added romm

arcade-system/romm.yaml

@@ -0,0 +1,302 @@
+# RoMM - ROM Manager
+# https://github.com/rommapp/romm
+# Version: 4.5.0
+# Domain: arcade.dooplex.hu
+# Auth: Native OIDC with Authentik
+#
+# Authentik Setup:
+# 1. Create OAuth2/OIDC Provider:
+#    - Name: romm
+#    - Client Type: Confidential
+#    - Redirect URIs: https://arcade.dooplex.hu/api/oauth/openid
+#    - Scopes: openid, email, profile
+# 2. Create Application linked to this provider
+#    - Slug: romm (important for OIDC_SERVER_APPLICATION_URL)
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: arcade-system
+  labels:
+    app.kubernetes.io/name: romm
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: romm-redis
+  namespace: arcade-system
+  labels:
+    app.kubernetes.io/instance: romm
+    app.kubernetes.io/name: romm-redis
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: romm
+      app.kubernetes.io/name: romm-redis
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/instance: romm
+        app.kubernetes.io/name: romm-redis
+    spec:
+      containers:
+      - name: redis
+        image: redis:7.2-alpine
+        ports:
+        - containerPort: 6379
+          name: redis
+        resources:
+          requests:
+            cpu: 50m
+            memory: 64Mi
+          limits:
+            cpu: 200m
+            memory: 128Mi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: romm
+  namespace: arcade-system
+  labels:
+    app.kubernetes.io/instance: romm
+    app.kubernetes.io/name: romm
+    app.kubernetes.io/version: "4.5.0"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: romm
+      app.kubernetes.io/name: romm
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/instance: romm
+        app.kubernetes.io/name: romm
+        app.kubernetes.io/version: "4.5.0"
+    spec:
+      containers:
+      - name: romm
+        image: rommapp/romm:4.5.0
+        env:
+        # Database
+        - name: DB_HOST
+          value: "postgresql-rw.database-system.svc.cluster.local"
+        - name: DB_PORT
+          value: "5432"
+        - name: DB_NAME
+          value: "romm"
+        - name: DB_USER
+          valueFrom:
+            secretKeyRef:
+              name: romm-db
+              key: username
+        - name: DB_PASSWD
+          valueFrom:
+            secretKeyRef:
+              name: romm-db
+              key: password
+        # Redis
+        - name: REDIS_HOST
+          value: "romm-redis"
+        - name: REDIS_PORT
+          value: "6379"
+        # Auth
+        - name: ROMM_AUTH_SECRET_KEY
+          valueFrom:
+            secretKeyRef:
+              name: romm-app
+              key: auth-secret-key
+        # OIDC with Authentik
+        - name: OIDC_ENABLED
+          value: "true"
+        - name: OIDC_PROVIDER
+          value: "authentik"
+        - name: OIDC_CLIENT_ID
+          valueFrom:
+            secretKeyRef:
+              name: romm-oidc
+              key: client-id
+        - name: OIDC_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: romm-oidc
+              key: client-secret
+        - name: OIDC_REDIRECT_URI
+          value: "https://arcade.dooplex.hu/api/oauth/openid"
+        - name: OIDC_SERVER_APPLICATION_URL
+          value: "https://authentik.dooplex.hu/application/o/arcade"
+        # API Keys (optional)
+        - name: IGDB_CLIENT_ID
+          valueFrom:
+            secretKeyRef:
+              name: romm-app
+              key: igdb-client-id
+        - name: IGDB_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: romm-app
+              key: igdb-client-secret
+        - name: STEAMGRIDDB_API_KEY
+          valueFrom:
+            secretKeyRef:
+              name: romm-app
+              key: steamgriddb-api-key
+        ports:
+        - containerPort: 8080
+          name: http
+        resources:
+          requests:
+            cpu: 100m
+            memory: 256Mi
+          limits:
+            cpu: 1000m
+            memory: 1Gi
+        volumeMounts:
+        - name: library
+          mountPath: /romm/library
+        - name: resources
+          mountPath: /romm/resources
+        - name: config
+          mountPath: /romm/config
+        livenessProbe:
+          httpGet:
+            path: /api/heartbeat
+            port: http
+          initialDelaySeconds: 60
+          periodSeconds: 30
+        readinessProbe:
+          httpGet:
+            path: /api/heartbeat
+            port: http
+          initialDelaySeconds: 30
+          periodSeconds: 10
+      volumes:
+      - name: library
+        hostPath:
+          path: /mnt/4_hdd/data/roms
+          type: DirectoryOrCreate
+      - name: resources
+        persistentVolumeClaim:
+          claimName: romm-resources
+      - name: config
+        persistentVolumeClaim:
+          claimName: romm-config
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: romm-redis
+  namespace: arcade-system
+  labels:
+    app.kubernetes.io/instance: romm
+    app.kubernetes.io/name: romm-redis
+spec:
+  type: ClusterIP
+  ports:
+  - name: redis
+    port: 6379
+    targetPort: redis
+  selector:
+    app.kubernetes.io/instance: romm
+    app.kubernetes.io/name: romm-redis
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: romm
+  namespace: arcade-system
+  labels:
+    app.kubernetes.io/instance: romm
+    app.kubernetes.io/name: romm
+spec:
+  type: ClusterIP
+  ports:
+  - name: http
+    port: 8080
+    targetPort: http
+  selector:
+    app.kubernetes.io/instance: romm
+    app.kubernetes.io/name: romm
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: romm
+  namespace: arcade-system
+  labels:
+    app.kubernetes.io/instance: romm
+    app.kubernetes.io/name: romm
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    external-dns.alpha.kubernetes.io/hostname: arcade.dooplex.hu,arcade.home
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/proxy-body-size: "5g"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
+spec:
+  ingressClassName: nginx-internal
+  rules:
+  - host: arcade.dooplex.hu
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: romm
+            port:
+              number: 8080
+  - host: arcade.home
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: romm
+            port:
+              number: 8080
+  tls:
+  - hosts:
+    - arcade.dooplex.hu
+    secretName: romm-tls
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: romm-resources
+  namespace: arcade-system
+  labels:
+    app.kubernetes.io/instance: romm
+    app.kubernetes.io/name: romm-resources
+    recurring-job-group.longhorn.io/needbackup: enabled
+    recurring-job.longhorn.io/source: enabled
+spec:
+  accessModes:
+  - ReadWriteOnce
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: 10Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: romm-config
+  namespace: arcade-system
+  labels:
+    app.kubernetes.io/instance: romm
+    app.kubernetes.io/name: romm-config
+    recurring-job-group.longhorn.io/needbackup: enabled
+    recurring-job.longhorn.io/source: enabled
+spec:
+  accessModes:
+  - ReadWriteOnce
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: 1Gi

argocd-apps/homelab.yaml

@@ -767,4 +767,26 @@ spec:
     syncOptions:
     - CreateNamespace=true
     - PruneLast=true
+---
+# Arcade (ROMM)
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: arcade
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: homelab
+  source:
+    repoURL: https://gitea.dooplex.hu/admin/homelab-manifests.git
+    targetRevision: main
+    path: arcade-system
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: arcade-system
+  syncPolicy:
+    syncOptions:
+    - CreateNamespace=true
+    - PruneLast=true
 ---