diff --git a/clusters/cl01tl/helm/external-secrets/Chart.yaml b/clusters/cl01tl/helm/external-secrets/Chart.yaml index d6e1cf049..c7e6d51e4 100644 --- a/clusters/cl01tl/helm/external-secrets/Chart.yaml +++ b/clusters/cl01tl/helm/external-secrets/Chart.yaml @@ -9,6 +9,7 @@ keywords: home: https://docs.alexlebens.dev/applications/eraser/ sources: - https://github.com/external-secrets/external-secrets + - https://github.com/external-secrets/external-secrets/pkgs/container/external-secrets - https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets dependencies: - name: external-secrets diff --git a/clusters/cl01tl/helm/foldergram/Chart.yaml b/clusters/cl01tl/helm/foldergram/Chart.yaml index b7057a927..73f6f6f39 100644 --- a/clusters/cl01tl/helm/foldergram/Chart.yaml +++ b/clusters/cl01tl/helm/foldergram/Chart.yaml @@ -5,10 +5,12 @@ description: Foldergram keywords: - foldergram - pictures -home: https://wiki.alexlebens.dev/ +home: https://docs.alexlebens.dev/applications/foldergram/ sources: - https://github.com/foldergram/foldergram + - https://github.com/foldergram/foldergram/pkgs/container/foldergram - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target maintainers: - name: alexlebens dependencies: diff --git a/clusters/cl01tl/helm/foldergram/values.yaml b/clusters/cl01tl/helm/foldergram/values.yaml index 42c0b6201..85a128340 100644 --- a/clusters/cl01tl/helm/foldergram/values.yaml +++ b/clusters/cl01tl/helm/foldergram/values.yaml @@ -4,12 +4,11 @@ foldergram: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 containers: main: image: repository: ghcr.io/foldergram/foldergram - tag: 1.0.6 + tag: 1.0.8@sha256:3546dc1da4ec12cb27aaecbf77896d708ac7601eb0225e0f6e181d7ef35273f9 pullPolicy: IfNotPresent env: - name: IMAGE_DETAIL_SOURCE @@ -24,8 +23,8 @@ foldergram: value: https://foldergram.alexlebens.net resources: requests: - cpu: 10m - memory: 128Mi + cpu: 1m + memory: 230Mi service: main: controller: main @@ -46,11 +45,8 @@ foldergram: - foldergram.alexlebens.net rules: - backendRefs: - - group: '' - kind: Service - name: foldergram + - name: foldergram port: 80 - weight: 100 matches: - path: type: PathPrefix @@ -61,7 +57,6 @@ foldergram: storageClass: ceph-block accessMode: ReadWriteOnce size: 10Gi - retain: false advancedMounts: main: main: diff --git a/clusters/cl01tl/helm/freshrss/Chart.yaml b/clusters/cl01tl/helm/freshrss/Chart.yaml index 2d02c680b..7614d83f8 100644 --- a/clusters/cl01tl/helm/freshrss/Chart.yaml +++ b/clusters/cl01tl/helm/freshrss/Chart.yaml @@ -5,15 +5,14 @@ description: FreshRSS keywords: - freshrss - rss -home: https://wiki.alexlebens.dev/s/251cb7cb-2797-4bbb-8597-32757aa96391 +home: https://docs.alexlebens.dev/applications/freshrss/ sources: - https://github.com/FreshRSS/FreshRSS - - https://github.com/cloudflare/cloudflared - - https://github.com/cloudnative-pg/cloudnative-pg - https://hub.docker.com/r/freshrss/freshrss - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target maintainers: - name: alexlebens dependencies: diff --git a/clusters/cl01tl/helm/freshrss/templates/external-secret.yaml b/clusters/cl01tl/helm/freshrss/templates/external-secret.yaml index b76baa4a1..b34cf6e9a 100644 --- a/clusters/cl01tl/helm/freshrss/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/freshrss/templates/external-secret.yaml @@ -12,26 +12,17 @@ spec: kind: ClusterSecretStore name: vault data: - - secretKey: ADMIN_EMAIL + - secretKey: ADMIN_EMAIL`` remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/freshrss/config - metadataPolicy: None property: ADMIN_EMAIL - secretKey: ADMIN_PASSWORD remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/freshrss/config - metadataPolicy: None property: ADMIN_PASSWORD - secretKey: ADMIN_API_PASSWORD remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/freshrss/config - metadataPolicy: None property: ADMIN_API_PASSWORD --- @@ -51,22 +42,13 @@ spec: data: - secretKey: OIDC_CLIENT_ID remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/freshrss - metadataPolicy: None property: client - secretKey: OIDC_CLIENT_SECRET remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/freshrss - metadataPolicy: None property: secret - secretKey: OIDC_CLIENT_CRYPTO_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/freshrss - metadataPolicy: None property: crypto-key diff --git a/clusters/cl01tl/helm/freshrss/values.yaml b/clusters/cl01tl/helm/freshrss/values.yaml index 8e65b5b81..f1335c47c 100644 --- a/clusters/cl01tl/helm/freshrss/values.yaml +++ b/clusters/cl01tl/helm/freshrss/values.yaml @@ -4,84 +4,11 @@ freshrss: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 - initContainers: - init-download-extension-1: - securityContext: - runAsUser: 0 - image: - repository: alpine - tag: 3.23.3 - pullPolicy: IfNotPresent - command: - - /bin/sh - - -ec - - | - apk add --no-cache git; - cd /tmp; - git clone -n --depth=1 --filter=tree:0 https://github.com/cn-tools/cntools_FreshRssExtensions.git; - cd cntools_FreshRssExtensions; - git sparse-checkout set --no-cone /xExtension-YouTubeChannel2RssFeed; - git checkout; - rm -rf /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed - cp -r xExtension-YouTubeChannel2RssFeed /var/www/FreshRSS/extensions - chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed - resources: - requests: - cpu: 10m - memory: 128Mi - init-download-extension-2: - securityContext: - runAsUser: 0 - image: - repository: alpine - tag: 3.23.3 - pullPolicy: IfNotPresent - command: - - /bin/sh - - -ec - - | - apk add --no-cache git; - cd /tmp; - git clone -n --depth=1 --filter=tree:0 https://github.com/FreshRSS/Extensions.git; - cd Extensions; - git sparse-checkout set --no-cone /xExtension-ImageProxy; - git checkout; - rm -rf /var/www/FreshRSS/extensions/xExtension-ImageProxy - cp -r xExtension-ImageProxy /var/www/FreshRSS/extensions - chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-ImageProxy - resources: - requests: - cpu: 10m - memory: 128Mi - init-download-extension-3: - securityContext: - runAsUser: 0 - image: - repository: alpine - tag: 3.23.3 - pullPolicy: IfNotPresent - command: - - /bin/sh - - -ec - - | - cd /tmp; - wget https://github.com/zimmra/xExtension-karakeep-button/archive/refs/tags/v1.1.tar.gz; - tar -xvzf *.tar.gz; - rm -rf /var/www/FreshRSS/extensions/xExtension-karakeep-button - mkdir /var/www/FreshRSS/extensions/xExtension-karakeep-button - cp -r /tmp/xExtension-karakeep-button-*/* /var/www/FreshRSS/extensions/xExtension-karakeep-button - chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-karakeep-button - resources: - requests: - cpu: 10m - memory: 128Mi containers: main: image: repository: freshrss/freshrss - tag: 1.28.1 - pullPolicy: IfNotPresent + tag: 1.28.1@sha256:9100f649f5c946f589f54cdb9be7a65996528f48f691ef90eb262a0e06e5a522 env: - name: PGID value: "568" @@ -151,7 +78,7 @@ freshrss: name: freshrss-install-secret resources: requests: - cpu: 10m + cpu: 1m memory: 128Mi service: main: @@ -167,31 +94,11 @@ freshrss: storageClass: ceph-block accessMode: ReadWriteOnce size: 5Gi - retain: true advancedMounts: main: main: - path: /var/www/FreshRSS/data readOnly: false - extensions: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 1Gi - retain: true - advancedMounts: - main: - init-download-extension-1: - - path: /var/www/FreshRSS/extensions - readOnly: false - init-download-extension-2: - - path: /var/www/FreshRSS/extensions - readOnly: false - init-download-extension-3: - - path: /var/www/FreshRSS/extensions - readOnly: false - main: - - path: /var/www/FreshRSS/extensions - readOnly: false postgres-18-cluster: mode: recovery recovery: @@ -205,35 +112,12 @@ postgres-18-cluster: destinationBucket: postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups isWALArchiver: true - # - name: garage-remote - # index: 1 - # destinationBucket: postgres-backups - # externalSecretCredentialPath: /garage/home-infra/postgres-backups - # retentionPolicy: "90d" - # data: - # compression: bzip2 - # - name: external - # index: 1 - # endpointURL: https://nyc3.digitaloceanspaces.com - # destinationBucket: postgres-backups-ce540ddf106d186bbddca68a - # externalSecretCredentialPath: /garage/home-infra/postgres-backups - # isWALArchiver: false scheduledBackups: - name: live-backup suspend: false immediate: true schedule: "0 20 14 * * *" backupName: garage-local - # - name: weekly-backup - # suspend: true - # immediate: true - # schedule: "0 0 4 * * SAT" - # backupName: garage-remote - # - name: daily-backup - # suspend: true - # immediate: true - # schedule: "0 0 0 * * *" - # backupName: external volsync-target-data: pvcTarget: freshrss-data moverSecurityContext: @@ -241,11 +125,6 @@ volsync-target-data: runAsGroup: 568 fsGroup: 568 fsGroupChangePolicy: OnRootMismatch - supplementalGroups: - - 44 - - 100 - - 109 - - 65539 local: enabled: true schedule: 18 8 * * * diff --git a/clusters/cl01tl/helm/garage/Chart.yaml b/clusters/cl01tl/helm/garage/Chart.yaml index 6cdb9f7d9..ed0e15125 100644 --- a/clusters/cl01tl/helm/garage/Chart.yaml +++ b/clusters/cl01tl/helm/garage/Chart.yaml @@ -4,12 +4,13 @@ version: 1.0.0 description: Garage keywords: - garage - - storage - s3 -home: https://wiki.alexlebens.dev/s/ +home: https://docs.alexlebens.dev/applications/garage/ sources: - https://git.deuxfleurs.fr/Deuxfleurs/garage + - https://github.com/khairul169/garage-webui - https://hub.docker.com/r/dxflrs/garage + - https://hub.docker.com/r/khairul169/garage-webui - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template maintainers: - name: alexlebens @@ -18,6 +19,6 @@ dependencies: alias: garage repository: https://bjw-s-labs.github.io/helm-charts/ version: 4.6.2 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png -# renovate: datasource=github-releases depName=deuxfleurs-org/garage +icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/garage.png +# renovate: datasource=docker depName=dxflrs/garage appVersion: v2.1.0 diff --git a/clusters/cl01tl/helm/garage/templates/external-secret.yaml b/clusters/cl01tl/helm/garage/templates/external-secret.yaml index 238fdb23b..4b0367b9d 100644 --- a/clusters/cl01tl/helm/garage/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/garage/templates/external-secret.yaml @@ -14,22 +14,13 @@ spec: data: - secretKey: GARAGE_RPC_SECRET remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/garage/token - metadataPolicy: None property: rpc - secretKey: GARAGE_ADMIN_TOKEN remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/garage/token - metadataPolicy: None property: admin - secretKey: GARAGE_METRICS_TOKEN remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/garage/token - metadataPolicy: None property: metric diff --git a/clusters/cl01tl/helm/garage/values.yaml b/clusters/cl01tl/helm/garage/values.yaml index fc2ef7674..e9baf9eae 100644 --- a/clusters/cl01tl/helm/garage/values.yaml +++ b/clusters/cl01tl/helm/garage/values.yaml @@ -4,7 +4,6 @@ garage: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 pod: labels: garage-type: server @@ -22,32 +21,18 @@ garage: main: image: repository: dxflrs/garage - tag: v2.2.0 - pullPolicy: IfNotPresent + tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4 envFrom: - secretRef: name: garage-token-secret resources: requests: cpu: 10m - memory: 128Mi - debug: - image: - repository: ubuntu - tag: resolute-20260312 - pullPolicy: IfNotPresent - command: - - "sleep" - - "infinity" - resources: - requests: - cpu: 10m - memory: 32Mi + memory: 400Mi server-2: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 pod: labels: garage-type: server @@ -65,20 +50,18 @@ garage: main: image: repository: dxflrs/garage - tag: v2.2.0 - pullPolicy: IfNotPresent + tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4 envFrom: - secretRef: name: garage-token-secret resources: requests: cpu: 10m - memory: 128Mi + memory: 400Mi server-3: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 pod: labels: garage-type: server @@ -96,26 +79,23 @@ garage: main: image: repository: dxflrs/garage - tag: v2.2.0 - pullPolicy: IfNotPresent + tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4 envFrom: - secretRef: name: garage-token-secret resources: requests: cpu: 10m - memory: 128Mi + memory: 400Mi webui: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 containers: main: image: repository: khairul169/garage-webui - tag: 1.1.0 - pullPolicy: IfNotPresent + tag: 1.1.0@sha256:17c793551873155065bf9a022dabcde874de808a1f26e648d4b82e168806439c env: - name: API_BASE_URL value: http://garage-main.garage:3903 @@ -128,8 +108,8 @@ garage: key: GARAGE_ADMIN_TOKEN resources: requests: - cpu: 10m - memory: 128Mi + cpu: 1m + memory: 10Mi configMaps: config: enabled: true @@ -320,11 +300,8 @@ garage: - garage-webui.alexlebens.net rules: - backendRefs: - - group: '' - kind: Service - name: garage-webui + - name: garage-webui port: 3909 - weight: 100 matches: - path: type: PathPrefix @@ -340,11 +317,8 @@ garage: - garage-s3.alexlebens.net rules: - backendRefs: - - group: '' - kind: Service - name: garage-main + - name: garage-main port: 3900 - weight: 100 matches: - path: type: PathPrefix @@ -361,11 +335,6 @@ garage: readOnly: true mountPropagation: None subPath: garage-1.toml - debug: - - path: /etc/garage.toml - readOnly: true - mountPropagation: None - subPath: garage-1.toml server-2: main: - path: /etc/garage.toml @@ -389,21 +358,16 @@ garage: storageClass: ceph-block accessMode: ReadWriteOnce size: 50Gi - retain: true advancedMounts: server-1: main: - path: /var/lib/garage/meta readOnly: false - debug: - - path: /var/lib/garage/meta - readOnly: false db-2: forceRename: garage-db-2 storageClass: ceph-block accessMode: ReadWriteOnce size: 50Gi - retain: true advancedMounts: server-2: main: @@ -414,7 +378,6 @@ garage: storageClass: ceph-block accessMode: ReadWriteOnce size: 50Gi - retain: true advancedMounts: server-3: main: @@ -425,15 +388,11 @@ garage: storageClass: synology-iscsi-delete accessMode: ReadWriteOnce size: 800Gi - retain: true advancedMounts: server-1: main: - path: /var/lib/garage/data readOnly: false - debug: - - path: /var/lib/garage/data - readOnly: false data-2: forceRename: garage-data-2 storageClass: synology-iscsi-delete