From 81bac518012c74fd677fab272fa2c50ca98e427a Mon Sep 17 00:00:00 2001
From: Nikolai Rodionov <allanger@badhouseplants.net>
Date: Sun, 1 Dec 2024 23:15:42 +0100
Subject: [PATCH] install navidrome private

---
 .../applications/helmfile-badhouseplants.yaml |  8 ++++
 .../secrets.navidrome-private.yaml            | 28 +++++++++++
 .../values.navidrome-private.yaml             | 48 +++++++++++++++++++
 3 files changed, 84 insertions(+)
 create mode 100644 values/badhouseplants/secrets.navidrome-private.yaml
 create mode 100644 values/badhouseplants/values.navidrome-private.yaml

diff --git a/installations/applications/helmfile-badhouseplants.yaml b/installations/applications/helmfile-badhouseplants.yaml
index 79939f8..70df5c2 100644
--- a/installations/applications/helmfile-badhouseplants.yaml
+++ b/installations/applications/helmfile-badhouseplants.yaml
@@ -31,6 +31,7 @@ releases:
   - name: funkwhale
     chart: ananace-charts/funkwhale
     namespace: applications
+    installed: false
     version: 2.0.5
     inherit:
       - template: default-env-values
@@ -75,6 +76,13 @@ releases:
     inherit:
       - template: default-env-values
       - template: ext-traefik-middleware
+  - name: navidrome-private
+    chart: allangers-charts/navidrome
+    namespace: applications
+    version: 0.2.0
+    inherit:
+      - template: default-env-values
+      - template: default-env-secrets
   - name: server-xray-public
     chart: allangers-charts/server-xray
     namespace: public-xray
diff --git a/values/badhouseplants/secrets.navidrome-private.yaml b/values/badhouseplants/secrets.navidrome-private.yaml
new file mode 100644
index 0000000..cd7c52b
--- /dev/null
+++ b/values/badhouseplants/secrets.navidrome-private.yaml
@@ -0,0 +1,28 @@
+files:
+    rclone-config:
+        enabled: ENC[AES256_GCM,data:3y4DCg==,iv:n+Pfj4j405WR17aY7RbF6lpOQ58ZQmWrH6dgUTQ0jX4=,tag:xbKEnPnASJTl27ch1Hi00g==,type:bool]
+        sensitive: ENC[AES256_GCM,data:DGby8Q==,iv:nibU4CkdcYlT1F7OkgqE1apUuyJA5M9Vj5x40F9zt3w=,tag:oW+jPP7F1vWY5gf0JyrPdw==,type:bool]
+        remove: []
+        entries:
+            rclone.conf:
+                data: ENC[AES256_GCM,data:m4K3yt7no9mnUOzn/iGtaKqBrDXoLCgxEWV8NacXlOvh7c5ngmTmwoxzTaNxbsCQA7dECYb0dFtPvhF33AqgpcbRnqGrK54v8V+NaldQrgT2up4iQfdYA+sh+yNG3QAXU7eOEBvyFctJ+9dEaBII1sF/xFSkcTwrWkQFTQKLDdNIYU9a8ttEysz0cBWWXL3h9Y7C/mBjPdWIhpaf6Z63hy5P0hnYFftZsVM=,iv:qBBk9xMlZl3FriY2oYk4DQB1EKTsl7/qUj4s8naVvts=,tag:tDUKvK8ZuIxVeJjyUUqeXQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxalE3bUtCWmFVejBJMlZq
+            dUg0U0R2VytsZHZ5QlQ4UGdrRmdsWGhWbEI4Clk1WEZ4U1lEdTJoRVBTbEFXaE1O
+            TW1wb0dycS9HeWdQcUx3KzJKb2kwTVUKLS0tIDU1bE9JWnp3Q3U4V0pVOGs4Z3Rq
+            Q1VsM3orOUZmS3lDaFpNN2g0cnllVWMKqZlPfiIFKn8h56gspbbUhpv9RkL5gF73
+            NzqtFJJwQOGaD3lk2ocaLLkvywJ/DKNf7JupTWlmggHijId4hmpytw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-11-20T15:04:15Z"
+    mac: ENC[AES256_GCM,data:XRmw86oJLHXMAY/SPv6ptQLV1Eocbig6CQSG1SdOO9scMpfgD3tMY43z5aB16DkW+6AG1ti+TS4JRgXKLaSsAmORqRN0yTwGEktiLs0GxhtDvMYwnclj/Cx76WbZyMkgVzCHe7ZsAI+9DrejSFYbB/CzA+8yq1KmMf/L5NWcv7o=,iv:AcYK48ywr2pzNw/HEY5hWOcjdnmnG2/eWp+r/o15Lbk=,tag:HLKLFYFV+7SWUaFYiNUS3g==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.1
diff --git a/values/badhouseplants/values.navidrome-private.yaml b/values/badhouseplants/values.navidrome-private.yaml
new file mode 100644
index 0000000..572503f
--- /dev/null
+++ b/values/badhouseplants/values.navidrome-private.yaml
@@ -0,0 +1,48 @@
+shortcuts:
+  hostname: navidrome.badhouseplants.net
+ingress:
+  main:
+    annotations:
+      kubernetes.io/ingress.class: traefik
+      kubernetes.io/tls-acme: "true"
+      kubernetes.io/ingress.allow-http: "false"
+      kubernetes.io/ingress.global-static-ip-name: ""
+      cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
+      traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
+env:
+  main:
+    enabled: true
+    sensitive: false
+    remove: []
+    data:
+      ND_MUSICFOLDER: /app/music
+      ND_DATAFOLDER: /app/data
+      ND_LOGLEVEL: info
+      ND_BASEURL: 'https://{{ .Values.shortcuts.hostname }}'
+files:
+  rclone-config:
+    enabled: true
+    sensitive: true
+    remove: []
+    entries:
+      rclone.conf:
+        data: |
+          [music-data]
+          type = s3
+          provider = Minio
+          endpoint = s3.badhouseplants.net
+          location_constraint = us-west-1
+          access_key_id = allanger
+          secret_access_key = fPN3Nv6yDWVnZ7V7eRZ
+  rclone-script:
+    enabled: true
+    sensitive: false
+    remove: []
+    entries:
+      rclone-script:
+        data: |
+          #!/usr/bin/sh
+          while true; do
+            rclone --config /app/rclone.conf sync -P music-data:/music /app/music
+            sleep 10
+          done