diff --git a/clusters/cl01tl/manifests/blocky/ConfigMap-blocky.yaml b/clusters/cl01tl/manifests/blocky/ConfigMap-blocky.yaml index fe3b281b1..fb3b6d0ac 100644 --- a/clusters/cl01tl/manifests/blocky/ConfigMap-blocky.yaml +++ b/clusters/cl01tl/manifests/blocky/ConfigMap-blocky.yaml @@ -151,6 +151,7 @@ data: vault IN CNAME traefik-cl01tl whodb IN CNAME traefik-cl01tl yamtrack IN CNAME traefik-cl01tl + yubal IN CNAME traefik-cl01tl yubal-playlist IN CNAME traefik-cl01tl blocking: diff --git a/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml b/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml index 7535dca2a..4ab93fca8 100644 --- a/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml +++ b/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml @@ -22,7 +22,7 @@ spec: template: metadata: annotations: - checksum/configMaps: 8b396fac7b997c2ffbdd8b821f1d2f1dd9149676beca334d686d80a02f6fa481 + checksum/configMaps: 4e7e93d0d3e718f156fdb3a34151b5dd8efe5158ea917431ba199fd3f8d1aba8 labels: app.kubernetes.io/controller: main app.kubernetes.io/instance: blocky diff --git a/clusters/cl01tl/manifests/gatus/ConfigMap-gatus.yaml b/clusters/cl01tl/manifests/gatus/ConfigMap-gatus.yaml index ef4321692..252e102e9 100644 --- a/clusters/cl01tl/manifests/gatus/ConfigMap-gatus.yaml +++ b/clusters/cl01tl/manifests/gatus/ConfigMap-gatus.yaml @@ -581,6 +581,15 @@ data: interval: 30s name: spotisub url: https://spotisub.alexlebens.net + - alerts: + - type: ntfy + conditions: + - '[STATUS] == 200' + - '[CERTIFICATE_EXPIRATION] > 240h' + group: core + interval: 30s + name: yubal + url: https://yubal.alexlebens.net - alerts: - type: ntfy conditions: diff --git a/clusters/cl01tl/manifests/gatus/Deployment-gatus.yaml b/clusters/cl01tl/manifests/gatus/Deployment-gatus.yaml index 3889af5c8..c26f84d10 100644 --- a/clusters/cl01tl/manifests/gatus/Deployment-gatus.yaml +++ b/clusters/cl01tl/manifests/gatus/Deployment-gatus.yaml @@ -26,7 +26,7 @@ spec: app.kubernetes.io/name: gatus app.kubernetes.io/instance: gatus annotations: - checksum/config: fc0d6464232dcce73118c4c06a8a4813480a4020a930d1ec2aa47d19a80e6570 + checksum/config: 5bfcb241ed2300d9653143bc63d2eccac44ed7a36cc992b6d2a361bb7cf7fa16 spec: serviceAccountName: default automountServiceAccountToken: false diff --git a/clusters/cl01tl/manifests/homepage/ConfigMap-homepage.yaml b/clusters/cl01tl/manifests/homepage/ConfigMap-homepage.yaml index 03e9a1431..3fc85fcbc 100644 --- a/clusters/cl01tl/manifests/homepage/ConfigMap-homepage.yaml +++ b/clusters/cl01tl/manifests/homepage/ConfigMap-homepage.yaml @@ -588,6 +588,12 @@ data: url: http://lidarr.lidarr:80 key: {{HOMEPAGE_VAR_LIDARR_KEY}} fields: ["wanted", "queued", "artists"] + - Yubal: + icon: sh-yubal.webp + description: Download Youtube playlist + href: https://yubal.alexlebens.net + siteMonitor: http://yubal.yubal:80 + statusStyle: dot - Yubal Playlist: icon: sh-yubal.webp description: Replicate Youtube playlist diff --git a/clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml b/clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml index 22fe34c57..3ad415ad7 100644 --- a/clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml +++ b/clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml @@ -24,7 +24,7 @@ spec: template: metadata: annotations: - checksum/configMaps: b4d37b507fc487990d152d8a04811d7403bf2e5f747f251297c5e933cceb0f49 + checksum/configMaps: 5b485b6a7d842310e91f3605f42c0ad322a67b349be9868f89b9d8968504630f checksum/secrets: d3ba83f111cd32f92c909268c55ad8bbd4f9e299b74b35b33c1a011180d8b378 labels: app.kubernetes.io/controller: main diff --git a/clusters/cl01tl/manifests/yubal/Deployment-yubal.yaml b/clusters/cl01tl/manifests/yubal/Deployment-yubal.yaml new file mode 100644 index 000000000..a032271f0 --- /dev/null +++ b/clusters/cl01tl/manifests/yubal/Deployment-yubal.yaml @@ -0,0 +1,128 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: yubal + labels: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: yubal + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: yubal + helm.sh/chart: yubal-4.6.2 + namespace: yubal +spec: + revisionHistoryLimit: 3 + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app.kubernetes.io/controller: main + app.kubernetes.io/name: yubal + app.kubernetes.io/instance: yubal + template: + metadata: + labels: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: yubal + app.kubernetes.io/name: yubal + spec: + enableServiceLinks: false + serviceAccountName: default + automountServiceAccountToken: true + hostIPC: false + hostNetwork: false + hostPID: false + dnsPolicy: ClusterFirst + containers: + - env: + - name: VPN_SERVICE_PROVIDER + value: protonvpn + - name: VPN_TYPE + value: wireguard + - name: WIREGUARD_PRIVATE_KEY + valueFrom: + secretKeyRef: + key: private-key + name: yubal-wireguard-conf + - name: UPDATER_PROTONVPN_EMAIL + valueFrom: + secretKeyRef: + key: proton-email + name: yubal-wireguard-conf + - name: UPDATER_PROTONVPN_PASSWORD + valueFrom: + secretKeyRef: + key: proton-password + name: yubal-wireguard-conf + - name: FIREWALL_OUTBOUND_SUBNETS + value: 10.0.0.0/8 + - name: FIREWALL_INPUT_PORTS + value: "8080" + - name: DNS_UPSTREAM_RESOLVER_TYPE + value: dot + image: ghcr.io/qdm12/gluetun:v3.41.0@sha256:6b54856716d0de56e5bb00a77029b0adea57284cf5a466f23aad5979257d3045 + imagePullPolicy: IfNotPresent + lifecycle: + postStart: + exec: + command: + - /bin/sh + - -c + - (ip rule del table 51820; ip -6 rule del table 51820) || true + livenessProbe: + exec: + command: + - /gluetun-entrypoint + - healthcheck + failureThreshold: 5 + initialDelaySeconds: 30 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + name: gluetun + resources: + limits: + devic.es/tun: "1" + requests: + cpu: 10m + devic.es/tun: "1" + memory: 128Mi + securityContext: + capabilities: + add: + - NET_ADMIN + - SYS_MODULE + privileged: true + - env: + - name: YUBAL_TZ + value: America/Chicago + - name: YUBAL_HOST + value: 0.0.0.0 + - name: YUBAL_PORT + value: "8080" + - name: YUBAL_LOG_LEVEL + value: DEBUG + image: ghcr.io/guillevc/yubal:0.4.0 + imagePullPolicy: IfNotPresent + name: main + resources: + requests: + cpu: 10m + memory: 128Mi + volumeMounts: + - mountPath: /app/config + name: config + - mountPath: /app/data + name: music + - mountPath: /app/ytdlp + name: ytdlp + volumes: + - name: config + persistentVolumeClaim: + claimName: yubal-config + - name: music + persistentVolumeClaim: + claimName: yubal-nfs-storage + - name: ytdlp + persistentVolumeClaim: + claimName: yubal-ytdlp diff --git a/clusters/cl01tl/manifests/yubal/ExternalSecret-yubal-wireguard-conf.yaml b/clusters/cl01tl/manifests/yubal/ExternalSecret-yubal-wireguard-conf.yaml new file mode 100644 index 000000000..f4fc3d1bd --- /dev/null +++ b/clusters/cl01tl/manifests/yubal/ExternalSecret-yubal-wireguard-conf.yaml @@ -0,0 +1,35 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: yubal-wireguard-conf + namespace: yubal + labels: + app.kubernetes.io/name: yubal-wireguard-conf + app.kubernetes.io/instance: yubal + app.kubernetes.io/part-of: yubal +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: private-key + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /protonvpn/conf/cl01tl + metadataPolicy: None + property: private-key + - secretKey: proton-email + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /protonvpn/conf/cl01tl + metadataPolicy: None + property: email + - secretKey: proton-password + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /protonvpn/conf/cl01tl + metadataPolicy: None + property: password diff --git a/clusters/cl01tl/manifests/yubal/HTTPRoute-yubal.yaml b/clusters/cl01tl/manifests/yubal/HTTPRoute-yubal.yaml new file mode 100644 index 000000000..2e29e337a --- /dev/null +++ b/clusters/cl01tl/manifests/yubal/HTTPRoute-yubal.yaml @@ -0,0 +1,30 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: yubal + labels: + app.kubernetes.io/instance: yubal + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: yubal + helm.sh/chart: yubal-4.6.2 + namespace: yubal +spec: + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik + hostnames: + - "yubal.alexlebens.net" + rules: + - backendRefs: + - group: "" + kind: Service + name: yubal + namespace: yubal + port: 80 + weight: 100 + matches: + - path: + type: PathPrefix + value: / diff --git a/clusters/cl01tl/manifests/yubal/Namespace-yubal.yaml b/clusters/cl01tl/manifests/yubal/Namespace-yubal.yaml new file mode 100644 index 000000000..fc638f502 --- /dev/null +++ b/clusters/cl01tl/manifests/yubal/Namespace-yubal.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: yubal + labels: + app.kubernetes.io/name: yubal + app.kubernetes.io/instance: yubal + app.kubernetes.io/part-of: yubal + pod-security.kubernetes.io/audit: privileged + pod-security.kubernetes.io/enforce: privileged + pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/manifests/yubal/PersistentVolume-yubal-nfs-storage.yaml b/clusters/cl01tl/manifests/yubal/PersistentVolume-yubal-nfs-storage.yaml new file mode 100644 index 000000000..d4f49e351 --- /dev/null +++ b/clusters/cl01tl/manifests/yubal/PersistentVolume-yubal-nfs-storage.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: yubal-nfs-storage + namespace: yubal + labels: + app.kubernetes.io/name: yubal-nfs-storage + app.kubernetes.io/instance: yubal + app.kubernetes.io/part-of: yubal +spec: + persistentVolumeReclaimPolicy: Retain + storageClassName: nfs-client + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + nfs: + path: /volume2/Storage/Music Youtube/ + server: synologybond.alexlebens.net + mountOptions: + - vers=4 + - minorversion=1 + - noac diff --git a/clusters/cl01tl/manifests/yubal/PersistentVolumeClaim-yubal-config.yaml b/clusters/cl01tl/manifests/yubal/PersistentVolumeClaim-yubal-config.yaml new file mode 100644 index 000000000..51c8c9c08 --- /dev/null +++ b/clusters/cl01tl/manifests/yubal/PersistentVolumeClaim-yubal-config.yaml @@ -0,0 +1,19 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: yubal-config + labels: + app.kubernetes.io/instance: yubal + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: yubal + helm.sh/chart: yubal-4.6.2 + annotations: + helm.sh/resource-policy: keep + namespace: yubal +spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "1Gi" + storageClassName: "ceph-block" diff --git a/clusters/cl01tl/manifests/yubal/PersistentVolumeClaim-yubal-nfs-storage.yaml b/clusters/cl01tl/manifests/yubal/PersistentVolumeClaim-yubal-nfs-storage.yaml new file mode 100644 index 000000000..79ff13145 --- /dev/null +++ b/clusters/cl01tl/manifests/yubal/PersistentVolumeClaim-yubal-nfs-storage.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: yubal-nfs-storage + namespace: yubal + labels: + app.kubernetes.io/name: yubal-nfs-storage + app.kubernetes.io/instance: yubal + app.kubernetes.io/part-of: yubal +spec: + volumeName: yubal-nfs-storage + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/clusters/cl01tl/manifests/yubal/PersistentVolumeClaim-yubal-ytdlp.yaml b/clusters/cl01tl/manifests/yubal/PersistentVolumeClaim-yubal-ytdlp.yaml new file mode 100644 index 000000000..3aa3f7d30 --- /dev/null +++ b/clusters/cl01tl/manifests/yubal/PersistentVolumeClaim-yubal-ytdlp.yaml @@ -0,0 +1,19 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: yubal-ytdlp + labels: + app.kubernetes.io/instance: yubal + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: yubal + helm.sh/chart: yubal-4.6.2 + annotations: + helm.sh/resource-policy: keep + namespace: yubal +spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "1Gi" + storageClassName: "ceph-block" diff --git a/clusters/cl01tl/manifests/yubal/Service-yubal.yaml b/clusters/cl01tl/manifests/yubal/Service-yubal.yaml new file mode 100644 index 000000000..eb433763e --- /dev/null +++ b/clusters/cl01tl/manifests/yubal/Service-yubal.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + name: yubal + labels: + app.kubernetes.io/instance: yubal + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: yubal + app.kubernetes.io/service: yubal + helm.sh/chart: yubal-4.6.2 + namespace: yubal +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 8000 + protocol: TCP + name: http + selector: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: yubal + app.kubernetes.io/name: yubal