alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 6 Actions 2 Activity

add tubearchivist

Browse Source
This commit is contained in:
Alex Lebens
2025-03-03 18:30:28 -06:00
parent c4497ab846
commit ed76743643
7 changed files with 364 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
clusters/cl01tl/applications/tubearchivist/Chart.yaml Normal file
View File

@@ -0,0 +1,34 @@
apiVersion: v2
name: tubearchivist
version: 1.0.0
description: Tube Archivist
keywords:
- tubearchivist
- download
- video
- youtube
home: https://wiki.alexlebens.dev/doc/tube-archivist-Bv6xCDKPM5
sources:
- https://github.com/tubearchivist/tubearchivist
- https://github.com/elastic/elasticsearch
- https://github.com/redis/redis
- https://hub.docker.com/r/bbilly1/tubearchivist
- https://hub.docker.com/r/redis/redis-stack-server
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
- https://github.com/bitnami/charts/tree/main/bitnami/redis
- https://github.com/bitnami/charts/tree/main/bitnami/elasticsearch
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: tubearchivist
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
- name: elasticsearch
version: 21.4.6
repository: https://charts.bitnami.com/bitnami
- name: redis
version: 19.6.4
repository: https://charts.bitnami.com/bitnami
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/tube-archivist.png
appVersion: v0.4.11

80
clusters/cl01tl/applications/tubearchivist/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,80 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: tubearchivist-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ELASTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/tubearchivist/env
metadataPolicy: None
property: ELASTIC_PASSWORD
- secretKey: TA_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/tubearchivist/env
metadataPolicy: None
property: TA_PASSWORD
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: tubearchivist-elasticsearch-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ELASTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/tubearchivist/env
metadataPolicy: None
property: ELASTIC_PASSWORD
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: tubearchivist-wireguard-conf
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: tubearchivist-wireguard-conf
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: private-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: private-key

30
clusters/cl01tl/applications/tubearchivist/templates/http-route.yaml Normal file
View File

@@ -0,0 +1,30 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-tubearchivist
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-tubearchivist
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- tubearchivist.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: tubearchivist
port: 80
weight: 100

8
clusters/cl01tl/applications/tubearchivist/templates/namespace.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: v1
kind: Namespace
metadata:
name: tubearchivist
labels:
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

19
clusters/cl01tl/applications/tubearchivist/templates/persistent-volume-claim.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: tubearchivist-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: tubearchivist-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: tubearchivist-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

25
clusters/cl01tl/applications/tubearchivist/templates/persistent-volume.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: tubearchivist-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: tubearchivist-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/YouTube
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

168
clusters/cl01tl/applications/tubearchivist/values.yaml Normal file
View File

@@ -0,0 +1,168 @@
tubearchivist:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: bbilly1/tubearchivist
tag: v0.4.13
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
- name: HOST_UID
value: 1000
- name: HOST_GID
value: 1000
- name: ES_URL
value: http://tubearchivist-elasticsearch:9200
- name: REDIS_HOST
value: tubearchivist-redis-headless
- name: TA_HOST
value: tubearchivist.alexlebens.net tubearchivist.tubearchivist
- name: TA_PORT
value: 24000
- name: TA_USERNAME
value: admin
envFrom:
- secretRef:
name: tubearchivist-config-secret
probes:
liveness:
enabled: false
custom: true
spec:
exec:
command:
- /usr/bin/env
- bash
- -c
- curl --fail http://localhost:8000/health
failureThreshold: 5
initialDelaySeconds: 60
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 10
resources:
requests:
cpu: 10m
memory: 1Gi
gluetun:
image:
repository: ghcr.io/qdm12/gluetun
tag: v3.40.0@sha256:2b42bfa046757145a5155acece417b65b4443c8033fb88661a8e9dcf7fda5a00
pullPolicy: IfNotPresent
env:
- name: VPN_SERVICE_PROVIDER
value: protonvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: tubearchivist-wireguard-conf
key: private-key
- name: VPN_PORT_FORWARDING
value: "on"
- name: PORT_FORWARD_ONLY
value: "on"
- name: FIREWALL_OUTBOUND_SUBNETS
value: 10.0.0.0/8
- name: FIREWALL_INPUT_PORTS
value: 80,8000,24000
- name: DOT
value: off
- name: DNS_KEEP_NAMESERVER
value: on
- name: DNS_PLAINTEXT_ADDRESS
value: 10.96.0.10
securityContext:
privileged: True
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
resources:
requests:
squat.ai/tun: "1"
cpu: 10m
memory: 128Mi
limits:
squat.ai/tun: "1"
serviceAccount:
create: true
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 24000
protocol: HTTP
persistence:
data:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 20Gi
retain: true
advancedMounts:
main:
main:
- path: /cache
readOnly: false
youtube:
existingClaim: tubearchivist-nfs-storage
advancedMounts:
main:
main:
- path: /youtube
readOnly: false
redis:
image:
repository: redis/redis-stack-server
tag: 7.2.0-v13
architecture: standalone
auth:
enabled: false
commonConfiguration: |-
# Enable AOF https://redis.io/topics/persistence#append-only-file
appendonly yes
# Disable RDB persistence, AOF persistence already enabled.
save ""
# Enable Redis Json module
loadmodule /opt/redis-stack/lib/rejson.so
elasticsearch:
global:
storageClass: ceph-block
extraEnvVars:
- name: discovery.type
value: single-node
- name: xpack.security.enabled
value: "true"
extraEnvVarsSecret: tubearchivist-elasticsearch-secret
extraConfig:
path:
repo: /usr/share/elasticsearch/data/snapshot
extraVolumes:
- name: snapshot
nfs:
path: /volume2/Storage/TubeArchivist
server: synologybond.alexlebens.net
extraVolumeMounts:
- name: snapshot
mountPath: /usr/share/elasticsearch/data/snapshot
snapshotRepoPath: /usr/share/elasticsearch/data/snapshot
master:
masterOnly: false
replicaCount: 1
data:
replicaCount: 0
coordinating:
replicaCount: 0
ingest:
enabled: false
replicaCount: 0