homeserver: update README

ansible/playbooks/configure-vms.yaml

@@ -1,6 +1,6 @@
-- name: Create Proxmox VMs
+- name: Configure Proxmox VMs
   hosts: vms
   vars_files:
-    - ../secrets/vault.yaml  # Load the encrypted vault file
+    - ../secrets/vault.yaml # Load the encrypted vault file
   roles:
     - configure-vms

kubernetes/README.md

@@ -6,12 +6,17 @@ The Traefik ingress controller is deployed along with K3s. To modify the
 default values,
 
 ```bash
-# k3s still uses traefik V2
-helm upgrade traefik traefik/traefik \
-  -n kube-system -f traefik/traefik-values.yaml \
-  --version 22.1.0
+helm upgrade --install traefik traefik/traefik \
+  -n kube-system \
+  --set ingressRoute.dashboard.enabled=true \
+  --set ingressRoute.dashboard.matchRule='Host(`dashboard.traefik`)' \
+  --set ingressRoute.dashboard.entryPoints={websecure} \
+  --set providers.kubernetesGateway.enabled=true \
+  --set gateway.namespacePolicy=All
 ```
 
+For security reason, the Traefik dashboard is removed after creation for now.
+
 ## Additional Ingress Controller for Internal Access
 
 An additional ingress controller is deployed for internal access to services.

kubernetes/media/jellyfin-deploy.yaml

@@ -88,7 +88,7 @@ spec:
         - name: jellyfin-service
           port: 8096
   tls:
-    secretName: wildcard-cert-secret
+    secretName: jellyfin-tls-secret
 
 ---
 apiVersion: traefik.io/v1alpha1
@@ -101,3 +101,16 @@ spec:
       X-Forwarded-Proto: "https"
     customResponseHeaders:
       X-Frame-Options: "SAMEORIGIN"
+
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: jellyfin-cert
+spec:
+  secretName: jellyfin-tls-secret
+  issuerRef:
+    name: acme-issuer
+    kind: ClusterIssuer
+  dnsNames:
+    - ${JELLYFIN_HOST}