add sls

clusters/cl01tl/applications/slskd/Chart.yaml

@@ -0,0 +1,25 @@
+apiVersion: v2
+name: slskd
+version: 1.0.0
+description: slskd
+keywords:
+  - slskd
+  - soularr
+  - lidarr
+  - music
+home: https://wiki.alexlebens.dev/doc/slskd-v4Hfaqh48C
+sources:
+  - https://github.com/slskd/slskd
+  - https://github.com/mrusse/soularr
+  - https://hub.docker.com/r/slskd/slskd
+  - https://hub.docker.com/r/mrusse08/soularr
+  - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: app-template
+    alias: slskd
+    repository: https://bjw-s.github.io/helm-charts/
+    version: 3.7.1
+icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/slskd.png
+appVersion: 0.22.1

clusters/cl01tl/applications/slskd/templates/external-secret.yaml

@@ -0,0 +1,73 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: slskd-config-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: slskd-config-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: slskd.yml
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/slskd/config
+        metadataPolicy: None
+        property: slskd.yml
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: soularr-config-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: soularr-config-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: config.ini
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/slskd/soularr
+        metadataPolicy: None
+        property: config.ini
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: slskd-wireguard-conf
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: slskd-wireguard-conf
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: private-key
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /protonvpn/conf/cl01tl
+        metadataPolicy: None
+        property: private-key

clusters/cl01tl/applications/slskd/templates/http-route.yaml

@@ -0,0 +1,30 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: http-route-slskd
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: http-route-slskd
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  parentRefs:
+    - group: gateway.networking.k8s.io
+      kind: Gateway
+      name: traefik-gateway
+      namespace: traefik
+  hostnames:
+    - slskd.alexlebens.net
+  rules:
+    - matches:
+      - path:
+          type: PathPrefix
+          value: /
+      backendRefs:
+        - group: ''
+          kind: Service
+          name: slskd
+          port: 5030
+          weight: 100

clusters/cl01tl/applications/slskd/templates/namespace.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: slskd
+  labels:
+    pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/warn: privileged

clusters/cl01tl/applications/slskd/templates/persistent-volume-claim.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: slskd-nfs-storage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: slskd-nfs-storage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: storage
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  volumeName: slskd-nfs-storage
+  storageClassName: nfs-client
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi

clusters/cl01tl/applications/slskd/templates/persistent-volume.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: slskd-nfs-storage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: slskd-nfs-storage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: storage
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: nfs-client
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    path: /volume2/Storage
+    server: synologybond.alexlebens.net
+  mountOptions:
+    - vers=4
+    - minorversion=1
+    - noac

clusters/cl01tl/applications/slskd/templates/service-monitor.yaml

@@ -0,0 +1,21 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: slskd
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: slskd
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: metrics
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: slskd
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  endpoints:
+    - port: http
+      interval: 3m
+      scrapeTimeout: 1m
+      path: /metrics

clusters/cl01tl/applications/slskd/values.yaml

@@ -0,0 +1,155 @@
+slskd:
+  controllers:
+    main:
+      type: deployment
+      replicas: 1
+      strategy: Recreate
+      revisionHistoryLimit: 3
+      initContainers:
+        init-sysctl:
+          image:
+            repository: busybox
+            tag: 1.37.0
+            pullPolicy: IfNotPresent
+          securityContext:
+            privileged: True
+          resources:
+            requests:
+              cpu: 100m
+              memory: 128Mi
+          command:
+            - /bin/sh
+          args:
+            - -ec
+            - |
+              sysctl -w net.ipv4.ip_forward=1;
+              sysctl -w net.ipv6.conf.all.disable_ipv6=1
+      containers:
+        main:
+          image:
+            repository: slskd/slskd
+            tag: 0.22.2
+            pullPolicy: IfNotPresent
+          env:
+            - name: TZ
+              value: US/Central
+            - name: PUID
+              value: 1000
+            - name: PGID
+              value: 1000
+            - name: SLSKD_UMASK
+              value: 000
+          resources:
+            requests:
+              cpu: 100m
+              memory: 512Mi
+        gluetun:
+          image:
+            repository: ghcr.io/qdm12/gluetun
+            tag: v3.40.0@sha256:2b42bfa046757145a5155acece417b65b4443c8033fb88661a8e9dcf7fda5a00
+            pullPolicy: IfNotPresent
+          env:
+            - name: VPN_SERVICE_PROVIDER
+              value: protonvpn
+            - name: VPN_TYPE
+              value: wireguard
+            - name: WIREGUARD_PRIVATE_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: slskd-wireguard-conf
+                  key: private-key
+            - name: VPN_PORT_FORWARDING
+              value: "on"
+            - name: PORT_FORWARD_ONLY
+              value: "on"
+            - name: FIREWALL_OUTBOUND_SUBNETS
+              value: 192.168.1.0/24,10.244.0.0/16
+            - name: FIREWALL_INPUT_PORTS
+              value: 5030,50300
+            - name: DOT
+              value: "off"
+          securityContext:
+            privileged: True
+            capabilities:
+              add:
+                - NET_ADMIN
+                - SYS_MODULE
+          resources:
+            requests:
+              squat.ai/tun: "1"
+              cpu: 10m
+              memory: 128Mi
+            limits:
+              squat.ai/tun: "1"
+    soularr:
+      type: deployment
+      replicas: 1
+      strategy: Recreate
+      revisionHistoryLimit: 3
+      pod:
+        securityContext:
+          fsGroup: 1000
+          fsGroupChangePolicy: OnRootMismatch
+      containers:
+        main:
+          image:
+            repository: mrusse08/soularr
+            tag: latest@sha256:11187ea58ea7b3686f4a2d328e721a5a8ca4d5815c43d90e9d67f5c61ca275c8
+            pullPolicy: IfNotPresent
+          env:
+            - name: TZ
+              value: US/Central
+            - name: PUID
+              value: 1000
+            - name: PGID
+              value: 1000
+            - name: SCRIPT_INTERVAL
+              value: 300
+          resources:
+            requests:
+              cpu: 100m
+              memory: 256Mi
+  serviceAccount:
+    create: true
+  service:
+    main:
+      controller: main
+      ports:
+        http:
+          port: 5030
+          targetPort: 5030
+          protocol: HTTP
+  persistence:
+    slskd-config:
+      enabled: true
+      type: secret
+      name: slskd-config-secret
+      advancedMounts:
+        main:
+          main:
+            - path: /app/slskd.yml
+              readOnly: true
+              mountPropagation: None
+              subPath: slskd.yml
+    soularr-config:
+      enabled: true
+      type: secret
+      name: soularr-config-secret
+      advancedMounts:
+        soularr:
+          main:
+            - path: /data/config.ini
+              readOnly: true
+              mountPropagation: None
+              subPath: config.ini
+    data:
+      existingClaim: slskd-nfs-storage
+      advancedMounts:
+        main:
+          main:
+            - path: /mnt/store
+              readOnly: false
+        soularr:
+          main:
+            - path: /mnt/store
+              readOnly: false