current state on a fresh install

cluster-issuer-production.yaml

@@ -0,0 +1,16 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-production
+  namespace: default
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: mail@gilgamezh.me
+    privateKeySecretRef:
+      name: letsencrypt-production
+    solvers:
+    - selector: {}
+      http01:
+        ingress:
+          class: traefik

cluster-issuer-staging.yaml

@@ -0,0 +1,16 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-staging
+  namespace: default
+spec:
+  acme:
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    email: mail@gilgamezh.me
+    privateKeySecretRef:
+      name: letsencrypt-staging
+    solvers:
+    - selector: {}
+      http01:
+        ingress:
+          class: traefik

ingress.yaml

@@ -0,0 +1,27 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production
+    kubernetes.io/ingress.class: traefik
+  labels:
+    app: kube-plex
+  name: kube-plex
+  namespace: default
+spec:
+  rules:
+  - host: tp2.gilgamezh.me
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: plex-kube-plex
+            port:
+              number: 32400
+  tls:
+  - hosts:
+    - tp2.gilgamezh.me
+    secretName: tp2-gilgamezh-me
+

metallb.yml

@@ -0,0 +1,17 @@
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: default-pool
+  namespace: metallb-system
+spec:
+  addresses:
+  - 192.168.222.20-192.168.222.31
+---
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+  name: default
+  namespace: metallb-system
+spec:
+  ipAddressPools:
+  - default-pool

persistent_volume.yml

@@ -0,0 +1,36 @@
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: plex-transcode
+spec:
+  storageClassName: nfs-client
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 50Gi
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: plex-data
+spec:
+  storageClassName: nfs-client
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 450Gi
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: plex-config
+spec:
+  storageClassName: nfs-client
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 4Gi

pi_nodes_install/cmdline.txt

@@ -0,0 +1 @@
+group_enable=cpuset cgroup_enable=memory cgroup_memory=1

pi_nodes_install/dietpi.txt

@@ -0,0 +1,72 @@
+AUTO_SETUP_ACCEPT_LICENSE=1
+AUTO_SETUP_LOCALE=C.UTF-8
+AUTO_SETUP_KEYBOARD_LAYOUT=us
+AUTO_SETUP_TIMEZONE=Europe/Amsterdam
+AUTO_SETUP_NET_ETHERNET_ENABLED=1
+AUTO_SETUP_NET_WIFI_ENABLED=0
+AUTO_SETUP_NET_ETH_FORCE_SPEED=0
+AUTO_SETUP_NET_WIFI_COUNTRY_CODE=NL
+
+AUTO_SETUP_NET_HOSTNAME=turing3
+
+AUTO_SETUP_BOOT_WAIT_FOR_NETWORK=1
+AUTO_SETUP_SWAPFILE_SIZE=1
+AUTO_SETUP_SWAPFILE_LOCATION=/var/swap
+AUTO_SETUP_HEADLESS=1
+AUTO_UNMASK_LOGIND=0
+AUTO_SETUP_CUSTOM_SCRIPT_EXEC=0
+AUTO_SETUP_BACKUP_RESTORE=0
+AUTO_SETUP_SSH_SERVER_INDEX=-2
+AUTO_SETUP_LOGGING_INDEX=-1
+AUTO_SETUP_RAMLOG_MAXSIZE=50
+
+AUTO_SETUP_WEB_SERVER_INDEX=0
+AUTO_SETUP_DESKTOP_INDEX=0
+AUTO_SETUP_BROWSER_INDEX=0
+AUTO_SETUP_AUTOSTART_TARGET_INDEX=7
+AUTO_SETUP_AUTOSTART_LOGIN_USER=root
+AUTO_SETUP_GLOBAL_PASSWORD=turing
+AUTO_SETUP_AUTOMATED=1
+SURVEY_OPTED_IN=0
+
+#OpenSSH Client
+AUTO_SETUP_INSTALL_SOFTWARE_ID=0
+#Samba Client
+AUTO_SETUP_INSTALL_SOFTWARE_ID=1
+#vim
+AUTO_SETUP_INSTALL_SOFTWARE_ID=20
+#RPi.GPIO
+AUTO_SETUP_INSTALL_SOFTWARE_ID=69
+#OpenSSH Server
+AUTO_SETUP_INSTALL_SOFTWARE_ID=105
+#Python 3 pip
+AUTO_SETUP_INSTALL_SOFTWARE_ID=130
+
+CONFIG_CPU_GOVERNOR=schedutil
+CONFIG_CPU_ONDEMAND_SAMPLE_RATE=25000
+CONFIG_CPU_ONDEMAND_SAMPLE_DOWNFACTOR=40
+CONFIG_CPU_USAGE_THROTTLE_UP=50
+
+CONFIG_CPU_MAX_FREQ=Disabled
+CONFIG_CPU_MIN_FREQ=Disabled
+
+CONFIG_CPU_DISABLE_TURBO=0
+
+CONFIG_G_CHECK_URL_TIMEOUT=10
+CONFIG_G_CHECK_URL_ATTEMPTS=5
+CONFIG_CHECK_CONNECTION_IP=8.8.8.8
+CONFIG_CHECK_CONNECTION_IPV6=2620:fe::fe
+CONFIG_CHECK_DNS_DOMAIN=google.com
+
+CONFIG_CHECK_DIETPI_UPDATES=1
+CONFIG_CHECK_APT_UPDATES=1
+CONFIG_NTP_MODE=2
+CONFIG_SERIAL_CONSOLE_ENABLE=1
+CONFIG_SOUNDCARD=none
+CONFIG_LCDPANEL=none
+CONFIG_ENABLE_IPV6=0
+
+CONFIG_APT_RASPBIAN_MIRROR=http://raspbian.raspberrypi.org/raspbian/
+CONFIG_APT_DEBIAN_MIRROR=https://deb.debian.org/debian/
+CONFIG_NTP_MIRROR=debian.pool.ntp.org
+SOFTWARE_DISABLE_SSH_PASSWORD_LOGINS=0

pi_nodes_install/install_node.txt

@@ -0,0 +1 @@
+curl -sfL https://get.k3s.io | K3S_URL=https://192.168.222.237:6443 K3S_TOKEN=torino sh -

plex_values.yml

@@ -0,0 +1,34 @@
+claimToken: "claim-Ku3YYmJzDB1mpyG6YD7x"
+
+image:
+  repository: linuxserver/plex
+  tag: latest
+
+kubePlex:
+  enabled: false # kubePlex (transcoder job) is disabled because not available on ARM. The transcoding will be performed by the main Plex instance instead of a separate Job.
+
+timezone: Europe/Amsterdam
+
+service:
+  type: LoadBalancer # We will use a LoadBalancer to obtain a virtual IP that can be exposed to Plex Media via our router
+  port: 32400 # Port to expose Plex
+
+rbac:
+  create: true
+
+nodeSelector:
+  beta.kubernetes.io/arch: arm64
+
+
+persistence:
+  transcode:
+    claimName: "plex-transcode"
+  data:
+    claimName: "plex-data"
+  config:
+    claimName: "plex-config"
+
+resources: {}
+podAnnotations: {}
+proxy:
+  enable: false

transmission_values.yml

@@ -0,0 +1,66 @@
+## media.transmission-openvpn.values.yml
+replicaCount: 1
+
+image:
+  repository: "haugene/transmission-openvpn"
+  tag: "latest"
+  pullPolicy: "IfNotPresent"
+
+env:
+  - name: OPENVPN_PROVIDER
+    value: "NORDVPN" # VPN provider. List of supported providers: https://haugene.github.io/docker-transmission-openvpn/supported-providers/
+  - name: OPENVPN_USERNAME
+    valueFrom: # Reference to the secret | openvpn.username
+      secretKeyRef:
+        name: "openvpn"
+        key: "username"
+  - name: OPENVPN_PASSWORD
+    valueFrom: # Reference to the secret | openvpn.password
+      secretKeyRef:
+        name: "openvpn"
+        key: "password"
+  - name: NORDVPN_PROTOCOL
+    value: "TCP"
+  - name: NORDVPN_COUNTRY
+    value: "NL" # Country where we want to download over VPN
+  - name: NORDVPN_CATEGORY
+    value: "P2P" # VPN Type
+  - name: LOCAL_NETWORK
+    value: "192.168.222.0/24"
+  - name: TRANSMISSION_PEER_PORT
+    value: "47444"
+  - name: TRANSMISSION_DOWNLOAD_DIR
+    value: "/downloads/transmission"
+  - name: PUID
+    value: "1000"
+  - name: PGID
+    value: "1000"
+  - name: CREATE_TUN_DEVICE
+    value: "false"
+
+service:
+  type: ClusterIP
+  port: 80
+
+volumes:
+  - name: "plex-data"
+    persistentVolumeClaim:
+      claimName: "plex-data" # PersistentVolumeClaim created earlier
+  - name: "dev-tun" # Needed for VPN
+    hostPath:
+      path: "/dev/net/tun"
+
+volumeMounts:
+  - name: "plex-data"
+    mountPath: "/data"
+    subPath: "configs/transmission-data" # Path /mnt/ssd/media/configs/transmission-data where transmission writes the configuration
+  - name: "plex-data"
+    mountPath: "/downloads/transmission"
+    subPath: "downloads/transmission" # Path /mnt/ssd/media/downloads/transmission where transmission downloads Torrents
+  - name: "dev-tun"
+    mountPath: "/dev/net/tun" # Needed for VPN
+
+securityContext:
+  capabilities: # Needed for VPN
+    add:
+      - NET_ADMIN