From 83f3207fad812eb1d35b5b9c87c3fc2d7cf56316 Mon Sep 17 00:00:00 2001 From: fchinembiri Date: Wed, 3 Jun 2026 23:47:43 +0200 Subject: [PATCH] feat(family): setup media suite (jellyfin, navidrome, homarr, jellyseerr) with rclone mount --- k8s/family-apps/kustomization.yaml | 1 + k8s/family-apps/media-suite.yaml | 358 +++++++++++++++++++++++++++++ 2 files changed, 359 insertions(+) create mode 100644 k8s/family-apps/media-suite.yaml diff --git a/k8s/family-apps/kustomization.yaml b/k8s/family-apps/kustomization.yaml index 32290e8..76f4d5a 100644 --- a/k8s/family-apps/kustomization.yaml +++ b/k8s/family-apps/kustomization.yaml @@ -9,3 +9,4 @@ resources: - kecy.yaml - ruva.yaml - rufaro.yaml + - media-suite.yaml diff --git a/k8s/family-apps/media-suite.yaml b/k8s/family-apps/media-suite.yaml new file mode 100644 index 0000000..6086024 --- /dev/null +++ b/k8s/family-apps/media-suite.yaml @@ -0,0 +1,358 @@ +apiVersion: v1 +kind: Secret +metadata: + name: rclone-secret + namespace: family-apps +type: Opaque +stringData: + RCLONE_CONFIG_SEEDHOST_TYPE: sftp + RCLONE_CONFIG_SEEDHOST_HOST: wax.seedhost.eu + RCLONE_CONFIG_SEEDHOST_USER: tadiwanashe + RCLONE_CONFIG_SEEDHOST_PASS: 9uy5c06oYfPD6wpXnvYwGQ8nH0p9tm6c7ergflo +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: jellyfin-config-pvc + namespace: family-apps +spec: + accessModes: [ReadWriteOnce] + resources: + requests: + storage: 5Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: navidrome-data-pvc + namespace: family-apps +spec: + accessModes: [ReadWriteOnce] + resources: + requests: + storage: 2Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: homarr-data-pvc + namespace: family-apps +spec: + accessModes: [ReadWriteOnce] + resources: + requests: + storage: 1Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: jellyseerr-config-pvc + namespace: family-apps +spec: + accessModes: [ReadWriteOnce] + resources: + requests: + storage: 2Gi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: jellyfin + namespace: family-apps +spec: + replicas: 1 + selector: + matchLabels: + app: jellyfin + template: + metadata: + labels: + app: jellyfin + spec: + containers: + - name: jellyfin + image: jellyfin/jellyfin:latest + ports: + - containerPort: 8096 + volumeMounts: + - name: config + mountPath: /config + - name: media + mountPath: /media + mountPropagation: HostToContainer + - name: rclone + image: rclone/rclone:latest + args: + - mount + - "seedhost:/home2/tadiwanashe/downloads/media" + - /data + - --allow-other + - --vfs-cache-mode + - writes + - --dir-cache-time + - 1m + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "fusermount -u /data"] + envFrom: + - secretRef: + name: rclone-secret + volumeMounts: + - name: media + mountPath: /data + mountPropagation: Bidirectional + volumes: + - name: config + persistentVolumeClaim: + claimName: jellyfin-config-pvc + - name: media + emptyDir: {} +--- +apiVersion: v1 +kind: Service +metadata: + name: jellyfin + namespace: family-apps +spec: + ports: + - port: 80 + targetPort: 8096 + selector: + app: jellyfin +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: jellyfin-ingress + namespace: family-apps + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" +spec: + ingressClassName: nginx + tls: + - hosts: + - stream.techarvest.co.zw + secretName: stream-tls + rules: + - host: stream.techarvest.co.zw + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: jellyfin + port: + number: 80 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: navidrome + namespace: family-apps +spec: + replicas: 1 + selector: + matchLabels: + app: navidrome + template: + metadata: + labels: + app: navidrome + spec: + containers: + - name: navidrome + image: deluan/navidrome:latest + ports: + - containerPort: 4533 + env: + - name: ND_MUSICFOLDER + value: "/media/music" + - name: ND_DATAFOLDER + value: "/data" + volumeMounts: + - name: data + mountPath: /data + - name: media + mountPath: /media + mountPropagation: HostToContainer + - name: rclone + image: rclone/rclone:latest + args: + - mount + - "seedhost:/home2/tadiwanashe/downloads/media" + - /data + - --allow-other + - --vfs-cache-mode + - writes + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "fusermount -u /data"] + envFrom: + - secretRef: + name: rclone-secret + volumeMounts: + - name: media + mountPath: /data + mountPropagation: Bidirectional + volumes: + - name: data + persistentVolumeClaim: + claimName: navidrome-data-pvc + - name: media + emptyDir: {} +--- +apiVersion: v1 +kind: Service +metadata: + name: navidrome + namespace: family-apps +spec: + ports: + - port: 80 + targetPort: 4533 + selector: + app: navidrome +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: navidrome-ingress + namespace: family-apps + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" +spec: + ingressClassName: nginx + tls: + - hosts: + - music.techarvest.co.zw + secretName: music-tls + rules: + - host: music.techarvest.co.zw + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: navidrome + port: + number: 80 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: homarr + namespace: family-apps +spec: + replicas: 1 + selector: + matchLabels: + app: homarr + template: + metadata: + labels: + app: homarr + spec: + containers: + - name: homarr + image: ghcr.io/homarr-labs/homarr:latest + ports: + - containerPort: 7575 + volumeMounts: + - name: data + mountPath: /appdata + volumes: + - name: data + persistentVolumeClaim: + claimName: homarr-data-pvc +--- +apiVersion: v1 +kind: Service +metadata: + name: homarr + namespace: family-apps +spec: + ports: + - port: 80 + targetPort: 7575 + selector: + app: homarr +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: homarr-ingress + namespace: family-apps + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" +spec: + ingressClassName: nginx + tls: + - hosts: + - home.techarvest.co.zw + secretName: home-tls + rules: + - host: home.techarvest.co.zw + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: homarr + port: + number: 80 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: jellyseerr + namespace: family-apps +spec: + replicas: 1 + selector: + matchLabels: + app: jellyseerr + template: + metadata: + labels: + app: jellyseerr + spec: + containers: + - name: jellyseerr + image: fallenbagel/jellyseerr:latest + ports: + - containerPort: 5055 + env: + - name: TZ + value: "Africa/Harare" + volumeMounts: + - name: config + mountPath: /app/config + volumes: + - name: config + persistentVolumeClaim: + claimName: jellyseerr-config-pvc +--- +apiVersion: v1 +kind: Service +metadata: + name: jellyseerr + namespace: family-apps +spec: + ports: + - port: 80 + targetPort: 5055 + selector: + app: jellyseerr