joryirving · joryirving · Nov 29, 2024 · Nov 29, 2024
@@ -62,6 +62,10 @@ spec:
       databases: ["bazarr"]
       password:
         type: AlphaNumeric
+    - name: "dashbrr"
+      databases: ["dashbrr"]
+      password:
+        type: AlphaNumeric
     - name: "lubelog"
       databases: ["lubelog"]
       password:

@@ -15,7 +15,7 @@ spec:
       data:
         # App
         BAZARR__API_KEY: '{{ .BAZARR_API_KEY }}'
-        PLEX_TOKEN: "{{ .PLEX_TOKEN }}"
+        PLEX_TOKEN: "{{ .PLEX_API_KEY }"
   dataFrom:
   - extract:
       key: bazarr

@@ -0,0 +1,63 @@
+---
+# yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: &name dashbrr-secret
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: *name
+    template:
+      engineVersion: v2
+      data:
+        # App
+        DASHBRR_RADARR_API_KEY: "{{ .RADARR_API_KEY }}"
+        DASHBRR_SONARR_API_KEY: "{{ .SONARR_API_KEY }}"
+        DASHBRR_PROWLARR_API_KEY: "{{ .PROWLARR_API_KEY }}"
+        DASHBRR_PLEX_API_KEY: "{{ .PLEX_API_KEY }}"
+        # OIDC
+        OIDC_ISSUER: "https://sso.${SECRET_DOMAIN}/application/o/dashbrr/"
+        OIDC_CLIENT_ID: "{{ .DASHBRR_CLIENT_ID }}"
+        OIDC_CLIENT_SECRET: "{{ .DASHBRR_CLIENT_SECRET }}"
+        OIDC_REDIRECT_URL: "https://dashbrr.${SECRET_DOMAIN}/api/auth/callback"
+  dataFrom:
+  - extract:
+      key: radarr
+  - extract:
+      key: sonarr
+  - extract:
+      key: prowlarr
+  - extract:
+      key: plex
+  - extract:
+      key: dashbrr
+---
+# yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: &name dashbrr-db-secret
+spec:
+  refreshInterval: 1m
+  secretStoreRef:
+    name: crunchy-pgo-secrets
+    kind: ClusterSecretStore
+  target:
+    name: dashbrr-secret
+    creationPolicy: Merge
+    deletionPolicy: Retain
+    template:
+      type: Opaque
+      data:
+        DASHBRR__DB_TYPE: postgres
+        DASHBRR__DB_NAME: '{{ .dbname }}'
+        DASHBRR__DB_HOST: '{{ index . "pgbouncer-host" }}'
+        DASHBRR__DB_PORT: '{{ index . "pgbouncer-port" }}'
+        DASHBRR__DB_USER: '{{ .user }}'
+        DASHBRR__DB_PASSWORD: '{{ .password }}'
+  dataFrom:
+  - extract:
+      key: postgres-pguser-dashbrr
@@ -0,0 +1,107 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: &app dashbrr
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.5.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3
+  dependsOn:
+  - name: rook-ceph-cluster
+    namespace: rook-ceph
+  - name: volsync
+    namespace: storage
+  values:
+    controllers:
+      dashbrr:
+        labels:
+          postgres: "true"
+        annotations:
+          reloader.stakater.com/auto: "true"
+        containers:
+          app:
+            image:
+              repository: ghcr.io/autobrr/dashbrr
+              tag: v0.2.0@sha256:b3b898d4bf9b463bf802e7af188de45e6ca08eb96e828b4e9cbfde6e418441ad
+            env:
+              DASHBRR__CONFIG_PATH: /config/config.toml
+              DASHBRR__DB_PATH: /cache/._  # cache path is derived from DASHBRR__DB_PATH
+              DASHBRR__LISTEN_ADDR: 0.0.0.0:8080
+              GIN_MODE: debug
+              TZ: ${TIMEZONE}
+            envFrom:
+            - secretRef:
+                name: dashbrr-secret
+            probes:
+              liveness: &probes
+                enabled: true
+                custom: true
+                spec:
+                  httpGet:
+                    path: /health
+                    port: &port 8080
+                  initialDelaySeconds: 0
+                  periodSeconds: 10
+                  timeoutSeconds: 1
+                  failureThreshold: 3
+              readiness: *probes
+            securityContext:
+              allowPrivilegeEscalation: false
+              readOnlyRootFilesystem: true
+              capabilities: { drop: ["ALL"] }
+            resources:
+              requests:
+                cpu: 100m
+              limits:
+                memory: 2Gi
+    service:
+      app:
+        controller: *app
+        ports:
+          http:
+            port: *port
+    ingress:
+      app:
+        className: internal
+        annotations:
+          # gethomepage.dev/enabled: "true"
+          # gethomepage.dev/group: Downloads
+          # gethomepage.dev/name: dashbrr
+          # gethomepage.dev/icon: dashbrr.png
+          # gethomepage.dev/description: Media stack management
+          # gethomepage.dev/widget.type: dashbrr
+          # gethomepage.dev/widget.url: http://dashbrr.downloads
+          # gethomepage.dev/widget.key: "{{ `{{HOMEPAGE_VAR_DASHBRR_TOKEN}}` }}"
+          external-dns.alpha.kubernetes.io/target: internal.${SECRET_DOMAIN}
+        hosts:
+        - host: "{{ .Release.Name }}.${SECRET_DOMAIN}"
+          paths:
+          - path: /
+            service:
+              identifier: app
+              port: http
+    serviceAccount:
+      create: true
+      name: dashbrr
+    persistence:
+      cache:
+        type: emptyDir
+        sizeLimit: 1Gi
+      config:
+        type: configMap
+        name: dashbrr-config
@@ -0,0 +1,18 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./externalsecret.yaml
+  - ./helmrelease.yaml
+  - ./rbac.yaml
+  - ../../../../../shared/templates/gatus/guarded
+configMapGenerator:
+  - name: dashbrr-config
+    files:
+      - ./resources/config.toml
+    options:
+      annotations:
+        kustomize.toolkit.fluxcd.io/substitute: disabled
+generatorOptions:
+  disableNameSuffixHash: true
@@ -0,0 +1,22 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: dashbrr
+rules:
+  - apiGroups: [""]
+    resources: ["services"]
+    verbs: ["get", "watch", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: dashbrr
+roleRef:
+  kind: ClusterRole
+  name: dashbrr
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: dashbrr
+    namespace: downloads
@@ -0,0 +1,27 @@
+---
+# yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app dashbrr
+  namespace: flux-system
+spec:
+  targetNamespace: downloads
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: crunchy-postgres-operator-cluster
+    - name: crunchy-postgres-stores
+    - name: external-secrets-stores
+  path: ./kubernetes/main/apps/downloads/dashbrr/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-kubernetes
+  wait: false # no flux ks dependents
+  interval: 30m
+  timeout: 5m
+  postBuild:
+    substitute:
+      APP: *app
@@ -7,6 +7,7 @@ resources:
   - ./namespace.yaml
   # Flux-Kustomizations
   - ./bazarr/ks.yaml
+  - ./dashbrr/ks.yaml
   - ./flaresolverr/ks.yaml
   - ./kapowarr/ks.yaml
   - ./metube/ks.yaml

@@ -40,7 +40,7 @@ spec:
         RADARR__POSTGRES__PORT: '{{ index . "pgbouncer-port" }}'
         RADARR__POSTGRES__USER: '{{ .user }}'
         RADARR__POSTGRES__PASSWORD: '{{ .password }}'
-        RADARR__POSTGRES__MAINDB: radarr_main
+        RADARR__POSTGRES__MAINDB: '{{ .dbname }}'
   dataFrom:
   - extract:
       key: postgres-pguser-radarr
@@ -40,7 +40,7 @@ spec:
         READARR__POSTGRES__PORT: '{{ index . "pgbouncer-port" }}'
         READARR__POSTGRES__USER: '{{ .user }}'
         READARR__POSTGRES__PASSWORD: '{{ .password }}'
-        READARR__POSTGRES__MAINDB: readarr_main
+        READARR__POSTGRES__MAINDB: '{{ .dbname }}'
         READARR__POSTGRES__LOGDB: readarr_log
         READARR__POSTGRES__CACHEDB: readarr_cache
   dataFrom:

@@ -13,7 +13,7 @@ spec:
     template:
       engineVersion: v2
       data:
-        PLEX_TOKEN: "{{ .PLEX_TOKEN }}"
+        PLEX_TOKEN: "{{ .PLEX_API_KEY }"
   dataFrom:
   - extract:
       key: plex
@@ -21,7 +21,7 @@ spec:
         KOMETA_MYANIMELIST_LOCALHOST_URL: "{{ .MYANIMELIST_LOCALHOST_URL }}"
         KOMETA_MYANIMELIST_REFRESH_TOKEN: "{{ .MYANIMELIST_REFRESH_TOKEN }}"
         KOMETA_OMDB_API_KEY: "{{ .OMDB_API_KEY }}"
-        KOMETA_PLEX_API_KEY: "{{ .PLEX_TOKEN }}"
+        KOMETA_PLEX_API_KEY: "{{ .PLEX_API_KEY }"
         KOMETA_RADARR_API_KEY: "{{ .RADARR_API_KEY }}"
         KOMETA_SONARR_API_KEY: "{{ .SONARR_API_KEY }}"
         KOMETA_TAUTULLI_API_KEY: "{{ .TAUTULLI_API_KEY }}"

@@ -13,7 +13,7 @@ spec:
     template:
       engineVersion: v2
       data:
-        PLEX_TOKEN: "{{ .PLEX_TOKEN }}"
+        PLEX_TOKEN: "{{ .PLEX_API_KEY }"
         PLEX_POSTER_USERS: "{{ .PLEX_POSTER_USERS }}"
   dataFrom:
   - extract:

@@ -38,7 +38,7 @@ spec:
         HOMEPAGE_VAR_SONARR_TOKEN: "{{ .SONARR_API_KEY }}"
         ## Media
         HOMEPAGE_VAR_OVERSEERR_TOKEN: "{{ .OVERSEERR_API_KEY }}"
-        HOMEPAGE_VAR_PLEX_TOKEN: "{{ .PLEX_TOKEN }}"
+        HOMEPAGE_VAR_PLEX_TOKEN: "{{ .PLEX_API_KEY }"
         HOMEPAGE_VAR_TAUTULLI_TOKEN: "{{ .TAUTULLI_API_KEY }}"
         HOMEPAGE_VAR_KAVITA_USERNAME: "{{ .KAVITA_USERNAME }}"
         HOMEPAGE_VAR_KAVITA_PASSWORD: "{{ .KAVITA_PASSWORD }}"

@@ -1,5 +1,6 @@
 locals {
   oauth_apps = [
+    "dashbrr",
     "grafana",
     "headscale",
     "kyoo",
@@ -20,6 +21,14 @@ module "onepassword_application" {
 # Step 2: Parse the secrets using regex to extract client_id and client_secret
 locals {
   applications = {
+    dashbrr = {
+      client_id     = module.onepassword_application["dashbrr"].fields["DASHBRR_CLIENT_ID"]
+      client_secret = module.onepassword_application["dashbrr"].fields["DASHBRR_CLIENT_SECRET"]
+      group         = authentik_group.monitoring.name
+      icon_url      = "https://raw.githubusercontent.com/joryirving/home-ops/main/docs/src/assets/icons/dashbrr.png"
+      redirect_uri  = "https://dashbrr.${var.cluster_domain}/api/auth/callback"
+      launch_url    = "https://dashbrr.${var.cluster_domain}/api/auth/callback"
+    },
     grafana = {
       client_id     = module.onepassword_application["grafana"].fields["GRAFANA_CLIENT_ID"]
       client_secret = module.onepassword_application["grafana"].fields["GRAFANA_CLIENT_SECRET"]