lidarr ollama ui, soulseek

playbook.yml

@@ -43,4 +43,5 @@
     - mangareader
     - bookshelf
     - shelfarr
+    - lidarr
     - minecraft

roles/cripto/files/ai-ollama-deployment.yaml

@@ -9,6 +9,93 @@ spec:
 ---
 apiVersion: apps/v1
 kind: Deployment
+metadata:
+  name: ai-openwebui-deployment
+  namespace: fenix-ai
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: ai-openwebui
+  template:
+    metadata:
+      labels:
+        app: ai-openwebui
+    spec:
+      containers:
+      - name: ai-openwebui
+        image: ghcr.io/open-webui/open-webui:cuda
+        ports:
+        - containerPort: 8080
+        env:
+          - name: WEBUI_HOST
+            value: "0.0.0.0"
+          - name: OLLAMA_BASE_URL
+            value: "http://ollama-api-svc.fenix-ai.svc.cluster.local:11434"
+        volumeMounts:
+          - name: ai-openwebui-data
+            mountPath: /app/backend/data
+      volumes:
+      - name: ai-openwebui-data
+        persistentVolumeClaim:
+          claimName: ai-openwebui-data-pvc
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: ai-openwebui-data-pv
+  namespace: fenix-ai
+spec:
+  capacity:
+    storage: 40Gi
+  storageClassName: ai-openwebui-nfs-csi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  nfs:
+    server: 192.168.1.22
+    path: /mnt/fenix-main-nas-pool-0/data/k8s-Volumes/k8s-cluster-iac-deployed/ai-openwebui
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: ai-openwebui-data-pvc
+  namespace: fenix-ai
+spec:
+  storageClassName: ai-openwebui-nfs-csi
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 40Gi
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: ai-openwebui-nfs-csi
+  namespace: fenix-ai
+provisioner: nfs.csi.k8s.io
+parameters:
+  server: 192.168.1.22
+  share: /mnt/fenix-main-nas-pool-0/data/k8s-Volumes/k8s-cluster-iac-deployed/ai-openwebui
+allowVolumeExpansion: true
+reclaimPolicy: Retain
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: ai-openwebui-svc
+  namespace: fenix-ai
+spec:
+  selector:
+    app: ai-openwebui
+  ports:
+  - port: 8080
+    targetPort: 8080
+  type: ClusterIP   # ou LoadBalancer se tiveres suporte
+---
+apiVersion: apps/v1
+kind: Deployment
 metadata:
   name: ollama-deployment
   namespace: fenix-ai
@@ -30,9 +117,16 @@ spec:
         resources:
           limits:
             nvidia.com/gpu: 1   # garante uso da tua RTX 4060 Ti
+            memory: 17Gi
         env:
           - name: OLLAMA_HOST
             value: "0.0.0.0"
+          - name: NVIDIA_VISIBLE_DEVICES
+            value: "all"
+          - name: NVIDIA_DRIVER_CAPABILITIES
+            value: "compute,utility"
+          - name: CUDA_VISIBLE_DEVICES
+            value: "0"
         volumeMounts:
           - name: ollama-data
             mountPath: /root/.ollama
@@ -62,7 +156,7 @@ metadata:
   namespace: fenix-ai
 spec:
   capacity:
-    storage: 20Gi
+    storage: 40Gi
   storageClassName: ollama-ai-nfs-csi
   accessModes:
     - ReadWriteOnce
@@ -82,7 +176,7 @@ spec:
     - ReadWriteOnce
   resources:
     requests:
-      storage: 20Gi
+      storage: 40Gi
 ---
 apiVersion: storage.k8s.io/v1
 kind: StorageClass

roles/lidarr/files/lidarr-deployment.yaml

@@ -0,0 +1,79 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: lidarr
+  namespace: stack-arr
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: lidarr
+  template:
+    metadata:
+      labels:
+        app: lidarr
+    spec:
+      imagePullSecrets:
+      - name: regcred
+      containers:
+      - name: lidarr
+        image: ghcr.io/hotio/lidarr:release-563b232
+        securityContext:
+          capabilities:
+            add:
+              - NET_ADMIN
+        ports:
+          - containerPort: 8686
+            name: webui
+        env:
+        - name: PUID
+          value: "1013"
+        - name: PGID
+          value: "1013"
+        - name: TZ
+          value: 'Etc/UTC'
+        - name: LIDARR__POSTGRES__HOST
+          value: 'stolon-proxy-service.postgresql.svc.cluster.local'
+        - name: LIDARR__POSTGRES__PORT
+          value: '5432'
+        - name: LIDARR__POSTGRES__USER
+          valueFrom:
+            secretKeyRef:
+              name: lidarr-secret
+              key: username
+        - name: LIDARR__POSTGRES__PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: lidarr-secret
+              key: password
+        - name: LIDARR__POSTGRES__MAINDB
+          valueFrom:
+            secretKeyRef:
+              name: lidarr-secret
+              key: maindb
+        - name: LIDARR__POSTGRES__LOGDB
+          valueFrom:
+            secretKeyRef:
+              name: lidarr-secret
+              key: logsdb
+        volumeMounts:
+        - name: config
+          mountPath: /config
+        - name: downloads
+          mountPath: /downloads
+        - name: music
+          mountPath: /data
+      volumes:
+      - name: config
+        persistentVolumeClaim:
+          claimName: lidarr-config-pvc
+      - name: downloads
+        persistentVolumeClaim:
+          claimName: qbittorrent-downloads-pvc
+      - name: music
+        persistentVolumeClaim:
+          claimName: lidarr-music-pvc
+
+
+
+

roles/lidarr/files/lidarr-nfs-csi.yaml

@@ -0,0 +1,23 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: lidarr-nfs-csi
+  namespace: stack-arr
+provisioner: nfs.csi.k8s.io
+parameters:
+  server: 192.168.1.22
+  share: /mnt/fenix-main-nas-pool-0/data/k8s-Volumes/k8s-cluster-iac-deployed/stack-arr/lidarr
+allowVolumeExpansion: true
+reclaimPolicy: Retain
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: lidarr-music-nfs-csi
+  namespace: stack-arr
+provisioner: nfs.csi.k8s.io
+parameters:
+  server: 192.168.1.22
+  share: /mnt/fenix-main-nas-pool-0/data/Filmes_e_Series/Musicas
+allowVolumeExpansion: true
+reclaimPolicy: Retain

roles/lidarr/files/lidarr-pvcs.yaml

@@ -0,0 +1,60 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: lidarr-config-pv
+  namespace: stack-arr
+spec:
+  capacity:
+    storage: 2Gi
+  storageClassName: lidarr-nfs-csi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  nfs:
+    server: 192.168.1.22
+    path: /mnt/fenix-main-nas-pool-0/data/k8s-Volumes/k8s-cluster-iac-deployed/stack-arr/lidarr/config
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: lidarr-config-pvc
+  namespace: stack-arr
+spec:
+  storageClassName: lidarr-nfs-csi
+  accessModes:
+    - ReadWriteOnce
+  volumeName: lidarr-config-pv
+  resources:
+    requests:
+      storage: 2Gi
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: lidarr-music-pv
+  namespace: stack-arr
+spec:
+  capacity:
+    storage: 50Gi
+  storageClassName: lidarr-music-nfs-csi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  nfs:
+    server: 192.168.1.22
+    path: /mnt/fenix-main-nas-pool-0/data/Filmes_e_Series/Musicas
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: lidarr-music-pvc
+  namespace: stack-arr
+spec:
+  storageClassName: lidarr-music-nfs-csi
+  accessModes:
+    - ReadWriteOnce
+  volumeName: lidarr-music-pv
+  resources:
+    requests:
+      storage: 50Gi
+---

roles/lidarr/files/lidarr-secret.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name:  lidarr-secret
+    namespace: stack-arr
+type: Opaque
+data:
+    username: dXNlcm5hbWU=
+    password: cGFzc3dvcmQ=
+    maindb: bWFpbmRiLXByb3dsYXJy
+    logsdb: bG9nZGItcHJvd2xhcnI=

roles/lidarr/files/lidarr-service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: lidarr-service
+  namespace: stack-arr
+spec:
+  ports:
+    - port: 8686
+      targetPort: 8686
+  selector:
+    app: lidarr
+  type: ClusterIP

roles/lidarr/tasks/main.yml

@@ -0,0 +1,51 @@
+- name: Remover o diretório /tmp/stack-arr/lidarr/kubernetes-files
+  ansible.builtin.file:
+    path: /tmp/stack-arr/lidarr/kubernetes-files
+    state: absent
+
+- name: Criar diretório temporário no remoto
+  file:
+    path: /tmp/stack-arr/lidarr/kubernetes-files
+    state: directory
+    mode: '0755'
+
+- name: Copy file with owner and permissions
+  ansible.builtin.copy:
+    src: ../files
+    dest: /tmp/stack-arr/lidarr/kubernetes-files
+    owner: fenix
+    group: root
+    mode: '0644'
+
+
+- name: Obter várias notas do Bitwarden
+  shell: |
+    echo "unlock"
+    BW_SESSION=$(bw unlock {{ bw_password }} --raw)
+    echo "get item"
+    bw get item "{{ item.id }}" --session $BW_SESSION | jq -r '.notes' > {{ item.dest }}
+  loop:
+    - { id: "iac.ansible.stackarr.lidarr.secret", dest: "/tmp/stack-arr/lidarr/kubernetes-files/files/lidarr-secret.yaml" }
+  args:
+    executable: /bin/bash
+  environment:
+    BW_PASSWORD: "{{ BW_PASSWORD }}"
+
+
+- name: Listar conteúdo do diretório remoto
+  shell: ls -l /tmp/stack-arr/lidarr/kubernetes-files/files
+  register: resultado_ls
+
+
+- name: Mostrar resultado do ls
+  debug:
+    var: resultado_ls.stdout_lines
+
+
+- name: Aplicar o stolon
+  become: yes
+  become_user: fenix 
+  shell: |
+    kubectl apply -f /tmp/stack-arr/lidarr/kubernetes-files/files/
+  environment:
+    KUBECONFIG:  /home/fenix/.kube/config

roles/lidarr/vars/main.yml

@@ -0,0 +1,4 @@
+bw_password: "{{ lookup('env', 'BW_PASSWORD') }}"
+VAULTWARDEN_LINK: "{{ lookup('env', 'VAULTWARDEN_LINK') }}"
+BW_CLIENTID: "{{ lookup('env', 'BW_CLIENTID') }}"
+BW_CLIENTSECRET : "{{ lookup('env', 'BW_CLIENTSECRET') }}"

roles/metrics/tasks/main.yml

@@ -1,40 +0,0 @@
-
-- name: Remover o diretório /tmp/metrics/kubernetes-files
-  ansible.builtin.file:
-    path: /tmp/metrics/kubernetes-files
-    state: absent
-
-- name: Criar diretório temporário no remoto
-  file:
-    path: /tmp/metrics/kubernetes-files
-    state: directory
-    mode: '0755'
-
-#- name: Copy file with owner and permissions
-#  ansible.builtin.copy:
-#    src: ../files
-#    dest: /tmp/metrics/kubernetes-files
-#    owner: fenix
-#    group: root
-#    mode: '0644'
-
-
-#- name: Listar conteúdo do diretório remoto
-#  shell: ls -l /tmp/metrics/kubernetes-files/files
-#  register: resultado_ls
-
-
-#- name: Mostrar resultado do ls
-#  debug:
-#    var: resultado_ls.stdout_lines
-
-
-- name: Aplicar o files
-  become: yes
-  become_user: fenix 
-  shell: |
-    kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
-
-    kubectl patch deployment metrics-server -n kube-system --type='json' -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--kubelet-insecure-tls"},{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--kubelet-preferred-address-types=InternalIP"}]'
-  environment:
-    KUBECONFIG:  /home/fenix/.kube/config

roles/soulseek/files/soulseek-deployment.yaml

@@ -0,0 +1,91 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: soulseek
+  namespace: stack-arr
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: soulseek
+  template:
+    metadata:
+      labels:
+        app: soulseek
+    spec:
+      imagePullSecrets:
+      - name: regcred
+      initContainers:
+      - name: init-tun
+        image: busybox
+        command:
+        - sh
+        - -c
+        - |
+          mkdir -p /dev/net
+          [ -c /dev/net/tun ] || mknod /dev/net/tun c 10 200
+          chmod 0666 /dev/net/tun
+        securityContext:
+          privileged: true
+      containers:
+      - name: vpn
+        image: ghcr.io/wfg/openvpn-client
+        securityContext:
+          capabilities:
+            add:
+              - NET_ADMIN
+        env:
+          - name: VPN_CONFIG_FILE
+            value: "vpn.conf"
+          - name: KILL_SWITCH
+            value: "off"
+        volumeMounts:
+          - name: vpn-config
+            mountPath:  /data/vpn
+          - name: tun-device          # ← mount host tun device
+            mountPath: /dev/net/tun
+      - name: slskd
+        image: slskd/slskd
+        securityContext:
+          capabilities:
+            add:
+              - NET_ADMIN
+        ports:
+          - containerPort: 5030
+            name: webui
+          - containerPort: 5031
+            name: https
+          - containerPort: 50300
+            name: communication
+        env:
+        - name: SLSKD_FLAGS_NO_SQLITE_POOLING
+          value: "true"
+        - name: TZ
+          value: 'Etc/UTC'
+        - name: UID
+          value: "1013"
+        - name: GID
+          value: "1013"
+        volumeMounts:
+        - name: app
+          mountPath: /app
+        - name: media
+          mountPath: /data
+      volumes:
+      - name: app
+        persistentVolumeClaim:
+          claimName: soulseek-app-pvc
+      - name: media
+        persistentVolumeClaim:
+          claimName: soulseek-media-pvc
+      - name:  vpn-config
+        persistentVolumeClaim:
+          claimName: soulseek-vpn-config-pvc
+      - name: tun-device
+        hostPath:
+          path: /dev/net/tun
+          type: CharDevice
+
+
+
+

roles/soulseek/files/soulseek-nfs-csi.yaml

@@ -0,0 +1,24 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: soulseek-nfs-csi
+  namespace: stack-arr
+provisioner: nfs.csi.k8s.io
+parameters:
+  mountOptions: "nolock,soft,intr"
+  server: 192.168.1.22
+  share: /mnt/fenix-main-nas-pool-0/data/k8s-Volumes/k8s-cluster-iac-deployed/stack-arr/soulseek
+allowVolumeExpansion: true
+reclaimPolicy: Retain
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: soulseek-media-nfs-csi
+  namespace: stack-arr
+provisioner: nfs.csi.k8s.io
+parameters:
+  server: 192.168.1.22
+  share: /mnt/fenix-main-nas-pool-0/data/Filmes_e_Series/Downloads
+allowVolumeExpansion: true
+reclaimPolicy: Retain

roles/soulseek/files/soulseek-pvcs.yaml

@@ -0,0 +1,94 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: soulseek-app-pv
+  namespace: stack-arr
+spec:
+  capacity:
+    storage: 6Gi
+  storageClassName: soulseek-nfs-csi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  mountOptions:
+    - nolock
+    - nfsvers=3
+  nfs:
+    server: 192.168.1.22
+    path: /mnt/fenix-main-nas-pool-0/data/k8s-Volumes/k8s-cluster-iac-deployed/stack-arr/soulseek/config
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: soulseek-app-pvc
+  namespace: stack-arr
+spec:
+  storageClassName: soulseek-nfs-csi
+  accessModes:
+    - ReadWriteOnce
+  volumeName: soulseek-app-pv
+  resources:
+    requests:
+      storage: 6Gi
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: soulseek-media-pv
+  namespace: stack-arr
+spec:
+  capacity:
+    storage: 500Gi
+  storageClassName: soulseek-media-nfs-csi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  nfs:
+    server: 192.168.1.22
+    path: /mnt/fenix-main-nas-pool-0/data/Filmes_e_Series/Downloads
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: soulseek-media-pvc
+  namespace: stack-arr
+spec:
+  storageClassName: soulseek-media-nfs-csi
+  accessModes:
+    - ReadWriteOnce
+  volumeName: soulseek-media-pv
+  resources:
+    requests:
+      storage: 500Gi
+---
+
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: soulseek-vpn-config-pv
+  namespace: stack-arr
+spec:
+  capacity:
+    storage: 10Gi
+  storageClassName: soulseek-nfs-csi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  nfs:
+    server: 192.168.1.22
+    path: /mnt/fenix-main-nas-pool-0/data/k8s-Volumes/k8s-cluster-iac-deployed/stack-arr/soulseek/vpn/config
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: soulseek-vpn-config-pvc
+  namespace: stack-arr
+spec:
+  storageClassName: soulseek-nfs-csi
+  accessModes:
+    - ReadWriteOnce
+  volumeName: soulseek-vpn-config-pv
+  resources:
+    requests:
+      storage: 10Gi
+---

roles/soulseek/files/soulseek-service.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: soulseek-service
+  namespace: stack-arr
+spec:
+  ports:
+    - port: 5030
+      targetPort: 5030
+  selector:
+    app: soulseek
+  type: ClusterIP
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: soulseek-communication-service
+  namespace: stack-arr
+spec:
+  ports:
+    - port: 50300
+      targetPort: 50300
+  selector:
+    app: soulseek
+  type: ClusterIP

roles/soulseek/tasks/main.yml

@@ -0,0 +1,37 @@
+- name: Remover o diretório /tmp/stack-arr/soulseek/kubernetes-files
+  ansible.builtin.file:
+    path: /tmp/stack-arr/soulseek/kubernetes-files
+    state: absent
+
+- name: Criar diretório temporário no remoto
+  file:
+    path: /tmp/stack-arr/soulseek/kubernetes-files
+    state: directory
+    mode: '0755'
+
+- name: Copy file with owner and permissions
+  ansible.builtin.copy:
+    src: ../files
+    dest: /tmp/stack-arr/soulseek/kubernetes-files
+    owner: fenix
+    group: root
+    mode: '0644'
+
+
+- name: Listar conteúdo do diretório remoto
+  shell: ls -l /tmp/stack-arr/soulseek/kubernetes-files/files
+  register: resultado_ls
+
+
+- name: Mostrar resultado do ls
+  debug:
+    var: resultado_ls.stdout_lines
+
+
+- name: Aplicar o stolon
+  become: yes
+  become_user: fenix 
+  shell: |
+    kubectl apply -f /tmp/stack-arr/soulseek/kubernetes-files/files/
+  environment:
+    KUBECONFIG:  /home/fenix/.kube/config

roles/soulseek/vars/main.yml

@@ -0,0 +1,4 @@
+bw_password: "{{ lookup('env', 'BW_PASSWORD') }}"
+VAULTWARDEN_LINK: "{{ lookup('env', 'VAULTWARDEN_LINK') }}"
+BW_CLIENTID: "{{ lookup('env', 'BW_CLIENTID') }}"
+BW_CLIENTSECRET : "{{ lookup('env', 'BW_CLIENTSECRET') }}"