diff --git a/kubernetes/main/apps/download/autobrr/app/helm-release.yaml b/kubernetes/main/apps/download/autobrr/app/helm-release.yaml
new file mode 100644
index 00000000..d0dfc420
--- /dev/null
+++ b/kubernetes/main/apps/download/autobrr/app/helm-release.yaml
@@ -0,0 +1,103 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+ name: autobrr
+spec:
+ interval: 5m
+ chart:
+ spec:
+ chart: app-template
+ version: 3.7.3
+ sourceRef:
+ kind: HelmRepository
+ name: bjws-charts
+ namespace: flux-system
+ values:
+ controllers:
+ autobrr:
+ initContainers:
+ init-db:
+ image:
+ repository: ghcr.io/onedr0p/postgres-init
+ tag: 16
+ env:
+ INIT_POSTGRES_DBNAME: &dbName autobrr
+ INIT_POSTGRES_HOST: &dbHost postgres16-rw.database.svc
+ INIT_POSTGRES_PORT: &dbPort "5432"
+ envFrom: &envFrom
+ - secretRef:
+ name: autobrr-secret
+ containers:
+ app:
+ image:
+ repository: ghcr.io/autobrr/autobrr
+ tag: v1.60.0
+ envFrom: *envFrom
+ env:
+ AUTOBRR__HOST: "0.0.0.0"
+ AUTOBRR__PORT: &port 8080
+ AUTOBRR__LOG_LEVEL: "INFO"
+ AUTOBRR__CHECK_FOR_UPDATES: false
+ AUTOBRR__DATABASE_TYPE: postgres
+ AUTOBRR__POSTGRES_HOST: *dbHost
+ AUTOBRR__POSTGRES_PORT: *dbPort
+ AUTOBRR__POSTGRES_DATABASE: *dbName
+ AUTOBRR__OIDC_ENABLED: true
+ AUTOBRR__OIDC_ISSUER: https://auth.${SECRET_NEW_DOMAIN}/application/o/autobrr/
+ AUTOBRR__OIDC_REDIRECT_URL: https://autobrr.${SECRET_NEW_DOMAIN}/api/auth/oidc/callback
+ AUTOBRR__OIDC_DISABLE_BUILT_IN_LOGIN: false
+ AUTOBRR__METRICS_ENABLED: true
+ AUTOBRR__METRICS_HOST: "0.0.0.0"
+ AUTOBRR__METRICS_PORT: &metricsPort 8081
+ probes:
+ liveness: &probes
+ enabled: true
+ custom: true
+ spec:
+ httpGet:
+ path: /
+ port: *port
+ initialDelaySeconds: 0
+ periodSeconds: 10
+ timeoutSeconds: 1
+ failureThreshold: 3
+ readiness: *probes
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ capabilities: { drop: ["ALL"] }
+ resources:
+ requests:
+ memory: 100Mi
+ limits:
+ memory: 4Gi
+ defaultPodOptions:
+ securityContext:
+ runAsNonRoot: true
+ runAsUser: 10000
+ runAsGroup: 10000
+ fsGroup: 10000
+ fsGroupChangePolicy: OnRootMismatch
+ service:
+ app:
+ controller: autobrr
+ ports:
+ http:
+ port: *port
+ metrics:
+ port: *metricsPort
+ protocol: HTTP
+ ingress:
+ app:
+ annotations:
+ cert-manager.io/cluster-issuer: letsencrypt-production
+ traefik.ingress.kubernetes.io/router.entrypoints: websecure
+ #traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
+ hosts:
+ - host: "autobrr.${SECRET_NEW_DOMAIN}"
+ paths:
+ - path: /
+ service:
+ identifier: app
+ port: http
diff --git a/kubernetes/main/apps/download/autobrr/app/kustomization.yaml b/kubernetes/main/apps/download/autobrr/app/kustomization.yaml
new file mode 100644
index 00000000..8d145d23
--- /dev/null
+++ b/kubernetes/main/apps/download/autobrr/app/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ./secret.sops.yaml
+- ./helm-release.yaml
diff --git a/kubernetes/main/apps/download/autobrr/app/secret.sops.yaml b/kubernetes/main/apps/download/autobrr/app/secret.sops.yaml
new file mode 100644
index 00000000..f74c6ca4
--- /dev/null
+++ b/kubernetes/main/apps/download/autobrr/app/secret.sops.yaml
@@ -0,0 +1,77 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: autobrr-secret
+stringData:
+ AUTOBRR__SESSION_SECRET: ENC[AES256_GCM,data:xEhcTyYP9PceXNI9xJs+QA==,iv:hWYNf/xmv0Vi2ruLDRoAzaASeg7UBCbItJZgzjTizxk=,tag:wFYlxAMAKRzfxjk5eAAXUQ==,type:str]
+ AUTOBRR__POSTGRES_USER: ENC[AES256_GCM,data:LOi58PMKPA==,iv:igYoiROSptVkt9hmeDM+Moc3laYgncTQGm7vJWb8/94=,tag:CTTrddTKmDml1f299mNjCg==,type:str]
+ AUTOBRR__POSTGRES_PASS: ENC[AES256_GCM,data:VT4b94gZhTSg97jUAMEvKS8RUeGC9e5HEn032/++Itc=,iv:xalpnfAXn1ph5r5AOsvjLQR3VKncKm2MuF19o6pUefk=,tag:f0StIuqgK1uqtaS9BekZ6g==,type:str]
+ AUTOBRR__OIDC_CLIENT_ID: ENC[AES256_GCM,data:AGoj63v2RNMkYXOHgTOXqUz4u5PrYmRZ9m1zDaAMw6cyIUUj/Krc9Q==,iv:wv6ABGBkbzA6yb2Zwma9J4V0yISjS2lLZp64FY92Q64=,tag:zBGrHn9qXV+cWEnMEC4iyA==,type:str]
+ AUTOBRR__OIDC_CLIENT_SECRET: ENC[AES256_GCM,data:/V0PtS0o25P4eh6Xfts23uItVet8B9MIdJtHfkzvIsZMGz/sYeROvsBbkQy18W5KVs7GaU6meHw7ZiTmCQRxYPmqp93/ySZ32O2bd+rRAGp8u0LQwgdE9OidNCfJ5gf4iQN1bP7GQY86/VjRzdF3RCR8c1CcsL+arju1WS3JwNk=,iv:xZ3lGSADrkmAJFJTY4hASHHwpmhjPbKWCs5hmtKzJSU=,tag:BOpodVxFGkZfMYWNtLhWOw==,type:str]
+ INIT_POSTGRES_USER: ENC[AES256_GCM,data:bvUsMs/cDQ==,iv:MOBNIDE6OImx18vvhhl3FHSSYYFs60p6n4Ey8SiMQ28=,tag:u5Kb5HWJ74SuVfOcdgT3wg==,type:str]
+ INIT_POSTGRES_PASS: ENC[AES256_GCM,data:zEUPNqMHk+q8yVKTlCiAB/xDdedm5O2VCLlW0HyI+cY=,iv:2RK898FwD00o7aUdDxrdf16aVV5mWinsJMKknrhUFCg=,tag:a+VW0NgA/eTafKgqWhTLiA==,type:str]
+ INIT_POSTGRES_SUPER_PASS: ENC[AES256_GCM,data:NuFh2zhgaIyrsRAWcZWkA7PlHspLvhEE2Dy96A5keZ0=,iv:dJyNM4HlV4D0jPoFKju2y9QTJsjrbAN/HGyuJA0x84s=,tag:GwfRUi+bHcMLA92juJgKqg==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age: []
+ lastmodified: "2025-03-20T19:51:38Z"
+ mac: ENC[AES256_GCM,data:zV5WovvM0jyWESeBWcPRyC42x9augsDJ8z7DXpXu7LnpAJdOyoZsXkfdu+O3UYW+FuATrzZUMPPoEAsH3hMQV0bApAVtCJXIMJdGEFsQpQLVKasGAA4JKRGFS3qD9MongWekwi+C1/j+6IRiFYIHGeJTbuG1/j+oIXeDWLG2qFA=,iv:RpoZixoI0DnN9V9ORKO8eElgRa72P/hRRN29r4TUH7U=,tag:ANerkIvcp3iQnB+9qTNiqg==,type:str]
+ pgp:
+ - created_at: "2025-03-20T19:51:38Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAyqlIeyoxYovARAAhU3NBIO3rhokF9ZikQNP4oydIeFG9P3WRSzvx5B/p2Ks
+ hjslSqgw6g5yMnsmk+syXxz+I+uyGwcztKzjMcp5CJdXdJysI7GDmqDXl9vexkTT
+ DtrN5rcbIDaZ2XzeZ4VMr87SEj+4H4iqLwR0Sb0Lf5XSoYAVYRJyAcj273azcz94
+ okJ3ZcNZZJU/gCYkRiG/o+vWYNIZ2rMWq0E089Ek1SRVxtHsWnk+8rtYCEDj9scV
+ m0jR4OCPsluahicvqlTl/QtzdkUTT+NtUnj2mQitbIzRJtmlew5GtZzBL9KDEIRs
+ 4oIFGINFjMSn2+ytUo+/Yyt1Vkemm02KeifG04BQVEeDWsDGc1UmWXiQDwowQcfU
+ QmJHVzvtYeNuekoqkOZyLj52rDf21wW8eY+UJ38mkf1omfieCRbQ4HvnNCVsECgO
+ kiHrvYJ6Jr5G6J9mw+Vbs5D4CZz1/RStPRp394+txBF55RtNtEMCtHqxepSNahRG
+ O22MWhhIRXzbYbHqRkcN/CFC+xLf2lVJ+PxQdgDJJl3fyfa1XlPOLsSFlJOmgu7W
+ xiWe1Fe3vaVB6Re6q8RFjuUC1r84GvONwbGKKQK1zLXxfeFi1OWu+1KrIZNfuZju
+ D/ZaGsoPVwWh5jiTCPBhpekh/sJWuWsEaDvqCxLIV3jnt+bzNz5h5ZIvzgRMxfuF
+ AgwDXjg0p2IN1X8BD/96+Q0n3oVrMfRTHqu7Gv+NwFq3cz8s5RRcIUuXoF/WOH/B
+ gfpn792JJSsmkeuZRiDqywnYTgvm9Yi0Oo2cppmGJFOd7p6hggrHtcxiwG1/WjLV
+ 4mo2JFjK+cKSAzEcTqS7K3tF/yxwswG5L5Gf3sBbF9VEX2PcYyP0Rv86TnCZ1TVX
+ QPK5qkvqyFZrlHtb1vVZMJs2gJNX4bYVFnAEox+NA/6BWJSt8tzICexw8CfEYHHm
+ DHCJlbEPlZ29UFxzksIbu9R9TCB6Q6cmmPbAKok6rwLjxKmpdfm/3sB7PQ8YMSKO
+ L15ZGez2HvKlPiCO6qz+sLAxfG79E2ACmJmRryVglfY67tneEfjNplF0n/0EfD1t
+ /7Jzrasy4BWCsbyGFrpJbmEG/k0jegImUOnLTUg0R4Qu7Uc0P8qO1CFW9vkGA1qS
+ w4dk18ZzR0w6ajS9QfDiMb+Kt6QAQA7/s/gqC1k3Z19cBprmRY/T6PL+4NpWvH5l
+ 1XdlVyj9tR1VYopHa+0vtn5H+LdqOaJYLFYQxiz3mKvKetD3q5DVnjoGwo3F1dSR
+ Xw56CwpuyLxRBYnR/XkNcRsKTmFcSYHzHM9m/yNEAagzJSi9vMuXVR/KexzPHAdw
+ 9IY+RA/XhC5UIVSE1BZhqtPVrLbaR8LAL/14csSUb1hdkgtWiRbBUJhWaOMdsdRo
+ AQkCEHlyGcQjdeZ30+HuTF85IDw82+9b1Kk8muNafkAyBINgEuaEne2/ZNrepM4J
+ uJct2gU78EhhoAk8Hi4l2KXseC1VMDNnUiw7W0w+Z+5bVoenR8eyy5+ml93AiUam
+ B0+4GtSBYMw=
+ =jnRJ
+ -----END PGP MESSAGE-----
+ fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
+ - created_at: "2025-03-20T19:51:38Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAy5t8IMoPu4VARAAg6sD00LCw21Mc2a8jPwX2/UMjYTpeqnMJd9dPfqX6zi2
+ nNpS4DEyOzgkowly+8Vo+Vf8mXpyh/GusNDUvW74X+hLafiKsJnbwKUkAUlcKx/i
+ kDamivaOFBxdaYVTJ3H6W7gwitGhh6HAQgBckZG+NwkI3HMT6IuT7lpYBrrGdS8K
+ JIo7pteiRpjJXJhKN+GjeNsJRpU3Oi3ityBA8GZvy0cwjI4zu3nKnehZshVPMOes
+ BVmds+TZmtltirDor/8exHawsRy0gxFW7QBlz4CJ8PEzpK6FEk8EaTKyxYCwQNEt
+ r5K9Qsr3o5Ds5D2NDugyrkYdmHUpZwWHCMaoY1YH3u3K2DRZCr908Q/e84MPoCfm
+ zMJ4aurMYG+YSFg8V7QQ2i1FXf+cNpxWVXJ+xVvd4Ss1CYmxnQ9fhVPSn1lrBOql
+ NYFdy8rUmvdOVoOyPeB21MLxhpUmdVxseYKI3w0O+cq/qcMQr4IlCJ/vOqYKBWCo
+ EpfVguyMWMuTDobNpZmZnnOeYQrmy2z26Iy4MzKFk6s2Z+CPdX3u7qmDj6Tg9f43
+ 3LgHh3UnD0Eud32SvlDOmluz5cLvwvuTIRr7MF0aazSd59g/gyDfa/FAsNTYS3X5
+ x2XpN45PpyRzsbZ5MwlTaW4fZS/A6j77nUSODIq/CYcCLiJY01LZp2+MiQm+nXzU
+ aAEJAhADP93pxFhePrrwneD0c+sy4tWtOWgF7FIKdl7DyDUwXSogDSnjhJ4yyCEo
+ Oc+MlTI6hCCNra6RQQ3jrjU13rnpq63468XuZi17rtp9jXH8a41FiXCsjTYakqPE
+ 0QW6Hfzks7rP
+ =E4za
+ -----END PGP MESSAGE-----
+ fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
+ encrypted_regex: ^(data|stringData)$
+ version: 3.9.4
diff --git a/kubernetes/main/apps/download/autobrr/ks.yaml b/kubernetes/main/apps/download/autobrr/ks.yaml
new file mode 100644
index 00000000..32a451cf
--- /dev/null
+++ b/kubernetes/main/apps/download/autobrr/ks.yaml
@@ -0,0 +1,29 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: &app autobrr
+ namespace: flux-system
+spec:
+ timeout: 5m
+ interval: 10m
+ targetNamespace: download
+ path: ./kubernetes/main/apps/download/autobrr/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-cluster
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-gpg
+ dependsOn:
+ - name: openebs
+ - name: openebs-sc
+ - name: qbittorrent
+ postBuild:
+ substituteFrom:
+ - kind: ConfigMap
+ name: cluster-settings
+ - kind: Secret
+ name: cluster-secrets
diff --git a/kubernetes/main/apps/download/kustomization.yaml b/kubernetes/main/apps/download/kustomization.yaml
index acbca3ce..ca27f6c2 100644
--- a/kubernetes/main/apps/download/kustomization.yaml
+++ b/kubernetes/main/apps/download/kustomization.yaml
@@ -16,3 +16,4 @@ resources:
- ./kapowarr/ks.yaml
- ./sabnzbd
- ./lazy-librarian/ks.yaml
+- ./autobrr/ks.yaml