From f2c6e64a36df0c82274f263692cf0b242eb8b58a Mon Sep 17 00:00:00 2001 From: gitea-bot Date: Sat, 21 Feb 2026 00:43:41 +0000 Subject: [PATCH] Automated Manifest Update (#4138) This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow. Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4138 Co-authored-by: gitea-bot Co-committed-by: gitea-bot --- .../manifests/blocky/ConfigMap-blocky.yaml | 1 + .../manifests/blocky/Deployment-blocky.yaml | 2 +- .../manifests/gatus/ConfigMap-gatus.yaml | 17 +- .../manifests/gatus/Deployment-gatus.yaml | 2 +- .../homepage/ConfigMap-homepage.yaml | 10 +- .../homepage/Deployment-homepage.yaml | 2 +- .../Deployment-music-grabber.yaml | 147 ++++++++++++++++++ ...nalSecret-music-grabber-config-secret.yaml | 42 +++++ ...alSecret-music-grabber-wireguard-conf.yaml | 35 +++++ .../HTTPRoute-music-grabber.yaml | 30 ++++ .../Namespace-music-grabber.yaml | 11 ++ ...stentVolume-music-grabber-nfs-storage.yaml | 23 +++ ...VolumeClaim-music-grabber-nfs-storage.yaml | 17 ++ .../PersistentVolumeClaim-music-grabber.yaml | 19 +++ .../music-grabber/Service-music-grabber.yaml | 22 +++ .../navidrome/Deployment-navidrome-main.yaml | 6 + ...e-navidrome-music-grabber-nfs-storage.yaml | 23 +++ ...m-navidrome-music-grabber-nfs-storage.yaml | 17 ++ 18 files changed, 417 insertions(+), 9 deletions(-) create mode 100644 clusters/cl01tl/manifests/music-grabber/Deployment-music-grabber.yaml create mode 100644 clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-config-secret.yaml create mode 100644 clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-wireguard-conf.yaml create mode 100644 clusters/cl01tl/manifests/music-grabber/HTTPRoute-music-grabber.yaml create mode 100644 clusters/cl01tl/manifests/music-grabber/Namespace-music-grabber.yaml create mode 100644 clusters/cl01tl/manifests/music-grabber/PersistentVolume-music-grabber-nfs-storage.yaml create mode 100644 clusters/cl01tl/manifests/music-grabber/PersistentVolumeClaim-music-grabber-nfs-storage.yaml create mode 100644 clusters/cl01tl/manifests/music-grabber/PersistentVolumeClaim-music-grabber.yaml create mode 100644 clusters/cl01tl/manifests/music-grabber/Service-music-grabber.yaml create mode 100644 clusters/cl01tl/manifests/navidrome/PersistentVolume-navidrome-music-grabber-nfs-storage.yaml create mode 100644 clusters/cl01tl/manifests/navidrome/PersistentVolumeClaim-navidrome-music-grabber-nfs-storage.yaml diff --git a/clusters/cl01tl/manifests/blocky/ConfigMap-blocky.yaml b/clusters/cl01tl/manifests/blocky/ConfigMap-blocky.yaml index a13a274a0..c3cd085c1 100644 --- a/clusters/cl01tl/manifests/blocky/ConfigMap-blocky.yaml +++ b/clusters/cl01tl/manifests/blocky/ConfigMap-blocky.yaml @@ -121,6 +121,7 @@ data: komodo IN CNAME traefik-cl01tl lidarr IN CNAME traefik-cl01tl mail IN CNAME traefik-cl01tl + music-grabber IN CNAME traefik-cl01tl navidrome IN CNAME traefik-cl01tl ntfy IN CNAME traefik-cl01tl objects IN CNAME traefik-cl01tl diff --git a/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml b/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml index b7f49b93a..200b7c225 100644 --- a/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml +++ b/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml @@ -22,7 +22,7 @@ spec: template: metadata: annotations: - checksum/configMaps: 0e7d0fe7b3aa73d6a2fe0d0b8e3b129605c4d72a76eaf5d1b43910c0b10b2a47 + checksum/configMaps: 8c603adb69fb831feb65149f5075301bcad5658ed6fce15312e8b2c51d6a5568 labels: app.kubernetes.io/controller: main app.kubernetes.io/instance: blocky diff --git a/clusters/cl01tl/manifests/gatus/ConfigMap-gatus.yaml b/clusters/cl01tl/manifests/gatus/ConfigMap-gatus.yaml index aa4a49d7f..0af19aa31 100644 --- a/clusters/cl01tl/manifests/gatus/ConfigMap-gatus.yaml +++ b/clusters/cl01tl/manifests/gatus/ConfigMap-gatus.yaml @@ -579,8 +579,8 @@ data: - '[CERTIFICATE_EXPIRATION] > 240h' group: core interval: 30s - name: spotisub - url: https://spotisub.alexlebens.net + name: yubal + url: https://yubal.alexlebens.net - alerts: - type: ntfy conditions: @@ -588,8 +588,17 @@ data: - '[CERTIFICATE_EXPIRATION] > 240h' group: core interval: 30s - name: yubal - url: https://yubal.alexlebens.net + name: music-grabber + url: https://music-grabber.alexlebens.net + - alerts: + - type: ntfy + conditions: + - '[STATUS] == 200' + - '[CERTIFICATE_EXPIRATION] > 240h' + group: core + interval: 30s + name: spotisub + url: https://spotisub.alexlebens.net - alerts: - type: ntfy conditions: diff --git a/clusters/cl01tl/manifests/gatus/Deployment-gatus.yaml b/clusters/cl01tl/manifests/gatus/Deployment-gatus.yaml index 12c56ab19..f3c594cd8 100644 --- a/clusters/cl01tl/manifests/gatus/Deployment-gatus.yaml +++ b/clusters/cl01tl/manifests/gatus/Deployment-gatus.yaml @@ -26,7 +26,7 @@ spec: app.kubernetes.io/name: gatus app.kubernetes.io/instance: gatus annotations: - checksum/config: 5c2a042654c7a405f8201b571f8d65e32b4edd8efac48ad333ba1f5edf8cf614 + checksum/config: d6c3ddc49cf9e025dfa422424215e2723d0fd4fa9b4411731d875d1a36c2a0bb spec: serviceAccountName: default automountServiceAccountToken: false diff --git a/clusters/cl01tl/manifests/homepage/ConfigMap-homepage.yaml b/clusters/cl01tl/manifests/homepage/ConfigMap-homepage.yaml index 6a25a3a8f..2d146470b 100644 --- a/clusters/cl01tl/manifests/homepage/ConfigMap-homepage.yaml +++ b/clusters/cl01tl/manifests/homepage/ConfigMap-homepage.yaml @@ -644,13 +644,19 @@ data: fields: ["wanted", "queued", "artists"] - Yubal: icon: sh-yubal.webp - description: Replicate Youtube playlist + description: Replicate Youtube playlists href: https://yubal.alexlebens.net siteMonitor: http://yubal.yubal:80 statusStyle: dot + - Music Grabber: + icon: sh-music-service.webp + description: Replicate Music playlists + href: https://music-grabber.alexlebens.net + siteMonitor: http://music-grabber.music-grabber:80 + statusStyle: dot - Spotisub: icon: sh-spotify.webp - description: Replicate Spotify playlist + description: Replicate Spotify playlists href: https://spotisub.alexlebens.net siteMonitor: http://spotisub.spotisub:80 statusStyle: dot diff --git a/clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml b/clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml index 7d9f574c1..b7114b837 100644 --- a/clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml +++ b/clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml @@ -24,7 +24,7 @@ spec: template: metadata: annotations: - checksum/configMaps: fb8a18bb622a2c73c0d27a1886890242edeff43d0a64935d5711719a75f44373 + checksum/configMaps: f477b0de7fa267fc6d547149de49bf400ccaa108b48629c7aefdca166f254c94 checksum/secrets: d3ba83f111cd32f92c909268c55ad8bbd4f9e299b74b35b33c1a011180d8b378 labels: app.kubernetes.io/controller: main diff --git a/clusters/cl01tl/manifests/music-grabber/Deployment-music-grabber.yaml b/clusters/cl01tl/manifests/music-grabber/Deployment-music-grabber.yaml new file mode 100644 index 000000000..d44c486ea --- /dev/null +++ b/clusters/cl01tl/manifests/music-grabber/Deployment-music-grabber.yaml @@ -0,0 +1,147 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: music-grabber + labels: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: music-grabber + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: music-grabber + helm.sh/chart: music-grabber-4.6.2 + namespace: music-grabber +spec: + revisionHistoryLimit: 3 + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app.kubernetes.io/controller: main + app.kubernetes.io/name: music-grabber + app.kubernetes.io/instance: music-grabber + template: + metadata: + labels: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: music-grabber + app.kubernetes.io/name: music-grabber + spec: + enableServiceLinks: false + serviceAccountName: default + automountServiceAccountToken: true + hostIPC: false + hostNetwork: false + hostPID: false + dnsPolicy: ClusterFirst + containers: + - env: + - name: VPN_SERVICE_PROVIDER + value: protonvpn + - name: VPN_TYPE + value: wireguard + - name: WIREGUARD_PRIVATE_KEY + valueFrom: + secretKeyRef: + key: private-key + name: music-grabber-wireguard-conf + - name: UPDATER_PROTONVPN_EMAIL + valueFrom: + secretKeyRef: + key: proton-email + name: music-grabber-wireguard-conf + - name: UPDATER_PROTONVPN_PASSWORD + valueFrom: + secretKeyRef: + key: proton-password + name: music-grabber-wireguard-conf + - name: FIREWALL_OUTBOUND_SUBNETS + value: 10.0.0.0/8 + - name: FIREWALL_INPUT_PORTS + value: "5183" + - name: DNS_UPSTREAM_RESOLVER_TYPE + value: dot + image: ghcr.io/qdm12/gluetun:v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab + imagePullPolicy: IfNotPresent + lifecycle: + postStart: + exec: + command: + - /bin/sh + - -c + - (ip rule del table 51820; ip -6 rule del table 51820) || true + livenessProbe: + exec: + command: + - /gluetun-entrypoint + - healthcheck + failureThreshold: 5 + initialDelaySeconds: 30 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + name: gluetun + resources: + limits: + devic.es/tun: "1" + requests: + cpu: 10m + devic.es/tun: "1" + memory: 128Mi + securityContext: + capabilities: + add: + - NET_ADMIN + - SYS_MODULE + privileged: true + - env: + - name: MUSIC_DIR + value: /mnt/store/Music Grabber/ + - name: ENABLE_MUSICBRAINZ + value: "true" + - name: ORGANISE_BY_ARTIST + value: "true" + - name: NAVIDROME_URL + value: http://navidrome-main.navidrome:80 + - name: NAVIDROME_USER + valueFrom: + secretKeyRef: + key: navidrome-user + name: music-grabber-config-secret + - name: NAVIDROME_PASS + valueFrom: + secretKeyRef: + key: navidrome-password + name: music-grabber-config-secret + - name: SLSKD_URL + value: http://slskd.slskd:5030 + - name: SLSKD_USER + valueFrom: + secretKeyRef: + key: slskd-user + name: music-grabber-config-secret + - name: SLSKD_PASS + valueFrom: + secretKeyRef: + key: slskd-password + name: music-grabber-config-secret + - name: SLSKD_DOWNLOADS_PATH + value: /mnt/store/slskd/Downloads + image: g33kphr33k/musicgrabber:2.0.4 + imagePullPolicy: IfNotPresent + name: main + resources: + requests: + cpu: 10m + memory: 128Mi + volumeMounts: + - mountPath: /data + name: cache + - mountPath: /mnt/store/ + name: music + volumes: + - name: cache + persistentVolumeClaim: + claimName: music-grabber + - name: music + persistentVolumeClaim: + claimName: music-grabber-nfs-storage diff --git a/clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-config-secret.yaml b/clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-config-secret.yaml new file mode 100644 index 000000000..e797c894b --- /dev/null +++ b/clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-config-secret.yaml @@ -0,0 +1,42 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: music-grabber-config-secret + namespace: music-grabber + labels: + app.kubernetes.io/name: music-grabber-config-secret + app.kubernetes.io/instance: music-grabber + app.kubernetes.io/part-of: music-grabber +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: navidrome-user + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/navidrome/admin + metadataPolicy: None + property: user + - secretKey: navidrome-password + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/navidrome/admin + metadataPolicy: None + property: password + - secretKey: slskd-user + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/slskd/auth + metadataPolicy: None + property: user + - secretKey: slskd-password + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/slskd/auth + metadataPolicy: None + property: password diff --git a/clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-wireguard-conf.yaml b/clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-wireguard-conf.yaml new file mode 100644 index 000000000..edc5fa2b3 --- /dev/null +++ b/clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-wireguard-conf.yaml @@ -0,0 +1,35 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: music-grabber-wireguard-conf + namespace: music-grabber + labels: + app.kubernetes.io/name: music-grabber-wireguard-conf + app.kubernetes.io/instance: music-grabber + app.kubernetes.io/part-of: music-grabber +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: private-key + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /protonvpn/conf/cl01tl + metadataPolicy: None + property: private-key + - secretKey: proton-email + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /protonvpn/conf/cl01tl + metadataPolicy: None + property: email + - secretKey: proton-password + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /protonvpn/conf/cl01tl + metadataPolicy: None + property: password diff --git a/clusters/cl01tl/manifests/music-grabber/HTTPRoute-music-grabber.yaml b/clusters/cl01tl/manifests/music-grabber/HTTPRoute-music-grabber.yaml new file mode 100644 index 000000000..2caa8ecc4 --- /dev/null +++ b/clusters/cl01tl/manifests/music-grabber/HTTPRoute-music-grabber.yaml @@ -0,0 +1,30 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: music-grabber + labels: + app.kubernetes.io/instance: music-grabber + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: music-grabber + helm.sh/chart: music-grabber-4.6.2 + namespace: music-grabber +spec: + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik + hostnames: + - "music-grabber.alexlebens.net" + rules: + - backendRefs: + - group: "" + kind: Service + name: music-grabber + namespace: music-grabber + port: 80 + weight: 100 + matches: + - path: + type: PathPrefix + value: / diff --git a/clusters/cl01tl/manifests/music-grabber/Namespace-music-grabber.yaml b/clusters/cl01tl/manifests/music-grabber/Namespace-music-grabber.yaml new file mode 100644 index 000000000..9f78a02c5 --- /dev/null +++ b/clusters/cl01tl/manifests/music-grabber/Namespace-music-grabber.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: music-grabber + labels: + app.kubernetes.io/name: music-grabber + app.kubernetes.io/instance: music-grabber + app.kubernetes.io/part-of: music-grabber + pod-security.kubernetes.io/audit: privileged + pod-security.kubernetes.io/enforce: privileged + pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/manifests/music-grabber/PersistentVolume-music-grabber-nfs-storage.yaml b/clusters/cl01tl/manifests/music-grabber/PersistentVolume-music-grabber-nfs-storage.yaml new file mode 100644 index 000000000..e98816036 --- /dev/null +++ b/clusters/cl01tl/manifests/music-grabber/PersistentVolume-music-grabber-nfs-storage.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: music-grabber-nfs-storage + namespace: music-grabber + labels: + app.kubernetes.io/name: music-grabber-nfs-storage + app.kubernetes.io/instance: music-grabber + app.kubernetes.io/part-of: music-grabber +spec: + persistentVolumeReclaimPolicy: Retain + storageClassName: nfs-client + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + nfs: + path: /volume2/Storage + server: synologybond.alexlebens.net + mountOptions: + - vers=4 + - minorversion=1 + - noac diff --git a/clusters/cl01tl/manifests/music-grabber/PersistentVolumeClaim-music-grabber-nfs-storage.yaml b/clusters/cl01tl/manifests/music-grabber/PersistentVolumeClaim-music-grabber-nfs-storage.yaml new file mode 100644 index 000000000..8b967661d --- /dev/null +++ b/clusters/cl01tl/manifests/music-grabber/PersistentVolumeClaim-music-grabber-nfs-storage.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: music-grabber-nfs-storage + namespace: music-grabber + labels: + app.kubernetes.io/name: music-grabber-nfs-storage + app.kubernetes.io/instance: music-grabber + app.kubernetes.io/part-of: music-grabber +spec: + volumeName: music-grabber-nfs-storage + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/clusters/cl01tl/manifests/music-grabber/PersistentVolumeClaim-music-grabber.yaml b/clusters/cl01tl/manifests/music-grabber/PersistentVolumeClaim-music-grabber.yaml new file mode 100644 index 000000000..f3ca0a4dd --- /dev/null +++ b/clusters/cl01tl/manifests/music-grabber/PersistentVolumeClaim-music-grabber.yaml @@ -0,0 +1,19 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: music-grabber + labels: + app.kubernetes.io/instance: music-grabber + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: music-grabber + helm.sh/chart: music-grabber-4.6.2 + annotations: + helm.sh/resource-policy: keep + namespace: music-grabber +spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "1Gi" + storageClassName: "ceph-block" diff --git a/clusters/cl01tl/manifests/music-grabber/Service-music-grabber.yaml b/clusters/cl01tl/manifests/music-grabber/Service-music-grabber.yaml new file mode 100644 index 000000000..cf6fad565 --- /dev/null +++ b/clusters/cl01tl/manifests/music-grabber/Service-music-grabber.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + name: music-grabber + labels: + app.kubernetes.io/instance: music-grabber + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: music-grabber + app.kubernetes.io/service: music-grabber + helm.sh/chart: music-grabber-4.6.2 + namespace: music-grabber +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 8080 + protocol: TCP + name: http + selector: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: music-grabber + app.kubernetes.io/name: music-grabber diff --git a/clusters/cl01tl/manifests/navidrome/Deployment-navidrome-main.yaml b/clusters/cl01tl/manifests/navidrome/Deployment-navidrome-main.yaml index 9af249105..de2bc5df5 100644 --- a/clusters/cl01tl/manifests/navidrome/Deployment-navidrome-main.yaml +++ b/clusters/cl01tl/manifests/navidrome/Deployment-navidrome-main.yaml @@ -67,6 +67,9 @@ spec: - mountPath: /music name: music readOnly: true + - mountPath: /music-grabber + name: music-grabber + readOnly: true - mountPath: /music-single name: music-single readOnly: true @@ -82,6 +85,9 @@ spec: - name: music persistentVolumeClaim: claimName: navidrome-music-nfs-storage + - name: music-grabber + persistentVolumeClaim: + claimName: navidrome-music-grabber-nfs-storage - name: music-single persistentVolumeClaim: claimName: navidrome-music-single-nfs-storage diff --git a/clusters/cl01tl/manifests/navidrome/PersistentVolume-navidrome-music-grabber-nfs-storage.yaml b/clusters/cl01tl/manifests/navidrome/PersistentVolume-navidrome-music-grabber-nfs-storage.yaml new file mode 100644 index 000000000..36365d163 --- /dev/null +++ b/clusters/cl01tl/manifests/navidrome/PersistentVolume-navidrome-music-grabber-nfs-storage.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: navidrome-music-grabber-nfs-storage + namespace: navidrome + labels: + app.kubernetes.io/name: navidrome-music-grabber-nfs-storage + app.kubernetes.io/instance: navidrome + app.kubernetes.io/part-of: navidrome +spec: + persistentVolumeReclaimPolicy: Retain + storageClassName: nfs-client + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + nfs: + path: /volume2/Storage/Music Grabber/ + server: synologybond.alexlebens.net + mountOptions: + - vers=4 + - minorversion=1 + - noac diff --git a/clusters/cl01tl/manifests/navidrome/PersistentVolumeClaim-navidrome-music-grabber-nfs-storage.yaml b/clusters/cl01tl/manifests/navidrome/PersistentVolumeClaim-navidrome-music-grabber-nfs-storage.yaml new file mode 100644 index 000000000..22f276ff0 --- /dev/null +++ b/clusters/cl01tl/manifests/navidrome/PersistentVolumeClaim-navidrome-music-grabber-nfs-storage.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: navidrome-music-grabber-nfs-storage + namespace: navidrome + labels: + app.kubernetes.io/name: navidrome-music-grabber-nfs-storage + app.kubernetes.io/instance: navidrome + app.kubernetes.io/part-of: navidrome +spec: + volumeName: navidrome-music-grabber-nfs-storage + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi