add koel

clusters/cl01tl/applications/homepage/values.yaml

@@ -260,6 +260,12 @@ homepage:
                   href: https://navidrome.alexlebens.net
                   siteMonitor: http://navidrome.navidrome:80
                   statusStyle: dot
+              - Music:
+                  icon: koel.png
+                  description: Koel
+                  href: https://koel.alexlebens.net
+                  siteMonitor: http://koel.koel:80
+                  statusStyle: dot
               - Podcasts and Audiobooks:
                   icon: audiobookshelf.png
                   description: Audiobookshelf

clusters/cl01tl/applications/koel/Chart.yaml

@@ -0,0 +1,29 @@
+apiVersion: v2
+name: koel
+version: 1.0.0
+description: Koel
+keywords:
+  - koel
+  - music
+  - subsonic
+home: https://wiki.alexlebens.dev/doc/koel-fmj6sX2KfJ
+sources:
+  - https://github.com/koel/koel
+  - https://hub.docker.com/r/phanan/koel/
+  - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: app-template
+    alias: koel
+    repository: https://bjw-s.github.io/helm-charts/
+    version: 3.2.1
+  - name: meilisearch
+    version: 0.8.0
+    repository: https://meilisearch.github.io/meilisearch-kubernetes    
+  - name: postgres-cluster
+    alias: postgres-16-cluster
+    version: 3.8.4
+    repository: http://alexlebens.github.io/helm-charts
+icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/koel.png
+appVersion: 7.0.9

clusters/cl01tl/applications/koel/templates/external-secret.yaml

@@ -0,0 +1,94 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: koel-config-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: koel-config-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: backup
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: app-key
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/koel/config
+        metadataPolicy: None
+        property: app-key
+    - secretKey: spotify-client-id
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/koel/config
+        metadataPolicy: None
+        property: spotify-client-id
+    - secretKey: spotify-client-secret
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/koel/config
+        metadataPolicy: None
+        property: spotify-client-secret
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: koel-meilisearch-master-key-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: koel-meilisearch-master-key-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: meilisearch
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: MEILI_MASTER_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/koel/meilisearch
+        metadataPolicy: None
+        property: MEILI_MASTER_KEY
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: koel-postgresql-16-cluster-backup-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: koel-postgresql-16-cluster-backup-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: database
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /aws/keys/cl01tl-koel-postgresql
+        metadataPolicy: None
+        property: access_key
+    - secretKey: ACCESS_SECRET_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /aws/keys/cl01tl-koel-postgresql
+        metadataPolicy: None
+        property: secret_key

clusters/cl01tl/applications/koel/templates/ingress-route.yaml

@@ -0,0 +1,33 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: koel
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: koel
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`koel.alexlebens.net`)
+      middlewares:
+        - name: authentik-koel
+          namespace: {{ .Release.Namespace }}
+      priority: 10
+      services:
+        - kind: Service
+          name: koel
+          port: 80
+    - kind: Rule
+      match: Host(`koel.alexlebens.net`) && PathPrefix(`/outpost.goauthentik.io/`)"
+      priority: 15
+      services:
+        - kind: Service
+          name: authentik-outpost-proxy
+          port: 9000
+          namespace: authentik

clusters/cl01tl/applications/koel/templates/middleware.yaml

@@ -0,0 +1,27 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: authentik-koel
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: authentik-koel
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: auth
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  forwardAuth:
+    address: http://authentik-outpost-proxy.authentik:9000/outpost.goauthentik.io/auth/traefik
+    trustForwardHeader: true
+    authResponseHeaders:
+      - X-authentik-username
+      - X-authentik-groups
+      - X-authentik-email
+      - X-authentik-name
+      - X-authentik-uid
+      - X-authentik-jwt
+      - X-authentik-meta-jwks
+      - X-authentik-meta-outpost
+      - X-authentik-meta-provider
+      - X-authentik-meta-app
+      - X-authentik-meta-version

clusters/cl01tl/applications/koel/templates/persistent-volume-claim.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: koel-nfs-storage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: koel-nfs-storage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: storage
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  volumeName: koel-nfs-storage
+  storageClassName: nfs-client
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi

clusters/cl01tl/applications/koel/templates/persistent-volume.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: koel-nfs-storage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: koel-nfs-storage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: storage
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: nfs-client
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    path: /volume2/Storage/Music
+    server: synologybond.alexlebens.net
+  mountOptions:
+    - vers=4
+    - minorversion=1
+    - noac

clusters/cl01tl/applications/koel/values.yaml

@@ -0,0 +1,164 @@
+koel:
+  controllers:
+    main:
+      type: deployment
+      replicas: 1
+      strategy: Recreate
+      revisionHistoryLimit: 3
+      containers:
+        main:
+          image:
+            repository: phanan/koel
+            tag: 7.0.9
+            pullPolicy: IfNotPresent
+          env:
+            - name: APP_NAME
+              value: Koel
+            - name: APP_ENV
+              value: production
+            - name: APP_DEBUG
+              value: false
+            - name: APP_URL
+              value: https://koel.alexlebens.dev
+            - name: APP_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: koel-config-secret
+                  key: app-key
+            - name: STREAMING_METHOD
+              value: x-accel-redirect
+            - name: OUTPUT_BIT_RATE
+              value: 320
+            - name: MEDIA_PATH
+              value: /music
+            - name: MEILISEARCH_HOST
+              value: http://koel-meilisearch.koel:7700
+            - name: MEILISEARCH_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: koel-meilisearch-master-key-secret
+                  key: MEILI_MASTER_KEY
+            - name: SPOTIFY_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: koel-config-secret
+                  key: spotify-client-id
+            - name: SPOTIFY_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: koel-config-secret
+                  key: spotify-client-secret
+            - name: PROXY_AUTH_ENABLED
+              value: true
+            - name: PROXY_AUTH_USER_HEADER
+              value: X-authentik-email
+            - name: PROXY_AUTH_PREFERRED_NAME_HEADER
+              value: X-authentik-username
+            - name: PROXY_AUTH_ALLOW_LIST
+              value: 10.244.0.0/16,10.96.0.0/12
+            - name: DB_CONNECTION
+              value: pgsql
+            - name: DB_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: koel-postgresql-16-cluster-app
+                  key: host
+            - name: DB_PORT
+              valueFrom:
+                secretKeyRef:
+                  name: koel-postgresql-16-cluster-app
+                  key: port
+            - name: DB_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: koel-postgresql-16-cluster-app
+                  key: username
+            - name: DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: koel-postgresql-16-cluster-app
+                  key: password
+            - name: DB_DATABASE
+              valueFrom:
+                secretKeyRef:
+                  name: koel-postgresql-16-cluster-app
+                  key: dbname
+          resources:
+            requests:
+              cpu: 100m
+              memory: 256Mi
+  serviceAccount:
+    create: true
+  service:
+    main:
+      controller: main
+      ports:
+        http:
+          port: 80
+          targetPort: 80
+          protocol: HTTP
+  persistence:
+    covers:
+      storageClass: ceph-block
+      accessMode: ReadWriteOnce
+      size: 5Gi
+      retain: true
+      advancedMounts:
+        main:
+          main:
+            - path: /var/www/html/public/img/covers
+              readOnly: false
+    search:
+      storageClass: ceph-block
+      accessMode: ReadWriteOnce
+      size: 5Gi
+      retain: true
+      advancedMounts:
+        main:
+          main:
+            - path: /var/www/html/storage/search-indexes
+              readOnly: false
+    music:
+      existingClaim: koel-nfs-storage
+      advancedMounts:
+        main:
+          main:
+            - path: /music
+              readOnly: true
+meilisearch:
+  environment:
+    MEILI_NO_ANALYTICS: true
+    MEILI_ENV: production
+  auth:
+    existingMasterKeySecret: koel-meilisearch-master-key-secret
+  service:
+    type: ClusterIP
+    port: 7700
+  persistence:
+    enabled: true
+    storageClass: ceph-block
+    size: 10Gi
+  resources:
+    requests:
+      cpu: 100m
+      memory: 128Mi
+  serviceMonitor:
+    enabled: true
+postgres-16-cluster:
+  mode: standalone
+  cluster:
+    walStorage:
+      storageClass: local-path
+    storage:
+      storageClass: local-path
+    monitoring:
+      enabled: true
+      prometheusRule:
+        enabled: false
+  backup:
+    enabled: true
+    endpointURL: https://s3.us-east-2.amazonaws.com
+    destinationPath: s3://cl01tl-postgresql-backups/koel
+    endpointCredentials: koel-postgresql-16-cluster-backup-secret
+    backupIndex: 1
+    retentionPolicy: 14d