Merge branch 'main' of https://github.com/illiumst/kubedeploy

apps/emby/base/deployment.yaml

@@ -0,0 +1,68 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: emby
+  labels:
+    app: emby
+  namespace: emby
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: emby
+  template:
+    metadata:
+      labels:
+        app: emby
+    spec:
+      containers:
+      - name: emby
+        image: emby/embyserver:latest
+        ports:
+        - name: http
+          containerPort: 8100
+        - name: https
+          containerPort: 8101
+        - name: http-front
+          containerPort: 8102
+        - name: https-front
+          containerPort: 8103
+        volumeMounts:
+        - mountPath: /config
+          name: config
+        - mountPath: /mnt/share_movie
+          name: media
+          subPath: movie
+        - mountPath: /mnt/share_shows
+          name: media
+          subPath: tvshow
+        - mountPath: /mnt/share_anime
+          name: media
+          subPath: anime
+        - mountPath: /mnt/share_music
+          name: media
+          subPath: music
+        resources:
+          limits:
+            gpu.intel.com/i915: 1 # requesting 1 GPU
+        livenessProbe:
+          httpGet:
+            path: /web/index.html
+            port: 8100
+          timeoutSeconds: 30
+        readinessProbe:
+          httpGet:
+            path: /web/index.html
+            port: 8100
+          timeoutSeconds: 30
+      volumes:
+      - name: config
+        persistentVolumeClaim:
+          claimName: emby
+          readOnly: false
+      - name: media
+        nfs:
+          server: 192.168.178.4
+          path: /mnt/media

apps/emby/base/ingress.yaml

@@ -0,0 +1,15 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: emby
+  namespace: emby
+spec:
+  entryPoints:
+    - websecure-local
+  tls: {}
+  routes:
+  - match: Host(`emby.steffenillium.de`)
+    kind: Rule
+    services:
+    - name: emby
+      port: http

apps/emby/base/pvc.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: emby
+spec:
+  storageClassName: "rook-cephfs"
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 30Gi

apps/emby/base/service.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: emby
+  namespace: emby
+  annotations:
+    metallb.universe.tf/loadBalancerIPs: 192.168.178.104
+spec:
+  ports:
+  - name: http
+    port: 80
+    protocol: TCP
+    targetPort: http
+  selector:
+    app: emby
+  sessionAffinity: None
+  type: LoadBalancer
+  

apps/emby/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: emby
+
+resources:
+- base/deployment.yaml
+- base/ingress.yaml
+- base/pvc.yaml
+- base/service.yaml

apps/gitea/kustomization.yaml

@@ -4,11 +4,10 @@ kind: Kustomization
 namespace: gitea
 
 resources:
-  - base/gitea-ingress.yaml
-  - base/gitea-service.yaml
-  - base/gitea-deployment.yaml
-  - base/gitea-data-pvc.yaml
-  - base/gitea-namespace.yaml
-
+  - base/ingress.yaml
+  - base/service.yaml
+  - base/deployment.yaml
+  - base/pvc.yaml
+  - base/namespace.yaml
 components:
   - ../../components/local-region-selector.yaml

apps/immich/base/immich-secret-sealed.yaml

@@ -0,0 +1,39 @@
+{
+  "kind": "SealedSecret",
+  "apiVersion": "bitnami.com/v1alpha1",
+  "metadata": {
+    "name": "immich-secret",
+    "namespace": "immich",
+    "creationTimestamp": null,
+    "annotations": {
+      "sealedsecrets.bitnami.com/namespace-wide": "true"
+    }
+  },
+  "spec": {
+    "template": {
+      "metadata": {
+        "name": "immich-secret",
+        "namespace": "immich",
+        "creationTimestamp": null,
+        "annotations": {
+          "sealedsecrets.bitnami.com/namespace-wide": "true"
+        }
+      },
+      "type": "Opaque"
+    },
+    "encryptedData": {
+      "DB_DATABASE_NAME": "AgAMldRrZmNXJGz+PpBKygu6Got7SeZ+wZ74jjBE/c26GewW4/SAP3pP3adIfIngeftTIOKKxQhYMjN76hp7O3x5vweJygFRjvwECOyn1feE7vq6mVlAydUtP7XkwLKhZL0EfDh8giKIveWlBaYwTSI7tmHw/MSqLL0L7AlEvdE+uOrTPg1D3CFckGvT2TWe//DPnJ2RPpsJtGlwB9nIyAIHOZ+cjDYxo4Akv5u+l3pP2L+PnbhxhGB7nDvnXoX9jfjAjblfGQ8/oPDdv5pIWoBkuooHksy7GdNXGeoLRWX+XgdpTWpNRT2NX7eid4U3Oxmt4Kzb3LMCYiTn03nJF11r1RpOYBk43hdEfxUHDZ1EgiCDzL+gj7Bduoe1bhphXk0KBoKZM1EHU6XzvJ5lW915feg6/GdAji8OiMX8mRMEmAE2VVUf6SiESjgkEKOYDHa/2QyenEcwgbyg4gocWXvjhrYGwcZg9tu4gc0i+x52Ef19Z22IrGuV0N12Gib2uw3TpjrU50Kn2dIAskeR0C74AtCmjZd9srPTcIp6c76i0xhgMTjUYnETG54KCrxO6TVG7CYY/xpuK5Jgt9RYCTfcGoinjeOp1CLsk4a8a7J+hsEe6JGRETJRW4BLHi3UApT6xw1JH3WWovKdDOY3aHZ0J1t162G2FSNPdHQfkNGU/AC4zBxTzUDw1eVK2vZyC/0bgw4R2zY=",
+      "DB_HOSTNAME": "AgCXIiMfNMEOKik9Pe2I/x60hejjGHqPd4+W66dK1HDZhCZd/n8mcpo1R82fUsK49VeXtvuexFEE85EQ/Imt8htGquP6f17Vw4EuvZ38v8s/jk/LXOn9ymcsKX8EYY3ZLmiNLmDTNyKEcPe5dbV+Ew9qACKPy2nW0LT5W7HBpy+6GZqR39etpUv2URFwDFjfOS4A2jEWUDHVwJTe4n6/OvYGG3wL5xzjKSYgBTAollrVJlvIj6KXPsTFwrOv0YVaNbUPL348Qk3xZUnh0v7DcpLIXFJnqzPcwFgMII9zQafFTzvw7cTjIYMFGoDd70a2Ph6xO+yx3ouu92l45o1r7RJuW2ky5NfbsvBY19b11zdd7Htj76dIWdJcv6qNsekFDekCzJqUoZkGrlS3n4RItuqSyU6qcprEDVDI7ql4JUf6wQglWrTqBi0i1LWUNj6hqkdk/y3VUXtJulpHFATt5gbY/ciccL+zhi24pWRen/f2ffvVKdifkMMaVNQ/LNb3OyJ1o7sC7tpNS15LNNFGxMHEQRuQCG7GGZbjj+DyB1sPb+q1uGDoLaIacbD7ZPqK/HV1mvNhxBIaDo00mbXPjyLn7+Yr2Mj0DNcrJ1gXahWNnBRZd11afOPJjpgwP77jizJwqPsEvThMq+1PalLLcHGDMfDxwKglvF/Btug9YGxkFbB0WKM/puqVwDqNRABKAinZnI6oS5DD5SwME0hgYlX++oHEK0qKJmpWrgjCu6XN2jI=",
+      "DB_PASSWORD": "AgAQDNQJKJ++V2ArACIQ4m715W/7z5/7SMQwGJDVaXQfpb1hBmo3xkxiF5F2TV2ctPttcDsQJSjNaCDqnDXbU/DK4ubVDtevlZYQJs3XHthcMy7LIAO2Z86D8EkP0t7jDRxsgzguWpzfuDndcjgSV6EJWqxDig7I+86IcLv3wX3B05HL5HwHaLIXHsYNQUPxMWLjCeQHgPkLhc1lVwnVk4OEEz8lCcKIicxVXstSGgSg/HCl/Q2AKLm/izom0IX+AvAfiiL/2ERYmOZJjozgtHZlVFzcYIqqDKPSaIJhdnL0fEL8GLqfMUKB0Ot/mtyBN9f20rKIn1PkdS1EjkAGf87EaNlXR4DHTZoDLPffhfodyN2TOM8br6aV015rP/ESyGGIPO2BNCf75vHvr7A1OORAU9ZsfPbvPNQBsyIU+rybCpjMuRhu2KwlZppUhIfvS2PUWDtIJCyCDkgn/sqxFA8M/mTuaKICfLVstvg2fP/8Ys8dEpDOrQ1iR2qRqfQx/JMSAjwqa4Waj/6ZkEqkMPZD0gqowbgWz1vUs1P/s5m+7kYqYtItu50GbiMHpBIVOIFhH5fiFXxlyulQ2eGcggD3fCNysrIOckRmaK324wT3WpmuBM5kAofpRvLe9+8TE/HbjnzSWdmsFmHBnuvDQGRcqXh/g/LfjWTvLojoD1btxbKeUAIog3UvePtDlIMMogdFMnPAHF8CHQ==",
+      "DB_PORT": "AgBFokZN/g6CmG/J3hqnNZEr2HdjwuEv8RBuS/gcsvXgCjN8mXKIJutuF5dX1tlfdXJxlJ6bo7YSTgKl/VcwMO+RD9P4yqjVAumKu4qBrLG/sX0okg5jyRM0YozWG0ZrQ9KQRe/SCT28EEoZMJD8Plucxva5XobC9dACKqyyTkMV9GFGUWBg+mJsa/hwQU8L/rKFAuGICWDHW8Fz4BxG1RqIVaSWPVJCFWcKs0JkvpSF/KkqkyxN9jHRuSg/itdE+w093ZrGpyQzq3B6fXhFkQlMh57u48A9dTpQ5bk/ZTqhYUxem+sCVT+Vbbvif9Lp26DtA2Qdu+egz6PIHAGbRq12zX7x3qzwNCy2Za98HBywY4MJUNzXXhQVZ3gmePsNTeZHw3d/dACp56i1CE5tgK8XxuLGtRquPKoJGJysj5EeCcJNVJHWo8++sHmZzj0DevusjU6MU0DcRorcFpxZzeD6AsA+wfqZW3MvIuPEJQEy1ChAc1qDlCJbZ8wLjE7ymrGJcnJDABXWbsDRw16VdzkfDoSj/kBM9ZVg9hGh6v5SyAPPAEqRRNALjClvFLLz30riuxm8ZfwR7y5nlO1EG9yquKJ9XyoQls5FdvhDxtmGHod+tsjOIuHmsW9p7YOPyTso0ETEC8C9CrDPLLK69apfmlRMhpB5/AL2VAdZwzEA6kS9LBQHNPgfnOq+6mI5gGGDoAR9",
+      "DB_USERNAME": "AgAWJD75hjfjV+ehaS2WZVw66PdIg59otlZYLA/6+qWOCfkxaWN2Q/a+wneNI5ocZLpq9ifES09JOmbDKov1oFsD7bMc9kxrilCTN3qEEFRH/1OrVJlmdIbj9WNwtFEGzi00X0hUJoKCLbcuZQ5eqizCc6lBgi1Z5lWZppYYOVopXdxXfsOT55nlWqAHV7GrdzPLd8R/84zZzGM7dfjZl1Xum5+9e8UIZ7Zx5snrDJ7F3E0Mmvq0maC0xtANGT/KFh5ne343tGsTwEV1OpkYlcoxQNVKXrh4B+GAOLgLQxakIXXBnXXqG/5MuLAF9RdU3vCry4U7syWqYpB3xlH8Gxhnr301752Tovd0OF9lCYIlpYb5SWwNezkxvzhNkogQlfC5Rxa+MAzgwQKeB9J3mxxCxmFIvRhx48b1egi/av2DqPel2+gd/lp6ICXorWhZtBpOPmkrP/sU3E6Pvfa73GVAL3uZh3orZWtqYoViKghtPKGvprqZ3t2jlvoQsNmxd5K8j4TSGzyaXTO45KoFDZsVvsAKT0vEQbbUeSWF79VNRUKmA/DKkhKJzKfgwS2d/s84ync4FqgEk9+cwCH+pvgO/rKWjxXLPdoksAmZ7HEGjAYPhzeYHGpS+Yb548OsaU96kwgmZbVsom0OPXgbo3Aq8MHnX1g4pQeHaWqiEPn91MA+gY4NY0kl9cDcx1JNZf6csr6K+t5Rog==",
+      "HOST": "AgADOOOtKb0YtyiRsEZ172MNIcuzxqrxTMQ3nUVteWAi9WYduLUj6L/ByMW5df3lintbeB74XJalLafBwDj59olj6sdQl6kaWR6msyqgQIKQaDD9C7G+A26ntN7HF7Azl9W9mAWWFnc+wemB8l5vA4XCLtCOBJN1LhWJBlZauMmBAj5K4Q3aXew81iddOD2GpKnocWD+VIX2BltnLUPnIWp5DKJhqKZp00yYR1jOGkXU/ZxprCRrpZZ3kLObTA+qjz3RFuUXo8KGMlS+ZwMGrM43sCvcNnwj2snIxBvlFvrM9G2woOsRsjTwFFNUG36jTqoYF3xp62MPp5m4F82E9paWK49WdVCx6pIrtXq0gmCn4lMC8drGXXBBKumPMZPkJssAMR0MfKyTk+bQtoDSnMIHkierf9wRJoOeADHNCuaJFDZ/GSwzA7ge9PxxellRrtpfqKhTpTOifAZgm5UvKG+z6S7Qqjnmg2Y4dx6Uya9iQrdyG5Pn9vMXfSjOsFQUWzg5NLErcugvOT9oxtF3Gy8RPFsnWS1XY/fCMPK+TRVp9u9tbazgiTngaD8lVF2VB+2tUf+S84cWsyxHMShkIbNs0SsSTu8jWqYDNK7KhetEwXOS+d8tTDUc05Pji9hbE3b3LHGBTLudGnUcdftfLoxXstDdBRLtib380gzfszjoBHeaBqbdWTVLqxgmXG7qytK+z2shac4p",
+      "MACHINE_LEARNING_PORT": "AgB6Q2YlX0QyBhurB8N5H088GeB2OQU3LVc6X9Df34Xglbqa52fDXsSEQLYNzlCNV/Tm58r2BIhuJyURxE3tlpxskBmU2uQtN6g1DJVdseYuf6kYU3nFpL4UKOKFLFZJ8+VjbVckCqR5Lb/M1mjGkiOdSy21Lhy2l+VNcrXYVdyXGfeV+SPantplAPUjSMCzOER+uvowFQhXVe5Cz+ZRm7pd61Gl331UU9JdcKeGnkb154rk+NK614sqZOu3ceFUk9CjlftL2HhlRQNTnHTJt3n0J9ks/8V3H7n2wDYccOQjVyaEwNUDSkBUFSUUaG9oOoRmeO8oralyuJBeZ2WYClNUB3V6bpG+xgDVERNhRMOls8/uWr2vwZycrDcvTbZ2AFad/iwaxupEYMklNS9ck9UxsrIKZan/sxK01ZZdOGjWmoUoPUdhfwcXmiGP67od/3aGiBc4ReEZID1l/4zWAD6j318DmRa1IQ9E7S5eEHYg7xFLeW8TgrJKpZG1ZtV6O5dT4aiw3cMqZuuyerRvBgQqdCe9i2iwdfBN1Y/lTETNRpHPiQhoZZeslA90R3dXtvZffGXxcqxx1N4z9n5CjitiFtaHmeBRPTiwas72eVhocRqhdoy7qKgqHo/4m6Ku9RhAMMLV5k+7mGqRhg1WJcKgip2xpMB9vP9R5AVH9d4NQn8De9CLZq9OWtKcnmnRahFtocM+",
+      "MICROSERVICES_PORT": "AgB3z7pO1R6yh9Dv+hPkiLDagSE3jhPZ6Pn7Bb9m+j440uu/6QttzqQcNGlCf1zhxShax9sx5PeSC8HPrLBHdg8WPUh9yr0kzVD+tSAoa/o+TkJXj3+n1OrqD56Q0L4y2+WmRgUD0pn4Lxgi1ZPRqvSS4siuzd5svGEslgweKCOI8aUTiZrgetRS/Smset8N+47CeypZ/HOz76EQpwid5JmkmOgI4f7DhgfcQV7hbiQwubKTnmcBcHy73U8qs7w+VHICGV1BRIxeityNIFCKlhhFzjbZFYJ7oWtqKDYaJySsPauH9TfbVkkUP7Epk3bVF7o4kYbGFbrKbJkQbc7jj/0I/+j0d/nD6QSl+sVfXcLxNuxupUeGdCSFZNEDJ5KYxFsHmWD5HJvg3G3efOmRmOuejS/SWJ2zlntFhr8iP/u+I7AkBkTFLUd3ZIwfETOPDhPc2Dw0Z2re0r1qEdY9aHuU7cxRzTMNDOqq7TOo1CnlGnzICmFQIdUuHBe4Pl/kEM+l890KY6tyKdGl18heJyG729oYfdgtMF76dpn5jAvgnUBj4qrgKedhM0KjhrZtUUbbkb/cDvY78wWrpvTxmxJ7DkdR1G5E5zUkAIniwNJSd9wd6+ZnFWzJxdy2F1n0jhOKavHMsB1udl/4uh4F0kwiKClWv6u/WthN8BKciyNnjSQHbzfCMqtfOLZfs0N1H1lmkgE6",
+      "REDIS_HOSTNAME": "AgAwZGG8kusJSnTpF3O/L2PeuvNsdP90AJrrx9JYZFQjkVpIGDYMWX5qdj62VklVJGEZBToVccDHP15CN1y+uO1vstYRaR612l5PiFyJ2jizOEyHA1wI4hcXQ/fHL/e9PjbI8OaLdoDR8skgWk5GseIijdXeQLNDZCnrmuOvQHMm6JO1/YnAr1Rprnf0WZTuRRg7WpfUjQDEl6vD1RS7goB83jqAR9plRX282swPBUQgK5YNwQzdAeXvgl/otyLdIw6OZkzmPOJMOS/tsZmXOiHs8Tyi/qXW7VI67blVqrw4ZUUzB+Kmnkk9MBvmIqvGBTgkdQuINTlDobRz3f205uT5f1bNVczyStcZH0sYFGgbSESGujj4K79SSwKRYfCpRv+7gsCrlLcJHvGmXfktl8GjoYobS8p/zWr+eDOl46ZnCJySSp7iG/x5JXNoD2LjWwxS9kvBL95PLDoLPNNsJGlVVHTNg8jsrHn5CDGNh5PrL7poXtmZm7zJx291tRhzHPdgKnecZatbdkak0I9c4gDw6xq7CbFKQqLOegeysmhiAoQjV8c0cd7j4a5TGl0BkVDBdkF6sTrptq/BLC1qnl1MiyaQMsSLom5d5+tc1uOj+pYQ+jmp17q7zQBFw6JeSDGV7Cuolhy1H5iHXBwVupvrRGnXbUWPyd/pgLAcCaeUGWeeyXv/rrTHtGLJIX8C2Z4tDJLuRzUDm4ewVGOyBBTo7zXNMwmegSapbCVu4+g=",
+      "REDIS_PORT": "AgAsxaqu13fPe4TMsscIALRcxNj5ezwaswLGbhizFoSkhgCP/hvoYkmuTmFBpaBrRHGcb+suXYx4o6RTT/eQC8oKQhjqvCncRkJ/pWvWu4ZnuB/19TDFCUc5LqYFyfo2LCXqHIskcX+pVZKRh52pCc15x8AsdmQ1oi/4cmvlov3sawchkIPOzq+NGq6ZGq9y97rbh2MTzaQUyz1lIVMNhz8XrtgF1OTM7iGo8d/8rBeVRxfeZozp5zToGRMNv3YlUy1I/bvHmX0J28AmohuyIB3JmlPI6XSJsE0XmDeb2HK+48onq1VyPHd22iboPBwaPi2N0D31hGBcwNJd8smivpdcUM4PCjyDAOCZumN6HsMpO+TfPOrtZFsouq0QTH/7WFWHCLklWpwKRbFSvvwsqzU2fs6sJevzTN5FPo4CwQKkqlxcLWGxgDkAew4288vIsy0Pp4nyiZ9m2219ct73jCS7OhVqaJD3KqiMYcCYpV1ltjmWyZNsgqJDRu7Pj9IAshq/28T7JN8PHj50MhKEZ8EHPtPI4diaqzuRoba8NkL4utDuOfGCMjlhEUpRDUhb9pyEwOLJcXMNAHx793tWCZ+h4QSUncr2o+K+Hh4MbStyYcKv4GZpbZ8WRx9J08XCct088DmH11oqEaomZs3H5HkRKdZDllgrctysRJFCW0YhxFVoB5wOObNOsnIPHgB+uMPA0gbr",
+      "SERVER_PORT": "AgAWxRUjZuFoKixJhAnsocNbkxWsXUiljPKabPcSEMPYk0JkvUbqdilBDj5plIaazLfNxcaKIaIIP9HNSXsACpz/E9zG/N/nXXGYDq0mnDGQgxEwIUixSMlzv73GBWn1IZB2MhaPkiLSTY6JKEDMKzj5bPRgHKxNbf9BWiDzKFYbdt6qOalJ4xTx0m7s2fwJoB3m5GYfRbcwTYvePqLJlr8ntuY4jFgEXd9DQRg/O77Dt3KWAsR08SRWA6qI2j3pWN3tzFdbLvRwsEHRqYZtM+UWQ742esdjU6Z2jG7KWNNb/PZxpICDYfTzdm3SxMhcriHnRd/WffHT5GbImuhCMnlL9skSMe2SIglPxk5F0n5LCDvUw1JEZTnxOsn0TE6vTrxZcYIZ5CsZzZR7oX1+dvWAU4QKgeq08GUo0Fjx+fm2E4lGqOmCQ1AYkqjfjokH1uw3J1m7vu8HiGuO/8ZX/DnUucQrRMcULmXpSp6OJwRidnFpeg+1TV/HcNldABqkQuCe4aEAvdoUU2r1OJPApSgNVAGE/vEFEnh5s8myASlIWjl+BLMOWqqzXtUScdHoJUwYNED/QQPIIIgTKu/3mYKu2XsBxruFY773LMA/rPWYt4RPsVxKruq2BDFpsbT9LbOOTd26H/Q+Xkq2sRb8UOwEfcoB/nVcrcDUlQ45QvMip+cjBMYXUu54vv3A78QFphJZD09F",
+      "TYPESENSE_API_KEY": "AgCNHh6Bs57I11mI3gNlkny1yxqzBzZ5PaftMnQstIBlzTw6hWuGLqFUdbtFjJ8XYYUCZQ7ubcxWMySyr4J9Xqeh6TTTLNv3rAFLoD1qL7o1xpkSqRJe2O2Q80wIYmFOtFKZMnzEJGrLjuDX1DJj1A2O2zI9sHR8hg85QrunvvSTQNz9zYlBLYy6Aa0MoNcZApXKLpLw7+s+oL9jN9BfG723nJhVilCi3z1dWs9Ydjyj0JK05C9VpJuC5tqmOH8TmrM178ZFdWcMBtS1db4T4hIlGehQPtCGyyy2kBjTPOsi9XbYUuq0N+4e/gPciogIibzsCdx8p307r8/aK6f00BGyrbA4YlGVJZYBbSBbgjqZospoWQ48CjnCxR7fYouZISLuXkdRlOsijD8YMosAeMF0cHPje+pw/h5UhDzPeqtLrB3Av34PDFij0brdMiEGOECdFyOUsMcoYzGjLz0b+SANGM9o/Gy2CJwREn2e9dvX8XzpZTbb/91SJZNli7nlFPAX8aENe9AbQpSwMvW38iAqQECtsYgXoR8821q/RG699YLRLKh3xxZZA5qkuE/fIKaq3p+cZuUT4CT/OUL9XQpNW63PiUML+TPN/mhtx+MCFcNuvdZG7kPAjPe0gu4BEMUrch//WxiudYrYpCM2aIuGzws8NeWv4nnc+tQTkxZgBmtgtCHLrTe8vsAtzwfYSW8IqJJn3YWeFcYQWarQs5wjiCNfrJSd6G5X"
+    }
+  }
+}

apps/immich/base/ingress.yaml

@@ -0,0 +1,15 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: immich
+  namespace: immich
+spec:
+  entryPoints:
+    - websecure-local
+  tls: {}
+  routes:
+  - match: Host(`photos.steffenillium.de`)
+    kind: Rule
+    services:
+    - name: server
+      port: server

apps/immich/base/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ingress.yaml
+- pvc.yaml
+- immich-secret-sealed.yaml

apps/immich/base/pvc.yaml

@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    app: pgdata
+  name: pgdata
+spec:
+  storageClassName: rook-cephfs
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 10Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    app: model-cache
+  name: model-cache
+spec:
+  storageClassName: rook-cephfs
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 5Gi

apps/immich/deployment/database.yaml

@@ -0,0 +1,38 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: database
+  name: database
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: database
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: database
+    spec:
+      containers:
+        - image: registry.hub.docker.com/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
+          name: immich-postgres
+          envFrom:
+            - secretRef:
+                name: immich-secret
+          resources: {}
+          volumeMounts:
+            - mountPath: /var/lib/postgresql/data
+              name: pgdata
+          ports:
+            - name: http
+              containerPort: 5432
+              hostPort: 5432
+              protocol: TCP
+      restartPolicy: Always
+      volumes:
+        - name: pgdata
+          persistentVolumeClaim:
+            claimName: pgdata

apps/immich/deployment/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- database.yaml
+- redis.yaml
+- server.yaml

apps/immich/deployment/machine-learning.yaml

@@ -0,0 +1,35 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: immich-machine-learning
+  name: immich-machine-learning
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: immich-machine-learning
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: immich-machine-learning
+    spec:
+      containers:
+        - image: ghcr.io/immich-app/immich-machine-learning:release
+          name: immich-machine-learning
+          resources: {}
+          ports:
+            - name: http
+              containerPort: 3003
+              hostPort: 3003
+              protocol: TCP          
+          volumeMounts:
+            - mountPath: /cache
+              name: model-cache
+      restartPolicy: Always
+      volumes:
+        - name: model-cache
+          persistentVolumeClaim:
+            claimName: model-cache

apps/immich/deployment/redis.yaml

@@ -0,0 +1,27 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: redis
+  name: redis
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: redis
+  strategy: {}
+  template:
+    metadata:
+      labels:
+        app: redis
+    spec:
+      containers:
+        - image: registry.hub.docker.com/library/redis:6.2-alpine@sha256:84882e87b54734154586e5f8abd4dce69fe7311315e2fc6d67c29614c8de2672
+          name: immich-redis
+          resources: {}
+          ports:
+            - name: http
+              containerPort: 6379
+              hostPort: 6379
+              protocol: TCP
+      restartPolicy: Always

apps/immich/deployment/server.yaml

@@ -0,0 +1,67 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: server
+  name: server
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: server
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: server
+    spec:
+      containers:
+        - args:
+            - start.sh
+            - microservices
+          envFrom:
+            - secretRef:
+                name: immich-secret
+          image: ghcr.io/immich-app/immich-server:release
+          name: microservices
+          ports:
+            - name: microservices
+              containerPort: 3002
+              hostPort: 3002
+              protocol: TCP
+          resources: {}
+          volumeMounts:
+            - mountPath: /usr/src/app/upload
+              name: photos
+              subPath: upload
+            - mountPath: /usr/src/app/external
+              name: photos
+        - args:
+            - start.sh
+            - immich
+          envFrom:
+            - secretRef:
+                name: immich-secret
+          image: ghcr.io/immich-app/immich-server:release
+          name: server
+          ports:
+            - name: server
+              containerPort: 3001
+              hostPort: 3001
+              protocol: TCP
+          resources: {}
+          volumeMounts:
+            - mountPath: /usr/src/app/upload
+              name: photos
+              subPath: upload
+            - mountPath: /usr/src/app/external
+              name: photos
+              readOnly: true
+      restartPolicy: Always
+      volumes:
+        - name: photos
+          nfs:
+            server: 192.168.178.4
+            path: /mnt/photos
+            readOnly: false

apps/immich/kustomization.yaml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: immich
+
+resources:
+- deployment
+- base
+- service

apps/immich/service/database.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: database
+  name: database
+spec:
+  ports:
+    - name: "http"
+      port: 5432
+      targetPort: http
+  selector:
+    app: database

apps/immich/service/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- database.yaml
+- redis.yaml
+- server.yaml

apps/immich/service/machine-learning.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: machine-learning
+  name: machine-learning
+spec:
+  ports:
+    - name: "http"
+      port: 3003
+      targetPort: http
+  selector:
+    app: machine-learning

apps/immich/service/redis.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: redis
+  name: redis
+spec:
+  ports:
+    - name: "http"
+      port: 6379
+      targetPort: http
+  selector:
+    app: redis

apps/immich/service/server.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: server
+  name: server
+spec:
+  ports:
+    - name: "server"
+      port: 3001
+      targetPort: server
+    - name: "microservices"
+      port: 3002
+      targetPort: microservices
+  selector:
+    app: server

apps/nextcloud/base/deployment.yaml

@@ -18,11 +18,13 @@ spec:
     spec:
       containers:
         - name: cron
-          image: nextcloud
+          image: nextcloud:latest
           volumeMounts:
             - mountPath: /var/www/html
-              name: nextcloud-pvc
+              name: nextcloud
               subPath: html
+            - mountPath: /var/www/html/data
+              name: nextcloud-data
           command: [ "/cron.sh" ]
           resources: {}
         - image: mariadb
@@ -59,7 +61,7 @@ spec:
               protocol: TCP
           volumeMounts:
             - mountPath: /var/lib/mysql
-              name: nextcloud-pvc
+              name: nextcloud
               subPath: db-storage
         - image: redis:alpine
           name: redis
@@ -98,15 +100,20 @@ spec:
           resources: {}
           volumeMounts:
             - mountPath: /var/www/html
-              name: nextcloud-pvc
+              name: nextcloud
               subPath: html
             - mountPath: /var/www/html/data
-              name: nextcloud-pvc
-              subPath: data
+              name: nextcloud-data
       restartPolicy: Always
       volumes:
-        - name: nextcloud-pvc
+        - name: nextcloud
+          persistentVolumeClaim:
+            claimName: nextcloud
+        - name: nextcloud-data
           nfs:
             server: 192.168.178.4
-            path: /mnt/storage/service/nextcloud
-            readOnly: false
+            path: /mnt/storage/service/nextcloud/data
+            readOnly: false
+
+
+            

apps/nextcloud/base/kustomization.yaml

@@ -4,7 +4,8 @@ kind: Kustomization
 namespace: nextcloud
 
 resources:
-- nextcloud.yaml
+- deployment.yaml
+- pvc.yaml
 - service.yaml
 - ingress.yaml
 - middleware.yaml

apps/nextcloud/base/pvc.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nextcloud
+spec:
+  storageClassName: "rook-cephfs"
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 40Gi

apps/paperless/base/deployment.yaml

@@ -25,7 +25,7 @@ spec:
               memory: "1Gi"
           volumeMounts:
             - mountPath: /var/lib/postgresql/data
-              name: paperless-pvc
+              name: paperless
               subPath: pgdata
           ports:
             - containerPort: 5432
@@ -52,13 +52,12 @@ spec:
           resources: {}
           volumeMounts:
             - mountPath: /usr/src/paperless/data
-              name: paperless-pvc
+              name: paperless
               subPath: app
             - mountPath: /usr/src/paperless/media
-              name: paperless-pvc
-              subPath: media
+              name: paperless-media
             - mountPath: /usr/src/paperless/consume
-              name: paperless-pvc
+              name: paperless
               subPath: consume
           env:
             - name: DEBUG
@@ -103,8 +102,11 @@ spec:
               memory: "1Gi"
       restartPolicy: Always
       volumes:
-        - name: paperless-pvc
+        - name: paperless
+          persistentVolumeClaim:
+            claimName: paperless
+        - name:  paperless-media
           nfs:
             server: 192.168.178.4
-            path: /mnt/storage/service/paperless
+            path: /mnt/storage/service/paperless/media
             readOnly: false

apps/paperless/base/pvc.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: paperless
+spec:
+  storageClassName: "rook-cephfs"
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 20Gi

apps/paperless/kustomization.yaml

@@ -4,10 +4,11 @@ kind: Kustomization
 namespace: paperless
 
 resources:
+- base/pvc.yaml
 - base/paperless-secret-sealed.yaml
 - base/paperless-ingress.yaml
 - base/paperless-service.yaml
-- base/paperless.yaml
+- base/deployment.yaml
 - base/paperless-namespace.yaml
 
 components:

apps/vaultwarden/base/pvc.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: vaultwarden
+spec:
+  storageClassName: "rook-cephfs"
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 10Gi

apps/vaultwarden/base/vaultwarden-data-pvc.yaml

@@ -1,44 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: vaultwarden
-spec:
-  accessModes:
-  - ReadWriteMany
-  capacity:
-    storage: 20Gi
-  csi:
-    driver: cephfs.csi.ceph.com
-    nodeStageSecretRef:
-      # node stage secret name
-      name: csi-cephfs-secret
-      # node stage secret namespace where above secret is created
-      namespace: default
-    volumeAttributes:
-      # optional file system to be mounted
-      "fsName": "myfs"
-      # Required options from storageclass parameters need to be added in volumeAttributes
-      "clusterID": "99c133b4-bd71-4eb9-9c00-ced76abf2a40"
-      # "staticVolume": "true"
-      "rootPath": /volumes/csi/vaultwarden/aa82dc92-5ed0-4d99-b156-670f51b05a6b
-    # volumeHandle can be anything, need not to be same
-    # as PV name or volume name. keeping same for brevity
-    volumeHandle: vaultwarden
-  persistentVolumeReclaimPolicy: Retain
-  volumeMode: Filesystem
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  labels:
-    app: vaultwarden
-  name: vaultwarden
-spec:
-  storageClassName: ""
-  volumeMode: Filesystem
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 20Gi
-  volumeName: vaultwarden

apps/vaultwarden/kustomization.yaml

@@ -4,12 +4,12 @@ kind: Kustomization
 namespace: vaultwarden
 
 resources:
-- base/vaultwarden-ingress.yaml
-- base/vaultwarden-data-pvc.yaml
-- base/vaultwarden-deployment.yaml
-- base/vaultwarden-namespace.yaml
-- base/vaultwarden-secret-sealed.yaml
-- base/vaultwarden-service.yaml
+- base/ingress.yaml
+- base/pvc.yaml
+- base/deployment.yaml
+- base/namespace.yaml
+- base/secret-sealed.yaml
+- base/service.yaml
 
 components:
   - ../../components/local-region-selector.yaml