From bf894df7ac0db0ea0ef581f82fc95f26cfc1e4f9 Mon Sep 17 00:00:00 2001 From: gitea-bot Date: Fri, 6 Feb 2026 17:07:12 +0000 Subject: [PATCH] chore: Update manifests after change --- .../manifests/blocky/ConfigMap-blocky.yaml | 1 + .../manifests/blocky/Deployment-blocky.yaml | 2 +- .../freshrss/Deployment-freshrss.yaml | 2 +- .../manifests/gatus/ConfigMap-gatus.yaml | 9 + .../manifests/gatus/Deployment-gatus.yaml | 2 +- .../homepage/ConfigMap-homepage.yaml | 6 + .../homepage/Deployment-homepage.yaml | 2 +- .../spotisub/Deployment-spotisub.yaml | 178 ++++++++++++++++++ ...ExternalSecret-spotisub-config-secret.yaml | 56 ++++++ ...xternalSecret-spotisub-wireguard-conf.yaml | 35 ++++ .../spotisub/HTTPRoute-spotisub.yaml | 30 +++ .../spotisub/Namespace-spotisub.yaml | 11 ++ ...PersistentVolume-spotisub-nfs-storage.yaml | 23 +++ ...stentVolumeClaim-spotisub-nfs-storage.yaml | 17 ++ .../PersistentVolumeClaim-spotisub.yaml | 19 ++ .../manifests/spotisub/Service-spotisub.yaml | 22 +++ 16 files changed, 411 insertions(+), 4 deletions(-) create mode 100644 clusters/cl01tl/manifests/spotisub/Deployment-spotisub.yaml create mode 100644 clusters/cl01tl/manifests/spotisub/ExternalSecret-spotisub-config-secret.yaml create mode 100644 clusters/cl01tl/manifests/spotisub/ExternalSecret-spotisub-wireguard-conf.yaml create mode 100644 clusters/cl01tl/manifests/spotisub/HTTPRoute-spotisub.yaml create mode 100644 clusters/cl01tl/manifests/spotisub/Namespace-spotisub.yaml create mode 100644 clusters/cl01tl/manifests/spotisub/PersistentVolume-spotisub-nfs-storage.yaml create mode 100644 clusters/cl01tl/manifests/spotisub/PersistentVolumeClaim-spotisub-nfs-storage.yaml create mode 100644 clusters/cl01tl/manifests/spotisub/PersistentVolumeClaim-spotisub.yaml create mode 100644 clusters/cl01tl/manifests/spotisub/Service-spotisub.yaml diff --git a/clusters/cl01tl/manifests/blocky/ConfigMap-blocky.yaml b/clusters/cl01tl/manifests/blocky/ConfigMap-blocky.yaml index ae891643a..fe3b281b1 100644 --- a/clusters/cl01tl/manifests/blocky/ConfigMap-blocky.yaml +++ b/clusters/cl01tl/manifests/blocky/ConfigMap-blocky.yaml @@ -144,6 +144,7 @@ data: sonarr IN CNAME traefik-cl01tl sonarr-4k IN CNAME traefik-cl01tl sonarr-anime IN CNAME traefik-cl01tl + spotisub IN CNAME traefik-cl01tl stalwart IN CNAME traefik-cl01tl tdarr IN CNAME traefik-cl01tl tubearchivist IN CNAME traefik-cl01tl diff --git a/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml b/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml index 3e75514db..7535dca2a 100644 --- a/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml +++ b/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml @@ -22,7 +22,7 @@ spec: template: metadata: annotations: - checksum/configMaps: 3c86f37d2aab1784dc86c84355ee3355d6265d9d3116190e88c6c734c122550c + checksum/configMaps: 8b396fac7b997c2ffbdd8b821f1d2f1dd9149676beca334d686d80a02f6fa481 labels: app.kubernetes.io/controller: main app.kubernetes.io/instance: blocky diff --git a/clusters/cl01tl/manifests/freshrss/Deployment-freshrss.yaml b/clusters/cl01tl/manifests/freshrss/Deployment-freshrss.yaml index 40bdcda72..cee6a9756 100644 --- a/clusters/cl01tl/manifests/freshrss/Deployment-freshrss.yaml +++ b/clusters/cl01tl/manifests/freshrss/Deployment-freshrss.yaml @@ -114,7 +114,7 @@ spec: - name: PUID value: "568" - name: TZ - value: US/Central + value: America/Chicago - name: FRESHRSS_ENV value: production - name: CRON_MIN diff --git a/clusters/cl01tl/manifests/gatus/ConfigMap-gatus.yaml b/clusters/cl01tl/manifests/gatus/ConfigMap-gatus.yaml index 266cb3a69..ef4321692 100644 --- a/clusters/cl01tl/manifests/gatus/ConfigMap-gatus.yaml +++ b/clusters/cl01tl/manifests/gatus/ConfigMap-gatus.yaml @@ -572,6 +572,15 @@ data: interval: 30s name: lidarr url: https://lidarr.alexlebens.net + - alerts: + - type: ntfy + conditions: + - '[STATUS] == 200' + - '[CERTIFICATE_EXPIRATION] > 240h' + group: core + interval: 30s + name: spotisub + url: https://spotisub.alexlebens.net - alerts: - type: ntfy conditions: diff --git a/clusters/cl01tl/manifests/gatus/Deployment-gatus.yaml b/clusters/cl01tl/manifests/gatus/Deployment-gatus.yaml index a1d84fe92..3889af5c8 100644 --- a/clusters/cl01tl/manifests/gatus/Deployment-gatus.yaml +++ b/clusters/cl01tl/manifests/gatus/Deployment-gatus.yaml @@ -26,7 +26,7 @@ spec: app.kubernetes.io/name: gatus app.kubernetes.io/instance: gatus annotations: - checksum/config: 72ccd92a35f07b6ac58242889d2713e7618527c5fe483ce77ff176772b6aea29 + checksum/config: fc0d6464232dcce73118c4c06a8a4813480a4020a930d1ec2aa47d19a80e6570 spec: serviceAccountName: default automountServiceAccountToken: false diff --git a/clusters/cl01tl/manifests/homepage/ConfigMap-homepage.yaml b/clusters/cl01tl/manifests/homepage/ConfigMap-homepage.yaml index aa142a442..03e9a1431 100644 --- a/clusters/cl01tl/manifests/homepage/ConfigMap-homepage.yaml +++ b/clusters/cl01tl/manifests/homepage/ConfigMap-homepage.yaml @@ -594,6 +594,12 @@ data: href: https://yubal-playlist.alexlebens.net siteMonitor: http://yubal-playlist.yubal-playlist:80 statusStyle: dot + - Spotisub: + icon: sh-spotify.webp + description: Replicate Spotify playlist + href: https://spotisub.alexlebens.net + siteMonitor: http://spotisub.spotisub:80 + statusStyle: dot - slskd: icon: sh-slskd.webp description: slskd diff --git a/clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml b/clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml index 90e6a11e1..22fe34c57 100644 --- a/clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml +++ b/clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml @@ -24,7 +24,7 @@ spec: template: metadata: annotations: - checksum/configMaps: 4f9f86214a28e75f88291865f37b2261468767922d71c4d40497710064d9fca3 + checksum/configMaps: b4d37b507fc487990d152d8a04811d7403bf2e5f747f251297c5e933cceb0f49 checksum/secrets: d3ba83f111cd32f92c909268c55ad8bbd4f9e299b74b35b33c1a011180d8b378 labels: app.kubernetes.io/controller: main diff --git a/clusters/cl01tl/manifests/spotisub/Deployment-spotisub.yaml b/clusters/cl01tl/manifests/spotisub/Deployment-spotisub.yaml new file mode 100644 index 000000000..efc18b871 --- /dev/null +++ b/clusters/cl01tl/manifests/spotisub/Deployment-spotisub.yaml @@ -0,0 +1,178 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: spotisub + labels: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: spotisub + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: spotisub + helm.sh/chart: spotisub-4.6.2 + namespace: spotisub +spec: + revisionHistoryLimit: 3 + replicas: 0 + strategy: + type: Recreate + selector: + matchLabels: + app.kubernetes.io/controller: main + app.kubernetes.io/name: spotisub + app.kubernetes.io/instance: spotisub + template: + metadata: + labels: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: spotisub + app.kubernetes.io/name: spotisub + spec: + enableServiceLinks: false + serviceAccountName: default + automountServiceAccountToken: true + hostIPC: false + hostNetwork: false + hostPID: false + dnsPolicy: ClusterFirst + containers: + - env: + - name: VPN_SERVICE_PROVIDER + value: protonvpn + - name: VPN_TYPE + value: wireguard + - name: WIREGUARD_PRIVATE_KEY + valueFrom: + secretKeyRef: + key: private-key + name: spotisub-wireguard-conf + - name: UPDATER_PROTONVPN_EMAIL + valueFrom: + secretKeyRef: + key: proton-email + name: spotisub-wireguard-conf + - name: UPDATER_PROTONVPN_PASSWORD + valueFrom: + secretKeyRef: + key: proton-password + name: spotisub-wireguard-conf + - name: FIREWALL_OUTBOUND_SUBNETS + value: 10.0.0.0/8 + - name: FIREWALL_INPUT_PORTS + value: "5183" + - name: DNS_UPSTREAM_RESOLVER_TYPE + value: dot + image: ghcr.io/qdm12/gluetun:v3.41.0@sha256:6b54856716d0de56e5bb00a77029b0adea57284cf5a466f23aad5979257d3045 + imagePullPolicy: IfNotPresent + lifecycle: + postStart: + exec: + command: + - /bin/sh + - -c + - (ip rule del table 51820; ip -6 rule del table 51820) || true + livenessProbe: + exec: + command: + - /gluetun-entrypoint + - healthcheck + failureThreshold: 5 + initialDelaySeconds: 30 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + name: gluetun + resources: + limits: + devic.es/tun: "1" + requests: + cpu: 10m + devic.es/tun: "1" + memory: 128Mi + securityContext: + capabilities: + add: + - NET_ADMIN + - SYS_MODULE + privileged: true + - env: + - name: SPOTIPY_CLIENT_ID + valueFrom: + secretKeyRef: + key: spotify-client-id + name: spotisub-config-secret + - name: SPOTIPY_CLIENT_SECRET + valueFrom: + secretKeyRef: + key: spotify-client-secret + name: spotisub-config-secret + - name: SPOTIPY_REDIRECT_URI + valueFrom: + secretKeyRef: + key: spotify-redirect-uri + name: spotisub-config-secret + - name: SUBSONIC_API_HOST + value: http://navidrome-main.navidrome + - name: SUBSONIC_API_PORT + value: "80" + - name: SUBSONIC_API_USER + valueFrom: + secretKeyRef: + key: subsonic-user + name: spotisub-config-secret + - name: SUBSONIC_API_PASS + valueFrom: + secretKeyRef: + key: subsonic-password + name: spotisub-config-secret + - name: PLAYLIST_PREFIX + value: 'Spotify - ' + - name: NUM_USER_PLAYLISTS + value: "0" + - name: ARTIST_GEN_SCHED + value: "0" + - name: RECOMEND_GEN_SCHED + value: "0" + - name: SPOTDL_ENABLED + value: "1" + - name: SPOTDL_OUT_FORMAT + value: /mnt/store/Music Youtube/Andrew Lebens/{artist}/{album} ({year})/{artists} - {album} - {track-number} - {title}.{output-ext} + - name: LIDARR_ENABLED + value: "1" + - name: LIDARR_IP + value: http://lidarr.lidarr + - name: LIDARR_PORT + value: "80" + - name: LIDARR_TOKEN + valueFrom: + secretKeyRef: + key: lidarr-key + name: spotisub-config-secret + image: blastbeng/spotisub:v0.3.6 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /bin/sh + - -c + - curl -s http://127.0.0.1:5183/api/v1/utils/healthcheck | grep -q 'Ok!' + failureThreshold: 5 + initialDelaySeconds: 30 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + name: main + resources: + requests: + cpu: 10m + memory: 128Mi + volumeMounts: + - mountPath: /home/user/spotisub/cache + name: cache + - mountPath: /mnt/store/Music Youtube/ + name: music + volumes: + - name: cache + persistentVolumeClaim: + claimName: spotisub + - name: music + persistentVolumeClaim: + claimName: spotisub-nfs-storage diff --git a/clusters/cl01tl/manifests/spotisub/ExternalSecret-spotisub-config-secret.yaml b/clusters/cl01tl/manifests/spotisub/ExternalSecret-spotisub-config-secret.yaml new file mode 100644 index 000000000..2711f3f58 --- /dev/null +++ b/clusters/cl01tl/manifests/spotisub/ExternalSecret-spotisub-config-secret.yaml @@ -0,0 +1,56 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: spotisub-config-secret + namespace: spotisub + labels: + app.kubernetes.io/name: spotisub-config-secret + app.kubernetes.io/instance: spotisub + app.kubernetes.io/part-of: spotisub +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: spotify-client-id + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /spotify/andrew + metadataPolicy: None + property: client-id + - secretKey: spotify-client-secret + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /spotify/andrew + metadataPolicy: None + property: client-secret + - secretKey: spotify-redirect-uri + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /spotify/andrew + metadataPolicy: None + property: redirect-uri + - secretKey: subsonic-user + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/navidrome/andrew + metadataPolicy: None + property: user + - secretKey: subsonic-password + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/navidrome/andrew + metadataPolicy: None + property: password + - secretKey: lidarr-key + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/lidarr2/key + metadataPolicy: None + property: key diff --git a/clusters/cl01tl/manifests/spotisub/ExternalSecret-spotisub-wireguard-conf.yaml b/clusters/cl01tl/manifests/spotisub/ExternalSecret-spotisub-wireguard-conf.yaml new file mode 100644 index 000000000..c23a49915 --- /dev/null +++ b/clusters/cl01tl/manifests/spotisub/ExternalSecret-spotisub-wireguard-conf.yaml @@ -0,0 +1,35 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: spotisub-wireguard-conf + namespace: spotisub + labels: + app.kubernetes.io/name: spotisub-wireguard-conf + app.kubernetes.io/instance: spotisub + app.kubernetes.io/part-of: spotisub +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: private-key + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /protonvpn/conf/cl01tl + metadataPolicy: None + property: private-key + - secretKey: proton-email + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /protonvpn/conf/cl01tl + metadataPolicy: None + property: email + - secretKey: proton-password + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /protonvpn/conf/cl01tl + metadataPolicy: None + property: password diff --git a/clusters/cl01tl/manifests/spotisub/HTTPRoute-spotisub.yaml b/clusters/cl01tl/manifests/spotisub/HTTPRoute-spotisub.yaml new file mode 100644 index 000000000..7699bd895 --- /dev/null +++ b/clusters/cl01tl/manifests/spotisub/HTTPRoute-spotisub.yaml @@ -0,0 +1,30 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: spotisub + labels: + app.kubernetes.io/instance: spotisub + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: spotisub + helm.sh/chart: spotisub-4.6.2 + namespace: spotisub +spec: + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik + hostnames: + - "spotisub.alexlebens.net" + rules: + - backendRefs: + - group: "" + kind: Service + name: spotisub + namespace: spotisub + port: 80 + weight: 100 + matches: + - path: + type: PathPrefix + value: / diff --git a/clusters/cl01tl/manifests/spotisub/Namespace-spotisub.yaml b/clusters/cl01tl/manifests/spotisub/Namespace-spotisub.yaml new file mode 100644 index 000000000..2f6b1faab --- /dev/null +++ b/clusters/cl01tl/manifests/spotisub/Namespace-spotisub.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: spotisub + labels: + app.kubernetes.io/name: spotisub + app.kubernetes.io/instance: spotisub + app.kubernetes.io/part-of: spotisub + pod-security.kubernetes.io/audit: privileged + pod-security.kubernetes.io/enforce: privileged + pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/manifests/spotisub/PersistentVolume-spotisub-nfs-storage.yaml b/clusters/cl01tl/manifests/spotisub/PersistentVolume-spotisub-nfs-storage.yaml new file mode 100644 index 000000000..392b2e85d --- /dev/null +++ b/clusters/cl01tl/manifests/spotisub/PersistentVolume-spotisub-nfs-storage.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: spotisub-nfs-storage + namespace: spotisub + labels: + app.kubernetes.io/name: spotisub-nfs-storage + app.kubernetes.io/instance: spotisub + app.kubernetes.io/part-of: spotisub +spec: + persistentVolumeReclaimPolicy: Retain + storageClassName: nfs-client + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + nfs: + path: /volume2/Storage/Music Youtube/ + server: synologybond.alexlebens.net + mountOptions: + - vers=4 + - minorversion=1 + - noac diff --git a/clusters/cl01tl/manifests/spotisub/PersistentVolumeClaim-spotisub-nfs-storage.yaml b/clusters/cl01tl/manifests/spotisub/PersistentVolumeClaim-spotisub-nfs-storage.yaml new file mode 100644 index 000000000..bb2ae988c --- /dev/null +++ b/clusters/cl01tl/manifests/spotisub/PersistentVolumeClaim-spotisub-nfs-storage.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: spotisub-nfs-storage + namespace: spotisub + labels: + app.kubernetes.io/name: spotisub-nfs-storage + app.kubernetes.io/instance: spotisub + app.kubernetes.io/part-of: spotisub +spec: + volumeName: spotisub-nfs-storage + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/clusters/cl01tl/manifests/spotisub/PersistentVolumeClaim-spotisub.yaml b/clusters/cl01tl/manifests/spotisub/PersistentVolumeClaim-spotisub.yaml new file mode 100644 index 000000000..c11ecec9f --- /dev/null +++ b/clusters/cl01tl/manifests/spotisub/PersistentVolumeClaim-spotisub.yaml @@ -0,0 +1,19 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: spotisub + labels: + app.kubernetes.io/instance: spotisub + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: spotisub + helm.sh/chart: spotisub-4.6.2 + annotations: + helm.sh/resource-policy: keep + namespace: spotisub +spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "1Gi" + storageClassName: "ceph-block" diff --git a/clusters/cl01tl/manifests/spotisub/Service-spotisub.yaml b/clusters/cl01tl/manifests/spotisub/Service-spotisub.yaml new file mode 100644 index 000000000..0a2ca3c06 --- /dev/null +++ b/clusters/cl01tl/manifests/spotisub/Service-spotisub.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + name: spotisub + labels: + app.kubernetes.io/instance: spotisub + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: spotisub + app.kubernetes.io/service: spotisub + helm.sh/chart: spotisub-4.6.2 + namespace: spotisub +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 5183 + protocol: TCP + name: http + selector: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: spotisub + app.kubernetes.io/name: spotisub -- 2.49.1