alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 6 Actions Activity

feat: refactor apps

Browse Source
This commit is contained in:
Alex Lebens
2026-04-07 20:20:01 -05:00
parent 6825615229
commit 1ce8f18df7
20 changed files with 52 additions and 316 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
clusters/cl01tl/helm/harbor/Chart.yaml
View File

@@ -20,7 +20,7 @@ dependencies:
repository: https://helm.goharbor.io repository: https://helm.goharbor.io
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.11.1 version: 7.11.2
repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
- name: valkey - name: valkey
alias: valkey alias: valkey

1
clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
View File

@@ -5,6 +5,7 @@ description: Kube Prometheus Stack
keywords: keywords:
- kube-prometheus-stack - kube-prometheus-stack
- prometheus - prometheus
- metrics
home: https://docs.alexlebens.dev/applications/kube-prometheus-stack/ home: https://docs.alexlebens.dev/applications/kube-prometheus-stack/
sources: sources:
- https://github.com/prometheus/prometheus - https://github.com/prometheus/prometheus

1
clusters/cl01tl/helm/s3-exporter/Chart.yaml
View File

@@ -5,6 +5,7 @@ description: S3 Exporter
keywords: keywords:
- s3-exporter - s3-exporter
- storage - storage
- metrics
home: https://docs.alexlebens.dev/applications/s3-exporter/ home: https://docs.alexlebens.dev/applications/s3-exporter/
sources: sources:
- https://github.com/molu8bits/s3bucket_exporter - https://github.com/molu8bits/s3bucket_exporter

1
clusters/cl01tl/helm/speedtest-exporter/Chart.yaml
View File

@@ -5,6 +5,7 @@ description: Speedtest Exporter
keywords: keywords:
- speedtest-exporter - speedtest-exporter
- internet-speed - internet-speed
- metrics
home: https://docs.alexlebens.dev/applications/speedtest-exporter/ home: https://docs.alexlebens.dev/applications/speedtest-exporter/
sources: sources:
- https://github.com/MiguelNdeCarvalho/speedtest-exporter - https://github.com/MiguelNdeCarvalho/speedtest-exporter

6
clusters/cl01tl/helm/talos/values.yaml
View File

@@ -376,7 +376,7 @@ etcd-defrag:
cronjob: cronjob:
suspend: false suspend: false
timeZone: America/Chicago timeZone: America/Chicago
schedule: "0 0 * * 0" schedule: 0 0 * * 0
backoffLimit: 3 backoffLimit: 3
parallelism: 1 parallelism: 1
containers: containers:
@@ -404,7 +404,7 @@ etcd-defrag:
cronjob: cronjob:
suspend: false suspend: false
timeZone: America/Chicago timeZone: America/Chicago
schedule: "10 0 * * 0" schedule: 10 0 * * 0
backoffLimit: 3 backoffLimit: 3
parallelism: 1 parallelism: 1
containers: containers:
@@ -432,7 +432,7 @@ etcd-defrag:
cronjob: cronjob:
suspend: false suspend: false
timeZone: America/Chicago timeZone: America/Chicago
schedule: "20 0 * * 0" schedule: 20 0 * * 0
backoffLimit: 3 backoffLimit: 3
parallelism: 1 parallelism: 1
containers: containers:

2
clusters/cl01tl/helm/unpackerr/Chart.yaml
View File

@@ -6,7 +6,7 @@ keywords:
- unpackerr - unpackerr
- archive - archive
- servarr - servarr
home: https://wiki.alexlebens.dev/s/7d3193ee-4ca3-4477-bdb0-44f2258bc088 home: https://docs.alexlebens.dev/applications/unpackerr/
sources: sources:
- https://github.com/Unpackerr/unpackerr - https://github.com/Unpackerr/unpackerr
- https://hub.docker.com/r/golift/unpackerr - https://hub.docker.com/r/golift/unpackerr

24
clusters/cl01tl/helm/unpackerr/templates/external-secret.yaml
View File

@@ -14,57 +14,33 @@ spec:
data: data:
- secretKey: UN_SONARR_0_API_KEY - secretKey: UN_SONARR_0_API_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/sonarr4/key key: /cl01tl/sonarr4/key
metadataPolicy: None
property: key property: key
- secretKey: UN_SONARR_1_API_KEY - secretKey: UN_SONARR_1_API_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/sonarr4-4k/key key: /cl01tl/sonarr4-4k/key
metadataPolicy: None
property: key property: key
- secretKey: UN_SONARR_2_API_KEY - secretKey: UN_SONARR_2_API_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/sonarr4-anime/key key: /cl01tl/sonarr4-anime/key
metadataPolicy: None
property: key property: key
- secretKey: UN_RADARR_0_API_KEY - secretKey: UN_RADARR_0_API_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/radarr5/key key: /cl01tl/radarr5/key
metadataPolicy: None
property: key property: key
- secretKey: UN_RADARR_1_API_KEY - secretKey: UN_RADARR_1_API_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/radarr5-4k/key key: /cl01tl/radarr5-4k/key
metadataPolicy: None
property: key property: key
- secretKey: UN_RADARR_2_API_KEY - secretKey: UN_RADARR_2_API_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/radarr5-anime/key key: /cl01tl/radarr5-anime/key
metadataPolicy: None
property: key property: key
- secretKey: UN_RADARR_3_API_KEY - secretKey: UN_RADARR_3_API_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/radarr5-standup/key key: /cl01tl/radarr5-standup/key
metadataPolicy: None
property: key property: key
- secretKey: UN_LIDARR_0_API_KEY - secretKey: UN_LIDARR_0_API_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/lidarr2/key key: /cl01tl/lidarr2/key
metadataPolicy: None
property: key property: key

12
clusters/cl01tl/helm/unpackerr/values.yaml
View File

@@ -4,16 +4,18 @@ unpackerr:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3 pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers: containers:
main: main:
image: image:
repository: golift/unpackerr repository: golift/unpackerr
tag: 0.15.2 tag: 0.15.2@sha256:057e34740d26c34d81ec8e2faf8ec11f8dbfc77489b7a42826f52b37e5ee1b6c
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: US/Central value: America/Chicago
- name: UN_WEBSERVER_METRICS - name: UN_WEBSERVER_METRICS
value: true value: true
- name: UN_SONARR_0_URL - name: UN_SONARR_0_URL
@@ -54,7 +56,7 @@ unpackerr:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 128Mi memory: 10Mi
persistence: persistence:
storage: storage:
existingClaim: unpackerr-nfs-storage existingClaim: unpackerr-nfs-storage

5
clusters/cl01tl/helm/unpoller/Chart.yaml
View File

@@ -5,9 +5,8 @@ description: Unpoller
keywords: keywords:
- unpoller - unpoller
- ubiquiti - ubiquiti
- unifi
- metrics - metrics
home: https://wiki.alexlebens.dev/s/cac4e7b1-3d8e-4a32-993c-c6b3f1d2c344 home: https://docs.alexlebens.dev/applications/unpoller/
sources: sources:
- https://github.com/unpoller/unpoller - https://github.com/unpoller/unpoller
- https://github.com/unpoller/unpoller/pkgs/container/unpoller - https://github.com/unpoller/unpoller/pkgs/container/unpoller
@@ -19,6 +18,6 @@ dependencies:
alias: unpoller alias: unpoller
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
icon: https://camo.githubusercontent.com/c5d07a5b3acfeac8e1c25bf56f440ffe032b86e4e7f15de82357f022a43fc927/68747470733a2f2f756e706f6c6c65722e636f6d2f696d672f6c6f676f2e706e67 icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/ubiquiti-unifi.png
# renovate: datasource=github-releases depName=unpoller/unpoller # renovate: datasource=github-releases depName=unpoller/unpoller
appVersion: v2.39.0 appVersion: v2.39.0

6
clusters/cl01tl/helm/unpoller/templates/external-secret.yaml
View File

@@ -14,15 +14,9 @@ spec:
data: data:
- secretKey: UP_UNIFI_CONTROLLER_0_USER - secretKey: UP_UNIFI_CONTROLLER_0_USER
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /unifi/auth/cl01tl key: /unifi/auth/cl01tl
metadataPolicy: None
property: user property: user
- secretKey: UP_UNIFI_CONTROLLER_0_PASS - secretKey: UP_UNIFI_CONTROLLER_0_PASS
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /unifi/auth/cl01tl key: /unifi/auth/cl01tl
metadataPolicy: None
property: password property: password

11
clusters/cl01tl/helm/unpoller/values.yaml
View File

@@ -4,16 +4,14 @@ unpoller:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: ghcr.io/unpoller/unpoller repository: ghcr.io/unpoller/unpoller
tag: v2.39.0 tag: v2.39.0@sha256:1cf63ad43121acc6995da1bd636063de9023b4bfc16599a4297951a6fb6b7fd2
pullPolicy: IfNotPresent
env: env:
- name: UP_UNIFI_CONTROLLER_0_SAVE_ALARMS - name: UP_UNIFI_CONTROLLER_0_SAVE_ALARMS
value: 'false' value: 'true'
- name: UP_UNIFI_CONTROLLER_0_SAVE_ANOMALIES - name: UP_UNIFI_CONTROLLER_0_SAVE_ANOMALIES
value: 'false' value: 'false'
- name: UP_UNIFI_CONTROLLER_0_SAVE_DPI - name: UP_UNIFI_CONTROLLER_0_SAVE_DPI
@@ -21,7 +19,7 @@ unpoller:
- name: UP_UNIFI_CONTROLLER_0_SAVE_EVENTS - name: UP_UNIFI_CONTROLLER_0_SAVE_EVENTS
value: 'false' value: 'false'
- name: UP_UNIFI_CONTROLLER_0_SAVE_IDS - name: UP_UNIFI_CONTROLLER_0_SAVE_IDS
value: 'false' value: 'true'
- name: UP_UNIFI_CONTROLLER_0_SAVE_SITES - name: UP_UNIFI_CONTROLLER_0_SAVE_SITES
value: 'true' value: 'true'
- name: UP_UNIFI_CONTROLLER_0_URL - name: UP_UNIFI_CONTROLLER_0_URL
@@ -44,7 +42,7 @@ unpoller:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 64Mi memory: 20Mi
service: service:
main: main:
controller: main controller: main
@@ -52,7 +50,6 @@ unpoller:
metrics: metrics:
port: 9130 port: 9130
targetPort: 9130 targetPort: 9130
protocol: TCP
serviceMonitor: serviceMonitor:
main: main:
selector: selector:

4
clusters/cl01tl/helm/vault/Chart.yaml
View File

@@ -5,7 +5,7 @@ description: Vault
keywords: keywords:
- vault - vault
- secrets - secrets
home: https://wiki.alexlebens.dev/s/5e40fae1-53a5-4bd0-9953-6fcbe88f1987 home: https://docs.alexlebens.dev/applications/vault/
sources: sources:
- https://github.com/hashicorp/vault - https://github.com/hashicorp/vault
- https://github.com/Angatar/s3cmd - https://github.com/Angatar/s3cmd
@@ -29,6 +29,6 @@ dependencies:
alias: unseal alias: unseal
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/vault.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/hashicorp-vault.png
# renovate: datasource=github-releases depName=hashicorp/vault # renovate: datasource=github-releases depName=hashicorp/vault
appVersion: 1.21.4 appVersion: 1.21.4

132
clusters/cl01tl/helm/vault/templates/external-secret.yaml
View File

@@ -14,17 +14,11 @@ spec:
data: data:
- secretKey: VAULT_APPROLE_ROLE_ID - secretKey: VAULT_APPROLE_ROLE_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/snapshot key: /cl01tl/vault/snapshot
metadataPolicy: None
property: VAULT_APPROLE_ROLE_ID property: VAULT_APPROLE_ROLE_ID
- secretKey: VAULT_APPROLE_SECRET_ID - secretKey: VAULT_APPROLE_SECRET_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/snapshot key: /cl01tl/vault/snapshot
metadataPolicy: None
property: VAULT_APPROLE_SECRET_ID property: VAULT_APPROLE_SECRET_ID
--- ---
@@ -44,17 +38,11 @@ spec:
data: data:
- secretKey: .s3cfg - secretKey: .s3cfg
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/vault-backups key: /garage/home-infra/vault-backups
metadataPolicy: None
property: s3cfg-local property: s3cfg-local
- secretKey: BUCKET - secretKey: BUCKET
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/vault-backups key: /garage/home-infra/vault-backups
metadataPolicy: None
property: BUCKET property: BUCKET
--- ---
@@ -74,17 +62,11 @@ spec:
data: data:
- secretKey: .s3cfg - secretKey: .s3cfg
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/vault-backups key: /garage/home-infra/vault-backups
metadataPolicy: None
property: s3cfg-remote property: s3cfg-remote
- secretKey: BUCKET - secretKey: BUCKET
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/vault-backups key: /garage/home-infra/vault-backups
metadataPolicy: None
property: BUCKET property: BUCKET
--- ---
@@ -104,17 +86,11 @@ spec:
data: data:
- secretKey: .s3cfg - secretKey: .s3cfg
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/vault-backup key: /digital-ocean/home-infra/vault-backup
metadataPolicy: None
property: s3cfg property: s3cfg
- secretKey: BUCKET - secretKey: BUCKET
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/vault-backup key: /digital-ocean/home-infra/vault-backup
metadataPolicy: None
property: BUCKET property: BUCKET
--- ---
@@ -134,24 +110,15 @@ spec:
data: data:
- secretKey: NTFY_TOKEN - secretKey: NTFY_TOKEN
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /ntfy/user/cl01tl key: /ntfy/user/cl01tl
metadataPolicy: None
property: token property: token
- secretKey: NTFY_ENDPOINT - secretKey: NTFY_ENDPOINT
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /ntfy/user/cl01tl key: /ntfy/user/cl01tl
metadataPolicy: None
property: endpoint property: endpoint
- secretKey: NTFY_TOPIC - secretKey: NTFY_TOPIC
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/snapshot key: /cl01tl/vault/snapshot
metadataPolicy: None
property: NTFY_TOPIC property: NTFY_TOPIC
--- ---
@@ -171,66 +138,39 @@ spec:
data: data:
- secretKey: ENVIRONMENT - secretKey: ENVIRONMENT
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: ENVIRONMENT property: ENVIRONMENT
- secretKey: CHECK_INTERVAL - secretKey: CHECK_INTERVAL
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: CHECK_INTERVAL property: CHECK_INTERVAL
- secretKey: MAX_CHECK_INTERVAL - secretKey: MAX_CHECK_INTERVAL
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: MAX_CHECK_INTERVAL property: MAX_CHECK_INTERVAL
- secretKey: NODES - secretKey: NODES
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: NODES property: NODES
- secretKey: TLS_SKIP_VERIFY - secretKey: TLS_SKIP_VERIFY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: TLS_SKIP_VERIFY property: TLS_SKIP_VERIFY
- secretKey: TOKENS - secretKey: TOKENS
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: TOKENS property: TOKENS
- secretKey: EMAIL_ENABLED - secretKey: EMAIL_ENABLED
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: EMAIL_ENABLED property: EMAIL_ENABLED
- secretKey: NOTIFY_MAX_ELAPSED - secretKey: NOTIFY_MAX_ELAPSED
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: NOTIFY_MAX_ELAPSED property: NOTIFY_MAX_ELAPSED
- secretKey: NOTIFY_QUEUE_DELAY - secretKey: NOTIFY_QUEUE_DELAY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: NOTIFY_QUEUE_DELAY property: NOTIFY_QUEUE_DELAY
--- ---
@@ -250,66 +190,39 @@ spec:
data: data:
- secretKey: ENVIRONMENT - secretKey: ENVIRONMENT
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: ENVIRONMENT property: ENVIRONMENT
- secretKey: CHECK_INTERVAL - secretKey: CHECK_INTERVAL
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: CHECK_INTERVAL property: CHECK_INTERVAL
- secretKey: MAX_CHECK_INTERVAL - secretKey: MAX_CHECK_INTERVAL
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: MAX_CHECK_INTERVAL property: MAX_CHECK_INTERVAL
- secretKey: NODES - secretKey: NODES
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: NODES property: NODES
- secretKey: TLS_SKIP_VERIFY - secretKey: TLS_SKIP_VERIFY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: TLS_SKIP_VERIFY property: TLS_SKIP_VERIFY
- secretKey: TOKENS - secretKey: TOKENS
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: TOKENS property: TOKENS
- secretKey: EMAIL_ENABLED - secretKey: EMAIL_ENABLED
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: EMAIL_ENABLED property: EMAIL_ENABLED
- secretKey: NOTIFY_MAX_ELAPSED - secretKey: NOTIFY_MAX_ELAPSED
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: NOTIFY_MAX_ELAPSED property: NOTIFY_MAX_ELAPSED
- secretKey: NOTIFY_QUEUE_DELAY - secretKey: NOTIFY_QUEUE_DELAY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: NOTIFY_QUEUE_DELAY property: NOTIFY_QUEUE_DELAY
--- ---
@@ -329,66 +242,39 @@ spec:
data: data:
- secretKey: ENVIRONMENT - secretKey: ENVIRONMENT
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: ENVIRONMENT property: ENVIRONMENT
- secretKey: CHECK_INTERVAL - secretKey: CHECK_INTERVAL
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: CHECK_INTERVAL property: CHECK_INTERVAL
- secretKey: MAX_CHECK_INTERVAL - secretKey: MAX_CHECK_INTERVAL
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: MAX_CHECK_INTERVAL property: MAX_CHECK_INTERVAL
- secretKey: NODES - secretKey: NODES
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: NODES property: NODES
- secretKey: TLS_SKIP_VERIFY - secretKey: TLS_SKIP_VERIFY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: TLS_SKIP_VERIFY property: TLS_SKIP_VERIFY
- secretKey: TOKENS - secretKey: TOKENS
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: TOKENS property: TOKENS
- secretKey: EMAIL_ENABLED - secretKey: EMAIL_ENABLED
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: EMAIL_ENABLED property: EMAIL_ENABLED
- secretKey: NOTIFY_MAX_ELAPSED - secretKey: NOTIFY_MAX_ELAPSED
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: NOTIFY_MAX_ELAPSED property: NOTIFY_MAX_ELAPSED
- secretKey: NOTIFY_QUEUE_DELAY - secretKey: NOTIFY_QUEUE_DELAY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: NOTIFY_QUEUE_DELAY property: NOTIFY_QUEUE_DELAY
--- ---
@@ -408,43 +294,25 @@ spec:
data: data:
- secretKey: token - secretKey: token
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/token key: /cl01tl/vault/token
metadataPolicy: None
property: token property: token
- secretKey: unseal_key_1 - secretKey: unseal_key_1
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/token key: /cl01tl/vault/token
metadataPolicy: None
property: unseal_key_1 property: unseal_key_1
- secretKey: unseal_key_2 - secretKey: unseal_key_2
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/token key: /cl01tl/vault/token
metadataPolicy: None
property: unseal_key_2 property: unseal_key_2
- secretKey: unseal_key_3 - secretKey: unseal_key_3
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/token key: /cl01tl/vault/token
metadataPolicy: None
property: unseal_key_3 property: unseal_key_3
- secretKey: unseal_key_4 - secretKey: unseal_key_4
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/token key: /cl01tl/vault/token
metadataPolicy: None
property: unseal_key_4 property: unseal_key_4
- secretKey: unseal_key_5 - secretKey: unseal_key_5
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/token key: /cl01tl/vault/token
metadataPolicy: None
property: unseal_key_5 property: unseal_key_5

1
clusters/cl01tl/helm/vault/templates/http-route.yaml
View File

@@ -25,4 +25,3 @@ spec:
kind: Service kind: Service
name: vault-active name: vault-active
port: 8200 port: 8200
weight: 100

104
clusters/cl01tl/helm/vault/values.yaml
View File

@@ -1,9 +1,5 @@
vault: vault:
global: global:
enabled: true
tlsDisable: true
psp:
enable: false
serverTelemetry: serverTelemetry:
prometheusOperator: true prometheusOperator: true
injector: injector:
@@ -12,23 +8,14 @@ vault:
enabled: true enabled: true
image: image:
repository: hashicorp/vault repository: hashicorp/vault
tag: 1.21.4 tag: 1.21.4@sha256:4e33b126a59c0c333b76fb4e894722462659a6bec7c48c9ee8cea56fccfd2569
updateStrategyType: "RollingUpdate" updateStrategyType: RollingUpdate
logLevel: debug
logFormat: standard
resources: resources:
requests: requests:
cpu: 50m cpu: 50m
memory: 512Mi memory: 90Mi
ingress:
enabled: false
route:
enabled: false
authDelegator: authDelegator:
enabled: false enabled: false
readinessProbe:
enabled: true
port: 8200
livenessProbe: livenessProbe:
enabled: false enabled: false
volumes: volumes:
@@ -39,43 +26,17 @@ vault:
- mountPath: /opt/backups/ - mountPath: /opt/backups/
name: vault-storage-backup name: vault-storage-backup
readOnly: false readOnly: false
affinity: |
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/name: {{ template "vault.name" . }}
app.kubernetes.io/instance: "{{ .Release.Name }}"
component: server
topologyKey: kubernetes.io/hostname
networkPolicy:
enabled: false
service:
enabled: true
active:
enabled: true
standby:
enabled: false
type: ClusterIP
port: 8200
targetPort: 8200
dataStorage: dataStorage:
enabled: true
size: 1Gi size: 1Gi
mountPath: "/vault/data" storageClass: ceph-block
accessMode: ReadWriteOnce
auditStorage: auditStorage:
enabled: false enabled: true
size: 5Gi size: 5Gi
mountPath: "/vault/audit" storageClass: ceph-block
accessMode: ReadWriteOnce
dev:
enabled: false
standalone: standalone:
enabled: false enabled: false
ha: ha:
enabled: true enabled: true
replicas: 3
raft: raft:
enabled: true enabled: true
config: | config: |
@@ -109,30 +70,12 @@ vault:
prometheus_retention_time = "30s" prometheus_retention_time = "30s"
disable_hostname = true disable_hostname = true
} }
disruptionBudget: disruptionBudget:
enabled: true enabled: true
maxUnavailable: null maxUnavailable: 1
serviceAccount:
create: true
serviceDiscovery:
enabled: true
hostNetwork: false
ui:
enabled: true
publishNotReadyAddresses: true
activeVaultPodOnly: false
serviceType: "ClusterIP"
serviceNodePort: null
externalPort: 8200
targetPort: 8200
csi:
enabled: false
serverTelemetry: serverTelemetry:
serviceMonitor: serviceMonitor:
enabled: true enabled: true
interval: 30s
scrapeTimeout: 10s
prometheusRules: prometheusRules:
enabled: true enabled: true
rules: rules:
@@ -158,20 +101,15 @@ snapshot:
type: cronjob type: cronjob
cronjob: cronjob:
suspend: false suspend: false
concurrencyPolicy: Forbid timeZone: America/Chicago
timeZone: US/Central
schedule: 0 4 * * * schedule: 0 4 * * *
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 3
backoffLimit: 3 backoffLimit: 3
parallelism: 1 parallelism: 1
initContainers: initContainers:
snapshot: snapshot:
image: image:
repository: hashicorp/vault repository: hashicorp/vault
tag: 1.21.4 tag: 1.21.4@sha256:4e33b126a59c0c333b76fb4e894722462659a6bec7c48c9ee8cea56fccfd2569
pullPolicy: IfNotPresent
command: command:
- /bin/ash - /bin/ash
args: args:
@@ -328,53 +266,47 @@ unseal:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: ghcr.io/lrstanley/vault-unseal repository: ghcr.io/lrstanley/vault-unseal
tag: 0.7.2 tag: 0.7.2@sha256:b25d0c2f6a73d1b9a3907befa473f08fe9fac828d248d7e9702517c5b967733c
pullPolicy: IfNotPresent
envFrom: envFrom:
- secretRef: - secretRef:
name: vault-unseal-config-1 name: vault-unseal-config-1
resources: resources:
requests: requests:
cpu: 10m cpu: 1m
memory: 24Mi memory: 10Mi
unseal-2: unseal-2:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: ghcr.io/lrstanley/vault-unseal repository: ghcr.io/lrstanley/vault-unseal
tag: 0.7.2 tag: 0.7.2@sha256:b25d0c2f6a73d1b9a3907befa473f08fe9fac828d248d7e9702517c5b967733c
pullPolicy: IfNotPresent
envFrom: envFrom:
- secretRef: - secretRef:
name: vault-unseal-config-2 name: vault-unseal-config-2
resources: resources:
requests: requests:
cpu: 10m cpu: 1m
memory: 24Mi memory: 10Mi
unseal-3: unseal-3:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: ghcr.io/lrstanley/vault-unseal repository: ghcr.io/lrstanley/vault-unseal
tag: 0.7.2 tag: 0.7.2@sha256:b25d0c2f6a73d1b9a3907befa473f08fe9fac828d248d7e9702517c5b967733c
pullPolicy: IfNotPresent
envFrom: envFrom:
- secretRef: - secretRef:
name: vault-unseal-config-3 name: vault-unseal-config-3
resources: resources:
requests: requests:
cpu: 10m cpu: 1m
memory: 24Mi memory: 10Mi

6
clusters/cl01tl/helm/vaultwarden/Chart.lock
View File

@@ -7,9 +7,9 @@ dependencies:
version: 2.4.0 version: 2.4.0
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0 version: 7.11.2
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:6f78b41937412c1db5e0f612287d29ea81c1d9169b8a0efd98a0dd4be3e532d1 digest: sha256:1b1949361ed77479733f8634a2ac6d74d4d8ba3144339446f5508643a0b57a31
generated: "2026-03-15T20:10:47.852109985Z" generated: "2026-04-07T20:19:48.079671-05:00"

10
clusters/cl01tl/helm/vaultwarden/Chart.yaml
View File

@@ -4,17 +4,15 @@ version: 1.0.0
description: Vaultwarden description: Vaultwarden
keywords: keywords:
- vaultwarden - vaultwarden
- bitwarden - password-manager
- password home: https://docs.alexlebens.dev/applications/vault/
home: https://wiki.alexlebens.dev/s/fecd00f9-ebce-43eb-b066-3721b15432e3
sources: sources:
- https://github.com/dani-garcia/vaultwarden - https://github.com/dani-garcia/vaultwarden
- https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/vaultwarden/server - https://hub.docker.com/r/vaultwarden/server
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -27,7 +25,7 @@ dependencies:
version: 2.4.0 version: 2.4.0
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.10.0 version: 7.11.2
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target - name: volsync-target
alias: volsync-target-data alias: volsync-target-data

6
clusters/cl01tl/helm/vaultwarden/templates/external-secret.yaml
View File

@@ -14,15 +14,9 @@ spec:
data: data:
- secretKey: client - secretKey: client
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/vaultwarden key: /authentik/oidc/vaultwarden
metadataPolicy: None
property: client property: client
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/vaultwarden key: /authentik/oidc/vaultwarden
metadataPolicy: None
property: secret property: secret

33
clusters/cl01tl/helm/vaultwarden/values.yaml
View File

@@ -4,13 +4,11 @@ vaultwarden:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: vaultwarden/server repository: ghcr.io/vaultwarden/server
tag: 1.35.4 tag: 1.35.4@sha256:43498a94b22f9563f2a94b53760ab3e710eefc0d0cac2efda4b12b9eb8690664
pullPolicy: IfNotPresent
env: env:
- name: DOMAIN - name: DOMAIN
value: https://passwords.alexlebens.dev value: https://passwords.alexlebens.dev
@@ -44,7 +42,7 @@ vaultwarden:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 128Mi memory: 30Mi
service: service:
main: main:
controller: main controller: main
@@ -52,14 +50,12 @@ vaultwarden:
http: http:
port: 80 port: 80
targetPort: 80 targetPort: 80
protocol: HTTP
persistence: persistence:
config: config:
forceRename: vaultwarden-data forceRename: vaultwarden-data
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 5Gi size: 5Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -78,35 +74,12 @@ postgres-18-cluster:
destinationBucket: postgres-backups destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 0 0 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-data: volsync-target-data:
pvcTarget: vaultwarden-data pvcTarget: vaultwarden-data
local: local:

1
clusters/cl01tl/helm/version-checker/Chart.yaml
View File

@@ -5,6 +5,7 @@ description: Version Checker
keywords: keywords:
- version-checker - version-checker
- update-tracker - update-tracker
- metrics
home: https://docs.alexlebens.dev/applications/version-checker/ home: https://docs.alexlebens.dev/applications/version-checker/
sources: sources:
- https://github.com/jetstack/version-checker - https://github.com/jetstack/version-checker