add servarr

clusters/cl01tl/applications/lazy-librarian/Chart.yaml

@@ -0,0 +1,18 @@
+apiVersion: v2
+name: lazy-librarian
+version: 1.0.0
+description: A Helm chart for deploying LazyLibrarian
+keywords:
+  - lazylibrarian
+  - ebooks
+sources:
+  - https://gitlab.com/LazyLibrarian/LazyLibrarian.git
+  - https://lazylibrarian.gitlab.io
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: app-template
+    repository: https://bjw-s.github.io/helm-charts/
+    version: 3.1.0
+icon: https://lazylibrarian.gitlab.io/logo.svg
+appVersion: version-b3a081ec

clusters/cl01tl/applications/lazy-librarian/templates/persistent-volume-claim.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: lazy-librarian-nfs-storage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: lazy-librarian-nfs-storage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: storage
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  volumeName: lazy-librarian-nfs-storage
+  storageClassName: nfs-client
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi

clusters/cl01tl/applications/lazy-librarian/templates/persistent-volume.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: lazy-librarian-nfs-storage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: lazy-librarian-nfs-storage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: storage
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: nfs-client
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    path: /volume2/Storage
+    server: synologybond.alexlebens.net
+  mountOptions:
+    - vers=4
+    - minorversion=1
+    - noac

clusters/cl01tl/applications/lazy-librarian/values.yaml

@@ -0,0 +1,67 @@
+app-template:
+  controllers:
+    main:
+      type: deployment
+      replicas: 1
+      strategy: Recreate
+      revisionHistoryLimit: 3
+      containers:
+        main:
+          image:
+            repository: lscr.io/linuxserver/lazylibrarian
+            tag: version-b3a081ec
+            pullPolicy: IfNotPresent
+          env:
+            PUID: 1001
+            PGID: 1001
+            TZ: US/Central
+            DOCKER_MODS: linuxserver/mods:lazylibrarian-ffmpeg|linuxserver/mods:universal-calibre
+          resources:
+            limits:
+              cpu: 500m
+              memory: 512Mi
+            requests:
+              cpu: 10m
+              memory: 256Mi
+  serviceAccount:
+    create: true
+  service:
+    main:
+      controller: main
+      ports:
+        http:
+          port: 5299
+          protocol: HTTP
+  ingress:
+    main:
+      annotations:
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        traefik.ingress.kubernetes.io/router.tls: "true"
+        cert-manager.io/cluster-issuer: letsencrypt-issuer
+      className: traefik
+      hosts:
+        - host: lazylibrarian.alexlebens.net
+          paths:
+            - path: /
+              pathType: Prefix
+              service:
+                name: lazy-librarian
+                port: 5299
+      tls:
+        - secretName: lazy-librarian-secret-tls
+          hosts:
+            - lazylibrarian.alexlebens.net
+  persistence:
+    config:
+      enabled: true
+      storageClass: ceph-block
+      accessMode: ReadWriteOnce
+      size: 10Gi
+      retain: true
+      globalMounts:
+        - path: /config
+    storage:
+      enabled: true
+      existingClaim: lazy-librarian-nfs-storage
+      globalMounts:
+        - path: /mnt/store

clusters/cl01tl/applications/lidarr2/Chart.yaml

@@ -0,0 +1,16 @@
+apiVersion: v2
+name: lidarr
+version: 1.0.0
+sources:
+  - https://github.com/Lidarr/Lidarr
+  - https://github.com/k8s-home-lab/helm-charts/tree/master/charts/stable/lidarr
+  - https://github.com/alexlebens/helm-charts/charts/postgres-cluster
+dependencies:
+  - name: lidarr
+    version: 15.1.1
+    repository: https://k8s-home-lab.github.io/helm-charts/
+  - name: postgres-cluster
+    alias: postgres-16-cluster
+    version: 3.1.0
+    repository: http://alexlebens.github.io/helm-charts
+appVersion: "2.2.5.4141"

clusters/cl01tl/applications/lidarr2/templates/external-secret.yaml

@@ -0,0 +1,30 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: lidarr2-postgresql-16-cluster-backup-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: lidarr2-postgresql-16-cluster-backup-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: database
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /aws/keys/cl01tl-lidarr-postgresql
+        metadataPolicy: None
+        property: access_key
+    - secretKey: ACCESS_SECRET_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /aws/keys/cl01tl-lidarr-postgresql
+        metadataPolicy: None
+        property: secret_key

clusters/cl01tl/applications/lidarr2/templates/persistent-volume-claim.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: "{{ .Release.Name }}-nfs-storage"
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: storage
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  volumeName: "{{ .Release.Name }}-nfs-storage"
+  storageClassName: nfs-client
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi

clusters/cl01tl/applications/lidarr2/templates/persistent-volume.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: "{{ .Release.Name }}-nfs-storage"
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: storage
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: nfs-client
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    path: {{ .Values.persistence.media.nfsPath }}
+    server: {{ .Values.persistence.media.nfsServer }}
+  mountOptions:
+    - vers=4
+    - minorversion=1
+    - noac

clusters/cl01tl/applications/lidarr2/values.yaml

@@ -0,0 +1,108 @@
+lidarr:
+  image:
+    repository: ghcr.io/onedr0p/lidarr
+    tag: "2.3.3.4204"
+  env:
+    TZ: US/Central
+    LIDARR__POSTGRES_MAIN_DB: lidarr-main
+    LIDARR__POSTGRES_LOG_DB: lidarr-log
+    LIDARR__POSTGRES_HOST:
+      valueFrom:
+        secretKeyRef:
+          name: lidarr2-postgresql-16-cluster-app
+          key: host
+    LIDARR__POSTGRES_PORT:
+      valueFrom:
+        secretKeyRef:
+          name: lidarr2-postgresql-16-cluster-app
+          key: port
+    LIDARR__POSTGRES_USER:
+      valueFrom:
+        secretKeyRef:
+          name: lidarr2-postgresql-16-cluster-app
+          key: user
+    LIDARR__POSTGRES_PASSWORD:
+      valueFrom:
+        secretKeyRef:
+          name: lidarr2-postgresql-16-cluster-app
+          key: password
+  ingress:
+    main:
+      enabled: true
+      ingressClassName: traefik
+      annotations:
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        traefik.ingress.kubernetes.io/router.tls: "true"
+        cert-manager.io/cluster-issuer: letsencrypt-issuer
+      hosts:
+        - host: lidarr.alexlebens.net
+          paths:
+            - path: /
+              pathType: Prefix
+      tls:
+        - secretName: lidarr2-secret-tls
+          hosts:
+            - lidarr.alexlebens.net
+  persistence:
+    config:
+      enabled: true
+      mountPath: /config
+      accessMode: ReadWriteOnce
+      size: 5Gi
+    media:
+      enabled: true
+      mountPath: /mnt/store
+      type: pvc
+      existingClaim: lidarr2-nfs-storage
+  podSecurityContext:
+    runAsUser: 1000
+    runAsGroup: 1000
+    fsGroup: 2000
+    fsGroupChangePolicy: "OnRootMismatch"
+    supplementalGroups:
+      - 44
+      - 100
+      - 109
+      - 65539
+  metrics:
+    enabled: true
+    prometheusRule:
+      enabled: true
+      rules:
+        - alert: LidarrDown
+          annotations:
+            description: Lidarr service is down.
+            summary: Lidarr is down.
+          expr: |
+            lidarr_system_status == 0
+          for: 5m
+          labels:
+            severity: critical
+    exporter:
+      image:
+        repository: ghcr.io/onedr0p/exportarr
+        tag: v2.0.1
+persistence:
+  media:
+    nfsPath: /volume2/Storage
+    nfsServer: synologybond.alexlebens.net
+postgres-16-cluster:
+  mode: standalone
+  cluster:
+    walStorage:
+      storageClass: local-path
+    storage:
+      storageClass: local-path
+    monitoring:
+      enabled: true
+    initdb:
+      postInitApplicationSQL:
+        - CREATE DATABASE "lidarr-main" OWNER "app";
+        - CREATE DATABASE "lidarr-log" OWNER "app";
+  backup:
+    enabled: true
+    endpointURL: https://s3.us-east-2.amazonaws.com
+    destinationPath: s3://cl01tl-postgresql-backups/lidarr2
+    endpointCredentials: lidarr2-postgresql-16-cluster-backup-secret
+    backupIndex: 1
+    retentionPolicy: 14d

clusters/cl01tl/applications/prowlarr/Chart.yaml

@@ -0,0 +1,11 @@
+apiVersion: v2
+name: prowlarr 
+version: 0.0.1
+sources:
+  - https://github.com/Prowlarr/Prowlarr
+  - https://github.com/k8s-home-lab/helm-charts/tree/master/charts/stable/prowlarr
+dependencies:
+  - name: prowlarr 
+    version: 5.1.2
+    repository: https://k8s-home-lab.github.io/helm-charts/
+appVersion: "1.13.3.4273"

clusters/cl01tl/applications/prowlarr/values.yaml

@@ -0,0 +1,38 @@
+prowlarr:
+  image:
+    repository: ghcr.io/onedr0p/prowlarr
+    tag: "1.17.2.4511"
+  env:
+    TZ: US/Central
+  ingress:
+    main:
+      enabled: true
+      ingressClassName: traefik
+      annotations:
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        traefik.ingress.kubernetes.io/router.tls: "true"
+        cert-manager.io/cluster-issuer: letsencrypt-issuer
+      hosts:
+        - host: prowlarr.alexlebens.net
+          paths:
+            - path: /
+              pathType: Prefix
+      tls:
+        - secretName: prowlarr-secret-tls
+          hosts:
+            - prowlarr.alexlebens.net
+  persistence:
+    config:
+      enabled: true
+      storageClass: ceph-block
+      size: 1Gi
+  podSecurityContext:
+    runAsUser: 1000
+    runAsGroup: 1000
+    fsGroup: 2000
+    fsGroupChangePolicy: "OnRootMismatch"
+    supplementalGroups:
+      - 44
+      - 100
+      - 109
+      - 65539

clusters/cl01tl/applications/radarr5-4k/Chart.yaml

@@ -0,0 +1,16 @@
+apiVersion: v2
+name: radarr5-4k
+version: 1.0.0
+sources:
+  - https://github.com/Radarr/Radarr
+  - https://github.com/k8s-home-lab/helm-charts/tree/master/charts/stable/radarr
+  - https://github.com/alexlebens/helm-charts/charts/postgres-cluster
+dependencies:
+  - name: radarr
+    version: 17.1.2
+    repository: https://k8s-home-lab.github.io/helm-charts/
+  - name: postgres-cluster
+    alias: postgres-16-cluster
+    version: 3.1.0
+    repository: http://alexlebens.github.io/helm-charts
+appVersion: "5.4.6.8723"

clusters/cl01tl/applications/radarr5-4k/templates/external-secret.yaml

@@ -0,0 +1,30 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: radarr5-4k-postgresql-16-cluster-backup-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: radarr5-4k-postgresql-16-cluster-backup-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: database
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /aws/keys/cl01tl-radarr-postgresql
+        metadataPolicy: None
+        property: access_key
+    - secretKey: ACCESS_SECRET_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /aws/keys/cl01tl-radarr-postgresql
+        metadataPolicy: None
+        property: secret_key

clusters/cl01tl/applications/radarr5-4k/templates/persistent-volume-claim.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: "{{ .Release.Name }}-nfs-storage"
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: storage
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  volumeName: "{{ .Release.Name }}-nfs-storage"
+  storageClassName: nfs-client
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi

clusters/cl01tl/applications/radarr5-4k/templates/persistent-volume.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: "{{ .Release.Name }}-nfs-storage"
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: storage
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: nfs-client
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    path: {{ .Values.persistence.media.nfsPath }}
+    server: {{ .Values.persistence.media.nfsServer }}
+  mountOptions:
+    - vers=4
+    - minorversion=1
+    - noac

clusters/cl01tl/applications/radarr5-4k/values.yaml

@@ -0,0 +1,110 @@
+radarr:
+  image:
+    repository: ghcr.io/onedr0p/radarr
+    tag: "5.6.0.8846"
+  env:
+    TZ: US/Central
+    RADARR__POSTGRES_MAIN_DB: radarr-main
+    RADARR__POSTGRES_LOG_DB: radarr-log
+    RADARR__POSTGRES_HOST:
+      valueFrom:
+        secretKeyRef:
+          name: radarr5-4k-postgresql-16-cluster-app
+          key: host
+    RADARR__POSTGRES_PORT:
+      valueFrom:
+        secretKeyRef:
+          name: radarr5-4k-postgresql-16-cluster-app
+          key: port
+    RADARR__POSTGRES_USER:
+      valueFrom:
+        secretKeyRef:
+          name: radarr5-4k-postgresql-16-cluster-app
+          key: user
+    RADARR__POSTGRES_PASSWORD:
+      valueFrom:
+        secretKeyRef:
+          name: radarr5-4k-postgresql-16-cluster-app
+          key: password
+  ingress:
+    main:
+      enabled: true
+      ingressClassName: traefik
+      annotations:
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        traefik.ingress.kubernetes.io/router.tls: "true"
+        cert-manager.io/cluster-issuer: letsencrypt-issuer
+      hosts:
+        - host: radarr-4k.alexlebens.net
+          paths:
+            - path: /
+              pathType: Prefix
+      tls:
+        - secretName: radarr5-4k-secret-tls
+          hosts:
+            - radarr-4k.alexlebens.net
+  persistence:
+    config:
+      enabled: true
+      mountPath: /config
+      accessMode: ReadWriteOnce
+      size: 20Gi
+    media:
+      enabled: true
+      mountPath: /mnt/store
+      type: pvc
+      existingClaim: radarr5-4k-nfs-storage
+  podSecurityContext:
+    runAsUser: 1000
+    runAsGroup: 1000
+    fsGroup: 2000
+    fsGroupChangePolicy: "OnRootMismatch"
+    supplementalGroups:
+      - 44
+      - 100
+      - 109
+      - 65539
+  metrics:
+    enabled: true
+    prometheusRule:
+      enabled: true
+      rules:
+        - alert: RadarrDown
+          annotations:
+            description: Radarr 4k service is down.
+            summary: Radarr 4k is down.
+          expr: |
+            radarr_system_status == 0
+          for: 5m
+          labels:
+            severity: critical
+    exporter:
+      image:
+        repository: ghcr.io/onedr0p/exportarr
+        tag: v2.0.1
+persistence:
+  media:
+    nfsPath: /volume2/Storage
+    nfsServer: synologybond.alexlebens.net
+postgres-16-cluster:
+  mode: standalone
+  cluster:
+    walStorage:
+      storageClass: local-path
+    storage:
+      storageClass: local-path
+    monitoring:
+      enabled: true
+    initdb:
+      database: app
+      owner: app
+      postInitApplicationSQL:
+        - CREATE DATABASE "radarr-main" OWNER "app";
+        - CREATE DATABASE "radarr-log" OWNER "app";
+  backup:
+    enabled: true
+    endpointURL: https://s3.us-east-2.amazonaws.com
+    destinationPath: s3://cl01tl-postgresql-backups/radarr5-4k
+    endpointCredentials: radarr5-4k-postgresql-16-cluster-backup-secret
+    backupIndex: 1
+    retentionPolicy: 14d

clusters/cl01tl/applications/radarr5/Chart.yaml

@@ -0,0 +1,16 @@
+apiVersion: v2
+name: radarr5
+version: 1.0.0
+sources:
+  - https://github.com/Radarr/Radarr
+  - https://github.com/k8s-home-lab/helm-charts/tree/master/charts/stable/radarr
+  - https://github.com/alexlebens/helm-charts/charts/postgres-cluster
+dependencies:
+  - name: radarr
+    version: 17.1.2
+    repository: https://k8s-home-lab.github.io/helm-charts/
+  - name: postgres-cluster
+    alias: postgres-16-cluster
+    version: 3.1.0
+    repository: http://alexlebens.github.io/helm-charts
+appVersion: "5.4.6.8723"

clusters/cl01tl/applications/radarr5/templates/external-secret.yaml

@@ -0,0 +1,30 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: radarr5-postgresql-16-cluster-backup-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: radarr5-postgresql-16-cluster-backup-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: database
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /aws/keys/cl01tl-radarr-postgresql
+        metadataPolicy: None
+        property: access_key
+    - secretKey: ACCESS_SECRET_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /aws/keys/cl01tl-radarr-postgresql
+        metadataPolicy: None
+        property: secret_key

clusters/cl01tl/applications/radarr5/templates/persistent-volume-claim.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: "{{ .Release.Name }}-nfs-storage"
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: storage
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  volumeName: "{{ .Release.Name }}-nfs-storage"
+  storageClassName: nfs-client
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi

clusters/cl01tl/applications/radarr5/templates/persistent-volume.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: "{{ .Release.Name }}-nfs-storage"
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: storage
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: nfs-client
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    path: {{ .Values.persistence.media.nfsPath }}
+    server: {{ .Values.persistence.media.nfsServer }}
+  mountOptions:
+    - vers=4
+    - minorversion=1
+    - noac

clusters/cl01tl/applications/radarr5/values.yaml

@@ -0,0 +1,110 @@
+radarr:
+  image:
+    repository: ghcr.io/onedr0p/radarr
+    tag: "5.6.0.8846"
+  env:
+    TZ: US/Central
+    RADARR__POSTGRES_MAIN_DB: radarr-main
+    RADARR__POSTGRES_LOG_DB: radarr-log
+    RADARR__POSTGRES_HOST:
+      valueFrom:
+        secretKeyRef:
+          name: radarr5-postgresql-16-cluster-app
+          key: host
+    RADARR__POSTGRES_PORT:
+      valueFrom:
+        secretKeyRef:
+          name: radarr5-postgresql-16-cluster-app
+          key: port
+    RADARR__POSTGRES_USER:
+      valueFrom:
+        secretKeyRef:
+          name: radarr5-postgresql-16-cluster-app
+          key: user
+    RADARR__POSTGRES_PASSWORD:
+      valueFrom:
+        secretKeyRef:
+          name: radarr5-postgresql-16-cluster-app
+          key: password
+  ingress:
+    main:
+      enabled: true
+      ingressClassName: traefik
+      annotations:
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        traefik.ingress.kubernetes.io/router.tls: "true"
+        cert-manager.io/cluster-issuer: letsencrypt-issuer
+      hosts:
+        - host: radarr.alexlebens.net
+          paths:
+            - path: /
+              pathType: Prefix
+      tls:
+        - secretName: radarr5-secret-tls
+          hosts:
+            - radarr.alexlebens.net
+  persistence:
+    config:
+      enabled: true
+      mountPath: /config
+      accessMode: ReadWriteOnce
+      size: 20Gi
+    media:
+      enabled: true
+      mountPath: /mnt/store
+      type: pvc
+      existingClaim: radarr5-nfs-storage
+  podSecurityContext:
+    runAsUser: 1000
+    runAsGroup: 1000
+    fsGroup: 2000
+    fsGroupChangePolicy: "OnRootMismatch"
+    supplementalGroups:
+      - 44
+      - 100
+      - 109
+      - 65539
+  metrics:
+    enabled: true
+    prometheusRule:
+      enabled: true
+      rules:
+        - alert: RadarrDown
+          annotations:
+            description: Radarr service is down.
+            summary: Radarr is down.
+          expr: |
+            radarr_system_status == 0
+          for: 5m
+          labels:
+            severity: critical
+    exporter:
+      image:
+        repository: ghcr.io/onedr0p/exportarr
+        tag: v2.0.1
+persistence:
+  media:
+    nfsPath: /volume2/Storage
+    nfsServer: synologybond.alexlebens.net
+postgres-16-cluster:
+  mode: standalone
+  cluster:
+    walStorage:
+      storageClass: local-path
+    storage:
+      storageClass: local-path
+    monitoring:
+      enabled: true
+    initdb:
+      database: app
+      owner: app
+      postInitApplicationSQL:
+        - CREATE DATABASE "radarr-main" OWNER "app";
+        - CREATE DATABASE "radarr-log" OWNER "app";
+  backup:
+    enabled: true
+    endpointURL: https://s3.us-east-2.amazonaws.com
+    destinationPath: s3://cl01tl-postgresql-backups/radarr5
+    endpointCredentials: radarr5-postgresql-16-cluster-backup-secret
+    backupIndex: 1
+    retentionPolicy: 14d

clusters/cl01tl/applications/sonarr4-4k/Chart.yaml

@@ -0,0 +1,16 @@
+apiVersion: v2
+name: sonarr4-4k
+version: 1.0.0
+sources:
+  - https://github.com/Sonarr/Sonarr
+  - https://github.com/k8s-home-lab/helm-charts/tree/master/charts/stable/sonarr  
+  - https://github.com/alexlebens/helm-charts/charts/postgres-cluster
+dependencies:
+  - name: sonarr
+    version: 17.1.1
+    repository: https://k8s-home-lab.github.io/helm-charts/
+  - name: postgres-cluster
+    alias: postgres-16-cluster
+    version: 3.1.0
+    repository: http://alexlebens.github.io/helm-charts  
+appVersion: "4.0.4.1491"

clusters/cl01tl/applications/sonarr4-4k/templates/external-secret.yaml

@@ -0,0 +1,30 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: sonarr4-4k-postgresql-16-cluster-backup-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: sonarr4-4k-postgresql-16-cluster-backup-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: database
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /aws/keys/cl01tl-sonarr-postgresql
+        metadataPolicy: None
+        property: access_key
+    - secretKey: ACCESS_SECRET_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /aws/keys/cl01tl-sonarr-postgresql
+        metadataPolicy: None
+        property: secret_key

clusters/cl01tl/applications/sonarr4-4k/templates/persistent-volume-claim.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: "{{ .Release.Name }}-nfs-storage"
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: storage
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  volumeName: "{{ .Release.Name }}-nfs-storage"
+  storageClassName: nfs-client
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi

clusters/cl01tl/applications/sonarr4-4k/templates/persistent-volume.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: "{{ .Release.Name }}-nfs-storage"
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: storage
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: nfs-client
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    path: {{ .Values.persistence.media.nfsPath }}
+    server: {{ .Values.persistence.media.nfsServer }}
+  mountOptions:
+    - vers=4
+    - minorversion=1
+    - noac

clusters/cl01tl/applications/sonarr4-4k/values.yaml

@@ -0,0 +1,110 @@
+sonarr:
+  image:
+    repository: ghcr.io/onedr0p/sonarr
+    tag: "4.0.4.1491"
+  env:
+    TZ: US/Central
+    SONARR__POSTGRES_MAIN_DB: sonarr-main
+    SONARR__POSTGRES_LOG_DB: sonarr-log
+    SONARR__POSTGRES_HOST:
+      valueFrom:
+        secretKeyRef:
+          name: sonarr4-4k-postgresql-16-cluster-app
+          key: host
+    SONARR__POSTGRES_PORT:
+      valueFrom:
+        secretKeyRef:
+          name: sonarr4-4k-postgresql-16-cluster-app
+          key: port
+    SONARR__POSTGRES_USER:
+      valueFrom:
+        secretKeyRef:
+          name: sonarr4-4k-postgresql-16-cluster-app
+          key: user
+    SONARR__POSTGRES_PASSWORD:
+      valueFrom:
+        secretKeyRef:
+          name: sonarr4-4k-postgresql-16-cluster-app
+          key: password
+  ingress:
+    main:
+      enabled: true
+      ingressClassName: traefik
+      annotations:
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        traefik.ingress.kubernetes.io/router.tls: "true"
+        cert-manager.io/cluster-issuer: letsencrypt-issuer
+      hosts:
+        - host: sonarr-4k.alexlebens.net
+          paths:
+            - path: /
+              pathType: Prefix
+      tls:
+        - secretName: sonarr4-4k-secret-tls
+          hosts:
+            - sonarr-4k.alexlebens.net
+  persistence:
+    config:
+      enabled: true
+      mountPath: /config
+      accessMode: ReadWriteOnce
+      size: 20Gi
+    media:
+      enabled: true
+      mountPath: /mnt/store
+      type: pvc
+      existingClaim: sonarr4-4k-nfs-storage
+  podSecurityContext:
+    runAsUser: 1000
+    runAsGroup: 1000
+    fsGroup: 2000
+    fsGroupChangePolicy: "OnRootMismatch"
+    supplementalGroups:
+      - 44
+      - 100
+      - 109
+      - 65539
+  metrics:
+    enabled: true
+    prometheusRule:
+      enabled: true
+      rules:
+        - alert: SonarrDown
+          annotations:
+            description: Sonarr 4k service is down.
+            summary: Sonarr 4k is down.
+          expr: |
+            sonarr_system_status == 0
+          for: 5m
+          labels:
+            severity: critical
+    exporter:
+      image:
+        repository: ghcr.io/onedr0p/exportarr
+        tag: v2.0.1
+persistence:
+  media:
+    nfsPath: /volume2/Storage
+    nfsServer: synologybond.alexlebens.net
+postgres-16-cluster:
+  mode: standalone
+  cluster:
+    walStorage:
+      storageClass: local-path
+    storage:
+      storageClass: local-path
+    monitoring:
+      enabled: true
+    initdb:
+      database: app
+      owner: app
+      postInitApplicationSQL:
+        - CREATE DATABASE "sonarr-main" OWNER "app";
+        - CREATE DATABASE "sonarr-log" OWNER "app";
+  backup:
+    enabled: true
+    endpointURL: https://s3.us-east-2.amazonaws.com
+    destinationPath: s3://cl01tl-postgresql-backups/sonarr4-4k
+    endpointCredentials: sonarr4-4k-postgresql-16-cluster-backup-secret
+    backupIndex: 1
+    retentionPolicy: 14d

clusters/cl01tl/applications/sonarr4/Chart.yaml

@@ -0,0 +1,16 @@
+apiVersion: v2
+name: sonarr4
+version: 1.0.0
+sources:
+  - https://github.com/Sonarr/Sonarr
+  - https://github.com/k8s-home-lab/helm-charts/tree/master/charts/stable/sonarr
+  - https://github.com/alexlebens/helm-charts/charts/postgres-cluster
+dependencies:
+  - name: sonarr
+    version: 17.1.1
+    repository: https://k8s-home-lab.github.io/helm-charts/
+  - name: postgres-cluster
+    alias: postgres-16-cluster
+    version: 3.1.0
+    repository: http://alexlebens.github.io/helm-charts
+appVersion: "4.0.4.1491"

clusters/cl01tl/applications/sonarr4/templates/external-secret.yaml

@@ -0,0 +1,30 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: sonarr4-postgresql-16-cluster-backup-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: sonarr4-postgresql-16-cluster-backup-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: database
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /aws/keys/cl01tl-sonarr-postgresql
+        metadataPolicy: None
+        property: access_key
+    - secretKey: ACCESS_SECRET_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /aws/keys/cl01tl-sonarr-postgresql
+        metadataPolicy: None
+        property: secret_key

clusters/cl01tl/applications/sonarr4/templates/persistent-volume-claim.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: "{{ .Release.Name }}-nfs-storage"
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: storage
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  volumeName: "{{ .Release.Name }}-nfs-storage"
+  storageClassName: nfs-client
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi

clusters/cl01tl/applications/sonarr4/templates/persistent-volume.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: "{{ .Release.Name }}-nfs-storage"
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: storage
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: nfs-client
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    path: {{ .Values.persistence.media.nfsPath }}
+    server: {{ .Values.persistence.media.nfsServer }}
+  mountOptions:
+    - vers=4
+    - minorversion=1
+    - noac

clusters/cl01tl/applications/sonarr4/values.yaml

@@ -0,0 +1,110 @@
+sonarr:
+  image:
+    repository: ghcr.io/onedr0p/sonarr
+    tag: "4.0.4.1491"
+  env:
+    TZ: US/Central
+    SONARR__POSTGRES_MAIN_DB: sonarr-main
+    SONARR__POSTGRES_LOG_DB: sonarr-log
+    SONARR__POSTGRES_HOST:
+      valueFrom:
+        secretKeyRef:
+          name: sonarr4-postgresql-16-cluster-app
+          key: host
+    SONARR__POSTGRES_PORT:
+      valueFrom:
+        secretKeyRef:
+          name: sonarr4-postgresql-16-cluster-app
+          key: port
+    SONARR__POSTGRES_USER:
+      valueFrom:
+        secretKeyRef:
+          name: sonarr4-postgresql-16-cluster-app
+          key: user
+    SONARR__POSTGRES_PASSWORD:
+      valueFrom:
+        secretKeyRef:
+          name: sonarr4-postgresql-16-cluster-app
+          key: password
+  ingress:
+    main:
+      enabled: true
+      ingressClassName: traefik
+      annotations:
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        traefik.ingress.kubernetes.io/router.tls: "true"
+        cert-manager.io/cluster-issuer: letsencrypt-issuer
+      hosts:
+        - host: sonarr.alexlebens.net
+          paths:
+            - path: /
+              pathType: Prefix
+      tls:
+        - secretName: sonarr4-secret-tls
+          hosts:
+            - sonarr.alexlebens.net
+  persistence:
+    config:
+      enabled: true
+      mountPath: /config
+      accessMode: ReadWriteOnce
+      size: 20Gi
+    media:
+      enabled: true
+      mountPath: /mnt/store
+      type: pvc
+      existingClaim: sonarr4-nfs-storage
+  podSecurityContext:
+    runAsUser: 1000
+    runAsGroup: 1000
+    fsGroup: 2000
+    fsGroupChangePolicy: "OnRootMismatch"
+    supplementalGroups:
+      - 44
+      - 100
+      - 109
+      - 65539
+  metrics:
+    enabled: true
+    prometheusRule:
+      enabled: true
+      rules:
+        - alert: SonarrDown
+          annotations:
+            description: Sonarr service is down.
+            summary: Sonarr is down.
+          expr: |
+            sonarr_system_status == 0
+          for: 5m
+          labels:
+            severity: critical
+    exporter:
+      image:
+        repository: ghcr.io/onedr0p/exportarr
+        tag: v2.0.1
+persistence:
+  media:
+    nfsPath: /volume2/Storage
+    nfsServer: synologybond.alexlebens.net
+postgres-16-cluster:
+  mode: standalone
+  cluster:
+    walStorage:
+      storageClass: local-path
+    storage:
+      storageClass: local-path
+    monitoring:
+      enabled: true
+    initdb:
+      database: app
+      owner: app
+      postInitApplicationSQL:
+        - CREATE DATABASE "sonarr-main" OWNER "app";
+        - CREATE DATABASE "sonarr-log" OWNER "app";
+  backup:
+    enabled: true
+    endpointURL: https://s3.us-east-2.amazonaws.com
+    destinationPath: s3://cl01tl-postgresql-backups/sonarr4
+    endpointCredentials: sonarr4-postgresql-16-cluster-backup-secret
+    backupIndex: 1
+    retentionPolicy: 14d

clusters/cl01tl/applications/tdarr/Chart.yaml

@@ -0,0 +1,12 @@
+apiVersion: v2
+name: tdarr
+version: 0.0.3
+home:
+sources:
+  - https://github.com/HaveAGitGat/Tdarr
+  - https://github.com/alexlebens/helm-charts/tree/main/charts/tdarr
+dependencies:
+  - name: tdarr
+    version: 0.0.6
+    repository: http://alexlebens.github.io/helm-charts
+appVersion: "2.17.01"

clusters/cl01tl/applications/tdarr/templates/persistent-volume-claim.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: tdarr-nfs-storage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: storage
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  volumeName: tdarr-nfs-storage
+  storageClassName: nfs-client
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi

clusters/cl01tl/applications/tdarr/templates/persistent-volume.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: tdarr-nfs-storage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: storage
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: nfs-client
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    path: {{ .Values.persistence.media.nfsPath }}
+    server: {{ .Values.persistence.media.nfsServer }}
+  mountOptions:
+    - vers=4
+    - minorversion=1
+    - noac

clusters/cl01tl/applications/tdarr/values.yaml

@@ -0,0 +1,54 @@
+tdarr:
+  global:
+    persistence:
+      media:
+        claimName: tdarr-nfs-storage
+        mountPath: /mnt/store
+  server:
+    resources:
+      requests:
+        cpu: 50m
+        memory: 256Mi
+      limits:
+        cpu: 5000m
+        memory: 2Gi
+    ingress:
+      enabled: true
+      className: traefik
+      annotations:
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        traefik.ingress.kubernetes.io/router.tls: "true"
+        cert-manager.io/cluster-issuer: letsencrypt-issuer
+      host: tdarr.alexlebens.net
+    persistence:
+      config:
+        storageClassName: ceph-block
+        storageSize: 50Gi
+      server:
+        storageClassName: ceph-block
+        storageSize: 50Gi
+  node:
+    replicas: 3
+    resources:
+      requests:
+        gpu.intel.com/i915: 1
+        cpu: 100m
+        memory: 1Gi
+      limits:
+        gpu.intel.com/i915: 1
+        cpu: 5000m
+        memory: 5Gi
+    persistence:
+      cache:
+        size: 5Gi
+  tdarr-exporter:
+    metrics:
+      serviceMonitor:
+        enabled: true
+    settings:
+      config:
+        url: https://tdarr.alexlebens.net
+persistence:
+  media:
+    nfsPath: /volume2/Storage
+    nfsServer: synologybond.alexlebens.net

clusters/cl01tl/platform/qbittorrent/Chart.yaml

@@ -0,0 +1,14 @@
+apiVersion: v2
+name: qbittorrent
+version: 0.0.7
+home:
+sources:
+  - https://github.com/qbittorrent/qBittorrent
+  - https://docs.linuxserver.io/images/docker-qbittorrent/
+  - https://github.com/qdm12/gluetun
+  - https://github.com/alexlebens/helm-charts/tree/main/charts/homepage
+dependencies:
+  - name: qbittorrent
+    version: 0.0.8
+    repository: http://alexlebens.github.io/helm-charts
+appVersion: "version-4.6.3-r0"

clusters/cl01tl/platform/qbittorrent/templates/external-secret.yaml

@@ -0,0 +1,48 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: qbittorrent-auth
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: admin-password
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /qbittorrent/auth
+        metadataPolicy: None        
+        property: admin-password
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: qbittorrent-wireguard-conf
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: wg0.conf
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /qbittorrent/config
+        metadataPolicy: None        
+        property: wg0.conf

clusters/cl01tl/platform/qbittorrent/templates/persistent-volume-claim.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: qbittorrent-nfs-storage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: storage
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  volumeName: qbittorrent-nfs-storage
+  storageClassName: nfs-client
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi

clusters/cl01tl/platform/qbittorrent/templates/persistent-volume.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: qbittorrent-nfs-storage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: storage
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: nfs-client
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    path: {{ .Values.persistence.media.nfsPath }}
+    server: {{ .Values.persistence.media.nfsServer }}
+  mountOptions:
+    - vers=4
+    - minorversion=1
+    - noac

clusters/cl01tl/platform/qbittorrent/values.yaml

@@ -0,0 +1,64 @@
+qbittorrent:
+  global:
+    persistence:
+      media:
+        claimName: qbittorrent-nfs-storage
+        mountPath: /mnt/store
+  server:
+    env:
+      - name: TZ
+        value: US/Central
+      - name: PUID
+        value: "1000"
+      - name: PGID
+        value: "1000"        
+    resources:
+      requests:
+        cpu: 100m
+        memory: 2Gi
+      limits:
+        cpu: 2000m
+        memory: 2Gi
+    ingress:
+      enabled: true
+      className: traefik
+      annotations:
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        traefik.ingress.kubernetes.io/router.tls: "true"
+        cert-manager.io/cluster-issuer: letsencrypt-issuer
+      host: qbittorrent.alexlebens.net
+    persistence:
+      config:
+        storageClassName: nfs-client
+        storageSize: 1Gi
+  gluetun:
+    enabled: true
+    env:
+      - name: VPN_SERVICE_PROVIDER
+        value: custom
+      - name: VPN_TYPE
+        value: wireguard
+      - name: FIREWALL_OUTBOUND_SUBNETS
+        value: 192.168.1.0/24,10.244.0.0/16
+      - name: FIREWALL_INPUT_PORTS
+        value: 8080,9022
+      - name: DOT
+        value: "off"
+    existingSecretName: qbittorrent-wireguard-conf
+  metrics:
+    enabled: true
+    serviceMonitor:
+      enabled: true
+    exporter:
+      env:
+        - name: QBITTORRENT_USER
+          value: admin
+        - name: QBITTORRENT_PASS
+          valueFrom:
+            secretKeyRef:
+              name: qbittorrent-auth
+              key: admin-password
+persistence:
+  media:
+    nfsPath: /volume2/Storage
+    nfsServer: synologybond.alexlebens.net