From 094aa7efd22e932fec41361f91b64891fa9a2f83 Mon Sep 17 00:00:00 2001
From: Alex Mickelson <alexmickelson96@gmail.com>
Date: Fri, 2 Jan 2026 13:57:00 -0700
Subject: [PATCH] changes

---
 .github/workflows/apply-kubernetes.yml | 32 +++++++++++++++
 home-server/docker-compose.yml         | 55 +++++++++++++-------------
 kubernetes/jellyfin/deployment.yml     | 11 +++++-
 kubernetes/jellyfin/ingress.yml        | 28 ++++++-------
 kubernetes/jellyfin/service.yml        | 16 +++++++-
 nix/home-manager/work.home.nix         |  2 +-
 6 files changed, 99 insertions(+), 45 deletions(-)
 create mode 100644 .github/workflows/apply-kubernetes.yml

diff --git a/.github/workflows/apply-kubernetes.yml b/.github/workflows/apply-kubernetes.yml
new file mode 100644
index 0000000..875ae05
--- /dev/null
+++ b/.github/workflows/apply-kubernetes.yml
@@ -0,0 +1,32 @@
+name: Apply Kuberentes Configs
+on: [push, workflow_dispatch]
+jobs:
+  update-repo:
+    runs-on: [home-server]
+    steps:
+      - name: checkout repo
+        working-directory: /home/github/infrastructure
+        run: |
+          if [ -d "infrastructure" ]; then
+            cd infrastructure
+              echo "Infrastructure folder exists. Resetting to the most recent commit."
+              git reset --hard HEAD
+              git pull https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }} $(git rev-parse --abbrev-ref HEAD)
+          else
+            git clone https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git
+          fi
+  update-infrastructure:
+    runs-on: [home-server]
+    needs: update-repo 
+    steps:
+      - name: update home server containers
+        env:
+          MY_GITHUB_TOKEN: ${{ secrets.MY_GITHUB_TOKEN }}
+          HOMEASSISTANT_TOKEN: ${{ secrets.HOMEASSISTANT_TOKEN }}
+          GRAFANA_PASSWORD: ${{ secrets.GRAFANA_PASSWORD }}
+          CLOUDFLARE_CONFIG: ${{ secrets.CLOUDFLARE_CONFIG }}
+          COPILOT_TOKEN: ${{ secrets.COPILOT_TOKEN }}
+        working-directory: /home/github/infrastructure/infrastructure
+        run: |
+          kubectl apply -f kuberentes/ingress
+          kubectl apply -f kuberentes/proxy-ingress
\ No newline at end of file
diff --git a/home-server/docker-compose.yml b/home-server/docker-compose.yml
index a137078..248af15 100644
--- a/home-server/docker-compose.yml
+++ b/home-server/docker-compose.yml
@@ -183,33 +183,33 @@ services:
   #     - 0.0.0.0:9162:9162
   # docker run -it --rm  -p 9162:9162 --net=host sfudeus/apcupsd_exporter:master_1.19
 
-  reverse-proxy:
-    image: ghcr.io/linuxserver/swag
-    container_name: reverse-proxy
-    restart: unless-stopped
-    cap_add:
-      - NET_ADMIN
-    environment:
-      - PUID=1000
-      - PGID=1000
-      - TZ=America/Denver
-      - URL=alexmickelson.guru
-      - SUBDOMAINS=wildcard
-      - VALIDATION=dns
-      - DNSPLUGIN=cloudflare
-    volumes:
-      - ./nginx.conf:/config/nginx/site-confs/default.conf
-      - /data/swag:/config
-      - /data/cloudflare/cloudflare.ini:/config/dns-conf/cloudflare.ini
-    ports:
-      - 0.0.0.0:80:80
-      - 0.0.0.0:443:443
-      # - 0.0.0.0:7080:80
-      # - 0.0.0.0:7443:443
-    extra_hosts:
-      - host.docker.internal:host-gateway
-    networks:
-      - proxy
+  # reverse-proxy:
+  #   image: ghcr.io/linuxserver/swag
+  #   container_name: reverse-proxy
+  #   restart: unless-stopped
+  #   cap_add:
+  #     - NET_ADMIN
+  #   environment:
+  #     - PUID=1000
+  #     - PGID=1000
+  #     - TZ=America/Denver
+  #     - URL=alexmickelson.guru
+  #     - SUBDOMAINS=wildcard
+  #     - VALIDATION=dns
+  #     - DNSPLUGIN=cloudflare
+  #   volumes:
+  #     - ./nginx.conf:/config/nginx/site-confs/default.conf
+  #     - /data/swag:/config
+  #     - /data/cloudflare/cloudflare.ini:/config/dns-conf/cloudflare.ini
+  #   ports:
+  #     - 0.0.0.0:80:80
+  #     - 0.0.0.0:443:443
+  #     # - 0.0.0.0:7080:80
+  #     # - 0.0.0.0:7443:443
+  #   extra_hosts:
+  #     - host.docker.internal:host-gateway
+  #   networks:
+  #     - proxy
 
 
   audiobookshelf:
@@ -220,7 +220,6 @@ services:
     volumes:
       - /data/media/audiobooks:/audiobooks
       - /data/media/audiobooks-libation:/audiobooks-libation
-      # - </path/to/podcasts>:/podcasts
       - /data/audiobookshelf/config:/config
       - /data/audiobookshelf/metadata:/metadata
     networks:
diff --git a/kubernetes/jellyfin/deployment.yml b/kubernetes/jellyfin/deployment.yml
index a61dc76..fcdcbbe 100644
--- a/kubernetes/jellyfin/deployment.yml
+++ b/kubernetes/jellyfin/deployment.yml
@@ -13,13 +13,18 @@ spec:
       labels:
         app: jellyfin
     spec:
+      hostNetwork: true
       containers:
         - name: jellyfin
           image: jellyfin/jellyfin
           securityContext:
             runAsUser: 1000
             runAsGroup: 1000
+            supplementalGroups:
+              - 303 # render group for GPU access
           volumeMounts:
+            - name: dri-device
+              mountPath: /dev/dri/renderD128
             - name: config-volume
               mountPath: /config
             - name: cache-volume
@@ -52,4 +57,8 @@ spec:
         - name: tvshows-volume
           hostPath:
             path: /data/jellyfin/tvshows
-      restartPolicy: Always
\ No newline at end of file
+        - name: dri-device
+          hostPath:
+            path: /dev/dri/renderD128
+            type: CharDevice
+      restartPolicy: Always
diff --git a/kubernetes/jellyfin/ingress.yml b/kubernetes/jellyfin/ingress.yml
index 5416f72..b9c1b0c 100644
--- a/kubernetes/jellyfin/ingress.yml
+++ b/kubernetes/jellyfin/ingress.yml
@@ -1,14 +1,14 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: jellyfin-ingress
-  namespace: projects
-spec:
-  rules:
-    - host: jellyfin.alexmickelson.guru
-      http:
-        paths:
-          - path: /
-            backend:
-              service: jellyfin
-              port: 8096
\ No newline at end of file
+# apiVersion: networking.k8s.io/v1
+# kind: Ingress
+# metadata:
+#   name: jellyfin-ingress
+#   namespace: projects
+# spec:
+#   rules:
+#     - host: jellyfin.alexmickelson.guru
+#       http:
+#         paths:
+#           - path: /
+#             backend:
+#               service: jellyfin
+#               port: 8096
\ No newline at end of file
diff --git a/kubernetes/jellyfin/service.yml b/kubernetes/jellyfin/service.yml
index 5fbd4ca..7e753d3 100644
--- a/kubernetes/jellyfin/service.yml
+++ b/kubernetes/jellyfin/service.yml
@@ -10,4 +10,18 @@ spec:
     - protocol: TCP
       port: 8096
       targetPort: 8096
-  type: ClusterIP
\ No newline at end of file
+      nodePort: 30096
+  type: NodePort
+# apiVersion: v1
+# kind: Service
+# metadata:
+#   name: jellyfin
+#   namespace: projects
+# spec:
+#   selector:
+#     app: jellyfin
+#   ports:
+#     - protocol: TCP
+#       port: 8096
+#       targetPort: 8096
+#   type: ClusterIP
\ No newline at end of file
diff --git a/nix/home-manager/work.home.nix b/nix/home-manager/work.home.nix
index d0d1a96..000a485 100644
--- a/nix/home-manager/work.home.nix
+++ b/nix/home-manager/work.home.nix
@@ -53,7 +53,7 @@ in {
     opencodeFlake.packages.${system}.opencode
     bitwarden-desktop
     wiremix
-    moonlight-qt
+    (config.lib.nixGL.wrap moonlight-qt)
     # jan
     # texlivePackages.jetbrainsmono-otf
     # nerd-fonts.fira-code