alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 8 Actions Packages Projects Releases Wiki Activity

remove for stage

Browse Source
This commit is contained in:
Alex Lebens
2025-03-02 23:13:02 -06:00
parent 34064ab02d
commit 16ad8701c4
169 changed files with 0 additions and 11339 deletions
Download Patch File Download Diff File Expand all files Collapse all files

247
clusters/cl01tl-standby/applications/directus/templates/external-secret.yaml
View File

@@ -1,247 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: directus-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-config
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: admin-email
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/config
metadataPolicy: None
property: admin-email
- secretKey: admin-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/config
metadataPolicy: None
property: admin-password
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/config
metadataPolicy: None
property: secret
- secretKey: key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/config
metadataPolicy: None
property: key
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: directus-valkey-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-valkey-config
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: user
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/valkey
metadataPolicy: None
property: user
- secretKey: password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/valkey
metadataPolicy: None
property: password
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: directus-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: OIDC_CLIENT_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/directus
metadataPolicy: None
property: client
- secretKey: OIDC_CLIENT_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/directus
metadataPolicy: None
property: secret
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: directus-minio-user-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-minio-user-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/minio/auth
metadataPolicy: None
property: AWS_ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/minio/auth
metadataPolicy: None
property: AWS_SECRET_ACCESS_KEY
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: directus-minio-root-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-minio-root-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: config.env
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/minio/config
metadataPolicy: None
property: root-config.env
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: directus-minio-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-minio-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: config.env
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/minio/config
metadataPolicy: None
property: config.env
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: directus-cloudflared-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-cloudflared-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: cf-tunnel-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/tunnels/directus
metadataPolicy: None
property: token
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: directus-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: access
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret

206
clusters/cl01tl-standby/applications/directus/values.yaml
View File

@@ -1,206 +0,0 @@
directus:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: directus/directus
tag: 11.5.0
pullPolicy: IfNotPresent
env:
- name: PUBLIC_URL
value: https://directus.alexlebens.dev
- name: WEBSOCKETS_ENABLED
value: true
- name: ADMIN_EMAIL
valueFrom:
secretKeyRef:
name: directus-config
key: admin-email
- name: ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: directus-config
key: admin-password
- name: SECRET
valueFrom:
secretKeyRef:
name: directus-config
key: secret
- name: KEY
valueFrom:
secretKeyRef:
name: directus-config
key: key
- name: DB_CLIENT
value: postgres
- name: DB_HOST
valueFrom:
secretKeyRef:
name: directus-postgresql-17-cluster-app
key: host
- name: DB_DATABASE
valueFrom:
secretKeyRef:
name: directus-postgresql-17-cluster-app
key: dbname
- name: DB_PORT
valueFrom:
secretKeyRef:
name: directus-postgresql-17-cluster-app
key: port
- name: DB_USER
valueFrom:
secretKeyRef:
name: directus-postgresql-17-cluster-app
key: user
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: directus-postgresql-17-cluster-app
key: password
- name: REDIS_ENABLED
value: true
- name: REDIS_HOST
value: directus-valkey-primary
- name: REDIS_PORT
value: 6379
- name: REDIS_USERNAME
valueFrom:
secretKeyRef:
name: directus-valkey-config
key: user
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: directus-valkey-config
key: password
- name: STORAGE_LOCATIONS
value: s3
- name: STORAGE_S3_DRIVER
value: s3
- name: STORAGE_S3_KEY
valueFrom:
secretKeyRef:
name: directus-minio-user-secret
key: AWS_ACCESS_KEY_ID
- name: STORAGE_S3_SECRET
valueFrom:
secretKeyRef:
name: directus-minio-user-secret
key: AWS_SECRET_ACCESS_KEY
- name: STORAGE_S3_BUCKET
value: directus
- name: STORAGE_S3_REGION
value: us-east-1
- name: STORAGE_S3_ENDPOINT
value: http://minio.directus:80
- name: STORAGE_S3_FORCE_PATH_STYLE
value: "true"
- name: AUTH_PROVIDERS
value: AUTHENTIK
- name: AUTH_AUTHENTIK_DRIVER
value: openid
- name: AUTH_AUTHENTIK_CLIENT_ID
valueFrom:
secretKeyRef:
name: directus-oidc-secret
key: OIDC_CLIENT_ID
- name: AUTH_AUTHENTIK_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: directus-oidc-secret
key: OIDC_CLIENT_SECRET
- name: AUTH_AUTHENTIK_SCOPE
value: openid profile email
- name: AUTH_AUTHENTIK_ISSUER_URL
value: https://auth.alexlebens.dev/application/o/directus/.well-known/openid-configuration
- name: AUTH_AUTHENTIK_IDENTIFIER_KEY
value: email
- name: AUTH_AUTHENTIK_ALLOW_PUBLIC_REGISTRATION
value: true
- name: AUTH_AUTHENTIK_LABEL
value: Authentik Login
- name: TELEMETRY
value: false
resources:
requests:
cpu: 10m
memory: 256Mi
serviceAccount:
create: true
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 8055
protocol: TCP
minio:
existingSecret:
name: directus-minio-root-secret
tenant:
name: minio-directus
configuration:
name: directus-minio-config-secret
pools:
- servers: 3
name: pool
volumesPerServer: 2
size: 10Gi
storageClassName: ceph-block
mountPath: /export
subPath: /data
metrics:
enabled: true
port: 9000
protocol: http
certificate:
requestAutoCert: false
ingress:
console:
enabled: true
ingressClassName: tailscale
tls:
- secretName: minio-directus-cl01tl
hosts:
- minio-directus-cl01tl
host: minio-directus-cl01tl
path: /
pathType: Prefix
valkey:
architecture: standalone
auth:
enabled: true
existingSecret: directus-valkey-config
existingSecretPasswordKey: password
usePasswordFiles: false
primary:
persistence:
enabled: false
replica:
persistence:
enabled: false
cloudflared-directus:
name: cloudflared-directus
existingSecretName: directus-cloudflared-secret
postgres-17-cluster:
mode: standalone
cluster:
walStorage:
storageClass: local-path
storage:
storageClass: local-path
monitoring:
enabled: true
backup:
enabled: true
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/directus/directus-postgresql-17-cluster
endpointCredentials: directus-postgresql-17-cluster-backup-secret
backupIndex: 1

27
clusters/cl01tl-standby/applications/element-web/Chart.yaml
View File

@@ -1,27 +0,0 @@
apiVersion: v2
name: element-web
version: 1.0.0
description: Element Web
keywords:
- element-web
- chat
- matrix
home: https://wiki.alexlebens.dev/doc/element-web-R4dzXXspgr
sources:
- https://github.com/element-hq/element-web
- https://github.com/cloudflare/cloudflared
- https://hub.docker.com/r/vectorim/element-web
- https://gitlab.com/ananace/charts/-/tree/master/charts/element-web
- https://github.com/alexlebens/helm-charts/tree/main/charts/cloudflared
maintainers:
- name: alexlebens
dependencies:
- name: element-web
version: 1.4.3
repository: https://ananace.gitlab.io/charts
- name: cloudflared
alias: cloudflared
repository: http://alexlebens.github.io/helm-charts
version: 1.14.0
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/element.png
appVersion: v1.11.88

23
clusters/cl01tl-standby/applications/element-web/templates/external-secret.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: element-web-cloudflared-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: element-web-cloudflared-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: cf-tunnel-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/tunnels/element
metadataPolicy: None
property: token

28
clusters/cl01tl-standby/applications/element-web/values.yaml
View File

@@ -1,28 +0,0 @@
element-web:
replicaCount: 1
image:
repository: vectorim/element-web
tag: v1.11.93
pullPolicy: IfNotPresent
defaultServer:
url: https://matrix.alexlebens.dev
name: alexlebens.dev
identity_url: https://alexlebens.dev
config:
disable_3pid_login: true
brand: "Alex Lebens"
branding:
welcome_background_url: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/background-3.jpg
auth_header_logo_url: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/icon_white.png
sso_redirect_options:
immediate: true
default_theme: dark
default_country_code: US
ingress:
enabled: false
resources:
requests:
cpu: 10m
memory: 128Mi
cloudflared:
existingSecretName: element-web-cloudflared-secret

33
clusters/cl01tl-standby/applications/freshrss/Chart.yaml
View File

@@ -1,33 +0,0 @@
apiVersion: v2
name: freshrss
version: 1.0.0
description: FreshRSS
keywords:
- freshrss
- rss
home: https://wiki.alexlebens.dev/doc/freshrss-W6nFVTmKJw
sources:
- https://github.com/FreshRSS/FreshRSS
- https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/freshrss/freshrss
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
- https://github.com/alexlebens/helm-charts/tree/main/charts/cloudflared
- https://github.com/alexlebens/helm-charts/tree/main/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: freshrss
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
- name: cloudflared
alias: cloudflared
repository: http://alexlebens.github.io/helm-charts
version: 1.14.0
- name: postgres-cluster
alias: postgres-17-cluster
version: 4.2.0
repository: http://alexlebens.github.io/helm-charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/freshrss.png
appVersion: 1.24.3

192
clusters/cl01tl-standby/applications/freshrss/templates/external-secret.yaml
View File

@@ -1,192 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: freshrss-install-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: freshrss-install-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ADMIN_EMAIL
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/freshrss/config
metadataPolicy: None
property: ADMIN_EMAIL
- secretKey: ADMIN_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/freshrss/config
metadataPolicy: None
property: ADMIN_PASSWORD
- secretKey: ADMIN_API_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/freshrss/config
metadataPolicy: None
property: ADMIN_API_PASSWORD
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: freshrss-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: OIDC_CLIENT_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/freshrss
metadataPolicy: None
property: client
- secretKey: OIDC_CLIENT_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/freshrss
metadataPolicy: None
property: secret
- secretKey: OIDC_CLIENT_CRYPTO_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/freshrss
metadataPolicy: None
property: crypto-key
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: freshrss-cloudflared-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: freshrss-cloudflared-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: cf-tunnel-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/tunnels/freshrss
metadataPolicy: None
property: token
# ---
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: freshrss-data-backup-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: freshrss-data-backup-secret
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# target:
# template:
# mergePolicy: Merge
# engineVersion: v2
# data:
# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/freshrss/freshrss-data"
# data:
# - secretKey: BUCKET_ENDPOINT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: S3_BUCKET_ENDPOINT
# - secretKey: RESTIC_PASSWORD
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: RESTIC_PASSWORD
# - secretKey: AWS_DEFAULT_REGION
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: AWS_DEFAULT_REGION
# - secretKey: AWS_ACCESS_KEY_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: access_key
# - secretKey: AWS_SECRET_ACCESS_KEY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: secret_key
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: freshrss-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: freshrss-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: access
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret

37
clusters/cl01tl-standby/applications/freshrss/templates/replication-source.yaml
View File

@@ -1,37 +0,0 @@
# apiVersion: volsync.backube/v1alpha1
# kind: ReplicationSource
# metadata:
# name: freshrss-data-backup-source
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: freshrss-data-backup-source
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# sourcePVC: freshrss-data
# trigger:
# schedule: 0 0 */3 * *
# restic:
# pruneIntervalDays: 14
# repository: freshrss-data-backup-secret
# retain:
# hourly: 1
# daily: 1
# weekly: 1
# monthly: 2
# yearly: 4
# moverSecurityContext:
# runAsUser: 568
# runAsGroup: 568
# fsGroup: 568
# fsGroupChangePolicy: OnRootMismatch
# supplementalGroups:
# - 44
# - 100
# - 109
# - 65539
# copyMethod: Snapshot
# storageClassName: ceph-block
# volumeSnapshotClassName: ceph-blockpool-snapshot

187
clusters/cl01tl-standby/applications/freshrss/values.yaml
View File

@@ -1,187 +0,0 @@
freshrss:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
initContainers:
init-download-extension-1:
securityContext:
runAsUser: 0
image:
repository: alpine
tag: 3.21.3
pullPolicy: IfNotPresent
command:
- /bin/sh
- -ec
- |
apk add --no-cache git;
cd /tmp;
git clone -n --depth=1 --filter=tree:0 https://github.com/cn-tools/cntools_FreshRssExtensions.git;
cd cntools_FreshRssExtensions;
git sparse-checkout set --no-cone /xExtension-YouTubeChannel2RssFeed;
git checkout;
rm -rf /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed
cp -r xExtension-YouTubeChannel2RssFeed /var/www/FreshRSS/extensions
chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed
resources:
requests:
cpu: 100m
memory: 128Mi
init-download-extension-2:
securityContext:
runAsUser: 0
image:
repository: alpine
tag: 3.21.3
pullPolicy: IfNotPresent
command:
- /bin/sh
- -ec
- |
apk add --no-cache git;
cd /tmp;
git clone -n --depth=1 --filter=tree:0 https://github.com/FreshRSS/Extensions.git;
cd Extensions;
git sparse-checkout set --no-cone /xExtension-ImageProxy;
git checkout;
rm -rf /var/www/FreshRSS/extensions/xExtension-ImageProxy
cp -r xExtension-ImageProxy /var/www/FreshRSS/extensions
chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed
resources:
requests:
cpu: 100m
memory: 128Mi
containers:
main:
image:
repository: freshrss/freshrss
tag: 1.26.0
pullPolicy: IfNotPresent
env:
- name: PGID
value: "568"
- name: PUID
value: "568"
- name: TZ
value: US/Central
- name: FRESHRSS_ENV
value: production
- name: CRON_MIN
value: 13,43
- name: BASE_URL
value: https://rss.alexlebens.dev
- name: DB_HOST
valueFrom:
secretKeyRef:
name: freshrss-postgresql-17-cluster-app
key: host
- name: DB_BASE
valueFrom:
secretKeyRef:
name: freshrss-postgresql-17-cluster-app
key: dbname
- name: DB_USER
valueFrom:
secretKeyRef:
name: freshrss-postgresql-17-cluster-app
key: user
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: freshrss-postgresql-17-cluster-app
key: password
- name: FRESHRSS_INSTALL
value: |
--api-enabled
--base-url $(BASE_URL)
--db-base $(DB_BASE)
--db-host $(DB_HOST)
--db-password $(DB_PASSWORD)
--db-type pgsql
--db-user $(DB_USER)
--auth-type http_auth
--default-user admin
--language en
- name: FRESHRSS_USER
value: |
--api-password $(ADMIN_API_PASSWORD)
--email $(ADMIN_EMAIL)
--language en
--password $(ADMIN_PASSWORD)
--user admin
- name: OIDC_ENABLED
value: 1
- name: OIDC_PROVIDER_METADATA_URL
value: https://auth.alexlebens.dev/application/o/freshrss/.well-known/openid-configuration
- name: OIDC_X_FORWARDED_HEADERS
value: X-Forwarded-Port X-Forwarded-Proto X-Forwarded-Host
- name: OIDC_SCOPES
value: openid email profile
- name: OIDC_REMOTE_USER_CLAIM
value: preferred_username
envFrom:
- secretRef:
name: freshrss-oidc-secret
- secretRef:
name: freshrss-install-secret
resources:
requests:
cpu: 10m
memory: 128Mi
serviceAccount:
create: true
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 80
protocol: HTTP
persistence:
data:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
main:
main:
- path: /var/www/FreshRSS/data
readOnly: false
extensions:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
init-download-extension-1:
- path: /var/www/FreshRSS/extensions
readOnly: false
init-download-extension-2:
- path: /var/www/FreshRSS/extensions
readOnly: false
main:
- path: /var/www/FreshRSS/extensions
readOnly: false
cloudflared:
existingSecretName: freshrss-cloudflared-secret
postgres-17-cluster:
mode: standalone
cluster:
walStorage:
storageClass: local-path
storage:
storageClass: local-path
monitoring:
enabled: true
backup:
enabled: true
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/freshrss/freshrss-postgresql-17-cluster
endpointCredentials: freshrss-postgresql-17-cluster-backup-secret
backupIndex: 2

32
clusters/cl01tl-standby/applications/hoarder/Chart.yaml
View File

@@ -1,32 +0,0 @@
apiVersion: v2
name: hoarder
version: 1.0.0
description: Hoarder
keywords:
- hoarder
- bookmarks
home: https://wiki.alexlebens.dev/doc/hoarder-
sources:
- https://github.com/hoarder-app/hoarder
- https://github.com/cloudflare/cloudflared
- https://github.com/meilisearch/meilisearch
- https://github.com/hoarder-app/hoarder/pkgs/container/hoarder
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
- https://github.com/alexlebens/helm-charts/tree/main/charts/cloudflared
- https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: hoarder
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
- name: meilisearch
version: 0.12.0
repository: https://meilisearch.github.io/meilisearch-kubernetes
- name: cloudflared
alias: cloudflared
repository: http://alexlebens.github.io/helm-charts
version: 1.14.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/svg/hoarder.svg
appVersion: 0.19.0

164
clusters/cl01tl-standby/applications/hoarder/templates/external-secret.yaml
View File

@@ -1,164 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: hoarder-key-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: hoarder-key-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/hoarder/key
metadataPolicy: None
property: key
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: hoarder-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: hoarder-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: AUTHENTIK_CLIENT_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/hoarder
metadataPolicy: None
property: client
- secretKey: AUTHENTIK_CLIENT_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/hoarder
metadataPolicy: None
property: secret
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: hoarder-meilisearch-master-key-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: hoarder-meilisearch-master-key-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: meilisearch
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: MEILI_MASTER_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/hoarder/meilisearch
metadataPolicy: None
property: MEILI_MASTER_KEY
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: hoarder-cloudflared-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: hoarder-cloudflared-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: cf-tunnel-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/tunnels/hoarder
metadataPolicy: None
property: token
# ---
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: hoarder-data-backup-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: hoarder-data-backup-secret
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# target:
# template:
# mergePolicy: Merge
# engineVersion: v2
# data:
# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/hoarder/hoarder-data"
# data:
# - secretKey: BUCKET_ENDPOINT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: S3_BUCKET_ENDPOINT
# - secretKey: RESTIC_PASSWORD
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: RESTIC_PASSWORD
# - secretKey: AWS_DEFAULT_REGION
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: AWS_DEFAULT_REGION
# - secretKey: AWS_ACCESS_KEY_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: access_key
# - secretKey: AWS_SECRET_ACCESS_KEY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: secret_key

27
clusters/cl01tl-standby/applications/hoarder/templates/replication-source.yaml
View File

@@ -1,27 +0,0 @@
# apiVersion: volsync.backube/v1alpha1
# kind: ReplicationSource
# metadata:
# name: hoarder-data-backup-source
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: hoarder-data-backup-source
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# sourcePVC: hoarder-data
# trigger:
# schedule: 0 0 */3 * *
# restic:
# pruneIntervalDays: 14
# repository: hoarder-data-backup-secret
# retain:
# hourly: 1
# daily: 1
# weekly: 1
# monthly: 2
# yearly: 4
# copyMethod: Snapshot
# storageClassName: ceph-block
# volumeSnapshotClassName: ceph-blockpool-snapshot

128
clusters/cl01tl-standby/applications/hoarder/values.yaml
View File

@@ -1,128 +0,0 @@
hoarder:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/hoarder-app/hoarder
tag: 0.22.0
pullPolicy: IfNotPresent
env:
- name: DATA_DIR
value: /data
- name: NEXTAUTH_URL
value: https://hoarder.alexlebens.dev/
- name: NEXTAUTH_SECRET
valueFrom:
secretKeyRef:
name: hoarder-key-secret
key: key
- name: MEILI_ADDR
value: http://hoarder-meilisearch.hoarder:7700
- name: MEILI_MASTER_KEY
valueFrom:
secretKeyRef:
name: hoarder-meilisearch-master-key-secret
key: MEILI_MASTER_KEY
- name: BROWSER_WEB_URL
value: http://hoarder.hoarder:9222
- name: DISABLE_SIGNUPS
value: false
- name: OAUTH_PROVIDER_NAME
value: "Authentik"
- name: OAUTH_WELLKNOWN_URL
value: https://auth.alexlebens.dev/application/o/hoarder/.well-known/openid-configuration
- name: OAUTH_SCOPE
value: "openid email profile"
- name: OAUTH_CLIENT_ID
valueFrom:
secretKeyRef:
name: hoarder-oidc-secret
key: AUTHENTIK_CLIENT_ID
- name: OAUTH_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: hoarder-oidc-secret
key: AUTHENTIK_CLIENT_SECRET
- name: OLLAMA_BASE_URL
value: http://ollama-server-1.ollama:11434
- name: OLLAMA_KEEP_ALIVE
value: 5m
- name: INFERENCE_TEXT_MODEL
value: llama3.1:8b
- name: INFERENCE_IMAGE_MODEL
value: llama3.2-vision:11b
- name: EMBEDDING_TEXT_MODEL
value: mxbai-embed-large
- name: INFERENCE_JOB_TIMEOUT_SEC
value: 720
resources:
requests:
cpu: 10m
memory: 256Mi
chrome:
image:
repository: gcr.io/zenika-hub/alpine-chrome
tag: 124
pullPolicy: IfNotPresent
args:
- --no-sandbox
- --disable-gpu
- --disable-dev-shm-usage
- --remote-debugging-address=0.0.0.0
- --remote-debugging-port=9222
- --hide-scrollbars
resources:
requests:
cpu: 10m
memory: 128Mi
serviceAccount:
create: true
service:
main:
controller: main
ports:
http:
port: 3000
targetPort: 3000
protocol: HTTP
chrome:
port: 9222
targetPort: 9222
protocol: HTTP
persistence:
data:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: true
advancedMounts:
main:
main:
- path: /data
readOnly: false
meilisearch:
environment:
MEILI_NO_ANALYTICS: true
MEILI_ENV: production
auth:
existingMasterKeySecret: hoarder-meilisearch-master-key-secret
service:
type: ClusterIP
port: 7700
persistence:
enabled: true
storageClass: ceph-block
size: 10Gi
resources:
requests:
cpu: 10m
memory: 128Mi
serviceMonitor:
enabled: true
cloudflared:
existingSecretName: hoarder-cloudflared-secret

55
clusters/cl01tl-standby/applications/immich/templates/external-secrets.yaml
View File

@@ -1,55 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: immich-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: immich-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: config
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: immich.json
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/immich/config
metadataPolicy: None
property: immich.json
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: immich-postgresql-16-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: immich-postgresql-16-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: access
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret

19
clusters/cl01tl-standby/applications/immich/templates/persistent-volume-claim.yaml
View File

@@ -1,19 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: immich-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: immich-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: immich-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

25
clusters/cl01tl-standby/applications/immich/templates/persistent-volume.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: immich-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: immich-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Immich
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

25
clusters/cl01tl-standby/applications/immich/templates/service-monitor.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: immich
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: immich
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: metrics
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: immich
app.kubernetes.io/instance: {{ .Release.Name }}
endpoints:
- port: metrics-api
interval: 3m
scrapeTimeout: 1m
path: /metrics
- port: metrics-ms
interval: 3m
scrapeTimeout: 1m
path: /metrics

251
clusters/cl01tl-standby/applications/immich/values.yaml
View File

@@ -1,251 +0,0 @@
immich:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/immich-app/immich-server
tag: v1.128.0
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
- name: IMMICH_TELEMETRY_INCLUDE
value: all
- name: IMMICH_CONFIG_FILE
value: /config/immich.json
- name: IMMICH_MACHINE_LEARNING_URL
value: http://immich-machine-learning.immich:3003
- name: REDIS_HOSTNAME
value: immich-valkey-primary
- name: DB_VECTOR_EXTENSION
value: pgvecto.rs
- name: DB_HOSTNAME
valueFrom:
secretKeyRef:
name: immich-postgresql-16-cluster-app
key: host
- name: DB_DATABASE_NAME
valueFrom:
secretKeyRef:
name: immich-postgresql-16-cluster-app
key: dbname
- name: DB_PORT
valueFrom:
secretKeyRef:
name: immich-postgresql-16-cluster-app
key: port
- name: DB_USERNAME
valueFrom:
secretKeyRef:
name: immich-postgresql-16-cluster-app
key: user
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: immich-postgresql-16-cluster-app
key: password
probes:
liveness:
enabled: true
custom: true
spec:
httpGet:
path: /api/server/ping
port: 2283
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
readiness:
enabled: true
custom: true
spec:
httpGet:
path: /api/server/ping
port: 2283
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
startup:
enabled: true
custom: true
spec:
httpGet:
path: /api/server/ping
port: 2283
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 30
resources:
requests:
gpu.intel.com/i915: 1
cpu: 10m
memory: 512Mi
limits:
gpu.intel.com/i915: 1
cpu: 2
machine-learning:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/immich-app/immich-machine-learning
tag: v1.128.0
pullPolicy: IfNotPresent
env:
- name: TRANSFORMERS_CACHE
value: /cache
probes:
liveness:
enabled: true
custom: true
spec:
httpGet:
path: /ping
port: 3003
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
readiness:
enabled: true
custom: true
spec:
httpGet:
path: /ping
port: 3003
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
startup:
enabled: false
resources:
requests:
gpu.intel.com/i915: 1
cpu: 10m
memory: 256Mi
limits:
gpu.intel.com/i915: 1
cpu: 8
memory: 10Gi
serviceAccount:
create: true
service:
main:
controller: main
ports:
http:
port: 2283
targetPort: 2283
protocol: TCP
metrics-api:
port: 8081
targetPort: 8081
protocol: TCP
metrics-ms:
port: 8082
targetPort: 8082
protocol: TCP
machine-learning:
controller: machine-learning
ports:
http:
port: 3003
targetPort: 3003
protocol: TCP
ingress:
main:
enabled: true
className: tailscale
hosts:
- host: immich-cl01tl
paths:
- path: /
pathType: Prefix
service:
name: immich-main
port: 2283
tls:
- hosts:
- immich-cl01tl
persistence:
config:
enabled: true
type: secret
name: immich-config-secret
advancedMounts:
main:
main:
- path: /config/immich.json
readOnly: true
mountPropagation: None
subPath: immich.json
media:
existingClaim: immich-nfs-storage
advancedMounts:
main:
main:
- path: /usr/src/app/upload
readOnly: false
cache:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: true
advancedMounts:
machine-learning:
main:
- path: /cache
readOnly: false
valkey:
architecture: standalone
auth:
enabled: false
usePasswordFiles: false
primary:
persistence:
enabled: false
replica:
persistence:
enabled: false
postgres-16-cluster:
# Tensorchord
#--- https://github.com/immich-app/immich/discussions/9060
#--- https://docs.pgvecto.rs/admin/kubernetes.html
#--- https://github.com/tensorchord/cloudnative-pgvecto.rs
type: tensorchord
mode: standalone
cluster:
image:
repository: ghcr.io/tensorchord/cloudnative-pgvecto.rs
tag: 16.3-v0.2.1
walStorage:
storageClass: local-path
storage:
storageClass: local-path
resources:
requests:
memory: 384Mi
cpu: 200m
monitoring:
enabled: true
postgresql:
parameters:
shared_buffers: 256MB
backup:
enabled: true
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/immich/immich-postgresql-16-cluster
endpointCredentials: immich-postgresql-16-cluster-backup-secret
backupIndex: 1

27
clusters/cl01tl-standby/applications/jellystat/Chart.yaml
View File

@@ -1,27 +0,0 @@
apiVersion: v2
name: jellystat
version: 1.0.0
description: Jellystat
keywords:
- jellystat
- jellyfin
home: https://wiki.alexlebens.dev/doc/jellystat-0FixP7GqGZ
sources:
- https://github.com/CyferShepard/Jellystat
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/cyfershepard/jellystat
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
- https://github.com/alexlebens/helm-charts/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: jellystat
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
- name: postgres-cluster
alias: postgres-17-cluster
version: 4.2.0
repository: http://alexlebens.github.io/helm-charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/jellystat.png
appVersion: 1.1.1

128
clusters/cl01tl-standby/applications/jellystat/templates/external-secret.yaml
View File

@@ -1,128 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: jellystat-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: jellystat-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: secret-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/jellystat/auth
metadataPolicy: None
property: secret-key
- secretKey: user
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/jellystat/auth
metadataPolicy: None
property: user
- secretKey: password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/jellystat/auth
metadataPolicy: None
property: password
# ---
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: jellystat-data-backup-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: jellystat-data-backup-secret
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# target:
# template:
# mergePolicy: Merge
# engineVersion: v2
# data:
# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/jellystat/jellystat-data"
# data:
# - secretKey: BUCKET_ENDPOINT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: S3_BUCKET_ENDPOINT
# - secretKey: RESTIC_PASSWORD
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: RESTIC_PASSWORD
# - secretKey: AWS_DEFAULT_REGION
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: AWS_DEFAULT_REGION
# - secretKey: AWS_ACCESS_KEY_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: access_key
# - secretKey: AWS_SECRET_ACCESS_KEY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: secret_key
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: jellystat-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: jellystat-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: access
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret

27
clusters/cl01tl-standby/applications/jellystat/templates/replication-source.yaml
View File

@@ -1,27 +0,0 @@
# apiVersion: volsync.backube/v1alpha1
# kind: ReplicationSource
# metadata:
# name: jellystat-data-backup-source
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: jellystat-data-backup-source
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# sourcePVC: jellystat-data
# trigger:
# schedule: 0 0 */3 * *
# restic:
# pruneIntervalDays: 14
# repository: jellystat-data-backup-secret
# retain:
# hourly: 1
# daily: 1
# weekly: 1
# monthly: 2
# yearly: 4
# copyMethod: Snapshot
# storageClassName: ceph-block
# volumeSnapshotClassName: ceph-blockpool-snapshot

112
clusters/cl01tl-standby/applications/jellystat/values.yaml
View File

@@ -1,112 +0,0 @@
jellystat:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: cyfershepard/jellystat
tag: 1.1.3
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
- name: JWT_SECRET
valueFrom:
secretKeyRef:
name: jellystat-secret
key: secret-key
- name: JS_USER
valueFrom:
secretKeyRef:
name: jellystat-secret
key: user
- name: JS_PASSWORD
valueFrom:
secretKeyRef:
name: jellystat-secret
key: password
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: jellystat-postgresql-17-cluster-app
key: username
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: jellystat-postgresql-17-cluster-app
key: password
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
name: jellystat-postgresql-17-cluster-app
key: dbname
- name: POSTGRES_IP
valueFrom:
secretKeyRef:
name: jellystat-postgresql-17-cluster-app
key: host
- name: POSTGRES_PORT
valueFrom:
secretKeyRef:
name: jellystat-postgresql-17-cluster-app
key: port
resources:
requests:
cpu: 10m
memory: 256Mi
serviceAccount:
create: true
service:
main:
controller: main
ports:
http:
port: 3000
targetPort: 3000
protocol: HTTP
ingress:
tailscale:
enabled: true
className: tailscale
hosts:
- host: jellystat-cl01tl
paths:
- path: /
pathType: Prefix
service:
name: jellystat
port: 3000
tls:
- hosts:
- jellystat-cl01tl
persistence:
data:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
main:
main:
- path: /app/backend/backup-data
readOnly: false
postgres-17-cluster:
mode: standalone
cluster:
walStorage:
storageClass: local-path
storage:
storageClass: local-path
monitoring:
enabled: true
backup:
enabled: true
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/jellystat/jellystat-postgresql-17-cluster
endpointCredentials: jellystat-postgresql-17-cluster-backup-secret
backupIndex: 1
retentionPolicy: "7d"

30
clusters/cl01tl-standby/applications/lidarr2/Chart.yaml
View File

@@ -1,30 +0,0 @@
apiVersion: v2
name: lidarr2
version: 1.0.0
description: Lidarr
keywords:
- lidarr
- servarr
- music
- metrics
home: https://wiki.alexlebens.dev/doc/lidarr-BIqpxux60p
sources:
- https://github.com/Lidarr/Lidarr
- https://github.com/linuxserver/docker-lidarr
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/onedr0p/exportarr/pkgs/container/exportarr
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
- https://github.com/alexlebens/helm-charts/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: lidarr2
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
- name: postgres-cluster
alias: postgres-17-cluster
version: 4.2.0
repository: http://alexlebens.github.io/helm-charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/lidarr.png
appVersion: 2.8.2

89
clusters/cl01tl-standby/applications/lidarr2/templates/external-secret.yaml
View File

@@ -1,89 +0,0 @@
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: lidarr2-config-backup-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: lidarr2-config-backup-secret
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# target:
# template:
# mergePolicy: Merge
# engineVersion: v2
# data:
# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/lidarr2/lidarr2-config"
# data:
# - secretKey: BUCKET_ENDPOINT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: S3_BUCKET_ENDPOINT
# - secretKey: RESTIC_PASSWORD
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: RESTIC_PASSWORD
# - secretKey: AWS_DEFAULT_REGION
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: AWS_DEFAULT_REGION
# - secretKey: AWS_ACCESS_KEY_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: access_key
# - secretKey: AWS_SECRET_ACCESS_KEY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: secret_key
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: lidarr2-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: lidarr2-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: access
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret

19
clusters/cl01tl-standby/applications/lidarr2/templates/persistent-volume-claim.yaml
View File

@@ -1,19 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: lidarr2-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: lidarr2-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: lidarr2-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

25
clusters/cl01tl-standby/applications/lidarr2/templates/persistent-volume.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: lidarr2-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: lidarr2-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

34
clusters/cl01tl-standby/applications/lidarr2/templates/prometheus-rule.yaml
View File

@@ -1,34 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: lidarr2
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: lidarr2
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: metrics
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
groups:
- name: lidarr2
rules:
- alert: ExportarrAbsent
annotations:
description: Lidarr Exportarr has disappeared from Prometheus
service discovery.
summary: Exportarr is down.
expr: |
absent(up{job=~".*lidarr2.*"} == 1)
for: 5m
labels:
severity: critical
- alert: LidarrDown
annotations:
description: Lidarr service is down.
summary: Lidarr is down.
expr: |
lidarr_system_status{job=~".*lidarr2.*"} == 0
for: 5m
labels:
severity: critical

30
clusters/cl01tl-standby/applications/lidarr2/templates/replication-source.yaml
View File

@@ -1,30 +0,0 @@
# apiVersion: volsync.backube/v1alpha1
# kind: ReplicationSource
# metadata:
# name: lidarr2-config-backup-source
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: lidarr2-config-backup-source
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# sourcePVC: lidarr2-config
# trigger:
# schedule: 0 0 */3 * *
# restic:
# pruneIntervalDays: 14
# repository: lidarr2-config-backup-secret
# retain:
# hourly: 1
# daily: 1
# weekly: 1
# monthly: 2
# yearly: 4
# moverSecurityContext:
# runAsUser: 1000
# runAsGroup: 1000
# copyMethod: Snapshot
# storageClassName: ceph-block
# volumeSnapshotClassName: ceph-blockpool-snapshot

21
clusters/cl01tl-standby/applications/lidarr2/templates/service-monitor.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: lidarr2
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: lidarr2
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: metrics
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: lidarr2
app.kubernetes.io/instance: {{ .Release.Name }}
endpoints:
- port: metrics
interval: 3m
scrapeTimeout: 1m
path: /metrics

143
clusters/cl01tl-standby/applications/lidarr2/values.yaml
View File

@@ -1,143 +0,0 @@
lidarr2:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers:
main:
image:
repository: ghcr.io/linuxserver/lidarr
tag: version-2.8.2.4493@sha256:108ecf0fcbd8f77b6e8a513be6f3446feb47666dd1b45ea360569e9aac0960e4
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
- name: PUID
value: 1000
- name: PGID
value: 1000
probes:
liveness:
enabled: true
custom: true
spec:
exec:
command:
- /usr/bin/env
- bash
- -c
- curl --fail localhost:8686/api/v1/system/status?apiKey=`IFS=\> && while
read -d \< E C; do if [[ $E = "ApiKey" ]]; then echo $C; fi; done < /config/config.xml`
failureThreshold: 5
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
resources:
requests:
cpu: 100m
memory: 256Mi
metrics:
image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.0.1
pullPolicy: IfNotPresent
args: ["lidarr"]
env:
- name: URL
value: http://localhost
- name: CONFIG
value: /config/config.xml
- name: PORT
value: 9792
- name: ENABLE_ADDITIONAL_METRICS
value: false
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: false
resources:
requests:
cpu: 100m
memory: 256Mi
serviceAccount:
create: true
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 8686
protocol: HTTP
metrics:
port: 9792
targetPort: 9792
protocol: TCP
ingress:
tailscale:
enabled: true
className: tailscale
hosts:
- host: lidarr-cl01tl
paths:
- path: /
pathType: Prefix
service:
name: lidarr2
port: 80
tls:
- hosts:
- lidarr-cl01tl
persistence:
config:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: true
advancedMounts:
main:
main:
- path: /config
readOnly: false
metrics:
- path: /config
readOnly: true
media:
existingClaim: lidarr2-nfs-storage
advancedMounts:
main:
main:
- path: /mnt/store
readOnly: false
postgres-17-cluster:
mode: standalone
cluster:
walStorage:
storageClass: local-path
storage:
storageClass: local-path
resources:
requests:
memory: 1Gi
cpu: 200m
monitoring:
enabled: true
bootstrap:
initdb:
postInitSQL:
- CREATE DATABASE "lidarr-main" OWNER "app";
- CREATE DATABASE "lidarr-log" OWNER "app";
backup:
enabled: true
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/lidarr2/lidarr2-postgresql-17-cluster
endpointCredentials: lidarr2-postgresql-17-cluster-backup-secret
backupIndex: 2
retentionPolicy: "7d"

22
clusters/cl01tl-standby/applications/lidatube/Chart.yaml
View File

@@ -1,22 +0,0 @@
apiVersion: v2
name: lidatube
version: 1.0.0
description: LidaTube
keywords:
- lidatube
- music
- yt-dlp
home: https://wiki.alexlebens.dev/doc/lidatube-Rm5ioxwcaS
sources:
- https://github.com/TheWicklowWolf/LidaTube
- https://registry.hub.docker.com/r/thewicklowwolf/lidatube
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: lidatube
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
icon: https://raw.githubusercontent.com/TheWicklowWolf/LidaTube/main/src/static/lidatube.png
appVersion: 0.2.9

23
clusters/cl01tl-standby/applications/lidatube/templates/external-secret.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: lidatube-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: lidatube-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: lidarr_api_key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/lidarr2/key
metadataPolicy: None
property: key

19
clusters/cl01tl-standby/applications/lidatube/templates/persistent-volume-claim.yaml
View File

@@ -1,19 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: lidatube-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: lidatube-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: lidatube-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

25
clusters/cl01tl-standby/applications/lidatube/templates/persistent-volume.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: lidatube-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: lidatube-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Music
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

82
clusters/cl01tl-standby/applications/lidatube/values.yaml
View File

@@ -1,82 +0,0 @@
lidatube:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers:
main:
image:
repository: thewicklowwolf/lidatube
tag: 0.2.16
pullPolicy: IfNotPresent
env:
- name: PUID
value: 1000
- name: PGID
value: 1000
- name: lidarr_address
value: http://lidarr2.lidarr2:80
- name: lidarr_api_key
valueFrom:
secretKeyRef:
name: lidatube-secret
key: lidarr_api_key
- name: sleep_interval
value: 360
- name: sync_schedule
value: 4
- name: attempt_lidarr_import
value: true
resources:
requests:
cpu: 10m
memory: 128Mi
serviceAccount:
create: true
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 5000
protocol: HTTP
ingress:
tailscale:
enabled: true
className: tailscale
hosts:
- host: lidatube-cl01tl
paths:
- path: /
pathType: Prefix
service:
name: lidatube
port: 80
tls:
- hosts:
- lidatube-cl01tl
persistence:
config:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
main:
main:
- path: /lidatube/config
readOnly: false
music:
existingClaim: lidatube-nfs-storage
advancedMounts:
main:
main:
- path: /lidatube/downloads
readOnly: false

226
clusters/cl01tl-standby/applications/outline/templates/external-secret.yaml
View File

@@ -1,226 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: outline-key-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: outline-key-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: secret-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/outline/key
metadataPolicy: None
property: secret-key
- secretKey: utils-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/outline/key
metadataPolicy: None
property: utils-key
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: outline-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: outline-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: client
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/outline
metadataPolicy: None
property: client
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/outline
metadataPolicy: None
property: secret
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: outline-minio-user-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: outline-minio-user-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/outline/minio/auth
metadataPolicy: None
property: AWS_ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/outline/minio/auth
metadataPolicy: None
property: AWS_SECRET_ACCESS_KEY
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: outline-minio-root-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: outline-minio-root-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: config.env
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/outline/minio/config
metadataPolicy: None
property: root-config.env
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: outline-minio-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: outline-minio-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: config.env
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/outline/minio/config
metadataPolicy: None
property: config.env
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: outline-cloudflared-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: outline-cloudflared-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: cf-tunnel-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/tunnels/outline
metadataPolicy: None
property: token
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: outline-minio-cloudflared-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: outline-cloudflared-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: cf-tunnel-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/tunnels/outline-minio
metadataPolicy: None
property: token
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: outline-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: outline-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: access
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret

209
clusters/cl01tl-standby/applications/outline/values.yaml
View File

@@ -1,209 +0,0 @@
outline:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: outlinewiki/outline
tag: 0.82.0
pullPolicy: IfNotPresent
env:
- name: NODE_ENV
value: production
- name: URL
value: https://wiki.alexlebens.dev
- name: PORT
value: 3000
- name: SECRET_KEY
valueFrom:
secretKeyRef:
name: outline-key-secret
key: secret-key
- name: UTILS_SECRET
valueFrom:
secretKeyRef:
name: outline-key-secret
key: utils-key
- name: POSTGRES_USERNAME
valueFrom:
secretKeyRef:
name: outline-postgresql-17-cluster-app
key: username
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: outline-postgresql-17-cluster-app
key: password
- name: POSTGRES_DATABASE_NAME
valueFrom:
secretKeyRef:
name: outline-postgresql-17-cluster-app
key: dbname
- name: POSTGRES_DATABASE_HOST
valueFrom:
secretKeyRef:
name: outline-postgresql-17-cluster-app
key: host
- name: POSTGRES_DATABASE_PORT
valueFrom:
secretKeyRef:
name: outline-postgresql-17-cluster-app
key: port
- name: DATABASE_URL
value: postgres://$(POSTGRES_USERNAME):$(POSTGRES_PASSWORD)@$(POSTGRES_DATABASE_HOST):$(POSTGRES_DATABASE_PORT)/$(POSTGRES_DATABASE_NAME)
- name: DATABASE_URL_TEST
value: postgres://$(POSTGRES_USERNAME):$(POSTGRES_PASSWORD)@$(POSTGRES_DATABASE_HOST):$(POSTGRES_DATABASE_PORT)/$(POSTGRES_DATABASE_NAME)-test
- name: DATABASE_CONNECTION_POOL_MIN
value: "2"
- name: DATABASE_CONNECTION_POOL_MAX
value: "20"
- name: PGSSLMODE
value: disable
- name: REDIS_URL
value: redis://outline-valkey-primary.outline:6379
- name: FILE_STORAGE
value: s3
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: outline-minio-user-secret
key: AWS_ACCESS_KEY_ID
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: outline-minio-user-secret
key: AWS_SECRET_ACCESS_KEY
- name: AWS_REGION
value: us-east-1
- name: AWS_S3_UPLOAD_BUCKET_NAME
value: outline
- name: AWS_S3_UPLOAD_BUCKET_URL
value: https://outline-storage.alexlebens.dev/outline
- name: AWS_S3_ACCELERATE_URL
value: https://outline-storage.alexlebens.dev/outline
- name: AWS_S3_FORCE_PATH_STYLE
value: false
- name: AWS_S3_ACL
value: private
- name: FILE_STORAGE_UPLOAD_MAX_SIZE
value: "26214400"
- name: FORCE_HTTPS
value: false
- name: ENABLE_UPDATES
value: false
- name: WEB_CONCURRENCY
value: 1
- name: FILE_STORAGE_IMPORT_MAX_SIZE
value: 5120000
- name: LOG_LEVEL
value: info
- name: DEFAULT_LANGUAGE
value: en_US
- name: RATE_LIMITER_ENABLED
value: false
- name: DEVELOPMENT_UNSAFE_INLINE_CSP
value: false
- name: OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: outline-oidc-secret
key: client
- name: OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: outline-oidc-secret
key: secret
- name: OIDC_AUTH_URI
value: https://auth.alexlebens.dev/application/o/authorize/
- name: OIDC_TOKEN_URI
value: https://auth.alexlebens.dev/application/o/token/
- name: OIDC_USERINFO_URI
value: https://auth.alexlebens.dev/application/o/userinfo/
- name: OIDC_USERNAME_CLAIM
value: email
- name: OIDC_DISPLAY_NAME
value: Authentik
- name: OIDC_SCOPES
value: openid profile email
resources:
requests:
cpu: 10m
memory: 512Mi
serviceAccount:
create: true
service:
main:
controller: main
ports:
http:
port: 3000
targetPort: 3000
protocol: HTTP
minio:
existingSecret:
name: outline-minio-root-secret
tenant:
name: minio-outline
configuration:
name: outline-minio-config-secret
pools:
- servers: 3
name: pool
volumesPerServer: 2
size: 10Gi
storageClassName: ceph-block
mountPath: /export
subPath: /data
metrics:
enabled: true
port: 9000
protocol: http
certificate:
requestAutoCert: false
ingress:
console:
enabled: true
ingressClassName: tailscale
tls:
- secretName: minio-outline-cl01tl
hosts:
- minio-outline-cl01tl
host: minio-outline-cl01tl
path: /
pathType: Prefix
valkey:
architecture: standalone
auth:
enabled: false
usePasswordFiles: false
primary:
persistence:
enabled: false
replica:
persistence:
enabled: false
cloudflared-outline:
existingSecretName: outline-cloudflared-secret
name: cloudflared-outline
cloudflared-minio:
existingSecretName: outline-minio-cloudflared-secret
name: cloudflared-minio
postgres-17-cluster:
mode: standalone
cluster:
walStorage:
storageClass: local-path
storage:
storageClass: local-path
monitoring:
enabled: true
backup:
enabled: true
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/outline/outline-postgresql-17-cluster
endpointCredentials: outline-postgresql-17-cluster-backup-secret
backupIndex: 1

21
clusters/cl01tl-standby/applications/overseerr/Chart.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: v2
name: overseerr
version: 1.0.0
description: Overseerr
keywords:
- overseer
- media
- request
home: https://wiki.alexlebens.dev/doc/overseerr-pCUN6XnGR5
sources:
- https://github.com/sct/overseerr
- https://github.com/sct/overseerr/pkgs/container/overseerr
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/overseerr.png
appVersion: 1.33.2

57
clusters/cl01tl-standby/applications/overseerr/templates/external-secret.yaml
View File

@@ -1,57 +0,0 @@
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: overseerr-main-backup-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: overseerr-main-backup-secret
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# target:
# template:
# mergePolicy: Merge
# engineVersion: v2
# data:
# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/overseerr/overseerr-main"
# data:
# - secretKey: BUCKET_ENDPOINT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: S3_BUCKET_ENDPOINT
# - secretKey: RESTIC_PASSWORD
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: RESTIC_PASSWORD
# - secretKey: AWS_DEFAULT_REGION
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: AWS_DEFAULT_REGION
# - secretKey: AWS_ACCESS_KEY_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: access_key
# - secretKey: AWS_SECRET_ACCESS_KEY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: secret_key

27
clusters/cl01tl-standby/applications/overseerr/templates/replication-source.yaml
View File

@@ -1,27 +0,0 @@
# apiVersion: volsync.backube/v1alpha1
# kind: ReplicationSource
# metadata:
# name: overseerr-main-backup-source
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: overseerr-main-backup-source
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# sourcePVC: overseerr-main
# trigger:
# schedule: 0 0 */3 * *
# restic:
# pruneIntervalDays: 14
# repository: overseerr-main-backup-secret
# retain:
# hourly: 1
# daily: 1
# weekly: 1
# monthly: 2
# yearly: 4
# copyMethod: Snapshot
# storageClassName: ceph-block
# volumeSnapshotClassName: ceph-blockpool-snapshot

56
clusters/cl01tl-standby/applications/overseerr/values.yaml
View File

@@ -1,56 +0,0 @@
app-template:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/sct/overseerr
tag: 1.33.2
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
resources:
requests:
cpu: 10m
memory: 512Mi
serviceAccount:
create: true
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 5055
protocol: HTTP
ingress:
tailscale:
enabled: true
className: tailscale
hosts:
- host: overseerr-cl01tl
paths:
- path: /
pathType: Prefix
service:
name: overseerr
port: 80
tls:
- hosts:
- overseerr-cl01tl
persistence:
main:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: true
advancedMounts:
main:
main:
- path: /app/config
readOnly: false

28
clusters/cl01tl-standby/applications/photoview/Chart.yaml
View File

@@ -1,28 +0,0 @@
apiVersion: v2
name: photoview
version: 1.0.0
description: Photoview
keywords:
- photoview
- pictures
home: https://wiki.alexlebens.dev/doc/photoview-WSRscnhpwv
sources:
- https://github.com/immich-app/immich
- https://github.com/valkey-io/valkey
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
- https://github.com/bitnami/charts/tree/main/bitnami/valkey
- https://github.com/alexlebens/helm-charts/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: photoview
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
- name: postgres-cluster
alias: postgres-17-cluster
version: 4.2.0
repository: http://alexlebens.github.io/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/photoview.png
appVersion: 2.4.0

30
clusters/cl01tl-standby/applications/photoview/templates/external-secrets.yaml
View File

@@ -1,30 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: photoview-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: photoview-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: access
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret

19
clusters/cl01tl-standby/applications/photoview/templates/persistent-volume-claim.yaml
View File

@@ -1,19 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: photoview-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: photoview-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: photoview-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

25
clusters/cl01tl-standby/applications/photoview/templates/persistent-volume.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: photoview-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: photoview-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Pictures
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

108
clusters/cl01tl-standby/applications/photoview/values.yaml
View File

@@ -1,108 +0,0 @@
photoview:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
initContainers:
init-chmod-data:
securityContext:
runAsUser: 0
image:
repository: busybox
tag: 1.37.0
pullPolicy: IfNotPresent
command:
- /bin/sh
- -ec
- |
/bin/chown -R 999:999 /app/cache
resources:
requests:
cpu: 100m
memory: 128Mi
containers:
main:
image:
repository: photoview/photoview
tag: 2.4.0
pullPolicy: IfNotPresent
env:
- name: PHOTOVIEW_DATABASE_DRIVER
value: postgres
- name: PHOTOVIEW_POSTGRES_URL
valueFrom:
secretKeyRef:
name: photoview-postgresql-17-cluster-app
key: uri
- name: PHOTOVIEW_MEDIA_CACHE
value: /app/cache
- name: PHOTOVIEW_VIDEO_HARDWARE_ACCELERATION
value: qsv
resources:
requests:
cpu: 10m
memory: 512Mi
serviceAccount:
create: true
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 80
protocol: HTTP
ingress:
main:
enabled: true
className: tailscale
hosts:
- host: photoview-cl01tl
paths:
- path: /
pathType: Prefix
service:
name: photoview
port: 80
tls:
- hosts:
- photoview-cl01tl
persistence:
media:
existingClaim: photoview-nfs-storage
advancedMounts:
main:
main:
- path: /photos
readOnly: true
cache:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: false
advancedMounts:
main:
init-chmod-data:
- path: /app/cache
readOnly: false
main:
- path: /app/cache
readOnly: false
postgres-17-cluster:
mode: standalone
cluster:
walStorage:
storageClass: local-path
storage:
storageClass: local-path
monitoring:
enabled: true
backup:
enabled: true
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/photoview/photoview-postgresql-17-cluster
endpointCredentials: photoview-postgresql-17-cluster-backup-secret
backupIndex: 2
retentionPolicy: "7d"

22
clusters/cl01tl-standby/applications/prowlarr/Chart.yaml
View File

@@ -1,22 +0,0 @@
apiVersion: v2
name: prowlarr
version: 1.0.0
description: Prowlarr
keywords:
- prowlarr
- servarr
- trackers
home: https://wiki.alexlebens.dev/doc/prowlarr-ERparmlGES
sources:
- https://github.com/Prowlarr/Prowlarr
- https://github.com/onedr0p/containers/pkgs/container/prowlarr
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: prowlarr
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/prowlarr.png
appVersion: 1.28.2.4885

57
clusters/cl01tl-standby/applications/prowlarr/templates/external-secret.yaml
View File

@@ -1,57 +0,0 @@
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: prowlarr-config-backup-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: prowlarr-config-backup-secret
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# target:
# template:
# mergePolicy: Merge
# engineVersion: v2
# data:
# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/prowlarr/prowlarr-config"
# data:
# - secretKey: BUCKET_ENDPOINT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: S3_BUCKET_ENDPOINT
# - secretKey: RESTIC_PASSWORD
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: RESTIC_PASSWORD
# - secretKey: AWS_DEFAULT_REGION
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: AWS_DEFAULT_REGION
# - secretKey: AWS_ACCESS_KEY_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: access_key
# - secretKey: AWS_SECRET_ACCESS_KEY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: secret_key

37
clusters/cl01tl-standby/applications/prowlarr/templates/replication-source.yaml
View File

@@ -1,37 +0,0 @@
# apiVersion: volsync.backube/v1alpha1
# kind: ReplicationSource
# metadata:
# name: prowlarr-config-backup-source
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: prowlarr-config-backup-source
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# sourcePVC: prowlarr-config
# trigger:
# schedule: 0 0 */3 * *
# restic:
# pruneIntervalDays: 14
# repository: prowlarr-config-backup-secret
# retain:
# hourly: 1
# daily: 1
# weekly: 1
# monthly: 2
# yearly: 4
# moverSecurityContext:
# runAsUser: 568
# runAsGroup: 568
# fsGroup: 568
# fsGroupChangePolicy: OnRootMismatch
# supplementalGroups:
# - 44
# - 100
# - 109
# - 65539
# copyMethod: Snapshot
# storageClassName: ceph-block-delete
# volumeSnapshotClassName: ceph-blockpool-snapshot

84
clusters/cl01tl-standby/applications/prowlarr/values.yaml
View File

@@ -1,84 +0,0 @@
prowlarr:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
supplementalGroups:
- 44
- 100
- 109
- 65539
containers:
main:
image:
repository: ghcr.io/onedr0p/prowlarr
tag: 1.31.2.4975
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
probes:
liveness:
enabled: false
custom: true
spec:
exec:
command:
- /usr/bin/env
- bash
- -c
- curl --fail localhost:8686/api/v1/system/status?apiKey=`IFS=\> && while
read -d \< E C; do if [[ $E = "ApiKey" ]]; then echo $C; fi; done < /config/config.xml`
failureThreshold: 5
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
resources:
requests:
cpu: 10m
memory: 256Mi
serviceAccount:
create: true
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 9696
protocol: HTTP
ingress:
tailscale:
enabled: true
className: tailscale
hosts:
- host: prowlarr-cl01tl
paths:
- path: /
pathType: Prefix
service:
name: prowlarr
port: 80
tls:
- hosts:
- prowlarr-cl01tl
persistence:
config:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
main:
- path: /config
readOnly: false

31
clusters/cl01tl-standby/applications/radarr5-4k/Chart.yaml
View File

@@ -1,31 +0,0 @@
apiVersion: v2
name: radarr5-4k
version: 1.0.0
description: Radarr v5 4K
keywords:
- radarr
- servarr
- movies
- 4k
- metrics
home: https://wiki.alexlebens.dev/doc/radarr-T6nPLajWDP
sources:
- https://github.com/Radarr/Radarr
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/onedr0p/containers/pkgs/container/radarr
- https://github.com/onedr0p/exportarr/pkgs/container/exportarr
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
- https://github.com/alexlebens/helm-charts/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: radarr5-4k
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
- name: postgres-cluster
alias: postgres-17-cluster
version: 4.2.0
repository: http://alexlebens.github.io/helm-charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/radarr.png
appVersion: 5.16.3

89
clusters/cl01tl-standby/applications/radarr5-4k/templates/external-secret.yaml
View File

@@ -1,89 +0,0 @@
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: radarr5-4k-config-backup-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: radarr5-4k-config-backup-secret
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# target:
# template:
# mergePolicy: Merge
# engineVersion: v2
# data:
# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/radarr5-4k/radarr5-4k-config"
# data:
# - secretKey: BUCKET_ENDPOINT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: S3_BUCKET_ENDPOINT
# - secretKey: RESTIC_PASSWORD
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: RESTIC_PASSWORD
# - secretKey: AWS_DEFAULT_REGION
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: AWS_DEFAULT_REGION
# - secretKey: AWS_ACCESS_KEY_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: access_key
# - secretKey: AWS_SECRET_ACCESS_KEY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: secret_key
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: radarr5-4k-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: radarr5-4k-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: access
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret

19
clusters/cl01tl-standby/applications/radarr5-4k/templates/persistent-volume-claim.yaml
View File

@@ -1,19 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: radarr5-4k-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: radarr5-4k-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: radarr5-4k-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

25
clusters/cl01tl-standby/applications/radarr5-4k/templates/persistent-volume.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: radarr5-4k-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

34
clusters/cl01tl-standby/applications/radarr5-4k/templates/prometheus-rule.yaml
View File

@@ -1,34 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: radarr5-4k
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: radarr5-4k
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: metrics
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
groups:
- name: radarr5-4k
rules:
- alert: ExportarrAbsent
annotations:
description: Radarr5 4K Exportarr has disappeared from Prometheus
service discovery.
summary: Exportarr is down.
expr: |
absent(up{job=~".*radarr5_4k.*"} == 1)
for: 5m
labels:
severity: critical
- alert: Radarr54kDown
annotations:
description: Radarr5 4K service is down.
summary: Radarr5 4K is down.
expr: |
radarr5_4k_system_status{job=~".*radarr5_4k.*"} == 0
for: 5m
labels:
severity: critical

32
clusters/cl01tl-standby/applications/radarr5-4k/templates/replication-source.yaml
View File

@@ -1,32 +0,0 @@
# apiVersion: volsync.backube/v1alpha1
# kind: ReplicationSource
# metadata:
# name: radarr5-4k-config-backup-source
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: radarr5-4k-config-backup-source
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# sourcePVC: radarr5-4k-config
# trigger:
# schedule: 0 0 */3 * *
# restic:
# pruneIntervalDays: 14
# repository: radarr5-4k-config-backup-secret
# retain:
# hourly: 1
# daily: 1
# weekly: 1
# monthly: 2
# yearly: 4
# moverSecurityContext:
# runAsUser: 1000
# runAsGroup: 1000
# fsGroup: 1000
# fsGroupChangePolicy: OnRootMismatch
# copyMethod: Snapshot
# storageClassName: ceph-block
# volumeSnapshotClassName: ceph-blockpool-snapshot

21
clusters/cl01tl-standby/applications/radarr5-4k/templates/service-monitor.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: radarr5-4k
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: radarr5-4k
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: metrics
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: radarr5-4k
app.kubernetes.io/instance: {{ .Release.Name }}
endpoints:
- port: metrics
interval: 3m
scrapeTimeout: 1m
path: /metrics

141
clusters/cl01tl-standby/applications/radarr5-4k/values.yaml
View File

@@ -1,141 +0,0 @@
radarr5-4k:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers:
main:
image:
repository: ghcr.io/linuxserver/radarr
tag: 5.19.3@sha256:0a8020afc5e3dcad1413ba125a980729a2b16ff0d88d108b3e1779111ef1c896
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
- name: PUID
value: 1000
- name: PGID
value: 1000
probes:
liveness:
enabled: false
custom: true
spec:
exec:
command:
- /usr/bin/env
- bash
- -c
- curl --fail localhost:7878/api/v1/system/status?apiKey=`IFS=\> && while
read -d \< E C; do if [[ $E = "ApiKey" ]]; then echo $C; fi; done < /config/config.xml`
failureThreshold: 5
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
resources:
requests:
cpu: 100m
memory: 256Mi
metrics:
image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.0.1
pullPolicy: IfNotPresent
args: ["radarr"]
env:
- name: URL
value: http://localhost
- name: CONFIG
value: /config/config.xml
- name: PORT
value: 9793
- name: ENABLE_ADDITIONAL_METRICS
value: false
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: false
resources:
requests:
cpu: 10m
memory: 256Mi
serviceAccount:
create: true
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 7878
protocol: HTTP
metrics:
port: 9793
targetPort: 9793
protocol: TCP
ingress:
tailscale:
enabled: true
className: tailscale
hosts:
- host: radarr-4k-cl01tl
paths:
- path: /
pathType: Prefix
service:
name: radarr5-4k
port: 80
tls:
- hosts:
- radarr-4k-cl01tl
persistence:
config:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 20Gi
retain: true
advancedMounts:
main:
main:
- path: /config
readOnly: false
metrics:
- path: /config
readOnly: true
media:
existingClaim: radarr5-4k-nfs-storage
advancedMounts:
main:
main:
- path: /mnt/store
readOnly: false
postgres-17-cluster:
mode: standalone
cluster:
walStorage:
storageClass: local-path
storage:
storageClass: local-path
monitoring:
enabled: true
bootstrap:
initdb:
database: app
owner: app
postInitSQL:
- CREATE DATABASE "radarr-main" OWNER "app";
- CREATE DATABASE "radarr-log" OWNER "app";
backup:
enabled: true
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/radarr5-4k/radarr5-4k-postgresql-17-cluster
endpointCredentials: radarr5-4k-postgresql-17-cluster-backup-secret
backupIndex: 2
retentionPolicy: "7d"

31
clusters/cl01tl-standby/applications/radarr5-anime/Chart.yaml
View File

@@ -1,31 +0,0 @@
apiVersion: v2
name: radarr5-anime
version: 1.0.0
description: Radarr v5 Anime
keywords:
- radarr
- servarr
- movies
- anime
- metrics
home: https://wiki.alexlebens.dev/doc/radarr-T6nPLajWDP
sources:
- https://github.com/Radarr/Radarr
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/linuxserver/docker-radarr
- https://github.com/onedr0p/exportarr/pkgs/container/exportarr
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
- https://github.com/alexlebens/helm-charts/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: radarr5-anime
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
- name: postgres-cluster
alias: postgres-17-cluster
version: 4.2.0
repository: http://alexlebens.github.io/helm-charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/radarr.png
appVersion: 5.16.3

89
clusters/cl01tl-standby/applications/radarr5-anime/templates/external-secret.yaml
View File

@@ -1,89 +0,0 @@
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: radarr5-anime-config-backup-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: radarr5-anime-config-backup-secret
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# target:
# template:
# mergePolicy: Merge
# engineVersion: v2
# data:
# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/radarr5-anime/radarr5-anime-config"
# data:
# - secretKey: BUCKET_ENDPOINT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: S3_BUCKET_ENDPOINT
# - secretKey: RESTIC_PASSWORD
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: RESTIC_PASSWORD
# - secretKey: AWS_DEFAULT_REGION
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: AWS_DEFAULT_REGION
# - secretKey: AWS_ACCESS_KEY_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: access_key
# - secretKey: AWS_SECRET_ACCESS_KEY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: secret_key
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: radarr5-anime-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: radarr5-anime-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: access
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret

19
clusters/cl01tl-standby/applications/radarr5-anime/templates/persistent-volume-claim.yaml
View File

@@ -1,19 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: radarr5-anime-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: radarr5-anime-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: radarr5-anime-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

25
clusters/cl01tl-standby/applications/radarr5-anime/templates/persistent-volume.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: radarr5-anime-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

34
clusters/cl01tl-standby/applications/radarr5-anime/templates/prometheus-rule.yaml
View File

@@ -1,34 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: radarr5-anime
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: radarr5-anime
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: metrics
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
groups:
- name: radarr5-anime
rules:
- alert: ExportarrAbsent
annotations:
description: Radarr5 Anime Exportarr has disappeared from Prometheus
service discovery.
summary: Exportarr is down.
expr: |
absent(up{job=~".*radarr5_anime.*"} == 1)
for: 5m
labels:
severity: critical
- alert: Radarr5animeDown
annotations:
description: Radarr5 Anime service is down.
summary: Radarr5 Anime is down.
expr: |
radarr5_anime_system_status{job=~".*radarr5_anime.*"} == 0
for: 5m
labels:
severity: critical

30
clusters/cl01tl-standby/applications/radarr5-anime/templates/replication-source.yaml
View File

@@ -1,30 +0,0 @@
# apiVersion: volsync.backube/v1alpha1
# kind: ReplicationSource
# metadata:
# name: radarr5-anime-config-backup-source
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: radarr5-anime-config-backup-source
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# sourcePVC: radarr5-anime-config
# trigger:
# schedule: 0 0 */3 * *
# restic:
# pruneIntervalDays: 14
# repository: radarr5-anime-config-backup-secret
# retain:
# hourly: 1
# daily: 1
# weekly: 1
# monthly: 2
# yearly: 4
# moverSecurityContext:
# fsGroup: 1000
# fsGroupChangePolicy: OnRootMismatch
# copyMethod: Snapshot
# storageClassName: ceph-block
# volumeSnapshotClassName: ceph-blockpool-snapshot

21
clusters/cl01tl-standby/applications/radarr5-anime/templates/service-monitor.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: radarr5-anime
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: radarr5-anime
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: metrics
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: radarr5-anime
app.kubernetes.io/instance: {{ .Release.Name }}
endpoints:
- port: metrics
interval: 3m
scrapeTimeout: 1m
path: /metrics

139
clusters/cl01tl-standby/applications/radarr5-anime/values.yaml
View File

@@ -1,139 +0,0 @@
radarr5-anime:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers:
main:
image:
repository: ghcr.io/linuxserver/radarr
tag: 5.19.3@sha256:0a8020afc5e3dcad1413ba125a980729a2b16ff0d88d108b3e1779111ef1c896
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
- name: PUID
value: 1000
- name: PGID
value: 1000
probes:
liveness:
enabled: false
custom: true
spec:
exec:
command:
- /usr/bin/env
- bash
- -c
- curl --fail localhost:7878/api/v1/system/status?apiKey=`IFS=\> && while
read -d \< E C; do if [[ $E = "ApiKey" ]]; then echo $C; fi; done < /config/config.xml`
failureThreshold: 5
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
resources:
requests:
cpu: 10m
memory: 256Mi
metrics:
image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.0.1
pullPolicy: IfNotPresent
args: ["radarr"]
env:
- name: URL
value: http://localhost
- name: CONFIG
value: /config/config.xml
- name: PORT
value: 9793
- name: ENABLE_ADDITIONAL_METRICS
value: false
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: false
resources:
requests:
cpu: 100m
memory: 256Mi
serviceAccount:
create: true
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 7878
protocol: HTTP
metrics:
port: 9793
targetPort: 9793
protocol: TCP
ingress:
tailscale:
enabled: true
className: tailscale
hosts:
- host: radarr-anime-cl01tl
paths:
- path: /
pathType: Prefix
service:
name: radarr5-anime
port: 80
tls:
- hosts:
- radarr-anime-cl01tl
persistence:
config:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 20Gi
retain: true
advancedMounts:
main:
main:
- path: /config
readOnly: false
metrics:
- path: /config
readOnly: true
media:
existingClaim: radarr5-anime-nfs-storage
advancedMounts:
main:
main:
- path: /mnt/store
readOnly: false
postgres-17-cluster:
mode: standalone
cluster:
walStorage:
storageClass: local-path
storage:
storageClass: local-path
monitoring:
enabled: true
bootstrap:
initdb:
database: app
owner: app
postInitSQL:
- CREATE DATABASE "radarr-main" OWNER "app";
- CREATE DATABASE "radarr-log" OWNER "app";
backup:
enabled: true
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/radarr5-anime/radarr5-anime-postgresql-17-cluster
endpointCredentials: radarr5-anime-postgresql-17-cluster-backup-secret
backupIndex: 2
retentionPolicy: "7d"

30
clusters/cl01tl-standby/applications/radarr5-standup/Chart.yaml
View File

@@ -1,30 +0,0 @@
apiVersion: v2
name: radarr5-standup
version: 1.0.0
description: Radarr v5 Stand Up
keywords:
- radarr
- servarr
- standup
- metrics
home: https://wiki.alexlebens.dev/doc/radarr-T6nPLajWDP
sources:
- https://github.com/Radarr/Radarr
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/linuxserver/docker-radarr
- https://github.com/onedr0p/exportarr/pkgs/container/exportarr
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
- https://github.com/alexlebens/helm-charts/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: radarr5-standup
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
- name: postgres-cluster
alias: postgres-17-cluster
version: 4.2.0
repository: http://alexlebens.github.io/helm-charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/radarr.png
appVersion: 5.16.3

89
clusters/cl01tl-standby/applications/radarr5-standup/templates/external-secret.yaml
View File

@@ -1,89 +0,0 @@
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: radarr5-standup-config-backup-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: radarr5-standup-config-backup-secret
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# target:
# template:
# mergePolicy: Merge
# engineVersion: v2
# data:
# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/radarr5-standup/radarr5-standup-config"
# data:
# - secretKey: BUCKET_ENDPOINT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: S3_BUCKET_ENDPOINT
# - secretKey: RESTIC_PASSWORD
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: RESTIC_PASSWORD
# - secretKey: AWS_DEFAULT_REGION
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: AWS_DEFAULT_REGION
# - secretKey: AWS_ACCESS_KEY_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: access_key
# - secretKey: AWS_SECRET_ACCESS_KEY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: secret_key
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: radarr5-standup-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: radarr5-standup-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: access
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret

19
clusters/cl01tl-standby/applications/radarr5-standup/templates/persistent-volume-claim.yaml
View File

@@ -1,19 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: radarr5-standup-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: radarr5-standup-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: radarr5-standup-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

25
clusters/cl01tl-standby/applications/radarr5-standup/templates/persistent-volume.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: radarr5-standup-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

34
clusters/cl01tl-standby/applications/radarr5-standup/templates/prometheus-rule.yaml
View File

@@ -1,34 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: radarr5-standup
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: radarr5-standup
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: metrics
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
groups:
- name: radarr5-standup
rules:
- alert: ExportarrAbsent
annotations:
description: Radarr5 Stand Up Exportarr has disappeared from Prometheus
service discovery.
summary: Exportarr is down.
expr: |
absent(up{job=~".*radarr5_standup.*"} == 1)
for: 5m
labels:
severity: critical
- alert: Radarr5StandUpDown
annotations:
description: Radarr5 Stand Up service is down.
summary: Radarr5 Stand Up is down.
expr: |
radarr5_standup_system_status{job=~".*radarr5_standup.*"} == 0
for: 5m
labels:
severity: critical

32
clusters/cl01tl-standby/applications/radarr5-standup/templates/replication-source.yaml
View File

@@ -1,32 +0,0 @@
# apiVersion: volsync.backube/v1alpha1
# kind: ReplicationSource
# metadata:
# name: radarr5-standup-config-backup-source
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: radarr5-standup-config-backup-source
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# sourcePVC: radarr5-standup-config
# trigger:
# schedule: 0 0 */3 * *
# restic:
# pruneIntervalDays: 14
# repository: radarr5-standup-config-backup-secret
# retain:
# hourly: 1
# daily: 1
# weekly: 1
# monthly: 2
# yearly: 4
# moverSecurityContext:
# runAsUser: 1000
# runAsGroup: 1000
# fsGroup: 1000
# fsGroupChangePolicy: OnRootMismatch
# copyMethod: Snapshot
# storageClassName: ceph-block
# volumeSnapshotClassName: ceph-blockpool-snapshot

21
clusters/cl01tl-standby/applications/radarr5-standup/templates/service-monitor.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: radarr5-standup
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: radarr5-standup
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: metrics
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: radarr5-standup
app.kubernetes.io/instance: {{ .Release.Name }}
endpoints:
- port: metrics
interval: 3m
scrapeTimeout: 1m
path: /metrics

139
clusters/cl01tl-standby/applications/radarr5-standup/values.yaml
View File

@@ -1,139 +0,0 @@
radarr5-standup:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers:
main:
image:
repository: ghcr.io/linuxserver/radarr
tag: 5.19.3@sha256:0a8020afc5e3dcad1413ba125a980729a2b16ff0d88d108b3e1779111ef1c896
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
- name: PUID
value: 1000
- name: PGID
value: 1000
probes:
liveness:
enabled: false
custom: true
spec:
exec:
command:
- /usr/bin/env
- bash
- -c
- curl --fail localhost:7878/api/v1/system/status?apiKey=`IFS=\> && while
read -d \< E C; do if [[ $E = "ApiKey" ]]; then echo $C; fi; done < /config/config.xml`
failureThreshold: 5
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
resources:
requests:
cpu: 10m
memory: 256Mi
metrics:
image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.0.1
pullPolicy: IfNotPresent
args: ["radarr"]
env:
- name: URL
value: http://localhost
- name: CONFIG
value: /config/config.xml
- name: PORT
value: 9793
- name: ENABLE_ADDITIONAL_METRICS
value: false
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: false
resources:
requests:
cpu: 100m
memory: 256Mi
serviceAccount:
create: true
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 7878
protocol: HTTP
metrics:
port: 9793
targetPort: 9793
protocol: TCP
ingress:
tailscale:
enabled: true
className: tailscale
hosts:
- host: radarr-standup-cl01tl
paths:
- path: /
pathType: Prefix
service:
name: radarr5-standup
port: 80
tls:
- hosts:
- radarr-standup-cl01tl
persistence:
config:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 20Gi
retain: true
advancedMounts:
main:
main:
- path: /config
readOnly: false
metrics:
- path: /config
readOnly: true
media:
existingClaim: radarr5-standup-nfs-storage
advancedMounts:
main:
main:
- path: /mnt/store
readOnly: false
postgres-17-cluster:
mode: standalone
cluster:
walStorage:
storageClass: local-path
storage:
storageClass: local-path
monitoring:
enabled: true
bootstrap:
initdb:
database: app
owner: app
postInitSQL:
- CREATE DATABASE "radarr-main" OWNER "app";
- CREATE DATABASE "radarr-log" OWNER "app";
backup:
enabled: true
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/radarr5-standup/radarr5-standup-postgresql-17-cluster
endpointCredentials: radarr5-standup-postgresql-17-cluster-backup-secret
backupIndex: 2
retentionPolicy: "7d"

30
clusters/cl01tl-standby/applications/radarr5/Chart.yaml
View File

@@ -1,30 +0,0 @@
apiVersion: v2
name: radarr5
version: 1.0.0
description: Radarr v5
keywords:
- radarr
- servarr
- movies
- metrics
home: https://wiki.alexlebens.dev/doc/radarr-T6nPLajWDP
sources:
- https://github.com/Radarr/Radarr
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/onedr0p/containers/pkgs/container/radarr
- https://github.com/onedr0p/exportarr/pkgs/container/exportarr
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
- https://github.com/alexlebens/helm-charts/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: radarr5
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
- name: postgres-cluster
alias: postgres-17-cluster
version: 4.2.0
repository: http://alexlebens.github.io/helm-charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/radarr.png
appVersion: 5.16.3.9541

89
clusters/cl01tl-standby/applications/radarr5/templates/external-secret.yaml
View File

@@ -1,89 +0,0 @@
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: radarr5-config-backup-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: radarr5-config-backup-secret
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# target:
# template:
# mergePolicy: Merge
# engineVersion: v2
# data:
# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/radarr5/radarr5-config"
# data:
# - secretKey: BUCKET_ENDPOINT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: S3_BUCKET_ENDPOINT
# - secretKey: RESTIC_PASSWORD
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: RESTIC_PASSWORD
# - secretKey: AWS_DEFAULT_REGION
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: AWS_DEFAULT_REGION
# - secretKey: AWS_ACCESS_KEY_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: access_key
# - secretKey: AWS_SECRET_ACCESS_KEY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: secret_key
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: radarr5-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: radarr5-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: access
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret

19
clusters/cl01tl-standby/applications/radarr5/templates/persistent-volume-claim.yaml
View File

@@ -1,19 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: radarr5-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: radarr5-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: radarr5-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

25
clusters/cl01tl-standby/applications/radarr5/templates/persistent-volume.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: radarr5-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: radarr5-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

34
clusters/cl01tl-standby/applications/radarr5/templates/prometheus-rule.yaml
View File

@@ -1,34 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: radarr5
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: radarr5
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: metrics
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
groups:
- name: radarr5
rules:
- alert: ExportarrAbsent
annotations:
description: Radarr5 Exportarr has disappeared from Prometheus
service discovery.
summary: Exportarr is down.
expr: |
absent(up{job=~".*radarr5.*"} == 1)
for: 5m
labels:
severity: critical
- alert: Radarr5Down
annotations:
description: Radarr5 service is down.
summary: Radarr5 is down.
expr: |
radarr5_system_status{job=~".*radarr5.*"} == 0
for: 5m
labels:
severity: critical

32
clusters/cl01tl-standby/applications/radarr5/templates/replication-source.yaml
View File

@@ -1,32 +0,0 @@
# apiVersion: volsync.backube/v1alpha1
# kind: ReplicationSource
# metadata:
# name: radarr5-config-backup-source
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: radarr5-config-backup-source
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# sourcePVC: radarr5-config
# trigger:
# schedule: 0 0 */3 * *
# restic:
# pruneIntervalDays: 14
# repository: radarr5-config-backup-secret
# retain:
# hourly: 1
# daily: 1
# weekly: 1
# monthly: 2
# yearly: 4
# moverSecurityContext:
# runAsUser: 1000
# runAsGroup: 1000
# fsGroup: 1000
# fsGroupChangePolicy: OnRootMismatch
# copyMethod: Snapshot
# storageClassName: ceph-block
# volumeSnapshotClassName: ceph-blockpool-snapshot

21
clusters/cl01tl-standby/applications/radarr5/templates/service-monitor.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: radarr5
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: radarr5
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: metrics
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: radarr5
app.kubernetes.io/instance: {{ .Release.Name }}
endpoints:
- port: metrics
interval: 3m
scrapeTimeout: 1m
path: /metrics

145
clusters/cl01tl-standby/applications/radarr5/values.yaml
View File

@@ -1,145 +0,0 @@
radarr5:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers:
main:
image:
repository: ghcr.io/linuxserver/radarr
tag: 5.19.3@sha256:0a8020afc5e3dcad1413ba125a980729a2b16ff0d88d108b3e1779111ef1c896
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
- name: PUID
value: 1000
- name: PGID
value: 1000
probes:
liveness:
enabled: false
custom: true
spec:
exec:
command:
- /usr/bin/env
- bash
- -c
- curl --fail localhost:7878/api/v1/system/status?apiKey=`IFS=\> && while
read -d \< E C; do if [[ $E = "ApiKey" ]]; then echo $C; fi; done < /config/config.xml`
failureThreshold: 5
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
resources:
requests:
cpu: 100m
memory: 256Mi
metrics:
image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.0.1
pullPolicy: IfNotPresent
args: ["radarr"]
env:
- name: URL
value: http://localhost
- name: CONFIG
value: /config/config.xml
- name: PORT
value: 9793
- name: ENABLE_ADDITIONAL_METRICS
value: false
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: false
resources:
requests:
cpu: 100m
memory: 512Mi
serviceAccount:
create: true
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 7878
protocol: HTTP
metrics:
port: 9793
targetPort: 9793
protocol: TCP
ingress:
tailscale:
enabled: true
className: tailscale
hosts:
- host: radarr-cl01tl
paths:
- path: /
pathType: Prefix
service:
name: radarr5
port: 80
tls:
- hosts:
- radarr-cl01tl
persistence:
config:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 20Gi
retain: true
advancedMounts:
main:
main:
- path: /config
readOnly: false
metrics:
- path: /config
readOnly: true
media:
existingClaim: radarr5-nfs-storage
advancedMounts:
main:
main:
- path: /mnt/store
readOnly: false
postgres-17-cluster:
mode: standalone
cluster:
walStorage:
storageClass: local-path
storage:
storageClass: local-path
resources:
requests:
memory: 1Gi
cpu: 200m
monitoring:
enabled: true
bootstrap:
initdb:
database: app
owner: app
postInitSQL:
- CREATE DATABASE "radarr-main" OWNER "app";
- CREATE DATABASE "radarr-log" OWNER "app";
backup:
enabled: true
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/radarr5/radarr5-postgresql-17-cluster
endpointCredentials: radarr5-postgresql-17-cluster-backup-secret
backupIndex: 2
retentionPolicy: "7d"

27
clusters/cl01tl-standby/applications/roundcube/Chart.yaml
View File

@@ -1,27 +0,0 @@
apiVersion: v2
name: roundcube
version: 1.0.0
description: Roundcube
keywords:
- roundcube
- email
home: https://wiki.alexlebens.dev/doc/roundcube-miG1qbYSPs
sources:
- https://github.com/roundcube/roundcubemail
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/roundcube/roundcubemail
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
- https://github.com/alexlebens/helm-charts/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: roundcube
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
- name: postgres-cluster
alias: postgres-17-cluster
version: 4.2.0
repository: http://alexlebens.github.io/helm-charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/roundcube.png
appVersion: 1.6.9

114
clusters/cl01tl-standby/applications/roundcube/templates/external-secret.yaml
View File

@@ -1,114 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: roundcube-key-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: roundcube-key-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: DES_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/roundcube/key
metadataPolicy: None
property: DES_KEY
# ---
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: roundcube-data-backup-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: roundcube-data-backup-secret
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# target:
# template:
# mergePolicy: Merge
# engineVersion: v2
# data:
# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/roundcube/roundcube-data"
# data:
# - secretKey: BUCKET_ENDPOINT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: S3_BUCKET_ENDPOINT
# - secretKey: RESTIC_PASSWORD
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: RESTIC_PASSWORD
# - secretKey: AWS_DEFAULT_REGION
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: AWS_DEFAULT_REGION
# - secretKey: AWS_ACCESS_KEY_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: access_key
# - secretKey: AWS_SECRET_ACCESS_KEY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: secret_key
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: roundcube-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: roundcube-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: access
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret

27
clusters/cl01tl-standby/applications/roundcube/templates/replication-source.yaml
View File

@@ -1,27 +0,0 @@
# apiVersion: volsync.backube/v1alpha1
# kind: ReplicationSource
# metadata:
# name: roundcube-data-backup-source
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: roundcube-data-backup-source
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# sourcePVC: roundcube-data
# trigger:
# schedule: 0 0 */3 * *
# restic:
# pruneIntervalDays: 14
# repository: roundcube-data-backup-secret
# retain:
# hourly: 1
# daily: 1
# weekly: 1
# monthly: 2
# yearly: 4
# copyMethod: Snapshot
# storageClassName: ceph-block
# volumeSnapshotClassName: ceph-blockpool-snapshot

238
clusters/cl01tl-standby/applications/roundcube/values.yaml
View File

@@ -1,238 +0,0 @@
roundcube:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: roundcube/roundcubemail
tag: 1.6.10-fpm-alpine
pullPolicy: IfNotPresent
env:
- name: ROUNDCUBEMAIL_DB_TYPE
value: pgsql
- name: ROUNDCUBEMAIL_DB_HOST
valueFrom:
secretKeyRef:
name: roundcube-postgresql-17-cluster-app
key: host
- name: ROUNDCUBEMAIL_DB_NAME
valueFrom:
secretKeyRef:
name: roundcube-postgresql-17-cluster-app
key: dbname
- name: ROUNDCUBEMAIL_DB_USER
valueFrom:
secretKeyRef:
name: roundcube-postgresql-17-cluster-app
key: user
- name: ROUNDCUBEMAIL_DB_PASSWORD
valueFrom:
secretKeyRef:
name: roundcube-postgresql-17-cluster-app
key: password
- name: ROUNDCUBEMAIL_DES_KEY
valueFrom:
secretKeyRef:
name: roundcube-key-secret
key: DES_KEY
- name: ROUNDCUBEMAIL_DEFAULT_HOST
value: stalwart.stalwart
- name: ROUNDCUBEMAIL_DEFAULT_PORT
value: 143
- name: ROUNDCUBEMAIL_SMTP_SERVER
value: stalwart.stalwart
- name: ROUNDCUBEMAIL_SMTP_PORT
value: 25
- name: ROUNDCUBEMAIL_SKIN
value: elastic
- name: ROUNDCUBEMAIL_PLUGINS
value: archive,zipdownload,newmail_notifier
resources:
requests:
cpu: 100m
memory: 256Mi
nginx:
image:
repository: nginx
tag: 1.27.4-alpine
pullPolicy: IfNotPresent
env:
- name: NGINX_HOST
value: mail.alexlebens.dev
- name: NGINX_PHP_CGI
value: roundcube.roundcube:9000
resources:
requests:
cpu: 10m
memory: 128Mi
cleandb:
type: cronjob
cronjob:
suspend: false
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: 0 4 * * *
startingDeadlineSeconds: 90
successfulJobsHistory: 3
failedJobsHistory: 3
backoffLimit: 3
parallelism: 1
containers:
backup:
image:
repository: roundcube/roundcubemail
tag: 1.6.10-fpm-alpine
pullPolicy: IfNotPresent
env:
- name: ROUNDCUBEMAIL_DB_TYPE
value: pgsql
- name: ROUNDCUBEMAIL_DB_HOST
valueFrom:
secretKeyRef:
name: roundcube-postgresql-17-cluster-app
key: host
- name: ROUNDCUBEMAIL_DB_NAME
valueFrom:
secretKeyRef:
name: roundcube-postgresql-17-cluster-app
key: dbname
- name: ROUNDCUBEMAIL_DB_USER
valueFrom:
secretKeyRef:
name: roundcube-postgresql-17-cluster-app
key: user
- name: ROUNDCUBEMAIL_DB_PASSWORD
valueFrom:
secretKeyRef:
name: roundcube-postgresql-17-cluster-app
key: password
- name: ROUNDCUBEMAIL_DES_KEY
valueFrom:
secretKeyRef:
name: roundcube-key-secret
key: DES_KEY
- name: ROUNDCUBEMAIL_DEFAULT_HOST
value: tls://stalwart.stalwart
- name: ROUNDCUBEMAIL_SMTP_SERVER
value: tls://stalwart.stalwart
- name: ROUNDCUBEMAIL_SKIN
value: elastic
- name: ROUNDCUBEMAIL_PLUGINS
value: archive,zipdownload,newmail_notifier
args:
- bin/cleandb.sh
resources:
requests:
cpu: 100m
memory: 128Mi
serviceAccount:
create: true
configMaps:
config:
enabled: true
data:
default.conf: |
server {
listen 80 default_server;
server_name _;
root /var/www/html;
location / {
try_files $uri /index.php$is_args$args;
}
location ~ \.php(/|$) {
try_files $uri =404;
fastcgi_pass roundcube:9000;
fastcgi_read_timeout 300;
proxy_read_timeout 300;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
internal;
}
client_max_body_size 6m;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
}
service:
main:
controller: main
ports:
mail:
port: 9000
targetPort: 9000
protocol: HTTP
web:
port: 80
targetPort: 80
protocol: HTTP
ingress:
tailscale:
enabled: true
className: tailscale
hosts:
- host: mail-cl01tl
paths:
- path: /
pathType: Prefix
service:
name: roundcube
port: 80
tls:
- hosts:
- mail-cl01tl
persistence:
data:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
main:
main:
- path: /var/www/html
readOnly: false
nginx:
- path: /var/www/html
readOnly: false
temp:
type: emptyDir
advancedMounts:
main:
main:
- path: /tmp/roundcube-temp
readOnly: false
config:
enabled: true
type: configMap
name: roundcube-config
advancedMounts:
main:
nginx:
- path: /etc/nginx/conf.d/default.conf
readOnly: true
mountPropagation: None
subPath: default.conf
postgres-17-cluster:
mode: standalone
cluster:
walStorage:
storageClass: local-path
storage:
storageClass: local-path
monitoring:
enabled: true
backup:
enabled: true
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/roundcube/roundcube-postgresql-17-cluster
endpointCredentials: roundcube-postgresql-17-cluster-backup-secret
backupIndex: 1

28
clusters/cl01tl-standby/applications/site-profile/Chart.yaml
View File

@@ -1,28 +0,0 @@
apiVersion: v2
name: site-profile
version: 1.0.0
description: Site Profile
keywords:
- site-profile
- astro
home: https://wiki.alexlebens.dev/doc/site-profile-uoqXo94Yzd
sources:
- https://github.com/alexlebens/site-profile
- https://github.com/withastro/astro
- https://github.com/cloudflare/cloudflared
- https://github.com/alexlebens/site-profile/pkgs/container/site-profile
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
- https://github.com/alexlebens/helm-charts/charts/cloudflared
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: site-profile
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
- name: cloudflared
alias: cloudflared-site
repository: http://alexlebens.github.io/helm-charts
version: 1.14.0
icon: https://d21zlbwtcn424f.cloudfront.net/icon_white.png
appVersion: 0.5.5

23
clusters/cl01tl-standby/applications/site-profile/templates/external-secret.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: site-profile-cloudflared-api-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: site-profile-cloudflared-api-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: cf-tunnel-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/tunnels/site-profile
metadataPolicy: None
property: token

32
clusters/cl01tl-standby/applications/site-profile/values.yaml
View File

@@ -1,32 +0,0 @@
site-profile:
global:
fullnameOverride: site-profile
controllers:
main:
type: deployment
replicas: 3
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/alexlebens/site-profile
tag: 0.6.2
pullPolicy: IfNotPresent
resources:
requests:
cpu: 10m
memory: 128Mi
serviceAccount:
create: true
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 4321
protocol: HTTP
cloudflared-site:
name: cloudflared-site
existingSecretName: site-profile-cloudflared-api-secret

31
clusters/cl01tl-standby/applications/sonarr4-4k/Chart.yaml
View File

@@ -1,31 +0,0 @@
apiVersion: v2
name: sonarr4-4k
version: 1.0.0
description: Sonarr v4 4K
keywords:
- sonarr
- servarr
- tv shows
- 4k
- metrics
home: https://wiki.alexlebens.dev/doc/sonarr-AvJLY9PxEy
sources:
- https://github.com/Sonarr/Sonarr
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/onedr0p/containers/pkgs/container/sonarr
- https://github.com/onedr0p/exportarr/pkgs/container/exportarr
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
- https://github.com/alexlebens/helm-charts/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: sonarr4-4k
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
- name: postgres-cluster
alias: postgres-17-cluster
version: 4.2.0
repository: http://alexlebens.github.io/helm-charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/sonarr.png
appVersion: 4.0.11

89
clusters/cl01tl-standby/applications/sonarr4-4k/templates/external-secret.yaml
View File

@@ -1,89 +0,0 @@
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: sonarr4-4k-config-backup-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: sonarr4-4k-config-backup-secret
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# target:
# template:
# mergePolicy: Merge
# engineVersion: v2
# data:
# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/sonarr4-4k/sonarr4-4k-config"
# data:
# - secretKey: BUCKET_ENDPOINT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: S3_BUCKET_ENDPOINT
# - secretKey: RESTIC_PASSWORD
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: RESTIC_PASSWORD
# - secretKey: AWS_DEFAULT_REGION
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: AWS_DEFAULT_REGION
# - secretKey: AWS_ACCESS_KEY_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: access_key
# - secretKey: AWS_SECRET_ACCESS_KEY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: secret_key
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: sonarr4-4k-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: sonarr4-4k-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: access
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret

19
clusters/cl01tl-standby/applications/sonarr4-4k/templates/persistent-volume-claim.yaml
View File

@@ -1,19 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: sonarr4-4k-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: sonarr4-4k-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: sonarr4-4k-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

25
clusters/cl01tl-standby/applications/sonarr4-4k/templates/persistent-volume.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: sonarr4-4k-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: sonarr4-4k-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

34
clusters/cl01tl-standby/applications/sonarr4-4k/templates/prometheus-rule.yaml
View File

@@ -1,34 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: sonarr4-4k
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: sonarr4-4k
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: metrics
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
groups:
- name: sonarr4-4k
rules:
- alert: ExportarrAbsent
annotations:
description: Sonarr4 4K Exportarr has disappeared from Prometheus
service discovery.
summary: Exportarr is down.
expr: |
absent(up{job=~".*sonarr4_4k.*"} == 1)
for: 5m
labels:
severity: critical
- alert: Sonarr44KDown
annotations:
description: Sonarr4 4K service is down.
summary: Sonarr4 4K is down.
expr: |
sonarr4_4k_system_status{job=~".*sonarr4_4k.*"} == 0
for: 5m
labels:
severity: critical

35
clusters/cl01tl-standby/applications/sonarr4-4k/templates/replication-source.yaml
View File

@@ -1,35 +0,0 @@
# apiVersion: volsync.backube/v1alpha1
# kind: ReplicationSource
# metadata:
# name: sonarr4-4k-config-backup-source
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: sonarr4-4k-config-backup-source
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# sourcePVC: sonarr4-4k-config
# trigger:
# schedule: 0 0 */3 * *
# restic:
# pruneIntervalDays: 14
# repository: sonarr4-4k-config-backup-secret
# retain:
# hourly: 1
# daily: 1
# weekly: 1
# monthly: 2
# yearly: 4
# moverSecurityContext:
# fsGroup: 1000
# fsGroupChangePolicy: OnRootMismatch
# supplementalGroups:
# - 44
# - 100
# - 109
# - 65539
# copyMethod: Snapshot
# storageClassName: ceph-block
# volumeSnapshotClassName: ceph-blockpool-snapshot

21
clusters/cl01tl-standby/applications/sonarr4-4k/templates/service-monitor.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: sonarr4-4k
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: sonarr4-4k
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: metrics
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: sonarr4-4k
app.kubernetes.io/instance: {{ .Release.Name }}
endpoints:
- port: metrics
interval: 3m
scrapeTimeout: 1m
path: /metrics

144
clusters/cl01tl-standby/applications/sonarr4-4k/values.yaml
View File

@@ -1,144 +0,0 @@
sonarr4-4k:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
supplementalGroups:
- 44
- 100
- 109
- 65539
containers:
main:
image:
repository: ghcr.io/linuxserver/sonarr
tag: 4.0.13@sha256:4dfedb2598dc6bd51c40f4ecea2631dbe367840678ab109cd968f821d81a5327
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
- name: PUID
value: 1000
- name: PGID
value: 1000
probes:
liveness:
enabled: false
custom: true
spec:
exec:
command:
- /usr/bin/env
- bash
- -c
- curl --fail localhost:8989/api/v1/system/status?apiKey=`IFS=\> && while
read -d \< E C; do if [[ $E = "ApiKey" ]]; then echo $C; fi; done < /config/config.xml`
failureThreshold: 5
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
resources:
requests:
cpu: 10m
memory: 256Mi
metrics:
image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.0.1
pullPolicy: IfNotPresent
args: ["sonarr"]
env:
- name: URL
value: http://localhost
- name: CONFIG
value: /config/config.xml
- name: PORT
value: 9794
- name: ENABLE_ADDITIONAL_METRICS
value: false
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: false
resources:
requests:
cpu: 100m
memory: 256Mi
serviceAccount:
create: true
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 8989
protocol: HTTP
metrics:
port: 9794
targetPort: 9794
protocol: TCP
ingress:
tailscale:
enabled: true
className: tailscale
hosts:
- host: sonarr-4k-cl01tl
paths:
- path: /
pathType: Prefix
service:
name: sonarr4-4k
port: 80
tls:
- hosts:
- sonarr-4k-cl01tl
persistence:
config:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 20Gi
retain: true
advancedMounts:
main:
main:
- path: /config
readOnly: false
metrics:
- path: /config
readOnly: true
media:
existingClaim: sonarr4-4k-nfs-storage
advancedMounts:
main:
main:
- path: /mnt/store
readOnly: false
postgres-17-cluster:
mode: standalone
cluster:
walStorage:
storageClass: local-path
storage:
storageClass: local-path
monitoring:
enabled: true
bootstrap:
initdb:
database: app
owner: app
postInitSQL:
- CREATE DATABASE "sonarr-main" OWNER "app";
- CREATE DATABASE "sonarr-log" OWNER "app";
backup:
enabled: true
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/sonarr4-4k/sonarr4-4k-postgresql-17-cluster
endpointCredentials: sonarr4-4k-postgresql-17-cluster-backup-secret
backupIndex: 2
retentionPolicy: "7d"

30
clusters/cl01tl-standby/applications/sonarr4-anime/Chart.yaml
View File

@@ -1,30 +0,0 @@
apiVersion: v2
name: sonarr4-anime
version: 1.0.0
description: Sonarr v4 Anime
keywords:
- sonarr
- servarr
- anime
- metrics
home: https://wiki.alexlebens.dev/doc/sonarr-AvJLY9PxEy
sources:
- https://github.com/Sonarr/Sonarr
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/onedr0p/containers/pkgs/container/sonarr
- https://github.com/onedr0p/exportarr/pkgs/container/exportarr
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
- https://github.com/alexlebens/helm-charts/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: sonarr4-anime
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
- name: postgres-cluster
alias: postgres-17-cluster
version: 4.2.0
repository: http://alexlebens.github.io/helm-charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/sonarr.png
appVersion: 4.0.11

89
clusters/cl01tl-standby/applications/sonarr4-anime/templates/external-secret.yaml
View File

@@ -1,89 +0,0 @@
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: sonarr4-anime-config-backup-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: sonarr4-anime-config-backup-secret
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# target:
# template:
# mergePolicy: Merge
# engineVersion: v2
# data:
# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/sonarr4-anime/sonarr4-anime-config"
# data:
# - secretKey: BUCKET_ENDPOINT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: S3_BUCKET_ENDPOINT
# - secretKey: RESTIC_PASSWORD
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: RESTIC_PASSWORD
# - secretKey: AWS_DEFAULT_REGION
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: AWS_DEFAULT_REGION
# - secretKey: AWS_ACCESS_KEY_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: access_key
# - secretKey: AWS_SECRET_ACCESS_KEY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: secret_key
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: sonarr4-anime-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: sonarr4-anime-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: access
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret

19
clusters/cl01tl-standby/applications/sonarr4-anime/templates/persistent-volume-claim.yaml
View File

@@ -1,19 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: sonarr4-anime-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: sonarr4-anime-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: sonarr4-anime-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

Some files were not shown because too many files have changed in this diff Show More