shahab/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Media | use single certificate for all services

Browse Source
This commit is contained in:
Shahab Dogar
2026-02-27 14:53:56 +05:00
parent 2a0da5d27e
commit b91fc65d9e
6 changed files with 43 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
media-services/index.ts
View File

@@ -3,7 +3,7 @@ import { TerraformStack } from "cdktf";
import { KubernetesProvider } from "@cdktf/provider-kubernetes/lib/provider"; import { KubernetesProvider } from "@cdktf/provider-kubernetes/lib/provider";
import { NamespaceV1 } from "@cdktf/provider-kubernetes/lib/namespace-v1"; import { NamespaceV1 } from "@cdktf/provider-kubernetes/lib/namespace-v1";
import { LonghornPvc } from "../utils"; import { CloudflareCertificate, LonghornPvc } from "../utils";
import { JellyfinServer } from "./jellyfin"; import { JellyfinServer } from "./jellyfin";
import { SonarrServer } from "./sonarr"; import { SonarrServer } from "./sonarr";
import { RadarrServer } from "./radarr"; import { RadarrServer } from "./radarr";
@@ -42,10 +42,28 @@ export class MediaServices extends TerraformStack {
size: "450Gi", size: "450Gi",
}); });
const certificateSecretName = "media-services-tls";
new CloudflareCertificate(this, "cloudflare-certificate", {
provider,
namespace,
name: "media-services",
dnsNames: [
"media.dogar.dev",
"sonarr.dogar.dev",
"radarr.dogar.dev",
"torrent.dogar.dev",
"prowlarr.dogar.dev",
],
secretName: certificateSecretName,
commonName: "media.dogar.dev",
});
// Deploy media services // Deploy media services
new JellyfinServer(this, "jellyfin", { new JellyfinServer(this, "jellyfin", {
provider, provider,
namespace, namespace,
certificateSecretName,
mediaPvcName: mediaPvc.name, mediaPvcName: mediaPvc.name,
host: "media.dogar.dev", host: "media.dogar.dev",
}); });
@@ -53,6 +71,7 @@ export class MediaServices extends TerraformStack {
new SonarrServer(this, "sonarr", { new SonarrServer(this, "sonarr", {
provider, provider,
namespace, namespace,
certificateSecretName,
mediaPvcName: mediaPvc.name, mediaPvcName: mediaPvc.name,
downloadsPvcName: downloadsPvc.name, downloadsPvcName: downloadsPvc.name,
host: "sonarr.dogar.dev", host: "sonarr.dogar.dev",
@@ -61,6 +80,7 @@ export class MediaServices extends TerraformStack {
new RadarrServer(this, "radarr", { new RadarrServer(this, "radarr", {
provider, provider,
namespace, namespace,
certificateSecretName,
mediaPvcName: mediaPvc.name, mediaPvcName: mediaPvc.name,
downloadsPvcName: downloadsPvc.name, downloadsPvcName: downloadsPvc.name,
host: "radarr.dogar.dev", host: "radarr.dogar.dev",
@@ -69,6 +89,7 @@ export class MediaServices extends TerraformStack {
new QBittorrentServer(this, "qbittorrent", { new QBittorrentServer(this, "qbittorrent", {
provider, provider,
namespace, namespace,
certificateSecretName,
downloadsPvcName: downloadsPvc.name, downloadsPvcName: downloadsPvc.name,
host: "torrent.dogar.dev", host: "torrent.dogar.dev",
}); });
@@ -76,6 +97,7 @@ export class MediaServices extends TerraformStack {
new ProwlarrServer(this, "prowlarr", { new ProwlarrServer(this, "prowlarr", {
provider, provider,
namespace, namespace,
certificateSecretName,
host: "prowlarr.dogar.dev", host: "prowlarr.dogar.dev",
}); });
} }

18
media-services/jellyfin/index.ts
View File

@@ -2,11 +2,7 @@ import { Construct } from "constructs";
import { DeploymentV1 } from "@cdktf/provider-kubernetes/lib/deployment-v1"; import { DeploymentV1 } from "@cdktf/provider-kubernetes/lib/deployment-v1";
import { ServiceV1 } from "@cdktf/provider-kubernetes/lib/service-v1"; import { ServiceV1 } from "@cdktf/provider-kubernetes/lib/service-v1";
import { import { InternalIngressRoute, LonghornPvc } from "../../utils";
CloudflareCertificate,
InternalIngressRoute,
LonghornPvc,
} from "../../utils";
import { BaseMediaServiceOptions, getAamil3NodeSelector } from "../types"; import { BaseMediaServiceOptions, getAamil3NodeSelector } from "../types";
type JellyfinServerOptions = BaseMediaServiceOptions & { type JellyfinServerOptions = BaseMediaServiceOptions & {
@@ -14,6 +10,8 @@ type JellyfinServerOptions = BaseMediaServiceOptions & {
mediaPvcName: string; mediaPvcName: string;
/** Hostname for the ingress */ /** Hostname for the ingress */
host: string; host: string;
/** Secret name for the TLS certificate */
certificateSecretName: string;
}; };
export class JellyfinServer extends Construct { export class JellyfinServer extends Construct {
@@ -140,14 +138,6 @@ export class JellyfinServer extends Construct {
}, },
}); });
new CloudflareCertificate(this, "certificate", {
provider,
namespace,
name,
secretName: "jellyfin-tls",
dnsNames: [host],
});
// Ingress - using internal ingress for secure access // Ingress - using internal ingress for secure access
new InternalIngressRoute(this, "ingress", { new InternalIngressRoute(this, "ingress", {
provider, provider,
@@ -156,7 +146,7 @@ export class JellyfinServer extends Construct {
host, host,
serviceName: name, serviceName: name,
servicePort: 80, servicePort: 80,
tlsSecretName: "jellyfin-tls", tlsSecretName: options.certificateSecretName,
}); });
} }
} }

19
media-services/prowlarr/index.ts
View File

@@ -2,11 +2,7 @@ import { Construct } from "constructs";
import { DeploymentV1 } from "@cdktf/provider-kubernetes/lib/deployment-v1"; import { DeploymentV1 } from "@cdktf/provider-kubernetes/lib/deployment-v1";
import { ServiceV1 } from "@cdktf/provider-kubernetes/lib/service-v1"; import { ServiceV1 } from "@cdktf/provider-kubernetes/lib/service-v1";
import { import { InternalIngressRoute, LonghornPvc } from "../../utils";
InternalIngressRoute,
LonghornPvc,
PrivateCertificate,
} from "../../utils";
import { import {
BaseMediaServiceOptions, BaseMediaServiceOptions,
getWorkerNodeSelector, getWorkerNodeSelector,
@@ -16,6 +12,8 @@ import {
type ProwlarrOptions = BaseMediaServiceOptions & { type ProwlarrOptions = BaseMediaServiceOptions & {
/** Hostname for the ingress */ /** Hostname for the ingress */
host: string; host: string;
/** Secret name for the TLS certificate */
certificateSecretName: string;
}; };
export class ProwlarrServer extends Construct { export class ProwlarrServer extends Construct {
@@ -111,15 +109,6 @@ export class ProwlarrServer extends Construct {
}, },
}); });
new PrivateCertificate(this, "certificate", {
provider,
namespace,
name,
commonName: host,
dnsNames: [host],
secretName: `${name}-tls`,
});
// Ingress // Ingress
new InternalIngressRoute(this, "ingress", { new InternalIngressRoute(this, "ingress", {
provider, provider,
@@ -128,7 +117,7 @@ export class ProwlarrServer extends Construct {
host, host,
serviceName: name, serviceName: name,
servicePort: 80, servicePort: 80,
tlsSecretName: `${name}-tls`, tlsSecretName: options.certificateSecretName,
}); });
} }
} }

19
media-services/qbittorrent/index.ts
View File

@@ -2,11 +2,7 @@ import { Construct } from "constructs";
import { DeploymentV1 } from "@cdktf/provider-kubernetes/lib/deployment-v1"; import { DeploymentV1 } from "@cdktf/provider-kubernetes/lib/deployment-v1";
import { ServiceV1 } from "@cdktf/provider-kubernetes/lib/service-v1"; import { ServiceV1 } from "@cdktf/provider-kubernetes/lib/service-v1";
import { import { InternalIngressRoute, LonghornPvc } from "../../utils";
InternalIngressRoute,
LonghornPvc,
PrivateCertificate,
} from "../../utils";
import { import {
BaseMediaServiceOptions, BaseMediaServiceOptions,
getAamil3NodeSelector, getAamil3NodeSelector,
@@ -18,6 +14,8 @@ type QBittorrentServerOptions = BaseMediaServiceOptions & {
downloadsPvcName: string; downloadsPvcName: string;
/** Hostname for the ingress */ /** Hostname for the ingress */
host: string; host: string;
/** Secret name for the TLS certificate */
certificateSecretName: string;
}; };
export class QBittorrentServer extends Construct { export class QBittorrentServer extends Construct {
@@ -137,15 +135,6 @@ export class QBittorrentServer extends Construct {
}, },
}); });
new PrivateCertificate(this, "certificate", {
provider,
namespace,
name,
commonName: host,
dnsNames: [host],
secretName: `${name}-tls`,
});
// Ingress // Ingress
new InternalIngressRoute(this, "ingress", { new InternalIngressRoute(this, "ingress", {
provider, provider,
@@ -154,7 +143,7 @@ export class QBittorrentServer extends Construct {
host, host,
serviceName: name, serviceName: name,
servicePort: 80, servicePort: 80,
tlsSecretName: `${name}-tls`, tlsSecretName: options.certificateSecretName,
}); });
} }
} }

19
media-services/radarr/index.ts
View File

@@ -2,11 +2,7 @@ import { Construct } from "constructs";
import { DeploymentV1 } from "@cdktf/provider-kubernetes/lib/deployment-v1"; import { DeploymentV1 } from "@cdktf/provider-kubernetes/lib/deployment-v1";
import { ServiceV1 } from "@cdktf/provider-kubernetes/lib/service-v1"; import { ServiceV1 } from "@cdktf/provider-kubernetes/lib/service-v1";
import { import { InternalIngressRoute, LonghornPvc } from "../../utils";
InternalIngressRoute,
LonghornPvc,
PrivateCertificate,
} from "../../utils";
import { import {
BaseMediaServiceOptions, BaseMediaServiceOptions,
getAamil3NodeSelector, getAamil3NodeSelector,
@@ -20,6 +16,8 @@ type RadarrServerOptions = BaseMediaServiceOptions & {
downloadsPvcName: string; downloadsPvcName: string;
/** Hostname for the ingress */ /** Hostname for the ingress */
host: string; host: string;
/** Secret name for the TLS certificate */
certificateSecretName: string;
}; };
export class RadarrServer extends Construct { export class RadarrServer extends Construct {
@@ -136,15 +134,6 @@ export class RadarrServer extends Construct {
}, },
}); });
new PrivateCertificate(this, "certificate", {
provider,
namespace,
name,
commonName: host,
dnsNames: [host],
secretName: `${name}-tls`,
});
// Ingress // Ingress
new InternalIngressRoute(this, "ingress", { new InternalIngressRoute(this, "ingress", {
provider, provider,
@@ -153,7 +142,7 @@ export class RadarrServer extends Construct {
host, host,
serviceName: name, serviceName: name,
servicePort: 80, servicePort: 80,
tlsSecretName: `${name}-tls`, tlsSecretName: options.certificateSecretName,
}); });
} }
} }

19
media-services/sonarr/index.ts
View File

@@ -2,11 +2,7 @@ import { Construct } from "constructs";
import { DeploymentV1 } from "@cdktf/provider-kubernetes/lib/deployment-v1"; import { DeploymentV1 } from "@cdktf/provider-kubernetes/lib/deployment-v1";
import { ServiceV1 } from "@cdktf/provider-kubernetes/lib/service-v1"; import { ServiceV1 } from "@cdktf/provider-kubernetes/lib/service-v1";
import { import { InternalIngressRoute, LonghornPvc } from "../../utils";
InternalIngressRoute,
LonghornPvc,
PrivateCertificate,
} from "../../utils";
import { import {
BaseMediaServiceOptions, BaseMediaServiceOptions,
getAamil3NodeSelector, getAamil3NodeSelector,
@@ -20,6 +16,8 @@ type SonarrServerOptions = BaseMediaServiceOptions & {
downloadsPvcName: string; downloadsPvcName: string;
/** Hostname for the ingress */ /** Hostname for the ingress */
host: string; host: string;
/** Secret name for the TLS certificate */
certificateSecretName: string;
}; };
export class SonarrServer extends Construct { export class SonarrServer extends Construct {
@@ -136,15 +134,6 @@ export class SonarrServer extends Construct {
}, },
}); });
new PrivateCertificate(this, "certificate", {
provider,
namespace,
name,
commonName: host,
dnsNames: [host],
secretName: `${name}-tls`,
});
// Ingress // Ingress
new InternalIngressRoute(this, "ingress", { new InternalIngressRoute(this, "ingress", {
provider, provider,
@@ -153,7 +142,7 @@ export class SonarrServer extends Construct {
host, host,
serviceName: name, serviceName: name,
servicePort: 80, servicePort: 80,
tlsSecretName: `${name}-tls`, tlsSecretName: options.certificateSecretName,
}); });
} }
} }