aner/homey
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tmp

Browse Source
This commit is contained in:
Aner Zakobar
2021-09-15 15:40:57 +03:00
parent 0813677492
commit cf778e2960
8 changed files with 499 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.org
+63
View File
@@ -13,3 +13,66 @@ Install using
* Backing up
We must find a better solution
https://perfectmediaserver.com/day-two/top10apps.html
Nefarious
* LDAP Configuration
Logins are done to PHPLDAPADMIN
DN is like:
cn=admin,dc=home,dc=,dc=io
get-secret-val.sh homey openldap-admin password
First thing we do is create an organization unit called users
To add a new user, we create a child entry to ou=users
It has to be of type inetOrgPerson
cn = Common Name, sn = Sur Name.
Select RDN = User Name (uid) (FROM DROP DOWN MENU)
UID = USERNAME, that is what is important. (In PHPLdapAdmin it is under User Name)
Now we may continue!
* GITEA
Site Title: whatever
SSH Server Domain: git.<YOUR URL>
SSH Server Port: 2222
Gitea Base URL: http://git.<YOUR URL>
Then add Administrator Account Settings:
Administrator Username: gitea-admin
Password: from gitea-admin-pass
Email address must be populated
That will work after a few minutes.
Now we go into Authentication Sources
Add a new LDAP Authentication source
Authentication name: Home LDAP
Host: openldap
Port: 389
Bind DN = cn=readonly,dc=home,dc=,dc=io
Bind Password: openldap-ro password
User Search Base: ou=users,dc=home,dc=,dc=io
user search filter = (uid=%s)
Admin filter (title=admin)
Username Attribute: uid
First Name Attribute: cn
Surname Attribute: sn
Email Attribute: mail
* Jackett
Go into "indexers" and add indexer (pirate bay)
templates/gitea.yaml
+9 -79
View File
@@ -2,73 +2,10 @@
apiVersion: v1
kind: Secret
metadata:
name: gitea-postgres-pass
name: gitea-admin-pass
annotations:
secret-generator.v1.mittwald.de/autogenerate: password
---
apiVersion: v1
kind: ConfigMap
metadata:
name: gitea-postgres-config
labels:
app: gitea-postgres
data:
POSTGRES_DB: gitea
POSTGRES_USER: gitea
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitea-postgres
labels:
app: gitea-postgres
spec:
replicas: 1
selector:
matchLabels:
app: gitea-postgres
template:
metadata:
labels:
app: gitea-postgres
name: gitea-postgres
spec:
containers:
- name: gitea-postgres
image: postgres:10.4
imagePullPolicy: "IfNotPresent"
ports:
- containerPort: 5432
envFrom:
- configMapRef:
name: gitea-postgres-config
env:
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: gitea-postgres-pass
key: password
volumeMounts:
- mountPath: /var/lib/postgresql/data
subPath: backup/gitea/db
name: gitea-postgredb
volumes:
- name: gitea-postgredb
persistentVolumeClaim:
claimName: homey-pvc-nfs
---
apiVersion: v1
kind: Service
metadata:
name: gitea-postgres-service
labels:
app: gitea-postgres
spec:
ports:
- port: 5432
selector:
app: gitea-postgres
---
apiVersion: apps/v1
kind: Deployment
metadata:
@@ -87,24 +24,10 @@ spec:
- name: gitea
image: gitea/gitea
ports:
- containerPort: 22
- containerPort: 2222
name: ssh
- containerPort: 3000
name: http
env:
- name: GITEA_database_DB_TYPE
value: "postgres"
- name: GITEA_database_HOST
value: "gitea-postgres-service:5432"
- name: GITEA_database_NAME
value: "gitea"
- name: GITEA_database_USER
value: "gitea"
- name: GITEA_database_PASSWD
valueFrom:
secretKeyRef:
name: gitea-postgres-pass
key: password
volumeMounts:
- name: gitea-persistent-storage
mountPath: /data
@@ -138,6 +61,13 @@ apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: gitea-ingress
annotations:
kubernetes.io/ingress.allow-http: "false"
nginx.ingress.kubernetes.io/auth-url: http://ldap-auth.{{ .Release.Namespace }}.svc.cluster.local:80
nginx.ingress.kubernetes.io/auth-response-headers: 'X-Auth-Request-Access-Token, Authorization'
nginx.ingress.kubernetes.io/configuration-snippet: |
auth_request_set $token $upstream_http_x_auth_request_access_token;
add_header 'Authorization' $token;
spec:
rules:
- host: git.{{ .Values.homey.url }}
templates/jackett.yaml
+65
View File
@@ -0,0 +1,65 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: jackett
labels:
app: jackett
spec:
replicas: 1
selector:
matchLabels:
app: jackett
template:
metadata:
labels:
app: jackett
name: jackett
spec:
containers:
- name: jackett
image: linuxserver/jackett
imagePullPolicy: Always
volumeMounts:
- name: jackett-persistent-storage
mountPath: /config
subPath: backup/jackett/config
volumes:
- name: jackett-persistent-storage
persistentVolumeClaim:
claimName: homey-pvc-nfs
---
apiVersion: v1
kind: Service
metadata:
name: jackett
spec:
selector:
app: jackett
ports:
- port: 9117
targetPort: 9117
name: jackett-web
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: jackett-ingress
annotations:
kubernetes.io/ingress.allow-http: "false"
nginx.ingress.kubernetes.io/auth-url: http://ldap-auth.{{ .Release.Namespace }}.svc.cluster.local:80
spec:
tls:
- hosts:
- jackett.{{ .Values.homey.url }}
rules:
- host: jackett.{{ .Values.homey.url }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: jackett
port:
number: 9117
templates/nefarious.yaml
+135
View File
@@ -0,0 +1,135 @@
---
apiVersion: v1
kind: Secret
metadata:
name: nefarious-admin
annotations:
secret-generator.v1.mittwald.de/autogenerate: password
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nefarious
labels:
app: nefarious
spec:
replicas: 1
selector:
matchLabels:
app: nefarious
template:
metadata:
labels:
app: nefarious
name: nefarious
spec:
containers:
- name: nefarious
image: lardbit/nefarious
imagePullPolicy: Always
env:
- name: NEFARIOUS_USER
value: "admin"
- name: NEFARIOUS_PASS
valueFrom:
secretKeyRef:
key: password
name: nefarious-admin
- name: DATABASE_URL
value: "sqlite:////nefarious-db/db.sqlite3"
- name: REDIS_HOST
value: "redis"
- name: REDIS_PORT
value: "6379"
- name: HOST_DOWNLOAD_PATH
value: "/downloads"
- name: CONFIG_PATH
value: "/nefarious-db"
- name: INTERNAL_DOWNLOAD_PATH
value: "/downloads"
volumeMounts:
- name: nefarious-persistent-storage
mountPath: /nefarius-db
subPath: backup/nefarious/nefarious-db
- name: nefarious-persistent-storage
mountPath: /downloads
subPath: nobackup/downloads
volumes:
- name: nefarious-persistent-storage
persistentVolumeClaim:
claimName: homey-pvc-nfs
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: celery
labels:
app: celery
spec:
replicas: 1
selector:
matchLabels:
app: celery
template:
metadata:
labels:
app: celery
name: celery
spec:
containers:
- name: celery
image: lardbit/nefarious
imagePullPolicy: Always
command: ["/app/entrypoint-celery.sh"]
env:
- name: DATABASE_URL
value: "sqlite:////nefarious-db/db.sqlite3"
- name: REDIS_HOST
value: "redis"
- name: HOST_DOWNLOAD_PATH
value: "/downloads"
- name: INTERNAL_DOWNLOAD_PATH
value: "/downloads"
volumeMounts:
- name: celery-persistent-storage
mountPath: /nefarius-db
subPath: backup/nefarious/nefarious-db
- name: celery-persistent-storage
mountPath: /downloads
subPath: nobackup/downloads
volumes:
- name: celery-persistent-storage
persistentVolumeClaim:
claimName: homey-pvc-nfs
---
apiVersion: v1
kind: Service
metadata:
name: nefarious
spec:
selector:
app: nefarious
ports:
- port: 80
targetPort: 80
name: nefarious
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nefarious-ingress
spec:
tls:
- hosts:
- nefarious.{{ .Values.homey.url }}
rules:
- host: nefarious.{{ .Values.homey.url }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nefarious
port:
number: 80
templates/photoprism.yaml
+116
View File
@@ -0,0 +1,116 @@
---
apiVersion: v1
kind: Secret
metadata:
name: photoprism-admin
annotations:
secret-generator.v1.mittwald.de/autogenerate: password
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: photoprism
spec:
replicas: 1
selector:
matchLabels:
app: photoprism
template:
metadata:
labels:
app: photoprism
spec:
containers:
- name: photoprism
image: photoprism/photoprism
env:
- name: PHOTOPRISM_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: photoprism-admin
- name: PHOTOPRISM_ORIGINALS_LIMIT
value: "50000"
- name: PHOTOPRISM_HTTP_COMPRESSION
value: "gzip"
- name: PHOTOPRISM_DEBUG
value: "false"
- name: PHOTOPRISM_PUBLIC
value: "true"
- name: PHOTOPRISM_READONLY
value: "false"
- name: PHOTOPRISM_EXPERIMENTAL
value: "false"
- name: PHOTOPRISM_DISABLE_WEBDAV
value: "false"
- name: PHOTOPRISM_DISABLE_SETTINGS
value: "false"
- name: PHOTOPRISM_DISABLE_TENSORFLOW
value: "false"
- name: PHOTOPRISM_DARKTABLE_PRESETS
value: "false"
- name: PHOTOPRISM_DETECT_NSFW
value: "false"
- name: PHOTOPRISM_UPLOAD_NSFW
value: "true"
- name: PHOTOPRISM_DATABASE_DRIVER
value: "sqlite"
- name: PHOTOPRISM_SITE_URL
value: "http://gallery.{{ .Values.homey.url }}"
- name: PHOTOPRISM_SITE_TITLE
value: "PhotoPrism"
- name: PHOTOPRISM_SITE_CAPTION
value: "Browse Your Life"
- name: PHOTOPRISM_SITE_DESCRIPTION
value: ""
- name: PHOTOPRISM_SITE_AUTHOR
value: ""
volumeMounts:
- name: photoprism-persistent-storage
mountPath: /photoprism/storage
subPath: backup/photoprism/photoprism/storage
- name: photoprism-persistent-storage
mountPath: /photoprism/originals
subPath: backup/photoprism/originals
- name: photoprism-persistent-storage
mountPath: /var/lib/mysql
subPath: backup/photoprism/var/lib/mysql
volumes:
- name: photoprism-persistent-storage
persistentVolumeClaim:
claimName: homey-pvc-nfs
---
apiVersion: v1
kind: Service
metadata:
name: photoprism-svc
spec:
ports:
- name: http
protocol: TCP
port: 2342
targetPort: 2342
selector:
app: photoprism
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: photoprism-ingress
annotations:
kubernetes.io/ingress.allow-http: "false"
nginx.ingress.kubernetes.io/auth-url: http://ldap-auth.{{ .Release.Namespace }}.svc.cluster.local:80
nginx.ingress.kubernetes.io/proxy-body-size: "600m"
nginx.org/client-max-body-size: "600m"
spec:
rules:
- host: gallery.{{ .Values.homey.url }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: photoprism-svc
port:
number: 2342
templates/redis.yaml
+33
View File
@@ -0,0 +1,33 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
labels:
app: redis
spec:
replicas: 1
selector:
matchLabels:
app: redis
template:
metadata:
labels:
app: redis
name: redis
spec:
containers:
- name: redis
image: redis
---
apiVersion: v1
kind: Service
metadata:
name: redis
spec:
selector:
app: redis
ports:
- port: 6379
targetPort: 6379
name: nefarious
templates/storage.yaml
+1 -1
View File
@@ -7,7 +7,7 @@ metadata:
isbackup: "true"
spec:
capacity:
storage: {{ .Values.homey.storage.backupStorageCapacity }}
storage: {{ .Values.homey.storage.storageCapacity }}
storageClassName: standard
accessModes:
- ReadWriteMany
templates/transmission.yaml
+77
View File
@@ -0,0 +1,77 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: transmission
labels:
app: transmission
spec:
replicas: 1
selector:
matchLabels:
app: transmission
template:
metadata:
labels:
app: transmission
name: transmission
spec:
containers:
- name: transmission
image: linuxserver/transmission
imagePullPolicy: Always
volumeMounts:
- name: transmission-persistent
mountPath: /config
subPath: backup/transmission/config
- name: transmission-persistent
mountPath: /downloads/movies
subPath: nobackup/downloads/movies
- name: transmission-persistent
mountPath: /downloads/tvshows
subPath: nobackup/downloads/tvshows
- name: transmission-persistent
mountPath: /downloads/general
subPath: nobackup/downloads/general
- name: transmission-persistent
mountPath: /downloads/complete
subPath: nobackup/downloads/complete
volumes:
- name: transmission-persistent
persistentVolumeClaim:
claimName: homey-pvc-nfs
---
apiVersion: v1
kind: Service
metadata:
name: transmission-web
spec:
selector:
app: transmission
ports:
- port: 80
targetPort: 9091
name: transmission-web
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: transmission-ingress
annotations:
kubernetes.io/ingress.allow-http: "false"
nginx.ingress.kubernetes.io/auth-url: http://ldap-auth.{{ .Release.Namespace }}.svc.cluster.local:80
spec:
tls:
- hosts:
- torrent.{{ .Values.homey.url }}
rules:
- host: torrent.{{ .Values.homey.url }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: transmission-web
port:
number: 80