remove old manifests, categorize media + seedbox manifests

blog.yaml

@@ -1,93 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-    name: blog
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: jekyll
-  namespace: blog
-spec:
-  selector:
-    matchLabels:
-      app: jekyll
-  replicas: 2
-  template:
-    metadata:
-      labels:
-        app: jekyll
-    spec:
-      containers:
-      - name: jekyll
-        image: jibby0/docker-jekyll-webhook:latest
-        ports:
-        - containerPort: 80
-          name: http-web-svc
-        # TODO re-add caching
-        # tbh this whole auto-update thing isn't really necessary with k8s anymore
-        #volumeMounts:
-        #- mountPath: "/vendor"
-        #  name: vendor-cache
-        env:
-        - name: TZ
-          value: America/New_York
-        - name: REPO
-          value: https://github.com/jibby0/blog.git
-        - name: WEBHOOK_SECRET
-        envFrom:
-        - secretRef:
-            name: webhook
-        livenessProbe:
-          httpGet:
-            path: /
-            port: 80
-          failureThreshold: 10
-          initialDelaySeconds: 300
-          periodSeconds: 10
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: jekyll-service
-  namespace: blog
-spec:
-  selector:
-    app: jekyll
-  type: ClusterIP
-  ports:
-  - name: jekyll-port
-    protocol: TCP
-    port: 80
-    targetPort: http-web-svc
----
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: jekyll
-  namespace: blog
-spec:
-  entryPoints:
-  - websecure
-  routes:
-  - kind: Rule
-    match: Host(`jibby.org`)
-    services:
-    - kind: Service
-      name: jekyll-service
-      port: 80
-    middlewares:
-    - name: well-known-redirect
-# HACK: for mastodon
----
-apiVersion: traefik.containo.us/v1alpha1
-kind: Middleware
-metadata:
-  name: well-known-redirect
-  namespace: blog
-spec:
-  redirectRegex:
-    regex: ^https://jibby.org/.well-known/webfinger(.*)
-    replacement: https://mastodon.jibby.org/.well-known/webfinger${1}
-    permanent: true

cloudflared.yaml

@@ -80,15 +80,4 @@ data:
       service: http://uptime-kuma-service.uptime-kuma.svc.cluster.local:3001
     - hostname: status.jibby.org
       service: http://uptime-kuma-service.uptime-kuma.svc.cluster.local:3001
-    # - hostname: mastodon.jibby.org
-    #   service: http://mastodon-service.mastodon.svc.cluster.local:3000
-    # - hostname: streaming-mastodon.jibby.org
-    #   service: http://mastodon-service.mastodon.svc.cluster.local:4000
-    #- hostname: vaultwarden.jibby.org
-    #  service: http://vaultwarden-service.vaultwarden.svc.cluster.local:80
-    #- hostname: vaultwarden.jibby.org
-    #  path: /notifications/hub.*
-    #  service: http://vaultwarden-service.vaultwarden.svc.cluster.local:3012
-    #- hostname: matrix.jibby.org
-    #  service: http://matrix-service.matrix.svc.cluster.local:8008
     - service: http_status:404

mastodon.yaml

@@ -1,145 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-    name: mastodon
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: mastodon-web-pvc
-  namespace: mastodon
-  labels:
-    app: mastodon
-spec:
-  storageClassName: ceph-block
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 5Gi
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: mastodon-sidekiq-pvc
-  namespace: mastodon
-  labels:
-    app: mastodon
-spec:
-  storageClassName: ceph-block
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 5Gi
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: mastodon
-  namespace: mastodon
-spec:
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: mastodon
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: mastodon
-    spec:
-      containers:
-      - name: web
-        image: tootsuite/mastodon:v4.0.2
-        command: ["bash", "-c", "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"]
-        ports:
-        - containerPort: 3000
-          name: http-web-svc
-        envFrom:
-          - secretRef:
-              name: mastodon-secret
-        volumeMounts:
-        - mountPath: "/mastodon/public/system"
-          name: system
-        livenessProbe:
-          httpGet:
-            path: /health
-            port: 3000
-          failureThreshold: 10
-          initialDelaySeconds: 30
-          periodSeconds: 30
-          timeoutSeconds: 10
-      - name: streaming
-        image: tootsuite/mastodon:v4.0.2
-        command: ["node", "./streaming"]
-        ports:
-        - containerPort: 4000
-          name: http-stream-svc
-        envFrom:
-          - secretRef:
-              name: mastodon-secret
-        livenessProbe:
-          httpGet:
-            path: /api/v1/streaming/health
-            port: 4000
-          failureThreshold: 10
-          initialDelaySeconds: 30
-          periodSeconds: 30
-          timeoutSeconds: 10
-      - name: sidekiq
-        image: tootsuite/mastodon:v4.0.2
-        command: ["bundle", "exec", "sidekiq"]
-        envFrom:
-          - secretRef:
-              name: mastodon-secret
-        volumeMounts:
-        - mountPath: "/mastodon/public/system"
-          name: system
-      volumes:
-      - name: system
-        persistentVolumeClaim:
-          claimName: mastodon-web-pvc
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: mastodon-service
-  namespace: mastodon
-spec:
-  selector:
-    app: mastodon
-  type: ClusterIP
-  ports:
-  - name: mast-web-port
-    protocol: TCP
-    port: 3000
-    targetPort: http-web-svc
-  - name: mast-stream-port
-    protocol: TCP
-    port: 4000
-    targetPort: http-stream-svc
----
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: mastodon
-  namespace: mastodon
-spec:
-  entryPoints:
-  - websecure
-  routes:
-  - kind: Rule
-    match: Host(`mastodon.jibby.org`)
-    services:
-    - kind: Service
-      name: mastodon-service
-      port: 3000
-  - kind: Rule
-    match: Host(`streaming.mastodon.jibby.org`)
-    services:
-    - kind: Service
-      name: mastodon-service
-      port: 4000

matrix-pvc.yaml

@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: matrix-pvc
-  namespace: matrix
-  labels:
-    app: matrix
-spec:
-  storageClassName: ceph-block
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 20Gi

matrix.yaml

@@ -1,90 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-    name: matrix
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: matrix-pvc
-  namespace: matrix
-  labels:
-    app: matrix
-spec:
-  storageClassName: ceph-block
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 20Gi
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: matrix
-  namespace: matrix
-spec:
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: matrix
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: matrix
-    spec:
-      containers:
-      - name: matrix
-        image: matrixdotorg/synapse:v1.71.0
-        ports:
-        - containerPort: 8008
-          name: http-web-svc
-        volumeMounts:
-        - mountPath: "/data"
-          name: data
-        livenessProbe:
-          httpGet:
-            path: /_matrix/static
-            port: 8008
-          failureThreshold: 10
-          initialDelaySeconds: 30
-          periodSeconds: 30
-          timeoutSeconds: 10
-      volumes:
-      - name: data
-        persistentVolumeClaim:
-          claimName: matrix-pvc
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: matrix-service
-  namespace: matrix
-spec:
-  selector:
-    app: matrix
-  type: ClusterIP
-  ports:
-  - name: matrix-web-port
-    protocol: TCP
-    port: 8008
-    targetPort: http-web-svc
----
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: matrix
-  namespace: matrix
-spec:
-  entryPoints:
-  - websecure
-  routes:
-  - kind: Rule
-    match: Host(`matrix.jibby.org`)
-    services:
-    - kind: Service
-      name: matrix-service
-      port: 8008

seedbox-sync.Dockerfile

@@ -1,7 +0,0 @@
-FROM python:3.11-alpine
-RUN apk update && \
-    apk add openssh bash rsync && \
-    apk cache clean
-# We need a real user to use SSH. https://superuser.com/questions/1761504/openssh-allow-nonexistent-user-to-login
-RUN addgroup -g 1000 nonroot && \
-    adduser -u 1000 nonroot -G nonroot -s /bin/bash -S

seedbox-sync.yaml

@@ -1,87 +0,0 @@
----
-apiVersion: batch/v1
-kind: CronJob
-metadata:
-  name: seedbox-sync
-  namespace: plex
-spec:
-  schedule: "*/1 * * * *"
-  successfulJobsHistoryLimit: 1
-  failedJobsHistoryLimit: 1
-  concurrencyPolicy: Forbid
-  jobTemplate:
-    spec:
-      template:
-        metadata:
-          labels:
-            app: seedbox-sync
-          annotations:
-            backup.velero.io/backup-volumes-excludes: media
-        spec:
-          restartPolicy: OnFailure
-          containers:
-          - name: seedbox-sync
-            image: jibby0/seedbox-sync
-            command:
-            - /bin/sh
-            - -c
-            # User 1000 runs the script to set folder permissions properly.
-            # We can't change a secret volume owner, so copy the files & chown
-            # them ourselves.
-            - |
-              mkdir /home/nonroot/.ssh &&
-              cp -Lr /ssh/config /ssh/known_hosts /ssh/seedbox_ecdsa /home/nonroot/.ssh &&
-              chmod 400 ~/.ssh/* &&
-              python3 /script/seedbox_sync.py $SEEDBOX_HOST $PATH_TO_COMPLETED $LOCAL_PATH_TO_DOWNLOADING $LOCAL_PATH_TO_PROCESSED $LOCAL_PATH_TO_READY
-            env:
-              - name: LIDARR_MUSIC_PATH
-                value: /media/Music/
-              - name: SEEDBOX_HOST
-                valueFrom:
-                  secretKeyRef:
-                    name: seedbox-sync
-                    key: seedbox-host
-              - name: PATH_TO_COMPLETED
-                valueFrom:
-                  secretKeyRef:
-                    name: seedbox-sync
-                    key: path-to-completed
-              - name: LOCAL_PATH_TO_DOWNLOADING
-                valueFrom:
-                  secretKeyRef:
-                    name: seedbox-sync
-                    key: local-path-to-downloading
-              - name: LOCAL_PATH_TO_PROCESSED
-                valueFrom:
-                  secretKeyRef:
-                    name: seedbox-sync
-                    key: local-path-to-processed
-              - name: LOCAL_PATH_TO_READY
-                valueFrom:
-                  secretKeyRef:
-                    name: seedbox-sync
-                    key: local-path-to-ready
-            volumeMounts:
-            - mountPath: "/media"
-              name: media
-            - mountPath: /script
-              name: seedbox-sync
-            - mountPath: /ssh
-              name: seedbox-sync-ssh
-            securityContext:
-              runAsUser: 1000
-              runAsGroup: 1000
-          volumes:
-          - name: media
-            persistentVolumeClaim:
-              claimName: plex-pvc
-          - name: seedbox-sync
-            configMap:
-              name: seedbox-sync
-              items:
-              - key: seedbox_sync.py
-                path: seedbox_sync.py
-          - name: seedbox-sync-ssh
-            secret:
-              secretName: seedbox-sync-ssh
-              defaultMode: 0777

seedbox_sync.py

@@ -1,69 +0,0 @@
-# rsync files from a seedbox to a local machine, exactly once, over SSH.
-#
-# Why?
-#  *arr requires that any Remote Path Mappings have a local path reflecting its contents. This can be done with NFS or SSHFS, but those are difficult to set up in containers, and get wonky when the remote server reboots.
-#  rsync over SSH + cron doesn't care if the remote machine reboots, and easily runs in a container.
-
-# How?
-#  Usage: sonarr_sync.py my-seedbox /seedbox/path/to/data /local/working /local/metadata /local/data
-#  - Get all file names in my-seedbox:/seedbox/path/to/data
-#  - Get all previously processed file names in /local/metadata
-#  - Diff the above to get newly added files
-#  - For each new file:
-#    - Copy file from my-seedbox to /local/working (used in case of transfer failure)
-#    - Add file name to /local/metadata
-#    - Move file to /local/data
-
-# */1 * * * * /usr/bin/run-one /usr/bin/python3 /path/to/seedbox_sync.py <seedbox host> /seedbox/path/to/completed/ /local/path/to/downloading /local/path/to/processed /local/path/to/ready 2>&1 | /usr/bin/logger -t seedbox
-# Or run it in a k8s cronjob. See seedbox-sync.yaml
-# kubectl -n plex create configmap seedbox-sync --from-file=seedbox_sync.py
-
-
-import subprocess
-import sys
-import concurrent.futures
-
-if len(sys.argv) != 6:
-    print("One or more args are undefined")
-    sys.exit(1)
-
-host, host_data_path, local_working_path, local_metadata_path, local_data_path = sys.argv[1:6]
-
-r = subprocess.run(["ssh", host, "bash", "-c", f"IFS=$'\n'; ls {host_data_path}"], stdout=subprocess.PIPE, check=True)
-
-available_files = {f for f in r.stdout.decode().split('\n') if f}
-
-# There's better ways to list a dir locally, but using bash & ls again reduces possible formatting discrepencies.
-r = subprocess.run(["bash", "-c", f"IFS=$'\n'; ls {local_metadata_path}"], stdout=subprocess.PIPE, check=True)
-
-processed_files = {f for f in r.stdout.decode().split('\n') if f}
-
-new_files = available_files - processed_files
-
-def process_file(new_file: str) -> None:
-    # Be super cautious about empty file names, wouldn't want to `rm -rf` a folder by accident
-    if not new_file:
-        return
-
-    print(f"Processing: {new_file}")
-    subprocess.run(["rsync", "-rsvv", f'{host}:{host_data_path}/{new_file}', f'{local_working_path}'], check=True)
-    subprocess.run(["touch", f'{local_metadata_path}/{new_file}'], check=True)
-
-    print(f"Moving to ready: {new_file}")
-    try:
-        subprocess.run(["mv", f'{local_working_path}/{new_file}', f'{local_data_path}'], check=True)
-    except:
-        subprocess.run(["rm", f'{local_metadata_path}/{new_file}'], check=False)
-        raise
-
-    subprocess.run(["rm", "-rf", f'{local_working_path}/{new_file}'], check=True)
-
-with concurrent.futures.ThreadPoolExecutor(max_workers=8) as executor:
-    future_to_new_files = {executor.submit(process_file, new_file): new_file for new_file in new_files}
-    for future in concurrent.futures.as_completed(future_to_new_files):
-        new_file = future_to_new_files[future]
-        try:
-            data = future.result()
-            print(f"Processed {new_file}")
-        except Exception as exc:
-            print(f"{new_file} generated an exception: {exc}")

selfoss-pvc.yaml

@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: selfoss-pvc
-  namespace: selfoss
-  labels:
-    app: selfoss
-spec:
-  storageClassName: ceph-block
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 2Gi

selfoss.yaml

@@ -1,92 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-    name: selfoss
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: selfoss-pvc
-  namespace: selfoss
-  labels:
-    app: selfoss
-spec:
-  storageClassName: ceph-block
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 2Gi
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: selfoss
-  namespace: selfoss
-spec:
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: selfoss
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: selfoss
-    spec:
-      containers:
-      - name: selfoss
-        image: jibby0/selfoss:2.18
-        ports:
-        - containerPort: 8888
-          name: http-web-svc
-        volumeMounts:
-        - mountPath: "/selfoss/data"
-          name: data
-        env:
-        - name: CRON_PERIOD
-          value: 5m
-        livenessProbe:
-          httpGet:
-            path: /
-            port: 8888
-          failureThreshold: 10
-          initialDelaySeconds: 30
-          periodSeconds: 10
-      volumes:
-      - name: data
-        persistentVolumeClaim:
-          claimName: selfoss-pvc
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: selfoss-service
-  namespace: selfoss
-spec:
-  selector:
-    app: selfoss
-  type: ClusterIP
-  ports:
-  - name: selfoss-web-port
-    protocol: TCP
-    port: 8888
-    targetPort: http-web-svc
----
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: selfoss
-  namespace: selfoss
-spec:
-  entryPoints:
-  - websecure
-  routes:
-  - kind: Rule
-    match: Host(`selfoss.jibby.org`)
-    services:
-    - kind: Service
-      name: selfoss-service
-      port: 8888

vaultwarden-pvc.yaml

@@ -1,20 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-    name: vaultwarden
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: vaultwarden-pvc
-  namespace: vaultwarden
-  labels:
-    app: vaultwarden
-spec:
-  storageClassName: ceph-block
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 2Gi

vaultwarden.yaml

@@ -1,66 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-    name: vaultwarden
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: vaultwarden
-  namespace: vaultwarden
-spec:
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: vaultwarden
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: vaultwarden
-    spec:
-      containers:
-      - name: vaultwarden
-        image: vaultwarden/server:latest
-        ports:
-        - containerPort: 80
-          name: http-web-svc
-        envFrom:
-        - secretRef:
-            name: vaultwarden-secret
-        env:
-        - name: WEBSOCKET_ENABLED
-          value: "true"
-        - name: SIGNUPS_ALLOWED
-          value: "false"
-        volumeMounts:
-        - mountPath: "/data"
-          name: data
-        livenessProbe:
-          httpGet:
-            path: /
-            port: 80
-          failureThreshold: 10
-          initialDelaySeconds: 30
-          periodSeconds: 10
-      volumes:
-      - name: data
-        persistentVolumeClaim:
-          claimName: vaultwarden-pvc
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: vaultwarden-service
-  namespace: vaultwarden
-spec:
-  selector:
-    app: vaultwarden
-  type: ClusterIP
-  ports:
-  - name: vaultwarden-web-port
-    protocol: TCP
-    port: 80
-    targetPort: http-web-svc