mirror of
https://git.sr.ht/~magic_rb/dotfiles
synced 2024-12-11 17:31:58 +01:00
762f781ac5
Signed-off-by: magic_rb <magic_rb@redalder.org>
332 lines
7.7 KiB
Nix
332 lines
7.7 KiB
Nix
{
|
|
pkgs,
|
|
inputs,
|
|
tflib,
|
|
elib,
|
|
...
|
|
}: let
|
|
inherit
|
|
(tflib)
|
|
tf
|
|
;
|
|
in {
|
|
resource."kubernetes_namespace"."jellyfin" = {
|
|
metadata = {
|
|
name = "jellyfin";
|
|
|
|
labels = {
|
|
visibility = "public";
|
|
# has to be kept in sync with `prepare` profile
|
|
"istio.io/rev" = "1-20-2";
|
|
};
|
|
};
|
|
};
|
|
|
|
resource."kubernetes_manifest"."jellyfin-cache-persistent-volume" = {
|
|
manifest = {
|
|
apiVersion = "v1";
|
|
kind = "PersistentVolume";
|
|
metadata = {
|
|
name = "jellyfin-cache";
|
|
labels.type = "local";
|
|
};
|
|
spec = {
|
|
capacity.storage = "10Gi";
|
|
claimRef = {
|
|
name = "jellyfin-cache";
|
|
namespace = "jellyfin";
|
|
};
|
|
volumeMode = "Filesystem";
|
|
accessModes = [
|
|
"ReadWriteOnce"
|
|
];
|
|
persistentVolumeReclaimPolicy = "Retain";
|
|
storageClassName = "hostpath";
|
|
hostPath.path = "/data/jellyfin/cache";
|
|
};
|
|
};
|
|
};
|
|
|
|
resource."kubernetes_manifest"."jellyfin-cache-persistent-volume-claim" = {
|
|
manifest = {
|
|
kind = "PersistentVolumeClaim";
|
|
apiVersion = "v1";
|
|
metadata = {
|
|
name = "jellyfin-cache";
|
|
namespace = "jellyfin";
|
|
};
|
|
spec = {
|
|
volumeName = "jellyfin-cache";
|
|
storageClassName = "hostpath";
|
|
accessModes = [
|
|
"ReadWriteOnce"
|
|
];
|
|
resources.requests.storage = "10Gi";
|
|
};
|
|
};
|
|
};
|
|
|
|
resource."kubernetes_manifest"."jellyfin-config-persistent-volume" = {
|
|
manifest = {
|
|
apiVersion = "v1";
|
|
kind = "PersistentVolume";
|
|
metadata = {
|
|
name = "jellyfin-config";
|
|
labels.type = "local";
|
|
};
|
|
spec = {
|
|
capacity.storage = "10Gi";
|
|
claimRef = {
|
|
name = "jellyfin-config";
|
|
namespace = "jellyfin";
|
|
};
|
|
volumeMode = "Filesystem";
|
|
accessModes = [
|
|
"ReadWriteOnce"
|
|
];
|
|
persistentVolumeReclaimPolicy = "Retain";
|
|
storageClassName = "hostpath";
|
|
hostPath.path = "/data/jellyfin/config";
|
|
};
|
|
};
|
|
};
|
|
|
|
resource."kubernetes_manifest"."jellyfin-config-persistent-volume-claim" = {
|
|
manifest = {
|
|
kind = "PersistentVolumeClaim";
|
|
apiVersion = "v1";
|
|
metadata = {
|
|
name = "jellyfin-config";
|
|
namespace = "jellyfin";
|
|
};
|
|
spec = {
|
|
volumeName = "jellyfin-config";
|
|
storageClassName = "hostpath";
|
|
accessModes = [
|
|
"ReadWriteOnce"
|
|
];
|
|
resources.requests.storage = "10Gi";
|
|
};
|
|
};
|
|
};
|
|
|
|
resource."kubernetes_manifest"."jellyfin-media-persistent-volume" = {
|
|
manifest = {
|
|
apiVersion = "v1";
|
|
kind = "PersistentVolume";
|
|
metadata = {
|
|
name = "jellyfin-media";
|
|
labels.type = "local";
|
|
};
|
|
spec = {
|
|
capacity.storage = "10Gi";
|
|
claimRef = {
|
|
name = "jellyfin-media";
|
|
namespace = "jellyfin";
|
|
};
|
|
volumeMode = "Filesystem";
|
|
accessModes = [
|
|
"ReadWriteOnce"
|
|
];
|
|
persistentVolumeReclaimPolicy = "Retain";
|
|
storageClassName = "hostpath";
|
|
hostPath.path = "/data/jellyfin/media";
|
|
};
|
|
};
|
|
};
|
|
|
|
resource."kubernetes_manifest"."jellyfin-media-persistent-volume-claim" = {
|
|
manifest = {
|
|
kind = "PersistentVolumeClaim";
|
|
apiVersion = "v1";
|
|
metadata = {
|
|
name = "jellyfin-media";
|
|
namespace = "jellyfin";
|
|
};
|
|
spec = {
|
|
volumeName = "jellyfin-media";
|
|
storageClassName = "hostpath";
|
|
accessModes = [
|
|
"ReadWriteOnce"
|
|
];
|
|
resources.requests.storage = "10Gi";
|
|
};
|
|
};
|
|
};
|
|
|
|
resource."kubernetes_manifest"."jellyfin-deployment" = {
|
|
manifest = {
|
|
apiVersion = "apps/v1";
|
|
kind = "Deployment";
|
|
metadata = {
|
|
name = "jellyfin";
|
|
namespace = "jellyfin";
|
|
labels = {
|
|
app = "jellyfin";
|
|
};
|
|
};
|
|
|
|
spec = {
|
|
replicas = 1;
|
|
strategy.type = "Recreate";
|
|
selector.matchLabels.app = "jellyfin";
|
|
template = {
|
|
metadata.labels.app = "jellyfin";
|
|
spec = {
|
|
containers = [
|
|
{
|
|
name = "jellyfin";
|
|
image = "jellyfin/jellyfin@sha256:095e6d410d1d27b17cc4a961a9bab9fab5ffce6e49389d8ec685f65ab5538525";
|
|
ports = [
|
|
{
|
|
containerPort = 8096;
|
|
}
|
|
];
|
|
volumeMounts = [
|
|
{
|
|
name = "jellyfin-config";
|
|
mountPath = "/config/";
|
|
}
|
|
{
|
|
name = "jellyfin-cache";
|
|
mountPath = "/cache/";
|
|
}
|
|
{
|
|
name = "jellyfin-media";
|
|
mountPath = "/media/";
|
|
}
|
|
];
|
|
}
|
|
];
|
|
volumes = [
|
|
{
|
|
name = "jellyfin-config";
|
|
persistentVolumeClaim.claimName = "jellyfin-config";
|
|
}
|
|
{
|
|
name = "jellyfin-cache";
|
|
persistentVolumeClaim.claimName = "jellyfin-cache";
|
|
}
|
|
{
|
|
name = "jellyfin-media";
|
|
persistentVolumeClaim.claimName = "jellyfin-media";
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
resource."kubernetes_manifest"."jellyfin-service" = {
|
|
manifest = {
|
|
apiVersion = "v1";
|
|
kind = "Service";
|
|
metadata = {
|
|
name = "jellyfin";
|
|
namespace = "jellyfin";
|
|
};
|
|
spec = {
|
|
ports = [
|
|
{
|
|
port = 80;
|
|
protocol = "TCP";
|
|
targetPort = 8096;
|
|
}
|
|
];
|
|
selector.app = "jellyfin";
|
|
};
|
|
};
|
|
};
|
|
|
|
resource."kubernetes_manifest"."jellyfin-reference-grant" = {
|
|
manifest = {
|
|
apiVersion = "gateway.networking.k8s.io/v1alpha2";
|
|
kind = "ReferenceGrant";
|
|
metadata = {
|
|
name = "jellyfin";
|
|
namespace = "jellyfin";
|
|
};
|
|
spec = {
|
|
from = [
|
|
{
|
|
group = "gateway.networking.k8s.io";
|
|
kind = "HTTPRoute";
|
|
namespace = "ingress";
|
|
}
|
|
];
|
|
to = [
|
|
{
|
|
group = "";
|
|
kind = "Service";
|
|
name = "jellyfin";
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
|
|
resource."kubernetes_manifest"."jellyfin_authorization_policy" = {
|
|
manifest = {
|
|
apiVersion = "security.istio.io/v1";
|
|
kind = "AuthorizationPolicy";
|
|
metadata = {
|
|
name = "jellyfin";
|
|
namespace = "jellyfin";
|
|
};
|
|
spec = {
|
|
action = "ALLOW";
|
|
rules = [
|
|
{
|
|
from = [
|
|
{
|
|
source = {
|
|
namespaces = ["ingress"];
|
|
};
|
|
}
|
|
];
|
|
to = [
|
|
{
|
|
operation = {
|
|
methods = ["*"];
|
|
paths = ["/*"];
|
|
};
|
|
}
|
|
];
|
|
}
|
|
];
|
|
selector = {
|
|
matchLabels.app = "jellyfin";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
resource."kubernetes_manifest"."jellyfin-httproute" = {
|
|
manifest = {
|
|
apiVersion = "gateway.networking.k8s.io/v1";
|
|
kind = "HTTPRoute";
|
|
metadata = {
|
|
name = "jellyfin";
|
|
namespace = "ingress";
|
|
};
|
|
spec = {
|
|
parentRefs = [
|
|
{name = "website";}
|
|
];
|
|
hostnames = ["jellyfin.in.redalder.org"];
|
|
rules = [
|
|
{
|
|
backendRefs = [
|
|
{
|
|
name = "jellyfin";
|
|
namespace = "jellyfin";
|
|
port = 80;
|
|
}
|
|
];
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
}
|