From abfe2e695f0138ee2aaa58318d0a7c151a40da9a Mon Sep 17 00:00:00 2001 From: Tyler Perkins Date: Sat, 4 May 2024 21:34:28 -0400 Subject: [PATCH] Add firefly, paperless, tautulli --- firefly-iii/catagorize-ai-sealed-secret.yaml | 15 ++ firefly-iii/catagorize-ai-service.yaml | 13 ++ firefly-iii/catagorize-ai.yaml | 35 ++++ firefly-iii/helmrelease-firefly-iii.yaml | 173 +++++++++++++++++++ firefly-iii/sealed-secret.yaml | 17 ++ paperless-ngx/paperless-ngx-consume-pvc.yaml | 12 ++ paperless-ngx/paperless-ngx-data-pvc.yaml | 12 ++ paperless-ngx/paperless-ngx-deployment.yaml | 94 ++++++++++ paperless-ngx/paperless-ngx-export-pvc.yaml | 12 ++ paperless-ngx/paperless-ngx-media-pvc.yaml | 12 ++ paperless-ngx/paperless-ngx-service.yaml | 13 ++ paperless-ngx/sealed-secret.yaml | 19 ++ tautulli/tautulli-deployment.yaml | 43 +++++ tautulli/tautulli-pvc.yaml | 12 ++ tautulli/tautulli-service.yaml | 13 ++ 15 files changed, 495 insertions(+) create mode 100644 firefly-iii/catagorize-ai-sealed-secret.yaml create mode 100644 firefly-iii/catagorize-ai-service.yaml create mode 100644 firefly-iii/catagorize-ai.yaml create mode 100644 firefly-iii/helmrelease-firefly-iii.yaml create mode 100644 firefly-iii/sealed-secret.yaml create mode 100644 paperless-ngx/paperless-ngx-consume-pvc.yaml create mode 100644 paperless-ngx/paperless-ngx-data-pvc.yaml create mode 100644 paperless-ngx/paperless-ngx-deployment.yaml create mode 100644 paperless-ngx/paperless-ngx-export-pvc.yaml create mode 100644 paperless-ngx/paperless-ngx-media-pvc.yaml create mode 100644 paperless-ngx/paperless-ngx-service.yaml create mode 100644 paperless-ngx/sealed-secret.yaml create mode 100644 tautulli/tautulli-deployment.yaml create mode 100644 tautulli/tautulli-pvc.yaml create mode 100644 tautulli/tautulli-service.yaml diff --git a/firefly-iii/catagorize-ai-sealed-secret.yaml b/firefly-iii/catagorize-ai-sealed-secret.yaml new file mode 100644 index 0000000..ef20a22 --- /dev/null +++ b/firefly-iii/catagorize-ai-sealed-secret.yaml @@ -0,0 +1,15 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: firefly-iii-ai + namespace: firefly-ns +spec: + encryptedData: + FIREFLY_PERSONAL_TOKEN: AgDimybAXS9nGY5qbE+YXcWklHXrl6aOTl3dC2pZGEQ5abwbE7H7vsccOMJWPhfbT/x0/gK63qEQeucu3CB8va+QKRF82DE1h9TNe++hjneKl51htDAG8wnzpyLZfQIRMrmYejjC2t1ID3ti5JXVwfzrMwge9bsx5FLSBZQJbTy74gNRBU/q+zz2bvcRXKmQS5kocUBsmJXGBKYYreVd8qAA1eEb13YQYllZ+iJXFmJqYoK/pkYuQO1ClzZHLMA1AIWVughhvQeOmvfNXxm7hMopTHMMRdeXFuGnv1J45ktE0YYInnlGrJoJY3hjRNlWy+fQgqzA0IfcIVF58w2A29pL5oXr+J5v5grAr6gm60Xm+P/c8uRMQeQ9Yv6W3L+mG9ECr9DhNCvAdadGAyK1oVYUoJ1AISMLTbGkQ98uNTG9ExG9zcoYJ4teXgTmqDN+HP5wRhDdz00ELIedxOhtXK0mhT1lEuZN3E6nyid/knRX5aGY0vts3V5odJvfur4xRQKlwegTR4lAhPdn7rW+LAeWrl+3pfyQnsR8gkc8/8kgNLcqlefX/2K/tt9vsGbb6H9ciBdrrzpLja/Ml7v/hAJSPqFEZSz1DLaI3TIEq8xUmjaJu9RlqpTh8gi9oCYDIVVdjbphpWeL+O8w5hHuUgaX0EcSDQPI9Nsmi4Z643CbqhWa6lvL07FvwQ5AyjA4xMOhEFi/2pB5lUu46NFa3ZzMw3UYynLeKLVF9Tgs8G/UcWWSJvkLu2hEc/EVavjtj6iTw93/qxPS6klDRjFX46FUr1DMJBTDcYhsEH/PEcIwJGeafgCOdVoVfAc+eJknJ2dDSBxNLkxTMgM8SenUr7kdmm844qWR9H6DzfNOtbn+uaOnpeHvhU4qxu+/UzqAT9/HCuds68XAGvhRltHrphPr6LgVWjPi+BrdIghpiAY5LtNWhgeQLyrQ2Due3Dt4tUL8wC4/xi9hYltx/AynCzNIwzs76/eQdl1VYDjToXDWye0NENqOCL8GK59V+1rXflRRX2q4iR72zttBgjpbWCNZ6wNnWWbQdH3dHxBvJ7Db736fRQtAoEC4rdKTbVw8A1W8X1Zn6Mt9SIYY+fssNF5aNb0YSNzNYrthIfYmtG/TWKkOR9Z5lvzdeTfzlS34y9xYEF1IAmjRC2bUywp7RNHRzMrgENYp3kyq5F1FruHkYwfX9pRQX1ZqyjcC10Dh/CB4pj2ivygqaBEwdqQIETgVzRQKYpDcRPJi9lyd2oaIcI4k+v47ZJX32ZJLDJBVUf3w6pwFVbiuuf5cdiWo+CvzsBmvGNtwa2Nn/K0b29piPlNBSvlFDSixSW2egmmLiSujYU5RjZy07bbPf9mFHdRNjiHB4GRUHafeL6BNJ7+4mdMIzVMPgjmQ2HfwVwaup7JpTY2D5vnd5cJwKreyKfMigg9w7l9fFx7WrDp1u2qiZtRQ07Xd6LsEaLkQDrKGgyuqu33BgOsOX82F5RPpkCYezeo0D4m3mLYMLOhp1+U3Kpt+OlvmuXPrWoJeVzwtGRoiv2FBk3Kz471wl0qwxYZxXom1I0XojVpJf8wtTtY9zI0gT7U1RZP2YIKW87dHAOWmM96miOLbsunCejRIFiRFEpJkwlnscsAn7woknl4hYj2oW7k2imO7mSwcyZiAFx+CitNqvXxoX9foMdJ3G7uXFKgqz0w1FEm0hSqDzut9DyHPunovLlMk+piBHl2eFwEtG6ODvx8SQBZ4DEJF30hmGL6NLmJiTNANDVhBgnmuiIvZRonj9gzHuCic9LUnf6DMIcMp3KLTBcpEPE/PLihmscswTuRpzF1TliCuDjhjVs2HyEx3WisY0w76w/YX/s4ipCInHmXV7HeGL0+RNAjlVGgAhRrNbUuAn0BwTDm/PMQvV/XJmwjd0964GkpK1lwBcms979WJzN+Gg6sTNa5Y9xRzm6p5QiXj8M7P8QzKHrZxSu+lMqYGtipONcBKb6pWk50Q0YGjSDkJ9lUymj3iEg5y5A== + OPENAI: AgAK3CS9m5SHyxnyk8tP7MlKu2XCLd+Qt8xBuYiFO/PtfxcE+j8MV1haSFUdEwcoySpkBYlctifqJc8uaBdmW1aewYhv6jZIXynScnEj4VZUe0sM1TGasuKduDWNgZ8jDRS+2fQmfzZh67zvtBVHHsiagAL6i+GHsjD3i9Fj2EoNbKueGgYgc7sMzAAoTcaEaP9SiTEzhujYb2HhRY7IoJkvmU2yyjOeFc7n3l6txkA4UsJ+c9wUblCTX4sXnU/pqTA2UAmWCfWPqYlXlKGsqZEPX7q+HcrR6H8TmiCBb/RIa5cZM87WdLTUxT5U85gcoBjj+Q7mAQlLAsfPTyncJgZSNBsNKm5UCrz7GyWr4NCnZonQIzE0GjlhQnP5ERq1+VjWdxTjsH1/QUEjjaJgq4JiJQV1OvRAemhiGXF7m8grqopwYMjBtrHt7tuIqDVNZhx8lWhZ/p21f8zvluR8WREEdmff/wsFNJkIbYJGwpwy8VpF4hiuqkcXSPGcz6OdBfY5sktUYwQNkRqEQV4wDLjU23hngL9P47dXY5Mx81AMvyD49V6DnRH8az1zaxcexvyC/m+4UEqm4Aw8REIf5sogH4Kpu2pKXW/ZrDMI27zyjammG9EF3AGo9Wi2ND8JJH0j4GJXu2auGDrENdJZaM6qDVauYrDFMVw9jj+ZlMLqUd797qMEYDP64ai4VjXXAj2Q4qS4F6wGu29jrHQK8tWeQx5hxl0pwlfUd5i7NyUjGczGaniXelpmQ3Lcpzp/HIXQd+4= + template: + metadata: + creationTimestamp: null + name: firefly-iii-ai + namespace: firefly-ns diff --git a/firefly-iii/catagorize-ai-service.yaml b/firefly-iii/catagorize-ai-service.yaml new file mode 100644 index 0000000..e519457 --- /dev/null +++ b/firefly-iii/catagorize-ai-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: catagorize-ai-service + namespace: firefly-ns +spec: + selector: + app: firefly-iii + ports: + - protocol: TCP + port: 3000 + targetPort: 3000 + type: ClusterIP diff --git a/firefly-iii/catagorize-ai.yaml b/firefly-iii/catagorize-ai.yaml new file mode 100644 index 0000000..1bb0939 --- /dev/null +++ b/firefly-iii/catagorize-ai.yaml @@ -0,0 +1,35 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: catagorize-ai + namespace: firefly-ns +spec: + replicas: 1 + selector: + matchLabels: + app: firefly-iii + template: + metadata: + labels: + app: firefly-iii + spec: + containers: + - name: catagorize-ai + image: ghcr.io/bahuma20/firefly-iii-ai-categorize + ports: + - containerPort: 3000 + env: + - name: FIREFLY_URL + value: https://money.clortox.com + - name: ENABLE_UI + value: "true" + - name: FIREFLY_PERSONAL_TOKEN + valueFrom: + secretKeyRef: + name: firefly-iii-ai + key: FIREFLY_PERSONAL_TOKEN + - name: OPENAI_API_KEY + valueFrom: + secretKeyRef: + name: firefly-iii-ai + key: OPENAI diff --git a/firefly-iii/helmrelease-firefly-iii.yaml b/firefly-iii/helmrelease-firefly-iii.yaml new file mode 100644 index 0000000..827b9e7 --- /dev/null +++ b/firefly-iii/helmrelease-firefly-iii.yaml @@ -0,0 +1,173 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: firefly + namespace: firefly-ns +spec: + chart: + spec: + chart: firefly-iii + sourceRef: + kind: HelmRepository + name: firefly-iii + namespace: flux-system + interval: 15m0s + timeout: 5m + releaseName: firefly-iii + values: + replicaCount: 1 + + image: + repository: "fireflyiii/core" + pullPolicy: IfNotPresent + tag: version-6.1.6 + + imagePullSecrets: [] + nameOverride: "" + fullnameOverride: "" + + persistence: + # -- If you set this to false, uploaded attachments are not stored persistently and will be lost with every restart of the pod + enabled: true + storageClassName: "longhorn" + accessModes: ReadWriteOnce + storage: 20Gi + # -- If you want to use an existing claim, set it here + existingClaim: "" + + # -- Environment variables for Firefly III. See docs at: https://github.com/firefly-iii/firefly-iii/blob/main/.env.example + config: + # -- Set this to the name of a secret to load environment variables from. If defined, values in the secret will override values in config.env + existingSecret: "firefly-iii-secret" + + # -- Set environment variables from configMaps or Secrets + envValueFrom: {} + + # -- Directly defined environment variables. Use this for non-secret configuration values. + env: + DB_HOST: postgresql.postgresql-system.svc.cluster.local + DB_CONNECTION: pgsql + DB_PORT: "5432" + DB_DATABASE: firefly + DB_USERNAME: firefly + DEFAULT_LANGUAGE: "en_US" + DEFAULT_LOCALE: "equal" + TZ: "America/New_York" + TRUSTED_PROXIES: "**" + APP_URL: "https://money.clortox.com" + AUTHENTICATION_GUARD: "remote_user_guard" + AUTHENTICATION_GUARD_HEADER: "X-authentik-email" + + + # -- Create a new Secret from values file to store sensitive environment variables. Make sure to keep your secrets encrypted in the repository! For example, you can use the 'helm secrets' plugin (https://github.com/jkroepke/helm-secrets) to encrypt and manage secrets. If the 'config.existingSecret' value is set, a new Secret will not be created. + secrets: + env: + APP_PASSWORD: "CHANGE_ENCRYPT_ME" + DB_PASSWORD: "CHANGE_ENCRYPT_ME" + + # -- A cronjob for [recurring Firefly III tasks](https://docs.firefly-iii.org/firefly-iii/advanced-installation/cron/). + cronjob: + # -- Set to true to enable the CronJob. Note that you need to specify either cronjob.auth.existingSecret or cronjob.auth.token for it to actually be deployed. + enabled: false + + # -- Authorization for the CronJob. See https://docs.firefly-iii.org/firefly-iii/advanced-installation/cron/#request-a-page-over-the-web + auth: + # -- The name of a secret containing a data.token field with the cronjob token + existingSecret: "" + + # -- The name of the key in the existing secret to get the cronjob token from + secretKey: "token" + + # -- The token in plain text + token: "" + + # -- Annotations for the CronJob + annotations: {} + + # -- When to run the CronJob. Defaults to 03:00 as this is when Firefly III executes regular tasks. + schedule: "0 3 * * *" + + # -- How many pods to keep around for successful jobs + successfulJobsHistoryLimit: 3 + + # -- How many pods to keep around for failed jobs + failedJobsHistoryLimit: 1 + + # -- How to treat failed jobs + restartPolicy: OnFailure + + image: + repository: curlimages/curl + pullPolicy: IfNotPresent + tag: 7.81.0 + + imagePullSecrets: [] + + podAnnotations: {} + + securityContext: {} + + podSecurityContext: {} + + resources: {} + + nodeSelector: {} + + tolerations: [] + + affinity: {} + + podAnnotations: {} + + podSecurityContext: {} + # fsGroup: 2000 + + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + service: + type: LoadBalancer + port: 80 + + ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - chart-example.local + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + + nodeSelector: {} + + tolerations: [] + + affinity: {} diff --git a/firefly-iii/sealed-secret.yaml b/firefly-iii/sealed-secret.yaml new file mode 100644 index 0000000..68e02b0 --- /dev/null +++ b/firefly-iii/sealed-secret.yaml @@ -0,0 +1,17 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: firefly-iii-secret + namespace: firefly-ns +spec: + encryptedData: + APP_KEY: AgCSE+/lOiQJV3HE/UiAzeIXc2hgOMY95RSUO8Q22sK+R6WdpLcc0/gkxhOYtAdFGp1r9TIQQcWcbR2cEZ84GsnhoNJxh2vgaME+g5m0EgzQouczW/GTR56qfu/P+zp/IlIjepJVeAhVAOAInLDn/XUJf6kXyfWG7kHLhB/CHI6P0VC1RcHXAjkArDmpn5wOwDzVSMOCWszd6BXjl/LacRPkC58Oj4GCIlEqXo1meBJ7Lc6IG+x7VSjNv19xKVFqULt/Aep2YowIf3TPlQDhkv39Rro434dzm9q/M88JndE6sOqw1MTO+QqPPSUKPDSTWwD72FV4rmVkeXiTKtvMLlAWywQIOFL7ZIVJ50DjYgWV/tx3xz81lnfgwtFa6cT1OwUOfLrAEAe4iF/3hzgY1dfTMB7eKbY+XGpGvrcqAImfcBfMwc2wqSWj7FA3V5qOwrfeObDE96nvOuDyUqgPgzyyG6JZwkM1R9pgTABbG3sEkbtyxLQfJftooKtQ3obDsP56aS9uzfZ0rsZpT6Ek7fNd9dqG0XEqDOjNgOxW8aCJBq+Uy9Pbvx9e0flBwXJM0FV963ql7b4i5vrG5IuBC/CC5t1qPwaQPd/fMARjF8hIjhcfF8lnwFzT5vYRHIaky68U2u7gUx91vkiM5X3W8G3N4TX9kZI8QKr0pHcMy3zdM4ou95qUrhr6s/BYrULKjtZ4jucVRoX1PXa+D/laa6qk0Di0iw9S+KMdni5XK+If5A== + APP_PASSWORD: AgBPGz6DZ4R5L/MnGFbEu91VtBnuT4XiV1h2LGCwg5XTtlPcaB4EgNTQqFihAqt1GbHjGnJeaNMLgTVRXUuVJgklZ7Si4MGeBOhcUaIkuxa/7/p9I0n1mHYKlic+c7oRUMPYEbB6R2xjLeFNALIuCr6sQyX8JcIYlYh+arWqlWgQ7MRVSZW3VaWSPiQGMgRUIequ4CAS6exjzQUwZwwP5yGqKJcV7tBoPKDeQ5lNL2BqcG6xtk1Uin7M/dEYa9hEXBDD6eZrc9IzEfuxIOJiPvJvteXvCFeX6MltA1rEbYorub1p1u+m9ROFBx7K74iR+jJt3Fw1/LP319x3lXS3G7tg0TCwxLwytwRjLfPHlYiHRosUk9n8K+sluHqReyKnDN87DEDvGgKYiToF6oXq67rLd/fQlFYLMy86sIrAIQYEAjrDNvkGVOR557GVMR8XaEvxz2nHBLKuNIXtY4Shr7vUABHf1ove2MgUPnFzNd6UTLnud/YSpkXunlYtyu9zaf1xhJq4a0AXWK9HJpyMoZz7CG5aJTT4+PGpeq3dwMNqcjmX8WmgYIpD8JwxCu09l8cmb5HwxhhV2M0Qdn0X8fo2HyR+hhXN/5P2qWmEHSOXkz7I6nefDAco93PsDQkg+1IAc4IyrmP4HJgAVwh8TD3/OFcpwlO8rG6CTC+hgI/hcnyEZCkDfRczRLUlQ3fG5HWKnm0yX/GP4A+2j4kh8FpMTKsP9U48U6a93Mmp3trVkg== + DB_PASSWORD: AgB1oty1IbWAVgYNDjaIS+ATAccxhUEoKA0zjwwbYZyNtU+Me2Z3vRPb0n4Sqm23VglNx/AGYqIf0t9ewctlib0FbU404mX8IYKMS1/+0VhoFymrLNxlTR0CTlcatOmZBbwvbqh5esEyZ9LVglr1TQWS7p5KNiJB+6b8H9tuTxraHaMBMZhDTdoAhIxyzcSvaKTmJSCPvR38q06ggNeeFIE72hh4v97diJ50h78/P4ScoG8CYbuinQpND3Jg07GoAvhdpZk1PgAZQwSeWBBECmov6rGKmJuCAx5YzReGXQOXpUYk+K3YR5mgeEIGjvABoIoHCmYoMP8T56IIX1uZLGQFpMqIbqnJ828i6qy9gvO7Qxng8zIO4WO4pNZNo+dQw49Ri087TQpT9fq17+wykDj2zvDpvasqh3bc3K0NbaJQo3F0hFzZhtw7ZdQFQ9TrKD0oG1fNscP4jvvvXIKJ9IDEghPUmd+w3C4stIwsICgpUTGTytHQ1lUzL6OebBiQjXWablwEGbtcFWhqAx07esuFpe2hx4+6HDNpEG5MH7T2/IUrwBS1vrlD4OgzT/TKT2bwjuy62ralrr7CmPcbcqax7pfkpnjK3kDna85xz4JIC4/nguqVqztjTkk7fSxDckAFlp/WLvjwvG7byU3gbQX1Y1X9O8bELvLGA+QuaZ3mMYJNEtyi3lx/RVuiO139PQOfVwrK4jsTjhxp5xxn0dk02haVWlDBg15Mb85D8mn9sA== + STATIC_CRON_TOKEN: AgBkzS4jR9phFQ/LLfwETTQM30sbLO63nNVkdUcmoZJQb85iuNtn9Ji7ROdIFyFCgWeBygOPGtrSXYlnFf3YIfdM+tXOJ9YtYRX78pqCr4mm84ZpNAir2VTMRLQDbrtqejv6LQNPkrRPpC+Xia/nUiqoGo2RFi66ypheegH7DNW1gHHxZibpiFvrwxudYj1q5rFNvw3NMwb6sJZ6FfJyKhMoKlQIJ1P+H2YoqAWU29hFiP1ZCZJ4j8+2cfaKiImlHsmGuTkuZuUi+0F8vCSUncSOtNMXJpD3XYFqexcefalls7OZJ/U4gD8LAS6kMZwBqRsCgKFKXTSpQwFW8L01xXrb6NQyPdnItO1IRg/65BJQeFdSMzgfAGec22+MBRNbJc9y2mw3iKUxPf42y+Gij/8Th9kLA9pmX8NYcBaIBCXbv3B/9O8FEDsf62XaREG1mwU3wEP1HZ6YeWEeRCR6+0MCGUWrVQK6pAS8uWQPDz1LkoKqjnMsa5OsHnmi211KUAqOV7vDOGu0gKF3t035ojfoGiHO8XgLLd2viHH0t5iaRWtWLV46UuA4uLgIwrQtw+0IQnLfb5xaIQet9zQacBIi7t2eelJvvgkdyAJ2lqexQMrHzicKjvfJQ1BbHtK1Lsisw77jvARF71IywC18fHmr0e+zK1obSva3+dPthu36xCCuoJiZ2E9GmvMkveNA0qMQYavct497T7w0iR71p3k80hOsVGIRnqUaTGifzNJNfg== + template: + metadata: + creationTimestamp: null + name: firefly-iii-secret + namespace: firefly-ns diff --git a/paperless-ngx/paperless-ngx-consume-pvc.yaml b/paperless-ngx/paperless-ngx-consume-pvc.yaml new file mode 100644 index 0000000..6e1de66 --- /dev/null +++ b/paperless-ngx/paperless-ngx-consume-pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: paperless-ngx-consume-pvc + namespace: paperless-ngx-ns +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn + resources: + requests: + storage: 2Gi diff --git a/paperless-ngx/paperless-ngx-data-pvc.yaml b/paperless-ngx/paperless-ngx-data-pvc.yaml new file mode 100644 index 0000000..85884a0 --- /dev/null +++ b/paperless-ngx/paperless-ngx-data-pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: paperless-ngx-data-pvc + namespace: paperless-ngx-ns +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn + resources: + requests: + storage: 10Gi diff --git a/paperless-ngx/paperless-ngx-deployment.yaml b/paperless-ngx/paperless-ngx-deployment.yaml new file mode 100644 index 0000000..0e249af --- /dev/null +++ b/paperless-ngx/paperless-ngx-deployment.yaml @@ -0,0 +1,94 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: paperless-ngx + namespace: paperless-ngx-ns +spec: + replicas: 1 + selector: + matchLabels: + app: paperless-ngx + template: + metadata: + labels: + app: paperless-ngx + spec: + containers: + - name: paperless-ngx + image: ghcr.io/paperless-ngx/paperless-ngx:2.3.3 + env: + - name: PAPERLESS_URL + value: "https://paperless.clortox.com" + - name: PAPERLESS_TIME_ZONE + value: America/New_York + - name: PAPERLESS_ADMIN_USER + valueFrom: + secretKeyRef: + name: paperless-config + key: ADMIN_NAME + - name: PAPERLESS_ADMIN_MAIL + valueFrom: + secretKeyRef: + name: paperless-config + key: ADMIN_EMAIL + - name: PAPERLESS_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: paperless-config + key: ADMIN_PASSWORD + + #- name: PAPERLESS_ENABLE_HTTP_REMOTE_USER + # value: "true" + #- name: PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME + # value: "HTTP_REMOTE_USER" + #- name: PAPERLESS_LOGOUT_REDIRECT_URL + # value: "" + + - name: PAPERLESS_SECRET_KEY + valueFrom: + secretKeyRef: + name: paperless-config + key: SECRET + # Secret because the URI contains the password + - name: PAPERLESS_REDIS + valueFrom: + secretKeyRef: + name: paperless-config + key: REDIS_URL + - name: PAPERLESS_DBENGINE + value: "postgresql" + - name: PAPERLESS_DBHOST + value: postgresql.postgresql-system.svc.cluster.local + - name: PAPERLESS_DBPORT + value: "5432" + - name: PAPERLESS_DBUSER + value: "paperless" + - name: PAPERLESS_DBPASS + valueFrom: + secretKeyRef: + name: paperless-config + key: POSTGRES_PASS + ports: + - containerPort: 8000 + volumeMounts: + - name: paperless-consume + mountPath: "/usr/src/paperless/consume" + - name: paperless-media + mountPath: "/usr/src/paperless/media" + - name: paperless-export + mountPath: "/usr/src/paperless/export" + - name: paperless-data + mountPath: "/usr/src/paperless/data" + volumes: + - name: paperless-consume + persistentVolumeClaim: + claimName: paperless-ngx-consume-pvc + - name: paperless-media + persistentVolumeClaim: + claimName: paperless-ngx-media-pvc + - name: paperless-export + persistentVolumeClaim: + claimName: paperless-ngx-export-pvc + - name: paperless-data + persistentVolumeClaim: + claimName: paperless-ngx-data-pvc diff --git a/paperless-ngx/paperless-ngx-export-pvc.yaml b/paperless-ngx/paperless-ngx-export-pvc.yaml new file mode 100644 index 0000000..882da00 --- /dev/null +++ b/paperless-ngx/paperless-ngx-export-pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: paperless-ngx-export-pvc + namespace: paperless-ngx-ns +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn + resources: + requests: + storage: 1Gi diff --git a/paperless-ngx/paperless-ngx-media-pvc.yaml b/paperless-ngx/paperless-ngx-media-pvc.yaml new file mode 100644 index 0000000..3e7381c --- /dev/null +++ b/paperless-ngx/paperless-ngx-media-pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: paperless-ngx-media-pvc + namespace: paperless-ngx-ns +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn + resources: + requests: + storage: 30Gi diff --git a/paperless-ngx/paperless-ngx-service.yaml b/paperless-ngx/paperless-ngx-service.yaml new file mode 100644 index 0000000..3ee7471 --- /dev/null +++ b/paperless-ngx/paperless-ngx-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: paperless-ngx-service + namespace: paperless-ngx-ns +spec: + selector: + app: paperless-ngx + type: LoadBalancer + ports: + - protocol: TCP + port: 80 + targetPort: 8000 diff --git a/paperless-ngx/sealed-secret.yaml b/paperless-ngx/sealed-secret.yaml new file mode 100644 index 0000000..669703c --- /dev/null +++ b/paperless-ngx/sealed-secret.yaml @@ -0,0 +1,19 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: paperless-config + namespace: paperless-ngx-ns +spec: + encryptedData: + ADMIN_EMAIL: AgDX1IzNrK1moCA/DJMU9TwKdn+vQrfK9F3lHMwisFrruPRh9yLkv8X3AWNzAL4KG+sINa4xbUaGn73Di2nto3MrOkBgE8sMDJ54sYGlmQtWpn0zNWpLcmOzpJVxtiTJXyCGMCV8S87z53w+HAsYMv7ReuKghUa9ZlLjCi243chXDV1hpZnwh5uczKsTFY+I+c5zzYh6GhykJPDlyGoa80YsWU8VwO7jIz75eUWiGlCfADtUCA1T9yfrydBCrroGVyYBxiKhcBuqyeHzKGGF9mfuIXeMhWl1Idpr4Ohp2DJLS2Nm16O0S3jh5SiWpQR6fiEHa7q9PKysnp4PGF577iSGEQFQW40TdnJ7dKUP8pgOMWBVI1C1CD+8DktoAx1KBFopfxvvlBnSf/+asPDcDlIbGc/CSkVeJVnvwhZsifXBhLeUTelAtpUnEZ3XCKEEqIiw/ICnVFG3oiuZN9bAM1FwEsRW0Vgh5VOel6q2Wi4DqF0mNyiaaKEgIvAmUUBhkpFhgvmsrDPV8UhlcCLBcxw2vfIget6jf0cK6UDIXs9/ooIZoxJ74/52DeI0FWY9Q/7iwZmza0ADsH15+hO6YrQukcuWokQNoUUmDrpUxOZuyw2kK3OXMo5Lq+gYc+ykV77OK0t5K/tDo2nv2WQ0W+Lw421mTA2S2TT2pi1SaXMDomXHTr9HRUDLJ2tTpIX+mOO2hFwIBgqVlBGZYefMqeCiLA== + ADMIN_NAME: AgDEdbEOWyZ4DMGSRFn2BduMEHbNYvXv7/2sjvTe/t87CEgj4YluZVlFAr0KQAvED7HJBl3jDZHbrkqYate/EzqkeV1lHVIaHCyLDIHrmWhE9mPRZ5cLTbPMDlxpFa4H6iq796u52KeCgLuM4cVxZTArrFsfILhgpaMmIYCStt+3DfBU+PP04PEmYytY1bsbrVL4wZNIFwJoBcJVxiCowAeCQ4I8SkJuZkKo8bCBVTTtQ5vtVXjY4qxqJ0XYwpxbyatCYAHN005EOjh/ZQUUskGDtbrbIeZkIj1MBmmb9ZlIQOfjO9+qxKkL4TqrUiWHmWaqokCG5wxo5yxZxari8B4GR2tHbF2aWgPfVlJi3+o4DzlJbGXYvHXXC4NmY3sPze4cuiSgDWiq0vbgw8V5RXPjcqjdyEUHoZAtV96XwsU0tIfSKj8uhhpcIiFEtljA3ie61nr3q3bcZB4a9KgGBlFv9O+mBzqJeq2DywIVhYnbyG8vqzGHX8kJWwXzPCH5G5BRU9GuA75FUaaHd3jxwHlP08qfntuQQZptqIh7Q75xaPaJvnTyJBHTZX1rDiOF4NrJ/MKZLE+LmI2gQ2Dso/XOlE9iGaN8xKZyTtVAS+U5J4b2rKqBCSi+d8cvpFUryW8qdCp4043+aYIznyQQP/8pwzqEfFObCnLKqjCo8lKvQSAtxx3uEvmLqrqSumK6ws/En+Py5g== + ADMIN_PASSWORD: AgBW40SS1is1/jahPEZQT9k91Sd4ahlPEW+ZM++VeIvvhOPgeB0YjchYL9TbB4IbqA2tXyP1vF6mzWTK4NjGUm/o4T+MIfEy+cwpgsKfgC5NqcAe4YBVAWeHPBIlJlc+lQYOoZbggjmEmnynQaMK7y/zwJ3K0OZiBugy4jwg2wlRd9EkEmUgt++TH6k8+4TjNX4eOJy26ucqUqTEbC9a4tMODgqasVB+zTXx3bv5Ojkpa0JyR4keCUtHfTeAy769nEgcQHCeJXW9+No95wgVCrMwgLlGOgWiuqQrBP50XVVhtaI2rDzReYRrW3ajRqVafTcrGCnKlVpOb7u34N7ikSpn0Hrn2UzhwKB+za8Bpkw8vs74bBy0IpRL352rx27hEc1mozEIr3ISxy6JKnWKawHYNgR6Hj5mg1f5Q2LyucAJDVbVPwTx/+uGquqfUrKCU2Gy3Xevp4hFMmFh5KXuewqTOo5m6lcUcuXeEdw/5Sc7RxpKLPaADZ9cvJjNqudDjI3JDt39TfqR82kOzG0o2kiSTBdkhr7ZkodOxeV+/d3KCNkFKUBQ0BJZsTwbL8FhUa0xVrSRCqW+eeKZ4uvxtVJByAkKSrGQSUHyVqQ50AQqArHI2zHL+iYsDhl3exOoCiFE0HrOaOYcw/PTiErVGL4PFnVip/R8k4ML9vtYlveKXSSHV/GgwRRRA6JZbtGjIH/3gupr0Uj+sqvTSlpVoNDrXEL0hLW+6lvtYcGbpvEcvQ== + POSTGRES_PASS: AgDWdgpJABCcxVvjoHzNTcwQDkCnLhxUFql59/pmhPOuGnpOUfU7Aebwt7ZoI5tNFlb2dJT1JVr2ghcbvy9KUsvtl7gh8ht6n+uiWwpb3cAqyHQe60bvHMVbJyVu1Z4Lam1VEhGhtCoKrdY4NL29++DHk4XFaPPUChXWXhNBW+h0+unlAGd4zB0paiRtP/J5IbAyu37ipKYs9fFWjSfDKFow1e/qbV/RHcGbpsE0Ea1KVepw05Y0w+9/8E07vJlhzqZIrNioq2L8wYe8/Caov6wx2gZo2+PqphDjEedDQgl07GndOWRYwmAlJWEzBSkKQXaChNVVV1aWN44aCya+29wmp5v5IZhEfTlqtxTF1yr5XJFNfvuNHFSED3oS2FmC51GX7ONtNBS+Psy662M1E1dO36oo08mLD0DyvrC3FhVpS0tPKy3u7CzMLxCqSCm10aK+t5st/n8o3rPLbqJT/0llCZ/cwZTuIyRwQ0yMnM6TYDSQhncP7cExqwmLjevAMyxJtJmQz9CECuhx6a2CHfaITVaEEFSCBZGpu44s3K8iHAEvsR9I+Z7BPr8E+p8gLrBmp3+diP5BKksliw4mQ9125DsEZIgmsTYoEhf0PZhWLeEfOPfTh/2SlA4TYK/5uiVgIyb+iwMcWND81ZtUdwSVQGl+CVShPffcRAxPVm9n3pjytK1Nlni6AONlCjxlcWYktdJvpUY6PAQRBX4U9PfFQdB0Kt+ire5YAwuPBq2nUw== + REDIS_URL: AgDRAas6f87ZL022J/pMvbi+V4ZMVyppl/FtZnReptBVfbLUJD7uSWG5s24paZ59nrDyp3PCVqfcSa+5+2dKRp4IN7oJnjQ1ack5gZMB2M94J1uUjJjaHlNoFb9VLbwasxtSFb/uX0vkb86GkCj3RrKeE08OVMimjR9557hJ99ZDz/LzwJRAlVeB93tB1ztfeSDFDOJhQydMwai4rgjCoQ0Z/C/NTDnRjmCro6PGMgQNALtUwtWypkoRu//SMwgFzBSF0/SbgL2G7TjDWDOuGHGsaWuVn3hQlYTT2Gb18TzB3O+6NGuWnJuCl2gAKDp/ZZF4QR1PAPV2LVxzqpBQwn7K2+dYw9gQPC6Sw6iRgC0ChnjCcr+2ryzLpAu8I9H5BJ2JUeh9dcbiUcQTJYvpa4AN84Noi7leIzzGBivYCC6Q3Z8Cd3a+I7fa4F8ZE5F4Qw1U7CNhVJQ61UUliRhlvJIXTXRfJ9/4bAoIKQfVu5UWpRZvPxdN3g64TsKFAMdE+Px0bCMpxlRxI7RLAa1VYTfVZL3g9mAIIZlL/u2mot6gmH37IsbnTkdL6FC0hWRKi8k0y20KUB66EAA9blentdhc716tU9CuI7Ouiik0/bcL2VnoQwDQCCPlr2yNSeIfLKxhdpQTnGKacUFNsQjAfF3x+E05gz7dDct8lNpjI0FVFq0M9BAV0djT3ECU8kqViy717ZrCi8J6m64RrR26tErzMouFjgXpMqw+jNttnOsz32ycXUa1DAK9Z8h7FK16L1nV+1Dbt30AcA54wEJFb4nsCeeUl0b04N+OlwNnveUI4xAmo9FmB1txTYw= + SECRET: AgB7kULin1dJwJHRnJUXX1YZHqx6Fc8JF7Rd3NWRYI5sqpRLHLVHZr19kf2p3EPFuoCBK4jcOo5+sg9L3IQgefSOtvTqjazl9Zcuv4w0LJKyX5+PJaqe2FFINoM+We+DispCNRWgnWFDokA2RH6J9htKpQvXscAlRhsEdERaRmrn24g69aryDeJ4EVXh0yOQK73kzGkurnod/caybunZUmtL3bQkMbWW5OTphxoyOMLolPV5JT4GooR0yGPgF/0tLvcph2Ys8zi2PjWVcqvdNGjMrrcT/HrA04ucFFLbhipl7e4MK5CfhzEfA435x6ujJySbIpYdgw0gTWti/WXXfr2SrZordj2bXVvZ237BpKdvyqOnaNV4QVC0yUHKfhSfEcPBJL3Q79w3HRpTmmd+TKpjfFgYGU0KPDKHmeIhiRng5OEDYiOMUrfnBBcXn+fILV0HeuQa8wHNRjIQ++GOfZ5dwbO1BtkInawNIOCzdkLa4C8c/rcLF46dzvhcHDC5t6jlA4fAGkZhlVRwJDmHwPubEuk3vKhXCbDQjlV1vKp7qnscEn4zXGUDVbGundg25ddDH3UCuMazEs7hvOut3WXh/vBXlMVG3k4hL0qubJQM0AhEs8X2vAo0X0tKEkKNqh2D1oWfjFWUT96LBlyfNa2FRlDW6rR1rfr/FKelFonpEY4afy5BIIyrj/RHWdwlliL0DO6MMTEWJxuOyOi/HXh0FAgN7mDQk4n0kttzdVdue/s6aKGltlMRUvH/fugOZNQya5uPrTj2QxB6qmU9dHalbfApdGIMHhdRFrjW/hTjQFLNO+RvMu1wgpB0/s5qDqSD1DqAkSwjkYQv3VjUbyj6Jc9RV192X4DsAJkPJxJKQQ== + template: + metadata: + creationTimestamp: null + name: paperless-config + namespace: paperless-ngx-ns diff --git a/tautulli/tautulli-deployment.yaml b/tautulli/tautulli-deployment.yaml new file mode 100644 index 0000000..2311d90 --- /dev/null +++ b/tautulli/tautulli-deployment.yaml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tautulli + namespace: tautulli-ns +spec: + replicas: 1 + selector: + matchLabels: + app: tautulli + template: + metadata: + labels: + app: tautulli + spec: + securityContext: + fsGroup: 1000 + initContainers: + - name: init-chown + image: alpine + command: [ "sh", "-c", "chown -R 1000:1000 /mnt/data" ] + volumeMounts: + - name: tautulli-data + mountPath: "/mnt/data" + containers: + - name: tautulli + image: ghcr.io/tautulli/tautulli + env: + - name: PUID + value: "1000" + - name: PGID + value: "1000" + - name: TZ + value: "America/New_York" + ports: + - containerPort: 8181 + volumeMounts: + - name: tautulli-data + mountPath: "/config" + volumes: + - name: tautulli-data + persistentVolumeClaim: + claimName: tautulli-pvc diff --git a/tautulli/tautulli-pvc.yaml b/tautulli/tautulli-pvc.yaml new file mode 100644 index 0000000..2e49121 --- /dev/null +++ b/tautulli/tautulli-pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: tautulli-pvc + namespace: tautulli-ns +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn + resources: + requests: + storage: 1Gi diff --git a/tautulli/tautulli-service.yaml b/tautulli/tautulli-service.yaml new file mode 100644 index 0000000..8efd194 --- /dev/null +++ b/tautulli/tautulli-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: tautulli-service + namespace: tautulli-ns +spec: + selector: + app: tautulli + ports: + - protocol: TCP + port: 80 + targetPort: 8181 + type: LoadBalancer