update qbitty, sonarr,sab

Author: Mafyuh

kubernetes/apps/production/arr/prowlarr/deployment.yaml

@@ -0,0 +1,123 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: &app prowlarr
+  namespace: arr
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.7.1
+      interval: 30m
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    remediation:
+      retries: 3
+
+  values:
+    global:
+      fullnameOverride: *app
+      namespace: arr
+
+    controllers:
+      prowlarr:
+        enabled: true
+        type: statefulset
+        annotations:
+          reloader.stakater.com/auto: "true"
+
+        replicas: 1
+
+        statefulset:
+          volumeClaimTemplates:
+            - name: prowlarr-config
+              accessMode: ReadWriteOnce
+              size: 3Gi
+              storageClass: longhorn
+              globalMounts:
+                - path: /config
+        
+        pod:
+          securityContext:
+            runAsUser: 1000
+            runAsGroup: &group 1000
+            fsGroup: *group
+            fsGroupChangePolicy: "OnRootMismatch"
+          dnsPolicy: None
+          dnsConfig:
+            nameservers:
+              - 1.1.1.1
+              - 8.8.8.8
+
+        containers:
+          app:
+            image:
+              repository: ghcr.io/onedr0p/prowlarr
+              tag: 1.30.2.4939
+              pullPolicy: IfNotPresent
+            env:
+              TZ: "${TZ}"
+              PROWLARR__INSTANCE_NAME: *app
+              PROWLARR__PORT: &port 7878
+              PROWLARR__APPLICATION_URL: "https://prowlarr.${LOCAL_DOMAIN}"
+              PROWLARR__THEME: dark
+              PROWLARR__LOG_LEVEL: info
+
+            probes:
+              liveness:
+                enabled: false
+
+            securityContext:
+              allowPrivilegeEscalation: false
+              capabilities:
+                drop:
+                  - ALL
+
+            resources:
+              requests:
+                cpu: 50m
+                memory: 150Mi
+              limits:
+                memory: 512Mi
+
+    service:
+      app:
+        primary: true
+        controller: prowlarr
+        ports:
+          http:
+            port: *port
+
+    ingress:
+      internal:
+        enabled: true
+        className: nginx
+        hosts:
+          - host: "prowlarr.${LOCAL_DOMAIN}"
+            paths:
+              - path: /
+                pathType: Prefix
+                service:
+                  identifier: app
+                  port: http
+        tls:
+          - hosts:
+              - "prowlarr.${LOCAL_DOMAIN}"
+            secretName: local-mafyuh-dev-production-tls
+
+    persistence:
+      data:
+        enabled: true
+        type: nfs
+        server: "${NAS_IP}"
+        path: /mnt/thePool/thePoolShare
+        globalMounts:
+          - path: /data

kubernetes/apps/production/arr/prowlarr/helmrelease.yaml

@@ -1,6 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - deployment.yaml
-  - service.yaml
-  - ingress.yaml
+  - helmrelease.yaml

kubernetes/apps/production/arr/prowlarr/ingress.yaml

@@ -0,0 +1,143 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: &app qbitty
+  namespace: arr
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.7.1
+      interval: 30m
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    remediation:
+      retries: 3
+
+  values:
+    global:
+      fullnameOverride: *app
+      namespace: arr
+
+    controllers:
+      qbitty:
+        enabled: true
+        type: statefulset
+        annotations:
+          reloader.stakater.com/auto: "true"
+
+        replicas: 1
+
+        statefulset:
+          volumeClaimTemplates:
+            - name: qbitty-config
+              accessMode: ReadWriteOnce
+              size: 500Mi
+              storageClass: longhorn
+              globalMounts:
+                - path: /config
+
+        pod:
+          securityContext:
+            runAsUser: 1000
+            runAsGroup: &group 1000
+            fsGroup: *group
+            fsGroupChangePolicy: "OnRootMismatch"
+
+        containers:
+          app:
+            image:
+              repository: ghcr.io/hotio/qbittorrent
+              digest: "sha256:d97080a8a978d7705297dc44bcd6c599b3b47631fec8dcfc0cb7039279d05b02"
+              pullPolicy: IfNotPresent
+            env:
+              TZ: "${TZ}"
+              WEBUI_PORT: &port 8080
+              VPN_ENABLED: "true"
+              VPN_CONF: "wg0"
+              VPN_PROVIDER: "proton"
+              VPN_KEEP_LOCAL_DNS: "false"
+              VPN_AUTO_PORT_FORWARD: "true"
+              VPN_LAN_NETWORK:
+                valueFrom:
+                  secretKeyRef:
+                    name: lan-network
+                    key: lan-network
+              VPN_LAN_LEAK_ENABLED: "false"
+              VPN_FIREWALL_TYPE: "auto"
+              PRIVOXY_ENABLED: "false"
+              VPN_HEALTHCHECK_ENABLED: "false"
+              UNBOUND_ENABLED: "false"
+            
+            probes:
+              liveness:
+                enabled: false
+
+            securityContext:
+              capabilities:
+                add:
+                  - NET_ADMIN
+
+            resources:
+              requests:
+                cpu: 20m
+                memory: 200Mi
+              limits:
+                memory: 4000Mi
+
+    service:
+      app:
+        primary: true
+        controller: qbitty
+        ports:
+          http:
+            port: *port
+
+    ingress:
+      internal:
+        enabled: true
+        className: nginx
+        hosts:
+          - host: "qbitty.${LOCAL_DOMAIN}"
+            paths:
+              - path: /
+                pathType: Prefix
+                service:
+                  identifier: app
+                  port: http
+        tls:
+          - hosts:
+              - "qbitty.${LOCAL_DOMAIN}"
+            secretName: local-mafyuh-dev-production-tls
+
+    persistence:
+      data:
+        enabled: true
+        type: nfs
+        server: "${NAS_IP}"
+        path: /mnt/thePool/thePoolShare
+        globalMounts:
+          - path: /data
+
+      incomplete:
+        enabled: true
+        type: emptyDir
+        sizeLimit: 100Gi
+        globalMounts:
+          - path: /incomplete
+
+      wireguard-config:
+        enabled: true
+        type: secret
+        name: qbitty-wireguard
+        defaultMode: 0400
+        globalMounts:
+          - path: /config/wireguard/

kubernetes/apps/production/arr/prowlarr/kustomization.yaml

@@ -1,6 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - deployment.yaml
-  - service.yaml
-  - ingress.yaml
+  - helmrelease.yaml

kubernetes/apps/production/arr/prowlarr/service.yaml

@@ -38,17 +38,17 @@ spec:
 
         statefulset:
           volumeClaimTemplates:
-            - name: config
-              accessMode: ReadWriteMany
+            - name: sabnzbd-config
+              accessMode: ReadWriteOnce
               size: 500Mi
               storageClass: longhorn
               globalMounts:
                 - path: /config
 
         pod:
           securityContext:
-            runAsUser: 65534
-            runAsGroup: &group 65534
+            runAsUser: 1000
+            runAsGroup: &group 1000
             fsGroup: *group
             fsGroupChangePolicy: "OnRootMismatch"
 
@@ -61,6 +61,12 @@ spec:
             env:
               TZ: "${TZ}"
               SABNZBD__PORT: &port 8080
+              SABNZBD__HOST_WHITELIST_ENTRIES: >-
+                {{ .Release.Name }},
+                {{ .Release.Name }}.arr,
+                {{ .Release.Name }}.arr.svc,
+                {{ .Release.Name }}.arr.svc.cluster.local,
+                sab.${LOCAL_DOMAIN}
 
             probes:
               liveness:
@@ -92,7 +98,7 @@ spec:
         enabled: true
         className: nginx
         hosts:
-          - host: "sabnzbd.${LOCAL_DOMAIN}"
+          - host: "sab.${LOCAL_DOMAIN}"
             paths:
               - path: /
                 pathType: Prefix
@@ -101,7 +107,7 @@ spec:
                   port: http
         tls:
           - hosts:
-              - "sabnzbd.${LOCAL_DOMAIN}"
+              - "sab.${LOCAL_DOMAIN}"
             secretName: local-mafyuh-dev-production-tls
 
     persistence:
@@ -111,4 +117,11 @@ spec:
         server: "${NAS_IP}"
         path: /mnt/thePool/thePoolShare
         globalMounts:
-          - path: /data
+          - path: /data
+      
+      incomplete:
+        enabled: true
+        type: emptyDir
+        sizeLimit: 100Gi
+        globalMounts:
+          - path: /incomplete

kubernetes/apps/production/arr/qbitty/deployment.yaml

@@ -51,6 +51,11 @@ spec:
             runAsGroup: &group 1000
             fsGroup: *group
             fsGroupChangePolicy: "OnRootMismatch"
+          dnsPolicy: None
+          dnsConfig:
+            nameservers:
+              - 1.1.1.1
+              - 8.8.8.8
 
         containers:
           app: