From 3a73b4c950408a1c548c16878d9926b2c894bab7 Mon Sep 17 00:00:00 2001
From: Sam <me@samuelmessing.com>
Date: Sat, 23 Dec 2023 16:50:40 -0500
Subject: [PATCH] first attempt to get democratic-csi working for an nfs mount.

---
 .../apps/plex/democratic-csi/helmrelease.yaml | 85 +++++++++++++++++++
 .../apps/plex/democratic-csi/secret.sops.yaml | 29 +++++++
 2 files changed, 114 insertions(+)
 create mode 100644 kubernetes/apps/plex/democratic-csi/helmrelease.yaml
 create mode 100644 kubernetes/apps/plex/democratic-csi/secret.sops.yaml

diff --git a/kubernetes/apps/plex/democratic-csi/helmrelease.yaml b/kubernetes/apps/plex/democratic-csi/helmrelease.yaml
new file mode 100644
index 0000000..45269a6
--- /dev/null
+++ b/kubernetes/apps/plex/democratic-csi/helmrelease.yaml
@@ -0,0 +1,85 @@
+driver: freenas-nfs
+instance_id:
+httpConnection:
+  protocol: http
+  host: 192.168.1.154
+  port: 80
+  # use only 1 of apiKey or username/password
+  # if both are present, apiKey is preferred
+  # apiKey is only available starting in TrueNAS-12
+  #apiKey:
+  username:
+    valueFrom:
+      secretKeyRef:
+        name: freenas-nfs-secrets
+        key: user
+  password:
+    valueFrom:
+      secretKeyRef:
+        name: freenas-nfs-secrets
+        key: password
+  allowInsecure: true
+  # use apiVersion 2 for TrueNAS-12 and up (will work on 11.x in some scenarios as well)
+  # leave unset for auto-detection
+  #apiVersion: 2
+sshConnection:
+  host: 192.168.1.154
+  port: 22
+  username:
+    valueFrom:
+      secretKeyRef:
+        name: freenas-nfs-secrets
+        key: user
+  password:
+    valueFrom:
+      secretKeyRef:
+        name: freenas-nfs-secrets
+        key: password
+#  privateKey: |
+#    -----BEGIN RSA PRIVATE KEY-----
+#    ...
+#    -----END RSA PRIVATE KEY-----
+zfs:
+  # can be used to override defaults if necessary
+  # the example below is useful for TrueNAS 12
+  #cli:
+  #  sudoEnabled: true
+  #
+  #  leave paths unset for auto-detection
+  #  paths:
+  #    zfs: /usr/local/sbin/zfs
+  #    zpool: /usr/local/sbin/zpool
+  #    sudo: /usr/local/bin/sudo
+  #    chroot: /usr/sbin/chroot
+  
+  # can be used to set arbitrary values on the dataset/zvol
+  # can use handlebars templates with the parameters from the storage class/CO
+  #datasetProperties:
+  #  "org.freenas:description": "{{ parameters.[csi.storage.k8s.io/pvc/namespace] }}/{{ parameters.[csi.storage.k8s.io/pvc/name] }}"
+  #  "org.freenas:test": "{{ parameters.foo }}"
+  #  "org.freenas:test2": "some value"
+
+  datasetParentName: main/k8s/vols
+  # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
+  # they may be siblings, but neither should be nested in the other
+  # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value
+  detachedSnapshotsDatasetParentName: main/k8s/snaps
+  datasetEnableQuotas: true
+  datasetEnableReservation: false
+  datasetPermissionsMode: "0777"
+  datasetPermissionsUser: 0
+  datasetPermissionsGroup: 0
+  #datasetPermissionsAcls:
+  #- "-m everyone@:full_set:allow"
+  #- "-m u:kube:full_set:allow"
+
+nfs:
+  #shareCommentTemplate: "{{ parameters.[csi.storage.k8s.io/pvc/namespace] }}-{{ parameters.[csi.storage.k8s.io/pvc/name] }}"
+  shareHost: 192.168.1.154
+  shareAlldirs: false
+  shareAllowedHosts: []
+  shareAllowedNetworks: []
+  shareMaprootUser: root
+  shareMaprootGroup: wheel
+  shareMapallUser: ""
+  shareMapallGroup: ""
diff --git a/kubernetes/apps/plex/democratic-csi/secret.sops.yaml b/kubernetes/apps/plex/democratic-csi/secret.sops.yaml
new file mode 100644
index 0000000..69eac8d
--- /dev/null
+++ b/kubernetes/apps/plex/democratic-csi/secret.sops.yaml
@@ -0,0 +1,29 @@
+apiVersion: v1
+data:
+    password: ENC[AES256_GCM,data:MFu7K7Z6rLQRPVlVPcoCrGobQFs=,iv:0XuhxEsnOZk3WpKyIp8B/YxMklK/g8NC0G4TZT4IZ3k=,tag:laMOvtUtpj30hiU+sQ2qjA==,type:str]
+    user: ENC[AES256_GCM,data:lWmUfwzMnt0=,iv:BnIPoT8nhcy9QT5eezwqZ0cD3jcR99tZWPnm0wCZ0kg=,tag:OYglRv0ack+iYI43pcymhQ==,type:str]
+kind: Secret
+metadata:
+    creationTimestamp: null
+    name: freenas-nfs-secrets
+    namespace: plex
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age127vrhmu8g8sekvwvv7jkf23txad3cc48l5egvuvvr8tlsvyf2fsqq0y326
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZd0lCRUlxWnFGd2ZRZ3pj
+            Y1lxSWk1a0ErUHBET2VHVERlTzk4OXBPenc4Cm1GQVVzQURxM0laTXJCSGw2M0Iv
+            S3I3RDVqTnRVZnJ2TFdHMzFCUFBjRUEKLS0tIDViN3ZhZTV6ZDV1b1NoWDVmMUdZ
+            NmNKYjZtTVVvdFNFNk80d2svYU92RE0Kx3cYNWBmORSgKeNB44HBrddwiFjc5L23
+            m6kCUcrz88b+G0ILm0xGJ0ZRl1Y7PuQF0kp+DRMLh7pqdmMJFPg6vQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-12-23T21:46:16Z"
+    mac: ENC[AES256_GCM,data:w5T5G8uQ1KWGHrnmcqK80WWzGocaih5/G8TOlp6wBZECwe+6EkdC/9eWoyCn7ma1q9hR1CoOmHxREEDxljwsGgj43B9Hy0VaWmWH2KGmIuwoNhU4MLjVJQ/5zUOjvE81B8nqkZLu9pQ/Af9ZK/I7turmz/GcTPnaazJdNmZ3X40=,iv:AhftfgilKU1zZs3N8w6KTPVGuUIqlhd/aj/5c1YQzVI=,tag:MBBKEUIS/FalDsWDeFEW6g==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.8.1