Update app name

remove unneeded nexus ingress

kubernetes/apps/adguard-home/app/deployment.yaml

@@ -69,12 +69,12 @@ spec:
               name: http-pprof
           env:
             - name: TZ
-              value: America/New_York
+              value: Australia/Sydney
           volumeMounts:
             - name: adguard-home-data
               mountPath: /opt/adguardhome/work
             - name: adguard-home-config
-              mountPath: /opt/adguardhome/config
+              mountPath: /opt/adguardhome/conf
       volumes:
         - name: adguard-home-data
           hostPath:

kubernetes/apps/adguard-home/app/ingress.yaml

@@ -9,7 +9,7 @@ metadata:
 spec:
   ingressClassName: nginx
   rules:
-    - host: "adguard-home.edward.sydney"
+    - host: "adguard-home.cluster.edward.sydney"
       http:
         paths:
           - pathType: Prefix
@@ -29,6 +29,16 @@ spec:
                 name: adguard-home
                 port:
                   number: 10080
+    - host: "setup.adguard-home.cluster.edward.sydney"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: adguard-home
+                port:
+                  number: 13000
     - host: "setup.adguard-home.cluster.local"
       http:
         paths:
@@ -39,3 +49,13 @@ spec:
                 name: adguard-home
                 port:
                   number: 13000
+    - host: "doh.adguard-home.cluster.edward.sydney"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: adguard-home
+                port:
+                  number: 443

kubernetes/apps/capacitor/app/ingress.yaml

@@ -9,7 +9,7 @@ metadata:
 spec:
   ingressClassName: nginx
   rules:
-    - host: "capacitor.edward.sydney"
+    - host: "capacitor.cluster.edward.sydney"
       http:
         paths:
           - pathType: Prefix

kubernetes/apps/cert-manager/cert-manager.yaml

@@ -63,4 +63,56 @@ spec:
   postBuild:
     substituteFrom:
       - kind: Secret
-        name: clusterissuer-secrets
+        name: clusterissuer-secrets
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: certificate-secrets
+  namespace: cert-manager
+spec:
+  interval: 10m
+  timeout: 1m30s
+  retryInterval: 30s
+  targetNamespace: cert-manager
+  path: ./certificates
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: home-cluster-ops-secrets
+  dependsOn:
+    - name: repositories
+      namespace: flux-system
+  decryption:
+    provider: sops
+    secretRef:
+      name: cert-manager-sops-age
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: certificates
+  namespace: cert-manager
+spec:
+  interval: 10m
+  timeout: 1m30s
+  retryInterval: 30s
+  targetNamespace: cert-manager
+  path: ./kubernetes/apps/cert-manager/certificates
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: flux-system
+  dependsOn:
+    - name: certificate-secrets
+      namespace: cert-manager
+    - name: cert-manager
+      namespace: cert-manager
+    - name: clusterissuer
+      namespace: cert-manager
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: certificate-secrets

kubernetes/apps/cert-manager/certificates/adguard-home.yaml

@@ -0,0 +1,64 @@
+#apiVersion: cert-manager.io/v1
+#kind: Certificate
+#metadata:
+#  name: adguard-home-cert
+#  namespace: cert-manager
+#spec:
+#  # Secret names are always required.
+#  secretName: adguard-home.cluster.edward.sydney-tls
+#
+#  privateKey:
+#    algorithm: RSA
+#    encoding: PKCS1
+#    size: 2048
+#
+#  # keystores allows adding additional output formats. This is an example for reference only.
+#  keystores:
+#    pkcs12:
+#      create: true
+#      passwordSecretRef:
+#        name: adguard-home-tls-keystore
+#        key: ${adguard_home_certificate_tls_keystore_password}
+#      profile: Modern2023
+#
+#  duration: 2160h # 90d
+#  renewBefore: 360h # 15d
+#
+#  isCA: false
+#  usages:
+#    - server auth
+#    - client auth
+#
+#  subject:
+#    organizations:
+#      - edward.sydney
+#
+#  # The literalSubject field is exclusive with subject and commonName. It allows
+#  # specifying the subject directly as a string. This is useful for when the order
+#  # of the subject fields is important or when the subject contains special types
+#  # which can be specified by their OID.
+#  #
+#  # literalSubject: "O=jetstack, CN=example.com, 2.5.4.42=John, 2.5.4.4=Doe"
+#
+#  # At least one of commonName (possibly through literalSubject), dnsNames, uris, emailAddresses, ipAddresses or otherNames is required.
+#  dnsNames:
+#    - "${adguard_home_certificate_dns_name}"
+#    - "*.${adguard_home_certificate_dns_name}"
+#  emailAddresses:
+#    - ${adguard_home_certificate_email}
+#
+#  # Issuer references are always required.
+#  issuerRef:
+#    name: clusterissuer
+#    # We can reference ClusterIssuers by changing the kind here.
+#    # The default value is Issuer (i.e. a locally namespaced Issuer)
+#    kind: ClusterIssuer
+#    # This is optional since cert-manager will default to this value however
+#    # if you are using an external issuer, change this to that issuer group.
+#    group: cert-manager.io
+
+#The certificate request has failed to complete and will be retried:
+#  Failed to wait for order resource "adguard-home-cert-1-1931876784" to become
+#  ready: order is in "errored" state: Failed to create Order: 429 urn:ietf:params:acme:error:rateLimited:
+#  Error creating new order :: too many certificates already issued for "edward.sydney".
+#  Retry after 2024-06-25T21:00:00Z: see https://letsencrypt.org/docs/rate-limits/

kubernetes/apps/code-server/app/ingress.yaml

@@ -0,0 +1,21 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: code-server-ingress
+  namespace: code-server
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/use-regex: "true"
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: "code-server.cluster.edward.sydney"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: code-server
+                port:
+                  number: 8443

kubernetes/apps/code-server/app/pvc.yaml

@@ -0,0 +1,46 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: code-server-pv
+  namespace: code-server
+  labels:
+    type: local
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  capacity:
+    storage: 8Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  local:
+    path: "/mnt/nfs/AppData/code-server"
+  claimRef:
+    apiVersion: v1
+    kind: PersistentVolumeClaim
+    name: code-server-pvc
+    namespace: code-server
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: kubernetes.io/hostname
+              operator: In
+              values:
+                - rpi5-cluster-node-3
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: code-server-pvc
+  namespace: code-server
+  labels:
+    name: code-server-pvc
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 8Gi

kubernetes/apps/code-server/app/release.yaml

@@ -0,0 +1,31 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: code-server
+  namespace: code-server
+spec:
+  releaseName: code-server
+  targetNamespace: code-server
+  chart:
+    spec:
+      chart: code-server
+      sourceRef:
+        kind: HelmRepository
+        name: nicholaswilde
+        namespace: flux-system
+  interval: 1h
+  install:
+    remediation:
+      retries: 3
+  values:
+    secret:
+      PASSWORD: ${password}
+      SUDO_PASSWORD: ${sudo_password}
+
+    env:
+      TZ: "Australia/Sydney"
+
+    persistence:
+      config:
+        enabled: true
+        existingClaim: code-server-pvc

kubernetes/apps/code-server/code-server.yaml

@@ -0,0 +1,47 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: code-server-secrets
+  namespace: code-server
+spec:
+  interval: 10m
+  timeout: 1m30s
+  retryInterval: 30s
+  targetNamespace: code-server
+  path: ./code-server
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: home-cluster-ops-secrets
+  dependsOn:
+    - name: repositories
+      namespace: flux-system
+  decryption:
+    provider: sops
+    secretRef:
+      name: code-server-sops-age
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: code-server
+  namespace: code-server
+spec:
+  interval: 10m
+  timeout: 1m30s
+  retryInterval: 30s
+  targetNamespace: code-server
+  path: ./kubernetes/apps/code-server/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: flux-system
+  dependsOn:
+    - name: code-server-secrets
+      namespace: code-server
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: code-server-secrets

kubernetes/apps/dokuwiki/app/ingress.yaml

@@ -0,0 +1,31 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: dokuwiki-ingress
+  namespace: dokuwiki
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/use-regex: "true"
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: "dokuwiki.cluster.local"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: dokuwiki-dokuwiki
+                port:
+                  number: 18000
+    - host: "dokuwiki.cluster.edward.sydney"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: dokuwiki-dokuwiki
+                port:
+                  number: 18000

kubernetes/apps/dokuwiki/app/release.yaml

@@ -0,0 +1,34 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: dokuwiki
+  namespace: dokuwiki
+spec:
+  targetNamespace: dokuwiki
+  chart:
+    spec:
+      chart: dokuwiki
+      sourceRef:
+        kind: HelmRepository
+        name: bitnami
+        namespace: flux-system
+  interval: 1h
+  install:
+    remediation:
+      retries: 3
+  values:
+    dokuwikiUsername: ${username}
+    dokuwikiPassword: ${password}
+    dokuwikiEmail: ${email}
+    dokuwikiFullName: "Edward Cheng"
+    dokuwikiWikiName: My Doku Wiki
+    containerPorts:
+      http: 18000
+      https: 18443
+    persistence:
+      existingClaim: "dokuwiki-pvc"
+    service:
+      type: ClusterIP
+      ports:
+        http: 18000
+        https: 18443

kubernetes/apps/dokuwiki/app/volume.yaml

@@ -0,0 +1,46 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: dokuwiki-pv
+  namespace: dokuwiki
+  labels:
+    type: local
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  capacity:
+    storage: 12Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  local:
+    path: "/mnt/nfs/AppData/dokuwiki"
+  claimRef:
+    apiVersion: v1
+    kind: PersistentVolumeClaim
+    name: dokuwiki-pvc
+    namespace: dokuwiki
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: kubernetes.io/hostname
+              operator: In
+              values:
+                - rpi5-cluster-node-3
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: dokuwiki-pvc
+  namespace: dokuwiki
+  labels:
+    name: dokuwiki-pvc
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 12Gi

kubernetes/apps/dokuwiki/dokuwiki.yaml

@@ -0,0 +1,46 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: dokuwiki-secrets
+  namespace: dokuwiki
+spec:
+  interval: 10m
+  timeout: 1m30s
+  retryInterval: 30s
+  targetNamespace: dokuwiki
+  path: ./dokuwiki
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: home-cluster-ops-secrets
+  dependsOn:
+    - name: repositories
+      namespace: flux-system
+  decryption:
+    provider: sops
+    secretRef:
+      name: dokuwiki-sops-age
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: dokuwiki
+  namespace: dokuwiki
+spec:
+  interval: 10m
+  timeout: 1m30s
+  retryInterval: 30s
+  path: ./kubernetes/apps/dokuwiki/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: flux-system
+  dependsOn:
+    - name: dokuwiki-secrets
+      namespace: dokuwiki
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: dokuwiki-secrets

kubernetes/apps/gitea/app/ingress.yaml

@@ -0,0 +1,32 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: gitea-ingress
+  namespace: gitea
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/use-regex: "true"
+    nginx.ingress.kubernetes.io/proxy-body-size: "50m"
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: "gitea.cluster.local"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: gitea-gitea
+                port:
+                  number: 10080
+    - host: "gitea.cluster.edward.sydney"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: gitea-gitea
+                port:
+                  number: 10080

kubernetes/apps/gitea/app/release.yaml

@@ -0,0 +1,56 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: gitea
+  namespace: gitea
+spec:
+  targetNamespace: gitea
+  chart:
+    spec:
+      chart: gitea
+      sourceRef:
+        kind: HelmRepository
+        name: bitnami
+        namespace: flux-system
+  interval: 1h
+  install:
+    remediation:
+      retries: 3
+  values:
+    image:
+      debug: true
+    updateStrategy:
+      type: Recreate
+    livenessProbe:
+      enabled: true
+      initialDelaySeconds: 600
+      periodSeconds: 60
+      timeoutSeconds: 30
+      failureThreshold: 5
+      successThreshold: 1
+    readinessProbe:
+      enabled: true
+      path: /
+      initialDelaySeconds: 30
+      periodSeconds: 60
+      timeoutSeconds: 30
+      failureThreshold: 5
+      successThreshold: 1
+    adminUsername: ${admin_username}
+    adminPassword: ${admin_password}
+    adminEmail: ${admin_email}
+    appName: app_name
+    persistence:
+      existingClaim: gitea-pvc
+    service:
+      ports:
+        http: 10080
+        ssh: 10022
+    postgresql:
+      enabled: false
+    externalDatabase:
+      host: ${db_host}
+      port: ${db_port}
+      user: ${db_user}
+      database: ${db_name}
+      password: ${db_password}

kubernetes/apps/gitea/app/volume.yaml

@@ -0,0 +1,46 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: gitea-pv
+  namespace: gitea
+  labels:
+    type: local
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  capacity:
+    storage: 32Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  local:
+    path: "/mnt/nfs/AppData/gitea"
+  claimRef:
+    apiVersion: v1
+    kind: PersistentVolumeClaim
+    name: gitea-pvc
+    namespace: gitea
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: kubernetes.io/hostname
+              operator: In
+              values:
+                - rpi5-cluster-node-3
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: gitea-pvc
+  namespace: gitea
+  labels:
+    name: gitea-pvc
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 32Gi

kubernetes/apps/gitea/gitea.yaml

@@ -0,0 +1,47 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: gitea-secrets
+  namespace: gitea
+spec:
+  interval: 10m
+  timeout: 1m30s
+  retryInterval: 30s
+  targetNamespace: gitea
+  path: ./gitea
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: home-cluster-ops-secrets
+  dependsOn:
+    - name: repositories
+      namespace: flux-system
+  decryption:
+    provider: sops
+    secretRef:
+      name: gitea-sops-age
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: gitea
+  namespace: gitea
+spec:
+  interval: 10m
+  timeout: 1m30s
+  retryInterval: 30s
+  path: ./kubernetes/apps/gitea/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: flux-system
+  dependsOn:
+    - name: gitea-secrets
+      namespace: gitea
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: gitea-secrets
+

kubernetes/apps/jellyfin/app/ingress.yaml

@@ -0,0 +1,31 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: jellyfin-ingress
+  namespace: jellyfin
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/use-regex: "true"
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: "jellyfin.cluster.local"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: jellyfin
+                port:
+                  number: 8096
+    - host: "jellyfin.cluster.edward.sydney"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: jellyfin
+                port:
+                  number: 8096

kubernetes/apps/jellyfin/app/pvc.yaml

@@ -0,0 +1,51 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: jellyfin-config
+  namespace: jellyfin
+  labels:
+    type: local
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  capacity:
+    storage: 250Mi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  local:
+    path: "/mnt/nfs/AppData/jellyfin/config"
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: kubernetes.io/hostname
+              operator: In
+              values:
+                - rpi5-cluster-node-3
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: jellyfin-data
+  namespace: jellyfin
+  labels:
+    type: local
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  capacity:
+    storage: 2Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  local:
+    path: "/mnt/nfs/AppData/jellyfin/data"
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: kubernetes.io/hostname
+              operator: In
+              values:
+                - rpi5-cluster-node-3

kubernetes/apps/jellyfin/app/release.yaml

@@ -0,0 +1,167 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: jellyfin
+  namespace: jellyfin
+spec:
+  releaseName: jellyfin
+  targetNamespace: jellyfin
+  chart:
+    spec:
+      chart: jellyfin
+      sourceRef:
+        kind: HelmRepository
+        name: beluga-cloud
+        namespace: flux-system
+  interval: 1h
+  install:
+    remediation:
+      retries: 3
+  values:
+    persistence:
+      config:
+        enabled: true
+        volumeClaimSpec:
+          accessModes:
+            - ReadWriteOnce
+          volumeName: jellyfin-config
+      data:
+        enabled: true
+        volumeClaimSpec:
+          accessModes:
+            - ReadWriteOnce
+          volumeName: jellyfin-data
+    jellyfin:
+      mediaVolumes:
+        - name: movies
+          readOnly: false
+          volumeSpec:
+            storageClassName: local-path
+            volumeMode: Filesystem
+            capacity:
+              storage: 8Gi
+            accessModes:
+              - ReadWriteOnce
+            persistentVolumeReclaimPolicy: Retain
+            nodeAffinity:
+              required:
+                nodeSelectorTerms:
+                  - matchExpressions:
+                      - key: kubernetes.io/hostname
+                        operator: In
+                        values:
+                          - rpi5-cluster-node-3
+            claimRef:
+              apiVersion: v1
+              kind: PersistentVolumeClaim
+              name: jellyfin-mediavol-movies
+              namespace: jellyfin
+            hostPath:
+              path: "/mnt/nfs/AppData/jellyfin/media/movies"
+              type: "Directory"
+        - name: series
+          readOnly: false
+          volumeSpec:
+            storageClassName: local-path
+            volumeMode: Filesystem
+            capacity:
+              storage: 8Gi
+            accessModes:
+              - ReadWriteOnce
+            persistentVolumeReclaimPolicy: Retain
+            nodeAffinity:
+              required:
+                nodeSelectorTerms:
+                  - matchExpressions:
+                      - key: kubernetes.io/hostname
+                        operator: In
+                        values:
+                          - rpi5-cluster-node-3
+            claimRef:
+              apiVersion: v1
+              kind: PersistentVolumeClaim
+              name: jellyfin-mediavol-series
+              namespace: jellyfin
+            hostPath:
+              path: "/mnt/nfs/AppData/jellyfin/media/series"
+              type: "Directory"
+        - name: music-videos
+          readOnly: false
+          volumeSpec:
+            storageClassName: local-path
+            volumeMode: Filesystem
+            capacity:
+              storage: 8Gi
+            accessModes:
+              - ReadWriteOnce
+            persistentVolumeReclaimPolicy: Retain
+            nodeAffinity:
+              required:
+                nodeSelectorTerms:
+                  - matchExpressions:
+                      - key: kubernetes.io/hostname
+                        operator: In
+                        values:
+                          - rpi5-cluster-node-3
+            claimRef:
+              apiVersion: v1
+              kind: PersistentVolumeClaim
+              name: jellyfin-mediavol-music-videos
+              namespace: jellyfin
+            hostPath:
+              path: "/mnt/nfs/AppData/jellyfin/media/music-videos"
+              type: "Directory"
+        - name: short-videos
+          readOnly: false
+          volumeSpec:
+            storageClassName: local-path
+            volumeMode: Filesystem
+            capacity:
+              storage: 8Gi
+            accessModes:
+              - ReadWriteOnce
+            persistentVolumeReclaimPolicy: Retain
+            nodeAffinity:
+              required:
+                nodeSelectorTerms:
+                  - matchExpressions:
+                      - key: kubernetes.io/hostname
+                        operator: In
+                        values:
+                          - rpi5-cluster-node-3
+            claimRef:
+              apiVersion: v1
+              kind: PersistentVolumeClaim
+              name: jellyfin-mediavol-short-videos
+              namespace: jellyfin
+            hostPath:
+              path: "/mnt/nfs/AppData/jellyfin/media/short-videos"
+              type: "Directory"
+        - name: gv
+          readOnly: false
+          volumeSpec:
+            storageClassName: local-path
+            volumeMode: Filesystem
+            capacity:
+              storage: 8Gi
+            accessModes:
+              - ReadWriteOnce
+            persistentVolumeReclaimPolicy: Retain
+            nodeAffinity:
+              required:
+                nodeSelectorTerms:
+                  - matchExpressions:
+                      - key: kubernetes.io/hostname
+                        operator: In
+                        values:
+                          - rpi5-cluster-node-3
+            claimRef:
+              apiVersion: v1
+              kind: PersistentVolumeClaim
+              name: jellyfin-mediavol-gv
+              namespace: jellyfin
+            hostPath:
+              path: "/mnt/nfs/AppData/jellyfin/media/gv"
+              type: "Directory"
+      persistentTranscodes: true
+

kubernetes/apps/jellyfin/jellyfin.yaml

@@ -0,0 +1,16 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: jellyfin
+  namespace: jellyfin
+spec:
+  interval: 10m
+  timeout: 1m30s
+  retryInterval: 30s
+  path: ./kubernetes/apps/jellyfin/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: flux-system
+

kubernetes/apps/kavita/app/development.yaml

@@ -0,0 +1,58 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kavita
+  namespace: kavita
+  labels:
+    app.kubernetes.io/name: kavita
+    app.kubernetes.io/instance: kavita
+  annotations:
+    kubectl.kubernetes.io/default-container: kavita
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: kavita
+      app.kubernetes.io/instance: kavita
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: kavita
+        app.kubernetes.io/instance: kavita
+    spec:
+      containers:
+        - image: jvmilazz0/kavita:latest
+          imagePullPolicy: IfNotPresent
+          name: kavita
+          ports:
+            - containerPort: 5000
+              name: http
+              protocol: TCP
+          env:
+            - name: TZ
+              value: Australia/Sydney
+          volumeMounts:
+            - name: kavita-config
+              mountPath: /kavita/config
+            - name: kavita-manga
+              mountPath: /manga
+            - name: kavita-book
+              mountPath: /book
+            - name: kavita-doc
+              mountPath: /doc
+      volumes:
+        - name: kavita-config
+          hostPath:
+            path: /mnt/nfs/AppData/kavita/config
+            type: Directory
+        - name: kavita-manga
+          hostPath:
+            path: /mnt/nfs/AppData/kavita/manga
+            type: Directory
+        - name: kavita-book
+          hostPath:
+            path: /mnt/nfs/AppData/kavita/book
+            type: Directory
+        - name: kavita-doc
+          hostPath:
+            path: /mnt/nfs/AppData/kavita/doc
+            type: Directory

kubernetes/apps/kavita/app/ingress.yaml

@@ -0,0 +1,21 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: kavita-ingress
+  namespace: kavita
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/use-regex: "true"
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: "kavita.cluster.edward.sydney"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: kavita
+                port:
+                  number: 5000

kubernetes/apps/kavita/app/service.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: kavita
+  namespace: kavita
+  labels:
+    app.kubernetes.io/name: kavita
+    app.kubernetes.io/instance: kavita
+spec:
+  type: ClusterIP
+  ports:
+    - port: 5000
+      targetPort: 5000
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: kavita
+    app.kubernetes.io/instance: kavita

kubernetes/apps/kavita/kavita.yaml

@@ -0,0 +1,16 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: kavita
+  namespace: kavita
+spec:
+  interval: 10m
+  timeout: 1m30s
+  retryInterval: 30s
+  path: ./kubernetes/apps/kavita/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: flux-system
+

kubernetes/apps/kustomization.yaml

@@ -4,6 +4,18 @@ resources:
   - ./adguard-home/adguard-home.yaml
   - ./capacitor/capacitor.yaml
   - ./cert-manager/cert-manager.yaml
+  - ./code-server/code-server.yaml
+  - ./dokuwiki/dokuwiki.yaml
+  - ./gitea/gitea.yaml
   - ./homer/homer.yaml
+  - ./jellyfin/jellyfin.yaml
+  - ./kavita/kavita.yaml
+  - ./nexus/nexus.yaml
   - ./podinfo/podinfo.yaml
+  - ./postgresql/postgresql.yaml
+  - ./qbittorrent/qbittorrent.yaml
+  - ./redis/redis.yaml
+  - ./snippet-box/snippet-box.yaml
+  - ./sonarqube/sonarqube.yaml
+  - ./uptime-kuma/uptime-kuma.yaml
   - ./weave-gitops/weave-gitops.yaml

kubernetes/apps/nexus/app/deployment.yaml

@@ -0,0 +1,38 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nexus
+  namespace: nexus
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nexus
+  template:
+    metadata:
+      labels:
+        app: nexus
+    spec:
+      securityContext:
+        runAsUser: 0
+        runAsGroup: 0
+      containers:
+        - name: nexus
+          image: klo2k/nexus3:3.68.1-02
+          resources:
+            limits:
+              memory: "3Gi"
+              cpu: "500m"
+            requests:
+              memory: "2Gi"
+              cpu: "500m"
+          ports:
+            - containerPort: 8081
+          volumeMounts:
+            - name: nexus-data
+              mountPath: /nexus-data
+      volumes:
+        - name: nexus-data
+          hostPath:
+            path: /mnt/nfs/AppData/nexus
+            type: Directory

kubernetes/apps/nexus/app/service.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: nexus
+  namespace: nexus
+  annotations:
+    prometheus.io/scrape: 'true'
+    prometheus.io/path:   /
+    prometheus.io/port:   '8081'
+spec:
+  selector:
+    app: nexus
+  type: NodePort
+  ports:
+    - port: 8081
+      targetPort: 8081
+      nodePort: 32000

kubernetes/apps/nexus/nexus.yaml

@@ -0,0 +1,15 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: nexus
+  namespace: nexus
+spec:
+  interval: 10m
+  timeout: 1m30s
+  retryInterval: 30s
+  path: ./kubernetes/apps/nexus/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: flux-system

kubernetes/apps/postgresql/app/ingress.yaml

@@ -0,0 +1,31 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: postgresql-ingress
+  namespace: postgresql
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/use-regex: "true"
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: "postgres.cluster.local"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: postgresql-primary
+                port:
+                  number: 5432
+    - host: "replica.postgres.cluster.local"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: postgresql-replica
+                port:
+                  number: 5432

kubernetes/apps/postgresql/app/pvc.yaml

@@ -0,0 +1,93 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: postgresql-primary-pv
+  namespace: postgresql
+  labels:
+    type: local
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  capacity:
+    storage: 8Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  local:
+    path: "/mnt/nfs/AppData/postgresql/primary"
+  claimRef:
+    apiVersion: v1
+    kind: PersistentVolumeClaim
+    name: postgresql-primary-pvc
+    namespace: postgresql
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: kubernetes.io/hostname
+              operator: In
+              values:
+                - rpi5-cluster-node-3
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: postgresql-primary-pvc
+  namespace: postgresql
+  labels:
+    name: postgresql-primary-pvc
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 8Gi
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: postgresql-replica-pv
+  namespace: flux-system
+  labels:
+    type: local
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  capacity:
+    storage: 8Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  local:
+    path: "/mnt/nfs/AppData/postgresql/replica"
+  claimRef:
+    apiVersion: v1
+    kind: PersistentVolumeClaim
+    name: postgresql-replica-pvc
+    namespace: postgresql
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: kubernetes.io/hostname
+              operator: In
+              values:
+                - rpi5-cluster-node-3
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: postgresql-replica-pvc
+  namespace: postgresql
+  labels:
+    name: postgresql-replica-pvc
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 8Gi

kubernetes/apps/postgresql/app/release.yaml

@@ -0,0 +1,57 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: postgresql
+  namespace: postgresql
+spec:
+  releaseName: postgresql
+  chart:
+    spec:
+      chart: postgresql
+      sourceRef:
+        kind: HelmRepository
+        name: bitnami
+        namespace: flux-system
+  interval: 1h
+  install:
+    remediation:
+      retries: 3
+  values:
+    auth:
+      postgresPassword: ${postgres_password}
+      username: ${username}
+      password: ${password}
+      database: ${database}
+      replicationPassword: ${replication_password}
+    architecture: "replication"
+    replication:
+      synchronousCommit: "on"
+      numSynchronousReplicas: 1
+      applicationName: "postgres_repl"
+    primary:
+      podSecurityContext:
+        fsGroup: 1000
+      containerSecurityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
+      podLabels:
+        name: "postgresql-primary"
+      persistence:
+        existingClaim: postgresql-primary-pvc
+        selector:
+          matchLabels:
+            name: postgresql-primary-pvc
+    readReplicas:
+      name: "replica"
+      podSecurityContext:
+        fsGroup: 1000
+      containerSecurityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
+      podLabels:
+        name: "postgresql-replica"
+      persistence:
+        existingClaim: postgresql-replica-pvc
+        selector:
+          matchLabels:
+            name: postgresql-replica-pvc

kubernetes/apps/postgresql/postgresql.yaml

@@ -0,0 +1,47 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: postgresql-secrets
+  namespace: postgresql
+spec:
+  interval: 10m
+  timeout: 1m30s
+  retryInterval: 30s
+  targetNamespace: postgresql
+  path: ./postgresql
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: home-cluster-ops-secrets
+  dependsOn:
+    - name: repositories
+      namespace: flux-system
+  decryption:
+    provider: sops
+    secretRef:
+      name: postgresql-sops-age
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: postgresql
+  namespace: postgresql
+spec:
+  interval: 10m
+  timeout: 1m30s
+  retryInterval: 30s
+  path: ./kubernetes/apps/postgresql/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: flux-system
+  dependsOn:
+    - name: postgresql-secrets
+      namespace: postgresql
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: postgresql-secrets
+

kubernetes/apps/postgresql/scripts/ingress-nginx-svc-controller-patch.yaml

@@ -0,0 +1,10 @@
+spec:
+  ports:
+    - name: postgresql-tcp
+      port: 5432
+      targetPort: 5432
+      protocol: TCP
+    - name: postgresql-repl--tcp
+      port: 5433
+      targetPort: 5433
+      protocol: TCP

kubernetes/apps/postgresql/scripts/patch-ingress-nginx.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+set -e
+
+kubectl patch service ingress-nginx-controller -n ingress-nginx --patch "$(cat ingress-nginx-svc-controller-patch.yaml)"

kubernetes/apps/qbittorrent/app/ingress.yaml

@@ -0,0 +1,21 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: qbittorrent-ingress
+  namespace: qbittorrent
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/use-regex: "true"
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: "qbittorrent.cluster.edward.sydney"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: qbittorrent
+                port:
+                  number: 8888

kubernetes/apps/qbittorrent/app/release.yaml

@@ -0,0 +1,30 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: qbittorrent
+  namespace: qbittorrent
+spec:
+  targetNamespace: qbittorrent
+  chart:
+    spec:
+      chart: qbittorrent
+      sourceRef:
+        kind: HelmRepository
+        name: adminafk
+        namespace: flux-system
+  interval: 1h
+  install:
+    remediation:
+      retries: 3
+  values:
+    service:
+      web:
+        port: 8888
+      torrent:
+        port: 8388
+    config:
+      persistence:
+        name: "qbittorrent-config-pvc"
+    volumeMounts:
+      - name: qbittorrent-download-pvc
+        mountPath: /download

kubernetes/apps/qbittorrent/app/volume.yaml

@@ -0,0 +1,93 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: qbittorrent-config
+  namespace: qbittorrent
+  labels:
+    type: local
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  capacity:
+    storage: 5Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  local:
+    path: "/mnt/nfs/AppData/qbittorrent/config"
+  claimRef:
+    apiVersion: v1
+    kind: PersistentVolumeClaim
+    name: qbittorrent-config-pvc
+    namespace: qbittorrent
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: kubernetes.io/hostname
+              operator: In
+              values:
+                - rpi5-cluster-node-3
+---
+#apiVersion: v1
+#kind: PersistentVolumeClaim
+#metadata:
+#  name: qbittorrent-config-pvc
+#  namespace: qbittorrent
+#  labels:
+#    name: qbittorrent-config-pvc
+#spec:
+#  storageClassName: local-path
+#  volumeMode: Filesystem
+#  accessModes:
+#    - ReadWriteOnce
+#  resources:
+#    requests:
+#      storage: 5Gi
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: qbittorrent-download
+  namespace: qbittorrent
+  labels:
+    type: local
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  capacity:
+    storage: 5Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  local:
+    path: "/mnt/nfs/AppData/qbittorrent/download"
+  claimRef:
+    apiVersion: v1
+    kind: PersistentVolumeClaim
+    name: qbittorrent-download-pvc
+    namespace: qbittorrent
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: kubernetes.io/hostname
+              operator: In
+              values:
+                - rpi5-cluster-node-3
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: qbittorrent-download-pvc
+  namespace: qbittorrent
+  labels:
+    name: qbittorrent-download-pvc
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 64Gi

kubernetes/apps/qbittorrent/qbittorrent.yaml

@@ -0,0 +1,16 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: qbittorrent
+  namespace: qbittorrent
+spec:
+  interval: 10m
+  timeout: 1m30s
+  retryInterval: 30s
+  path: ./kubernetes/apps/qbittorrent/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: flux-system
+

kubernetes/apps/qbittorrent/scripts/ingress-nginx-svc-controller-patch.yaml

@@ -0,0 +1,10 @@
+spec:
+  ports:
+    - name: torrent-tcp
+      port: 8388
+      targetPort: 8388
+      protocol: TCP
+    - name: torrent-udp
+      port: 8388
+      targetPort: 8388
+      protocol: UDP

kubernetes/apps/qbittorrent/scripts/patch-ingress-nginx.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+set -e
+
+kubectl patch service ingress-nginx-controller -n ingress-nginx --patch "$(cat kubernetes/apps/qbittorrent/scripts/ingress-nginx-svc-controller-patch.yaml)"

kubernetes/apps/redis/app/release.yaml

@@ -0,0 +1,38 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: redis
+  namespace: redis
+spec:
+  releaseName: redis
+  chart:
+    spec:
+      chart: redis
+      sourceRef:
+        kind: HelmRepository
+        name: bitnami
+        namespace: flux-system
+  interval: 1h
+  install:
+    remediation:
+      retries: 3
+  values:
+    auth:
+      password: ${password}
+    master:
+      persistence:
+        existingClaim: redis-master-pvc
+        selector:
+          matchLabels:
+            name: redis-master-pvc
+      persistentVolumeClaimRetentionPolicy:
+        enabled: true
+    replica:
+      replicaCount: 1
+      persistence:
+        existingClaim: redis-replica-pvc
+        selector:
+          matchLabels:
+            name: redis-replica-pvc
+      persistentVolumeClaimRetentionPolicy:
+        enabled: true

kubernetes/apps/redis/app/volume.yaml

@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: redis-master-pvc
+  namespace: redis
+  labels:
+    name: redis-master-pvc
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 8Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: redis-replica-pvc
+  namespace: redis
+  labels:
+    name: redis-replica-pvc
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 8Gi

kubernetes/apps/redis/redis.yaml

@@ -0,0 +1,46 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: redis-secrets
+  namespace: redis
+spec:
+  interval: 10m
+  timeout: 1m30s
+  retryInterval: 30s
+  targetNamespace: redis
+  path: ./redis
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: home-cluster-ops-secrets
+  dependsOn:
+    - name: repositories
+      namespace: flux-system
+  decryption:
+    provider: sops
+    secretRef:
+      name: redis-sops-age
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: redis
+  namespace: redis
+spec:
+  interval: 10m
+  timeout: 1m30s
+  retryInterval: 30s
+  path: ./kubernetes/apps/redis/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: flux-system
+  dependsOn:
+    - name: redis-secrets
+      namespace: redis
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: redis-secrets

kubernetes/apps/snippet-box/app/development.yaml

@@ -0,0 +1,34 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: snippet-box
+  namespace: snippet-box
+  labels:
+    app.kubernetes.io/name: snippet-box
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: snippet-box
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: snippet-box
+    spec:
+      containers:
+        - name: snippet-box
+          image: pawelmalak/snippet-box:arm
+          ports:
+            - protocol: TCP
+              containerPort: 5000
+              name: snippet-box
+          env:
+            - name: TZ
+              value: Australia/Sydney
+          volumeMounts:
+            - name: snippet-box-data
+              mountPath: /app/data
+      volumes:
+        - name: snippet-box-data
+          hostPath:
+            path: /mnt/nfs/AppData/snippet-box
+            type: Directory

kubernetes/apps/snippet-box/app/ingress.yaml

@@ -0,0 +1,21 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: snippet-box-ingress
+  namespace: snippet-box
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/use-regex: "true"
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: "snippet-box.cluster.edward.sydney"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: snippet-box
+                port:
+                  number: 5000

kubernetes/apps/snippet-box/app/service.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: snippet-box
+  namespace: snippet-box
+  labels:
+    app.kubernetes.io/name: snippet-box
+spec:
+  selector:
+    app.kubernetes.io/name: snippet-box
+  type: ClusterIP
+  internalTrafficPolicy: Cluster
+  ports:
+    - protocol: TCP
+      port: 5000
+      targetPort: 5000
+      name: snippet-box

kubernetes/apps/snippet-box/snippet-box.yaml

@@ -0,0 +1,16 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: snippet-box
+  namespace: snippet-box
+spec:
+  interval: 10m
+  timeout: 1m30s
+  retryInterval: 30s
+  targetNamespace: flux-system
+  path: ./kubernetes/apps/snippet-box/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: flux-system

kubernetes/apps/sonarqube/app/release.yaml

@@ -0,0 +1,47 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: sonarqube
+  namespace: sonarqube
+spec:
+  releaseName: sonarqube
+  chart:
+    spec:
+      chart: sonarqube
+      sourceRef:
+        kind: HelmRepository
+        name: bitnami
+        namespace: flux-system
+  interval: 1h
+  install:
+    remediation:
+      retries: 3
+  values:
+    sonarqubeUsername: ${sonarqube_username}
+    sonarqubePassword: ${sonarqube_password}
+    sonarqubeEmail: ${sonarqube_email}
+    smtpHost: ${smtp_host}
+    smtpPort: ${smtp_port}
+    smtpUser: ${smtp_user}
+    smtpPassword: ${smtp_password}
+    smtpProtocol: ${smtp_protocol}
+    service:
+      ports:
+        http: 8090
+        elastic: 9091
+      nodePorts:
+        http: 30080
+        elastic: 30091
+    persistence:
+      enabled: true
+      storageClass: "local-path"
+      size: "32Gi"
+      existingClaim: "sonarqube-pvc"
+    postgresql:
+      enabled: false
+    externalDatabase:
+      host: ${db_host}
+      user: ${db_user}
+      password: ${db_password}
+      database: ${db_name}
+      port: ${db_port}

kubernetes/apps/sonarqube/app/volume.yaml

@@ -0,0 +1,46 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: sonarqube-pv
+  namespace: sonarqube
+  labels:
+    type: local
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  capacity:
+    storage: 32Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  local:
+    path: "/mnt/nfs/AppData/sonarqube"
+  claimRef:
+    apiVersion: v1
+    kind: PersistentVolumeClaim
+    name: sonarqube-pvc
+    namespace: sonarqube
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: kubernetes.io/hostname
+              operator: In
+              values:
+                - rpi5-cluster-node-3
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: sonarqube-pvc
+  namespace: sonarqube
+  labels:
+    name: sonarqube-pvc
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 32Gi

kubernetes/apps/sonarqube/sonarqube.yaml

@@ -0,0 +1,46 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: sonarqube-secrets
+  namespace: sonarqube
+spec:
+  interval: 10m
+  timeout: 1m30s
+  retryInterval: 30s
+  targetNamespace: sonarqube
+  path: ./sonarqube
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: home-cluster-ops-secrets
+  dependsOn:
+    - name: repositories
+      namespace: flux-system
+  decryption:
+    provider: sops
+    secretRef:
+      name: sonarqube-sops-age
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: sonarqube
+  namespace: sonarqube
+spec:
+  interval: 10m
+  timeout: 1m30s
+  retryInterval: 30s
+  path: ./kubernetes/apps/sonarqube/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: flux-system
+  dependsOn:
+    - name: sonarqube-secrets
+      namespace: sonarqube
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: sonarqube-secrets

kubernetes/apps/uptime-kuma/app/ingress.yaml

@@ -0,0 +1,21 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: uptime-kuma-ingress
+  namespace: uptime-kuma
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/use-regex: "true"
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: "uptime-kuma.cluster.edward.sydney"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: uptime-kuma
+                port:
+                  number: 3001

kubernetes/apps/uptime-kuma/app/pvc.yaml

@@ -0,0 +1,46 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: uptime-kuma-pv
+  namespace: uptime-kuma
+  labels:
+    type: local
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  capacity:
+    storage: 4Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  local:
+    path: "/mnt/nfs/AppData/uptime-kuma"
+  claimRef:
+    apiVersion: v1
+    kind: PersistentVolumeClaim
+    name: uptime-kuma-pvc
+    namespace: uptime-kuma
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: kubernetes.io/hostname
+              operator: In
+              values:
+                - rpi5-cluster-node-1
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: uptime-kuma-pvc
+  namespace: uptime-kuma
+  labels:
+    name: uptime-kuma-pvc
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 4Gi

kubernetes/apps/uptime-kuma/app/release.yaml

@@ -0,0 +1,25 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: uptime-kuma
+  namespace: uptime-kuma
+spec:
+  releaseName: uptime-kuma
+  targetNamespace: uptime-kuma
+  chart:
+    spec:
+      chart: uptime-kuma
+      sourceRef:
+        kind: HelmRepository
+        name: irsigler
+        namespace: flux-system
+  interval: 1h
+  install:
+    remediation:
+      retries: 3
+  values:
+    volume:
+      enabled: true
+      accessMode: ReadWriteOnce
+      size: 4Gi
+      existingClaim: "uptime-kuma-pvc"

kubernetes/apps/uptime-kuma/uptime-kuma.yaml

@@ -0,0 +1,15 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: uptime-kuma
+  namespace: uptime-kuma
+spec:
+  interval: 10m
+  timeout: 1m30s
+  retryInterval: 30s
+  path: ./kubernetes/apps/uptime-kuma/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: flux-system

kubernetes/apps/weave-gitops/app/ingress.yaml

@@ -9,7 +9,7 @@ metadata:
 spec:
   ingressClassName: nginx
   rules:
-    - host: "weave-gitops.edward.sydney"
+    - host: "weave-gitops.cluster.edward.sydney"
       http:
         paths:
           - pathType: Prefix

kubernetes/infrastructure/ingress-nginx/config/ingress-configmap.yaml

@@ -6,8 +6,11 @@ metadata:
 data:
   "53": "flux-system/adguard-home:53"
   "853": "flux-system/adguard-home:853"
+  "5432": "postgresql/postgresql-primary:5432"
+  "5433": "postgresql/postgresql-replica:5432"
   "5443": "flux-system/adguard-home:5443"
   "6060": "flux-system/adguard-home:6060"
+  "8388": "qbittorrent/qbittorrent-torrent:8388"
 ---
 apiVersion: v1
 kind: ConfigMap
@@ -20,3 +23,4 @@ data:
   "68": "flux-system/adguard-home:68"
   "853": "flux-system/adguard-home:853"
   "5443": "flux-system/adguard-home:5443"
+  "8388": "qbittorrent/qbittorrent-torrent:8388"

kubernetes/infrastructure/kustomization.yaml

@@ -1,13 +1,7 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ./namespaces/adguard-home.yaml
+  - ./namespaces/namespaces.yaml
-  - ./namespaces/capacitor.yaml
-  - ./namespaces/cert-manager.yaml
-  - ./namespaces/homer.yaml
-  - ./namespaces/ingress-nginx.yaml
-  - ./namespaces/podinfo.yaml
-  - ./namespaces/prometheus-operator.yaml
   - ./repositories/repositories.yaml
 #  - ./cilium/cilium.yaml
   - ./ingress-nginx/ingress-nginx-config.yaml

kubernetes/infrastructure/namespaces/namespaces.yaml

@@ -0,0 +1,16 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/gitrepository_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: namespaces
+  namespace: flux-system
+spec:
+  interval: 10m
+  timeout: 1m30s
+  retryInterval: 30s
+  path: ./kubernetes/infrastructure/namespaces/namespaces
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: flux-system

kubernetes/infrastructure/namespaces/namespaces/code-server.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: code-server

kubernetes/infrastructure/namespaces/namespaces/dokuwiki.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: dokuwiki

kubernetes/infrastructure/namespaces/namespaces/gitea.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: gitea

kubernetes/infrastructure/namespaces/namespaces/jellyfin.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: jellyfin

kubernetes/infrastructure/namespaces/namespaces/kavita.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kavita

kubernetes/infrastructure/namespaces/namespaces/nexus.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: nexus

kubernetes/infrastructure/namespaces/namespaces/postgresql.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: postgresql

kubernetes/infrastructure/namespaces/namespaces/qbittorrent.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: qbittorrent

kubernetes/infrastructure/namespaces/namespaces/redis.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: redis

kubernetes/infrastructure/namespaces/namespaces/snippet-box.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: snippet-box

kubernetes/infrastructure/namespaces/namespaces/sonarqube.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: sonarqube

kubernetes/infrastructure/namespaces/namespaces/uptime-kuma.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: uptime-kuma

kubernetes/infrastructure/repositories/repos/adminafk.yaml

@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: adminafk
+  namespace: flux-system
+spec:
+  interval: 6h
+  url: https://helm-charts.adminafk.fr

kubernetes/infrastructure/repositories/repos/beluga-cloud.yaml

@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: beluga-cloud
+  namespace: flux-system
+spec:
+  interval: 6h
+  url: https://beluga-cloud.github.io/charts

kubernetes/infrastructure/repositories/repos/bitnami.yaml

@@ -1,4 +1,4 @@
-apiVersion: source.toolkit.fluxcd.io/v1
+apiVersion: source.toolkit.fluxcd.io/v1beta2
 kind: HelmRepository
 metadata:
   name: bitnami

kubernetes/infrastructure/repositories/repos/irsigler.yaml

@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: irsigler
+  namespace: flux-system
+spec:
+  interval: 6h
+  url: https://helm.irsigler.cloud/

kubernetes/infrastructure/repositories/repos/nicholaswilde.yaml

@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: nicholaswilde
+  namespace: flux-system
+spec:
+  interval: 6h
+  url: https://nicholaswilde.github.io/helm-charts/

renovate.json

@@ -0,0 +1,40 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "local>3dwardch3ng/renovate-config"
+  ],
+  "kubernetes": {
+    "fileMatch": ["\\.yaml$"]
+  },
+  "helm-values": {
+    "fileMatch": ["\\.yaml$"]
+  },
+  "flux": {
+    "fileMatch": ["\\.yaml$"]
+  },
+  "packageRules": [
+    {
+      "matchDatasources": ["helm"],
+      "commitMessageTopic": "{{depName}} Helm release"
+    },
+    {
+      "matchDatasources": ["github-releases"],
+      "matchPackageNames": ["k3s-io/k3s"],
+      "separateMinorPatch": true
+    },
+    {
+      "matchPackagePrefixes": ["ghcr.io/immich-app/"],
+      "groupName": "Immich"
+    },
+    {
+      "matchDatasources": ["github-tags"],
+      "matchPackageNames": ["bjw-s/helm-charts"],
+      "versioning": "regex:^(?<compatibility>.+)-(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)$"
+    },
+    {
+      "matchDatasources": ["docker", "github-tags"],
+      "matchPackageNames": ["ghcr.io/fluxcd/flux-manifests", "fluxcd/flux2"],
+      "groupName": "fluxcd/flux2"
+    }
+  ]
+}

scripts/encript-file-by-age.sh

@@ -1,12 +0,0 @@
-#!/usr/bin/bash
-set -e
-
-filePath=$1
-
-AGE_PUB_KEY"age1d47q8mlty404pxx378q49hr93aqexca4mkeqtdm00w4gjd09xd0qhxcdcz"
-
-sops --age=$AGE_PUB_KEY --encrypt --encrypted-regex '^(data|stringData)$' --in-place $filePath
-echo "File encrypted: $filePath."
-
-git add $filePath
-git commit -am "Encrypt file $filePath by Age."

scripts/encript-file-by-gpg.sh

@@ -1,10 +0,0 @@
-#!/usr/bin/bash
-set -e
-
-filePath=$1
-
-sops --encrypt --in-place $filePath
-echo "File encrypted: $filePath."
-
-git add $filePath
-git commit -am "Encrypt file $filePath by GPG."