From 2c2042da00f4f3df821e420772b67dada1c2743b Mon Sep 17 00:00:00 2001 From: kisfenyo Date: Fri, 2 Jan 2026 16:14:06 +0100 Subject: [PATCH] added romm --- arcade-system/romm.yaml | 302 +++++++++++++++++++++++++++++++++++++++ argocd-apps/homelab.yaml | 22 +++ 2 files changed, 324 insertions(+) create mode 100644 arcade-system/romm.yaml diff --git a/arcade-system/romm.yaml b/arcade-system/romm.yaml new file mode 100644 index 0000000..9e77a84 --- /dev/null +++ b/arcade-system/romm.yaml @@ -0,0 +1,302 @@ +# RoMM - ROM Manager +# https://github.com/rommapp/romm +# Version: 4.5.0 +# Domain: arcade.dooplex.hu +# Auth: Native OIDC with Authentik +# +# Authentik Setup: +# 1. Create OAuth2/OIDC Provider: +# - Name: romm +# - Client Type: Confidential +# - Redirect URIs: https://arcade.dooplex.hu/api/oauth/openid +# - Scopes: openid, email, profile +# 2. Create Application linked to this provider +# - Slug: romm (important for OIDC_SERVER_APPLICATION_URL) +--- +apiVersion: v1 +kind: Namespace +metadata: + name: arcade-system + labels: + app.kubernetes.io/name: romm +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: romm-redis + namespace: arcade-system + labels: + app.kubernetes.io/instance: romm + app.kubernetes.io/name: romm-redis +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: romm + app.kubernetes.io/name: romm-redis + template: + metadata: + labels: + app.kubernetes.io/instance: romm + app.kubernetes.io/name: romm-redis + spec: + containers: + - name: redis + image: redis:7.2-alpine + ports: + - containerPort: 6379 + name: redis + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 200m + memory: 128Mi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: romm + namespace: arcade-system + labels: + app.kubernetes.io/instance: romm + app.kubernetes.io/name: romm + app.kubernetes.io/version: "4.5.0" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: romm + app.kubernetes.io/name: romm + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/instance: romm + app.kubernetes.io/name: romm + app.kubernetes.io/version: "4.5.0" + spec: + containers: + - name: romm + image: rommapp/romm:4.5.0 + env: + # Database + - name: DB_HOST + value: "postgresql-rw.database-system.svc.cluster.local" + - name: DB_PORT + value: "5432" + - name: DB_NAME + value: "romm" + - name: DB_USER + valueFrom: + secretKeyRef: + name: romm-db + key: username + - name: DB_PASSWD + valueFrom: + secretKeyRef: + name: romm-db + key: password + # Redis + - name: REDIS_HOST + value: "romm-redis" + - name: REDIS_PORT + value: "6379" + # Auth + - name: ROMM_AUTH_SECRET_KEY + valueFrom: + secretKeyRef: + name: romm-app + key: auth-secret-key + # OIDC with Authentik + - name: OIDC_ENABLED + value: "true" + - name: OIDC_PROVIDER + value: "authentik" + - name: OIDC_CLIENT_ID + valueFrom: + secretKeyRef: + name: romm-oidc + key: client-id + - name: OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: romm-oidc + key: client-secret + - name: OIDC_REDIRECT_URI + value: "https://arcade.dooplex.hu/api/oauth/openid" + - name: OIDC_SERVER_APPLICATION_URL + value: "https://authentik.dooplex.hu/application/o/arcade" + # API Keys (optional) + - name: IGDB_CLIENT_ID + valueFrom: + secretKeyRef: + name: romm-app + key: igdb-client-id + - name: IGDB_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: romm-app + key: igdb-client-secret + - name: STEAMGRIDDB_API_KEY + valueFrom: + secretKeyRef: + name: romm-app + key: steamgriddb-api-key + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 100m + memory: 256Mi + limits: + cpu: 1000m + memory: 1Gi + volumeMounts: + - name: library + mountPath: /romm/library + - name: resources + mountPath: /romm/resources + - name: config + mountPath: /romm/config + livenessProbe: + httpGet: + path: /api/heartbeat + port: http + initialDelaySeconds: 60 + periodSeconds: 30 + readinessProbe: + httpGet: + path: /api/heartbeat + port: http + initialDelaySeconds: 30 + periodSeconds: 10 + volumes: + - name: library + hostPath: + path: /mnt/4_hdd/data/roms + type: DirectoryOrCreate + - name: resources + persistentVolumeClaim: + claimName: romm-resources + - name: config + persistentVolumeClaim: + claimName: romm-config +--- +apiVersion: v1 +kind: Service +metadata: + name: romm-redis + namespace: arcade-system + labels: + app.kubernetes.io/instance: romm + app.kubernetes.io/name: romm-redis +spec: + type: ClusterIP + ports: + - name: redis + port: 6379 + targetPort: redis + selector: + app.kubernetes.io/instance: romm + app.kubernetes.io/name: romm-redis +--- +apiVersion: v1 +kind: Service +metadata: + name: romm + namespace: arcade-system + labels: + app.kubernetes.io/instance: romm + app.kubernetes.io/name: romm +spec: + type: ClusterIP + ports: + - name: http + port: 8080 + targetPort: http + selector: + app.kubernetes.io/instance: romm + app.kubernetes.io/name: romm +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: romm + namespace: arcade-system + labels: + app.kubernetes.io/instance: romm + app.kubernetes.io/name: romm + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + external-dns.alpha.kubernetes.io/hostname: arcade.dooplex.hu,arcade.home + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/proxy-body-size: "5g" + nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" + nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" +spec: + ingressClassName: nginx-internal + rules: + - host: arcade.dooplex.hu + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: romm + port: + number: 8080 + - host: arcade.home + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: romm + port: + number: 8080 + tls: + - hosts: + - arcade.dooplex.hu + secretName: romm-tls +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: romm-resources + namespace: arcade-system + labels: + app.kubernetes.io/instance: romm + app.kubernetes.io/name: romm-resources + recurring-job-group.longhorn.io/needbackup: enabled + recurring-job.longhorn.io/source: enabled +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn + resources: + requests: + storage: 10Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: romm-config + namespace: arcade-system + labels: + app.kubernetes.io/instance: romm + app.kubernetes.io/name: romm-config + recurring-job-group.longhorn.io/needbackup: enabled + recurring-job.longhorn.io/source: enabled +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn + resources: + requests: + storage: 1Gi \ No newline at end of file diff --git a/argocd-apps/homelab.yaml b/argocd-apps/homelab.yaml index ec8faa8..ccdbadf 100644 --- a/argocd-apps/homelab.yaml +++ b/argocd-apps/homelab.yaml @@ -767,4 +767,26 @@ spec: syncOptions: - CreateNamespace=true - PruneLast=true +--- +# Arcade (ROMM) +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: arcade + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: homelab + source: + repoURL: https://gitea.dooplex.hu/admin/homelab-manifests.git + targetRevision: main + path: arcade-system + destination: + server: https://kubernetes.default.svc + namespace: arcade-system + syncPolicy: + syncOptions: + - CreateNamespace=true + - PruneLast=true --- \ No newline at end of file