alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 9 Actions Activity

feat: add more
All checks were successful
lint-test-docker / lint-docker-compose (pull_request) Successful in 1m10s
Details
lint-test-helm / lint-helm (pull_request) Successful in 8m57s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 10m14s
Details

Browse Source
This commit is contained in:
Alex Lebens
2026-04-22 19:38:17 -05:00
parent 134ce4ae01
commit 5cf0638c16
20 changed files with 117 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
clusters/cl01tl/helm/radarr-4k/templates/_helpers.tpl
View File

@@ -12,3 +12,10 @@ Selector labels
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "custom.storageNfsName" -}}
radarr-4k-nfs-storage
{{- end -}}

6
clusters/cl01tl/helm/radarr-4k/templates/persistent-volume-claim.yaml
View File

@@ -1,13 +1,13 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: radarr-4k-nfs-storage
name: {{ include "custom.storageNfsName" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: radarr-4k-nfs-storage
app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
{{- include "custom.labels" . | nindent 4 }}
spec:
volumeName: radarr-4k-nfs-storage
volumeName: {{ include "custom.storageNfsName" . }}
storageClassName: nfs-client
accessModes:
- ReadWriteMany

4
clusters/cl01tl/helm/radarr-4k/templates/persistent-volume.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: radarr-4k-nfs-storage
name: {{ include "custom.storageNfsName" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: radarr-4k-nfs-storage
app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
{{- include "custom.labels" . | nindent 4 }}
spec:
persistentVolumeReclaimPolicy: Retain

7
clusters/cl01tl/helm/radarr-anime/templates/_helpers.tpl
View File

@@ -12,3 +12,10 @@ Selector labels
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "custom.storageNfsName" -}}
radarr-anime-nfs-storage
{{- end -}}

6
clusters/cl01tl/helm/radarr-anime/templates/persistent-volume-claim.yaml
View File

@@ -1,13 +1,13 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: radarr-anime-nfs-storage
name: {{ include "custom.storageNfsName" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: radarr-anime-nfs-storage
app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
{{- include "custom.labels" . | nindent 4 }}
spec:
volumeName: radarr-anime-nfs-storage
volumeName: {{ include "custom.storageNfsName" . }}
storageClassName: nfs-client
accessModes:
- ReadWriteMany

4
clusters/cl01tl/helm/radarr-anime/templates/persistent-volume.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: radarr-anime-nfs-storage
name: {{ include "custom.storageNfsName" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: radarr-anime-nfs-storage
app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
{{- include "custom.labels" . | nindent 4 }}
spec:
persistentVolumeReclaimPolicy: Retain

7
clusters/cl01tl/helm/radarr-standup/templates/_helpers.tpl
View File

@@ -12,3 +12,10 @@ Selector labels
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "custom.storageNfsName" -}}
radarr-standup-nfs-storage
{{- end -}}

6
clusters/cl01tl/helm/radarr-standup/templates/persistent-volume-claim.yaml
View File

@@ -1,13 +1,13 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: radarr-standup-nfs-storage
name: {{ include "custom.storageNfsName" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: radarr-standup-nfs-storage
app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
{{- include "custom.labels" . | nindent 4 }}
spec:
volumeName: radarr-standup-nfs-storage
volumeName: {{ include "custom.storageNfsName" . }}
storageClassName: nfs-client
accessModes:
- ReadWriteMany

4
clusters/cl01tl/helm/radarr-standup/templates/persistent-volume.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: radarr-standup-nfs-storage
name: {{ include "custom.storageNfsName" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: radarr-standup-nfs-storage
app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
{{- include "custom.labels" . | nindent 4 }}
spec:
persistentVolumeReclaimPolicy: Retain

7
clusters/cl01tl/helm/radarr/templates/_helpers.tpl
View File

@@ -12,3 +12,10 @@ Selector labels
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "custom.storageNfsName" -}}
radarr-nfs-storage
{{- end -}}

6
clusters/cl01tl/helm/radarr/templates/persistent-volume-claim.yaml
View File

@@ -1,13 +1,13 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: radarr-nfs-storage
name: {{ include "custom.storageNfsName" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: radarr-nfs-storage
app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
{{- include "custom.labels" . | nindent 4 }}
spec:
volumeName: radarr-nfs-storage
volumeName: {{ include "custom.storageNfsName" . }}
storageClassName: nfs-client
accessModes:
- ReadWriteMany

4
clusters/cl01tl/helm/radarr/templates/persistent-volume.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: radarr-nfs-storage
name: {{ include "custom.storageNfsName" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: radarr-nfs-storage
app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
{{- include "custom.labels" . | nindent 4 }}
spec:
persistentVolumeReclaimPolicy: Retain

58
clusters/cl01tl/helm/rclone/templates/external-secret.yaml
View File

@@ -9,7 +9,7 @@ metadata:
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
name: openbao
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
@@ -25,12 +25,12 @@ spec:
property: ACCESS_SECRET_KEY
- secretKey: SRC_ENDPOINT
remoteRef:
key: /garage/config/local
property: ENDPOINT
key: /garage/config
property: ENDPOINT_LOCAL
- secretKey: DEST_ENDPOINT
remoteRef:
key: /garage/config/remote
property: ENDPOINT
key: /garage/config
property: ENDPOINT_REMOTE
---
apiVersion: external-secrets.io/v1
@@ -60,12 +60,12 @@ spec:
property: ACCESS_SECRET_KEY
- secretKey: SRC_ENDPOINT
remoteRef:
key: /garage/config/local
property: ENDPOINT
key: /garage/config
property: ENDPOINT_LOCAL
- secretKey: DEST_ENDPOINT
remoteRef:
key: /garage/config/remote
property: ENDPOINT
key: /garage/config
property: ENDPOINT_REMOTE
---
apiVersion: external-secrets.io/v1
@@ -95,12 +95,12 @@ spec:
property: ACCESS_SECRET_KEY
- secretKey: SRC_ENDPOINT
remoteRef:
key: /garage/config/local
property: ENDPOINT
key: /garage/config
property: ENDPOINT_LOCAL
- secretKey: DEST_ENDPOINT
remoteRef:
key: /garage/config/remote
property: ENDPOINT
key: /garage/config
property: ENDPOINT_REMOTE
---
apiVersion: external-secrets.io/v1
@@ -130,12 +130,12 @@ spec:
property: ACCESS_SECRET_KEY
- secretKey: SRC_ENDPOINT
remoteRef:
key: /garage/config/local
property: ENDPOINT
key: /garage/config
property: ENDPOINT_LOCAL
- secretKey: DEST_ENDPOINT
remoteRef:
key: /garage/config/remote
property: ENDPOINT
key: /garage/config
property: ENDPOINT_REMOTE
---
apiVersion: external-secrets.io/v1
@@ -165,12 +165,12 @@ spec:
property: ACCESS_SECRET_KEY
- secretKey: SRC_ENDPOINT
remoteRef:
key: /garage/config/local
property: ENDPOINT
key: /garage/config
property: ENDPOINT_LOCAL
- secretKey: DEST_ENDPOINT
remoteRef:
key: /garage/config/remote
property: ENDPOINT
key: /garage/config
property: ENDPOINT_REMOTE
---
apiVersion: external-secrets.io/v1
@@ -200,12 +200,12 @@ spec:
property: ACCESS_SECRET_KEY
- secretKey: SRC_ENDPOINT
remoteRef:
key: /garage/config/local
property: ENDPOINT
key: /garage/config
property: ENDPOINT_LOCAL
- secretKey: DEST_ENDPOINT
remoteRef:
key: /garage/config/remote
property: ENDPOINT
key: /garage/config
property: ENDPOINT_REMOTE
---
apiVersion: external-secrets.io/v1
@@ -235,11 +235,11 @@ spec:
property: ACCESS_SECRET_KEY
- secretKey: ENDPOINT_LOCAL
remoteRef:
key: /garage/home-infra/openbao-backups
key: /garage/config
property: ENDPOINT_LOCAL
- secretKey: ENDPOINT_REMOTE
remoteRef:
key: /garage/home-infra/openbao-backups
key: /garage/config
property: ENDPOINT_REMOTE
---
@@ -268,7 +268,3 @@ spec:
remoteRef:
key: /digital-ocean/home-infra/openbao-backups
property: ACCESS_SECRET_KEY
- secretKey: ENDPOINT
remoteRef:
key: /digital-ocean/home-infra/openbao-backups
property: ENDPOINT

10
clusters/cl01tl/helm/rclone/values.yaml
View File

@@ -747,10 +747,7 @@ rclone:
name: external-openbao-backups-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_DEST_ENDPOINT
valueFrom:
secretKeyRef:
name: external-openbao-backups-secret
key: ENDPOINT
value: https://nyc3.digitaloceanspaces.com
- name: RCLONE_CONFIG_DEST_S3_FORCE_PATH_STYLE
value: true
prune:
@@ -786,9 +783,6 @@ rclone:
name: external-openbao-backups-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_DEST_ENDPOINT
valueFrom:
secretKeyRef:
name: external-openbao-backups-secret
key: ENDPOINT
value: https://nyc3.digitaloceanspaces.com
- name: RCLONE_CONFIG_DEST_S3_FORCE_PATH_STYLE
value: true

2
clusters/cl01tl/helm/reloader/Chart.yaml
View File

@@ -5,7 +5,7 @@ description: Reloader
keywords:
- reloader
- config-map
home: https://docs.alexlebens.dev/applications/rclone/
home: https://docs.alexlebens.dev/applications/reloader/
sources:
- https://github.com/stakater/Reloader
- https://github.com/stakater/Reloader/tree/master/deployments/kubernetes/chart/reloader

4
clusters/cl01tl/helm/rook-ceph/templates/namespace.yaml
View File

@@ -1,9 +1,9 @@
apiVersion: v1
kind: Namespace
metadata:
name: rook-ceph
name: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/name: {{ .Release.Namespace }}
{{- include "custom.labels" . | nindent 4 }}
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged

8
clusters/cl01tl/helm/roundcube/templates/external-secret.yaml
View File

@@ -1,17 +1,17 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: roundcube-key-secret
name: roundcube-key
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: roundcube-key-secret
app.kubernetes.io/name: roundcube-key
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
name: openbao
data:
- secretKey: DES_KEY
remoteRef:
key: /cl01tl/roundcube/key
property: DES_KEY
property: des-key

2
clusters/cl01tl/helm/roundcube/values.yaml
View File

@@ -35,7 +35,7 @@ roundcube:
- name: ROUNDCUBEMAIL_DES_KEY
valueFrom:
secretKeyRef:
name: roundcube-key-secret
name: roundcube-key
key: DES_KEY
- name: ROUNDCUBEMAIL_DEFAULT_HOST
value: stalwart.stalwart

37
clusters/cl01tl/helm/rybbit/templates/external-secret.yaml
View File

@@ -1,15 +1,38 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: rybbit-config-secret
name: rybbit-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: rybbit-config-secret
app.kubernetes.io/name: rybbit-config
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
name: openbao
data:
- secretKey: better-auth-secret
remoteRef:
key: /cl01tl/rybbit/config
property: better-auth-secret
- secretKey: mapbox-token
remoteRef:
key: /cl01tl/rybbit/config
property: mapbox-token
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: rybbit-clickhouse-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: rybbit-clickhouse-config
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: clickhouse-user
remoteRef:
@@ -19,11 +42,3 @@ spec:
remoteRef:
key: /cl01tl/rybbit/clickhouse
property: password
- secretKey: better-auth-secret
remoteRef:
key: /cl01tl/rybbit/auth
property: better-auth-secret
- secretKey: mapbox-token
remoteRef:
key: /cl01tl/rybbit/auth
property: mapbox-token

12
clusters/cl01tl/helm/rybbit/values.yaml
View File

@@ -19,12 +19,12 @@ rybbit:
- name: CLICKHOUSE_USER
valueFrom:
secretKeyRef:
name: rybbit-config-secret
name: rybbit-clickhouse-config
key: clickhouse-user
- name: CLICKHOUSE_PASSWORD
valueFrom:
secretKeyRef:
name: rybbit-config-secret
name: rybbit-clickhouse-config
key: clickhouse-password
- name: POSTGRES_HOST
valueFrom:
@@ -54,7 +54,7 @@ rybbit:
- name: BETTER_AUTH_SECRET
valueFrom:
secretKeyRef:
name: rybbit-config-secret
name: rybbit-config
key: better-auth-secret
- name: BASE_URL
value: https://rybbit.alexlebens.dev
@@ -65,7 +65,7 @@ rybbit:
- name: MAPBOX_TOKEN
valueFrom:
secretKeyRef:
name: rybbit-config-secret
name: rybbit-config
key: mapbox-token
probes:
liveness:
@@ -119,12 +119,12 @@ rybbit:
- name: CLICKHOUSE_USER
valueFrom:
secretKeyRef:
name: rybbit-config-secret
name: rybbit-clickhouse-config
key: clickhouse-user
- name: CLICKHOUSE_PASSWORD
valueFrom:
secretKeyRef:
name: rybbit-config-secret
name: rybbit-clickhouse-config
key: clickhouse-password
probes:
liveness: