From a5d65c3be0d5d7d8fa9ea85697dd85d8e3146232 Mon Sep 17 00:00:00 2001
From: kisfenyo <kisfenyo@dooplex.local>
Date: Thu, 18 Dec 2025 20:40:31 +0100
Subject: [PATCH] Add Helm values for pihole, external-dns, plex

---
 helm/external-dns/values.yaml |  46 +++++
 helm/pihole/values.yaml       |  31 ++++
 helm/plex/values.yaml         | 319 ++++++++++++++++++++++++++++++++++
 3 files changed, 396 insertions(+)
 create mode 100755 helm/external-dns/values.yaml
 create mode 100755 helm/pihole/values.yaml
 create mode 100755 helm/plex/values.yaml

diff --git a/helm/external-dns/values.yaml b/helm/external-dns/values.yaml
new file mode 100755
index 0000000..c8fecbf
--- /dev/null
+++ b/helm/external-dns/values.yaml
@@ -0,0 +1,46 @@
+# Provider 
+provider: pihole
+
+# Policy
+policy: upsert-only
+
+# TXT owner
+txtOwnerId: homelab
+
+# Log level
+logLevel: info
+
+extraArgs:
+  - --pihole-tls-skip-verify
+  - --pihole-api-version=6
+
+# Pi-hole password from secret
+env:
+  - name: EXTERNAL_DNS_PIHOLE_PASSWORD
+    valueFrom:
+      secretKeyRef:
+        name: pihole-password
+        key: password
+  - name: EXTERNAL_DNS_PIHOLE_SERVER
+    # make sure NOT to put a trailing slash, as external-dns adds its own
+    value: http://pihole-web.pihole-system.svc.cluster.local
+
+# Sources to watch
+sources:
+  - ingress
+  - service
+
+# Service account
+serviceAccount:
+  create: true
+  name: external-dns
+
+# RBAC
+rbac:
+  create: true
+
+# Image configuration
+image:
+  repository: registry.k8s.io/external-dns/external-dns
+  tag: v0.19.0
+  pullPolicy: IfNotPresent
diff --git a/helm/pihole/values.yaml b/helm/pihole/values.yaml
new file mode 100755
index 0000000..26964a2
--- /dev/null
+++ b/helm/pihole/values.yaml
@@ -0,0 +1,31 @@
+---
+DNS1: "1.1.1.1"   # Cloudflare
+DNS2: "8.8.8.8"   # Google
+DNS3: "9.9.9.9"   #Quad9
+DNS4: "208.67.222.222" #OpenDNS
+persistentVolumeClaim:
+  enabled: true
+ingress:
+  enabled: true
+  hosts: 
+  - "pihole.home"
+serviceWeb:
+  loadBalancerIP: 192.168.0.250
+  annotations:
+    metallb.universe.tf/allow-shared-ip: pihole-svc
+  type: LoadBalancer
+serviceDns:
+  loadBalancerIP: 192.168.0.250
+  annotations:
+    metallb.universe.tf/allow-shared-ip: pihole-svc
+  type: LoadBalancer
+replicaCount: 1
+dns:
+  adlist:
+    - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
+    - https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/pro.txt
+    - https://blocklistproject.github.io/Lists/ads.txt
+    - https://adaway.org/hosts.txt
+    - https://v.firebog.net/hosts/AdguardDNS.txt
+    - https://v.firebog.net/hosts/Admiral.txt
+    - https://v.firebog.net/hosts/Easylist.txt
diff --git a/helm/plex/values.yaml b/helm/plex/values.yaml
new file mode 100755
index 0000000..9d75324
--- /dev/null
+++ b/helm/plex/values.yaml
@@ -0,0 +1,319 @@
+# -- The docker image information for the pms application
+image:
+  # -- The public dockerhub registry
+  registry: index.docker.io
+  repository: plexinc/pms-docker
+  # renovate: datasource=custom.plex depName=plex versioning=loose
+  tag: "1.42.2.10156-f737b826c"
+  sha: ""
+  pullPolicy: IfNotPresent
+
+global:
+  # -- Allow parent charts to override registry hostname
+  imageRegistry: ""
+
+# -- Optional DNS configuration for the Pod
+dnsConfig: {}
+
+# -- Specifies the Pod's DNS policy. Default is typically 'ClusterFirst'.
+#    If 'hostNetwork: true' is used, you may need to set this to 'ClusterFirstWithHostNet'.
+#    Allowed values are ClusterFirst, Default, None, or ClusterFirstWithHostNet.
+dnsPolicy: ""
+
+# -- Set to true to run the Pod in the host's network namespace.
+#    This may be required for specific networking setups or accessing local resources.
+hostNetwork: false
+
+ingress:
+  # -- Specify if an ingress resource for the pms server should be created or not
+  enabled: false
+
+  # -- The ingress class that should be used
+  ingressClassName: "ingress-nginx"
+
+  # -- The url to use for the ingress reverse proxy to point at this pms instance
+  url: ""
+
+  # -- Optional TLS configuration to provide valid https connections
+  # using an existing SSL certificate
+  tls: []
+  #   - hosts:
+  #       - plex.example.com
+  #     secretName: cert-example-com
+
+  # -- Custom annotations to put on the ingress resource
+  annotations: {}
+
+pms:
+  # -- The storage class to use when provisioning the pms config volume
+  # this needs to be created manually, null will use the default
+  storageClassName: longhorn
+
+  # -- The volume size to provision for the PMS database
+  configStorage: 20Gi
+
+  # -- Name of an existing `PersistentVolumeClaim` for the PMS database
+  # NOTE: When set, 'configStorage' and 'storageClassName' are ignored.
+  configExistingClaim: pms-config-plex-plex-media-server-0
+
+  # Providing both name and key will add in the PLEX_CLAIM environment variable
+  # with the correct secretKeyRef configuration
+  # Clashes with providing PLEX_CLAIM via `extraEnv` so only provide one or the other!
+  claimSecret:
+    name: ""
+    key: ""
+
+  # Enabling this will add nvidia.com/gpu: 1 to limits, and will set
+  # environment for the nvidia operator
+  gpu:
+    nvidia:
+      enabled: false
+      # -- Optional: NVIDIA GPU devices by index or UUID.
+      # Examples: "0,1", "GPU-uuid1,GPU-uuid2", or "all".
+      # See [NVIDIA docs](https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/docker-specialized.html#gpu-enumeration)
+      devices: "all"
+      # -- Optional: NVIDIA driver capabilities.
+      # Available values are: `compute`, `compat32`, `graphics`, `utility`, `video`, `display`.
+      # See [NVIDIA docs](https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/docker-specialized.html#driver-capabilities)
+      capabilities: "compute,video,utility"
+
+  resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+  # -- Security context for PMS pods
+  securityContext: {}
+
+  # -- Enable process namespace sharing within the pod.
+  shareProcessNamespace: false
+
+  # -- Add kubernetes liveness probe to pms container.
+  livenessProbe: {}
+    # httpGet:
+    #   path: /identity
+    #   port: 32400
+    # initialDelaySeconds: 60
+    # periodSeconds: 60
+    # timeoutSeconds: 1
+    # failureThreshold: 3
+
+  # -- Add kubernetes readiness probe to pms container.
+  readinessProbe: {}
+    # httpGet:
+    #   path: /identity
+    #   port: 32400
+    # initialDelaySeconds: 60
+    # periodSeconds: 60
+    # timeoutSeconds: 1
+    # failureThreshold: 3
+
+# -- A basic image that will convert the configmap to a file in the rclone config volume
+# this is ignored if rclone is not enabled
+initContainer:
+  image:
+    # -- The public dockerhub registry
+    registry: index.docker.io
+    repository: alpine
+    # -- If unset use latest
+    tag: "3.22"
+    sha: ""
+    pullPolicy: IfNotPresent
+
+  # -- A custom script that will be run in an init container to do any setup before the PMS service starts up
+  # This will be run every time the pod starts, make sure that some mechanism is included to prevent
+  # this from running more than once if it should only be run on the first startup.
+  script: ""
+  ###
+  ### Example init script that will import a pre-existing pms database if one has not already been setup
+  ### This pms database must be available through a URL (or some other mechanism to be pulled into the container)
+  # script: |-
+  #   #!/bin/sh
+  #   echo "fetching pre-existing pms database to import..."
+  #
+  #   if [ -d "/config/Library" ]; then
+  #     echo "PMS library already exists, exiting."
+  #     exit 0
+  #   fi
+  #
+  #   apk --update add curl
+  #   curl http://example.com/pms.tgz -o pms.tgz
+  #   tar -xvzf pms.tgz -C /config
+  #   cp -r /config/data/Library /config/Library
+  #   rm -rf /config/data pms.tgz
+  #
+  #   echo "Done."
+
+extraInitContainers: {}
+# extraContainers:
+#  - name: <container name>
+#    args:
+#      - ...
+#    image: <docker images>
+#    imagePullPolicy: IfNotPresent
+#    resources:
+#      limits:
+#        memory: 128Mi
+#      requests:
+#        cpu: 100m
+#        memory: 128Mi
+#    volumeMounts:
+#      - ...
+
+# -- Specify your own runtime class name eg use gpu
+runtimeClassName: ""
+
+# -- The settings specific to rclone
+rclone:
+  # -- If the rclone sidecar should be created
+  enabled: false
+
+  # -- The rclone image that should be used
+  image:
+    # -- The public dockerhub registry
+    registry: index.docker.io
+    repository: rclone/rclone
+    # -- If unset use latest
+    tag: 1.70.3
+    sha: ""
+    pullPolicy: IfNotPresent
+
+  # -- The name of the secret that contains the rclone configuration file.
+  # The rclone config key must be called `rclone.conf` in the secret
+  #
+  # All keys in configSecret will be available in /etc/rclone/. This might
+  # be useful if other files are needed, such as a private key for sftp mode.
+  configSecret: ""
+
+  # -- The remote drive that should be mounted using rclone
+  # this must be in the form of `name:[/optional/path]`
+  # this remote will be mounted at `/data/name` in the PMS container
+  remotes: []
+
+  # -- If the remote volumes should be mounted as read only
+  readOnly: true
+
+  # -- Additional arguments to give to rclone when mounting the volume
+  additionalArgs: []
+
+  resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # -- Specifies whether a service account should be created
+  create: true
+  # -- If the service account token should be auto mounted
+  automountServiceAccountToken: false
+  # -- Annotations to add to the service account
+  annotations: {}
+  # -- The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+statefulSet:
+  # -- Optional extra annotations to add to the service resource
+  annotations: {}
+  # -- Optional extra annotations to add to the pods in the statefulset
+  podAnnotations: {}
+
+service:
+  type: LoadBalancer
+  port: 32400
+  loadBalancerIP: 192.168.0.200
+
+  # -- Deprecated: Pre-defined IP address of the PMS service.
+  # Used by cloud providers to connect the resulting load balancer service to a
+  # pre-existing static IP.
+  # Users are encouraged to use implementation-specific annotations when available instead.
+  # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
+  # loadBalancerIP: ""
+
+  # Port to use when type of service is "NodePort" (32400 by default)
+  # nodePort: 32400
+
+  # when NodePort is used, plex is unable to determine user IP
+  # all traffic seems to come from within the cluster
+  # setting this to 'Local' will allow Plex to determine the actual IP of user.
+  # used to determine bitrate for remote transcoding
+  # but the pods can only be accessed by the Node IP where the pod is running
+  # Read more here: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+  # https://access.redhat.com/solutions/7028639
+  # externalTrafficPolicy: Local
+
+  # -- Optional extra annotations to add to the service resource
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: plex.home
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+priorityClassName: ""
+
+# -- Common Labels for all resources created by this chart.
+commonLabels: {}
+
+extraEnv: {}
+# extraEnv:
+# This claim is optional, and is only used for the first startup of PMS
+# The claim is obtained from https://www.plex.tv/claim/ is is only valid for a few minutes
+#   PLEX_CLAIM: "claim"
+#   HOSTNAME: "PlexServer"
+#   TZ: "Etc/UTC"
+#   PLEX_UPDATE_CHANNEL: "5"
+#   PLEX_UID: "uid of plex user"
+#   PLEX_GID: "group id of plex user"
+# a list of CIDRs that can use the server without authentication
+# this is only used for the first startup of PMS
+#   ALLOWED_NETWORKS: "0.0.0.0/0"
+
+# -- Optionally specify additional volume mounts for the PMS and init containers.
+extraVolumeMounts:
+  - name: movies
+    mountPath: /media
+
+# -- Optionally specify additional volumes for the pod.
+extraVolumes:
+  - name: movies
+    hostPath:
+      path: /mnt/plex_media
+      type: Directory
+
+extraContainers: []
+# extraContainers:
+#  - name: <container name>
+#    args:
+#      - ...
+#    image: <docker images>
+#    imagePullPolicy: IfNotPresent
+#    resources:
+#      limits:
+#        memory: 128Mi
+#      requests:
+#        cpu: 100m
+#        memory: 128Mi
+#    volumeMounts:
+#      - ...
+