Merge remote-tracking branch 'origin/main'

old/apps/gethomepage/Chart.yaml

@@ -0,0 +1,10 @@
+apiVersion: v2
+name: gethomepage
+version: 0.0.1
+type: application
+dependencies:
+  - name: homepage
+    version: 1.2.3
+    repository: https://jameswynn.github.io/helm-charts
+sources:
+  - https://github.com/jameswynn/helm-charts

old/apps/gethomepage/values.yaml

@@ -0,0 +1,84 @@
+homepage:
+  config:
+    bookmarks:
+      - Developer:
+          - Github:
+              - abbr: GH
+                href: https://github.com/
+
+    services:
+      layout:
+        Files:
+        Media:
+        Games:
+        Manage Homelab:
+        Manage Media:
+
+    widgets:
+      # show the kubernetes widget, with the cluster summary and individual nodes
+      - datetime:
+          text_size: xl
+          format:
+            hour12: true
+            dateStyle: long
+            timeStyle: short
+
+      - kubernetes:
+          cluster:
+            show: true
+            cpu: true
+            memory: true
+            showLabel: true
+            label: "cluster"
+          nodes:
+            show: true
+            cpu: true
+            memory: true
+            showLabel: true
+      - search:
+          provider: duckduckgo
+          target: _blank
+    kubernetes:
+      mode: cluster
+
+    settings:
+      layout:
+        Media:
+          style: row
+          columns: 4
+        Games:
+          style: row
+          columns: 4
+        Files:
+        Manage Homelab:
+        Manage Library:
+          style: row
+          columns: 4
+
+  # The service account is necessary to allow discovery of other services
+  serviceAccount:
+    create: true
+    name: homepage
+
+  # This enables the service account to access the necessary resources
+  enableRbac: true
+
+  ingress:
+    main:
+      enabled: true
+      annotations:
+        cert-manager.io/cluster-issuer: letsencrypt-issuer
+        # Example annotations to add Homepage to your Homepage!
+        # gethomepage.dev/enabled: "true"
+        # gethomepage.dev/name: "Homepage"
+        # gethomepage.dev/description: "Dynamically Detected Homepage"
+        # gethomepage.dev/group: "Dynamic"
+        # gethomepage.dev/icon: "homepage.png"
+      hosts:
+        - host: dashboard.int.nc.landry.land
+          paths:
+            - path: /
+              pathType: Prefix
+      tls:
+        - hosts:
+            - dashboard.int.nc.landry.land

old/apps/kavita/email-claim-pvc.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  creationTimestamp: null
+  labels:
+    io.kompose.service: kavita-email-config-pvc
+  name: kavita-email-config-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Mi
+status: {}

old/apps/kavita/email-deployment.yaml

@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -f docker-compose.yml
+    kompose.version: 1.31.2 (HEAD)
+  creationTimestamp: null
+  labels:
+    io.kompose.service: kavita-email
+  name: kavita-email
+spec:
+  replicas: 0
+  selector:
+    matchLabels:
+      io.kompose.service: kavita-email
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -f docker-compose.yml
+        kompose.version: 1.31.2 (HEAD)
+      creationTimestamp: null
+      labels:
+        io.kompose.network/ebooks-default: "true"
+        io.kompose.service: kavita-email
+        app.kubernetes.io/name: kavita-email
+    spec:
+      containers:
+        - image: jvmilazz0/kavitaemail:latest
+          name: kavita-email
+          ports:
+            - name: http
+              protocol: TCP
+              containerPort: 5003
+          readinessProbe:
+            httpGet:
+              path: /api/test
+              port: http
+            initialDelaySeconds: 30
+            failureThreshold: 5
+            periodSeconds: 5
+          resources: {}
+          volumeMounts:
+            - mountPath: /app/config
+              name: email-config
+      restartPolicy: Always
+      volumes:
+        - name: email-config
+          persistentVolumeClaim:
+            claimName: kavita-email-config-pvc
+status: {}

old/apps/kavita/email-service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: kavita-email
+  labels:
+    name: kavita-email
+spec:
+  ports:
+    - port: 5003
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: kavita-email
+  #publishNotReadyAddresses: true

old/apps/kavita/kavita-comics-pv.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: cluster.local/nfs-subdir-external-provisioner
+  name: media-library-comics
+spec:
+  accessModes:
+    - ReadWriteOnce
+  capacity:
+    storage: 100Gi
+  nfs:
+    path: /export/comics
+    server: 192.168.1.215
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: nfs-client
+  volumeMode: Filesystem

old/apps/kavita/kavita-comics-pvc.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: kavita-comics-pvc
+  namespace: media
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Gi
+  volumeName: media-library-comics

old/apps/kavita/kavita-config-pvc.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  creationTimestamp: null
+  labels:
+    io.kompose.service: kavita-config-pvc
+  name: kavita-config-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Mi
+status: {}

old/apps/kavita/kavita-deployment.yaml

@@ -0,0 +1,91 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    gethompage.dev/enabled: "true"
+    gethomepage.dev/group: Media
+    gethomepage.dev/name: Books
+    gethomepage.dev/description: Ebooks and graphic novels
+    gethomepage.dev/href: https://library.nc.landry.land
+    gethomepage.dev/icon: kavita
+  creationTimestamp: null
+  labels:
+    io.kompose.service: kavita
+  name: kavita
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: kavita
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      annotations:
+        gethompage.dev/enabled: "true"
+        gethomepage.dev/group: Media
+        gethomepage.dev/name: Books
+        gethomepage.dev/description: Ebooks and graphic novels
+        gethomepage.dev/href: https://library.nc.landry.land
+        gethomepage.dev/icon: kavita
+        traefik.enable: "true"
+        traefik.http.routers.library.entrypoints: websecure
+        traefik.http.routers.library.rule: Host(`library.nc.landry.land`)
+        traefik.http.routers.library.service: library
+        traefik.http.routers.library.tls.certresolver: leresolver
+        traefik.http.services.library.loadbalancer.server.port: "5000"
+      creationTimestamp: null
+      labels:
+        io.kompose.network/ebooks-default: "true"
+        io.kompose.network/public: "true"
+        io.kompose.service: kavita
+        app.kubernetes.io/name: kavita
+    spec:
+      containers:
+        - env:
+            - name: TZ
+              value: America/New_York
+          image: jvmilazz0/kavita:latest
+          ports:
+            - name: http
+              protocol: TCP
+              containerPort: 5000
+          livenessProbe:
+            httpGet:
+              path: /api/health
+              port: http
+            failureThreshold: 5
+            initialDelaySeconds: 90
+            periodSeconds: 10
+          readinessProbe:
+            httpGet:
+              path: /api/health
+              port: http
+            failureThreshold: 5
+            periodSeconds: 10
+          name: kavita
+          resources: {}
+          volumeMounts:
+            - mountPath: /kavita/config
+              name: kavita-config-pvc
+            - mountPath: /books
+              name: kavita-ebooks-pvc
+            - mountPath: /comics
+              name:
+                kavita-comics-pvc
+                # - mountPath: /manga
+                #   name: kavita-claim2
+                # - mountPath: /ttrpg
+                #   name: kavita-claim3
+      restartPolicy: Always
+      volumes:
+        - name: kavita-config-pvc
+          persistentVolumeClaim:
+            claimName: kavita-config-pvc
+        - name: kavita-ebooks-pvc
+          persistentVolumeClaim:
+            claimName: kavita-ebooks-pvc
+        - name: kavita-comics-pvc
+          persistentVolumeClaim:
+            claimName: kavita-comics-pvc
+status: {}

old/apps/kavita/kavita-ebooks-pv.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: cluster.local/nfs-subdir-external-provisioner
+  name: media-library-ebooks
+spec:
+  accessModes:
+    - ReadWriteOnce
+  capacity:
+    storage: 100Gi
+  nfs:
+    path: /export/ebooks
+    server: 192.168.1.215
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: nfs-client
+  volumeMode: Filesystem

old/apps/kavita/kavita-ebooks-pvc.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: kavita-ebooks-pvc
+  namespace: media
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Gi
+  volumeName: media-library-ebooks

old/apps/kavita/kavita-ingress.yaml

@@ -0,0 +1,30 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-issuer
+    gethomepage.dev/enabled: "true"
+    gethomepage.dev/name: "Books"
+    gethomepage.dev/description: "Ebooks and graphic novels by Kavita"
+    gethomepage.dev/group: "Media"
+    gethomepage.dev/icon: "kavita.png"
+  name: kavita
+  labels:
+    name: kavita
+spec:
+  rules:
+    - host: library.nc.landry.land
+      http:
+        paths:
+          - backend:
+              service:
+                name: kavita
+                port:
+                  number: 5000
+            path: /
+            pathType: Prefix
+
+  tls:
+    - hosts:
+        - library.nc.landry.land
+      secretName: kavita-tls

old/apps/kavita/kavita-service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: kavita
+  labels:
+    name: kavita
+spec:
+  ports:
+    - port: 5000
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: kavita
+  #publishNotReadyAddresses: true

old/charts/app-of-apps/Chart.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: v2
+name: app-of-apps
+type: application
+version: 1.0.2

old/charts/app-of-apps/templates/app-template.yaml

@@ -0,0 +1,49 @@
+---
+{{ range $k, $v := $.Values.apps }}
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: {{ $v.name }}
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: {{ $.Values.project }}
+  source:
+    repoURL: {{ $.Values.source.repoURL }}
+    targetRevision: main
+    path: {{ print $.Values.source.path "/" $v.path }}
+    {{- with $v.helm }}
+    helm:
+      {{- with .valueFiles }}
+      valueFiles:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- end }}
+    {{- with $v.plugin }}
+    plugin:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+  destination:
+    server: {{ $.Values.destination.server }}
+    namespace: {{ $v.namespace }}
+  syncPolicy:
+    {{- if (or ( hasKey $v "selfHeal" ) ( default false $v.autoSync) ) }}
+    automated:
+      selfHeal: {{ default false $v.selfHeal }}
+    {{- end }}
+    {{- with $v.managedNamespaceMetadata }}
+    managedNamespaceMetadata:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+    syncOptions:
+      - CreateNamespace=true
+    {{- with $v.extraSyncOptions }}
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+  {{- with $v.ignoreDifferences }}
+  ignoreDifferences:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+---
+{{ end }}

old/projects/media/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

old/projects/media/Chart.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: v2
+name: media
+type: application
+version: 1.0.0
+appVersion: "1.16.1"
+description: App-of-apps for self-hosted media applications
+
+dependencies:
+  - name: app-of-apps
+    version: 1.0.2
+    repository: file://../../charts/app-of-apps

old/projects/media/values.yaml

@@ -0,0 +1,12 @@
+---
+app-of-apps:
+  project: default
+  destination:
+    server: https://kubernetes.default.svc
+  source:
+    repoURL: ssh://git@gitea-ssh.gitops.svc.cluster.local:2222/davad/argo.git
+    path: apps
+  apps:
+    - name: kavita
+      namespace: media
+      path: kavita

old/projects/system/Chart.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: v2
+name: system-apps
+type: application
+version: 1.0.0
+appVersion: "1.0.0"
+
+dependencies:
+  - name: app-of-apps
+    version: 1.0.2
+    repository: file://../../charts/app-of-apps/

old/projects/system/values.yaml

@@ -0,0 +1,157 @@
+---
+app-of-apps:
+  project: default
+  destination:
+    server: https://kubernetes.default.svc
+  source:
+    repoURL: ssh://git@gitea-ssh.gitops.svc.cluster.local:2222/davad/argo.git
+    path: system
+  apps:
+    - name: homepage
+      description: Homelab dashboard
+      path: ../apps/gethomepage
+      namespace: homepage
+      selfHeal: true
+
+    # - name: cert-manager
+    #   namespace: cert-manager
+    #   path: cert-manager
+    #   plugin:
+    #     env:
+    #       - name: SOPS_SECRET_FILE
+    #         value: secret.sec.yaml
+    # - name: cloudflared
+    #   namespace: cloudflared
+    #   path: cloudflared
+    # - name: cloudnative-pg
+    #   namespace: cnpg
+    #   path: cloudnative-pg
+    # - name: kubernetes-dashboard
+    #   namespace: kubernetes-dashboard
+    #   path: dashboard
+    #   plugin:
+    #     env:
+    #       - name: SOPS_SECRET_FILE
+    #         value: secret.sec.yaml
+    #   extraSyncOptions:
+    #     - RespectIgnoreDifferences=true
+    #   ignoreDifferences:
+    #     - name: kubernetes-dashboard-csrf
+    #       kind: Secret
+    #       jsonPointers:
+    #         - /data/csrf
+    # - name: dyndns
+    #   namespace: dyndns
+    #   path: dyndns
+    #   plugin:
+    #     env:
+    #       - name: SOPS_SECRET_FILE
+    #         value: secret.sec.yaml
+    # - name: keycloak
+    #   namespace: identity
+    #   path: identity/keycloak
+    #   plugin:
+    #     env:
+    #       - name: SOPS_SECRET_FILE
+    #         value: secret.sec.yaml
+    # - name: metrics-server
+    #   namespace: metrics-server
+    #   path: metrics-server
+
+    # - name: nfs-subdir-external-provisioner
+    #   namespace: nfs-subdir-provisioner
+    #   path: nfs-subdir-external-provisioner
+    #   plugin:
+    #     env:
+    #       - name: SOPS_SECRET_FILE
+    #         value: secret.sec.yaml
+
+    # - name: oauth2-proxy
+    #   namespace: oauth2-proxy
+    #   path: oauth2-proxy
+    #   plugin:
+    #     env:
+    #       - name: SOPS_SECRET_FILE
+    #         value: secret.sec.yaml
+    # - name: prometheus-stack
+    #   namespace: monitoring
+    #   path: prometheus-stack
+    #   plugin:
+    #     env:
+    #       - name: SOPS_SECRET_FILE
+    #         value: secret.sec.yaml
+    #   extraSyncOptions:
+    #     - ServerSideApply=true
+    #   managedNamespaceMetadata:
+    #     labels:
+    #       pod-security.kubernetes.io/enforce: privileged
+    #
+    # - name: traefik
+    #   namespace: traefik
+    #   path: traefik
+    # plugin:
+    #   env:
+    #     - name: SOPS_SECRET_FILE
+    #       value: secret.sec.yaml
+
+    # - name: node-feature-discovery
+    #   namespace: node-feature-discovery
+    #   path: node-feature-discovery
+    #   extraSyncOptions:
+    #     - RespectIgnoreDifferences=true
+    #   ignoreDifferences:
+    #     - group: apps
+    #       kind: DaemonSet
+    #       jsonPointers:
+    #         - /spec/template/metadata/annotations
+    #   managedNamespaceMetadata:
+    #     labels:
+    #       pod-security.kubernetes.io/enforce: privileged
+    # - name: intel-device-plugins-operator
+    #   namespace: intel-device-plugins-operator
+    #   path: intel-device-plugins-operator
+    #   managedNamespaceMetadata:
+    #     labels:
+    #       pod-security.kubernetes.io/enforce: privileged
+    # - name: intel-gpu-plugin
+    #   namespace: intel-gpu-plugin
+    #   path: intel-gpu-plugin
+    #   extraSyncOptions:
+    #     - RespectIgnoreDifferences=true
+    #   ignoreDifferences:
+    #     - group: deviceplugin.intel.com
+    #       kind: GpuDevicePlugin
+    #       jsonPointers:
+    #         - /spec/resourceManager
+    #   managedNamespaceMetadata:
+    #     labels:
+    #       pod-security.kubernetes.io/enforce: privileged
+    # - name: snapshot-controller
+    #   namespace: snapshot-controller
+    #   path: snapshot-controller
+    #   ignoreDifferences:
+    #     - group: "admissionregistration.k8s.io"
+    #       kind: ValidatingWebhookConfiguration
+    #       name: snapshot-validation-webhook
+    #       jqPathExpressions:
+    #         - .webhooks[]?.clientConfig.caBundle
+    #     - kind: Secret
+    #       name: snapshot-validation-webhook-tls
+    #       jsonPointers:
+    #         - /data
+    # - name: external-secrets
+    #   namespace: external-secrets
+    #   path: external-secrets
+    #   plugin:
+    #     env:
+    #       - name: SOPS_SECRET_FILE
+    #         value: secret.sec.yaml
+    # - name: kubelet-csr-approver
+    #   namespace: kube-system
+    #   path: kubelet-csr-approver
+    # - name: volsync
+    #   namespace: volsync
+    #   path: volsync
+    # - name: talos-backup
+    #   namespace: talos-backup
+    #   path: talos-backup