alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity

feat: add kyoo
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 40s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 45s
Details
lint-test-docker / lint-docker-compose (pull_request) Successful in 1m33s
Details
render-manifests / render-manifests (pull_request) Successful in 1m7s
Details

Browse Source
This commit is contained in:
Alex Lebens
2026-04-08 19:53:27 -05:00
parent 8c7e258f6b
commit 488d90fd35
13 changed files with 721 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
clusters/cl01tl/helm/kyoo/Chart.lock Normal file
View File

@@ -0,0 +1,9 @@
dependencies:
- name: kyoo
repository: oci://ghcr.io/zoriya/helm-charts
version: 5.0.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
digest: sha256:ecb2f86b40fa42951928b84b8e4774ff83710bc8c5b1953b4f9de1c25b6e9679
generated: "2026-04-08T19:41:34.55285-05:00"

35
clusters/cl01tl/helm/kyoo/Chart.yaml Normal file
View File

@@ -0,0 +1,35 @@
apiVersion: v2
name: kyoo
version: 1.0.0
description: Kyoo
keywords:
- kyoo
- media
home: https://docs.alexlebens.dev/applications/kyoo/
sources:
- https://github.com/zoriya/Kyoo
- https://github.com/zoriya/Kyoo/pkgs/container/kyoo_api
- https://github.com/zoriya/Kyoo/pkgs/container/kyoo_auth
- https://github.com/zoriya/Kyoo/pkgs/container/kyoo_front
- https://github.com/zoriya/Kyoo/pkgs/container/kyoo_scanner
- https://github.com/zoriya/Kyoo/pkgs/container/kyoo_transcoder
- https://github.com/zoriya/Kyoo/tree/master/chart
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
- name: kyoo
repository: oci://ghcr.io/zoriya/helm-charts
version: 5.0.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
repository: oci://harbor.alexlebens.net/helm-charts
# - name: volsync-target
# alias: volsync-target-config
# version: 0.8.0
# repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kyoo.png
# renovate: datasource=github-releases depName=zoriya/Kyoo
appVersion: v5.0.0

54
clusters/cl01tl/helm/kyoo/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,54 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: kyoo-key-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-key-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: rsa-private
remoteRef:
key: /cl01tl/kyoo/key
property: rsa-private
- secretKey: scanner-apikey
remoteRef:
key: /cl01tl/kyoo/key
property: scanner
- secretKey: tmdb-apikey
remoteRef:
key: /tmdb/alexlebens
property: api-key
- secretKey: tvdb-apikey
remoteRef:
key: /tvdb/alexlebens
property: api-key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: kyoo-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: rsa-private
remoteRef:
key: /authentik/oidc/kyoo
property: client
- secretKey: scanner-apikey
remoteRef:
key: /authentik/oidc/kyoo
property: secret

88
clusters/cl01tl/helm/kyoo/templates/http-route.yaml Normal file
View File

@@ -0,0 +1,88 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: kyoo
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- kyoo.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: front
port: 8901
weight: 100
- matches:
- path:
type: PathPrefix
value: /video
backendRefs:
- group: ''
kind: Service
name: transcoder
port: 7666
weight: 100
- matches:
- path:
type: PathPrefix
value: /auth/
backendRefs:
- group: ''
kind: Service
name: auth
port: 4568
weight: 100
- matches:
- path:
type: PathPrefix
value: /.well-known/
backendRefs:
- group: ''
kind: Service
name: auth
port: 4568
weight: 100
- matches:
- path:
type: PathPrefix
value: /api/
backendRefs:
- group: ''
kind: Service
name: api
port: 3567
weight: 100
- matches:
- path:
type: PathPrefix
value: /swagger
backendRefs:
- group: ''
kind: Service
name: api
port: 3567
weight: 100
- matches:
- path:
type: PathPrefix
value: /scanner/
backendRefs:
- group: ''
kind: Service
name: scanner
port: 4389
weight: 100

131
clusters/cl01tl/helm/kyoo/templates/persistent-volume-claim.yaml Normal file
View File

@@ -0,0 +1,131 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kyoo-media-anime-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-anime-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: kyoo-media-anime-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kyoo-media-anime-movies-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-anime-movies-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: kyoo-media-anime-movies-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kyoo-media-movies-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-movies-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: kyoo-media-movies-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kyoo-media-movies-4k-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-movies-4k-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: kyoo-media-movies-4k-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kyoo-media-standup-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-standup-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: kyoo-media-standup-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kyoo-media-tvshows-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-tvshows-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: kyoo-media-tvshows-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kyoo-media-tvshows-4k-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-tvshows-4k-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: kyoo-media-tvshows-4k-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

173
clusters/cl01tl/helm/kyoo/templates/persistent-volume.yaml Normal file
View File

@@ -0,0 +1,173 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: kyoo-media-anime-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-anime-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Anime
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: kyoo-media-anime-movies-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-anime-movies-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Anime Movies
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: kyoo-media-movies-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-movies-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Movies
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: kyoo-media-movies-4k-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-movies-4k-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Movies 4K
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: kyoo-media-standup-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-standup-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Stand Up
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: kyoo-media-tvshows-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-tvshows-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/TV Shows
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: kyoo-media-tvshows-4k-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-tvshows-4k-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/TV Shows
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

217
clusters/cl01tl/helm/kyoo/values.yaml Normal file
View File

@@ -0,0 +1,217 @@
kyoo:
global:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
postgres:
shared:
host: kyoo-postgresql-18-cluster-rw
port: 5432
existingSecret: kyoo-postgresql-18-cluster-app
userKey: user
passwordKey: password
kyoo_api:
database: kyoo_api
sslmode: disable
kyoo_auth:
database: kyoo_auth
sslmode: disable
kyoo_scanner:
database: kyoo_scanner
sslmode: disable
kyoo_transcoder:
database: kyoo_transcoder
sslmode: disable
kyoo:
address: https://kyoo.alexlebens.net
auth:
privatekey:
existingSecret: kyoo-key-secret
privatekeyKey: rsa-private
apikeys:
scanner:
existingSecret: kyoo-key-secret
apikeyKey: scanner-apikey
transcoderAcceleration: qsv
transcoderPreset: fast
oidc_providers:
- name: Authentik
existingSecret: kyoo-oidc-secret
clientIdKey: client
clientSecretKey: secret
logo: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/authentik.webp
authorizationAddress: https://authentik.alexlebens.net/application/o/authorize/
tokenAddress: https://authentik.alexlebens.net/application/o/token/
profileAddress: https://authentik.alexlebens.net/application/o/userinfo/
scope: "email openid profile"
authMethod: ClientSecretBasic
media:
volumes:
- name: kyoo-media-anime-nfs-storage
persistentVolumeClaim:
claimName: kyoo-media-anime-nfs-storage
- name: kyoo-media-anime-movies-nfs-storage
persistentVolumeClaim:
claimName: kyoo-media-anime-movies-nfs-storage
- name: kyoo-media-movies-nfs-storage
persistentVolumeClaim:
claimName: kyoo-media-movies-nfs-storage
- name: kyoo-media-movies-4k-nfs-storage
persistentVolumeClaim:
claimName: kyoo-media-movies-4k-nfs-storage
- name: kyoo-media-standup-nfs-storage
persistentVolumeClaim:
claimName: kyoo-media-standup-nfs-storage
- name: kyoo-media-tvshows-nfs-storage
persistentVolumeClaim:
claimName: kyoo-media-tvshows-nfs-storage
- name: kyoo-media-tvshows-4k-nfs-storage
persistentVolumeClaim:
claimName: kyoo-media-tvshows-4k-nfs-storage
volumeMounts:
- mountPath: /media/anime
name: kyoo-media-anime-nfs-storage
readOnly: true
- mountPath: /media/anime-movies
name: kyoo-media-anime-movies-nfs-storage
readOnly: true
- mountPath: /media/movies
name: kyoo-media-movies-nfs-storage
readOnly: true
- mountPath: /media/movies-4k
name: kyoo-media-movies-4k-nfs-storage
readOnly: true
- mountPath: /media/standup
name: kyoo-media-standup-nfs-storage
readOnly: true
- mountPath: /media/tvshows
name: kyoo-media-tvshows-nfs-storage
readOnly: true
- mountPath: /media/tvshows-4k
name: kyoo-media-tvshows-4k-nfs-storage
readOnly: true
baseMountPath: /media
contentdatabase:
tmdb:
apikeyKey: tmdb-apikey
existingSecret: kyoo-key-secret
tvdb:
apikeyKey: tvdb-apikey
pinKey: tvdb-apikey
existingSecret: kyoo-key-secret
api:
kyoo_api:
resources:
requests:
cpu: 10m
memory: 100Mi
image:
repository: ghcr.io/zoriya/kyoo_api
tag: 5.0.0@sha256:dc0210f235e23ae616b0f5952af7867dcbc52e0354c2683ec3c4190fdcd17744
persistence:
enabled: true
size: 1Gi
storageClass: ceph-block
accessModes:
- ReadWriteOnce
auth:
kyoo_auth:
resources:
requests:
cpu: 10m
memory: 100Mi
image:
repository: ghcr.io/zoriya/kyoo_auth
tag: 5.0.0
persistence:
enabled: true
size: 500Mi
storageClass: ceph-block
accessModes:
- ReadWriteOnce
front:
kyoo_front:
resources:
requests:
cpu: 10m
memory: 100Mi
image:
repository: ghcr.io/zoriya/kyoo_front
tag: 5.0.0@sha256:985f892470b304f13ef1950fb5f7e9ef33ee39b71705c627cb045773e6dfb7b4
scanner:
kyoo_scanner:
resources:
requests:
cpu: 10m
memory: 100Mi
image:
repository: ghcr.io/zoriya/kyoo_scanner
tag: 5.0.0@sha256:fa972f3f1e534264f4de153e30fe9481839754a3e724cc2663524a2b30e82b46
transcoder:
kyoo_transcoder:
resources:
limits:
gpu.intel.com/i915: 1
requests:
gpu.intel.com/i915: 1
cpu: 1
memory: 1Gi
image:
repository: ghcr.io/zoriya/kyoo_transcoder
tag: 5.0.0@sha256:59974794f8a638175408fa20f023ba9598108b54ad8ed9a22ec87a1a211dfc43
replicaCount: 1
persistence:
enabled: true
size: 1Gi
storageClass: ceph-block
accessModes:
- ReadWriteOnce
ingress:
enabled: false
traefikproxy:
enabled: false
postgres:
enabled: false
postgres-18-cluster:
mode: standalone
recovery:
method: objectStore
objectStore:
index: 1
backup:
objectStore:
- name: garage-local
index: 1
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 5 14 * * *"
backupName: garage-local
databases:
- name: kyoo_api
ensure: present
owner: app
- name: kyoo_auth
ensure: present
owner: app
- name: kyoo_scanner
ensure: present
owner: app
- name: kyoo_transcoder
ensure: present
owner: app
volsync-target-config:
pvcTarget: kyoo-config
local:
enabled: true
schedule: 26 8 * * *
remote:
enabled: true
schedule: 26 9 * * *
external:
enabled: true
schedule: 26 10 * * *