From d0a5d228413c088b7aaa8f1abbddca2a3f3f9bb6 Mon Sep 17 00:00:00 2001 From: Laur IVAN Date: Fri, 27 Feb 2026 14:26:43 +0100 Subject: [PATCH] feat(tautulli): Add Tautulli --- .../apps/media/kavita/app/helmrelease.yaml | 6 +- kubernetes/apps/media/tautulli/app.ks.yaml | 29 +++++++ .../apps/media/tautulli/app/helmrelease.yaml | 82 +++++++++++++++++++ .../media/tautulli/app/kustomization.yaml | 8 ++ kubernetes/apps/media/tautulli/app/pvc.yaml | 12 +++ .../apps/media/tautulli/app/secrets.sops.yaml | 22 +++++ .../apps/media/tautulli/kustomization.yaml | 6 ++ 7 files changed, 162 insertions(+), 3 deletions(-) create mode 100644 kubernetes/apps/media/tautulli/app.ks.yaml create mode 100644 kubernetes/apps/media/tautulli/app/helmrelease.yaml create mode 100644 kubernetes/apps/media/tautulli/app/kustomization.yaml create mode 100644 kubernetes/apps/media/tautulli/app/pvc.yaml create mode 100644 kubernetes/apps/media/tautulli/app/secrets.sops.yaml create mode 100644 kubernetes/apps/media/tautulli/kustomization.yaml diff --git a/kubernetes/apps/media/kavita/app/helmrelease.yaml b/kubernetes/apps/media/kavita/app/helmrelease.yaml index 3c29001..0a6f922 100644 --- a/kubernetes/apps/media/kavita/app/helmrelease.yaml +++ b/kubernetes/apps/media/kavita/app/helmrelease.yaml @@ -39,14 +39,14 @@ spec: periodSeconds: 10 securityContext: allowPrivilegeEscalation: false - readOnlyRootFilesystem: true + readOnlyRootFilesystem: false capabilities: { drop: ["ALL"] } defaultPodOptions: securityContext: - fsGroup: 1005 + fsGroup: 1000 runAsGroup: 1000 runAsNonRoot: true - runAsUser: 1003 + runAsUser: 1000 fsGroupChangePolicy: OnRootMismatch service: app: diff --git a/kubernetes/apps/media/tautulli/app.ks.yaml b/kubernetes/apps/media/tautulli/app.ks.yaml new file mode 100644 index 0000000..1bd2ebb --- /dev/null +++ b/kubernetes/apps/media/tautulli/app.ks.yaml @@ -0,0 +1,29 @@ +--- +# yaml-language-server: $schema=https://schemas.tholinka.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app tautulli + namespace: &namespace media +spec: + interval: 1h + components: + - ../../../../components/volsync + dependsOn: + - name: storage-ready + namespace: flux-system + decryption: + provider: sops + secretRef: + name: sops-age + path: ./kubernetes/apps/media/tautulli/app + postBuild: + substitute: + APP: *app + VOLSYNC_CAPACITY: 5Gi + prune: true + sourceRef: + kind: GitRepository + name: flux-system + namespace: flux-system + targetNamespace: *namespace diff --git a/kubernetes/apps/media/tautulli/app/helmrelease.yaml b/kubernetes/apps/media/tautulli/app/helmrelease.yaml new file mode 100644 index 0000000..7ef4524 --- /dev/null +++ b/kubernetes/apps/media/tautulli/app/helmrelease.yaml @@ -0,0 +1,82 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s-labs/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app tautulli +spec: + interval: 1h + chartRef: + kind: OCIRepository + name: app-template + values: + controllers: + tautulli: + annotations: + reloader.stakater.com/auto: "true" + containers: + app: + image: + repository: ghcr.io/home-operations/tautulli + tag: 2.16.1@sha256:6983eea603ee230b189f2d32e7d7fc0bb94917df735a71ba20460c4991877645 + env: + TAUTULLI_HTTP_BASE_URL: https://tautulli.tholinka.dev + TAUTULLI_HTTP_PORT: &port 80 + envFrom: + - secretRef: + name: *app + probes: + liveness: &probes + enabled: true + custom: true + spec: + httpGet: + path: /status + port: *port + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: *probes + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: { drop: ["ALL"] } + resources: + requests: + cpu: 10m + limits: + memory: 1Gi + defaultPodOptions: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + service: + app: + ports: + http: + port: *port + route: + app: + hostnames: + - "{{ .Release.Name }}.laurivan.com" + parentRefs: + - name: envoy-internal + namespace: network + persistence: + config: + existingClaim: tautulli + config-cache: + existingClaim: tautulli-cache + globalMounts: + - path: /config/cache + tmpfs: + type: emptyDir + globalMounts: + - path: /config/logs + subPath: logs + - path: tmp + subPath: tmp diff --git a/kubernetes/apps/media/tautulli/app/kustomization.yaml b/kubernetes/apps/media/tautulli/app/kustomization.yaml new file mode 100644 index 0000000..6b92afe --- /dev/null +++ b/kubernetes/apps/media/tautulli/app/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./secrets.sops.yaml + - ./pvc.yaml + - ./helmrelease.yaml diff --git a/kubernetes/apps/media/tautulli/app/pvc.yaml b/kubernetes/apps/media/tautulli/app/pvc.yaml new file mode 100644 index 0000000..0a672eb --- /dev/null +++ b/kubernetes/apps/media/tautulli/app/pvc.yaml @@ -0,0 +1,12 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/refs/heads/master/master/persistentvolumeclaim-v1.json +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: tautulli-cache +spec: + accessModes: ['ReadWriteOnce'] + resources: + requests: + storage: 15Gi + storageClassName: ceph-block diff --git a/kubernetes/apps/media/tautulli/app/secrets.sops.yaml b/kubernetes/apps/media/tautulli/app/secrets.sops.yaml new file mode 100644 index 0000000..bff5b79 --- /dev/null +++ b/kubernetes/apps/media/tautulli/app/secrets.sops.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Secret +metadata: + name: tautulli +stringData: + TAUTULLI_API_KEY: ENC[AES256_GCM,data:I5kgkO0afYLl7axAVVuXARTooXRddl3B6OwRXyTX7/xSzQuBeex8uw==,iv:rpjAMH+IIC4ZASd16N8Ke5pTqvGEWoSYydC2kEaLlDs=,tag:JYOGFk2NpxSChA/0O90fFQ==,type:str] +sops: + age: + - recipient: age1yzrqhl9dk8ljswpmzsqme3enad5kxxhsptdvecy3lwlq0ms80gaqxrctst + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqRDRDT2JzZmF2RlcyREg5 + aEgyZ0QwNTJQK2JYbDBrNjRhT3BNSzdFZGlzCndQVloyK1RUU281S1Q2YnI4eXQv + RVoxa0UxOFNEVkZwQzB3ZUhTNHBMTWcKLS0tIGZLMTZ3YUs3d2FHWVBtczJzdzhp + dUtWdGJ0cjhjREI5YnVzVDk5VGJJS0kKpa+N5XC8a5/V/eUgqZoosxrio9CJMTYS + TzhILOHxY59zNtl4Jw7QtIy27jWki4+318WnQ2XGHO5yPUitc1yPuA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-02-27T13:21:23Z" + mac: ENC[AES256_GCM,data:BMFYoD+/cDW//YOqo0w70dEcfeAyr8CtVWit6ra61Sj3Gs17XqzWvggHya3J3+S6aSTrzDnBBdE+iw4ydWymLyxy48rDqzy/l2OILHOi0sQoK1UcWsCE066nLzXPe3E/cj2ohgWTU3RuVQC5Hf2AoEXWYC6faZKHuPUbnubi+ss=,iv:IqvIcsFPhngsD39JI9fpXCeAPRrINevMLou4hxHC0h4=,tag:qgGfbBCmdYkJBuIMndcSfg==,type:str] + encrypted_regex: ^(data|stringData)$ + mac_only_encrypted: true + version: 3.11.0 diff --git a/kubernetes/apps/media/tautulli/kustomization.yaml b/kubernetes/apps/media/tautulli/kustomization.yaml new file mode 100644 index 0000000..7aacfdb --- /dev/null +++ b/kubernetes/apps/media/tautulli/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ./app.ks.yaml