diff --git a/clusters/cl01tl/applications/slskd/Chart.yaml b/clusters/cl01tl/applications/slskd/Chart.yaml new file mode 100644 index 000000000..3c55fa832 --- /dev/null +++ b/clusters/cl01tl/applications/slskd/Chart.yaml @@ -0,0 +1,25 @@ +apiVersion: v2 +name: slskd +version: 1.0.0 +description: slskd +keywords: + - slskd + - soularr + - lidarr + - music +home: https://wiki.alexlebens.dev/doc/slskd-v4Hfaqh48C +sources: + - https://github.com/slskd/slskd + - https://github.com/mrusse/soularr + - https://hub.docker.com/r/slskd/slskd + - https://hub.docker.com/r/mrusse08/soularr + - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template +maintainers: + - name: alexlebens +dependencies: + - name: app-template + alias: slskd + repository: https://bjw-s.github.io/helm-charts/ + version: 3.6.1 +icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/slskd.png +appVersion: 0.22.1 diff --git a/clusters/cl01tl/applications/slskd/templates/external-secret.yaml b/clusters/cl01tl/applications/slskd/templates/external-secret.yaml new file mode 100644 index 000000000..8fd6ea32e --- /dev/null +++ b/clusters/cl01tl/applications/slskd/templates/external-secret.yaml @@ -0,0 +1,73 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: slskd-config-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: slskd-config-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: slskd.yml + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/slskd/config + metadataPolicy: None + property: slskd.yml + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: soularr-config-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: soularr-config-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: config.ini + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/slskd/soularr + metadataPolicy: None + property: config.ini + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: slskd-wireguard-conf + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: slskd-wireguard-conf + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: private-key + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /protonvpn/conf/cl01tl + metadataPolicy: None + property: private-key diff --git a/clusters/cl01tl/applications/slskd/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/slskd/templates/persistent-volume-claim.yaml new file mode 100644 index 000000000..b8f35601b --- /dev/null +++ b/clusters/cl01tl/applications/slskd/templates/persistent-volume-claim.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: slskd-nfs-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: slskd-nfs-storage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + volumeName: slskd-nfs-storage + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/clusters/cl01tl/applications/slskd/templates/persistent-volume.yaml b/clusters/cl01tl/applications/slskd/templates/persistent-volume.yaml new file mode 100644 index 000000000..98f4ce748 --- /dev/null +++ b/clusters/cl01tl/applications/slskd/templates/persistent-volume.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: slskd-nfs-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: slskd-nfs-storage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + persistentVolumeReclaimPolicy: Retain + storageClassName: nfs-client + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + nfs: + path: /volume2/Storage + server: synologybond.alexlebens.net + mountOptions: + - vers=4 + - minorversion=1 + - noac diff --git a/clusters/cl01tl/applications/slskd/templates/service-monitor.yaml b/clusters/cl01tl/applications/slskd/templates/service-monitor.yaml new file mode 100644 index 000000000..bed1fd152 --- /dev/null +++ b/clusters/cl01tl/applications/slskd/templates/service-monitor.yaml @@ -0,0 +1,21 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: slskd + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: slskd + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: slskd + app.kubernetes.io/instance: {{ .Release.Name }} + endpoints: + - port: http + interval: 3m + scrapeTimeout: 1m + path: /metrics diff --git a/clusters/cl01tl/applications/slskd/values.yaml b/clusters/cl01tl/applications/slskd/values.yaml new file mode 100644 index 000000000..afde8cd07 --- /dev/null +++ b/clusters/cl01tl/applications/slskd/values.yaml @@ -0,0 +1,170 @@ +slskd: + controllers: + main: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + initContainers: + init-sysctl: + image: + repository: busybox + tag: 1.37.0 + pullPolicy: IfNotPresent + securityContext: + privileged: True + resources: + requests: + cpu: 100m + memory: 128Mi + command: + - /bin/sh + args: + - -ec + - | + sysctl -w net.ipv4.ip_forward=1; + sysctl -w net.ipv6.conf.all.disable_ipv6=1 + containers: + main: + image: + repository: slskd/slskd + tag: 0.22.2 + pullPolicy: IfNotPresent + env: + - name: TZ + value: US/Central + - name: PUID + value: 1000 + - name: PGID + value: 1000 + - name: SLSKD_UMASK + value: 000 + resources: + requests: + cpu: 100m + memory: 512Mi + gluetun: + image: + repository: ghcr.io/qdm12/gluetun + tag: v3.40.0@sha256:2b42bfa046757145a5155acece417b65b4443c8033fb88661a8e9dcf7fda5a00 + pullPolicy: IfNotPresent + env: + - name: VPN_SERVICE_PROVIDER + value: protonvpn + - name: VPN_TYPE + value: wireguard + - name: WIREGUARD_PRIVATE_KEY + valueFrom: + secretKeyRef: + name: slskd-wireguard-conf + key: private-key + - name: VPN_PORT_FORWARDING + value: "on" + - name: PORT_FORWARD_ONLY + value: "on" + - name: FIREWALL_OUTBOUND_SUBNETS + value: 192.168.1.0/24,10.244.0.0/16 + - name: FIREWALL_INPUT_PORTS + value: 5030,50300 + - name: DOT + value: "off" + securityContext: + privileged: True + capabilities: + add: + - NET_ADMIN + - SYS_MODULE + resources: + requests: + squat.ai/tun: "1" + cpu: 10m + memory: 128Mi + limits: + squat.ai/tun: "1" + soularr: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + pod: + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + containers: + main: + image: + repository: mrusse08/soularr + tag: latest@sha256:11187ea58ea7b3686f4a2d328e721a5a8ca4d5815c43d90e9d67f5c61ca275c8 + pullPolicy: IfNotPresent + env: + - name: TZ + value: US/Central + - name: PUID + value: 1000 + - name: PGID + value: 1000 + - name: SCRIPT_INTERVAL + value: 300 + resources: + requests: + cpu: 100m + memory: 256Mi + serviceAccount: + create: true + service: + main: + controller: main + ports: + http: + port: 5030 + targetPort: 5030 + protocol: HTTP + ingress: + tailscale: + enabled: true + className: tailscale + hosts: + - host: slskd-cl01tl + paths: + - path: / + pathType: Prefix + service: + name: slskd + port: 5030 + tls: + - hosts: + - slskd-cl01tl + persistence: + slskd-config: + enabled: true + type: secret + name: slskd-config-secret + advancedMounts: + main: + main: + - path: /app/slskd.yml + readOnly: true + mountPropagation: None + subPath: slskd.yml + soularr-config: + enabled: true + type: secret + name: soularr-config-secret + advancedMounts: + soularr: + main: + - path: /data/config.ini + readOnly: true + mountPropagation: None + subPath: config.ini + data: + existingClaim: slskd-nfs-storage + advancedMounts: + main: + main: + - path: /mnt/store + readOnly: false + soularr: + main: + - path: /mnt/store + readOnly: false