alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Activity

feat: refactor apps (#5183)
Some checks failed
renovate / renovate (push) Failing after 2s
Details
lint-test-helm / lint-helm (push) Successful in 19s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details

Browse Source 
Reviewed-on: #5183
This commit was merged in pull request #5183.
This commit is contained in:
Alex Lebens
2026-03-27 02:02:46 +00:00
parent f011dcfe85
commit 0b1e0d7eb2
9 changed files with 48 additions and 160 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
clusters/cl01tl/helm/foldergram/values.yaml
View File

@@ -4,6 +4,10 @@ foldergram:
type: deployment
replicas: 1
strategy: Recreate
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers:
main:
image:

8
clusters/cl01tl/helm/gatus/Chart.yaml
View File

@@ -4,16 +4,14 @@ version: 1.0.0
description: Gatus
keywords:
- gatus
- healthcheck
- uptime
- metrics
home: https://wiki.alexlebens.dev/s/2a2b0c83-81c7-49e3-aafc-daff4ff23ce2
- uptime-monitor
home: https://docs.alexlebens.dev/applications/gatus/
sources:
- https://github.com/TwiN/gatus
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/TwiN/gatus/pkgs/container/gatus
- https://github.com/TwiN/helm-charts/tree/master/charts/gatus
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:

9
clusters/cl01tl/helm/gatus/templates/external-secret.yaml
View File

@@ -14,10 +14,7 @@ spec:
data:
- secretKey: NTFY_TOKEN
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /ntfy/user/cl01tl
metadataPolicy: None
property: token
---
@@ -37,15 +34,9 @@ spec:
data:
- secretKey: OIDC_CLIENT_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/gatus
metadataPolicy: None
property: client
- secretKey: OIDC_CLIENT_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/gatus
metadataPolicy: None
property: secret

55
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -1,27 +1,16 @@
gatus:
deployment:
strategy: Recreate
readinessProbe:
enabled: true
livenessProbe:
enabled: true
strategy: RollingUpdate
annotateConfigChecksum: true
revisionHistoryLimit: 3
image:
repository: ghcr.io/twin/gatus
tag: v5.35.0
tag: v5.35.0@sha256:21609f31be8c4e680ce3004b24276305666239c99aff58391503f3fb6142f39d
annotations:
reloader.stakater.com/auto: "true"
service:
type: ClusterIP
port: 80
targetPort: 8080
portName: http
ingress:
enabled: false
gateway:
apiVersion: gateway.networking.k8s.io/v1
route:
enabled: true
path: /
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
@@ -73,24 +62,13 @@ gatus:
resources:
requests:
cpu: 10m
memory: 128Mi
memory: 20Mi
persistence:
enabled: true
size: 1Gi
mountPath: /data
accessModes:
- ReadWriteOnce
finalizers:
- kubernetes.io/pvc-protection
storageClassName: ceph-block
serviceMonitor:
enabled: true
interval: 1m
path: /metrics
scheme: http
scrapeTimeout: 30s
networkPolicy:
enabled: false
config:
metrics: true
connectivity:
@@ -425,35 +403,12 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 25 14 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-data:
pvcTarget: gatus
local:

3
clusters/cl01tl/helm/generic-device-plugin/Chart.yaml
View File

@@ -5,8 +5,7 @@ description: Generic Device Plugin
keywords:
- generic-device-plugin
- device
- plugin
home: https://wiki.alexlebens.dev/s/ee9ba1be-119c-4e83-aea9-b087481554f2
home: https://docs.alexlebens.dev/applications/generic-device-plugin/
sources:
- https://github.com/squat/generic-device-plugin
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/generic-device-plugin

6
clusters/cl01tl/helm/gitea/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: gitea
repository: https://dl.gitea.io/charts/
repository: https://dl.gitea.com/charts/
version: 12.5.0
- name: actions
repository: https://dl.gitea.com/charts/
@@ -23,5 +23,5 @@ dependencies:
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:65910bce24fc36bd8e3e4ab0d79c2a18ae076b34aff28bfea8a60598707fe617
generated: "2026-03-26T16:02:55.325421053Z"
digest: sha256:49862b06fe4884f504d0a892cb899f577262b584053b64a3504bacaf96d70f39
generated: "2026-03-26T20:59:30.690577-05:00"

13
clusters/cl01tl/helm/gitea/Chart.yaml
View File

@@ -5,29 +5,28 @@ description: Gitea
keywords:
- gitea
- git
- code
home: https://wiki.alexlebens.dev/s/94060f71-fd05-4f78-9af2-053f8f221acd
home: https://docs.alexlebens.dev/applications/gitea/
sources:
- https://github.com/go-gitea/gitea
- https://github.com/renovatebot/renovate
- https://github.com/Angatar/s3cmd
- https://github.com/meilisearch/meilisearch
- https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/gitea/gitea
- https://hub.docker.com/r/renovate/renovate
- https://hub.docker.com/r/d3fk/s3cmd/
- https://gitea.com/gitea/helm-chart
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.com/gitea/helm-actions
- https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
- name: gitea
version: 12.5.0
repository: https://dl.gitea.io/charts/
repository: https://dl.gitea.com/charts/
- name: actions
alias: gitea-actions
repository: https://dl.gitea.com/charts/
@@ -54,6 +53,6 @@ dependencies:
alias: volsync-target-storage
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/gitea.png
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/gitea.png
# renovate: datasource=github-releases depName=go-gitea/gitea
appVersion: 1.25.5

42
clusters/cl01tl/helm/gitea/templates/external-secret.yaml
View File

@@ -14,17 +14,11 @@ spec:
data:
- secretKey: username
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/auth/admin
metadataPolicy: None
property: username
- secretKey: password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/auth/admin
metadataPolicy: None
property: password
---
@@ -44,17 +38,11 @@ spec:
data:
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/gitea
metadataPolicy: None
property: secret
- secretKey: key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/gitea
metadataPolicy: None
property: client
---
@@ -74,10 +62,7 @@ spec:
data:
- secretKey: token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/runner
metadataPolicy: None
property: token
---
@@ -97,38 +82,23 @@ spec:
data:
- secretKey: RENOVATE_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate
metadataPolicy: None
property: RENOVATE_ENDPOINT
- secretKey: RENOVATE_GIT_AUTHOR
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate
metadataPolicy: None
property: RENOVATE_GIT_AUTHOR
- secretKey: RENOVATE_TOKEN
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate
metadataPolicy: None
property: RENOVATE_TOKEN
- secretKey: RENOVATE_GIT_PRIVATE_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate
metadataPolicy: None
property: id_rsa
- secretKey: RENOVATE_GITHUB_COM_TOKEN
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /github/gitea-cl01tl
metadataPolicy: None
property: token
---
@@ -148,24 +118,15 @@ spec:
data:
- secretKey: config
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate
metadataPolicy: None
property: ssh_config
- secretKey: id_rsa
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate
metadataPolicy: None
property: id_rsa
- secretKey: id_rsa.pub
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate
metadataPolicy: None
property: id_rsa.pub
---
@@ -191,8 +152,5 @@ spec:
data:
- secretKey: MEILI_MASTER_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/meilisearch
metadataPolicy: None
property: MEILI_MASTER_KEY

68
clusters/cl01tl/helm/gitea/values.yaml
View File

@@ -2,9 +2,14 @@ gitea:
global:
imageRegistry: registry.hub.docker.com
replicaCount: 3
strategy:
type: "RollingUpdate"
rollingUpdate:
maxSurge: "100%"
maxUnavailable: 1
image:
repository: gitea/gitea
tag: 1.25.5
tag: 1.25.5@sha256:f846d26a4fc389c5806a580a765e00bfdd1fd181e6f2060da98ea2669d914472
service:
http:
type: ClusterIP
@@ -14,8 +19,10 @@ gitea:
type: ClusterIP
port: 22
clusterIP: 10.103.160.140
ingress:
enabled: false
resources:
requests:
cpu: 1000m
memory: 600Mi
persistence:
storageClass: ceph-filesystem
size: 40Gi
@@ -41,7 +48,7 @@ gitea:
metrics:
enabled: true
serviceMonitor:
enabled: false
enabled: true
oauth:
- name: Authentik
provider: openidConnect
@@ -139,9 +146,10 @@ gitea-actions:
replicas: 6
timezone: America/Chicago
actRunner:
registry: ""
registry: registry.hub.docker.com
repository: gitea/act_runner
tag: 0.2.13
# renovate: datasource=docker depName=gitea/act_runner
tag: 0.3.1@sha256:c2a169c5e99864c25e32527cef3d82203225e09558773022bf3dc164a2e6d762
config: |
log:
level: debug
@@ -154,17 +162,19 @@ gitea-actions:
- "ubuntu-24.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-24.04"
- "ubuntu-22.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-22.04"
dind:
registry: ""
registry: registry.hub.docker.com
repository: docker
tag: 28.3.3-dind
# renovate: datasource=docker depName=docker
tag: 29.3.1-dind@sha256:4d90f1f6c400315c2dba96d3ec93c01e64198395cbba04f79d12adce4f737029
persistence:
storageClass: ceph-block
size: 5Gi
size: 10Gi
init:
image:
registry: ""
registry: registry.hub.docker.com
repository: busybox
tag: "1.37.0"
# renovate: datasource=docker depName=busybox
tag: 1.37.0@sha256:1487d0af5f52b4ba31c7e465126ee2123fe3f2305d638e7827681e7cf6c83d5e
existingSecret: gitea-runner-secret
existingSecretKey: token
giteaRootURL: http://gitea-http.gitea:3000
@@ -175,17 +185,14 @@ meilisearch:
MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true
auth:
existingMasterKeySecret: gitea-meilisearch-master-key-secret
service:
type: ClusterIP
port: 7700
persistence:
enabled: true
storageClass: ceph-block
size: 5Gi
resources:
requests:
cpu: 10m
memory: 128Mi
cpu: 1m
memory: 160Mi
serviceMonitor:
enabled: true
postgres-18-cluster:
@@ -193,8 +200,8 @@ postgres-18-cluster:
cluster:
resources:
requests:
memory: 1Gi
cpu: 200m
cpu: 100m
memory: 100Mi
recovery:
method: objectStore
objectStore:
@@ -206,41 +213,18 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 0 7 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
valkey-gitea:
valkey:
resources:
requests:
cpu: 20m
memory: 256Mi
memory: 2Gi
dataStorage:
requestedSize: 10Gi
replica: