Deploy Radarr, Sonarr, Prowlarr on file0.p.b

I had originally intended to deploy Radarr, Sonarr, and Prowlarr on
Kubernetes.  Unfortunately, this turned out to be problematic, as I
would need a way to share the download directory between Radarr/Sonar
and Aria2, and the media directory between Radarr/Sonarr and Jellyfin.
The only way I could fathom to do this would be to expose both
directories via NFS and mount that share into the pods.  I decided this
would be too much of a hassle for no real gain, at least not in the
short term.  Instead, it makes more sense to deploy the *arr suite on
the same server as Aria2 and Jellyfin, which is essentially what the
community expects.

The recommended images for deploying the applications in containers are
pretty crappy. I didn't really want to mess with trying to get the
them to work natively on Fedora, nor deal with installing them from
tarballs with Ansible, so I created my own Debian-based container images
for them and deployed those via Podman+Quadlet.  These images are
published to the _Packages_ organization in Gitea, which is not public
and requires authentication.  We can use the Kubernetes Secret to obtain
the authentication token to use to pull the image.

group_vars/private-oci-registry.yml

@@ -0,0 +1,16 @@
+oci_registry_auth_secret: >-
+  {{ lookup(
+    "cache",
+    "kubernetes.core.k8s",
+    kind="Secret",
+    namespace="default",
+    resource_name="imagepull-gitea"
+  ) }}
+
+oci_registry_auth: >-
+  {{ (oci_registry_auth_secret
+       .data[".dockerconfigjson"]
+       | b64decode
+       | from_json
+     ).auths["git.pyrocufflink.net"]
+  }}

group_vars/prowlarr.yml

@@ -0,0 +1,4 @@
+prowlarr_image_pull_username: >-
+  {{ oci_registry_auth.username }}
+prowlarr_image_pull_password: >-
+  {{ oci_registry_auth.password }}

group_vars/radarr.yml

@@ -0,0 +1,8 @@
+radarr_path_mounts:
+- type=bind,src=/srv/cifs/Downloads/00aria2,dst=/media/downloads
+- type=bind,src=/srv/cifs/Movies,dst=/media/Movies
+
+radarr_image_pull_username: >-
+  {{ oci_registry_auth.username }}
+radarr_image_pull_password: >-
+  {{ oci_registry_auth.password }}

group_vars/servarr.yml

@@ -0,0 +1,9 @@
+fluent_bit_output_servarr:
+  name: http
+  alias: vlogs.servarr
+  match: servarr
+  uri: /insert/jsonline?_stream_fields=hostname,filename&_msg_field=log&_time_field=date
+
+fluent_bit_servarr_outputs:
+- >-
+  {{ fluent_bit_output_servarr | combine(fluent_bit_output_template_victorialogs) }}

group_vars/sonarr.yml

@@ -0,0 +1,8 @@
+sonarr_path_mounts:
+- type=bind,src=/srv/cifs/Downloads/00aria2,dst=/media/downloads
+- type=bind,src='/srv/cifs/TV Shows',dst='/media/TV Shows'
+
+sonarr_image_pull_username: >-
+  {{ oci_registry_auth.username }}
+sonarr_image_pull_password: >-
+  {{ oci_registry_auth.password }}

hosts

@@ -178,7 +178,13 @@ nvr2.pyrocufflink.blue
 [postgresql]
 db0.pyrocufflink.blue
 
+[private-oci-registry:children]
+prowlarr
+radarr
+sonarr
+
 [prowlarr]
+file0.pyrocufflink.blue
 
 [public-web]
 web0.pyrocufflink.blue
@@ -206,6 +212,7 @@ pyrocufflink
 [pyrocufflink-dhcp]
 
 [radarr]
+file0.pyrocufflink.blue
 
 [radius:children]
 samba-dc
@@ -254,6 +261,7 @@ smtp1.pyrocufflink.blue
 nextcloud
 
 [sonarr]
+file0.pyrocufflink.blue
 
 [squid]