mafyuh/iac
Archived
1
0
Fork 0
Code Issues6 Pull requests9 Projects1 Wiki Activity Actions

Compare commits

..

5 commits
e69690229b ... c00c6e37fc

Author SHA1 Message Date
Renovate Bot
c00c6e37fc ⬆️ Update ghcr.io/linuxserver/syncthing Docker digest to 297efc3 2025-02-26 05:01:42 +00:00
Matt Reeves
f507bf0491 remove docker arrs 2025-02-25 23:56:20 -05:00
Matt Reeves
75fd3517bb add more resources flaresolverr 2025-02-25 23:27:20 -05:00
Matt Reeves
8a7e804764 move flaresolverr to helmrelease () 
Reviewed-on: 
Co-authored-by: Matt Reeves <admin@mafyuh.io>
Co-committed-by: Matt Reeves <admin@mafyuh.io>
 2025-02-25 23:18:31 -05:00
Renovate Bot
ac4679508b ⬆️ Update Helm release authentik to v2025 2025-02-25 12:48:17 -05:00
12 changed files with 118 additions and 326 deletions
.forgejo/workflows
CD.yml
README.md
docker
arrs
README.mddocker-compose.yml
secret-mappings.yml
kubernetes
apps
production
arr/flaresolverr
deployment.yamlhelmrelease.yamlkustomization.yamlservice.yaml
authentik
helmrelease.yaml
staging
kustomization.yaml
cluster/production/flux-system
staging.yaml

3
.forgejo/workflows/CD.yml
View file

@ -44,9 +44,6 @@ jobs:
actual)
host="ubu.lan"
;;
arrs)
host="arrs.lan"
;;
arm)
host="arm.lan"
;;

2
README.md
View file

@ -76,7 +76,7 @@ Some good references for how I learned this stuff (other than RTM)
|-------------|----------------|-----------------|--------------|----------------------------------------------|-----------|----------------------------------|
| Arc-Ripper | Optiplex 3050 | Intel i5-6500 | 32 GB DDR4 | 1TB NVMe | Arc A310 | Jellyfin Server, Blu-ray Ripper |
| PVE Node 1 | Custom | Intel i7-9700K | 64 GB DDR4 | NVMe for boot and VMs, 4x4TB HDD RaidZ10 | Nvidia 1660 6GB | Main node with most VMs, NAS |
| PVE Node 2 | Custom | Intel i7-8700K | 64 GB DDR4 | 1x2TB NVMe | Nvidia 1060 GB | More VMs |
| PVE Node 2 | Custom | Intel i7-8700K | 64 GB DDR4 | 1x2TB NVMe | Nvidia 1060 6GB | More VMs |
## 📌 **To-Do**

10
docker/arrs/README.md
View file

@ -1,10 +0,0 @@
## VM
Self hosted on Proxmox Node 1. Full *arr suite
## Specs
- 4 core host
- 6GB RAM
- 128GB Storage
## OS
[![Ubuntu](https://img.shields.io/badge/Ubuntu_22.04-%23c9d1d9?&logo=ubuntu&logoColor=red)](https://releases.ubuntu.com/jammy/)
### Hypervisor
[![Proxmox](https://img.shields.io/badge/-Proxmox-%23c9d1d9?logo=Proxmox)](https://www.proxmox.com)

240
docker/arrs/docker-compose.yml
View file

@ -1,240 +0,0 @@
---
services:
bazarr:
image: ghcr.io/linuxserver/bazarr@sha256:f25f8d61c5d3d5b963e92cfb6d53930648e995fbd22ff62d3cd8b061282f59c7
container_name: bazarr
ports:
- "6767:6767"
volumes:
- /etc/localtime:/etc/localtime:ro
- /docker/appdata/bazarr:/config
- nas:/data/media
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
security_opt:
- apparmor:unconfined
lidarr:
image: ghcr.io/linuxserver/lidarr@sha256:f6cfa621faf759bd7936473a28a05671f23ab3246ca932341ee5a20a887143ca
container_name: lidarr
ports:
- "8686:8686"
volumes:
- /etc/localtime:/etc/localtime:ro
- /docker/appdata/lidarr:/config
- /data:/data
- nas:/data/media
- /docker/appdata/lidarr-extended:/custom-services.d
- /docker/appdata/lidarr-extended1:/custom-cont-init.d
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
security_opt:
- apparmor:unconfined
prowlarr:
image: ghcr.io/linuxserver/prowlarr@sha256:761f73534a01aec4bf72a1396e9b9fda3f01632948b3fa31985982d26120a330
container_name: prowlarr
ports:
- "9696:9696"
volumes:
- /docker/appdata/prowlarr:/config
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
radarr:
image: ghcr.io/linuxserver/radarr@sha256:1184ee84bc5329c4f62c070a04d73eaf7918878410ca48a1f3dbf82b684eee27
container_name: radarr
ports:
- "7878:7878"
volumes:
- /etc/localtime:/etc/localtime:ro
- /docker/appdata/radarr:/config
- /data:/data
- nas:/data/media
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
security_opt:
- apparmor:unconfined
sonarr:
image: ghcr.io/linuxserver/sonarr@sha256:28d9dcbc846aed74bd47dc90305e016183443ddc3dfa3e8bcac268fc653a6e5e
container_name: sonarr
ports:
- "8989:8989"
volumes:
- /etc/localtime:/etc/localtime:ro
- /docker/appdata/sonarr:/config
- /data:/data
- nas:/data/media
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
security_opt:
- apparmor:unconfined
homarr:
container_name: homarr
image: ghcr.io/ajnart/homarr:0.15.10
restart: unless-stopped
volumes:
- /docker/appdata/homarr/configs:/app/data/configs
- /docker/appdata/homarr/icons:/app/public/icons
- /docker/appdata/homarr/data:/data
- /var/run/docker.sock:/var/run/docker.sock
ports:
- '7575:7575'
environment:
- AUTH_PROVIDER=oidc
- AUTH_OIDC_URI=${AUTH_OIDC_URI}
- AUTH_OIDC_CLIENT_SECRET=${AUTH_OIDC_CLIENT_SECRET}
- AUTH_OIDC_CLIENT_ID=${AUTH_OIDC_CLIENT_ID}
- AUTH_OIDC_CLIENT_NAME=authentik
- BASE_URL=${BASE_URL}
- NEXTAUTH_URL=${NEXTAUTH_URL}
- AUTH_OIDC_ADMIN_GROUP=${AUTH_OIDC_ADMIN_GROUP}
doplarr:
image: ghcr.io/linuxserver/doplarr@sha256:5ce71fe72864d58193120e80c0b334d82d343df8b51be8b511bb969cf3e7a174
container_name: doplarr
environment:
- PUID=1000
- PGID=1000
- TZ=${TZ}
- DISCORD__TOKEN=${DISCORD__TOKEN}
- RADARR__API=${RADARR__API}
- RADARR__URL=${RADARR__URL}
- SONARR__API=${SONARR__API}
- SONARR__URL=${SONARR__URL}
- DISCORD__MAX_RESULTS=25
- DISCORD__REQUESTED_MSG_STYLE=plain
- SONARR__QUALITY_PROFILE=WEB-DL (1080p)
- RADARR__QUALITY_PROFILE=Requests
- SONARR__ROOTFOLDER=/data/media/TV
- RADARR__ROOTFOLDER=/data/media/Requests
- PARTIAL_SEASONS=true
- LOG_LEVEL=info
- JAVA_OPTS=
volumes:
- /docker/appdata/doplarr/config:/config
restart: unless-stopped
syncthing:
image: ghcr.io/linuxserver/syncthing@sha256:297efc3dc44b2cd55b9dc9702112cfe9cc7e2efecac2f1e7a18c1cbb6aaddbfe
container_name: syncthing
hostname: ARRS
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
volumes:
- /docker/appdata/syncthing/config:/config
- /docker/appdata/:/docker/appdata/
ports:
- 8384:8384
- 22000:22000/tcp
- 22000:22000/udp
- 21027:21027/udp
restart: unless-stopped
## Should move this to Ubu
code-server:
image: ghcr.io/linuxserver/code-server@sha256:95a811ff3262083bbbc2b14fc03d4b65271140be904a8e0cabc2e320233474a7
container_name: code-server
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
- SUDO_PASSWORD=$SUDO_PASSWORD
- PROXY_DOMAIN=$PROXY_DOMAIN
volumes:
- /docker/appdata/code-server/config:/config
ports:
- 8443:8443
restart: unless-stopped
## Downloaders
sabnzbd:
image: ghcr.io/linuxserver/sabnzbd@sha256:854dcbcc7802e863092b25e9caf155015d01b6afe2b4cee070a5127bd623c638
container_name: sabnzbd
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
volumes:
- /etc/localtime:/etc/localtime:ro
- /docker/appdata/sab:/config
- /data/usenet:/data/usenet:rw
ports:
- 8080:8080
restart: unless-stopped
arch-qbittorrentvpn:
image: binhex/arch-qbittorrentvpn:4.6.5-1-03
container_name: qbittorrentvpn
volumes:
- '/docker/appdata/qbitty:/config'
- '/data/torrents/:/data/torrents'
- '/etc/localtime:/etc/localtime:ro'
ports:
- '49550:49550'
- '49551:8118'
environment:
- VPN_ENABLED=yes
- VPN_PROV=protonvpn
- VPN_CLIENT=wireguard
- VPN_USER=mafyuh+pmp
- VPN_PASS=
- STRICT_PORT_FORWARD=yes
- LAN_NETWORK=$LAN_NETWORK
- ENABLE_PRIVOXY=yes
- PUID=1000
- PGID=1000
- WEBUI_PORT=49550
- UMASK=1000
- DEBUG=false
cap_add:
- NET_ADMIN
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
privileged: true
network_mode: bridge
restart: unless-stopped
flaresolverr:
image: ghcr.io/flaresolverr/flaresolverr:v3.3.21
container_name: flaresolverr
ports:
- '8191:8191'
environment:
- LOG_LEVEL=info
restart: unless-stopped
kiwix:
command: '"*.zim"'
image: ghcr.io/kiwix/kiwix-serve:3.7.0
ports:
- '8090:8080'
volumes:
- '/docker/appdata/wiki:/data'
networks:
default:
name: arrs_default
volumes:
nas:
driver: local
driver_opts:
type: nfs
o: addr=nas.lan,vers=4,rw
device: ":/mnt/thePool/thePoolShare/Media"

18
docker/secret-mappings.yml
View file

@ -40,24 +40,6 @@ arm.lan:
AUTHENTIK_CLIENT_ID: 14cbf9fc-0649-47a7-875b-b258002de3c2
AUTHENTIK_CLIENT_SECRET: 235a92f1-6259-4033-8549-b258002e1976
arrs.lan:
env_variables:
TZ: bc4bb876-820b-4bea-be12-b25800445b41
DISCORD__TOKEN: 050d7c3b-d5e9-4446-8240-b258004fe1e3
RADARR__API: 04771fc9-038d-44a3-8bb9-b2580049ba61
RADARR__URL: e4b95268-9153-4998-a521-b258004a9325
SONARR__API: eb97b60f-f7f1-4f37-b6c9-b258004aca85
SONARR__URL: bd667de8-a7f7-465b-a34f-b258004aea05
AUTH_OIDC_URI: 6c980812-bd16-4ba9-a014-b258004bb81b
AUTH_OIDC_CLIENT_SECRET: f7b839ad-c084-41a3-977a-b258004be767
AUTH_OIDC_CLIENT_ID: 4cf11fbe-928e-4270-a828-b258004c103c
BASE_URL: 38852b38-e7ea-42fc-b91a-b258004c4b13
NEXTAUTH_URL: 38852b38-e7ea-42fc-b91a-b258004c4b13
AUTH_OIDC_ADMIN_GROUP: 602ecc17-404b-4c10-9b39-b258004ca72d
SUDO_PASSWORD: cb4d853b-ca64-4b9f-8bab-b258001ddec9
PROXY_DOMAIN: 7b16a6b4-2b6f-4787-92d8-b258004e5e69
LAN_NETWORK: af6bd9c3-d565-433a-a1f4-b258004ecf0b
auth.lan:
env_variables:
PG_PASS: ada6572b-e689-4846-949c-b25b006c4562

39
kubernetes/apps/production/arr/flaresolverr/deployment.yaml
View file

@ -1,39 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: flaresolverr
namespace: arr
labels:
app: flaresolverr
spec:
replicas: 1
selector:
matchLabels:
app: flaresolverr
template:
metadata:
labels:
app: flaresolverr
spec:
containers:
- name: flaresolverr
image: ghcr.io/flaresolverr/flaresolverr:v3.3.21
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8191
env:
- name: LOG_LEVEL
value: "info"
resources:
requests:
memory: "100Mi"
cpu: "100m"
limits:
memory: "300Mi"
cpu: "200m"
dnsPolicy: None
dnsConfig:
nameservers:
- 10.43.0.10
- 1.1.1.1
- 8.8.8.8

85
kubernetes/apps/production/arr/flaresolverr/helmrelease.yaml Normal file
View file

@ -0,0 +1,85 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app flaresolverr
namespace: arr
spec:
interval: 15m
chart:
spec:
chart: app-template
version: 3.7.1
interval: 30m
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
fullnameOverride: *app
namespace: arr
controllers:
flaresolverr:
enabled: true
type: statefulset
annotations:
reloader.stakater.com/auto: "true"
replicas: 1
pod:
securityContext:
runAsUser: &context 1000
runAsGroup: *context
fsGroup: *context
fsGroupChangePolicy: "OnRootMismatch"
dnsPolicy: None
dnsConfig:
nameservers:
- 10.43.0.10
- 1.1.1.1
- 8.8.8.8
containers:
app:
image:
repository: ghcr.io/flaresolverr/flaresolverr
tag: v3.3.21
pullPolicy: IfNotPresent
env:
TZ: "${TZ}"
LOG_LEVEL: info
probes:
liveness:
enabled: false
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
resources:
requests:
cpu: 20m
memory: 128Mi
limits:
memory: 500Mi
service:
app:
primary: true
controller: flaresolverr
ports:
http:
port: 8191

3
kubernetes/apps/production/arr/flaresolverr/kustomization.yaml
View file

@ -1,5 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml
- service.yaml
- helmrelease.yaml

12
kubernetes/apps/production/arr/flaresolverr/service.yaml
View file

@ -1,12 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: flaresolverr
namespace: arr
spec:
selector:
app: flaresolverr
ports:
- protocol: TCP
port: 8191
targetPort: 8191

2
kubernetes/apps/production/authentik/helmrelease.yaml
View file

@ -8,7 +8,7 @@ spec:
chart:
spec:
chart: authentik
version: "2024.12.3"
version: "2025.2.0"
sourceRef:
kind: HelmRepository
name: authentik-chart

4
kubernetes/apps/staging/kustomization.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- flaresolverr/

26
kubernetes/cluster/production/flux-system/staging.yaml Normal file
View file

@ -0,0 +1,26 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: flux-staging
namespace: flux-system
spec:
interval: 1m0s
ref:
branch: staging
secretRef:
name: flux-system
url: https://git.mafyuh.dev/mafyuh/iac
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: flux-staging
namespace: flux-system
spec:
interval: 10m0s
path: ./kubernetes/apps/staging
prune: true
sourceRef:
kind: GitRepository
name: flux-staging