diff --git a/home-server/docker-compose.yml b/home-server/docker-compose.yml index 56feb2a..ddeb634 100644 --- a/home-server/docker-compose.yml +++ b/home-server/docker-compose.yml @@ -1,23 +1,23 @@ services: - jellyfin: - image: jellyfin/jellyfin - container_name: jellyfin - user: 1000:1000 - network_mode: "host" - volumes: - - /data/jellyfin/config:/config - - /data/jellyfin/cache:/cache - - /data/media/music/tagged:/music - - /data/media/movies:/movies - - /data/media/tvshows:/tvshows - - /data/nextcloud/html/data/alex/files/Documents/home-video:/home-videos:ro - restart: "unless-stopped" - group_add: - - "303" # getent group render | cut -d: -f3 - devices: - - /dev/dri/renderD128:/dev/dri/renderD128 - environment: - - JELLYFIN_PublishedServerUrl=https://jellyfin.alexmickelson.guru + # jellyfin: + # image: jellyfin/jellyfin + # container_name: jellyfin + # user: 1000:1000 + # network_mode: "host" + # volumes: + # - /data/jellyfin/config:/config + # - /data/jellyfin/cache:/cache + # - /data/media/music/tagged:/music + # - /data/media/movies:/movies + # - /data/media/tvshows:/tvshows + # - /data/nextcloud/html/data/alex/files/Documents/home-video:/home-videos:ro + # restart: "unless-stopped" + # group_add: + # - "303" # getent group render | cut -d: -f3 + # devices: + # - /dev/dri/renderD128:/dev/dri/renderD128 + # environment: + # - JELLYFIN_PublishedServerUrl=https://jellyfin.alexmickelson.guru nextcloud: build: @@ -102,38 +102,6 @@ services: restart: always network_mode: host - - # zwave-js-ui: - # container_name: zwave-js-ui - # image: zwavejs/zwave-js-ui:latest - # restart: always - # tty: true - # stop_signal: SIGINT - # environment: - # - SESSION_SECRET=iqpwoeinf9384bw3p48gbwer - # - TZ=America/Denver - # devices: - # # Do not use /dev/ttyUSBX serial devices, as those mappings can change over time. - # # Instead, use the /dev/serial/by-id/X serial device for your Z-Wave stick. - # # - '/dev/serial/by-id/insert_stick_reference_here:/dev/zwave' - # - /dev/serial/by-id/usb-Silicon_Labs_HubZ_Smart_Home_Controller_31500417-if00-port0:/dev/serial/by-id/usb-Silicon_Labs_HubZ_Smart_Home_Controller_31500417-if00-port0 - # - /dev/serial/by-id/usb-Silicon_Labs_HubZ_Smart_Home_Controller_31500417-if01-port0:/dev/serial/by-id/usb-Silicon_Labs_HubZ_Smart_Home_Controller_31500417-if01-port0 - # volumes: - # - /data/zwave:/usr/src/app/store - # ports: - # - '3050:8091' - # - '3051:3051' - - # music-assistant-server: - # image: ghcr.io/music-assistant/server:2 - # container_name: music-assistant-server - # restart: unless-stopped - # network_mode: host - # volumes: - # - /data/music-assistant-server/data:/data/ - # environment: - # - LOG_LEVEL=info - prometheus: image: public.ecr.aws/bitnami/prometheus:2 container_name: prometheus @@ -168,70 +136,6 @@ services: ports: - 3000:3000 - # acpupsd_exporter: - # image: sfudeus/apcupsd_exporter:master_1.19 - # container_name: apcupsd_exporter - # restart: always - # extra_hosts: - # - host.docker.internal:host-gateway - # command: -apcupsd.addr host.docker.internal:3551 - # ports: - # - 0.0.0.0:9162:9162 - # docker run -it --rm -p 9162:9162 --net=host sfudeus/apcupsd_exporter:master_1.19 - - # reverse-proxy: - # image: ghcr.io/linuxserver/swag - # container_name: reverse-proxy - # restart: unless-stopped - # cap_add: - # - NET_ADMIN - # environment: - # - PUID=1000 - # - PGID=1000 - # - TZ=America/Denver - # - URL=alexmickelson.guru - # - SUBDOMAINS=wildcard - # - VALIDATION=dns - # - DNSPLUGIN=cloudflare - # volumes: - # - ./nginx.conf:/config/nginx/site-confs/default.conf - # - /data/swag:/config - # - /data/cloudflare/cloudflare.ini:/config/dns-conf/cloudflare.ini - # ports: - # - 0.0.0.0:80:80 - # - 0.0.0.0:443:443 - # # - 0.0.0.0:7080:80 - # # - 0.0.0.0:7443:443 - # extra_hosts: - # - host.docker.internal:host-gateway - # networks: - # - proxy - - - # audiobookshelf: - # image: ghcr.io/advplyr/audiobookshelf:latest - # restart: unless-stopped - # ports: - # - 13378:80 - # volumes: - # - /data/media/audiobooks:/audiobooks - # - /data/media/audiobooks-libation:/audiobooks-libation - # - /data/audiobookshelf/config:/config - # - /data/audiobookshelf/metadata:/metadata - # networks: - # - proxy - - copilot-api: - image: node:latest - working_dir: /app - command: sh -c "npm cache clean --force && npx copilot-api@latest start --github-token $COPILOT_TOKEN --port 4444" - environment: - - COPILOT_TOKEN=${COPILOT_TOKEN} - ports: - - "4444:4444" - restart: unless-stopped - networks: - - proxy esphome: container_name: esphome diff --git a/kubernetes/jellyfin/deployment.yml b/kubernetes/jellyfin/deployment.yml index fcdcbbe..d5b1b00 100644 --- a/kubernetes/jellyfin/deployment.yml +++ b/kubernetes/jellyfin/deployment.yml @@ -1,8 +1,13 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: jellyfin +--- apiVersion: apps/v1 kind: Deployment metadata: name: jellyfin - namespace: projects + namespace: jellyfin spec: replicas: 1 selector: @@ -14,14 +19,16 @@ spec: app: jellyfin spec: hostNetwork: true + securityContext: + fsGroup: 1000 + supplementalGroups: + - 303 # render group for GPU access containers: - name: jellyfin image: jellyfin/jellyfin securityContext: runAsUser: 1000 runAsGroup: 1000 - supplementalGroups: - - 303 # render group for GPU access volumeMounts: - name: dri-device mountPath: /dev/dri/renderD128 @@ -35,6 +42,9 @@ spec: mountPath: /movies - name: tvshows-volume mountPath: /tvshows + - name: home-videos-volume + mountPath: /home-videos + readOnly: true ports: - containerPort: 8096 name: jellyfin @@ -50,15 +60,58 @@ spec: path: /data/jellyfin/cache - name: music-volume hostPath: - path: /data/jellyfin/music + path: /data/media/music/tagged - name: movies-volume hostPath: - path: /data/jellyfin/movies + path: /data/media/movies - name: tvshows-volume hostPath: - path: /data/jellyfin/tvshows + path: /data/media/tvshows + - name: home-videos-volume + hostPath: + path: /data/nextcloud/html/data/alex/files/Documents/home-video - name: dri-device hostPath: path: /dev/dri/renderD128 type: CharDevice restartPolicy: Always +--- +apiVersion: v1 +kind: Service +metadata: + name: jellyfin + namespace: jellyfin +spec: + selector: + app: jellyfin + ports: + - name: http + protocol: TCP + port: 8096 + targetPort: 8096 + type: ClusterIP +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: jellyfin + namespace: jellyfin + annotations: + cert-manager.io/cluster-issuer: cloudflare-issuer +spec: + ingressClassName: nginx + tls: + - hosts: + - jellyfin.alexmickelson.guru + secretName: jellyfin-tls + rules: + - host: jellyfin.alexmickelson.guru + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: jellyfin + port: + number: 8096 diff --git a/kubernetes/jellyfin/ingress.yml b/kubernetes/jellyfin/ingress.yml deleted file mode 100644 index b9c1b0c..0000000 --- a/kubernetes/jellyfin/ingress.yml +++ /dev/null @@ -1,14 +0,0 @@ -# apiVersion: networking.k8s.io/v1 -# kind: Ingress -# metadata: -# name: jellyfin-ingress -# namespace: projects -# spec: -# rules: -# - host: jellyfin.alexmickelson.guru -# http: -# paths: -# - path: / -# backend: -# service: jellyfin -# port: 8096 \ No newline at end of file diff --git a/kubernetes/jellyfin/service.yml b/kubernetes/jellyfin/service.yml deleted file mode 100644 index 7e753d3..0000000 --- a/kubernetes/jellyfin/service.yml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: jellyfin - namespace: projects -spec: - selector: - app: jellyfin - ports: - - protocol: TCP - port: 8096 - targetPort: 8096 - nodePort: 30096 - type: NodePort -# apiVersion: v1 -# kind: Service -# metadata: -# name: jellyfin -# namespace: projects -# spec: -# selector: -# app: jellyfin -# ports: -# - protocol: TCP -# port: 8096 -# targetPort: 8096 -# type: ClusterIP \ No newline at end of file diff --git a/kubernetes/minecraft/minecraft-dep.yml b/kubernetes/minecraft/minecraft-dep.yml index 6891f00..3114be7 100644 --- a/kubernetes/minecraft/minecraft-dep.yml +++ b/kubernetes/minecraft/minecraft-dep.yml @@ -1,96 +1,100 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: minecraft +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: minecraft + namespace: minecraft +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app: minecraft + template: + metadata: + labels: + app: minecraft + spec: + containers: + - name: tailscale + image: tailscale/tailscale:latest + env: + - name: TS_STATE_DIR + value: "/var/lib/tailscale" + - name: TS_KUBE_SECRET + value: "" + - name: TS_AUTHKEY + value: "tskey-auth-REPLACE_ME" + - name: TS_HOSTNAME + value: "minecraft" + volumeMounts: + - name: tailscale-data + mountPath: /var/lib/tailscale + - name: dev-tun + mountPath: /dev/net/tun + securityContext: + capabilities: + add: + - NET_ADMIN + - SYS_MODULE + - name: minecraft + image: itzg/minecraft-server:java21 + stdin: true + tty: true + env: + - name: EULA + value: "true" + - name: MEMORY + value: "6G" + - name: CF_OVERRIDES_EXCLUSIONS + value: | + # Not applicable for server side + shaderpacks/** + volumeMounts: + - name: minecraft-data + mountPath: /data + - name: modpacks + mountPath: /modpacks + readOnly: true + resources: + requests: + memory: "6Gi" + limits: + memory: "8Gi" + volumes: + - name: minecraft-data + hostPath: + path: /data/minecraft/data + type: DirectoryOrCreate + - name: modpacks + hostPath: + path: /data/minecraft/modpacks + type: DirectoryOrCreate + - name: tailscale-data + hostPath: + path: /data/minecraft/tailscale + type: DirectoryOrCreate + - name: dev-tun + hostPath: + path: /dev/net/tun + type: CharDevice +--- # apiVersion: v1 -# kind: Namespace -# metadata: -# name: minecraft -# --- -# apiVersion: apps/v1 -# kind: Deployment +# kind: Service # metadata: # name: minecraft # namespace: minecraft # spec: -# replicas: 1 # selector: -# matchLabels: -# app: minecraft -# template: -# metadata: -# labels: -# app: minecraft -# spec: -# containers: -# - name: tailscale -# image: tailscale/tailscale:latest -# env: -# - name: TS_STATE_DIR -# value: "/var/lib/tailscale" -# - name: TS_AUTHKEY -# value: "tskey-auth-REPLACE_ME" -# - name: TS_HOSTNAME -# value: "minecraft" -# volumeMounts: -# - name: tailscale-data -# mountPath: /var/lib/tailscale -# - name: dev-tun -# mountPath: /dev/net/tun -# securityContext: -# capabilities: -# add: -# - NET_ADMIN -# - SYS_MODULE -# - name: minecraft -# image: itzg/minecraft-server:java21 -# stdin: true -# tty: true -# env: -# - name: EULA -# value: "true" -# - name: MEMORY -# value: "6G" -# - name: CF_OVERRIDES_EXCLUSIONS -# value: | -# # Not applicable for server side -# shaderpacks/** -# volumeMounts: -# - name: minecraft-data -# mountPath: /data -# - name: modpacks -# mountPath: /modpacks -# readOnly: true -# resources: -# requests: -# memory: "6Gi" -# limits: -# memory: "8Gi" -# volumes: -# - name: minecraft-data -# hostPath: -# path: /data/minecraft/data -# type: DirectoryOrCreate -# - name: modpacks -# hostPath: -# path: /data/minecraft/modpacks -# type: DirectoryOrCreate -# - name: tailscale-data -# hostPath: -# path: /data/minecraft/tailscale-data -# type: DirectoryOrCreate -# - name: dev-tun -# hostPath: -# path: /dev/net/tun -# type: CharDevice -# --- -# # apiVersion: v1 -# # kind: Service -# # metadata: -# # name: minecraft -# # namespace: minecraft -# # spec: -# # selector: -# # app: minecraft -# # ports: -# # - name: minecraft -# # protocol: TCP -# # port: 25565 -# # targetPort: 25565 -# # type: ClusterIP +# app: minecraft +# ports: +# - name: minecraft +# protocol: TCP +# port: 25565 +# targetPort: 25565 +# type: ClusterIP diff --git a/kubernetes/proxy-ingress/audiobook-proxy-ingress.yml b/kubernetes/proxy-ingress/audiobook-proxy-ingress.yml deleted file mode 100644 index 966144d..0000000 --- a/kubernetes/proxy-ingress/audiobook-proxy-ingress.yml +++ /dev/null @@ -1,53 +0,0 @@ -# apiVersion: networking.k8s.io/v1 -# kind: Ingress -# metadata: -# name: audiobookshelf-ingress -# namespace: projects -# annotations: -# cert-manager.io/cluster-issuer: cloudflare-issuer -# spec: -# ingressClassName: nginx -# tls: -# - hosts: -# - audiobook.alexmickelson.guru -# secretName: audiobookshelf-tls-cert -# rules: -# - host: audiobook.alexmickelson.guru -# http: -# paths: -# - path: / -# pathType: Prefix -# backend: -# service: -# name: audiobookshelf -# port: -# number: 13378 -# --- -# apiVersion: v1 -# kind: Service -# metadata: -# name: audiobookshelf -# namespace: projects -# spec: -# ports: -# - port: 13378 -# targetPort: 13378 -# protocol: TCP -# --- -# apiVersion: discovery.k8s.io/v1 -# kind: EndpointSlice -# metadata: -# name: audiobookshelf -# namespace: projects -# labels: -# kubernetes.io/service-name: audiobookshelf -# addressType: IPv4 -# ports: -# - name: http -# port: 13378 -# protocol: TCP -# endpoints: -# - addresses: -# - 100.122.128.107 -# conditions: -# ready: true diff --git a/kubernetes/proxy-ingress/copilot-proxy-ingress.yml b/kubernetes/proxy-ingress/copilot-proxy-ingress.yml deleted file mode 100644 index d9cd842..0000000 --- a/kubernetes/proxy-ingress/copilot-proxy-ingress.yml +++ /dev/null @@ -1,53 +0,0 @@ -# apiVersion: networking.k8s.io/v1 -# kind: Ingress -# metadata: -# name: copilot-ingress -# namespace: projects -# annotations: -# cert-manager.io/cluster-issuer: cloudflare-issuer -# spec: -# ingressClassName: nginx -# tls: -# - hosts: -# - copilot.alexmickelson.guru -# secretName: copilot-tls-cert -# rules: -# - host: copilot.alexmickelson.guru -# http: -# paths: -# - path: / -# pathType: Prefix -# backend: -# service: -# name: copilot -# port: -# number: 4444 -# --- -# apiVersion: v1 -# kind: Service -# metadata: -# name: copilot -# namespace: projects -# spec: -# ports: -# - port: 4444 -# targetPort: 4444 -# protocol: TCP -# --- -# apiVersion: discovery.k8s.io/v1 -# kind: EndpointSlice -# metadata: -# name: copilot -# namespace: projects -# labels: -# kubernetes.io/service-name: copilot -# addressType: IPv4 -# ports: -# - name: http -# port: 4444 -# protocol: TCP -# endpoints: -# - addresses: -# - 100.122.128.107 -# conditions: -# ready: true diff --git a/kubernetes/proxy-ingress/ha-proxy-ingress.yml b/kubernetes/proxy-ingress/ha-proxy-ingress.yml deleted file mode 100644 index faf27b8..0000000 --- a/kubernetes/proxy-ingress/ha-proxy-ingress.yml +++ /dev/null @@ -1,53 +0,0 @@ -# apiVersion: networking.k8s.io/v1 -# kind: Ingress -# metadata: -# name: home-assistant-ingress -# namespace: projects -# annotations: -# cert-manager.io/cluster-issuer: cloudflare-issuer -# spec: -# ingressClassName: nginx -# tls: -# - hosts: -# - ha.alexmickelson.guru -# secretName: ha-tls-cert -# rules: -# - host: ha.alexmickelson.guru -# http: -# paths: -# - path: / -# pathType: Prefix -# backend: -# service: -# name: home-assistant -# port: -# number: 8123 -# --- -# apiVersion: v1 -# kind: Service -# metadata: -# name: home-assistant -# namespace: projects -# spec: -# ports: -# - port: 8123 -# targetPort: 8123 -# protocol: TCP -# --- -# apiVersion: discovery.k8s.io/v1 -# kind: EndpointSlice -# metadata: -# name: home-assistant -# namespace: projects -# labels: -# kubernetes.io/service-name: home-assistant -# addressType: IPv4 -# ports: -# - name: http -# port: 8123 -# protocol: TCP -# endpoints: -# - addresses: -# - 100.122.128.107 -# conditions: -# ready: true diff --git a/kubernetes/proxy-ingress/musicassistant-proxy-ingress.yml b/kubernetes/proxy-ingress/musicassistant-proxy-ingress.yml deleted file mode 100644 index ac0c118..0000000 --- a/kubernetes/proxy-ingress/musicassistant-proxy-ingress.yml +++ /dev/null @@ -1,53 +0,0 @@ -# apiVersion: networking.k8s.io/v1 -# kind: Ingress -# metadata: -# name: musicassistant-ingress -# namespace: projects -# annotations: -# cert-manager.io/cluster-issuer: cloudflare-issuer -# spec: -# ingressClassName: nginx -# tls: -# - hosts: -# - sound.alexmickelson.guru -# secretName: sound-tls-cert -# rules: -# - host: sound.alexmickelson.guru -# http: -# paths: -# - path: / -# pathType: Prefix -# backend: -# service: -# name: musicassistant -# port: -# number: 8095 -# --- -# apiVersion: v1 -# kind: Service -# metadata: -# name: musicassistant -# namespace: projects -# spec: -# ports: -# - port: 8095 -# targetPort: 8095 -# protocol: TCP -# --- -# apiVersion: discovery.k8s.io/v1 -# kind: EndpointSlice -# metadata: -# name: musicassistant -# namespace: projects -# labels: -# kubernetes.io/service-name: musicassistant -# addressType: IPv4 -# ports: -# - name: http -# port: 8095 -# protocol: TCP -# endpoints: -# - addresses: -# - 100.122.128.107 -# conditions: -# ready: true