magic_rb/dotfiles
1
0
Fork 0
mirror of https://git.sr.ht/~magic_rb/dotfiles synced 2024-12-02 13:06:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
dotfiles/terranix/main/kubernetes/jellyfin.nix
magic_rb 762f781ac5
A lot of kubernetes improvements 
Signed-off-by: magic_rb <magic_rb@redalder.org>
2024-06-08 22:46:20 +02:00

333 lines
7.7 KiB
Nix
Raw Blame History

{
pkgs,
inputs,
tflib,
elib,
...
}: let
inherit
(tflib)
tf
;
in {
resource."kubernetes_namespace"."jellyfin" = {
metadata = {
name = "jellyfin";
labels = {
visibility = "public";
# has to be kept in sync with `prepare` profile
"istio.io/rev" = "1-20-2";
};
};
};
resource."kubernetes_manifest"."jellyfin-cache-persistent-volume" = {
manifest = {
apiVersion = "v1";
kind = "PersistentVolume";
metadata = {
name = "jellyfin-cache";
labels.type = "local";
};
spec = {
capacity.storage = "10Gi";
claimRef = {
name = "jellyfin-cache";
namespace = "jellyfin";
};
volumeMode = "Filesystem";
accessModes = [
"ReadWriteOnce"
];
persistentVolumeReclaimPolicy = "Retain";
storageClassName = "hostpath";
hostPath.path = "/data/jellyfin/cache";
};
};
};
resource."kubernetes_manifest"."jellyfin-cache-persistent-volume-claim" = {
manifest = {
kind = "PersistentVolumeClaim";
apiVersion = "v1";
metadata = {
name = "jellyfin-cache";
namespace = "jellyfin";
};
spec = {
volumeName = "jellyfin-cache";
storageClassName = "hostpath";
accessModes = [
"ReadWriteOnce"
];
resources.requests.storage = "10Gi";
};
};
};
resource."kubernetes_manifest"."jellyfin-config-persistent-volume" = {
manifest = {
apiVersion = "v1";
kind = "PersistentVolume";
metadata = {
name = "jellyfin-config";
labels.type = "local";
};
spec = {
capacity.storage = "10Gi";
claimRef = {
name = "jellyfin-config";
namespace = "jellyfin";
};
volumeMode = "Filesystem";
accessModes = [
"ReadWriteOnce"
];
persistentVolumeReclaimPolicy = "Retain";
storageClassName = "hostpath";
hostPath.path = "/data/jellyfin/config";
};
};
};
resource."kubernetes_manifest"."jellyfin-config-persistent-volume-claim" = {
manifest = {
kind = "PersistentVolumeClaim";
apiVersion = "v1";
metadata = {
name = "jellyfin-config";
namespace = "jellyfin";
};
spec = {
volumeName = "jellyfin-config";
storageClassName = "hostpath";
accessModes = [
"ReadWriteOnce"
];
resources.requests.storage = "10Gi";
};
};
};
resource."kubernetes_manifest"."jellyfin-media-persistent-volume" = {
manifest = {
apiVersion = "v1";
kind = "PersistentVolume";
metadata = {
name = "jellyfin-media";
labels.type = "local";
};
spec = {
capacity.storage = "10Gi";
claimRef = {
name = "jellyfin-media";
namespace = "jellyfin";
};
volumeMode = "Filesystem";
accessModes = [
"ReadWriteOnce"
];
persistentVolumeReclaimPolicy = "Retain";
storageClassName = "hostpath";
hostPath.path = "/data/jellyfin/media";
};
};
};
resource."kubernetes_manifest"."jellyfin-media-persistent-volume-claim" = {
manifest = {
kind = "PersistentVolumeClaim";
apiVersion = "v1";
metadata = {
name = "jellyfin-media";
namespace = "jellyfin";
};
spec = {
volumeName = "jellyfin-media";
storageClassName = "hostpath";
accessModes = [
"ReadWriteOnce"
];
resources.requests.storage = "10Gi";
};
};
};
resource."kubernetes_manifest"."jellyfin-deployment" = {
manifest = {
apiVersion = "apps/v1";
kind = "Deployment";
metadata = {
name = "jellyfin";
namespace = "jellyfin";
labels = {
app = "jellyfin";
};
};
spec = {
replicas = 1;
strategy.type = "Recreate";
selector.matchLabels.app = "jellyfin";
template = {
metadata.labels.app = "jellyfin";
spec = {
containers = [
{
name = "jellyfin";
image = "jellyfin/jellyfin@sha256:095e6d410d1d27b17cc4a961a9bab9fab5ffce6e49389d8ec685f65ab5538525";
ports = [
{
containerPort = 8096;
}
];
volumeMounts = [
{
name = "jellyfin-config";
mountPath = "/config/";
}
{
name = "jellyfin-cache";
mountPath = "/cache/";
}
{
name = "jellyfin-media";
mountPath = "/media/";
}
];
}
];
volumes = [
{
name = "jellyfin-config";
persistentVolumeClaim.claimName = "jellyfin-config";
}
{
name = "jellyfin-cache";
persistentVolumeClaim.claimName = "jellyfin-cache";
}
{
name = "jellyfin-media";
persistentVolumeClaim.claimName = "jellyfin-media";
}
];
};
};
};
};
};
resource."kubernetes_manifest"."jellyfin-service" = {
manifest = {
apiVersion = "v1";
kind = "Service";
metadata = {
name = "jellyfin";
namespace = "jellyfin";
};
spec = {
ports = [
{
port = 80;
protocol = "TCP";
targetPort = 8096;
}
];
selector.app = "jellyfin";
};
};
};
resource."kubernetes_manifest"."jellyfin-reference-grant" = {
manifest = {
apiVersion = "gateway.networking.k8s.io/v1alpha2";
kind = "ReferenceGrant";
metadata = {
name = "jellyfin";
namespace = "jellyfin";
};
spec = {
from = [
{
group = "gateway.networking.k8s.io";
kind = "HTTPRoute";
namespace = "ingress";
}
];
to = [
{
group = "";
kind = "Service";
name = "jellyfin";
}
];
};
};
};
resource."kubernetes_manifest"."jellyfin_authorization_policy" = {
manifest = {
apiVersion = "security.istio.io/v1";
kind = "AuthorizationPolicy";
metadata = {
name = "jellyfin";
namespace = "jellyfin";
};
spec = {
action = "ALLOW";
rules = [
{
from = [
{
source = {
namespaces = ["ingress"];
};
}
];
to = [
{
operation = {
methods = ["*"];
paths = ["/*"];
};
}
];
}
];
selector = {
matchLabels.app = "jellyfin";
};
};
};
};
resource."kubernetes_manifest"."jellyfin-httproute" = {
manifest = {
apiVersion = "gateway.networking.k8s.io/v1";
kind = "HTTPRoute";
metadata = {
name = "jellyfin";
namespace = "ingress";
};
spec = {
parentRefs = [
{name = "website";}
];
hostnames = ["jellyfin.in.redalder.org"];
rules = [
{
backendRefs = [
{
name = "jellyfin";
namespace = "jellyfin";
port = 80;
}
];
}
];
};
};
};
}
Reference in a new issue View git blame Copy permalink