diff --git a/installations/applications/helmfile-badhouseplants.yaml b/installations/applications/helmfile-badhouseplants.yaml
index 0b09f70..142e487 100644
--- a/installations/applications/helmfile-badhouseplants.yaml
+++ b/installations/applications/helmfile-badhouseplants.yaml
@@ -51,9 +51,26 @@ releases:
- template: env-secrets
- template: ext-database
+ - name: app-navidrome
+ chart: allangers-charts/navidrome
+ namespace: org-badhouseplants
+ version: 0.5.0
+ inherit:
+ - template: env-values
+ - template: ext-traefik-middleware
+
+ - name: app-navidrome-private
+ chart: allangers-charts/navidrome
+ namespace: org-badhouseplants
+ version: 0.5.0
+ inherit:
+ - template: env-values
+ - template: env-secrets
+
- name: navidrome
chart: allangers-charts/navidrome
namespace: applications
+ installed: false
version: 0.5.0
inherit:
- template: default-env-values
@@ -63,6 +80,7 @@ releases:
chart: allangers-charts/navidrome
namespace: applications
version: 0.5.0
+ installed: false
inherit:
- template: default-env-values
- template: default-env-secrets
diff --git a/kustomizations/kyverno/badhouseplants/add-applied-by.yaml b/kustomizations/kyverno/add-applied-by.yaml
similarity index 100%
rename from kustomizations/kyverno/badhouseplants/add-applied-by.yaml
rename to kustomizations/kyverno/add-applied-by.yaml
diff --git a/values/badhouseplants/org-badhouseplants/app-navidrome-private/secrets.yaml b/values/badhouseplants/org-badhouseplants/app-navidrome-private/secrets.yaml
new file mode 100644
index 0000000..cd7c52b
--- /dev/null
+++ b/values/badhouseplants/org-badhouseplants/app-navidrome-private/secrets.yaml
@@ -0,0 +1,28 @@
+files:
+ rclone-config:
+ enabled: ENC[AES256_GCM,data:3y4DCg==,iv:n+Pfj4j405WR17aY7RbF6lpOQ58ZQmWrH6dgUTQ0jX4=,tag:xbKEnPnASJTl27ch1Hi00g==,type:bool]
+ sensitive: ENC[AES256_GCM,data:DGby8Q==,iv:nibU4CkdcYlT1F7OkgqE1apUuyJA5M9Vj5x40F9zt3w=,tag:oW+jPP7F1vWY5gf0JyrPdw==,type:bool]
+ remove: []
+ entries:
+ rclone.conf:
+ data: ENC[AES256_GCM,data:m4K3yt7no9mnUOzn/iGtaKqBrDXoLCgxEWV8NacXlOvh7c5ngmTmwoxzTaNxbsCQA7dECYb0dFtPvhF33AqgpcbRnqGrK54v8V+NaldQrgT2up4iQfdYA+sh+yNG3QAXU7eOEBvyFctJ+9dEaBII1sF/xFSkcTwrWkQFTQKLDdNIYU9a8ttEysz0cBWWXL3h9Y7C/mBjPdWIhpaf6Z63hy5P0hnYFftZsVM=,iv:qBBk9xMlZl3FriY2oYk4DQB1EKTsl7/qUj4s8naVvts=,tag:tDUKvK8ZuIxVeJjyUUqeXQ==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxalE3bUtCWmFVejBJMlZq
+ dUg0U0R2VytsZHZ5QlQ4UGdrRmdsWGhWbEI4Clk1WEZ4U1lEdTJoRVBTbEFXaE1O
+ TW1wb0dycS9HeWdQcUx3KzJKb2kwTVUKLS0tIDU1bE9JWnp3Q3U4V0pVOGs4Z3Rq
+ Q1VsM3orOUZmS3lDaFpNN2g0cnllVWMKqZlPfiIFKn8h56gspbbUhpv9RkL5gF73
+ NzqtFJJwQOGaD3lk2ocaLLkvywJ/DKNf7JupTWlmggHijId4hmpytw==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2024-11-20T15:04:15Z"
+ mac: ENC[AES256_GCM,data:XRmw86oJLHXMAY/SPv6ptQLV1Eocbig6CQSG1SdOO9scMpfgD3tMY43z5aB16DkW+6AG1ti+TS4JRgXKLaSsAmORqRN0yTwGEktiLs0GxhtDvMYwnclj/Cx76WbZyMkgVzCHe7ZsAI+9DrejSFYbB/CzA+8yq1KmMf/L5NWcv7o=,iv:AcYK48ywr2pzNw/HEY5hWOcjdnmnG2/eWp+r/o15Lbk=,tag:HLKLFYFV+7SWUaFYiNUS3g==,type:str]
+ pgp: []
+ unencrypted_suffix: _unencrypted
+ version: 3.9.1
diff --git a/values/badhouseplants/org-badhouseplants/app-navidrome-private/values.yaml b/values/badhouseplants/org-badhouseplants/app-navidrome-private/values.yaml
new file mode 100644
index 0000000..9afe45d
--- /dev/null
+++ b/values/badhouseplants/org-badhouseplants/app-navidrome-private/values.yaml
@@ -0,0 +1,49 @@
+shortcuts:
+ hostname: navidrome.badhouseplants.net
+ingress:
+ main:
+ annotations:
+ kubernetes.io/ingress.class: traefik
+ kubernetes.io/tls-acme: "true"
+ kubernetes.io/ingress.allow-http: "false"
+ kubernetes.io/ingress.global-static-ip-name: ""
+ cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
+
+ traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
+env:
+ main:
+ enabled: true
+ sensitive: false
+ remove: []
+ data:
+ ND_MUSICFOLDER: /app/music
+ ND_DATAFOLDER: /app/data
+ ND_LOGLEVEL: info
+ ND_BASEURL: 'https://{{ .Values.shortcuts.hostname }}'
+files:
+ rclone-config:
+ enabled: true
+ sensitive: true
+ remove: []
+ entries:
+ rclone.conf:
+ data: |
+ [music-data]
+ type = s3
+ provider = Minio
+ endpoint = s3.badhouseplants.net
+ location_constraint = us-west-1
+ access_key_id = allanger
+ secret_access_key = fPN3Nv6yDWVnZ7V7eRZ
+ rclone-script:
+ enabled: true
+ sensitive: false
+ remove: []
+ entries:
+ rclone-script:
+ data: |
+ #!/usr/bin/sh
+ while true; do
+ rclone --config /app/rclone.conf sync -P music-data:/music /app/music
+ sleep 10
+ done
diff --git a/values/badhouseplants/org-badhouseplants/app-navidrome/values.yaml b/values/badhouseplants/org-badhouseplants/app-navidrome/values.yaml
new file mode 100644
index 0000000..3376ba1
--- /dev/null
+++ b/values/badhouseplants/org-badhouseplants/app-navidrome/values.yaml
@@ -0,0 +1,54 @@
+middleware:
+ enabled: true
+ middlewares:
+ - name: navidromeauth
+ spec:
+ headers:
+ customRequestHeaders:
+ Remote-User: "guest"
+
+shortcuts:
+ hostname: music.badhouseplants.net
+
+ingress:
+ main:
+ annotations:
+ traefik.ingress.kubernetes.io/router.middlewares: org-badhouseplants-navidromeauth@kubernetescrd
+ kubernetes.io/ingress.class: traefik
+ kubernetes.io/tls-acme: "true"
+ kubernetes.io/ingress.allow-http: "false"
+ kubernetes.io/ingress.global-static-ip-name: ""
+ cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
+ traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
+env:
+ main:
+ enabled: true
+ sensitive: false
+ remove: []
+ data:
+ ND_MUSICFOLDER: /app/music
+ ND_DATAFOLDER: /app/data
+ ND_LOGLEVEL: info
+ ND_BASEURL: 'https://{{ .Values.shortcuts.hostname }}'
+ ND_REVERSEPROXYUSERHEADER: "Remote-User"
+ ND_REVERSEPROXYWHITELIST: "0.0.0.0/0"
+ ND_LASTFM_ENABLED: false
+ ND_LISTENBRAINZ_ENABLED: false
+ ND_ENABLEUSEREDITING: false
+ ND_ENABLEFAVOURITES: false
+ ND_ENABLESTARRATING: false
+ ND_ENABLEEXTERNALSERVICES: false
+ ND_ENABLESHARING: true
+files:
+ rclone-config:
+ enabled: true
+ sensitive: false
+ remove: []
+ entries:
+ rclone.conf:
+ data: |
+ [music-data]
+ type = s3
+ provider = Minio
+ endpoint = s3.badhouseplants.net
+ location_constraint = us-west-1