admin/homelab-manifests
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
deb7ae890f3dce404625c5318464a168c769ecce
homelab-manifests/arcade-system/romm.yaml
T
Renovate Bot deb7ae890f
renovate/stability-days Updates have met minimum release age requirement
Details
Update mariadb Docker tag to v12
2026-06-06 07:53:03 +00:00

466 lines
12 KiB
YAML
Raw Blame History

# RoMM - ROM Manager
# https://github.com/rommapp/romm
# Version: 4.6.1
# Domain: arcade.dooplex.hu
# Auth: Native OIDC with Authentik
#
# Authentik Setup:
# 1. Create OAuth2/OIDC Provider:
# - Name: romm
# - Client Type: Confidential
# - Redirect URIs: https://arcade.dooplex.hu/api/oauth/openid
# - Scopes: openid, email, profile
# 2. Create Application linked to this provider
# - Slug: romm (important for OIDC_SERVER_APPLICATION_URL)
---
apiVersion: v1
kind: Namespace
metadata:
name: arcade-system
labels:
app.kubernetes.io/name: romm
---
apiVersion: v1
kind: ConfigMap
metadata:
name: romm-config-template
namespace: arcade-system
data:
config.yml: |
# ROMM Configuration File
# Most settings are handled via environment variables in the deployment.
# This file satisfies the requirement for the config.yml to be present.
romm:
# You can add specific overrides here if needed
# Reference: https://docs.romm.app/4.6.1/Getting-Started/Configuration-File/
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: romm-redis
namespace: arcade-system
labels:
app.kubernetes.io/instance: romm
app.kubernetes.io/name: romm-redis
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: romm
app.kubernetes.io/name: romm-redis
template:
metadata:
labels:
app.kubernetes.io/instance: romm
app.kubernetes.io/name: romm-redis
spec:
containers:
- name: redis
image: redis:7.4-alpine
ports:
- containerPort: 6379
name: redis
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 200m
memory: 128Mi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: romm
namespace: arcade-system
labels:
app.kubernetes.io/instance: romm
app.kubernetes.io/name: romm
app.kubernetes.io/version: "4.6.1"
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: romm
app.kubernetes.io/name: romm
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/instance: romm
app.kubernetes.io/name: romm
app.kubernetes.io/version: "4.6.1"
spec:
securityContext:
fsGroup: 1000
initContainers:
- name: init-config
image: busybox:1.38
command:
- sh
- -c
- |
# Copy the template to the PVC only if it doesn't exist
if [ ! -f /romm/config/config.yml ]; then
echo "Creating initial config.yml from template..."
cp /tmp/template/config.yml /romm/config/config.yml
# Ensure the ROMM user (1000) owns the file
chown 1000:1000 /romm/config/config.yml
else
echo "config.yml already exists, skipping copy."
fi
volumeMounts:
- name: config-template
mountPath: /tmp/template
- name: config-storage
mountPath: /romm/config
containers:
- name: romm
image: rommapp/romm:4.8.1
env:
# Database
- name: DB_HOST
value: "romm-db" # was postgresql-rw.database-system...
- name: DB_PORT
value: "3306" # was 5432
- name: DB_NAME
valueFrom:
secretKeyRef:
name: romm-db
key: database
- name: DB_USER
valueFrom:
secretKeyRef:
name: romm-db
key: username
- name: DB_PASSWD
valueFrom:
secretKeyRef:
name: romm-db
key: password
# Redis
- name: REDIS_HOST
value: "romm-redis"
- name: REDIS_PORT
value: "6379"
# Auth
- name: ROMM_AUTH_SECRET_KEY
valueFrom:
secretKeyRef:
name: romm-app
key: auth-secret-key
# OIDC with Authentik
- name: OIDC_ENABLED
value: "true"
- name: OIDC_PROVIDER
value: "authentik"
- name: OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: romm-oidc
key: client-id
- name: OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: romm-oidc
key: client-secret
- name: OIDC_REDIRECT_URI
value: "https://arcade.dooplex.hu/api/oauth/openid"
- name: OIDC_SERVER_APPLICATION_URL
value: "https://authentik.dooplex.hu/application/o/arcade"
- name: ROMM_PORT
value: "8080"
# API Keys (optional)
- name: IGDB_CLIENT_ID
valueFrom:
secretKeyRef:
name: romm-app
key: igdb-client-id
- name: IGDB_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: romm-app
key: igdb-client-secret
- name: STEAMGRIDDB_API_KEY
valueFrom:
secretKeyRef:
name: romm-app
key: steamgriddb-api-key
- name: SCREENSCRAPER_USER
valueFrom:
secretKeyRef:
name: romm-app
key: screenscraper-user
- name: SCREENSCRAPER_PASSWORD
valueFrom:
secretKeyRef:
name: romm-app
key: screenscraper-password
ports:
- containerPort: 8080
name: http
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 1000m
memory: 1Gi
volumeMounts:
- name: library
mountPath: /romm/library
- name: resources
mountPath: /romm/resources
- name: config-storage
mountPath: /romm/config
livenessProbe:
httpGet:
path: /api/heartbeat
port: http
initialDelaySeconds: 60
periodSeconds: 30
readinessProbe:
httpGet:
path: /api/heartbeat
port: http
initialDelaySeconds: 30
periodSeconds: 10
volumes:
- name: library
hostPath:
path: /mnt/4_hdd/data/roms
type: DirectoryOrCreate
- name: resources
persistentVolumeClaim:
claimName: romm-resources
- name: config-storage
persistentVolumeClaim:
claimName: romm-config
- name: config-template
configMap:
name: romm-config-template
---
apiVersion: v1
kind: Service
metadata:
name: romm-redis
namespace: arcade-system
labels:
app.kubernetes.io/instance: romm
app.kubernetes.io/name: romm-redis
spec:
type: ClusterIP
ports:
- name: redis
port: 6379
targetPort: redis
selector:
app.kubernetes.io/instance: romm
app.kubernetes.io/name: romm-redis
---
apiVersion: v1
kind: Service
metadata:
name: romm
namespace: arcade-system
labels:
app.kubernetes.io/instance: romm
app.kubernetes.io/name: romm
spec:
type: ClusterIP
ports:
- name: http
port: 8080
targetPort: http
selector:
app.kubernetes.io/instance: romm
app.kubernetes.io/name: romm
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: romm
namespace: arcade-system
labels:
app.kubernetes.io/instance: romm
app.kubernetes.io/name: romm
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
external-dns.alpha.kubernetes.io/hostname: arcade.dooplex.hu,arcade.home
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "5g"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
nginx.ingress.kubernetes.io/configuration-snippet: |
set $geo_allowed 0;
if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; }
if ($remote_addr ~ "^10\.") { set $geo_allowed 1; }
if ($geoip2_country_code = "HU") { set $geo_allowed 1; }
if ($geo_allowed = 0) {
return 403 "Access restricted to Hungary";
}
spec:
ingressClassName: nginx-internal
rules:
- host: arcade.dooplex.hu
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: romm
port:
number: 8080
- host: arcade.home
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: romm
port:
number: 8080
tls:
- hosts:
- arcade.dooplex.hu
secretName: romm-tls
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: romm-resources
namespace: arcade-system
labels:
app.kubernetes.io/instance: romm
app.kubernetes.io/name: romm-resources
recurring-job-group.longhorn.io/needbackup: enabled
recurring-job.longhorn.io/source: enabled
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: 10Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: romm-config
namespace: arcade-system
labels:
app.kubernetes.io/instance: romm
app.kubernetes.io/name: romm-config
recurring-job-group.longhorn.io/needbackup: enabled
recurring-job.longhorn.io/source: enabled
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: romm-db
namespace: arcade-system
labels:
app.kubernetes.io/instance: romm
app.kubernetes.io/name: romm-db
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: romm
app.kubernetes.io/name: romm-db
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/instance: romm
app.kubernetes.io/name: romm-db
spec:
containers:
- name: mariadb
image: mariadb:12
env:
- name: MARIADB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: romm-db
key: root-password
- name: MARIADB_DATABASE
valueFrom:
secretKeyRef:
name: romm-db
key: database
- name: MARIADB_USER
valueFrom:
secretKeyRef:
name: romm-db
key: username
- name: MARIADB_PASSWORD
valueFrom:
secretKeyRef:
name: romm-db
key: password
ports:
- containerPort: 3306
name: mariadb
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 500m
memory: 512Mi
volumeMounts:
- name: data
mountPath: /var/lib/mysql
volumes:
- name: data
persistentVolumeClaim:
claimName: romm-db
---
apiVersion: v1
kind: Service
metadata:
name: romm-db
namespace: arcade-system
labels:
app.kubernetes.io/instance: romm
app.kubernetes.io/name: romm-db
spec:
type: ClusterIP
ports:
- name: mariadb
port: 3306
targetPort: mariadb
selector:
app.kubernetes.io/instance: romm
app.kubernetes.io/name: romm-db
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: romm-db
namespace: arcade-system
labels:
app.kubernetes.io/instance: romm
app.kubernetes.io/name: romm-db
recurring-job-group.longhorn.io/needbackup: enabled
recurring-job.longhorn.io/source: enabled
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: 2Gi
Reference in New Issue View Git Blame Copy Permalink