Skip to content

Commit

Permalink
sonarr
Browse files Browse the repository at this point in the history
  • Loading branch information
@jalim
jalim committed Mar 16, 2024
1 parent b63e47f commit 7ad495a
Show file tree
Hide file tree
Showing 6 changed files with 572 additions and 2 deletions.
2 changes: 1 addition & 1 deletion kubernetes/main/apps/default/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ resources:
- ./sabnzbd/ks.yaml
- ./smtp-relay/ks.yaml
- ./sonarr-kids/ks.yaml
# - ./sonarr/ks.yaml
- ./sonarr/ks.yaml
- ./tautulli/ks.yaml
- ./unpackerr/ks.yaml
# - ./authelia/ks.yaml
Expand Down
183 changes: 183 additions & 0 deletions kubernetes/main/bootstrap/talos/matchbox/assets/k8s-0.secret.sops.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,183 @@
version: v1alpha1
debug: false
persist: true
machine:
type: controlplane
token: ENC[AES256_GCM,data:+5rwSMhG2eKwXkgv6ogrFa/s/M7h9Dw=,iv:8YjOB6bkYhbunOxX6W9xbbta5o+qtWTOM25Cg+JWIvg=,tag:syBUjgr/hOnMDPX7mpfCjg==,type:str]
ca:
crt: ENC[AES256_GCM,data:/ByLOKvDHnYFn1hPqbjI6Tq7hvC5T5DNn5Z7hDY3Wp0BBrSUIzZAMegRd8yA/5tYfQlDtHGsA8iW3GVtyBncNJ2XsJnxVS8A9MAMzM88D3+GRQZZSPPudmZmXiEdcMBgL7Jn3XnBfX9CMMCQzB+da6JkJmcMoEi5mAP7G3eXTMVXtm/djmJScXGhIYmtw3HLiViWYpKHGKH2x5UPjBqpf9EYb96CA3Dw42vO8I39ESDFGLOiPVYYFMcrBhP9PiQMr/pKFlpfI6XzejXZsO6AWVS+TrKhfn4CjinPOoYyWUsqIHjhA14ma6hEYG9xO+QWbgzJiNaQbuYQTHkvs9VSsrvc9VuhbnFT9hW8IjKKTkjmVB5sCjZSjorAVkMjA4sEGVxW/ddr/E0/SNBivwknTGvAXczQNyQktk4v8rL5FXiK7ZfkBeXQ5KBcGf95Jn78IOLYIzDhRKSoCV8/c1roymdDB3DEo4I6J05xv8h2Xg4ezpQh57q5A/ufLFcEItk7pCVKWRYW7d4dOWm3hPWoHb7YbJ9kPn5Mg0MuwQLpsoQiEDBe6XOPlCQrcb2tw/W3qKbNveCXUWyiVQng7T4JlbwYb0rRcPtF+Hcu37NCMlrzqAtHKfHEnukoCV/CRp/Wsmtg1ZPw9jeLmT0jvhhIry+oybhnkBu5piG+t/vbxkeSHowwKGH1kP0GE7qGRWONGq4LrPxvVH/BH/6IG6un+SxyRk0y5KELJYd+tzJ04x+6b6uzmGW8tZjdTC6qSKx1yly229x9+ZYfqTB6YILYMC1Of+Fhx+PqRWnf+++wDYwNRZWzH/W+gHTxyEl0iK7ww2E8i1zezrSiYfTZEB+Rng1uTmsr+m+yEqAThtql7FV8c+Gy,iv:hmC2sTV0wIMxA/UxTXzoTAMpldEokO+Abtguhn9S5UI=,tag:M3cM5KMjbTwq9qeOX63DKw==,type:str]
key: ENC[AES256_GCM,data:s+16FAzGtK6Uf9G7bAHT1UgMFOR6GR1A0kRsl+3oOjz/wdHOjA6fj3mOhSkbP5JXwLxjX2v4yLIzg3+nEyjLART3kx7vr1BOOlaK+0C//cXcRkebW2EuZcQYWVmW5G17UGqoMflAIrp5bbCNSi+Tvfr3/QwBha/0738lfgyZ8P8FTvZuOZC3PYr903S0DC1BofEkdOOuJjyvVR7mjOH+4ULutbF1rmT10j0xK8/c7XzNxppc,iv:2e6k2MSEDLFHgW7WcNu5gstC6suhIVhVi65U1ihYT9Q=,tag:db9EG0vyVLHlM7ijLI9kvw==,type:str]
certSANs:
- 127.0.0.1
- 10.88.0.20
kubelet:
image: ghcr.io/siderolabs/kubelet:v1.29.2
extraArgs:
image-gc-high-threshold: "55"
image-gc-low-threshold: "50"
rotate-server-certificates: "true"
extraMounts:
- destination: /var/openebs/local
type: bind
source: /var/openebs/local
options:
- bind
- rshared
- rw
defaultRuntimeSeccompProfileEnabled: true
nodeIP:
validSubnets:
- 10.88.0.0/24
disableManifestsDirectory: true
network:
hostname: k8s-0
interfaces:
- interface: eth0
dhcp: false
addresses:
- 10.88.0.10/24
routes:
# The route's network (destination).
- network: 0.0.0.0/0
gateway: 10.88.0.1
mtu: 1500
# vip:
# ip: 10.88.0.20
nameservers:
- 10.88.0.1
install:
disk: /dev/sda
extraKernelArgs:
- net.ifnames=0
image: factory.talos.dev/installer/76d744fe4579923f39f364e8975d0886f86efe0ca30dcb74d92f16a5ee1ab2fd:v1.6.5
wipe: false
files:
- content: |-
[plugins."io.containerd.grpc.v1.cri"]
enable_unprivileged_ports = true
enable_unprivileged_icmp = true
[plugins."io.containerd.grpc.v1.cri".containerd]
discard_unpacked_layers = false
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
discard_unpacked_layers = false
permissions: 0
path: /etc/cri/conf.d/20-customization.part
op: create
- content: |-
[ NFSMount_Global_Options ]
nfsvers=4.2
hard=True
noatime=True
nodiratime=True
rsize=131072
wsize=131072
nconnect=8
permissions: 420
path: /etc/nfsmount.conf
op: overwrite
time:
disabled: false
servers:
- time.cloudflare.com
sysctls:
fs.inotify.max_queued_events: "65536"
fs.inotify.max_user_instances: "8192"
fs.inotify.max_user_watches: "524288"
features:
rbac: true
stableHostname: true
kubernetesTalosAPIAccess:
enabled: true
allowedRoles:
- os:admin
allowedKubernetesNamespaces:
- system-upgrade
apidCheckExtKeyUsage: true
diskQuotaSupport: true
kubePrism:
enabled: true
port: 7445
cluster:
id: ENC[AES256_GCM,data:+NH+6abtMs0ZfGNV4l4JHJlDwjmQDXAWIkIqOux/Bgi+xQI69YxvCc/irqs=,iv:RP9DAD03YqljB6FjXUu/tvb+SqUWnWPI0tPH+zlnGnM=,tag:JH9dDKDZidGX/XF+eeQkVA==,type:str]
secret: ENC[AES256_GCM,data:2dTvrNR03byxwBRS3jPKZ1gNj0DGR9M4pveQ6qPbMyHbbeAvgO6GWKI2Oy8=,iv:KnNX1cdJRfdBDGsqfXFZhcL7sWsMF/Xrxl2KtNd9HeI=,tag:50aaAIOUBwVTJA8H9X/UMQ==,type:str]
controlPlane:
endpoint: https://10.88.0.20:6443
clusterName: main
network:
cni:
name: none
dnsDomain: cluster.local
podSubnets:
- 10.42.0.0/16
serviceSubnets:
- 10.43.0.0/16
coreDNS:
disabled: true
token: ENC[AES256_GCM,data:RlobXTDVmBBL3eFdNpyItZbP5OErtS8=,iv:888sF0Heor3/xgZ5q85e8PklB9KP54Fpw2/27s5qRmQ=,tag:riofqKrlSgOjgYSYCAVPpQ==,type:str]
secretboxEncryptionSecret: ENC[AES256_GCM,data:O5EJof1Khg66ghasQuMjLH4FnIdk1buuguVK6SIJBKb81C9YdINcFCd00YY=,iv:zIBvw9cqxdyMaL354MT21pvpkuDrgy5G5BWmecRZGZE=,tag:5wbHjaWYRBWnwddtmQrpDA==,type:str]
ca:
crt: ENC[AES256_GCM,data:7BGJuPBrdZvBLE+DnMQmUH/WZj9vH7jPrp/qSXOq5k7wFvCHQt6/FmjkmO6u3lYHE2QlzWSqA7UuLW2oU8NHnLqw8eVCenKs4lspvTm5gmGu0ufYOaRzkQMifaKF+GUxDxosRBpL7j6/4uxNpqkOf1krWkm9UnkdZqPFdC8Kj9sImqLns6+F+qUKLOhsSH7e3MnzO53lZqKnuAUvwwMH6xFSGykZ5X40JvHaSjAQ7gO0Kqp4pyD6BR8iDDuFIuOQpBjA3mLHE2CszXY6kXdeokMAYTLPJd1VLFZ2tHXvj2YJy1jZw0Yo9b064iH5GFBDq8cgSbCMIL59uV5xEDb90BWwwiS/vNmxwX0Hk2affo0hPU4pLzqM+ava6z/730JZb+Ji7JD0yopQULGEa0AhWgUmJOIO4SaGSG7PC5gbPyxr4T7JSvs0MPvH/Km504Wrhf42NPX3Dv5JeYJUy6xzg0/OQKdH9kWZSOu0BYh8zVH29IjW/AwTuoHPQyDyMHGnlBUSo26+FpCigxmRko2DlD+1UAP9M/W3SBxHs4AKNrnVZi2qE1avYCNUCRab0dWgnS1HVW4F8ptHhwJ0+jdXlTN7pAsfaSsLdom2E/fvHkbdTRSeeF60AodzBnSQ/6Zr7+8PIG/rFfP9209k4XgzL6mWWk4FmE2PTCtTyXYfhRTZVBa24mP8cSPlJdciESYztFeyrMmsAYRhr+4kgxJjAHoHgAbuRGOo4ANlujNWq56DamtRW70OoPfK4D6F5gDgW5vOa/jSiCtmWXKPBBj5WncogNj9UmPk8YhYn0O+K+KT0Dot3q1pYw+6bQovPXEZ226NLscnnO13C9+IVcF9jX8u0yyy4aSLiXrb/Zf4CU5Z95Q25BUdtHGprw2W96L7m1h4yH+56uXU2yUdPlUljpkh/p4eDQqkknPAx6ftjwR78ZzDqHC6XtzeoRGjMxlRhn2ItQVOU9+fW6NTAmAwarCL27T2Cl6USLUPAFN1sc2nRQGqFuKZmXaPYDK1HHuZ6QaCErQ/976+QIAPJSbdyJrQa9psWN7BWFmB+g==,iv:HMSoLaSoMBr6TJmccT2aQkDGbtrsnRYb0He3Hc5+ZG8=,tag:3dY3p6WlFxBbXbpYulrE0A==,type:str]
key: ENC[AES256_GCM,data:7rn7xw9G6ODiqzKES+0Sf6xlr6aP5Mb5GcPPyS1K1+tmaILQaNSjfnJxSSpGKHmW4O3MStkTpIVsiW5yZ4SfrcrwzqyAwe8ndyyNf/+JaabjuCCq6ff8Ww3f95rQMY17L7snOMD1lwSNHj1ZrZ19+UCgn3VRH8hLJKortbkfC7K47UBz3IWKoWP/xDrghSHLLVwCxAv3RHGGJtik3qGS4qYBxnewEJmOF4gnh8lf13kjVH6668JcS0xPV38Js31iIYPWXSimPwGSNDMcOQdp13rxEoepKAcJsfh6X9M8XxzJFXgjNK7+JmSx5A0Lzk0HtrDQZKi26UYlSg3tbnBe3IhMfjuNqksXFZxD8D4ZqJZFMrD5y36/NJhZqrD2hdIOxMMiToHI9IPTjPa10mgvVg==,iv:GeGRvTsRmY2EpCFY833Q99PwZv+zo8WoGgHWAWW4uRs=,tag:kBw7QwgzsS2sKCRdYpdkcA==,type:str]
aggregatorCA:
crt: ENC[AES256_GCM,data:WuKSvCIhpZrcJNhcy8MCRWIk+h7nxwuXIwWFFM01uHLCXrugErgimSgsPkF5mQRlZcWQH+u4x2LyNhC/jXBU9eOBbS1eUxYubHL+O4pMsJGGpx/ML9MUtMwBZdMvSxtbEsKXRyjowTJXmUOv1dXoeWtdUjVMnBtXlGCGfppAeiGXvuVVAdsXZdsFqIB0fx8hBq03GC6A/INq8s3D4kLnXMV12rpWiKrfMcqye0pu5t8IfTT9EEcdrpwwVDGyXkPMdUM5884pM/9BsZ5PWjwTlJrvK6jJ1rkGXjFBjMRr//ynsnsPXn1VbyovWXomW//FrapKlS4n4RjCqwy8GO1oeXJElgnAYgbn2OzKCqC27YcYM+wr7nyEn1OnPRZOWAoqww/vrnM2YqETMB+H4n2KCg49AfSuxKuVY15R84c7GuRN0i9PBSO87dJRfRa1+e6NSNNImpw2ti++G/Z9RMDEAzenS+cXOAbenaHLKap/RALx3EU31dPr6Nx3gmMyBL2o1MDskxcPiPlQKAQCsl3Uef0v+dOVwlRu2O5lyton/w0w/fFsr/gfC7EijAYNXVDAKh6Qutqi1Ho0RZH4Vx3g1eljsLWRB42FztALpA708YT5wDA1d83kPjaIpb2+REtzHTnVy21JG/FxTuX0FqF2SkNcg8fHHYTSpj7oVNmyl2ay+YtEm18YMwPhK9YVE81iCESC8TxQj+IC3TjJxsfPEbfjhMstPGO7Q2X1tWLyOjDwSUP6Y6nB5V2XV1kZ9Z1UexnRxu+TEfO7m0ptTd9kBHYKN+h1hr9FePfpiBtZ3/HT/oju6Sve5EiTtdyDoLOfO0AWTf+IREpWkcIt6vvEeeuouLJ6Cxj8EHHWorQXvZcrHhFp2wKQ0HH/UKWftxkkGH5vKzFiw8g2F7hGBkhJNbdc0P0GAtO61VTxMwi0W8kFIDQ2GDR6486nuEIqTVK0,iv:hAxnfQQVlceNbuOqwgwQM/GO3kWYn9yr+NgfWK4kKNw=,tag:KmZU411h4L39uyk7/UN78w==,type:str]
key: ENC[AES256_GCM,data:u9+aXoLY7un3mBszLzk0Rma9BO999dv3wdquCrm5jFU5fLTXJtmSrrdgNzrdjqNH+1xL2oQBtaSyhnRcpK+bGw7TSxcAq6Xlvovoh01gAS3zMQZ046Bjc7epDCEm5qHMEGqdjlzw6U79bwBjqiTSsMpAFyUf3i0ovyBYwZ3xYTb+JVUuia7pjg0CrF27LdKNjZExyAFhZoG0WasnrZVzurzktzRdDmJ+CCM3bg28D8lCM6ICVVZqVFfckUVEM8ez334givZ7gBIciHnju0YN9stUvd9Sm9CimGe5xenFFgU625MiNUBAWojR1QwzCmO7d45RjrZqwcCQyhC7RpiKauKX54KwVTSlLxXsUncyBgpWs7SAfKods3Z3YV6C0HG+4etUA8bZjeQUE27N48TgtA==,iv:RBUyyssdTtHO56x3k/FFbr3J+s9Hry/Qfj7+4R2mLX8=,tag:/Z/pyFL5qxdjAC5vhyIPSg==,type:str]
serviceAccount:
key: ENC[AES256_GCM,data:7qQSeXBKUNSXNftNV7A7CNNCxJRpN+T6ruaWpLK6gzPTzydkVWJQEdWKCYmSpvNWwl0NWzEe605qqH3nVgEg1KfzN/sq19Bl/3x5u2nuTa9wxEc+tLtAJE2uGRVE8jNjC2Uq7C6r84BWkV+bCQCwZh7Yr6OUqTTK5iZ5Ws0Xti4ZoQQ/mAYpggjwJP6HLBkRBy6x9vTT+xR+dZOiu54oGySSPuziF+Rcl/IN1FJ6noxEtDuuFaA4cCL+hlCUM65Fx1iRg6m/c3MsbotlhvvecYVjVD+6SnmBDtPMuXp/tAximB8uuaT7pYXi7Rq4d3MqhlZGTxgIof8t3YM9CwDuUVigDsdCi0HodCM0fRpLZIrvA4uzXuj4X5HorbW9eI3MpoAsw/z4kn6U7w+CSRuAyQ==,iv:p3xuX51jUmH8uWgoq0pOGHqb5ZdcG6LxmygmGxxEZpo=,tag:EEplHbeUup9RjGFGcjhTyg==,type:str]
apiServer:
image: registry.k8s.io/kube-apiserver:v1.29.2
certSANs:
- 127.0.0.1
- 10.88.0.20
disablePodSecurityPolicy: true
auditPolicy:
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
- level: Metadata
controllerManager:
image: registry.k8s.io/kube-controller-manager:v1.29.2
extraArgs:
bind-address: 0.0.0.0
proxy:
disabled: true
image: registry.k8s.io/kube-proxy:v1.29.2
scheduler:
image: registry.k8s.io/kube-scheduler:v1.29.2
extraArgs:
bind-address: 0.0.0.0
discovery:
enabled: true
registries:
kubernetes:
disabled: false
service:
disabled: false
etcd:
ca:
crt: ENC[AES256_GCM,data:p9OZ4mvUOuUsPldjSSDIq13yYthIVFrOqqW3Mn6GB/6cBZj1VsMOB6K7zN8I/UUefsN7n4QbUezTV6Iwbs1tAkbe8pj5Bsw6SWJHHVivyxeO9zFwoLfhPc5vbwp/HV5t8e7xh6JcYJ7o+UZEVrd/DvclBJJyVsKJWI1uKHLQknxc8yof4nNgfTRn8ArlhFhGa+WlfT70G+WUKoE0RlFHWN9sTpHsmBbbQuyBZz57+GqIoL3n4tYbR1JATJr25lss7LaNrbzWqylNC19aO0rfWQYiTexIdQWWd2crxYEXD3v0Ryuaffa/ql0UH6D2omYvHQAOMEQmsqOTDBFh9QAfXwEsZY9/f/3y/XW7clH8CpUHp3WeLhA+besLbq7IO/5Np7EViaprusUm4BfcqmEhVsmshCHCty5jvHhyAJ2IhjrGE2QZosG64k00+9Y40uf6Xr6M5KJzERF9DSOwAt88f1Uc3WXTmzh3B9tKWHYL242uBREwzgQDy5FZ+6xW9TFDNM5WxnDwsmaf26r55PJyYqylH3ZkKuHiLJji8CYEF6t6t4wHR9rPMetVthujre0UKlku49FSaZeoxC7DZQSrY1wvK1NtZYlf1nU9n5j1XdZOMZ66KyGs6EXHwbLN6iF+dP9xpbf3DNKuWEYCOeTRt/894nFMm5qslb/9KjHv1K5J4V0+Q6C80JDO1gO2l1hJx5FNrqThyNCBhgsr7PAHdv8YEVXTUR7md9BM9gff/jr16Eg5EQZmlEY2aMc7X+qW3mP2MW2Aht3NNrGBjxzXfkzUgoeVyvVUPW50i42f5djxfZKs1LuGCExL1N6uw5weamLR6KlSQH/O7no1ib448QQGaJdGAuZD9AqEO6mec44UE0boTJQyXTQ3C3nQNVN44LqLpkIUwI70q/yiwEkIqoO+jQSGhk6BhDJxXZIlgWfX/q+d3bwkDq3Sic7NU9muotR8BKRSxFW1PA7tc95XIzTpBChaPz/T3P5BRM5h/RcISgjKLx444ZDBOIWRKoazonD7fA==,iv:myG0wbbocAhAl0MT8fKN/jK6WJ/K/64KLGk0rS8rOkM=,tag:lVjxQ8WjjeoCAnIzom4wgg==,type:str]
key: ENC[AES256_GCM,data:ILQorV60NhnZ4l5LO8opZ6cgUyomQRc6Dov7vOHIdvseIL1VdxRDXsWLZb2eM2HzC7V5GjcIlIfSt+HGQ8K7v5vxlYlVwl+8ElMPzxKbHWPidgt5UGxvO2rKWDuLppYc2tAXfkpWmdHs9E5KEcFgeBKWbTRfmTCUC+RqZDT0xlOkWt/RAXPEXDnaBs64rqoLJmMTCtBLw/jXcOLjz1VY+U4DMLuB8CTT1e/4v1jV7/ATOE1qTbsv0M2gO4wj/fVdI5OHNcSsbtjEX2TPTo7Hb9zOFXA4hcbVRWHeoT4VNCQxIyD/Wx0+ab722Zz2EQtN69LSsoFK+rFHMcUlLyRVkQvXxdgq0HxpHtvEUPBNr11jFkivpr0VynACR+LHc5RCju/psUW1RwpP0oO/EEg4ow==,iv:JKmIf7kIKDNvyyZmnMauFq1QruDLePDQ6t943tkQLPE=,tag:+vEXoSFe0jBgioKfWZrO3A==,type:str]
extraArgs:
listen-metrics-urls: http://0.0.0.0:2381
advertisedSubnets:
- 10.88.0.0/24
allowSchedulingOnMasters: true
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1zucujcrr89pecplrme76f4vxcc05lg3hm8849mmfggvcvcv4ppls7cquw8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwWGN3bk8wOEdJek40MUI1
c2IyQlZtZEYrMmZUaW5vS2NCTVRhdGxCV0M0CnpoQjJ1K29xMXJFMFM1Nm1iQVdW
SS94cllGbTRDWWVVOXpEVEZxNXlweHcKLS0tIGtlS0xhTE9zTENmQzgxdHcwR3lv
YlFiVElUZEEreGlGZ3NvdlJKQ0NyQXMKTHuhLeE+ebE5q9OyNlTIk6i3TNNE/ygo
RUCOEBntSKIwattjSpdoXZtDS+RQ2gEliIGfBq5L7mn9ntSya1OOMA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-15T14:18:46Z"
mac: ENC[AES256_GCM,data:O6M/63nG0F8Estf4rErY+651S4n5VDIFA+70I5UbuDLv66DYLNyqkJ8zPuVjhCZxjudoP0H8xqNTEXeFNhDvd5OD7DP2mHVvYXKgAYgk0eCj9JnVKM5QTrcJrYE5lVvSOLaJSFB2mqIL3VUr+uGwF3lyx8XgKldMZIYR9EKn5rA=,iv:P4kRQqMlfhf6+iaN3TU6zW90whKTQ2YBV/2TZy/Koqk=,tag:kzxfiB7O6GJ8WoAXom9yXA==,type:str]
pgp: []
encrypted_regex: ^(token|crt|key|id|secret|secretboxEncryptionSecret|ca)$
version: 3.8.1
Loading

0 comments on commit 7ad495a

Please sign in to comment.