commit f96b827f11dfc1a42e3a5b3f803e1fc53f620a72
Author: tsvetkov <tsvetkov@elina>
Date:   Fri Feb 27 00:59:36 2026 +0000

    Add the deploy script for the media stack

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..ef098ab
--- /dev/null
+++ b/README.md
@@ -0,0 +1,3 @@
+The `deploy.sh` script in this repository is used to automatically rollout an \*arr stack on kubernetes.
+
+Detailed instructions about this stack can be found in it's [own repository](https://git.96-fromsofia.net/k8s/media-stack).
diff --git a/deploy.sh b/deploy.sh
new file mode 100755
index 0000000..9431369
--- /dev/null
+++ b/deploy.sh
@@ -0,0 +1,225 @@
+#!/bin/bash
+#
+# Media Stack Deployment Script
+# Deploys all components in the correct order
+# Supports optional VPN tunneling via Gluetun
+#
+
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+NAMESPACE="media"
+USE_VPN=false
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+usage() {
+    echo "Usage: $0 [OPTIONS]"
+    echo ""
+    echo "Options:"
+    echo "  --vpn       Deploy qBittorrent, Prowlarr, and Dispatcharr with VPN sidecar"
+    echo "  --no-vpn    Deploy without VPN (default)"
+    echo "  --help      Show this help message"
+    echo ""
+    echo "Examples:"
+    echo "  $0              # Deploy without VPN"
+    echo "  $0 --vpn        # Deploy with VPN tunneling"
+}
+
+log_info() {
+    echo -e "${GREEN}[INFO]${NC} $1"
+}
+
+log_warn() {
+    echo -e "${YELLOW}[WARN]${NC} $1"
+}
+
+log_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+log_vpn() {
+    echo -e "${BLUE}[VPN]${NC} $1"
+}
+
+# Parse arguments
+while [[ $# -gt 0 ]]; do
+    case $1 in
+        --vpn)
+            USE_VPN=true
+            shift
+            ;;
+        --no-vpn)
+            USE_VPN=false
+            shift
+            ;;
+        --help)
+            usage
+            exit 0
+            ;;
+        *)
+            log_error "Unknown option: $1"
+            usage
+            exit 1
+            ;;
+    esac
+done
+
+# Check if kubectl is available
+if ! command -v kubectl &> /dev/null; then
+    log_error "kubectl not found. Please install kubectl first."
+    exit 1
+fi
+
+# Check cluster connectivity
+if ! kubectl cluster-info &> /dev/null; then
+    log_error "Cannot connect to Kubernetes cluster. Check your kubeconfig."
+    exit 1
+fi
+
+# VPN-specific checks
+if [ "$USE_VPN" = true ]; then
+    log_vpn "VPN mode enabled - checking prerequisites..."
+    
+    # Check if secret file has been modified
+    if grep -q "YOUR_WIREGUARD_PRIVATE_KEY_HERE" "$SCRIPT_DIR/base/vpn/mullvad-secret.yaml"; then
+        log_error "You must edit base/vpn/mullvad-secret.yaml with your Mullvad credentials!"
+        echo ""
+        echo "Steps to get your credentials:"
+        echo "1. Go to https://mullvad.net/en/account/wireguard-config"
+        echo "2. Generate a new WireGuard configuration"
+        echo "3. Download the .conf file and extract:"
+        echo "   - PrivateKey → WIREGUARD_PRIVATE_KEY"
+        echo "   - Address (IPv4) → WIREGUARD_ADDRESSES"
+        echo ""
+        exit 1
+    fi
+    
+    log_vpn "Mullvad credentials found in secret file"
+fi
+
+log_info "Starting Media Stack deployment..."
+if [ "$USE_VPN" = true ]; then
+    log_vpn "VPN tunneling will be enabled for: qBittorrent, Prowlarr, Dispatcharr"
+fi
+
+# Step 1: Create namespace
+log_info "Creating namespace..."
+kubectl apply -f "$SCRIPT_DIR/base/namespace.yaml"
+
+# Step 2: Create storage resources
+log_info "Creating storage resources (PVs)..."
+kubectl apply -f "$SCRIPT_DIR/base/nfs-storage.yaml"
+
+# Step 3: Create ConfigMaps
+log_info "Creating ConfigMap..."
+kubectl apply -f "$SCRIPT_DIR/base/configmap.yaml"
+
+if [ "$USE_VPN" = true ]; then
+    log_vpn "Creating Gluetun VPN ConfigMap..."
+    kubectl apply -f "$SCRIPT_DIR/base/vpn/gluetun-config.yaml"
+
+    log_vpn "Creating qBittorrent init script ConfigMap..."
+    kubectl apply -f "$SCRIPT_DIR/base/vpn/qbittorrent-init-configmap.yaml"
+
+    log_vpn "Creating Mullvad VPN Secret..."
+    kubectl apply -f "$SCRIPT_DIR/base/vpn/mullvad-secret.yaml"
+fi
+
+# Step 4: Create PVCs
+log_info "Creating Persistent Volume Claims..."
+kubectl apply -f "$SCRIPT_DIR/base/pvcs.yaml"
+
+# Wait for PVCs to bind
+log_info "Waiting for PVCs to bind..."
+sleep 5
+kubectl get pvc -n "$NAMESPACE"
+
+# Step 5: Deploy applications
+if [ "$USE_VPN" = true ]; then
+    log_vpn "Deploying Prowlarr with VPN sidecar..."
+    kubectl apply -f "$SCRIPT_DIR/base/vpn/prowlarr-vpn.yaml"
+    
+    log_vpn "Deploying qBittorrent with VPN sidecar..."
+    kubectl apply -f "$SCRIPT_DIR/base/vpn/qbittorrent-vpn.yaml"
+    
+    log_vpn "Deploying Dispatcharr with VPN sidecar..."
+    kubectl apply -f "$SCRIPT_DIR/base/vpn/dispatcharr-vpn.yaml"
+else
+    log_info "Deploying Prowlarr..."
+    kubectl apply -f "$SCRIPT_DIR/base/prowlarr.yaml"
+    
+    log_info "Deploying qBittorrent..."
+    kubectl apply -f "$SCRIPT_DIR/base/qbittorrent.yaml"
+    
+    log_info "Deploying Dispatcharr..."
+    kubectl apply -f "$SCRIPT_DIR/base/dispatcharr.yaml"
+fi
+
+# These apps don't need VPN
+log_info "Deploying Sonarr..."
+kubectl apply -f "$SCRIPT_DIR/base/sonarr.yaml"
+
+log_info "Deploying Radarr..."
+kubectl apply -f "$SCRIPT_DIR/base/radarr.yaml"
+
+log_info "Deploying Lidarr..."
+kubectl apply -f "$SCRIPT_DIR/base/lidarr.yaml"
+
+log_info "Deploying Jellyfin..."
+kubectl apply -f "$SCRIPT_DIR/base/jellyfin.yaml"
+
+# Wait for deployments
+log_info "Waiting for all deployments to be ready..."
+sleep 10
+
+# Show status
+echo ""
+log_info "Deployment complete! Checking status..."
+echo ""
+
+kubectl get deployments -n "$NAMESPACE"
+echo ""
+kubectl get pods -n "$NAMESPACE"
+echo ""
+kubectl get svc -n "$NAMESPACE"
+
+echo ""
+log_info "============================================="
+log_info "Media Stack deployed successfully!"
+log_info "============================================="
+echo ""
+
+if [ "$USE_VPN" = true ]; then
+    log_vpn "VPN Status:"
+    echo "  The following services are tunneled through Mullvad VPN:"
+    echo "  - qBittorrent (all torrent traffic)"
+    echo "  - Prowlarr (indexer connections)"
+    echo "  - Dispatcharr (IPTV streams)"
+    echo ""
+    echo "  To check VPN connectivity:"
+    echo "    kubectl logs -n media deployment/qbittorrent -c gluetun | grep -i 'ip'"
+    echo ""
+    echo "  To verify your VPN IP:"
+    echo "    kubectl exec -n media deployment/qbittorrent -c qbittorrent -- curl -s ifconfig.me"
+    echo ""
+fi
+
+log_info "Access your services at:"
+echo "  Jellyfin:     http://<worker-node-ip>:30096"
+echo "  Sonarr:       http://<worker-node-ip>:30989"
+echo "  Radarr:       http://<worker-node-ip>:30878"
+echo "  Lidarr:       http://<worker-node-ip>:30686"
+echo "  Prowlarr:     http://<worker-node-ip>:30696"
+echo "  qBittorrent:  http://<worker-node-ip>:30080"
+echo "  Dispatcharr:  http://<worker-node-ip>:30191"
+echo ""
+log_warn "Remember to check qBittorrent logs for the temporary password:"
+echo "  kubectl logs -n media deployment/qbittorrent -c qbittorrent | grep -i password"
+echo ""
+log_info "See README.md for post-deployment configuration steps."