' + nginx.ingress.kubernetes.io/configuration-snippet: | + auth_request_set $token $upstream_http_x_auth_request_access_token; + add_header 'Authorization' $token; spec: rules: - host: git.{{ .Values.homey.url }} diff --git a/templates/jackett.yaml b/templates/jackett.yaml new file mode 100644 index 0000000..cb0f0ae --- /dev/null +++ b/templates/jackett.yaml @@ -0,0 +1,65 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: jackett + labels: + app: jackett +spec: + replicas: 1 + selector: + matchLabels: + app: jackett + template: + metadata: + labels: + app: jackett + name: jackett + spec: + containers: + - name: jackett + image: linuxserver/jackett + imagePullPolicy: Always + volumeMounts: + - name: jackett-persistent-storage + mountPath: /config + subPath: backup/jackett/config + volumes: + - name: jackett-persistent-storage + persistentVolumeClaim: + claimName: homey-pvc-nfs +--- +apiVersion: v1 +kind: Service +metadata: + name: jackett +spec: + selector: + app: jackett + ports: + - port: 9117 + targetPort: 9117 + name: jackett-web +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: jackett-ingress + annotations: + kubernetes.io/ingress.allow-http: "false" + nginx.ingress.kubernetes.io/auth-url: http://ldap-auth.{{ .Release.Namespace }}.svc.cluster.local:80 +spec: + tls: + - hosts: + - jackett.{{ .Values.homey.url }} + rules: + - host: jackett.{{ .Values.homey.url }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: jackett + port: + number: 9117 diff --git a/templates/nefarious.yaml b/templates/nefarious.yaml new file mode 100644 index 0000000..6865fe9 --- /dev/null +++ b/templates/nefarious.yaml @@ -0,0 +1,135 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: nefarious-admin + annotations: + secret-generator.v1.mittwald.de/autogenerate: password +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nefarious + labels: + app: nefarious +spec: + replicas: 1 + selector: + matchLabels: + app: nefarious + template: + metadata: + labels: + app: nefarious + name: nefarious + spec: + containers: + - name: nefarious + image: lardbit/nefarious + imagePullPolicy: Always + env: + - name: NEFARIOUS_USER + value: "admin" + - name: NEFARIOUS_PASS + valueFrom: + secretKeyRef: + key: password + name: nefarious-admin + - name: DATABASE_URL + value: "sqlite:////nefarious-db/db.sqlite3" + - name: REDIS_HOST + value: "redis" + - name: REDIS_PORT + value: "6379" + - name: HOST_DOWNLOAD_PATH + value: "/downloads" + - name: CONFIG_PATH + value: "/nefarious-db" + - name: INTERNAL_DOWNLOAD_PATH + value: "/downloads" + volumeMounts: + - name: nefarious-persistent-storage + mountPath: /nefarius-db + subPath: backup/nefarious/nefarious-db + - name: nefarious-persistent-storage + mountPath: /downloads + subPath: nobackup/downloads + volumes: + - name: nefarious-persistent-storage + persistentVolumeClaim: + claimName: homey-pvc-nfs +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: celery + labels: + app: celery +spec: + replicas: 1 + selector: + matchLabels: + app: celery + template: + metadata: + labels: + app: celery + name: celery + spec: + containers: + - name: celery + image: lardbit/nefarious + imagePullPolicy: Always + command: ["/app/entrypoint-celery.sh"] + env: + - name: DATABASE_URL + value: "sqlite:////nefarious-db/db.sqlite3" + - name: REDIS_HOST + value: "redis" + - name: HOST_DOWNLOAD_PATH + value: "/downloads" + - name: INTERNAL_DOWNLOAD_PATH + value: "/downloads" + volumeMounts: + - name: celery-persistent-storage + mountPath: /nefarius-db + subPath: backup/nefarious/nefarious-db + - name: celery-persistent-storage + mountPath: /downloads + subPath: nobackup/downloads + volumes: + - name: celery-persistent-storage + persistentVolumeClaim: + claimName: homey-pvc-nfs +--- +apiVersion: v1 +kind: Service +metadata: + name: nefarious +spec: + selector: + app: nefarious + ports: + - port: 80 + targetPort: 80 + name: nefarious +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nefarious-ingress +spec: + tls: + - hosts: + - nefarious.{{ .Values.homey.url }} + rules: + - host: nefarious.{{ .Values.homey.url }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: nefarious + port: + number: 80 diff --git a/templates/photoprism.yaml b/templates/photoprism.yaml new file mode 100644 index 0000000..6d845bb --- /dev/null +++ b/templates/photoprism.yaml @@ -0,0 +1,116 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: photoprism-admin + annotations: + secret-generator.v1.mittwald.de/autogenerate: password +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: photoprism +spec: + replicas: 1 + selector: + matchLabels: + app: photoprism + template: + metadata: + labels: + app: photoprism + spec: + containers: + - name: photoprism + image: photoprism/photoprism + env: + - name: PHOTOPRISM_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: photoprism-admin + - name: PHOTOPRISM_ORIGINALS_LIMIT + value: "50000" + - name: PHOTOPRISM_HTTP_COMPRESSION + value: "gzip" + - name: PHOTOPRISM_DEBUG + value: "false" + - name: PHOTOPRISM_PUBLIC + value: "true" + - name: PHOTOPRISM_READONLY + value: "false" + - name: PHOTOPRISM_EXPERIMENTAL + value: "false" + - name: PHOTOPRISM_DISABLE_WEBDAV + value: "false" + - name: PHOTOPRISM_DISABLE_SETTINGS + value: "false" + - name: PHOTOPRISM_DISABLE_TENSORFLOW + value: "false" + - name: PHOTOPRISM_DARKTABLE_PRESETS + value: "false" + - name: PHOTOPRISM_DETECT_NSFW + value: "false" + - name: PHOTOPRISM_UPLOAD_NSFW + value: "true" + - name: PHOTOPRISM_DATABASE_DRIVER + value: "sqlite" + - name: PHOTOPRISM_SITE_URL + value: "http://gallery.{{ .Values.homey.url }}" + - name: PHOTOPRISM_SITE_TITLE + value: "PhotoPrism" + - name: PHOTOPRISM_SITE_CAPTION + value: "Browse Your Life" + - name: PHOTOPRISM_SITE_DESCRIPTION + value: "" + - name: PHOTOPRISM_SITE_AUTHOR + value: "" + volumeMounts: + - name: photoprism-persistent-storage + mountPath: /photoprism/storage + subPath: backup/photoprism/photoprism/storage + - name: photoprism-persistent-storage + mountPath: /photoprism/originals + subPath: backup/photoprism/originals + - name: photoprism-persistent-storage + mountPath: /var/lib/mysql + subPath: backup/photoprism/var/lib/mysql + volumes: + - name: photoprism-persistent-storage + persistentVolumeClaim: + claimName: homey-pvc-nfs +--- +apiVersion: v1 +kind: Service +metadata: + name: photoprism-svc +spec: + ports: + - name: http + protocol: TCP + port: 2342 + targetPort: 2342 + selector: + app: photoprism +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: photoprism-ingress + annotations: + kubernetes.io/ingress.allow-http: "false" + nginx.ingress.kubernetes.io/auth-url: http://ldap-auth.{{ .Release.Namespace }}.svc.cluster.local:80 + nginx.ingress.kubernetes.io/proxy-body-size: "600m" + nginx.org/client-max-body-size: "600m" +spec: + rules: + - host: gallery.{{ .Values.homey.url }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: photoprism-svc + port: + number: 2342 diff --git a/templates/redis.yaml b/templates/redis.yaml new file mode 100644 index 0000000..24daea7 --- /dev/null +++ b/templates/redis.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: redis + labels: + app: redis +spec: + replicas: 1 + selector: + matchLabels: + app: redis + template: + metadata: + labels: + app: redis + name: redis + spec: + containers: + - name: redis + image: redis +--- +apiVersion: v1 +kind: Service +metadata: + name: redis +spec: + selector: + app: redis + ports: + - port: 6379 + targetPort: 6379 + name: nefarious diff --git a/templates/storage.yaml b/templates/storage.yaml index 4260994..a8b4200 100644 --- a/templates/storage.yaml +++ b/templates/storage.yaml @@ -7,7 +7,7 @@ metadata: isbackup: "true" spec: capacity: - storage: {{ .Values.homey.storage.backupStorageCapacity }} + storage: {{ .Values.homey.storage.storageCapacity }} storageClassName: standard accessModes: - ReadWriteMany diff --git a/templates/transmission.yaml b/templates/transmission.yaml new file mode 100644 index 0000000..1e990a3 --- /dev/null +++ b/templates/transmission.yaml @@ -0,0 +1,77 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: transmission + labels: + app: transmission +spec: + replicas: 1 + selector: + matchLabels: + app: transmission + template: + metadata: + labels: + app: transmission + name: transmission + spec: + containers: + - name: transmission + image: linuxserver/transmission + imagePullPolicy: Always + volumeMounts: + - name: transmission-persistent + mountPath: /config + subPath: backup/transmission/config + - name: transmission-persistent + mountPath: /downloads/movies + subPath: nobackup/downloads/movies + - name: transmission-persistent + mountPath: /downloads/tvshows + subPath: nobackup/downloads/tvshows + - name: transmission-persistent + mountPath: /downloads/general + subPath: nobackup/downloads/general + - name: transmission-persistent + mountPath: /downloads/complete + subPath: nobackup/downloads/complete + volumes: + - name: transmission-persistent + persistentVolumeClaim: + claimName: homey-pvc-nfs +--- +apiVersion: v1 +kind: Service +metadata: + name: transmission-web +spec: + selector: + app: transmission + ports: + - port: 80 + targetPort: 9091 + name: transmission-web +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: transmission-ingress + annotations: + kubernetes.io/ingress.allow-http: "false" + nginx.ingress.kubernetes.io/auth-url: http://ldap-auth.{{ .Release.Namespace }}.svc.cluster.local:80 +spec: + tls: + - hosts: + - torrent.{{ .Values.homey.url }} + rules: + - host: torrent.{{ .Values.homey.url }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: transmission-web + port: + number: 80