small fixes

apps/affine/deployment.yaml

@@ -0,0 +1,58 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: affine
+spec:
+  selector:
+    matchLabels:
+      app: affine
+  template:
+    metadata:
+      labels:
+        app: affine
+    spec:
+      containers:
+      - name: affine
+        image: affine
+        resources:
+          limits:
+            memory: "512Mi"
+            cpu: "1"
+        env:
+        - name: AFFINE_SERVER_HOST
+          value: "affine.kluster.moll.re"
+        - name: AFFINE_SERVER_PORT
+          value: "443"
+        - name: AFFINE_SERVER_HTTPS
+          value: "true"
+        - name: AFFINE_CONFIG_PATH
+          value: "/root/.affine/config"
+        - name: AFFINE_ADMIN_EMAIL
+          value: "me@moll.re"
+        - name: AFFINE_ADMIN_PASSWORD
+          value: "password"
+        - name: TELEMETRY_ENABLE
+          value: "false"
+        - name: DATABASE_URL
+          valueFrom:
+            secretKeyRef:
+              name: postgres-credentials
+              key: url
+        - name: NODE_OPTIONS
+          value: "--import=./scripts/register.js"
+        - name: NODE_ENV
+          value: "production"
+        ports:
+        - containerPort: 3010
+        volumeMounts:
+        - name: affine-data
+          mountPath: /root/.affine/storage
+        - name: affine-config
+          mountPath: /root/.affine/config
+      volumes:
+      - name: affine-data
+        persistentVolumeClaim:
+          claimName: affine-data
+      - name: affine-config
+        persistentVolumeClaim:
+          claimName: affine-config

apps/affine/ingress.yaml

@@ -0,0 +1,15 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: affine-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`affine.kluster.moll.re`)
+      kind: Rule
+      services:
+        - name: affine-web
+          port: 3010
+  tls:
+    certResolver: default-tls

apps/affine/kustomization.yaml

@@ -0,0 +1,20 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+
+namespace: affine
+
+resources:
+  - namespace.yaml
+  - deployment.yaml
+  - service.yaml
+  - ingress.yaml
+  - postgres.yaml
+  - pvc.yaml
+  - postgres-credentials.secret.yaml
+
+
+images:
+  - name: affine
+    newName: ghcr.io/toeverything/affine-graphql
+    newTag: stable

apps/affine/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: placeholder

apps/affine/postgres.yaml

@@ -0,0 +1,20 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: affine-postgres
+spec:
+  instances: 1
+  bootstrap:
+    initdb:
+      owner: affine
+      database: affine
+      secret:
+        name: postgres-credentials
+
+  storage:
+    size: 1Gi
+    pvcTemplate:
+      storageClassName: "nfs-client"
+      resources:
+        requests:
+          storage: "1Gi"

apps/affine/pvc.yaml

@@ -1,35 +1,23 @@
-apiVersion: v1
 kind: PersistentVolumeClaim
+apiVersion: v1
 metadata:
-  name: radarr-config
+  name: affine-data
 spec:
   storageClassName: "nfs-client"
   accessModes:
     - ReadWriteOnce
   resources:
     requests:
-      storage: "1Gi"
+      storage: 15Gi
 ---
-apiVersion: v1
 kind: PersistentVolumeClaim
+apiVersion: v1
 metadata:
-  name: qbittorrent-config
+  name: affine-config
 spec:
   storageClassName: "nfs-client"
   accessModes:
     - ReadWriteOnce
   resources:
     requests:
-      storage: "1Gi"
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: data
-spec:
-  storageClassName: "nfs-client"
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: "10Gi"
+      storage: 1Gi

apps/affine/service.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: affine-web
+spec:
+  selector:
+    app: affine
+  ports:
+  - port: 3010
+    targetPort: 3010

apps/media-downloads/jackett.deployment.yaml

@@ -1,47 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: jackett
-spec:
-  selector:
-    matchLabels:
-      app: jackett
-  template:
-    metadata:
-      labels:
-        app: jackett
-    spec:
-      containers:
-      - name: jackett
-        image: jackett
-        resources:
-          limits:
-            memory: "128Mi"
-            cpu: "500m"
-        ports:
-        - containerPort: 9117
-        volumeMounts:
-        - name: media
-          mountPath: /media
-        - name: config
-          mountPath: /config
-      volumes:
-      - name: media
-        persistentVolumeClaim:
-          claimName: media-downloads
-      - name: config
-        persistentVolumeClaim:
-          claimName: transmission-config
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: jackett
-spec:
-  selector:
-    app: jackett
-  ports:
-    - protocol: TCP
-      port: 9117
-      targetPort: 9117
-  type: ClusterIP

apps/media-downloads/kustomization.yaml

@@ -1,50 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-namespace: media-downloads
-
-resources:
-  - namespace.yaml
-  - pvc.yaml
-  - transmission.deployment.yaml
-  - radarr.deployment.yaml
-  - jackett.deployment.yaml
-
-
-images:
-  - name: transmission
-    newName: haugene/transmission-openvpn
-    newTag: 5.3.1
-  - name: jackett
-    newName: lscr.io/linuxserver/jackett
-    newTag: latest
-  - name: radarr
-    newName: lscr.io/linuxserver/radarr
-    newTag: 5.4.6
-
-
----
-# 2nd version
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: media-downloads
-
-
-resources: 
-  - namespace.yaml
-  - pvc.yaml
-  - qbittorrent.deployment.yaml
-  - qbittorrent.service.yaml
-  - qbittorrent.configmap.yaml
-  - radarr.deployment.yaml
-  - radarr.service.yaml
-  - radarr.configmap.yaml
-  - openvpn.secret.yaml
-
-images:
-  - name: qbittorrent
-    newName: binhex/arch-qbittorrentvpn
-    newTag: 5.0.1-1-02
-  - name: radarr
-    newName: hotio/radarr
-    newTag: release-5.14.0.9383

apps/media-downloads/namespace.yaml

@@ -1,6 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: placeholder
-  labels:
-    pod-security.kubernetes.io/enforce: privileged 

apps/media-downloads/qbittorrent.configmap.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: qbittorrent
-  labels:
-    app: qbittorrent
-data:
-  VPN_ENABLED: yes
-  VPN_USER: vpnbook
-  VPN_PASS: e83zu76
-  VPN_PROV: custom
-  VPN_CLIENT: openvpn
-  LAN_NETWORK: 10.244.0.0/24,10.9.0.0/24
-  WEBUI_PORT: "8080"
-  ENABLE_STARTUP_SCRIPTS: no

apps/media-downloads/qbittorrent.deployment.yaml

@@ -1,40 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: qbittorrent
-spec:
-  selector:
-    matchLabels:
-      app: qbittorrent
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: qbittorrent
-    spec:
-      containers:
-      - name: qbittorrent
-        image: qbittorrent
-        ports:
-        - containerPort: 8080
-        envFrom:
-        - configMapRef:
-            name: qbittorrent
-        volumeMounts:
-        - name: data
-          mountPath: /data
-        - name: config
-          mountPath: /config
-
-        securityContext:
-          capabilities:
-            add:
-            - NET_ADMIN
-
-      volumes:
-      - name: data
-        persistentVolumeClaim:
-          claimName: data
-      - name: config
-        persistentVolumeClaim:
-          claimName: qbittorrent-config

apps/media-downloads/qbittorrent.service.yaml

@@ -1,12 +0,0 @@
-kind: Service
-apiVersion: v1
-metadata:
-  name: qbittorrent
-spec:
-  selector:
-    app: qbittorrent
-  type:  ClusterIP
-  ports:
-  - name: qbittorrent
-    port:  8080
-    targetPort:  8080

apps/media-downloads/radarr.configmap.yaml

@@ -1,20 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: radarr
-  labels:
-    app: radarr
-data:
-  # VPN_ENABLED: "true"
-  # VPN_CONF: "wg0"
-  # VPN_PROVIDER: "generic"
-  # VPN_LAN_NETWORK: "192.168.1.0/24"
-  # VPN_LAN_LEAK_ENABLED: "false"
-  # VPN_EXPOSE_PORTS_ON_LAN: ""
-  # VPN_AUTO_PORT_FORWARD: "false"
-  # VPN_AUTO_PORT_FORWARD_TO_PORTS: ""
-  # VPN_KEEP_LOCAL_DNS: "false"
-  # VPN_FIREWALL_TYPE: "auto"
-  # VPN_HEALTHCHECK_ENABLED: "false"
-  # PRIVOXY_ENABLED: "false"
-  # UNBOUND_ENABLED: "false"

apps/media-downloads/radarr.deployment.yaml

@@ -1,34 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: radarr
-spec:
-  selector:
-    matchLabels:
-      app: radarr
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: radarr
-    spec:
-      containers:
-      - name: radarr
-        image: radarr
-        ports:
-        - containerPort: 7878
-        envFrom:
-        - configMapRef:
-            name: radarr
-        volumeMounts:
-        - name: data
-          mountPath: /data
-        - name: config
-          mountPath: /config
-      volumes:
-      - name: data
-        persistentVolumeClaim:
-          claimName: data
-      - name: config
-        persistentVolumeClaim:
-          claimName: radarr-config

apps/media-downloads/radarr.service.yaml

@@ -1,12 +0,0 @@
-kind: Service
-apiVersion: v1
-metadata:
-  name: radarr
-spec:
-  selector:
-    app: radarr
-  type:  ClusterIP
-  ports:
-  - name: radarr
-    port:  7878
-    targetPort:  7878

apps/media-downloads/transmission.deployment.yaml

@@ -1,81 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: transmission
-spec:
-  selector:
-    matchLabels:
-      app: transmission
-  template:
-    metadata:
-      labels:
-        app: transmission
-    spec:
-      containers:
-      - name: transmission
-        image: transmission
-        resources:
-          limits:
-            memory: "128Mi"
-            cpu: "500m"
-        ports:
-        - containerPort: 9091
-        env:
-        - name: OPENVPN_PROVIDER
-          value: PROTONVPN
-        - name: LOCAL_NETWORK
-          value: 10.42.0.0/16
-        - name: OPENVPN_CONFIG
-          valueFrom:
-            secretKeyRef:
-              name: protonvpn
-              key: country
-        - name: OPENVPN_USERNAME
-          valueFrom:
-            secretKeyRef:
-              name: protonvpn
-              key: username
-        - name: OPENVPN_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: protonvpn
-              key: password
-        volumeMounts:
-        - name: media
-          mountPath: /data
-        - name: config
-          mountPath: /config
-        securityContext:
-          capabilities:
-            add: ["NET_ADMIN"]
-      volumes:
-      - name: media
-        persistentVolumeClaim:
-          claimName: media-downloads
-      - name: config
-        persistentVolumeClaim:
-          claimName: transmission-config
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: transmission
-spec:
-  selector:
-    app: transmission
-  ports:
-    - protocol: TCP
-      port: 9091
-      targetPort: 9091
-  type: ClusterIP
-
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: protonvpn
-type: Opaque
-stringData:
-  country: at.protonvpn.udp,fr.protonvpn.udp,pl.protonvpn.udp,ch.protonvpn.udp
-  username: VOYkNuZs5PHjeB8w
-  password: WvKCOPijcXKOqcL5d7zjXzOPToS4zPid