squash all

Mostly copied over from my old repo and modified for app of apps. Cleaning up the mess from migration Signed-off-by: gwg313 <gwg313@pm.me>
2025-07-03 08:02:33 -04:00 · 2025-07-03 08:02:33 -04:00 · 52933116f0
commit 52933116f0
parent 471f30f0b1
104 changed files with 2532 additions and 44 deletions
--- a/navidrome/certificate.yaml
+++ b/navidrome/certificate.yaml
@ -0,0 +1,15 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: navidrome-cert
+  namespace: istio-system
+spec:
+  secretName: navidrome-cert
+  issuerRef:
+    name: letsencrypt-dns
+    kind: ClusterIssuer
+  # commonName: music.local.gwg313.xyz
+  dnsNames:
+    - music.local.gwg313.xyz
+    - music.gwg313.xyz
+    - music.zerotier.gwg313.xyz
--- a/navidrome/configmap.yaml
+++ b/navidrome/configmap.yaml
@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: navidrome-config
+  namespace: navidrome
+data:
+  ND_SCANSCHEDULE: "1h"
+  ND_LOGLEVEL: "info"
+  ND_SESSIONTIMEOUT: "24h"
+  ND_BASEURL: ""
+  ND_DEVACTIVITYPANEL: "false"
--- a/navidrome/deployment.yaml
+++ b/navidrome/deployment.yaml
@ -0,0 +1,38 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: navidrome
+  namespace: navidrome
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: navidrome
+  template:
+    metadata:
+      labels:
+        app: navidrome
+    spec:
+      containers:
+        - name: navidrome
+          image: deluan/navidrome:latest
+          ports:
+            - containerPort: 4533
+          envFrom:
+            - configMapRef:
+                name: navidrome-config
+            - secretRef:
+                name: navidrome-secrets
+          volumeMounts:
+            - mountPath: /data
+              name: navidrome-data
+            - mountPath: /music
+              name: navidrome-music
+              readOnly: true
+      volumes:
+        - name: navidrome-data
+          persistentVolumeClaim:
+            claimName: navidrome-data
+        - name: navidrome-music
+          persistentVolumeClaim:
+            claimName: navidrome-music
--- a/navidrome/gateway.yaml
+++ b/navidrome/gateway.yaml
@ -0,0 +1,19 @@
+apiVersion: networking.istio.io/v1beta1
+kind: Gateway
+metadata:
+  name: music-gateway
+spec:
+  selector:
+    istio: gateway
+  servers:
+    - port:
+        number: 443
+        name: https
+        protocol: HTTPS
+      tls:
+        mode: SIMPLE
+        credentialName: navidrome-cert
+      hosts:
+        - music.local.gwg313.xyz
+        - music.gwg313.xyz
+        - music.zerotier.gwg313.xyz
--- a/navidrome/iscsi-secret.yaml
+++ b/navidrome/iscsi-secret.yaml
@ -0,0 +1,18 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: navidrome-iscsi-auth
+  namespace: navidrome
+spec:
+  encryptedData:
+    discovery.sendtargets.auth.password: AgCfQP4VjeYYMuHZn5ZOVrs3C9vm+kF0qiWfT1wTixwvvNA5I9mDFA7F2cR/SIT6NvDLpLVMaFku7tf88aJCjlQvhEoEJbeSEurLCfJcXDaQwFKaTeELrz6l1NbyusXlijblpLQYkupxl7ZNraY3mWJSAoBD0OdpQfP56+8NcoOHHEDDdBwYza/VkBdlYOYCFWtPCosbw+wjtLgSIRkiNbrWXEN0MkBAo9OWczvB0GKGyk5divHM8iDFTON34Rk1HMv41o3tvgHa7RvXFC8LJ3GB0NyFeawyrcQF7C3i+8P50zGmzUs3ie1il//8ICzkp+0zJk4hOG+9KBIu9sDInjjVhhwHcCZspvmuKOOqg9F2mjK8a6VGURoKdvxFX2HahqAB/FjFTp5diKKZQY+zfkd7mJ3OnPqhB9fIKmZnxWwtUq8AYI2jcDdERI4FeTrmkbcxAhMCgI7cCYStwDD11dQt4XRqWOeA3trOHubyslPjvjEkIDvoVj2BNHtFIwSNX16gAMs5HsRZnoo1SUc57+IRPH0v/ZaSfJXeE6Lrv2H7ZTSlHEusKkTAvAnVKAQyJmRTYCOMdYPePr169NUEhsAqWVmizjxN34VPiK7Y6kkwgGiQJpXZHHj1QxUQ63P4O4iuvYPEx40gCtR8cXBMesPE6XkH5udxmQ/zAHjjJSyodJgM6v2IO++0gYZb06AZjDPtqgp3sqrHnzlcNRh78oBz
+    discovery.sendtargets.auth.username: AgAY/IEE3LVt8co+pMWEppPD9RC2JnmL/qbFrZ5PKZc3XA33wrtzHGBoELDwWG4Lfc5Itg1Zr0t/Sh8aLNLGlgfa8Zd4KBmu6mi+sHnh4LKKEIEE3pMuyNUC6k4jWDz22XihEy9Qfs3fr4qOrDvn9OxzVSTogLQvvn2bG1jBauRawekN3bwln7B5eY2PVwYTxjdgDBIVe2DdJYoKquK2siFszXJzM9m+IpE7S1M5s1pzs6GdYH3qBiBoWnJ5vVZzx1h7O2Z+5yVrxC1T11gDsal6mOsqSP7XNerIy0G3/NcE/RkWPz0+/wqlWTv8kulnKYnKuG+m1lttnBLr7oc6xqRNQmcFlui+0R/FS0slDvoM52KU7ZBg9YSXoMjZsQziYVF8to2wxCNAvkNpATdsgqTfbj/ydUHNrXmtBgyVWyOmmJZYHw4rUIWqlgwOkEK1arsiHPWLbOEqY+MZAyqWO9s+/iTVhGckTwDACTavhWthEhZAaaW/mr42uDTQAapjnQ8/AYixuwK8pnL20j/89xNXdCIKiSPSx0i5F4vIv7jLRCuLSmyuhMk8yOrSFOMUnk2FHxdFrLMsP9q5L3+ZSU5pVe/pJJtYSM56TIg5sGKE4l8gEm+3aEVKQMhA1urzfEe8Gz1xxpd1qnViEWegaoAEqbfmDBGmnofxkpk6xK/27Y+DKWNtNpQTZ1Ss768sb6hsI1aidC/BcIo=
+    node.session.auth.password: AgCaw7xjK13WWHje8KBCyk9KJVvGsbwnZHcQZjl1OQlqpyPx2MuYt41z2jnReAieFwFJ0EUR0AcHWWVS1llrUl0v4URGLmFSX372s+Z1rZ0J/agFGgAIHwu+ksXRhG2rLtUk4YJ0RBJUaWOcIpFrHk3oGnUU55Nw1v5GtiYbgRTBehMkON6TXQt3PA0WLmVHxEoDoKy9kzQL643VnQ+jTiuFFcmmjVVAF+a+xEAwV0os6FgrO1okej2ucBTrNAmbFUl9dhzGidA50asSZimplrlRY8y1b2R9LUQOYZ/U4PgTsG9dAfM3wSjfhcWFlQ3D4pf4Y/pchUe0OkkFTLXnXCcY0MhdpMtDDWRU6JoBNkDsa4g36gzEL2s+dCcWa+ltA8XPdI1vpbOaFpZn1TZTgk00JQnnePOsL1bTObNY1Eh0Yl7g1zb2SgUzg7zp4C2rOz/0q9I4ftuNgMtAPtD+fbf53vxCOc6hHvEdCZN03uvbsGp2drF7R7xHOXbWNvJtXi1kCO/ddVP6hxKOLbg/5Ag07gf9p1scm+nDhsBvVaTJTI6Oc66MggAsHRkQVvdM6XJlmINVCIKPoqygXCkZwXrIJUXin6MTV3OTqIC/FdKUE4Or0hhQM4Gw6Dg3FE+zAENdPPQeEs6A7+KQbMw0NDA0WoyXDbOobEHpOU5IUcigycjklO/58sYOrQX7z8JlxyibtRunPHhiL7fBWi7p2PSG
+    node.session.auth.username: AgBGQxzefQTAt3/7O+1bqbt6XlqehG0Obc3+GH5V4dgDyZMcPGgq74Beh07j8ahe9i4T+tXY4DylnTaBoVBSrOW62ipwVYmiyxWRbQ7TJ0m4dcAJOddDFED2pmQ91S0xneIrHx7N8SZgXf2Gh9xabOrkqcTHx0n0KXjuQvrDO6DcckSdnvptS3PNniK9DogY1cOInHZdAX341wXY93U4DyQb1JsoKi3QvxjVGBlmPft9GiAfWTBj9Hj9q+AA6pymH69j7xhkUiv7b6XCgYdjOqE0D1/4hIMvJR7qybGYrwUbVv/xvfLcIKJFsAMkigi2VQaTvn4E+4MkmukM+FBDfuoJ64asvYlu8quJ5KwD/OHL8toYthjs/g3aq/EQBCn1hc3JNPq6ZZ52rfRKiPcjHKOdoFkPy8yXg6nb3HSqDlUv3i01CbQ841hQhJgFfnbqDYvI3xYH0ubXKiJsGlTbZVV8iDOiJJIPRiRKL9tt4PzR2J3GCnR4ZZVYYHWkE1wIYheLwklxBkKmg2lktc0MzBfCtbcCewmcfZ9bnQFy0TT9Bvzr5EA8UbYDVEiw7eqNiK8u//iwNPZvHyMXo0lKDQ0O8YuznUrZZ0g+RHALKwDPpYqhXvu5ARh3SnSkvonZ2STVDMJgeM4/p0Q2fKomfrzwJrzHth3ipR/9gScdInMvtrudcBpVhgULxsc9UxbwnW708N6kN5lo7fo=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: navidrome-iscsi-auth
+      namespace: navidrome
+    type: kubernetes.io/iscsi-chap
--- a/navidrome/navidrome-secrets.yaml
+++ b/navidrome/navidrome-secrets.yaml
@ -0,0 +1,18 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: navidrome-secrets
+  namespace: navidrome
+spec:
+  encryptedData:
+    ND_LASTFM_APIKEY: AgBtbBJ+dQ30vpgr5lU6e94qa4wsxBHrs6zuD/HjC8SB5eqFk5u6FT6/7SPvKbrSxllFkOrpeUJpvmQvstEO1pqCil54gwxTmtq5eMpqee9wASbGSPOlGGOz6BT+38HX60x2A8jXmg7AnZWm5gTdjS2k3UxzIfNW/6jrNx2X+sZer2gH5ck1cISbZli68oDYgyYQ5sJYTiTSoBBJFjICZHzep2pKEaUV+4sp+PHmeBseXEajUJ3XcxEOPORr0AQX+uyqb0jYQQBMk9/EmSIisaCR2Xn4/bH0YioosSGSsPkQzT1E6fdeDuaiwjtf2Vt/0FmtBvkT2KeEqQIVbRL5AEjjgP33hmVD+PvBYm6TS1VlE8MpP/gHfQtNASw8PO5txroPdtlRCI3DgmmEMw1knoJcTQ0LNxPBit0IlBEiN8sVlXe5jWxBD0NrywZdufYrgvl7bxtcV32nGYj6ux+aaK/GS41rIvfHdh2mDyAXNWGXQbl+VPTzH5jBhvGZqlqhmVsbL8EA8nuG3sP4/AfWINUO8M4ru50lOUR1yr7XjFxO/I8LWch3qExQ9MRyjKbfphm/ge/9rdVNTN9aeE190LCrGiDI41OITEPq27pl3UavoYM2e6TEf1j8qLgZRmZb+cdf5qbE5uOyig1nlclRGX8eUwQTJWMrJaLJnSLidLHiRL8yHSRvnH9tWa10HMUe/KmTkusAvdfxiMdfOsgyA8HwyXKPljrg/MDOzu+PSsYa+w==
+    ND_LASTFM_SECRET: AgCa1zBHgJ7H5yRJqK6HE0c/x7mxS0PlENPJ6gryJyciqezSznr0ONAVDAtvVkWvbZrhpvTcI1SPaiqRUIF8x+7kWTYROnnCXlphoX8zMFCaw+LZxv4mC6GI4q9ciUZTRvCMKKlzTVbJIYcUaPh8zH4F0MlyWyWhpTLamkkLiPst+uArxqTw40qtqLpA9rZoshSlIXq84eeZmUuyMEhGXRspjwI7HINAaF3TfsSsuuHsqsKjbY2atwfOmeyddWh2GT1r1OtjchOq43thHHLqXH3KkKhprUK0m0b9unna9wO8Q274CeXpXME0+/qH3A14nmsYtFeyPRTuBM3iHoHR4gMaSIPcm6xZNYxSkEKglxWJztOJ6JvSsepgd37RQpDmzaZe67/9gJKTHL3pe+Id7+TQVeWqCUMQFywYE3VqJdGJWF60jc28pkCQPnbuUNgsfQySY+s65RwEqfJwJrM7orfS66vK8FDlJtH4e3bBVvZfUKjoH5mc6H9mNhJeYMAWG+RMsRvC8WRnOf9n+GTSm0j6MZ7IPpKn0xCrUaAuTAhQrSJ94exqLTGQ99RNN5RHuwMshdwr3uK3fpo33Y3xL6mFTW+GNDhRpyjlh1c6mRrMtWIfkUvWlpfFA15JTc9yR0lupZjIb3dUPrNCWQJh5J3f8k9wfiR8oQLvQesKh90zM2OYcqodwxPysRfMhxrZLmVytjCoFEcjXJy8u1PD9oTw1KaSvk5m4hUqLirNNyZ8ig==
+    ND_SPOTIFY_ID: AgBEOjEOVPO7L1Yg/5b7Lp47Lo/ZDALMypfaKoGlt6dPUVfUd7D3Ex9fdydNdcOZroRgYKi4j8gOYg+5JMJVw/TzGVlXiuhCBWYga9deeboAatgr4EuldvUgApfwKBFdoMLsOtGnSI+UoAX4pXyJXTCsjqnxtN+HfYmBu5oxbOkm65ztoiodwpjFVOBsgsCgCVwt6uI6H37ryKxxZ2nPS+X38VbMJAyo6dvD3jLB+wyUB1hemmdTyg/VbnBFaIMX+Ms6iUmLMggfOq0P3oLvc4sL5LSaZ5ZCIcwDrNvFc19xR7c265XgIUGiD2HyT+lqIoNq6V6duLQkQynRsbh3fS2KLGui+CiIskajM6RqtjncsutVEXPSsuRxUD1WU9IB6UwrNuuiJXnLgUhB8/av9ERDN+Un3cxNW78ytXClIxTCyB8Ndr6A6urwJIBogAo/bL8rNg7TlKqUnzpYa/GYQ6lBIN2SL9UTRyBfi8sE664ERs8nZkPlf/BQQBKQxJpYeSjTVDGpDNhuSE1LdLK6VM+vDueFlJ38d/YAz0gaV2Km1eWmfm4dTpG0zjZoFQbfRjGFIZYhLaju/cBpSW5qb7IoVN8TdQzJ6YFLy2lDEWfTqEcmu/Lbp1cvjU1MYeQ48x4eRK+SsLD+7ds4tiQLwhi52nC+uLi4YcqQayF2m/pSoMOOqarhP5g0ZRG2tcgJnynvCzAzks2zkGWyA+3FPg75eEc49IueaNTE6jT+/4fgww==
+    ND_SPOTIFY_SECRET: AgBpGvv+LZdybstbYW39F5dY2YZHqTVL80XJ8oVLyuvCljamzABlpYaoVw58OygdGRuyDJCrOPpyCxpDRx1MoQV4+qwE/a4K6JLjlFXCg6yR1vySHjO7l7zwJtWhf71wmvQ5WSrs/l54BbWh7Vfz18Dr4kuoNgk6F394XdKBZv3jhawQP94b4sykHhmSkXoqoPAESxLkPJ8M3rhxmdnerdRA3y4Y7m1fXy7yXqw1ojr0w2850hubK6YYxpcCqDwGi97//V/tWzz+Z7XZe8cf8cQ4+KvxpZQUpOfeCE8mVVaPAuHCDDXk9y8ObsUbwlcLstds+GFGfo16Llb2mwoTfifSrby1nbPEKAvGqa7eQavGpaeFEP9t5SftASGWeKflzYveCa9lkdrH5/8ZsieWrVJJv2K0YemaD3QqwL3ymyzehWzG7O/6bK98RkxdHGHFCH3HzFl+rHzQTPSLKof5YQU6+cMwbr3TCNTFnQVJ7O9+AFrOQVYn2/3fC3ZXq5SDObRYJYQRw5bGQcJPGZFC8uUzhT9KI+8gAVJYSwtTwNrZzEgCHviUlg6mKyV0I+7KdC8ghfl4GmjBIwscH2Ur2h20NDGQ1z22RsqSkxaYZBtLzaMLE3jZFMZTEYtjs2NjXSspSWVR2eplBmXez/kdkUOV5r9x8Z6vs3FEDyslzEEsuyutC1OGY7xi4Jiuq6P87y1R7fZttkuTIiUgyz7j9ZaLPu5qs/fjGonU1vvYe8OVVA==
+  template:
+    metadata:
+      creationTimestamp: null
+      name: navidrome-secrets
+      namespace: navidrome
+    type: Opaque
--- a/navidrome/pv.yaml
+++ b/navidrome/pv.yaml
@ -0,0 +1,42 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: navidrome-data-pv
+  namespace: navidrome
+spec:
+  capacity:
+    storage: 20Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: manual
+  iscsi:
+    targetPortal: truenas.local.gwg313.xyz:3260
+    iqn: iqn.2005-10.org.freenas.ctl:navidrome
+    lun: 0
+    fsType: ext4
+    readOnly: false
+    chapAuthDiscovery: true
+    chapAuthSession: true
+    secretRef:
+      name: navidrome-iscsi-auth
+  claimRef:
+    namespace: navidrome
+    name: navidrome-data
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: navidrome-music-pv
+  namespace: navidrome
+spec:
+  capacity:
+    storage: 10Gi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadOnlyMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: manual
+  nfs:
+    path: /mnt/tank/music-ro
+    server: truenas.local.gwg313.xyz
--- a/navidrome/pvc.yaml
+++ b/navidrome/pvc.yaml
@ -0,0 +1,29 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: navidrome-data
+  namespace: navidrome
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: manual
+  volumeMode: Block
+  volumeName: navidrome-data-pv
+  resources:
+    requests:
+      storage: 20Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: navidrome-music
+  namespace: navidrome
+spec:
+  accessModes:
+    - ReadOnlyMany
+  storageClassName: manual
+  volumeMode: Filesystem
+  volumeName: navidrome-music-pv
+  resources:
+    requests:
+      storage: 10Gi
--- a/navidrome/service.yaml
+++ b/navidrome/service.yaml
@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: navidrome
+spec:
+  selector:
+    app: navidrome
+  ports:
+    - name: http
+      port: 80
+      targetPort: 4533
+  type: ClusterIP
--- a/navidrome/virtualservice.yaml
+++ b/navidrome/virtualservice.yaml
@ -0,0 +1,20 @@
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: navidrome
+spec:
+  hosts:
+    - music.local.gwg313.xyz
+    - music.gwg313.xyz
+    - music.zerotier.gwg313.xyz
+  gateways:
+    - music-gateway
+  http:
+    - match:
+        - uri:
+            prefix: /
+      route:
+        - destination:
+            host: navidrome
+            port:
+              number: 80