apiVersion: v1 kind: Secret metadata: name: rclone-secret namespace: family-apps type: Opaque stringData: RCLONE_CONFIG_SEEDHOST_TYPE: sftp RCLONE_CONFIG_SEEDHOST_HOST: wax.seedhost.eu RCLONE_CONFIG_SEEDHOST_USER: tadiwanashe RCLONE_CONFIG_SEEDHOST_PASS: 9uy5c06oYfPD6wpXnvYwGQ8nH0p9tm6c7ergflo --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: jellyfin-config-pvc namespace: family-apps spec: accessModes: [ReadWriteOnce] resources: requests: storage: 5Gi --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: navidrome-data-pvc namespace: family-apps spec: accessModes: [ReadWriteOnce] resources: requests: storage: 2Gi --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: homarr-data-pvc namespace: family-apps spec: accessModes: [ReadWriteOnce] resources: requests: storage: 1Gi --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: jellyseerr-config-pvc namespace: family-apps spec: accessModes: [ReadWriteOnce] resources: requests: storage: 2Gi --- apiVersion: apps/v1 kind: Deployment metadata: name: jellyfin namespace: family-apps spec: replicas: 1 selector: matchLabels: app: jellyfin template: metadata: labels: app: jellyfin spec: containers: - name: jellyfin image: jellyfin/jellyfin:latest ports: - containerPort: 8096 volumeMounts: - name: config mountPath: /config - name: media mountPath: /media mountPropagation: HostToContainer - name: rclone image: rclone/rclone:latest args: - mount - "seedhost:/home2/tadiwanashe/downloads/media" - /data - --allow-other - --vfs-cache-mode - writes - --dir-cache-time - 1m securityContext: privileged: true capabilities: add: ["SYS_ADMIN"] lifecycle: preStop: exec: command: ["/bin/sh", "-c", "fusermount -u /data"] envFrom: - secretRef: name: rclone-secret volumeMounts: - name: media mountPath: /data mountPropagation: Bidirectional volumes: - name: config persistentVolumeClaim: claimName: jellyfin-config-pvc - name: media emptyDir: {} --- apiVersion: v1 kind: Service metadata: name: jellyfin namespace: family-apps spec: ports: - port: 80 targetPort: 8096 selector: app: jellyfin --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: jellyfin-ingress namespace: family-apps annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" spec: ingressClassName: nginx tls: - hosts: - stream.techarvest.co.zw secretName: stream-tls rules: - host: stream.techarvest.co.zw http: paths: - path: / pathType: Prefix backend: service: name: jellyfin port: number: 80 --- apiVersion: apps/v1 kind: Deployment metadata: name: navidrome namespace: family-apps spec: replicas: 1 selector: matchLabels: app: navidrome template: metadata: labels: app: navidrome spec: containers: - name: navidrome image: deluan/navidrome:latest ports: - containerPort: 4533 env: - name: ND_MUSICFOLDER value: "/media/music" - name: ND_DATAFOLDER value: "/data" volumeMounts: - name: data mountPath: /data - name: media mountPath: /media mountPropagation: HostToContainer - name: rclone image: rclone/rclone:latest args: - mount - "seedhost:/home2/tadiwanashe/downloads/media" - /data - --allow-other - --vfs-cache-mode - writes securityContext: privileged: true capabilities: add: ["SYS_ADMIN"] lifecycle: preStop: exec: command: ["/bin/sh", "-c", "fusermount -u /data"] envFrom: - secretRef: name: rclone-secret volumeMounts: - name: media mountPath: /data mountPropagation: Bidirectional volumes: - name: data persistentVolumeClaim: claimName: navidrome-data-pvc - name: media emptyDir: {} --- apiVersion: v1 kind: Service metadata: name: navidrome namespace: family-apps spec: ports: - port: 80 targetPort: 4533 selector: app: navidrome --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: navidrome-ingress namespace: family-apps annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" spec: ingressClassName: nginx tls: - hosts: - music.techarvest.co.zw secretName: music-tls rules: - host: music.techarvest.co.zw http: paths: - path: / pathType: Prefix backend: service: name: navidrome port: number: 80 --- apiVersion: apps/v1 kind: Deployment metadata: name: homarr namespace: family-apps spec: replicas: 1 selector: matchLabels: app: homarr template: metadata: labels: app: homarr spec: containers: - name: homarr image: ghcr.io/homarr-labs/homarr:latest ports: - containerPort: 7575 volumeMounts: - name: data mountPath: /appdata volumes: - name: data persistentVolumeClaim: claimName: homarr-data-pvc --- apiVersion: v1 kind: Service metadata: name: homarr namespace: family-apps spec: ports: - port: 80 targetPort: 7575 selector: app: homarr --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: homarr-ingress namespace: family-apps annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" spec: ingressClassName: nginx tls: - hosts: - home.techarvest.co.zw secretName: home-tls rules: - host: home.techarvest.co.zw http: paths: - path: / pathType: Prefix backend: service: name: homarr port: number: 80 --- apiVersion: apps/v1 kind: Deployment metadata: name: jellyseerr namespace: family-apps spec: replicas: 1 selector: matchLabels: app: jellyseerr template: metadata: labels: app: jellyseerr spec: containers: - name: jellyseerr image: fallenbagel/jellyseerr:latest ports: - containerPort: 5055 env: - name: TZ value: "Africa/Harare" volumeMounts: - name: config mountPath: /app/config volumes: - name: config persistentVolumeClaim: claimName: jellyseerr-config-pvc --- apiVersion: v1 kind: Service metadata: name: jellyseerr namespace: family-apps spec: ports: - port: 80 targetPort: 5055 selector: app: jellyseerr