From 3110d3c4ee24af064f810d60f76635c2db3a7039 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Fri, 13 Feb 2026 12:35:52 -0600 Subject: [PATCH] feat: add rybbit --- clusters/cl01tl/helm/gatus/values.yaml | 7 +- clusters/cl01tl/helm/homepage/values.yaml | 6 + clusters/cl01tl/helm/rybbit/Chart.lock | 15 ++ clusters/cl01tl/helm/rybbit/Chart.yaml | 34 +++ .../rybbit/templates/external-secret.yaml | 42 +++ clusters/cl01tl/helm/rybbit/values.yaml | 247 ++++++++++++++++++ 6 files changed, 349 insertions(+), 2 deletions(-) create mode 100644 clusters/cl01tl/helm/rybbit/Chart.lock create mode 100644 clusters/cl01tl/helm/rybbit/Chart.yaml create mode 100644 clusters/cl01tl/helm/rybbit/templates/external-secret.yaml create mode 100644 clusters/cl01tl/helm/rybbit/values.yaml diff --git a/clusters/cl01tl/helm/gatus/values.yaml b/clusters/cl01tl/helm/gatus/values.yaml index 6e735dac6..6218f61f6 100644 --- a/clusters/cl01tl/helm/gatus/values.yaml +++ b/clusters/cl01tl/helm/gatus/values.yaml @@ -164,6 +164,9 @@ gatus: - name: booklore url: https://booklore.alexlebens.net <<: *defaults + - name: directus + url: https://directus.alexlebens.net + <<: *defaults - name: home-assistant url: https://home-assistant.alexlebens.net <<: *defaults @@ -338,8 +341,8 @@ gatus: url: https://www.alexlebens.dev <<: *defaults group: external - - name: directus - url: https://directus.alexlebens.net + - name: rybbit + url: https://rybbit.alexlebens.dev <<: *defaults group: external - name: postiz diff --git a/clusters/cl01tl/helm/homepage/values.yaml b/clusters/cl01tl/helm/homepage/values.yaml index 662ec54c8..2d8e15066 100644 --- a/clusters/cl01tl/helm/homepage/values.yaml +++ b/clusters/cl01tl/helm/homepage/values.yaml @@ -209,6 +209,12 @@ homepage: href: https://directus.alexlebens.net siteMonitor: http://directus.directus:80 statusStyle: dot + - Analytics: + icon: sh-rybbit-light.webp + description: Rybbit + href: https://rybbit.alexlebens.dev + siteMonitor: http://rybbit-client.rybbit:80 + statusStyle: dot - Social Media Management: icon: sh-postiz.webp description: Postiz diff --git a/clusters/cl01tl/helm/rybbit/Chart.lock b/clusters/cl01tl/helm/rybbit/Chart.lock new file mode 100644 index 000000000..5d080047a --- /dev/null +++ b/clusters/cl01tl/helm/rybbit/Chart.lock @@ -0,0 +1,15 @@ +dependencies: +- name: app-template + repository: https://bjw-s-labs.github.io/helm-charts/ + version: 4.6.2 +- name: cloudflared + repository: oci://harbor.alexlebens.net/helm-charts + version: 2.3.0 +- name: postgres-cluster + repository: oci://harbor.alexlebens.net/helm-charts + version: 7.5.1 +- name: volsync-target + repository: oci://harbor.alexlebens.net/helm-charts + version: 0.7.0 +digest: sha256:b6b1968814ea914c329acfb41d7c40db8f33cdf4603832d28d12c9d7425504ff +generated: "2026-02-13T12:16:35.695373-06:00" diff --git a/clusters/cl01tl/helm/rybbit/Chart.yaml b/clusters/cl01tl/helm/rybbit/Chart.yaml new file mode 100644 index 000000000..74cd52d2b --- /dev/null +++ b/clusters/cl01tl/helm/rybbit/Chart.yaml @@ -0,0 +1,34 @@ +apiVersion: v2 +name: rybbit +version: 1.0.0 +description: Rybbit +keywords: + - rybbit + - analytics +home: https://wiki.alexlebens.dev/s/ +sources: + - https://github.com/rybbit-io/rybbit + - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster +maintainers: + - name: alexlebens +dependencies: + - name: app-template + alias: rybbit + repository: https://bjw-s-labs.github.io/helm-charts/ + version: 4.6.2 + - name: cloudflared + repository: oci://harbor.alexlebens.net/helm-charts + version: 2.3.0 + - name: postgres-cluster + alias: postgres-18-cluster + version: 7.5.1 + repository: oci://harbor.alexlebens.net/helm-charts + - name: volsync-target + alias: volsync-target-config + version: 0.7.0 + repository: oci://harbor.alexlebens.net/helm-charts +icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/rybbit.webp +# renovate: datasource=github-releases depName=rybbit-io/rybbit +appVersion: v2.4.0 diff --git a/clusters/cl01tl/helm/rybbit/templates/external-secret.yaml b/clusters/cl01tl/helm/rybbit/templates/external-secret.yaml new file mode 100644 index 000000000..d603f0c35 --- /dev/null +++ b/clusters/cl01tl/helm/rybbit/templates/external-secret.yaml @@ -0,0 +1,42 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: rybbit-config-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: rybbit-config-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: clickhouse-user + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/rybbit/clickhouse + metadataPolicy: None + property: user + - secretKey: clickhouse-password + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/rybbit/clickhouse + metadataPolicy: None + property: password + - secretKey: better-auth-secret + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/rybbit/auth + metadataPolicy: None + property: better-auth-secret + - secretKey: mapbox-token + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/rybbit/auth + metadataPolicy: None + property: mapbox-token diff --git a/clusters/cl01tl/helm/rybbit/values.yaml b/clusters/cl01tl/helm/rybbit/values.yaml new file mode 100644 index 000000000..e11b1e455 --- /dev/null +++ b/clusters/cl01tl/helm/rybbit/values.yaml @@ -0,0 +1,247 @@ +rybbit: + controllers: + backend: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + containers: + main: + image: + repository: ghcr.io/rybbit-io/rybbit-backend + tag: v2.4.0 + pullPolicy: IfNotPresent + env: + - name: NODE_ENV + value: production + - name: CLICKHOUSE_HOST + value: http://rybbit-clickhouse.rybbit:8123 + - name: CLICKHOUSE_DB + value: analytics + - name: CLICKHOUSE_USER + valueFrom: + secretKeyRef: + name: rybbit-config-secret + key: clickhouse-user + - name: CLICKHOUSE_PASSWORD + valueFrom: + secretKeyRef: + name: rybbit-config-secret + key: clickhouse-password + - name: POSTGRES_HOST + valueFrom: + secretKeyRef: + name: rybbit-postgresql-18-cluster-app + key: host + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + name: rybbit-postgresql-18-cluster-app + key: port + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + name: rybbit-postgresql-18-cluster-app + key: database + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: rybbit-postgresql-18-cluster-app + key: user + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: rybbit-postgresql-18-cluster-app + key: password + - name: BETTER_AUTH_SECRET + valueFrom: + secretKeyRef: + name: rybbit-config-secret + key: better-auth-secret + - name: BASE_URL + value: https://rybbit.alexlebens.dev + - name: DISABLE_SIGNUP + value: false + - name: DISABLE_TELEMETRY + value: true + - name: MAPBOX_TOKEN + valueFrom: + secretKeyRef: + name: rybbit-config-secret + key: mapbox-token + probes: + liveness: + enabled: true + custom: true + spec: + exec: + command: + - CMD + - wget + - --no-verbose + - --tries=1 + - --spider + - http://127.0.0.1:3001/api/health + failureThreshold: 5 + initialDelaySeconds: 10 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 5 + resources: + requests: + cpu: 10m + memory: 256Mi + client: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + containers: + main: + image: + repository: ghcr.io/rybbit-io/rybbit-client + tag: v2.4.0 + pullPolicy: IfNotPresent + env: + - name: NODE_ENV + value: production + - name: NEXT_PUBLIC_BACKEND_URL + value: https://rybbit.alexlebens.dev + - name: NEXT_PUBLIC_DISABLE_SIGNUP + value: false + resources: + requests: + cpu: 10m + memory: 256Mi + clickhouse: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + containers: + main: + image: + repository: clickhouse/clickhouse-server + tag: 25.4.2 + pullPolicy: IfNotPresent + env: + - name: CLICKHOUSE_DB + value: analytics + - name: CLICKHOUSE_USER + valueFrom: + secretKeyRef: + name: rybbit-config-secret + key: clickhouse-user + - name: CLICKHOUSE_PASSWORD + valueFrom: + secretKeyRef: + name: rybbit-config-secret + key: clickhouse-password + probes: + liveness: + enabled: true + custom: true + spec: + exec: + command: + - CMD + - wget + - --no-verbose + - --tries=1 + - --spider + - http://localhost:8123/ping + failureThreshold: 5 + initialDelaySeconds: 10 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 5 + resources: + requests: + cpu: 10m + memory: 256Mi + service: + backend: + controller: backend + ports: + http: + port: 3001 + targetPort: 3001 + protocol: HTTP + client: + controller: client + ports: + http: + port: 80 + targetPort: 3002 + protocol: TCP + clickhouse: + controller: clickhouse + ports: + http: + port: 8123 + targetPort: 8123 + protocol: TCP + persistence: + clickhouse: + forceRename: clickhouse-data + storageClass: ceph-block + accessMode: ReadWriteOnce + size: 10Gi + retain: true + advancedMounts: + clickhouse: + main: + - path: /var/lib/clickhouse + readOnly: false +postgres-18-cluster: + mode: standalone + recovery: + method: objectStore + objectStore: + index: 1 + backup: + objectStore: + - name: garage-local + index: 1 + destinationBucket: postgres-backups + externalSecretCredentialPath: /garage/home-infra/postgres-backups + isWALArchiver: true + # - name: garage-remote + # index: 1 + # destinationBucket: postgres-backups + # externalSecretCredentialPath: /garage/home-infra/postgres-backups + # retentionPolicy: "90d" + # data: + # compression: bzip2 + # - name: external + # index: 1 + # endpointURL: https://nyc3.digitaloceanspaces.com + # destinationBucket: postgres-backups-ce540ddf106d186bbddca68a + # externalSecretCredentialPath: /garage/home-infra/postgres-backups + # isWALArchiver: false + scheduledBackups: + - name: live-backup + suspend: true + immediate: true + schedule: "0 0 0 * * *" + backupName: garage-local + # - name: weekly-backup + # suspend: true + # immediate: true + # schedule: "0 0 4 * * SAT" + # backupName: garage-remote + # - name: daily-backup + # suspend: true + # immediate: true + # schedule: "0 0 0 * * *" + # backupName: external +volsync-target-clickhouse-data: + pvcTarget: clickhouse-data + local: + enabled: false + schedule: 38 11 * * * + remote: + enabled: false + external: + enabled: false + schedule: 38 12 * * *