diff --git a/playbook.yml b/playbook.yml index eaff6cb..5b36899 100644 --- a/playbook.yml +++ b/playbook.yml @@ -43,4 +43,5 @@ - mangareader - bookshelf - shelfarr + - lidarr - minecraft \ No newline at end of file diff --git a/roles/cripto/files/ai-ollama-deployment.yaml b/roles/cripto/files/ai-ollama-deployment.yaml index 9a3f0d3..867068d 100644 --- a/roles/cripto/files/ai-ollama-deployment.yaml +++ b/roles/cripto/files/ai-ollama-deployment.yaml @@ -9,6 +9,93 @@ spec: --- apiVersion: apps/v1 kind: Deployment +metadata: + name: ai-openwebui-deployment + namespace: fenix-ai +spec: + replicas: 1 + selector: + matchLabels: + app: ai-openwebui + template: + metadata: + labels: + app: ai-openwebui + spec: + containers: + - name: ai-openwebui + image: ghcr.io/open-webui/open-webui:cuda + ports: + - containerPort: 8080 + env: + - name: WEBUI_HOST + value: "0.0.0.0" + - name: OLLAMA_BASE_URL + value: "http://ollama-api-svc.fenix-ai.svc.cluster.local:11434" + volumeMounts: + - name: ai-openwebui-data + mountPath: /app/backend/data + volumes: + - name: ai-openwebui-data + persistentVolumeClaim: + claimName: ai-openwebui-data-pvc +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: ai-openwebui-data-pv + namespace: fenix-ai +spec: + capacity: + storage: 40Gi + storageClassName: ai-openwebui-nfs-csi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + nfs: + server: 192.168.1.22 + path: /mnt/fenix-main-nas-pool-0/data/k8s-Volumes/k8s-cluster-iac-deployed/ai-openwebui +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: ai-openwebui-data-pvc + namespace: fenix-ai +spec: + storageClassName: ai-openwebui-nfs-csi + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 40Gi +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: ai-openwebui-nfs-csi + namespace: fenix-ai +provisioner: nfs.csi.k8s.io +parameters: + server: 192.168.1.22 + share: /mnt/fenix-main-nas-pool-0/data/k8s-Volumes/k8s-cluster-iac-deployed/ai-openwebui +allowVolumeExpansion: true +reclaimPolicy: Retain +--- +apiVersion: v1 +kind: Service +metadata: + name: ai-openwebui-svc + namespace: fenix-ai +spec: + selector: + app: ai-openwebui + ports: + - port: 8080 + targetPort: 8080 + type: ClusterIP # ou LoadBalancer se tiveres suporte +--- +apiVersion: apps/v1 +kind: Deployment metadata: name: ollama-deployment namespace: fenix-ai @@ -30,9 +117,16 @@ spec: resources: limits: nvidia.com/gpu: 1 # garante uso da tua RTX 4060 Ti + memory: 17Gi env: - name: OLLAMA_HOST value: "0.0.0.0" + - name: NVIDIA_VISIBLE_DEVICES + value: "all" + - name: NVIDIA_DRIVER_CAPABILITIES + value: "compute,utility" + - name: CUDA_VISIBLE_DEVICES + value: "0" volumeMounts: - name: ollama-data mountPath: /root/.ollama @@ -62,7 +156,7 @@ metadata: namespace: fenix-ai spec: capacity: - storage: 20Gi + storage: 40Gi storageClassName: ollama-ai-nfs-csi accessModes: - ReadWriteOnce @@ -82,7 +176,7 @@ spec: - ReadWriteOnce resources: requests: - storage: 20Gi + storage: 40Gi --- apiVersion: storage.k8s.io/v1 kind: StorageClass diff --git a/roles/lidarr/files/lidarr-deployment.yaml b/roles/lidarr/files/lidarr-deployment.yaml new file mode 100644 index 0000000..6717dee --- /dev/null +++ b/roles/lidarr/files/lidarr-deployment.yaml @@ -0,0 +1,79 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: lidarr + namespace: stack-arr +spec: + replicas: 1 + selector: + matchLabels: + app: lidarr + template: + metadata: + labels: + app: lidarr + spec: + imagePullSecrets: + - name: regcred + containers: + - name: lidarr + image: ghcr.io/hotio/lidarr:release-563b232 + securityContext: + capabilities: + add: + - NET_ADMIN + ports: + - containerPort: 8686 + name: webui + env: + - name: PUID + value: "1013" + - name: PGID + value: "1013" + - name: TZ + value: 'Etc/UTC' + - name: LIDARR__POSTGRES__HOST + value: 'stolon-proxy-service.postgresql.svc.cluster.local' + - name: LIDARR__POSTGRES__PORT + value: '5432' + - name: LIDARR__POSTGRES__USER + valueFrom: + secretKeyRef: + name: lidarr-secret + key: username + - name: LIDARR__POSTGRES__PASSWORD + valueFrom: + secretKeyRef: + name: lidarr-secret + key: password + - name: LIDARR__POSTGRES__MAINDB + valueFrom: + secretKeyRef: + name: lidarr-secret + key: maindb + - name: LIDARR__POSTGRES__LOGDB + valueFrom: + secretKeyRef: + name: lidarr-secret + key: logsdb + volumeMounts: + - name: config + mountPath: /config + - name: downloads + mountPath: /downloads + - name: music + mountPath: /data + volumes: + - name: config + persistentVolumeClaim: + claimName: lidarr-config-pvc + - name: downloads + persistentVolumeClaim: + claimName: qbittorrent-downloads-pvc + - name: music + persistentVolumeClaim: + claimName: lidarr-music-pvc + + + + diff --git a/roles/lidarr/files/lidarr-nfs-csi.yaml b/roles/lidarr/files/lidarr-nfs-csi.yaml new file mode 100644 index 0000000..763d55e --- /dev/null +++ b/roles/lidarr/files/lidarr-nfs-csi.yaml @@ -0,0 +1,23 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: lidarr-nfs-csi + namespace: stack-arr +provisioner: nfs.csi.k8s.io +parameters: + server: 192.168.1.22 + share: /mnt/fenix-main-nas-pool-0/data/k8s-Volumes/k8s-cluster-iac-deployed/stack-arr/lidarr +allowVolumeExpansion: true +reclaimPolicy: Retain +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: lidarr-music-nfs-csi + namespace: stack-arr +provisioner: nfs.csi.k8s.io +parameters: + server: 192.168.1.22 + share: /mnt/fenix-main-nas-pool-0/data/Filmes_e_Series/Musicas +allowVolumeExpansion: true +reclaimPolicy: Retain \ No newline at end of file diff --git a/roles/lidarr/files/lidarr-pvcs.yaml b/roles/lidarr/files/lidarr-pvcs.yaml new file mode 100644 index 0000000..390a224 --- /dev/null +++ b/roles/lidarr/files/lidarr-pvcs.yaml @@ -0,0 +1,60 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: lidarr-config-pv + namespace: stack-arr +spec: + capacity: + storage: 2Gi + storageClassName: lidarr-nfs-csi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + nfs: + server: 192.168.1.22 + path: /mnt/fenix-main-nas-pool-0/data/k8s-Volumes/k8s-cluster-iac-deployed/stack-arr/lidarr/config +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: lidarr-config-pvc + namespace: stack-arr +spec: + storageClassName: lidarr-nfs-csi + accessModes: + - ReadWriteOnce + volumeName: lidarr-config-pv + resources: + requests: + storage: 2Gi +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: lidarr-music-pv + namespace: stack-arr +spec: + capacity: + storage: 50Gi + storageClassName: lidarr-music-nfs-csi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + nfs: + server: 192.168.1.22 + path: /mnt/fenix-main-nas-pool-0/data/Filmes_e_Series/Musicas +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: lidarr-music-pvc + namespace: stack-arr +spec: + storageClassName: lidarr-music-nfs-csi + accessModes: + - ReadWriteOnce + volumeName: lidarr-music-pv + resources: + requests: + storage: 50Gi +--- \ No newline at end of file diff --git a/roles/lidarr/files/lidarr-secret.yaml b/roles/lidarr/files/lidarr-secret.yaml new file mode 100644 index 0000000..e80b339 --- /dev/null +++ b/roles/lidarr/files/lidarr-secret.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + name: lidarr-secret + namespace: stack-arr +type: Opaque +data: + username: dXNlcm5hbWU= + password: cGFzc3dvcmQ= + maindb: bWFpbmRiLXByb3dsYXJy + logsdb: bG9nZGItcHJvd2xhcnI= \ No newline at end of file diff --git a/roles/lidarr/files/lidarr-service.yaml b/roles/lidarr/files/lidarr-service.yaml new file mode 100644 index 0000000..c8a8ed6 --- /dev/null +++ b/roles/lidarr/files/lidarr-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: lidarr-service + namespace: stack-arr +spec: + ports: + - port: 8686 + targetPort: 8686 + selector: + app: lidarr + type: ClusterIP \ No newline at end of file diff --git a/roles/lidarr/tasks/main.yml b/roles/lidarr/tasks/main.yml new file mode 100644 index 0000000..48aca71 --- /dev/null +++ b/roles/lidarr/tasks/main.yml @@ -0,0 +1,51 @@ +- name: Remover o diretório /tmp/stack-arr/lidarr/kubernetes-files + ansible.builtin.file: + path: /tmp/stack-arr/lidarr/kubernetes-files + state: absent + +- name: Criar diretório temporário no remoto + file: + path: /tmp/stack-arr/lidarr/kubernetes-files + state: directory + mode: '0755' + +- name: Copy file with owner and permissions + ansible.builtin.copy: + src: ../files + dest: /tmp/stack-arr/lidarr/kubernetes-files + owner: fenix + group: root + mode: '0644' + + +- name: Obter várias notas do Bitwarden + shell: | + echo "unlock" + BW_SESSION=$(bw unlock {{ bw_password }} --raw) + echo "get item" + bw get item "{{ item.id }}" --session $BW_SESSION | jq -r '.notes' > {{ item.dest }} + loop: + - { id: "iac.ansible.stackarr.lidarr.secret", dest: "/tmp/stack-arr/lidarr/kubernetes-files/files/lidarr-secret.yaml" } + args: + executable: /bin/bash + environment: + BW_PASSWORD: "{{ BW_PASSWORD }}" + + +- name: Listar conteúdo do diretório remoto + shell: ls -l /tmp/stack-arr/lidarr/kubernetes-files/files + register: resultado_ls + + +- name: Mostrar resultado do ls + debug: + var: resultado_ls.stdout_lines + + +- name: Aplicar o stolon + become: yes + become_user: fenix + shell: | + kubectl apply -f /tmp/stack-arr/lidarr/kubernetes-files/files/ + environment: + KUBECONFIG: /home/fenix/.kube/config \ No newline at end of file diff --git a/roles/lidarr/vars/main.yml b/roles/lidarr/vars/main.yml new file mode 100644 index 0000000..c8fe60b --- /dev/null +++ b/roles/lidarr/vars/main.yml @@ -0,0 +1,4 @@ +bw_password: "{{ lookup('env', 'BW_PASSWORD') }}" +VAULTWARDEN_LINK: "{{ lookup('env', 'VAULTWARDEN_LINK') }}" +BW_CLIENTID: "{{ lookup('env', 'BW_CLIENTID') }}" +BW_CLIENTSECRET : "{{ lookup('env', 'BW_CLIENTSECRET') }}" \ No newline at end of file diff --git a/roles/metrics/tasks/main.yml b/roles/metrics/tasks/main.yml deleted file mode 100644 index fe05a22..0000000 --- a/roles/metrics/tasks/main.yml +++ /dev/null @@ -1,40 +0,0 @@ - -- name: Remover o diretório /tmp/metrics/kubernetes-files - ansible.builtin.file: - path: /tmp/metrics/kubernetes-files - state: absent - -- name: Criar diretório temporário no remoto - file: - path: /tmp/metrics/kubernetes-files - state: directory - mode: '0755' - -#- name: Copy file with owner and permissions -# ansible.builtin.copy: -# src: ../files -# dest: /tmp/metrics/kubernetes-files -# owner: fenix -# group: root -# mode: '0644' - - -#- name: Listar conteúdo do diretório remoto -# shell: ls -l /tmp/metrics/kubernetes-files/files -# register: resultado_ls - - -#- name: Mostrar resultado do ls -# debug: -# var: resultado_ls.stdout_lines - - -- name: Aplicar o files - become: yes - become_user: fenix - shell: | - kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml - - kubectl patch deployment metrics-server -n kube-system --type='json' -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--kubelet-insecure-tls"},{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--kubelet-preferred-address-types=InternalIP"}]' - environment: - KUBECONFIG: /home/fenix/.kube/config \ No newline at end of file diff --git a/roles/soulseek/files/soulseek-deployment.yaml b/roles/soulseek/files/soulseek-deployment.yaml new file mode 100644 index 0000000..de4eb08 --- /dev/null +++ b/roles/soulseek/files/soulseek-deployment.yaml @@ -0,0 +1,91 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: soulseek + namespace: stack-arr +spec: + replicas: 1 + selector: + matchLabels: + app: soulseek + template: + metadata: + labels: + app: soulseek + spec: + imagePullSecrets: + - name: regcred + initContainers: + - name: init-tun + image: busybox + command: + - sh + - -c + - | + mkdir -p /dev/net + [ -c /dev/net/tun ] || mknod /dev/net/tun c 10 200 + chmod 0666 /dev/net/tun + securityContext: + privileged: true + containers: + - name: vpn + image: ghcr.io/wfg/openvpn-client + securityContext: + capabilities: + add: + - NET_ADMIN + env: + - name: VPN_CONFIG_FILE + value: "vpn.conf" + - name: KILL_SWITCH + value: "off" + volumeMounts: + - name: vpn-config + mountPath: /data/vpn + - name: tun-device # ← mount host tun device + mountPath: /dev/net/tun + - name: slskd + image: slskd/slskd + securityContext: + capabilities: + add: + - NET_ADMIN + ports: + - containerPort: 5030 + name: webui + - containerPort: 5031 + name: https + - containerPort: 50300 + name: communication + env: + - name: SLSKD_FLAGS_NO_SQLITE_POOLING + value: "true" + - name: TZ + value: 'Etc/UTC' + - name: UID + value: "1013" + - name: GID + value: "1013" + volumeMounts: + - name: app + mountPath: /app + - name: media + mountPath: /data + volumes: + - name: app + persistentVolumeClaim: + claimName: soulseek-app-pvc + - name: media + persistentVolumeClaim: + claimName: soulseek-media-pvc + - name: vpn-config + persistentVolumeClaim: + claimName: soulseek-vpn-config-pvc + - name: tun-device + hostPath: + path: /dev/net/tun + type: CharDevice + + + + diff --git a/roles/soulseek/files/soulseek-nfs-csi.yaml b/roles/soulseek/files/soulseek-nfs-csi.yaml new file mode 100644 index 0000000..ec739f8 --- /dev/null +++ b/roles/soulseek/files/soulseek-nfs-csi.yaml @@ -0,0 +1,24 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: soulseek-nfs-csi + namespace: stack-arr +provisioner: nfs.csi.k8s.io +parameters: + mountOptions: "nolock,soft,intr" + server: 192.168.1.22 + share: /mnt/fenix-main-nas-pool-0/data/k8s-Volumes/k8s-cluster-iac-deployed/stack-arr/soulseek +allowVolumeExpansion: true +reclaimPolicy: Retain +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: soulseek-media-nfs-csi + namespace: stack-arr +provisioner: nfs.csi.k8s.io +parameters: + server: 192.168.1.22 + share: /mnt/fenix-main-nas-pool-0/data/Filmes_e_Series/Downloads +allowVolumeExpansion: true +reclaimPolicy: Retain diff --git a/roles/soulseek/files/soulseek-pvcs.yaml b/roles/soulseek/files/soulseek-pvcs.yaml new file mode 100644 index 0000000..7bd78c6 --- /dev/null +++ b/roles/soulseek/files/soulseek-pvcs.yaml @@ -0,0 +1,94 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: soulseek-app-pv + namespace: stack-arr +spec: + capacity: + storage: 6Gi + storageClassName: soulseek-nfs-csi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + mountOptions: + - nolock + - nfsvers=3 + nfs: + server: 192.168.1.22 + path: /mnt/fenix-main-nas-pool-0/data/k8s-Volumes/k8s-cluster-iac-deployed/stack-arr/soulseek/config +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: soulseek-app-pvc + namespace: stack-arr +spec: + storageClassName: soulseek-nfs-csi + accessModes: + - ReadWriteOnce + volumeName: soulseek-app-pv + resources: + requests: + storage: 6Gi +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: soulseek-media-pv + namespace: stack-arr +spec: + capacity: + storage: 500Gi + storageClassName: soulseek-media-nfs-csi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + nfs: + server: 192.168.1.22 + path: /mnt/fenix-main-nas-pool-0/data/Filmes_e_Series/Downloads +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: soulseek-media-pvc + namespace: stack-arr +spec: + storageClassName: soulseek-media-nfs-csi + accessModes: + - ReadWriteOnce + volumeName: soulseek-media-pv + resources: + requests: + storage: 500Gi +--- + +apiVersion: v1 +kind: PersistentVolume +metadata: + name: soulseek-vpn-config-pv + namespace: stack-arr +spec: + capacity: + storage: 10Gi + storageClassName: soulseek-nfs-csi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + nfs: + server: 192.168.1.22 + path: /mnt/fenix-main-nas-pool-0/data/k8s-Volumes/k8s-cluster-iac-deployed/stack-arr/soulseek/vpn/config +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: soulseek-vpn-config-pvc + namespace: stack-arr +spec: + storageClassName: soulseek-nfs-csi + accessModes: + - ReadWriteOnce + volumeName: soulseek-vpn-config-pv + resources: + requests: + storage: 10Gi +--- diff --git a/roles/soulseek/files/soulseek-service.yaml b/roles/soulseek/files/soulseek-service.yaml new file mode 100644 index 0000000..6ef5eb4 --- /dev/null +++ b/roles/soulseek/files/soulseek-service.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + name: soulseek-service + namespace: stack-arr +spec: + ports: + - port: 5030 + targetPort: 5030 + selector: + app: soulseek + type: ClusterIP + +apiVersion: v1 +kind: Service +metadata: + name: soulseek-communication-service + namespace: stack-arr +spec: + ports: + - port: 50300 + targetPort: 50300 + selector: + app: soulseek + type: ClusterIP \ No newline at end of file diff --git a/roles/soulseek/files/teste.txt b/roles/soulseek/files/teste.txt new file mode 100644 index 0000000..6b87330 Binary files /dev/null and b/roles/soulseek/files/teste.txt differ diff --git a/roles/soulseek/files/testeq.txt b/roles/soulseek/files/testeq.txt new file mode 100644 index 0000000..d05d170 Binary files /dev/null and b/roles/soulseek/files/testeq.txt differ diff --git a/roles/soulseek/tasks/main.yml b/roles/soulseek/tasks/main.yml new file mode 100644 index 0000000..9347d59 --- /dev/null +++ b/roles/soulseek/tasks/main.yml @@ -0,0 +1,37 @@ +- name: Remover o diretório /tmp/stack-arr/soulseek/kubernetes-files + ansible.builtin.file: + path: /tmp/stack-arr/soulseek/kubernetes-files + state: absent + +- name: Criar diretório temporário no remoto + file: + path: /tmp/stack-arr/soulseek/kubernetes-files + state: directory + mode: '0755' + +- name: Copy file with owner and permissions + ansible.builtin.copy: + src: ../files + dest: /tmp/stack-arr/soulseek/kubernetes-files + owner: fenix + group: root + mode: '0644' + + +- name: Listar conteúdo do diretório remoto + shell: ls -l /tmp/stack-arr/soulseek/kubernetes-files/files + register: resultado_ls + + +- name: Mostrar resultado do ls + debug: + var: resultado_ls.stdout_lines + + +- name: Aplicar o stolon + become: yes + become_user: fenix + shell: | + kubectl apply -f /tmp/stack-arr/soulseek/kubernetes-files/files/ + environment: + KUBECONFIG: /home/fenix/.kube/config \ No newline at end of file diff --git a/roles/soulseek/vars/main.yml b/roles/soulseek/vars/main.yml new file mode 100644 index 0000000..c8fe60b --- /dev/null +++ b/roles/soulseek/vars/main.yml @@ -0,0 +1,4 @@ +bw_password: "{{ lookup('env', 'BW_PASSWORD') }}" +VAULTWARDEN_LINK: "{{ lookup('env', 'VAULTWARDEN_LINK') }}" +BW_CLIENTID: "{{ lookup('env', 'BW_CLIENTID') }}" +BW_CLIENTSECRET : "{{ lookup('env', 'BW_CLIENTSECRET') }}" \ No newline at end of file