@@ -0,0 +1,23 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/tls-acme: 'true'
+    cert-manager.io/issuer: "letsencrypt-prod"
+  name: lms-ingress
+spec:
+  tls:
+    - hosts:
+      - m.icyphox.sh
+      secretName: lms-certs
+  rules:
+  - host: m.icyphox.sh
+    http:
+      paths:
+      - backend:
+          service:
+            name: lms
+            port:
+              number: 5082
+        path: /
+        pathType: Prefix

@@ -0,0 +1,70 @@
+apiVersion: v1
+data:
+  lms.conf: |
+    # LMS Sample configuration file
+
+    # Path to the working directory
+    # Must have write privileges in order to create and modify this directory
+    working-dir = "/var/lms/";
+
+    # ffmpeg location
+    ffmpeg-file = "/usr/bin/ffmpeg";
+
+    # Log files, empty means stdout
+    log-file = "";
+    access-log-file = "";
+    # Logger configuration, see log-config in https://webtoolkit.eu/wt/doc/reference/html/overview.html#config_general
+    log-config = "* -debug -info:WebRequest";
+
+    # Listen port/addr of the web server
+    listen-port = 5082;
+    listen-addr = "0.0.0.0";
+    behind-reverse-proxy = true;
+
+    # If enabled, these files have to exist and have correct permissions
+    tls-enable = false;
+    tls-cert = "/var/lms/cert.pem";
+    tls-key = "/var/lms/privkey.pem";
+    tls-dh = "/var/lms/dh2048.pem";
+
+    # Path to the resources used by the web interface.
+    wt-resources = "/usr/share/Wt/resources";
+    docroot = "/etc/lms/docroot/;/resources,/css,/images,/js,/favicon.ico";
+    approot = "/usr/share/lms/approot";
+    # Location for deployment (See README if you want to deploy on a non root path)
+    deploy-path = "/";
+
+    # Number of threads to be used to dispatch http requests (0 means auto detect)
+    http-server-thread-count = 0;
+
+    # ListenBrainz root API
+    listenbrainz-api-url = "https://api.listenbrainz.org/1/";
+
+    # Acousticbrainz root API
+    acousticbrainz-api-url = "https://acousticbrainz.org/api/v1/";
+
+    # Authentication
+    # Available backends: "internal", "PAM", "http-headers"
+    authentication-backend = "internal";
+    http-headers-login-field = "X-Forwarded-User";
+
+    # Max entries in the login throttler (1 entry per IP address. For IPv6, the whole /64 block is used)
+    login-throttler-max-entries = 10000;
+
+    # API
+    api-subsonic = true;
+
+    # Turn on this option to allow the demo account creation/use
+    demo = false;
+
+    # Max external cover file size in MBytes
+    cover-max-file-size = 10;
+
+    # Max cover cache size in MBytes
+    cover-max-cache-size = 30;
+
+    # JPEG quality for covers (range is 1-100)
+    cover-jpeg-quality = 100;
+kind: ConfigMap
+metadata:
+  name: lms-config

@@ -0,0 +1,71 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: lms
+  labels:
+    app: lms
+spec:
+  selector:
+    matchLabels:
+      app: lms
+  template:
+    metadata:
+      labels:
+        app: lms
+    spec:
+      nodeSelector:
+        kubernetes.io/hostname: "jade"
+      imagePullSecrets:
+        - name: registry-creds
+      securityContext:
+        fsGroup: 100
+      containers:
+        - name: lms
+          image: epoupon/lms
+          imagePullPolicy: IfNotPresent
+          volumeMounts:
+            - name: music
+              mountPath: "/music"
+              readOnly: false
+            - name: config
+              mountPath: "/config"
+              readOnly: false
+            - name: lms-persist
+              mountPath: "/var/lms"
+              readOnly: false
+            - name: lms-ui
+              mountPath: "/etc/lms/docroot"
+              readOnly: false
+          command: ["/usr/bin/lms", "/config/lms.conf"]
+          ports:
+            - name: http
+              containerPort: 5082
+      volumes:
+        - name: music
+          hostPath:
+            path: /mnt/music
+            type: Directory
+        - name: lms-ui
+          persistentVolumeClaim:
+            claimName: lms-ui
+        - name: lms-persist
+          persistentVolumeClaim:
+            claimName: lms-persist
+        - name: config
+          configMap:
+            name: lms-config
+            items:
+              - key: "lms.conf"
+                path: "lms.conf"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: lms
+spec:
+  selector:
+    app: lms
+  ports:
+    - name: http
+      port: 5082
+      targetPort: 5082

@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: lms-persist
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: lms-ui
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 50Mi

@@ -28,3 +28,4 @@ · registry: Self-hosted container registry (reg.icyphox.sh)
 · yarr: RSS reader (f.icyphox.sh)
 · znc: IRC bouncer (irc.icyphox.sh:6666)
 · fsrv: File host service (x.icyphox.sh)
+· lms: Music/Subsonic server (m.icyphox.sh)