From fe5419f2eda5b4c67fbe385fdea3e6a122c30dc0 Mon Sep 17 00:00:00 2001
From: Nikolai Rodionov <allanger@badhouseplants.net>
Date: Sat, 22 Mar 2025 16:18:34 +0100
Subject: [PATCH] Migrate navidrome to the org-badhouseplants ns

---
 .../applications/helmfile-badhouseplants.yaml | 18 +++++++
 .../{badhouseplants => }/add-applied-by.yaml  |  0
 .../app-navidrome-private/secrets.yaml        | 28 ++++++++++
 .../app-navidrome-private/values.yaml         | 49 +++++++++++++++++
 .../app-navidrome/values.yaml                 | 54 +++++++++++++++++++
 5 files changed, 149 insertions(+)
 rename kustomizations/kyverno/{badhouseplants => }/add-applied-by.yaml (100%)
 create mode 100644 values/badhouseplants/org-badhouseplants/app-navidrome-private/secrets.yaml
 create mode 100644 values/badhouseplants/org-badhouseplants/app-navidrome-private/values.yaml
 create mode 100644 values/badhouseplants/org-badhouseplants/app-navidrome/values.yaml

diff --git a/installations/applications/helmfile-badhouseplants.yaml b/installations/applications/helmfile-badhouseplants.yaml
index 0b09f70..142e487 100644
--- a/installations/applications/helmfile-badhouseplants.yaml
+++ b/installations/applications/helmfile-badhouseplants.yaml
@@ -51,9 +51,26 @@ releases:
       - template: env-secrets
       - template: ext-database
 
+  - name: app-navidrome
+    chart: allangers-charts/navidrome
+    namespace: org-badhouseplants
+    version: 0.5.0
+    inherit:
+      - template: env-values
+      - template: ext-traefik-middleware
+
+  - name: app-navidrome-private
+    chart: allangers-charts/navidrome
+    namespace: org-badhouseplants
+    version: 0.5.0
+    inherit:
+      - template: env-values
+      - template: env-secrets
+
   - name: navidrome
     chart: allangers-charts/navidrome
     namespace: applications
+    installed: false
     version: 0.5.0
     inherit:
       - template: default-env-values
@@ -63,6 +80,7 @@ releases:
     chart: allangers-charts/navidrome
     namespace: applications
     version: 0.5.0
+    installed: false
     inherit:
       - template: default-env-values
       - template: default-env-secrets
diff --git a/kustomizations/kyverno/badhouseplants/add-applied-by.yaml b/kustomizations/kyverno/add-applied-by.yaml
similarity index 100%
rename from kustomizations/kyverno/badhouseplants/add-applied-by.yaml
rename to kustomizations/kyverno/add-applied-by.yaml
diff --git a/values/badhouseplants/org-badhouseplants/app-navidrome-private/secrets.yaml b/values/badhouseplants/org-badhouseplants/app-navidrome-private/secrets.yaml
new file mode 100644
index 0000000..cd7c52b
--- /dev/null
+++ b/values/badhouseplants/org-badhouseplants/app-navidrome-private/secrets.yaml
@@ -0,0 +1,28 @@
+files:
+    rclone-config:
+        enabled: ENC[AES256_GCM,data:3y4DCg==,iv:n+Pfj4j405WR17aY7RbF6lpOQ58ZQmWrH6dgUTQ0jX4=,tag:xbKEnPnASJTl27ch1Hi00g==,type:bool]
+        sensitive: ENC[AES256_GCM,data:DGby8Q==,iv:nibU4CkdcYlT1F7OkgqE1apUuyJA5M9Vj5x40F9zt3w=,tag:oW+jPP7F1vWY5gf0JyrPdw==,type:bool]
+        remove: []
+        entries:
+            rclone.conf:
+                data: ENC[AES256_GCM,data:m4K3yt7no9mnUOzn/iGtaKqBrDXoLCgxEWV8NacXlOvh7c5ngmTmwoxzTaNxbsCQA7dECYb0dFtPvhF33AqgpcbRnqGrK54v8V+NaldQrgT2up4iQfdYA+sh+yNG3QAXU7eOEBvyFctJ+9dEaBII1sF/xFSkcTwrWkQFTQKLDdNIYU9a8ttEysz0cBWWXL3h9Y7C/mBjPdWIhpaf6Z63hy5P0hnYFftZsVM=,iv:qBBk9xMlZl3FriY2oYk4DQB1EKTsl7/qUj4s8naVvts=,tag:tDUKvK8ZuIxVeJjyUUqeXQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxalE3bUtCWmFVejBJMlZq
+            dUg0U0R2VytsZHZ5QlQ4UGdrRmdsWGhWbEI4Clk1WEZ4U1lEdTJoRVBTbEFXaE1O
+            TW1wb0dycS9HeWdQcUx3KzJKb2kwTVUKLS0tIDU1bE9JWnp3Q3U4V0pVOGs4Z3Rq
+            Q1VsM3orOUZmS3lDaFpNN2g0cnllVWMKqZlPfiIFKn8h56gspbbUhpv9RkL5gF73
+            NzqtFJJwQOGaD3lk2ocaLLkvywJ/DKNf7JupTWlmggHijId4hmpytw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-11-20T15:04:15Z"
+    mac: ENC[AES256_GCM,data:XRmw86oJLHXMAY/SPv6ptQLV1Eocbig6CQSG1SdOO9scMpfgD3tMY43z5aB16DkW+6AG1ti+TS4JRgXKLaSsAmORqRN0yTwGEktiLs0GxhtDvMYwnclj/Cx76WbZyMkgVzCHe7ZsAI+9DrejSFYbB/CzA+8yq1KmMf/L5NWcv7o=,iv:AcYK48ywr2pzNw/HEY5hWOcjdnmnG2/eWp+r/o15Lbk=,tag:HLKLFYFV+7SWUaFYiNUS3g==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.1
diff --git a/values/badhouseplants/org-badhouseplants/app-navidrome-private/values.yaml b/values/badhouseplants/org-badhouseplants/app-navidrome-private/values.yaml
new file mode 100644
index 0000000..9afe45d
--- /dev/null
+++ b/values/badhouseplants/org-badhouseplants/app-navidrome-private/values.yaml
@@ -0,0 +1,49 @@
+shortcuts:
+  hostname: navidrome.badhouseplants.net
+ingress:
+  main:
+    annotations:
+      kubernetes.io/ingress.class: traefik
+      kubernetes.io/tls-acme: "true"
+      kubernetes.io/ingress.allow-http: "false"
+      kubernetes.io/ingress.global-static-ip-name: ""
+      cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
+
+      traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
+env:
+  main:
+    enabled: true
+    sensitive: false
+    remove: []
+    data:
+      ND_MUSICFOLDER: /app/music
+      ND_DATAFOLDER: /app/data
+      ND_LOGLEVEL: info
+      ND_BASEURL: 'https://{{ .Values.shortcuts.hostname }}'
+files:
+  rclone-config:
+    enabled: true
+    sensitive: true
+    remove: []
+    entries:
+      rclone.conf:
+        data: |
+          [music-data]
+          type = s3
+          provider = Minio
+          endpoint = s3.badhouseplants.net
+          location_constraint = us-west-1
+          access_key_id = allanger
+          secret_access_key = fPN3Nv6yDWVnZ7V7eRZ
+  rclone-script:
+    enabled: true
+    sensitive: false
+    remove: []
+    entries:
+      rclone-script:
+        data: |
+          #!/usr/bin/sh
+          while true; do
+            rclone --config /app/rclone.conf sync -P music-data:/music /app/music
+            sleep 10
+          done
diff --git a/values/badhouseplants/org-badhouseplants/app-navidrome/values.yaml b/values/badhouseplants/org-badhouseplants/app-navidrome/values.yaml
new file mode 100644
index 0000000..3376ba1
--- /dev/null
+++ b/values/badhouseplants/org-badhouseplants/app-navidrome/values.yaml
@@ -0,0 +1,54 @@
+middleware:
+  enabled: true
+  middlewares:
+    - name: navidromeauth
+      spec:
+        headers:
+          customRequestHeaders:
+            Remote-User: "guest"
+
+shortcuts:
+  hostname: music.badhouseplants.net
+
+ingress:
+  main:
+    annotations:
+      traefik.ingress.kubernetes.io/router.middlewares: org-badhouseplants-navidromeauth@kubernetescrd
+      kubernetes.io/ingress.class: traefik
+      kubernetes.io/tls-acme: "true"
+      kubernetes.io/ingress.allow-http: "false"
+      kubernetes.io/ingress.global-static-ip-name: ""
+      cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
+      traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
+env:
+  main:
+    enabled: true
+    sensitive: false
+    remove: []
+    data:
+      ND_MUSICFOLDER: /app/music
+      ND_DATAFOLDER: /app/data
+      ND_LOGLEVEL: info
+      ND_BASEURL: 'https://{{ .Values.shortcuts.hostname }}'
+      ND_REVERSEPROXYUSERHEADER: "Remote-User"
+      ND_REVERSEPROXYWHITELIST: "0.0.0.0/0"
+      ND_LASTFM_ENABLED: false
+      ND_LISTENBRAINZ_ENABLED: false
+      ND_ENABLEUSEREDITING: false
+      ND_ENABLEFAVOURITES: false
+      ND_ENABLESTARRATING: false
+      ND_ENABLEEXTERNALSERVICES: false
+      ND_ENABLESHARING: true
+files:
+  rclone-config:
+    enabled: true
+    sensitive: false
+    remove: []
+    entries:
+      rclone.conf:
+        data: |
+          [music-data]
+          type = s3
+          provider = Minio
+          endpoint = s3.badhouseplants.net
+          location_constraint = us-west-1