diff --git a/clusters/cl01tl/helm/blocky/values.yaml b/clusters/cl01tl/helm/blocky/values.yaml index d90505a9c..c4f75eae2 100644 --- a/clusters/cl01tl/helm/blocky/values.yaml +++ b/clusters/cl01tl/helm/blocky/values.yaml @@ -164,6 +164,7 @@ blocky: vault IN CNAME traefik-cl01tl whodb IN CNAME traefik-cl01tl yamtrack IN CNAME traefik-cl01tl + yubal IN CNAME traefik-cl01tl yubal-playlist IN CNAME traefik-cl01tl blocking: diff --git a/clusters/cl01tl/helm/gatus/values.yaml b/clusters/cl01tl/helm/gatus/values.yaml index 616f13ef8..7736e29eb 100644 --- a/clusters/cl01tl/helm/gatus/values.yaml +++ b/clusters/cl01tl/helm/gatus/values.yaml @@ -313,6 +313,9 @@ gatus: - name: spotisub url: https://spotisub.alexlebens.net <<: *defaults + - name: yubal + url: https://yubal.alexlebens.net + <<: *defaults - name: yubal-playlist url: https://yubal-playlist.alexlebens.net <<: *defaults diff --git a/clusters/cl01tl/helm/homepage/values.yaml b/clusters/cl01tl/helm/homepage/values.yaml index 1dc075100..50c0d7e2d 100644 --- a/clusters/cl01tl/helm/homepage/values.yaml +++ b/clusters/cl01tl/helm/homepage/values.yaml @@ -655,6 +655,12 @@ homepage: url: http://lidarr.lidarr:80 key: {{ "{{HOMEPAGE_VAR_LIDARR_KEY}}" }} fields: ["wanted", "queued", "artists"] + - Yubal: + icon: sh-yubal.webp + description: Download Youtube playlist + href: https://yubal.alexlebens.net + siteMonitor: http://yubal.yubal:80 + statusStyle: dot - Yubal Playlist: icon: sh-yubal.webp description: Replicate Youtube playlist diff --git a/clusters/cl01tl/helm/yubal/Chart.lock b/clusters/cl01tl/helm/yubal/Chart.lock new file mode 100644 index 000000000..ab4dc3073 --- /dev/null +++ b/clusters/cl01tl/helm/yubal/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: app-template + repository: https://bjw-s-labs.github.io/helm-charts/ + version: 4.6.2 +digest: sha256:f8966d4e96cba272ddc29e3bdc508ca11ea758e3f784849f598a724819ab9d04 +generated: "2026-01-16T18:57:07.816828126Z" diff --git a/clusters/cl01tl/helm/yubal/Chart.yaml b/clusters/cl01tl/helm/yubal/Chart.yaml new file mode 100644 index 000000000..362957fa8 --- /dev/null +++ b/clusters/cl01tl/helm/yubal/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +name: yubal +version: 1.0.0 +description: yubal +keywords: + - yubal + - music + - youtube +home: https://wiki.alexlebens.dev/s/ +sources: + - https://github.com/guillevc/yubal + - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template +maintainers: + - name: alexlebens +dependencies: + - name: app-template + alias: yubal + repository: https://bjw-s-labs.github.io/helm-charts/ + version: 4.6.2 +# renovate: datasource=github-releases depName=guillevc/yubal +appVersion: v0.4.0 diff --git a/clusters/cl01tl/helm/yubal/templates/external-secret.yaml b/clusters/cl01tl/helm/yubal/templates/external-secret.yaml new file mode 100644 index 000000000..70e539fdc --- /dev/null +++ b/clusters/cl01tl/helm/yubal/templates/external-secret.yaml @@ -0,0 +1,35 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: yubal-wireguard-conf + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: yubal-wireguard-conf + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: private-key + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /protonvpn/conf/cl01tl + metadataPolicy: None + property: private-key + - secretKey: proton-email + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /protonvpn/conf/cl01tl + metadataPolicy: None + property: email + - secretKey: proton-password + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /protonvpn/conf/cl01tl + metadataPolicy: None + property: password diff --git a/clusters/cl01tl/helm/yubal/templates/namespace.yaml b/clusters/cl01tl/helm/yubal/templates/namespace.yaml new file mode 100644 index 000000000..09fdc401e --- /dev/null +++ b/clusters/cl01tl/helm/yubal/templates/namespace.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: yubal + labels: + app.kubernetes.io/name: yubal + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} + pod-security.kubernetes.io/audit: privileged + pod-security.kubernetes.io/enforce: privileged + pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/helm/yubal/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/yubal/templates/persistent-volume-claim.yaml new file mode 100644 index 000000000..ddedfb48a --- /dev/null +++ b/clusters/cl01tl/helm/yubal/templates/persistent-volume-claim.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: yubal-nfs-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: yubal-nfs-storage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + volumeName: yubal-nfs-storage + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/clusters/cl01tl/helm/yubal/templates/persistent-volume.yaml b/clusters/cl01tl/helm/yubal/templates/persistent-volume.yaml new file mode 100644 index 000000000..8426d7768 --- /dev/null +++ b/clusters/cl01tl/helm/yubal/templates/persistent-volume.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: yubal-nfs-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: yubal-nfs-storage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + persistentVolumeReclaimPolicy: Retain + storageClassName: nfs-client + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + nfs: + path: /volume2/Storage/Music Youtube/ + server: synologybond.alexlebens.net + mountOptions: + - vers=4 + - minorversion=1 + - noac diff --git a/clusters/cl01tl/helm/yubal/values.yaml b/clusters/cl01tl/helm/yubal/values.yaml new file mode 100644 index 000000000..7420fbfd9 --- /dev/null +++ b/clusters/cl01tl/helm/yubal/values.yaml @@ -0,0 +1,145 @@ +yubal: + controllers: + main: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + containers: + main: + image: + repository: ghcr.io/guillevc/yubal + tag: 0.4.0 + pullPolicy: IfNotPresent + env: + - name: YUBAL_TZ + value: America/Chicago + - name: YUBAL_HOST + value: 0.0.0.0 + - name: YUBAL_PORT + value: 8080 + - name: YUBAL_LOG_LEVEL + value: DEBUG + resources: + requests: + cpu: 10m + memory: 128Mi + gluetun: + image: + repository: ghcr.io/qdm12/gluetun + tag: v3.41.0@sha256:6b54856716d0de56e5bb00a77029b0adea57284cf5a466f23aad5979257d3045 + pullPolicy: IfNotPresent + lifecycle: + postStart: + exec: + command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"] + env: + - name: VPN_SERVICE_PROVIDER + value: protonvpn + - name: VPN_TYPE + value: wireguard + - name: WIREGUARD_PRIVATE_KEY + valueFrom: + secretKeyRef: + name: yubal-wireguard-conf + key: private-key + - name: UPDATER_PROTONVPN_EMAIL + valueFrom: + secretKeyRef: + name: yubal-wireguard-conf + key: proton-email + - name: UPDATER_PROTONVPN_PASSWORD + valueFrom: + secretKeyRef: + name: yubal-wireguard-conf + key: proton-password + - name: FIREWALL_OUTBOUND_SUBNETS + value: 10.0.0.0/8 + - name: FIREWALL_INPUT_PORTS + value: 8080 + - name: DNS_UPSTREAM_RESOLVER_TYPE + value: dot + securityContext: + privileged: True + capabilities: + add: + - NET_ADMIN + - SYS_MODULE + probes: + liveness: + enabled: true + custom: true + spec: + exec: + command: + - /gluetun-entrypoint + - healthcheck + failureThreshold: 5 + initialDelaySeconds: 30 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + resources: + limits: + devic.es/tun: "1" + requests: + devic.es/tun: "1" + cpu: 10m + memory: 128Mi + service: + main: + controller: main + ports: + http: + port: 80 + targetPort: 8000 + protocol: HTTP + route: + main: + kind: HTTPRoute + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik + hostnames: + - yubal.alexlebens.net + rules: + - backendRefs: + - group: '' + kind: Service + name: yubal + port: 80 + weight: 100 + matches: + - path: + type: PathPrefix + value: / + persistence: + config: + storageClass: ceph-block + accessMode: ReadWriteOnce + size: 1Gi + retain: true + advancedMounts: + main: + main: + - path: /app/config + readOnly: false + ytdlp: + storageClass: ceph-block + accessMode: ReadWriteOnce + size: 1Gi + retain: true + advancedMounts: + main: + main: + - path: /app/ytdlp + readOnly: false + music: + existingClaim: yubal-nfs-storage + advancedMounts: + main: + main: + - path: /app/data + readOnly: false diff --git a/hosts/ps08rp/blocky/config.yml b/hosts/ps08rp/blocky/config.yml index 09e2fd85e..4c885a4f3 100644 --- a/hosts/ps08rp/blocky/config.yml +++ b/hosts/ps08rp/blocky/config.yml @@ -139,6 +139,7 @@ customDNS: vault IN CNAME traefik-cl01tl whodb IN CNAME traefik-cl01tl yamtrack IN CNAME traefik-cl01tl + yubal IN CNAME traefik-cl01tl yubal-playlist IN CNAME traefik-cl01tl blocking: diff --git a/hosts/ps09rp/blocky/config.yml b/hosts/ps09rp/blocky/config.yml index 8b7b458f1..bf78e2a0c 100644 --- a/hosts/ps09rp/blocky/config.yml +++ b/hosts/ps09rp/blocky/config.yml @@ -160,6 +160,7 @@ customDNS: vault IN CNAME traefik-cl01tl whodb IN CNAME traefik-cl01tl yamtrack IN CNAME traefik-cl01tl + yubal IN CNAME traefik-cl01tl yubal-playlist IN CNAME traefik-cl01tl blocking: