{ pkgs, inputs, tflib, elib, ... }: let inherit (tflib) tf ; in { resource."kubernetes_namespace"."jellyfin" = { metadata = { name = "jellyfin"; labels = { visibility = "public"; # has to be kept in sync with `prepare` profile "istio.io/rev" = "1-22-2"; }; }; }; resource."kubernetes_manifest"."jellyfin-cache-persistent-volume" = { manifest = { apiVersion = "v1"; kind = "PersistentVolume"; metadata = { name = "jellyfin-cache"; labels.type = "local"; }; spec = { capacity.storage = "10Gi"; claimRef = { name = "jellyfin-cache"; namespace = "jellyfin"; }; volumeMode = "Filesystem"; accessModes = [ "ReadWriteOnce" ]; persistentVolumeReclaimPolicy = "Retain"; storageClassName = "hostpath"; hostPath.path = "/data/jellyfin/cache"; }; }; }; resource."kubernetes_manifest"."jellyfin-cache-persistent-volume-claim" = { manifest = { kind = "PersistentVolumeClaim"; apiVersion = "v1"; metadata = { name = "jellyfin-cache"; namespace = "jellyfin"; }; spec = { volumeName = "jellyfin-cache"; storageClassName = "hostpath"; accessModes = [ "ReadWriteOnce" ]; resources.requests.storage = "10Gi"; }; }; }; resource."kubernetes_manifest"."jellyfin-config-persistent-volume" = { manifest = { apiVersion = "v1"; kind = "PersistentVolume"; metadata = { name = "jellyfin-config"; labels.type = "local"; }; spec = { capacity.storage = "10Gi"; claimRef = { name = "jellyfin-config"; namespace = "jellyfin"; }; volumeMode = "Filesystem"; accessModes = [ "ReadWriteOnce" ]; persistentVolumeReclaimPolicy = "Retain"; storageClassName = "hostpath"; hostPath.path = "/data/jellyfin/config"; }; }; }; resource."kubernetes_manifest"."jellyfin-config-persistent-volume-claim" = { manifest = { kind = "PersistentVolumeClaim"; apiVersion = "v1"; metadata = { name = "jellyfin-config"; namespace = "jellyfin"; }; spec = { volumeName = "jellyfin-config"; storageClassName = "hostpath"; accessModes = [ "ReadWriteOnce" ]; resources.requests.storage = "10Gi"; }; }; }; resource."kubernetes_manifest"."jellyfin-media-persistent-volume" = { manifest = { apiVersion = "v1"; kind = "PersistentVolume"; metadata = { name = "jellyfin-media"; labels.type = "local"; }; spec = { capacity.storage = "10Gi"; claimRef = { name = "jellyfin-media"; namespace = "jellyfin"; }; volumeMode = "Filesystem"; accessModes = [ "ReadWriteOnce" ]; persistentVolumeReclaimPolicy = "Retain"; storageClassName = "hostpath"; hostPath.path = "/data/jellyfin/media"; }; }; }; resource."kubernetes_manifest"."jellyfin-media-persistent-volume-claim" = { manifest = { kind = "PersistentVolumeClaim"; apiVersion = "v1"; metadata = { name = "jellyfin-media"; namespace = "jellyfin"; }; spec = { volumeName = "jellyfin-media"; storageClassName = "hostpath"; accessModes = [ "ReadWriteOnce" ]; resources.requests.storage = "10Gi"; }; }; }; resource."kubernetes_manifest"."jellyfin-deployment" = { manifest = { apiVersion = "apps/v1"; kind = "Deployment"; metadata = { name = "jellyfin"; namespace = "jellyfin"; labels = { app = "jellyfin"; }; }; spec = { replicas = 1; strategy.type = "Recreate"; selector.matchLabels.app = "jellyfin"; template = { metadata.labels.app = "jellyfin"; spec = { containers = [ { name = "jellyfin"; image = "jellyfin/jellyfin@sha256:095e6d410d1d27b17cc4a961a9bab9fab5ffce6e49389d8ec685f65ab5538525"; ports = [ { containerPort = 8096; } ]; volumeMounts = [ { name = "jellyfin-config"; mountPath = "/config/"; } { name = "jellyfin-cache"; mountPath = "/cache/"; } { name = "jellyfin-media"; mountPath = "/media/"; } ]; } ]; volumes = [ { name = "jellyfin-config"; persistentVolumeClaim.claimName = "jellyfin-config"; } { name = "jellyfin-cache"; persistentVolumeClaim.claimName = "jellyfin-cache"; } { name = "jellyfin-media"; persistentVolumeClaim.claimName = "jellyfin-media"; } ]; }; }; }; }; }; resource."kubernetes_manifest"."jellyfin-service" = { manifest = { apiVersion = "v1"; kind = "Service"; metadata = { name = "jellyfin"; namespace = "jellyfin"; }; spec = { ports = [ { port = 80; protocol = "TCP"; targetPort = 8096; } ]; selector.app = "jellyfin"; }; }; }; resource."kubernetes_manifest"."jellyfin-reference-grant" = { manifest = { apiVersion = "gateway.networking.k8s.io/v1alpha2"; kind = "ReferenceGrant"; metadata = { name = "jellyfin"; namespace = "jellyfin"; }; spec = { from = [ { group = "gateway.networking.k8s.io"; kind = "HTTPRoute"; namespace = "ingress"; } ]; to = [ { group = ""; kind = "Service"; name = "jellyfin"; } ]; }; }; }; resource."kubernetes_manifest"."jellyfin_authorization_policy" = { manifest = { apiVersion = "security.istio.io/v1"; kind = "AuthorizationPolicy"; metadata = { name = "jellyfin"; namespace = "jellyfin"; }; spec = { action = "ALLOW"; rules = [ { from = [ { source = { namespaces = ["ingress"]; }; } ]; to = [ { operation = { methods = ["*"]; paths = ["/*"]; }; } ]; } ]; selector = { matchLabels.app = "jellyfin"; }; }; }; }; resource."kubernetes_manifest"."jellyfin-httproute" = { manifest = { apiVersion = "gateway.networking.k8s.io/v1"; kind = "HTTPRoute"; metadata = { name = "jellyfin"; namespace = "ingress"; }; spec = { parentRefs = [ {name = "website";} ]; hostnames = ["jellyfin.in.redalder.org"]; rules = [ { backendRefs = [ { name = "jellyfin"; namespace = "jellyfin"; port = 80; } ]; } ]; }; }; }; }