Add all the servarr bits

apps/servarr/gluetun/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- secret.yaml

apps/servarr/gluetun/secret.yaml

@@ -0,0 +1,41 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: gluetun-env
+stringData:
+    TZ: ENC[AES256_GCM,data:LJEpoJ4aVy5Qf8w7zg==,iv:IOxz/scZUCqEhasCje3X64MCddTzrtcnOp/6wg0SHEU=,tag:PTfTjdbClLj6fnXWJFedDw==,type:str]
+    VPN_SERVICE_PROVIDER: ENC[AES256_GCM,data:ttMPiwizhg==,iv:TmptqgLRaugwq3NiGxOvM9NdnkflNLQsYoRp8fIXq0c=,tag:fXeinqe8eUn/a+MNbiKrzw==,type:str]
+    VPN_TYPE: ENC[AES256_GCM,data:1GAuiUTCew==,iv:yZFHMMXt4Z4PR5tUJ0e7k8bJbjTFPY46X2AW6LB68xE=,tag:gtveZD34ZzXXHSekDPi93Q==,type:str]
+    SERVER_COUNTRIES: ENC[AES256_GCM,data:D6O0wIPGYMBzL28=,iv:p4RoFg0iSGrLRzkw5cbOj9F0Ty+soASiwgDbwHsn2rU=,tag:PeMGdEoYSJjKv5jkiaQn3w==,type:str]
+    FIREWALL_INPUT_PORTS: ENC[AES256_GCM,data:IDFDixwvkY4YG1A=,iv:FyDaKtjza6zC1g5soqhvi5MmjGV5Ap3tFBht3zx6emM=,tag:HyNwf1wRhBoRq1CaRAtH+Q==,type:str]
+    OPENVPN_CIPHERS: ENC[AES256_GCM,data:V/VGTVVTlCsz1dg=,iv:eK6noWENyRrR5lUd8XwuAOgKz3MX1kqY3VKwvBQy0h4=,tag:JOH3Eym5k6DiBoUgpvePoA==,type:str]
+    OPENVPN_USER: ENC[AES256_GCM,data:RnZRnVakr1tPraU7PF3J1Q==,iv:1cXVtF4VfYq8Y41HVndFraxoZtwM/r4EHsowfRucBko=,tag:UgkcS89V7QKOF7ZS5Qqi+g==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1ntfcrf5fz43da6k9h4um06u8mejjsqg005jm6rwmt9wff949s58qqwx8tv
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpc3pXZzMraGJONnVHRGta
+            Y0J6aDB0R0NMWmpMSFcyTTk5bkJaU3NPUldJCjgydmdOZGdoaUVCb2F2amVndnFZ
+            VUgxeW1IRlRUdWRydkg4TzdSTkY5b2sKLS0tIEdCcGFBMkJ2MldMMUlsaUpoeEhF
+            RUhxNlF4NTRROXVMWExuNi9hRmJBMWcKkSzzsaY7I46F15Y11c+9J4EcoT7lqG83
+            dSdTUHsbvNBsYYGYFUkHpRr7XEgnWWecV3lpzoVYLnmvJXCwFCK8Ug==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1gnxrrychharz0cyapjhu3nnzzzhc38slwfpq5h5rsq7pphuk4q6shhx3ll
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVEtQbTF1eVhmM0xsd2tU
+            b1R5ME1PRVkrbCtTRHdFM1BWSEcrMEhEUTE4Ck5aWkQvZThOMVJpN2x2Z053WTcz
+            bDVnQTFhYjV0QWZJbC9KaG9IVlY0T1UKLS0tIDkxaXJVWlQrK2VqODBHY3RDTzBR
+            QUFpRStodHhkTmxjNEpXQ2UxSjArN0EKnzsoVUTuiJIzTlhKNCSZpPHiRRs+KSAF
+            cyZPHvxn+xebB0jkMF6awXhruPdKHwNeijGKTzVm2RtKgjX+2YMaUg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-09-13T19:04:15Z"
+    mac: ENC[AES256_GCM,data:gXXZVu6iVZ6wqlKe4WDpQABHoxirZ1suZnaiQ+ru4sOPEQSGr2k6qyTA4uXcxSbtiw9g3JX9N34ZB2I3jNPbS+I2sfOvEr1VWe639k9OUDcWNOMEWNjK+PIiF9x81SJab9og4Z/2mdFuRXDAG9CHX6Q/sLEbsP3vpZgXeL7Xs38=,iv:yJeJPq2InZN+ewWd4yvSPTjNNo9MSgzbbxBUHL2ZCjs=,tag:2qCHVAvsucnr8yA0dkMXkA==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.9.0

apps/servarr/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - gluetun
+  - prowlarr
+  - sonarr
+  # - radarr
+  # - lidarr

apps/servarr/lidarr/deployment.yaml

@@ -0,0 +1,69 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: lidarr
+spec:
+  minReadySeconds: 3
+  revisionHistoryLimit: 5
+  progressDeadlineSeconds: 60
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: lidarr
+  template:
+    metadata:
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "9797"
+      labels:
+        app: sonarr
+    spec:
+      containers:
+        - image: ghcr.io/qdm12/gluetun:latest
+          name: gluetun
+          imagePullPolicy: Always
+          securityContext:
+            capabilities:
+              add: ["NET_ADMIN"]
+          ports:
+            - containerPort: 8989
+          envFrom:
+          - secretRef:
+              name: gluetun-env
+          resources:
+            limits:
+              cpu: 250m
+              memory: 500Mi
+            requests:
+              cpu: 10m
+              memory: 64Mi
+        - name: lidarr
+          image: lscr.io/linuxserver/lidarr:4.0.8
+          imagePullPolicy: IfNotPresent
+          livenessProbe:
+            httpGet:
+              path: /ping
+              port: 8989
+            initialDelaySeconds: 5
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /ping
+              port: 8989
+            initialDelaySeconds: 5
+            timeoutSeconds: 5
+          resources:
+            limits:
+              cpu: 1000m
+              memory: 2Gi
+            requests:
+              cpu: 10m
+              memory: 64Mi
+          volumeMounts:
+            - name: config
+              mountPath: /config
+      volumes:
+        - name: config
+          persistentVolumeClaim:
+            claimName: lidarr

apps/servarr/lidarr/ingress.yaml

@@ -0,0 +1,16 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: lidarr
+spec:
+  entryPoints:
+    - web
+  routes:
+  - match: Host(`lidarr.k3s`)
+    kind: Rule
+    services:
+    - name: lidarr
+      namespace: apps
+      nativeLB: true
+      kind: Service
+      port: 8989

apps/servarr/lidarr/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- pvc.yaml
+- deployment.yaml
+- service.yaml
+- ingress.yaml

apps/servarr/lidarr/pvc.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: lidarr
+spec:
+  accessModes:
+    - ReadWriteOncePod
+  storageClassName: local-path
+  resources:
+    requests:
+      storage: 5Gi

apps/servarr/lidarr/service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: lidarr
+spec:
+  type: ClusterIP
+  selector:
+    app: lidarr
+  ports:
+    - name: http
+      port: 8989
+      targetPort: 8989

apps/servarr/prowlarr/deployment.yaml

@@ -0,0 +1,69 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: prowlarr
+spec:
+  minReadySeconds: 3
+  revisionHistoryLimit: 5
+  progressDeadlineSeconds: 60
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: prowlarr
+  template:
+    metadata:
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "9797"
+      labels:
+        app: prowlarr
+    spec:
+      containers:
+        - image: ghcr.io/qdm12/gluetun:latest
+          name: gluetun
+          imagePullPolicy: Always
+          securityContext:
+            capabilities:
+              add: ["NET_ADMIN"]
+          ports:
+            - containerPort: 8989
+          envFrom:
+          - secretRef:
+              name: gluetun-env
+          resources:
+            limits:
+              cpu: 250m
+              memory: 500Mi
+            requests:
+              cpu: 10m
+              memory: 64Mi
+        - name: prowlarr
+          image: lscr.io/linuxserver/prowlarr:4.0.8
+          imagePullPolicy: IfNotPresent
+          livenessProbe:
+            httpGet:
+              path: /ping
+              port: 8989
+            initialDelaySeconds: 5
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /ping
+              port: 8989
+            initialDelaySeconds: 5
+            timeoutSeconds: 5
+          resources:
+            limits:
+              cpu: 1000m
+              memory: 2Gi
+            requests:
+              cpu: 10m
+              memory: 64Mi
+          volumeMounts:
+            - name: config
+              mountPath: /config
+      volumes:
+        - name: config
+          persistentVolumeClaim:
+            claimName: prowlarr

apps/servarr/prowlarr/ingress.yaml

@@ -0,0 +1,16 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: prowlarr
+spec:
+  entryPoints:
+    - web
+  routes:
+  - match: Host(`prowlarr.k3s`)
+    kind: Rule
+    services:
+    - name: prowlarr
+      namespace: apps
+      nativeLB: true
+      kind: Service
+      port: 8989

apps/servarr/prowlarr/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- pvc.yaml
+- deployment.yaml
+- service.yaml
+- ingress.yaml

apps/servarr/prowlarr/pvc.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: prowlarr
+spec:
+  accessModes:
+    - ReadWriteOncePod
+  storageClassName: local-path
+  resources:
+    requests:
+      storage: 5Gi

apps/servarr/prowlarr/service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: prowlarr
+spec:
+  type: ClusterIP
+  selector:
+    app: prowlarr
+  ports:
+    - name: http
+      port: 8989
+      targetPort: 8989

apps/servarr/radarr/deployment.yaml

@@ -0,0 +1,69 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: radarr
+spec:
+  minReadySeconds: 3
+  revisionHistoryLimit: 5
+  progressDeadlineSeconds: 60
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: radarr
+  template:
+    metadata:
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "9797"
+      labels:
+        app: radarr
+    spec:
+      containers:
+        - image: ghcr.io/qdm12/gluetun:latest
+          name: gluetun
+          imagePullPolicy: Always
+          securityContext:
+            capabilities:
+              add: ["NET_ADMIN"]
+          ports:
+            - containerPort: 8989
+          envFrom:
+          - secretRef:
+              name: gluetun-env
+          resources:
+            limits:
+              cpu: 250m
+              memory: 500Mi
+            requests:
+              cpu: 10m
+              memory: 64Mi
+        - name: radarr
+          image: lscr.io/linuxserver/radarr:4.0.8
+          imagePullPolicy: IfNotPresent
+          livenessProbe:
+            httpGet:
+              path: /ping
+              port: 8989
+            initialDelaySeconds: 5
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /ping
+              port: 8989
+            initialDelaySeconds: 5
+            timeoutSeconds: 5
+          resources:
+            limits:
+              cpu: 1000m
+              memory: 2Gi
+            requests:
+              cpu: 10m
+              memory: 64Mi
+          volumeMounts:
+            - name: config
+              mountPath: /config
+      volumes:
+        - name: config
+          persistentVolumeClaim:
+            claimName: radarr

apps/servarr/radarr/ingress.yaml

@@ -0,0 +1,16 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: radarr
+spec:
+  entryPoints:
+    - web
+  routes:
+  - match: Host(`radarr.k3s`)
+    kind: Rule
+    services:
+    - name: radarr
+      namespace: apps
+      nativeLB: true
+      kind: Service
+      port: 8989

apps/servarr/radarr/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- pvc.yaml
+- deployment.yaml
+- service.yaml
+- ingress.yaml

apps/servarr/radarr/pvc.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: radarr
+spec:
+  accessModes:
+    - ReadWriteOncePod
+  storageClassName: local-path
+  resources:
+    requests:
+      storage: 5Gi

apps/servarr/radarr/service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: radarr
+spec:
+  type: ClusterIP
+  selector:
+    app: radarr
+  ports:
+    - name: http
+      port: 8989
+      targetPort: 8989

apps/servarr/sonarr/deployment.yaml

@@ -0,0 +1,69 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: sonarr
+spec:
+  minReadySeconds: 3
+  revisionHistoryLimit: 5
+  progressDeadlineSeconds: 60
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: sonarr
+  template:
+    metadata:
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "9797"
+      labels:
+        app: sonarr
+    spec:
+      containers:
+        - image: ghcr.io/qdm12/gluetun:latest
+          name: gluetun
+          imagePullPolicy: Always
+          securityContext:
+            capabilities:
+              add: ["NET_ADMIN"]
+          ports:
+            - containerPort: 8989
+          envFrom:
+          - secretRef:
+              name: gluetun-env
+          resources:
+            limits:
+              cpu: 250m
+              memory: 500Mi
+            requests:
+              cpu: 10m
+              memory: 64Mi
+        - name: sonarr
+          image: lscr.io/linuxserver/sonarr:4.0.8
+          imagePullPolicy: IfNotPresent
+          livenessProbe:
+            httpGet:
+              path: /ping
+              port: 8989
+            initialDelaySeconds: 5
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /ping
+              port: 8989
+            initialDelaySeconds: 5
+            timeoutSeconds: 5
+          resources:
+            limits:
+              cpu: 1000m
+              memory: 2Gi
+            requests:
+              cpu: 10m
+              memory: 64Mi
+          volumeMounts:
+            - name: config
+              mountPath: /config
+      volumes:
+        - name: config
+          persistentVolumeClaim:
+            claimName: sonarr

apps/servarr/sonarr/ingress.yaml

@@ -0,0 +1,16 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: sonarr
+spec:
+  entryPoints:
+    - web
+  routes:
+  - match: Host(`sonarr.k3s`)
+    kind: Rule
+    services:
+    - name: sonarr
+      namespace: apps
+      nativeLB: true
+      kind: Service
+      port: 8989

apps/servarr/sonarr/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- pvc.yaml
+- deployment.yaml
+- service.yaml
+- ingress.yaml

apps/servarr/sonarr/pvc.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: sonarr
+spec:
+  accessModes:
+    - ReadWriteOncePod
+  storageClassName: local-path
+  resources:
+    requests:
+      storage: 5Gi

apps/servarr/sonarr/service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: sonarr
+spec:
+  type: ClusterIP
+  selector:
+    app: sonarr
+  ports:
+    - name: http
+      port: 8989
+      targetPort: 8989