From 36a618778312f81b802d5079d16a03c626f66504 Mon Sep 17 00:00:00 2001 From: Taqi Tahmid Date: Fri, 27 Jun 2025 11:01:30 +0300 Subject: [PATCH] homeserver: update README --- ansible/playbooks/configure-vms.yaml | 4 ++-- ansible/roles/configure-vms/tasks/main.yaml | 2 +- kubernetes/README.md | 13 +++++++++---- kubernetes/media/jellyfin-deploy.yaml | 15 ++++++++++++++- 4 files changed, 26 insertions(+), 8 deletions(-) diff --git a/ansible/playbooks/configure-vms.yaml b/ansible/playbooks/configure-vms.yaml index 85154fc..5b65de6 100644 --- a/ansible/playbooks/configure-vms.yaml +++ b/ansible/playbooks/configure-vms.yaml @@ -1,6 +1,6 @@ -- name: Create Proxmox VMs +- name: Configure Proxmox VMs hosts: vms vars_files: - - ../secrets/vault.yaml # Load the encrypted vault file + - ../secrets/vault.yaml # Load the encrypted vault file roles: - configure-vms \ No newline at end of file diff --git a/ansible/roles/configure-vms/tasks/main.yaml b/ansible/roles/configure-vms/tasks/main.yaml index 3fc982e..48026ba 100644 --- a/ansible/roles/configure-vms/tasks/main.yaml +++ b/ansible/roles/configure-vms/tasks/main.yaml @@ -8,4 +8,4 @@ ansible.builtin.apt: name: "{{ apt_packages }}" state: present - become: true \ No newline at end of file + become: true diff --git a/kubernetes/README.md b/kubernetes/README.md index c4807d2..a1daf84 100644 --- a/kubernetes/README.md +++ b/kubernetes/README.md @@ -6,12 +6,17 @@ The Traefik ingress controller is deployed along with K3s. To modify the default values, ```bash -# k3s still uses traefik V2 -helm upgrade traefik traefik/traefik \ - -n kube-system -f traefik/traefik-values.yaml \ - --version 22.1.0 +helm upgrade --install traefik traefik/traefik \ + -n kube-system \ + --set ingressRoute.dashboard.enabled=true \ + --set ingressRoute.dashboard.matchRule='Host(`dashboard.traefik`)' \ + --set ingressRoute.dashboard.entryPoints={websecure} \ + --set providers.kubernetesGateway.enabled=true \ + --set gateway.namespacePolicy=All ``` +For security reason, the Traefik dashboard is removed after creation for now. + ## Additional Ingress Controller for Internal Access An additional ingress controller is deployed for internal access to services. diff --git a/kubernetes/media/jellyfin-deploy.yaml b/kubernetes/media/jellyfin-deploy.yaml index 1f0d0b2..171fce1 100644 --- a/kubernetes/media/jellyfin-deploy.yaml +++ b/kubernetes/media/jellyfin-deploy.yaml @@ -88,7 +88,7 @@ spec: - name: jellyfin-service port: 8096 tls: - secretName: wildcard-cert-secret + secretName: jellyfin-tls-secret --- apiVersion: traefik.io/v1alpha1 @@ -101,3 +101,16 @@ spec: X-Forwarded-Proto: "https" customResponseHeaders: X-Frame-Options: "SAMEORIGIN" + +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: jellyfin-cert +spec: + secretName: jellyfin-tls-secret + issuerRef: + name: acme-issuer + kind: ClusterIssuer + dnsNames: + - ${JELLYFIN_HOST}