.github/renovate.json

@@ -3,6 +3,9 @@
   "extends": [
     "config:recommended"
   ],
+  "ignorePaths": [
+    "kubernetes/cluster/production/flux-system/gotk-components.yaml"
+  ],
   "flux": {
     "fileMatch": [
       "(^|/)kubernetes/.+\\.ya?ml$"

README.md

@@ -1,7 +1,7 @@
-[![Yamllint](https://git.mafyuh.dev/mafyuh/iac/badges/workflows/yamllint.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/iac/actions)
-[![CD](https://git.mafyuh.dev/mafyuh/iac/badges/workflows/CD.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/iac/actions)
-[![Ansible](https://git.mafyuh.dev/mafyuh/iac/badges/workflows/ansible-playbooks.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/iac/actions)
-[![Tofu](https://git.mafyuh.dev/mafyuh/iac/badges/workflows/tofu.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/iac/actions)
+[![Yamllint](https://git.mafyuh.dev/mafyuh/iac/badges/workflows/yamllint.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/iac/actions?workflow=yamllint.yml)
+[![CD](https://git.mafyuh.dev/mafyuh/iac/badges/workflows/CD.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/iac/actions?workflow=CD.yml)
+[![Ansible](https://git.mafyuh.dev/mafyuh/iac/badges/workflows/ansible-playbooks.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/iac/actions?workflow=ansible-playbooks.yml)
+[![Tofu](https://git.mafyuh.dev/mafyuh/iac/badges/workflows/tofu.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/iac/actions?workflow=tofu.yml)
 [![Renovate](https://git.mafyuh.dev/renovatebot/renovate/badges/workflows/renovate.yml/badge.svg)](https://git.mafyuh.dev/renovatebot/renovate/actions)
 [![Pulls](https://git.mafyuh.dev/mafyuh/iac/badges/pulls.svg)](https://git.mafyuh.dev/mafyuh/iac/pulls)
 ![Header Image](https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/header_.png)
@@ -72,11 +72,11 @@ Some good references for how I learned this stuff (other than RTM)
 
 ## 🖥️ **Hardware**
 
-| Name        | Device         | CPU             | RAM          | Storage                                      | Purpose                          |
-|------------|--------------|----------------|-------------|--------------------------------|--------------------------------|
-| Arc-Ripper | Optiplex 3050 | Intel i5-6500  | 32 GB DDR4  | 1TB NVMe                      | Jellyfin Server, Blu-ray Ripper |
-| PVE Node 1 | Custom        | Intel i7-9700K | 64 GB DDR4  | NVMe for boot and VMs, 4x4TB HDD RaidZ10 | Main node with most VMs, NAS   |
-| PVE Node 2 | Custom        | Intel i7-8700K | 64 GB DDR4  | 1x2TB NVMe                    | More VMs                        |
+| Name        | Device         | CPU             | RAM          | Storage                                      | GPU       | Purpose                          |
+|-------------|----------------|-----------------|--------------|----------------------------------------------|-----------|----------------------------------|
+| Arc-Ripper  | Optiplex 3050  | Intel i5-6500   | 32 GB DDR4   | 1TB NVMe                                     | Arc A310      | Jellyfin Server, Blu-ray Ripper |
+| PVE Node 1  | Custom         | Intel i7-9700K  | 64 GB DDR4   | NVMe for boot and VMs, 4x4TB HDD RaidZ10     | Nvidia 1660 6GB      | Main node with most VMs, NAS    |
+| PVE Node 2  | Custom         | Intel i7-8700K  | 64 GB DDR4   | 1x2TB NVMe                                   | Nvidia 1060 GB      | More VMs                         |
 
 
 ## 📌 **To-Do**

ansible/playbooks/weekly/apt.yml

@@ -9,7 +9,7 @@
 
     - name: Upgrade all packages
       apt:
-        upgrade: dist
+        upgrade: yes
 
     - name: Remove unnecessary packages
       apt:

docker/AI/docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   ollama:
-    image: ollama/ollama:0.5.11
+    image: ollama/ollama:0.5.12
     container_name: ollama
     restart: unless-stopped
     networks:
@@ -18,7 +18,7 @@ services:
               capabilities: [gpu]
 
   open-webui:
-    image: ghcr.io/open-webui/open-webui:0.5.12
+    image: ghcr.io/open-webui/open-webui:0.5.16
     container_name: open-webui
     restart: unless-stopped
     networks:

docker/arm/docker-compose.yml

@@ -186,25 +186,6 @@ services:
     depends_on:
       - postgres
 
-  syncthing:
-    image: ghcr.io/linuxserver/syncthing@sha256:c112da0ec1025ac250ef5272186eb6d6cf1f2777747288c8c526b4a894b8b1b3
-    container_name: syncthing
-    hostname: ARM
-    environment:
-      - PUID=0
-      - PGID=0
-      - TZ=Etc/UTC
-    volumes:
-      - /home/ubuntu/syncthing/config:/config
-      - /docker/appdata/:/docker/appdata/
-      - /home/ubuntu/:/home/ubuntu/
-    ports:
-      - 8384:8384
-      - 22000:22000/tcp
-      - 22000:22000/udp
-      - 21027:21027/udp
-    restart: unless-stopped
-
   wiki-db:
     image: postgres:15-alpine
     environment:

docker/arrs/docker-compose.yml

@@ -129,7 +129,7 @@ services:
     restart: unless-stopped
 
   syncthing:
-    image: ghcr.io/linuxserver/syncthing@sha256:c112da0ec1025ac250ef5272186eb6d6cf1f2777747288c8c526b4a894b8b1b3
+    image: ghcr.io/linuxserver/syncthing@sha256:297efc3dc44b2cd55b9dc9702112cfe9cc7e2efecac2f1e7a18c1cbb6aaddbfe
     container_name: syncthing
     hostname: ARRS
     environment:

docker/jellyfin/docker-compose.yml

@@ -40,7 +40,7 @@ services:
       - apparmor:unconfined
 
   syncthing:
-    image: ghcr.io/linuxserver/syncthing@sha256:c112da0ec1025ac250ef5272186eb6d6cf1f2777747288c8c526b4a894b8b1b3
+    image: ghcr.io/linuxserver/syncthing@sha256:297efc3dc44b2cd55b9dc9702112cfe9cc7e2efecac2f1e7a18c1cbb6aaddbfe
     container_name: syncthing
     hostname: JF
     environment:

kubernetes/apps/production/arr/bazarr/helmrelease.yaml

@@ -0,0 +1,123 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: &app bazarr
+  namespace: arr
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.7.1
+      interval: 30m
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    remediation:
+      retries: 3
+
+  values:
+    global:
+      fullnameOverride: *app
+      namespace: arr
+
+    controllers:
+      bazarr:
+        enabled: true
+        type: statefulset
+        annotations:
+          reloader.stakater.com/auto: "true"
+
+        replicas: 1
+
+        statefulset:
+          volumeClaimTemplates:
+            - name: bazarr-config
+              accessMode: ReadWriteOnce
+              size: 1Gi
+              storageClass: longhorn
+              globalMounts:
+                - path: /config
+
+        pod:
+          securityContext:
+            runAsUser: 1000
+            runAsGroup: &group 1000
+            fsGroup: *group
+            fsGroupChangePolicy: "OnRootMismatch"
+          dnsPolicy: None
+          dnsConfig:
+            nameservers:
+              - 10.43.0.10
+              - 1.1.1.1
+              - 8.8.8.8
+
+        containers:
+          app:
+            image:
+              repository: ghcr.io/onedr0p/bazarr
+              tag: 1.5.1
+              pullPolicy: IfNotPresent
+            env:
+              TZ: "${TZ}"
+              BAZARR__INSTANCE_NAME: *app
+              BAZARR__PORT: &port 6767
+              BAZARR__APPLICATION_URL: "https://bazarr.${LOCAL_DOMAIN}"
+              BAZARR__LOG_LEVEL: info
+
+            probes:
+              liveness:
+                enabled: false
+
+            securityContext:
+              allowPrivilegeEscalation: false
+              capabilities:
+                drop:
+                  - ALL
+
+            resources:
+              requests:
+                cpu: 100m
+                memory: 150Mi
+              limits:
+                memory: 256Mi
+
+    service:
+      app:
+        primary: true
+        controller: bazarr
+        ports:
+          http:
+            port: *port
+
+    ingress:
+      internal:
+        enabled: true
+        className: nginx
+        hosts:
+          - host: "bazarr.${LOCAL_DOMAIN}"
+            paths:
+              - path: /
+                pathType: Prefix
+                service:
+                  identifier: app
+                  port: http
+        tls:
+          - hosts:
+              - "bazarr.${LOCAL_DOMAIN}"
+            secretName: local-mafyuh-dev-production-tls
+
+    persistence:
+      data:
+        enabled: true
+        type: nfs
+        server: "${NAS_IP}"
+        path: /mnt/thePool/thePoolShare
+        globalMounts:
+          - path: /data

kubernetes/apps/production/arr/bazarr/kustomization.yaml

@@ -1,6 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - deployment.yaml
-  - service.yaml
-  - ingress.yaml
+  - helmrelease.yaml

kubernetes/apps/production/arr/prowlarr/helmrelease.yaml

@@ -62,7 +62,7 @@ spec:
           app:
             image:
               repository: ghcr.io/onedr0p/prowlarr
-              tag: 1.30.2.4939
+              tag: 1.31.2.4975
               pullPolicy: IfNotPresent
             env:
               TZ: "${TZ}"

kubernetes/apps/production/reflector/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: reflector
-      version: 7.1.288
+      version: 9.0.313
       sourceRef:
         kind: HelmRepository
         name: reflector-repo

kubernetes/apps/production/reloader/helmrelease.yaml

@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: reloader
-      version: 1.2.1
+      version: 1.3.0
       interval: 30m
       sourceRef:
         kind: HelmRepository

terraform/flux/main.tf

@@ -17,9 +17,5 @@ provider "flux" {
 
 resource "flux_bootstrap_git" "flux" {
   path               = "kubernetes/cluster/production"
-  version            = "v2.4.0"
-
-  lifecycle {
-    ignore_changes = all
-  }
+  version            = "v2.5.0"
 }

terraform/flux/provider.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     flux = {
       source  = "fluxcd/flux"
-      version = "1.4.0"
+      version = "1.5.0"
     }
     bitwarden-secrets = {
       source  = "sebastiaan-dev/bitwarden-secrets"

terraform/main.tf

@@ -30,7 +30,7 @@ terraform {
     }
     flux = {
       source  = "fluxcd/flux"
-      version = "1.4.0"
+      version = "1.5.0"
     }
   }
 }

terraform/proxmox/windows.tf

@@ -3,7 +3,7 @@ resource "proxmox_virtual_environment_vm" "Windows11" {
   node_name = "pve2"
   vm_id     = 250
   tags      = ["tofu"]
-  started   = false
+  started   = true
   bios      = "ovmf"
   machine   = "pc-q35-9.0"