.forgejo/workflows/CD.yml

@@ -44,9 +44,6 @@ jobs:
               actual)
                 host="ubu.lan"
                 ;;
-              arrs)
-                host="arrs.lan"
-                ;;
               arm)
                 host="arm.lan"
                 ;;

README.md

@@ -76,7 +76,7 @@ Some good references for how I learned this stuff (other than RTM)
 |-------------|----------------|-----------------|--------------|----------------------------------------------|-----------|----------------------------------|
 | Arc-Ripper  | Optiplex 3050  | Intel i5-6500   | 32 GB DDR4   | 1TB NVMe                                     | Arc A310      | Jellyfin Server, Blu-ray Ripper |
 | PVE Node 1  | Custom         | Intel i7-9700K  | 64 GB DDR4   | NVMe for boot and VMs, 4x4TB HDD RaidZ10     | Nvidia 1660 6GB      | Main node with most VMs, NAS    |
-| PVE Node 2  | Custom         | Intel i7-8700K  | 64 GB DDR4   | 1x2TB NVMe                                   | Nvidia 1060 GB      | More VMs                         |
+| PVE Node 2  | Custom         | Intel i7-8700K  | 64 GB DDR4   | 1x2TB NVMe                                   | Nvidia 1060 6GB      | More VMs                         |
 
 
 ## 📌 **To-Do**

docker/secret-mappings.yml

@@ -40,24 +40,6 @@ arm.lan:
     AUTHENTIK_CLIENT_ID: 14cbf9fc-0649-47a7-875b-b258002de3c2
     AUTHENTIK_CLIENT_SECRET: 235a92f1-6259-4033-8549-b258002e1976
 
-arrs.lan:
-  env_variables:
-    TZ: bc4bb876-820b-4bea-be12-b25800445b41
-    DISCORD__TOKEN: 050d7c3b-d5e9-4446-8240-b258004fe1e3
-    RADARR__API: 04771fc9-038d-44a3-8bb9-b2580049ba61
-    RADARR__URL: e4b95268-9153-4998-a521-b258004a9325
-    SONARR__API: eb97b60f-f7f1-4f37-b6c9-b258004aca85
-    SONARR__URL: bd667de8-a7f7-465b-a34f-b258004aea05
-    AUTH_OIDC_URI: 6c980812-bd16-4ba9-a014-b258004bb81b
-    AUTH_OIDC_CLIENT_SECRET: f7b839ad-c084-41a3-977a-b258004be767
-    AUTH_OIDC_CLIENT_ID: 4cf11fbe-928e-4270-a828-b258004c103c
-    BASE_URL: 38852b38-e7ea-42fc-b91a-b258004c4b13
-    NEXTAUTH_URL: 38852b38-e7ea-42fc-b91a-b258004c4b13
-    AUTH_OIDC_ADMIN_GROUP: 602ecc17-404b-4c10-9b39-b258004ca72d
-    SUDO_PASSWORD: cb4d853b-ca64-4b9f-8bab-b258001ddec9
-    PROXY_DOMAIN: 7b16a6b4-2b6f-4787-92d8-b258004e5e69
-    LAN_NETWORK: af6bd9c3-d565-433a-a1f4-b258004ecf0b
-
 auth.lan:
   env_variables:
     PG_PASS: ada6572b-e689-4846-949c-b25b006c4562

kubernetes/apps/production/arr/flaresolverr/helmrelease.yaml

@@ -0,0 +1,85 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: &app flaresolverr
+  namespace: arr
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.7.1
+      interval: 30m
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    remediation:
+      retries: 3
+
+  values:
+    global:
+      fullnameOverride: *app
+      namespace: arr
+
+    controllers:
+      flaresolverr:
+        enabled: true
+        type: statefulset
+        annotations:
+          reloader.stakater.com/auto: "true"
+
+        replicas: 1
+
+        pod:
+          securityContext:
+            runAsUser: &context 1000
+            runAsGroup: *context
+            fsGroup: *context
+            fsGroupChangePolicy: "OnRootMismatch"
+          dnsPolicy: None
+          dnsConfig:
+            nameservers:
+              - 10.43.0.10
+              - 1.1.1.1
+              - 8.8.8.8
+
+        containers:
+          app:
+            image:
+              repository: ghcr.io/flaresolverr/flaresolverr
+              tag: v3.3.21
+              pullPolicy: IfNotPresent
+            env:
+              TZ: "${TZ}"
+              LOG_LEVEL: info
+
+            probes:
+              liveness:
+                enabled: false
+
+            securityContext:
+              allowPrivilegeEscalation: false
+              capabilities:
+                drop:
+                  - ALL
+
+            resources:
+              requests:
+                cpu: 20m
+                memory: 128Mi
+              limits:
+                memory: 500Mi
+
+    service:
+      app:
+        primary: true
+        controller: flaresolverr
+        ports:
+          http:
+            port: 8191

kubernetes/apps/production/arr/flaresolverr/kustomization.yaml

@@ -1,5 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - deployment.yaml
-  - service.yaml
+  - helmrelease.yaml

kubernetes/apps/production/authentik/helmrelease.yaml

@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: authentik
-      version: "2024.12.3"
+      version: "2025.2.0"
       sourceRef:
         kind: HelmRepository
         name: authentik-chart

kubernetes/apps/staging/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - flaresolverr/

kubernetes/cluster/production/flux-system/staging.yaml

@@ -0,0 +1,26 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: flux-staging
+  namespace: flux-system
+spec:
+  interval: 1m0s
+  ref:
+    branch: staging
+  secretRef:
+    name: flux-system
+  url: https://git.mafyuh.dev/mafyuh/iac
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: flux-staging
+  namespace: flux-system
+spec:
+  interval: 10m0s
+  path: ./kubernetes/apps/staging
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-staging
+