# RoMM - ROM Manager # https://github.com/rommapp/romm # Version: 4.5.0 # Domain: arcade.dooplex.hu # Auth: Native OIDC with Authentik # # Authentik Setup: # 1. Create OAuth2/OIDC Provider: # - Name: romm # - Client Type: Confidential # - Redirect URIs: https://arcade.dooplex.hu/api/oauth/openid # - Scopes: openid, email, profile # 2. Create Application linked to this provider # - Slug: romm (important for OIDC_SERVER_APPLICATION_URL) --- apiVersion: v1 kind: Namespace metadata: name: arcade-system labels: app.kubernetes.io/name: romm --- apiVersion: apps/v1 kind: Deployment metadata: name: romm-redis namespace: arcade-system labels: app.kubernetes.io/instance: romm app.kubernetes.io/name: romm-redis spec: replicas: 1 selector: matchLabels: app.kubernetes.io/instance: romm app.kubernetes.io/name: romm-redis template: metadata: labels: app.kubernetes.io/instance: romm app.kubernetes.io/name: romm-redis spec: containers: - name: redis image: redis:7.2-alpine ports: - containerPort: 6379 name: redis resources: requests: cpu: 50m memory: 64Mi limits: cpu: 200m memory: 128Mi --- apiVersion: apps/v1 kind: Deployment metadata: name: romm namespace: arcade-system labels: app.kubernetes.io/instance: romm app.kubernetes.io/name: romm app.kubernetes.io/version: "4.5.0" spec: replicas: 1 selector: matchLabels: app.kubernetes.io/instance: romm app.kubernetes.io/name: romm strategy: type: Recreate template: metadata: labels: app.kubernetes.io/instance: romm app.kubernetes.io/name: romm app.kubernetes.io/version: "4.5.0" spec: containers: - name: romm image: rommapp/romm:4.5.0 env: # Database - name: DB_HOST value: "romm-db" # was postgresql-rw.database-system... - name: DB_PORT value: "3306" # was 5432 - name: DB_NAME valueFrom: secretKeyRef: name: romm-db key: database - name: DB_USER valueFrom: secretKeyRef: name: romm-db key: username - name: DB_PASSWD valueFrom: secretKeyRef: name: romm-db key: password # Redis - name: REDIS_HOST value: "romm-redis" - name: REDIS_PORT value: "6379" # Auth - name: ROMM_AUTH_SECRET_KEY valueFrom: secretKeyRef: name: romm-app key: auth-secret-key # OIDC with Authentik - name: OIDC_ENABLED value: "true" - name: OIDC_PROVIDER value: "authentik" - name: OIDC_CLIENT_ID valueFrom: secretKeyRef: name: romm-oidc key: client-id - name: OIDC_CLIENT_SECRET valueFrom: secretKeyRef: name: romm-oidc key: client-secret - name: OIDC_REDIRECT_URI value: "https://arcade.dooplex.hu/api/oauth/openid" - name: OIDC_SERVER_APPLICATION_URL value: "https://authentik.dooplex.hu/application/o/arcade" - name: ROMM_PORT value: "8080" # API Keys (optional) - name: IGDB_CLIENT_ID valueFrom: secretKeyRef: name: romm-app key: igdb-client-id - name: IGDB_CLIENT_SECRET valueFrom: secretKeyRef: name: romm-app key: igdb-client-secret - name: STEAMGRIDDB_API_KEY valueFrom: secretKeyRef: name: romm-app key: steamgriddb-api-key - name: SCREENSCRAPER_USER valueFrom: secretKeyRef: name: romm-app key: sscreenscraper-user - name: SCREENSCRAPER_PASSWORD valueFrom: secretKeyRef: name: romm-app key: screenscraper-password ports: - containerPort: 8080 name: http resources: requests: cpu: 100m memory: 256Mi limits: cpu: 1000m memory: 1Gi volumeMounts: - name: library mountPath: /romm/library - name: resources mountPath: /romm/resources - name: config mountPath: /romm/config livenessProbe: httpGet: path: /api/heartbeat port: http initialDelaySeconds: 60 periodSeconds: 30 readinessProbe: httpGet: path: /api/heartbeat port: http initialDelaySeconds: 30 periodSeconds: 10 volumes: - name: library hostPath: path: /mnt/4_hdd/data/roms type: DirectoryOrCreate - name: resources persistentVolumeClaim: claimName: romm-resources - name: config persistentVolumeClaim: claimName: romm-config --- apiVersion: v1 kind: Service metadata: name: romm-redis namespace: arcade-system labels: app.kubernetes.io/instance: romm app.kubernetes.io/name: romm-redis spec: type: ClusterIP ports: - name: redis port: 6379 targetPort: redis selector: app.kubernetes.io/instance: romm app.kubernetes.io/name: romm-redis --- apiVersion: v1 kind: Service metadata: name: romm namespace: arcade-system labels: app.kubernetes.io/instance: romm app.kubernetes.io/name: romm spec: type: ClusterIP ports: - name: http port: 8080 targetPort: http selector: app.kubernetes.io/instance: romm app.kubernetes.io/name: romm --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: romm namespace: arcade-system labels: app.kubernetes.io/instance: romm app.kubernetes.io/name: romm annotations: cert-manager.io/cluster-issuer: letsencrypt-prod external-dns.alpha.kubernetes.io/hostname: arcade.dooplex.hu,arcade.home nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-body-size: "5g" nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" spec: ingressClassName: nginx-internal rules: - host: arcade.dooplex.hu http: paths: - path: / pathType: Prefix backend: service: name: romm port: number: 8080 - host: arcade.home http: paths: - path: / pathType: Prefix backend: service: name: romm port: number: 8080 tls: - hosts: - arcade.dooplex.hu secretName: romm-tls --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: romm-resources namespace: arcade-system labels: app.kubernetes.io/instance: romm app.kubernetes.io/name: romm-resources recurring-job-group.longhorn.io/needbackup: enabled recurring-job.longhorn.io/source: enabled spec: accessModes: - ReadWriteOnce storageClassName: longhorn resources: requests: storage: 10Gi --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: romm-config namespace: arcade-system labels: app.kubernetes.io/instance: romm app.kubernetes.io/name: romm-config recurring-job-group.longhorn.io/needbackup: enabled recurring-job.longhorn.io/source: enabled spec: accessModes: - ReadWriteOnce storageClassName: longhorn resources: requests: storage: 1Gi --- apiVersion: apps/v1 kind: Deployment metadata: name: romm-db namespace: arcade-system labels: app.kubernetes.io/instance: romm app.kubernetes.io/name: romm-db spec: replicas: 1 selector: matchLabels: app.kubernetes.io/instance: romm app.kubernetes.io/name: romm-db strategy: type: Recreate template: metadata: labels: app.kubernetes.io/instance: romm app.kubernetes.io/name: romm-db spec: containers: - name: mariadb image: mariadb:11 env: - name: MARIADB_ROOT_PASSWORD valueFrom: secretKeyRef: name: romm-db key: root-password - name: MARIADB_DATABASE valueFrom: secretKeyRef: name: romm-db key: database - name: MARIADB_USER valueFrom: secretKeyRef: name: romm-db key: username - name: MARIADB_PASSWORD valueFrom: secretKeyRef: name: romm-db key: password ports: - containerPort: 3306 name: mariadb resources: requests: cpu: 100m memory: 256Mi limits: cpu: 500m memory: 512Mi volumeMounts: - name: data mountPath: /var/lib/mysql volumes: - name: data persistentVolumeClaim: claimName: romm-db --- apiVersion: v1 kind: Service metadata: name: romm-db namespace: arcade-system labels: app.kubernetes.io/instance: romm app.kubernetes.io/name: romm-db spec: type: ClusterIP ports: - name: mariadb port: 3306 targetPort: mariadb selector: app.kubernetes.io/instance: romm app.kubernetes.io/name: romm-db --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: romm-db namespace: arcade-system labels: app.kubernetes.io/instance: romm app.kubernetes.io/name: romm-db recurring-job-group.longhorn.io/needbackup: enabled recurring-job.longhorn.io/source: enabled spec: accessModes: - ReadWriteOnce storageClassName: longhorn resources: requests: storage: 2Gi