alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 8 Actions Packages Projects Releases Wiki Activity

migration

Browse Source
This commit is contained in:
Alex Lebens
2025-03-02 23:03:42 -06:00
parent 5e2fb81285
commit 5dc0d5f0e0
97 changed files with 0 additions and 5456 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
clusters/cl01tl-standby/applications/audiobookshelf/Chart.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: v2
name: audiobookshelf
version: 1.0.0
description: Audiobookshelf
keywords:
- audiobookshelf
- books
- podcasts
- audiobooks
home: https://wiki.alexlebens.dev/doc/audiobookshelf-uNciuFjzDw
sources:
- https://github.com/advplyr/audiobookshelf
- https://github.com/advplyr/audiobookshelf/pkgs/container/audiobookshelf
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: audiobookshelf
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/audiobookshelf.png
appVersion: 2.17.5

116
clusters/cl01tl-standby/applications/audiobookshelf/templates/external-secret.yaml
View File

@@ -1,116 +0,0 @@
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: audiobookshelf-config-backup-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: audiobookshelf-config-backup-secret
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# target:
# template:
# mergePolicy: Merge
# engineVersion: v2
# data:
# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/audiobookshelf/audiobookshelf-config"
# data:
# - secretKey: BUCKET_ENDPOINT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: S3_BUCKET_ENDPOINT
# - secretKey: RESTIC_PASSWORD
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: RESTIC_PASSWORD
# - secretKey: AWS_DEFAULT_REGION
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: AWS_DEFAULT_REGION
# - secretKey: AWS_ACCESS_KEY_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: access_key
# - secretKey: AWS_SECRET_ACCESS_KEY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: secret_key
# ---
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: audiobookshelf-metadata-backup-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: audiobookshelf-metadata-backup-secret
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# target:
# template:
# mergePolicy: Merge
# engineVersion: v2
# data:
# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/audiobookshelf/audiobookshelf-metadata"
# data:
# - secretKey: BUCKET_ENDPOINT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: S3_BUCKET_ENDPOINT
# - secretKey: RESTIC_PASSWORD
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: RESTIC_PASSWORD
# - secretKey: AWS_DEFAULT_REGION
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: AWS_DEFAULT_REGION
# - secretKey: AWS_ACCESS_KEY_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: access_key
# - secretKey: AWS_SECRET_ACCESS_KEY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: secret_key

40
clusters/cl01tl-standby/applications/audiobookshelf/templates/persistent-volume-claim.yaml
View File

@@ -1,40 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: audiobookshelf-nfs-storage-backup
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-nfs-storage-backup
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeMode: Filesystem
storageClassName: nfs-client
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: audiobookshelf-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: audiobookshelf-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

25
clusters/cl01tl-standby/applications/audiobookshelf/templates/persistent-volume.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: audiobookshelf-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

56
clusters/cl01tl-standby/applications/audiobookshelf/templates/replication-source.yaml
View File

@@ -1,56 +0,0 @@
# apiVersion: volsync.backube/v1alpha1
# kind: ReplicationSource
# metadata:
# name: audiobookshelf-config-backup-source
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: audiobookshelf-config-backup-source
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# sourcePVC: audiobookshelf-config
# trigger:
# schedule: 0 0 */3 * *
# restic:
# pruneIntervalDays: 14
# repository: audiobookshelf-config-backup-secret
# retain:
# hourly: 1
# daily: 1
# weekly: 1
# monthly: 2
# yearly: 4
# copyMethod: Snapshot
# storageClassName: ceph-block
# volumeSnapshotClassName: ceph-blockpool-snapshot
# ---
# apiVersion: volsync.backube/v1alpha1
# kind: ReplicationSource
# metadata:
# name: audiobookshelf-metadata-backup-source
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: audiobookshelf-metadata-backup-source
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# sourcePVC: audiobookshelf-metadata
# trigger:
# schedule: 0 0 */3 * *
# restic:
# pruneIntervalDays: 14
# repository: audiobookshelf-metadata-backup-secret
# retain:
# hourly: 1
# daily: 1
# weekly: 1
# monthly: 2
# yearly: 4
# copyMethod: Snapshot
# storageClassName: ceph-block
# volumeSnapshotClassName: ceph-blockpool-snapshot

80
clusters/cl01tl-standby/applications/audiobookshelf/values.yaml
View File

@@ -1,80 +0,0 @@
audiobookshelf:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/advplyr/audiobookshelf
tag: 2.19.5
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
resources:
requests:
cpu: 10m
memory: 128Mi
serviceAccount:
create: true
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 80
protocol: HTTP
ingress:
tailscale:
enabled: true
className: tailscale
hosts:
- host: audiobookshelf-cl01tl
paths:
- path: /
pathType: Prefix
service:
name: audiobookshelf
port: 80
tls:
- hosts:
- audiobookshelf-cl01tl
persistence:
config:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 2Gi
retain: true
advancedMounts:
main:
main:
- path: /config
readOnly: false
metadata:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: true
advancedMounts:
main:
main:
- path: /metadata
readOnly: false
backup:
existingClaim: audiobookshelf-nfs-storage-backup
advancedMounts:
main:
main:
- path: /metadata/backups
readOnly: false
audiobooks:
existingClaim: audiobookshelf-nfs-storage
advancedMounts:
main:
main:
- path: /mnt/store/
readOnly: false

21
clusters/cl01tl-standby/applications/calibre-web-automated/Chart.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: v2
name: calibre-web-automated
version: 1.0.0
description: Calibre Web Automated
keywords:
- calibre-web-automated
- books
home: https://wiki.alexlebens.dev/doc/calibre-web-automated-1SMf1jPFsb
sources:
- https://github.com/crocodilestick/Calibre-Web-Automator
- https://hub.docker.com/r/crocodilestick/calibre-web-automated
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: calibre-web-automated
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/calibre-web.png
appVersion: V2.1.2

82
clusters/cl01tl-standby/applications/calibre-web-automated/templates/external-secret.yaml
View File

@@ -1,82 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: calibre-web-automated-gmail-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: calibre-web-automated-gmail-config
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: gmail.json
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/calibre-web/gmail
metadataPolicy: None
property: gmail.json
# ---
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: calibre-web-automated-config-backup-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: calibre-web-automated-config-backup-secret
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# target:
# template:
# mergePolicy: Merge
# engineVersion: v2
# data:
# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/calibre-web-automated/calibre-web-automated-config"
# data:
# - secretKey: BUCKET_ENDPOINT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: S3_BUCKET_ENDPOINT
# - secretKey: RESTIC_PASSWORD
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: RESTIC_PASSWORD
# - secretKey: AWS_DEFAULT_REGION
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: AWS_DEFAULT_REGION
# - secretKey: AWS_ACCESS_KEY_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: access_key
# - secretKey: AWS_SECRET_ACCESS_KEY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: secret_key

40
clusters/cl01tl-standby/applications/calibre-web-automated/templates/persistent-volume-claim.yaml
View File

@@ -1,40 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: calibre-web-automated-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: calibre-web-automated-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: calibre-web-automated-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: calibre-web-automated-ingest-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: calibre-web-automated-ingest-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: calibre-web-automated-ingest-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

52
clusters/cl01tl-standby/applications/calibre-web-automated/templates/persistent-volume.yaml
View File

@@ -1,52 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: calibre-web-automated-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: calibre-web-automated-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Calibre
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: calibre-web-automated-ingest-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: calibre-web-automated-ingest-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Calibre Import
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

30
clusters/cl01tl-standby/applications/calibre-web-automated/templates/replication-source.yaml
View File

@@ -1,30 +0,0 @@
# apiVersion: volsync.backube/v1alpha1
# kind: ReplicationSource
# metadata:
# name: calibre-web-automated-config-backup-source
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: calibre-web-automated-config-backup-source
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# sourcePVC: calibre-web-automated-config
# trigger:
# schedule: 0 0 */3 * *
# restic:
# pruneIntervalDays: 14
# repository: calibre-web-automated-config-backup-secret
# retain:
# hourly: 1
# daily: 1
# weekly: 1
# monthly: 2
# yearly: 4
# moverSecurityContext:
# runAsUser: 1000
# runAsGroup: 100
# copyMethod: Snapshot
# storageClassName: ceph-block
# volumeSnapshotClassName: ceph-blockpool-snapshot

155
clusters/cl01tl-standby/applications/calibre-web-automated/values.yaml
View File

@@ -1,155 +0,0 @@
calibre-web-automated:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: crocodilestick/calibre-web-automated
tag: V3.0.4
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
- name: PUID
value: 1000
- name: PGID
value: 100
- name: DOCKER_MODS
value: lscr.io/linuxserver/mods:universal-calibre-v7.23.0
resources:
requests:
cpu: 100m
memory: 256Mi
downloader:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/calibrain/calibre-web-automated-book-downloader
tag: latest@sha256:90d16b6d27c054f607a17ad47d99944e474b5957be5a43400e9341af52c5c3f7
pullPolicy: IfNotPresent
env:
- name: FLASK_PORT
value: 8084
- name: UID
value: 1000
- name: GID
value: 100
- name: USE_CF_BYPASS
value: true
- name: CLOUDFLARE_PROXY_URL
value: http://localhost:8000
- name: INGEST_DIR
value: /cwa-book-ingest
- name: BOOK_LANGUAGE
value: end
resources:
requests:
cpu: 10m
memory: 256Mi
bypass:
image:
repository: ghcr.io/sarperavci/cloudflarebypassforscraping
tag: latest@sha256:e937223b9321168efec4ce4b60958d399b6dde37791ea6dc67d05b057c0f167e
pullPolicy: IfNotPresent
resources:
requests:
cpu: 10m
memory: 128Mi
serviceAccount:
create: true
service:
main:
controller: main
ports:
http:
port: 8083
targetPort: 8083
protocol: HTTP
downloader:
controller: downloader
ports:
http:
port: 8084
targetPort: 8084
protocol: HTTP
ingress:
tailscale-main:
enabled: true
className: tailscale
labels:
tailscale.com/proxy-class: no-metrics
hosts:
- host: calibre-cl01tl
paths:
- path: /
pathType: Prefix
service:
name: calibre-web-automated-main
port: 8083
tls:
- hosts:
- calibre-cl01tl
tailscale-downloader:
enabled: true
className: tailscale
labels:
tailscale.com/proxy-class: no-metrics
hosts:
- host: calibre-downloader-cl01tl
paths:
- path: /
pathType: Prefix
service:
name: calibre-web-automated-downloader
port: 8084
tls:
- hosts:
- calibre-downloader-cl01tl
persistence:
config:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
main:
main:
- path: /config
readOnly: false
gmail:
enabled: true
type: secret
name: calibre-web-automated-gmail-config
advancedMounts:
main:
main:
- path: /app/calibre-web/gmail.json
readOnly: true
mountPropagation: None
subPath: gmail.json
books:
existingClaim: calibre-web-automated-nfs-storage
advancedMounts:
main:
main:
- path: /calibre-library
readOnly: false
ingest:
existingClaim: calibre-web-automated-ingest-nfs-storage
advancedMounts:
main:
main:
- path: /cwa-book-ingest
readOnly: false
downloader:
main:
- path: /cwa-book-ingest
readOnly: false

28
clusters/cl01tl-standby/applications/code-server/Chart.yaml
View File

@@ -1,28 +0,0 @@
apiVersion: v2
name: code-server
version: 1.0.0
description: Code Server
keywords:
- code-server
- code
- ide
home: https://wiki.alexlebens.dev/doc/code-server-1WziinqCFS
sources:
- https://github.com/coder/code-server
- https://github.com/cloudflare/cloudflared
- https://hub.docker.com/r/linuxserver/code-server
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
- https://github.com/alexlebens/helm-charts/tree/main/charts/cloudflared
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: code-server
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
- name: cloudflared
alias: cloudflared
repository: http://alexlebens.github.io/helm-charts
version: 1.14.0
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/code-server.png
appVersion: 4.96.1

55
clusters/cl01tl-standby/applications/code-server/templates/external-secret.yaml
View File

@@ -1,55 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: codeserver-password-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: codeserver-password-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/code-server/auth
metadataPolicy: None
property: PASSWORD
- secretKey: SUDO_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/code-server/auth
metadataPolicy: None
property: SUDO_PASSWORD
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: code-server-cloudflared-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: code-server-cloudflared-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: cf-tunnel-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/tunnels/codeserver
metadataPolicy: None
property: token

19
clusters/cl01tl-standby/applications/code-server/templates/persistent-volume-claim.yaml
View File

@@ -1,19 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: code-server-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: code-server-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeMode: Filesystem
storageClassName: nfs-client
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi

49
clusters/cl01tl-standby/applications/code-server/values.yaml
View File

@@ -1,49 +0,0 @@
code-server:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/linuxserver/code-server
tag: 4.97.2@sha256:733c98b11faf45078c2a98cb1049fa10f386a725c893e867b82b4349ad4c5944
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
- name: PUID
value: 1000
- name: PGID
value: 1000
- name: DEFAULT_WORKSPACE
value: /config
envFrom:
- secretRef:
name: codeserver-password-secret
resources:
requests:
cpu: 10m
memory: 128Mi
serviceAccount:
create: true
service:
main:
controller: main
ports:
http:
port: 8443
targetPort: 8443
protocol: HTTP
persistence:
config:
existingClaim: code-server-nfs-storage
advancedMounts:
main:
main:
- path: /config
readOnly: false
cloudflared:
existingSecretName: code-server-cloudflared-secret

27
clusters/cl01tl-standby/applications/homepage-dev/Chart.yaml
View File

@@ -1,27 +0,0 @@
apiVersion: v2
name: homepage
version: 1.0.0
description: Homepage
keywords:
- homepage
- dashboard
home: https://wiki.alexlebens.dev/doc/homepage-dev-crZPAd8FEj
sources:
- https://github.com/gethomepage/homepage
- https://github.com/cloudflare/cloudflared
- https://github.com/gethomepage/homepage/pkgs/container/homepage
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
- https://github.com/alexlebens/helm-charts/tree/main/charts/cloudflared
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: homepage
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
- name: cloudflared
alias: cloudflared
repository: http://alexlebens.github.io/helm-charts
version: 1.14.0
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/homepage.png
appVersion: v0.10.0

23
clusters/cl01tl-standby/applications/homepage-dev/templates/external-secret.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: homepage-dev-cloudflared-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: homepage-dev-cloudflared-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: cf-tunnel-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/tunnels/homepage-dev
metadataPolicy: None
property: token

145
clusters/cl01tl-standby/applications/homepage-dev/values.yaml
View File

@@ -1,145 +0,0 @@
homepage:
global:
nameOverride: homepage
controllers:
main:
type: deployment
annotations:
reloader.stakater.com/auto: "true"
strategy: Recreate
containers:
main:
image:
repository: ghcr.io/gethomepage/homepage
tag: v0.10.9
pullPolicy: IfNotPresent
resources:
requests:
cpu: 10m
memory: 128Mi
serviceAccount:
create: true
configMaps:
config:
enabled: true
data:
docker.yaml: ""
kubernetes.yaml: ""
settings.yaml: |
favicon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/icon_white.png
headerStyle: clean
hideVersion: true
color: zinc
background:
image: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/background-3.jpg
brightness: 50
theme: dark
disableCollapse: true
widgets.yaml: |
- logo:
icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/icon_white.png
- datetime:
text_size: xl
format:
dateStyle: long
timeStyle: short
hour12: false
- openmeteo:
label: St. Paul
latitude: 44.95
longitude: 93.09
units: metric
cache: 5
services.yaml: |
- Applications:
- Auth:
icon: sh-authentik.svg
description: Authentik
href: https://auth.alexlebens.dev
siteMonitor: https://auth.alexlebens.dev
statusStyle: dot
- Site:
icon: https://d21zlbwtcn424f.cloudfront.net/icon_white.png
description: Profile Website
href: https://www.alexlebens.dev
siteMonitor: https://www.alexlebens.dev
statusStyle: dot
- Content Management:
icon: directus.png
description: Directus
href: https://directus.alexlebens.dev
siteMonitor: https://directus.alexlebens.dev
statusStyle: dot
- Chat:
icon: sh-element.svg
description: Matrix
href: https://chat.alexlebens.dev
siteMonitor: https://chat.alexlebens.dev
statusStyle: dot
- Wiki:
icon: sh-outline.svg
description: Outline
href: https://wiki.alexlebens.dev
siteMonitor: https://wiki.alexlebens.dev
statusStyle: dot
- Passwords:
icon: sh-vaultwarden-light.svg
description: Vaultwarden
href: https://passwords.alexlebens.dev
siteMonitor: https://passwords.alexlebens.dev
statusStyle: dot
- Bookmarks:
icon: sh-hoarder-light.svg
description: Hoader
href: https://hoarder.alexlebens.dev
siteMonitor: https://hoarder.alexlebens.dev
statusStyle: dot
- RSS:
icon: sh-freshrss.svg
description: FreshRSS
href: https://rss.alexlebens.dev
siteMonitor: https://rss.alexlebens.dev
statusStyle: dot
bookmarks.yaml: ""
service:
http:
controller: main
ports:
http:
port: 80
targetPort: 3000
protocol: HTTP
persistence:
config:
enabled: true
type: configMap
name: homepage-dev-config
advancedMounts:
main:
main:
- path: /app/config/bookmarks.yaml
readOnly: true
mountPropagation: None
subPath: bookmarks.yaml
- path: /app/config/docker.yaml
readOnly: true
mountPropagation: None
subPath: docker.yaml
- path: /app/config/kubernetes.yaml
readOnly: true
mountPropagation: None
subPath: kubernetes.yaml
- path: /app/config/services.yaml
readOnly: true
mountPropagation: None
subPath: services.yaml
- path: /app/config/settings.yaml
readOnly: true
mountPropagation: None
subPath: settings.yaml
- path: /app/config/widgets.yaml
readOnly: true
mountPropagation: None
subPath: widgets.yaml
cloudflared:
existingSecretName: homepage-dev-cloudflared-secret

21
clusters/cl01tl-standby/applications/homepage/Chart.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: v2
name: homepage
version: 1.0.0
description: Homepage
keywords:
- homepage
- dashboard
home: https://wiki.alexlebens.dev/doc/homepage-s2clWoI5EC
sources:
- https://github.com/gethomepage/homepage
- https://github.com/gethomepage/homepage/pkgs/container/homepage
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: homepage
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/homepage.png
appVersion: v0.10.0

19
clusters/cl01tl-standby/applications/homepage/templates/cluster-role-binding.yaml
View File

@@ -1,19 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: homepage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: homepage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: homepage
subjects:
- kind: ServiceAccount
name: homepage
namespace: {{ .Release.Namespace }}

51
clusters/cl01tl-standby/applications/homepage/templates/cluster-role.yaml
View File

@@ -1,51 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: homepage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: homepage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
rules:
- apiGroups:
- ""
resources:
- namespaces
- pods
- nodes
verbs:
- get
- list
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- apiGroups:
- traefik.containo.us
- traefik.io
resources:
- ingressroutes
verbs:
- get
- list
- apiGroups:
- metrics.k8s.io
resources:
- nodes
- pods
verbs:
- get
- list
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions/status
verbs:
- get

107
clusters/cl01tl-standby/applications/homepage/templates/external-secret.yaml
View File

@@ -1,107 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: homepage-keys-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: homepage-keys-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: HOMEPAGE_VAR_SYNOLOGY_USER
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /synology/auth/cl01tl
metadataPolicy: None
property: user
- secretKey: HOMEPAGE_VAR_SYNOLOGY_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /synology/auth/cl01tl
metadataPolicy: None
property: password
- secretKey: HOMEPAGE_VAR_UNIFI_USER
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /unifi/auth/cl01tl
metadataPolicy: None
property: user
- secretKey: HOMEPAGE_VAR_UNIFI_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /unifi/auth/cl01tl
metadataPolicy: None
property: password
- secretKey: HOMEPAGE_VAR_SONARR_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/sonarr4/key
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_SONARR4K_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/sonarr4-4k/key
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_SONARRANIME_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/sonarr4-anime/key
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_RADARR_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/radarr5/key
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_RADARR4K_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/radarr5-4k/key
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_RADARRANIME_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/radarr5-anime/key
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_RADARRSTANDUP_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/radarr5-standup/key
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_LIDARR2_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/lidarr2/key
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_PROWLARR_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/prowlarr/key
metadataPolicy: None
property: key

52
clusters/cl01tl-standby/applications/homepage/templates/service.yaml
View File

@@ -1,52 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: gitea-ps10rp
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: gitea-ps10rp
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: tailscale
app.kubernetes.io/part-of: {{ .Release.Name }}
annotations:
tailscale.com/tailnet-fqdn: gitea-ps10rp.boreal-beaufort.ts.net
spec:
externalName: placeholder
type: ExternalName
---
apiVersion: v1
kind: Service
metadata:
name: home-ps10rp
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: home-ps10rp
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: tailscale
app.kubernetes.io/part-of: {{ .Release.Name }}
annotations:
tailscale.com/tailnet-fqdn: home-ps10rp.boreal-beaufort.ts.net
spec:
externalName: placeholder
type: ExternalName
---
apiVersion: v1
kind: Service
metadata:
name: traefik-ps10rp
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: traefik-ps10rp
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: tailscale
app.kubernetes.io/part-of: {{ .Release.Name }}
annotations:
tailscale.com/tailnet-fqdn: traefik-ps10rp.boreal-beaufort.ts.net
spec:
externalName: placeholder
type: ExternalName

697
clusters/cl01tl-standby/applications/homepage/values.yaml
View File

@@ -1,697 +0,0 @@
homepage:
global:
nameOverride: homepage
controllers:
main:
type: deployment
annotations:
reloader.stakater.com/auto: "true"
strategy: Recreate
containers:
main:
image:
repository: ghcr.io/gethomepage/homepage
tag: v0.10.9
pullPolicy: IfNotPresent
envFrom:
- secretRef:
name: homepage-keys-secret
resources:
requests:
cpu: 10m
memory: 256Mi
serviceAccount:
create: true
name: homepage
configMaps:
config:
enabled: true
data:
docker.yaml: ""
kubernetes.yaml: |
mode: cluster
settings.yaml: |
favicon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/icon_white.png
headerStyle: clean
hideVersion: true
color: zinc
background:
image: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/background-3.jpg
brightness: 50
theme: dark
disableCollapse: true
layout:
- Media:
tab: Applications
icon: mdi-multimedia-#ffffff
- Public:
tab: Applications
icon: mdi-earth-#ffffff
- Internal:
tab: Applications
icon: mdi-security-network-#ffffff
- Code:
tab: Tools
icon: mdi-code-block-braces-#ffffff
- Monitoring:
tab: Tools
icon: mdi-chart-line-#ffffff
- Services:
tab: Services
icon: mdi-toolbox-outline-#ffffff
- Hardware:
tab: Services
icon: mdi-server-network-#ffffff
- Storage:
tab: Services
icon: mdi-database-#ffffff
- TV Shows:
tab: Servarr
icon: mdi-television-#ffffff
- Movies:
tab: Servarr
icon: mdi-filmstrip-#ffffff
- Music:
tab: Servarr
icon: mdi-music-box-multiple-#ffffff
- Services (Servarr):
tab: Servarr
icon: mdi-radar-#ffffff
- External Services:
tab: Bookmarks
icon: mdi-cloud-#ffffff
- Other Homes:
tab: Bookmarks
icon: mdi-cloud-#ffffff
- Trackers:
tab: Bookmarks
icon: mdi-cloud-#ffffff
widgets.yaml: |
- logo:
icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/icon_white.png
- kubernetes:
cluster:
show: true
cpu: true
memory: true
showLabel: true
label: "Cluster"
nodes:
show: false
- datetime:
text_size: xl
format:
dateStyle: long
timeStyle: short
hour12: false
- openmeteo:
label: St. Paul
latitude: 44.95
longitude: 93.09
units: metric
cache: 5
services.yaml: |
- Media:
- Plex:
icon: sh-plex.svg
description: Media server
href: https://plex-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://plex.plex:32400
statusStyle: dot
- Media Requests:
icon: sh-overseerr.svg
description: Overseer
href: https://overseerr-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://overseerr.overseerr:80
statusStyle: dot
- Jellyfin:
icon: sh-jellyfin.svg
description: Media server
href: https://jellyfin-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://jellyfin.jellyfin:80
statusStyle: dot
- Youtube Archive:
icon: sh-tube-archivist-light.png
description: TubeAchivist
href: https://tubearchivist-cl01tl.boreal-beaufort.ts.net/login
siteMonitor: http://tubearchivist.tubearchivist:80
statusStyle: dot
- Photos:
icon: sh-immich.svg
description: Immich
href: https://immich-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://immich-main.immich:2283
statusStyle: dot
- Podcasts and Audiobooks:
icon: sh-audiobookshelf.svg
description: Audiobookshelf
href: https://audiobookshelf-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://audiobookshelf.audiobookshelf:80
statusStyle: dot
- Books:
icon: sh-calibre-web-light.svg
description: Calibre Web Automated
href: https://calibre-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://calibre-web-automated-main.calibre-web-automated:8083
statusStyle: dot
- Public:
- Site:
icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/icon_white.png
description: Profile Website
href: https://www.alexlebens.dev
siteMonitor: https://www.alexlebens.dev
statusStyle: dot
- Content Management:
icon: directus.png
description: Directus
href: https://directus.alexlebens.dev
siteMonitor: https://directus.alexlebens.dev
statusStyle: dot
- Chat:
icon: sh-element.svg
description: Matrix
href: https://chat.alexlebens.dev
siteMonitor: https://chat.alexlebens.dev
statusStyle: dot
- Wiki:
icon: sh-outline.svg
description: Outline
href: https://wiki.alexlebens.dev
siteMonitor: https://wiki.alexlebens.dev
statusStyle: dot
- Passwords:
icon: sh-vaultwarden-light.svg
description: Vaultwarden
href: https://passwords.alexlebens.dev
siteMonitor: https://passwords.alexlebens.dev
statusStyle: dot
- Bookmarks:
icon: sh-hoarder-light.svg
description: Hoader
href: https://hoarder.alexlebens.dev
siteMonitor: https://hoarder.alexlebens.dev
statusStyle: dot
- RSS:
icon: sh-freshrss.svg
description: FreshRSS
href: https://rss.alexlebens.dev
siteMonitor: https://rss.alexlebens.dev
statusStyle: dot
- Internal:
- Home Automation:
icon: sh-home-assistant.svg
description: Home Assistant
href: https://home-assistant-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://home-assistant.home-assistant:8123
statusStyle: dot
- AI:
icon: sh-ollama-light.svg
description: Ollama
href: https://ollama-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://ollama-web.ollama:80
statusStyle: dot
- AI Image:
icon: https://user-images.githubusercontent.com/36368048/196280761-1535f413-a91e-4b6a-af6a-b890f8ae204c.png
description: Stable Diffusion
href: https://stable-diffusion-pd05wd.boreal-beaufort.ts.net
siteMonitor: https://stable-diffusion-pd05wd.boreal-beaufort.ts.net
statusStyle: dot
- Search:
icon: sh-searxng.svg
description: Searxng
href: https://searxng-cl01tl.boreal-beaufort.ts.net/
siteMonitor: http://searxng-browser.searxng:80
statusStyle: dot
- Email:
icon: sh-roundcube.svg
description: Roundcube
href: https://mail-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://roundcube.roundcube:80
statusStyle: dot
- Wiki:
icon: sh-kiwix-light.svg
description: Kiwix
href: https://kiwix-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://kiwix.kiwix:80
statusStyle: dot
- Pictures:
icon: sh-photoview.svg
description: Photoview
href: https://photoview-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://photoview.photoview:80
statusStyle: dot
- Code:
- Code (Public):
icon: sh-gitea.svg
description: Gitea
href: https://gitea.alexlebens.dev
siteMonitor: https://gitea.alexlebens.dev
statusStyle: dot
- Code (Tailnet):
icon: sh-gitea.svg
description: Gitea
href: https://gitea-cl01tl.boreal-beaufort.ts.net
siteMonitor: https://gitea-cl01tl.boreal-beaufort.ts.net
statusStyle: dot
- Code (ps10rp):
icon: sh-gitea.svg
description: Gitea
href: https://gitea-cl01tl.boreal-beaufort.ts.net
siteMonitor: https://gitea-cl01tl.boreal-beaufort.ts.net
statusStyle: dot
- IDE (Public):
icon: sh-visual-studio-code.svg
description: VS Code
href: https://codeserver.alexlebens.dev
siteMonitor: https://codeserver.alexlebens.dev
statusStyle: dot
- IDE (Home Assistant):
icon: sh-visual-studio-code.svg
description: Edit config for Home Assistant
href: https://home-assistant-codeserver-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://home-assistant.home-assistant:8443
statusStyle: dot
- Continuous Deployment:
icon: sh-argo-cd.svg
description: ArgoCD
href: https://argocd-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://argocd-server.argocd:80
statusStyle: dot
namespace: argocd
- Workflows:
icon: sh-argo-cd.svg
description: Argo Workflows
href: https://argo-workflows-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://argo-workflows-server.argo-workflows:2746
statusStyle: dot
namespace: argocd
- Deployment:
icon: sh-komodo.svg
description: Komodo
href: https://komodo-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://komodo.komodo:80
statusStyle: dot
namespace: komodo
- Monitoring:
- Kubernetes:
icon: kubernetes.png
description: Headlamp
href: https://headlamp-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://headlamp.headlamp:80
statusStyle: dot
- Network Monitoring:
icon: cilium.png
description: Hubble for Cilium
href: https://hubble-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://hubble-ui.kube-system:80
statusStyle: dot
- Dashboard:
icon: sh-grafana.svg
description: Grafana
href: https://grafana-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://grafana.grafana:80/api/health
statusStyle: dot
- Metrics:
icon: sh-prometheus.svg
description: Prometheus
href: https://prometheus-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://kube-prometheus-stack-prometheus.kube-prometheus-stack:9090
statusStyle: dot
widget:
type: prometheus
url: http://kube-prometheus-stack-prometheus.kube-prometheus-stack:9090
- Tautulli:
icon: sh-tautulli.svg
description: Plex Monitoring
href: https://tautulli-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://tautulli.tautulli:80
statusStyle: dot
- Jellystat:
icon: sh-jellystat.png
description: Jellyfin Monitoring
href: https://jellystat-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://jellystat.jellystat:3000
statusStyle: dot
- Services:
- Auth (Public):
icon: sh-authentik.svg
description: Authentik
href: https://auth.alexlebens.dev
siteMonitor: https://auth.alexlebens.dev
statusStyle: dot
- Auth (Tailnet):
icon: sh-authentik.svg
description: Authentik
href: https://auth-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://authentik-server.authentik:80
statusStyle: dot
- Email:
icon: sh-stalwart-mail-server.svg
description: Stalwart
href: https://stalwart-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://stalwart.stalwart:80
statusStyle: dot
- Reverse Proxy (cl01tl):
icon: sh-traefik.svg
description: Traefik
href: https://traefik-cl01tl.alexlebens.net/dashboard/#/
siteMonitor: https://traefik-cl01tl.alexlebens.net/dashboard/#/
statusStyle: dot
widget:
type: traefik
url: https://traefik-cl01tl.alexlebens.net
- Reverse Proxy (ps10rp):
icon: sh-traefik.svg
description: Traefik
href: https://traefik-ps10rp.boreal-beaufort.ts.net/dashboard/#/
siteMonitor: https://traefik-ps10rp.boreal-beaufort.ts.net/dashboard/#/
statusStyle: dot
- Image Cache:
icon: sh-harbor.svg
description: Harbor
href: https://harbor-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://harbor-portal.harbor:80
statusStyle: dot
- Hardware:
- Network Management (alexlebens.net):
icon: sh-ubiquiti-unifi.svg
description: Unifi
href: https://unifi.alexlebens.net
siteMonitor: https://unifi.alexlebens.net
statusStyle: dot
- Network Attached Storage:
icon: sh-synology-light.svg
description: Synology
href: https://synology.alexlebens.net
siteMonitor: https://synology.alexlebens.net
statusStyle: dot
widget:
type: diskstation
url: https://synology.alexlebens.net
username: {{ "{{HOMEPAGE_VAR_SYNOLOGY_USER}}" }}
password: {{ "{{HOMEPAGE_VAR_SYNOLOGY_PASSWORD}}" }}
volume: volume_2
- TV Tuner:
icon: sh-hdhomerun.svg
description: HD Homerun
href: http://hdhr.alexlebens.net
siteMonitor: http://hdhr.alexlebens.net
statusStyle: dot
- KVM:
icon: sh-pikvm-light.svg
description: Pi KVM
href: https://pikvm.alexlebens.net
siteMonitor: https://pikvm.alexlebens.net
statusStyle: dot
- Storage:
- Cluster Storage:
icon: ceph.png
description: Ceph
href: https://ceph-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://rook-ceph-mgr-dashboard.rook-ceph:7000
statusStyle: dot
- Database:
icon: sh-pgadmin-light.svg
description: PGAdmin
href: https://pgadmin-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://pgadmin.pgadmin:80
statusStyle: dot
- Secrets:
icon: sh-hashicorp-vault.svg
description: Vault
href: https://vault-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://vault.vault:8200
statusStyle: dot
- Object Storage (Outline):
icon: sh-minio.svg
description: Minio Tenant
href: https://minio-outline-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://minio-outline-console.outline:9090
statusStyle: dot
- Object Storage (Directus):
icon: sh-minio.svg
description: Minio Tenant
href: https://minio-directus-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://minio-directus-console.directus:9090
statusStyle: dot
- TV Shows:
- Sonarr:
icon: sh-sonarr.svg
description: TV Shows
href: https://sonarr-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://sonarr4.sonarr4:80
statusStyle: dot
widget:
type: sonarr
url: http://sonarr4.sonarr4:80
key: {{ "{{HOMEPAGE_VAR_SONARR_KEY}}" }}
fields: ["wanted", "queued", "series"]
enableQueue: false
- Sonarr 4K:
icon: sh-sonarr.svg
description: TV Shows 4K
href: https://sonarr-4k-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://sonarr4-4k.sonarr4-4k:80
statusStyle: dot
widget:
type: sonarr
url: http://sonarr4-4k.sonarr4-4k:80
key: {{ "{{HOMEPAGE_VAR_SONARR4K_KEY}}" }}
fields: ["wanted", "queued", "series"]
enableQueue: false
- Sonarr Anime:
icon: sh-sonarr.svg
description: Anime Shows
href: https://sonarr-anime-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://sonarr4-anime.sonarr4-anime:80
statusStyle: dot
widget:
type: sonarr
url: http://sonarr4-anime.sonarr4-anime:80
key: {{ "{{HOMEPAGE_VAR_SONARRANIME_KEY}}" }}
fields: ["wanted", "queued", "series"]
enableQueue: false
- Movies:
- Radarr:
icon: sh-radarr.svg
description: Movies
href: https://radarr-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://radarr5.radarr5:80
statusStyle: dot
widget:
type: radarr
url: http://radarr5.radarr5:80
key: {{ "{{HOMEPAGE_VAR_RADARR_KEY}}" }}
fields: ["wanted", "queued", "movies"]
enableQueue: false
- Radarr 4K:
icon: sh-radarr.svg
description: Movies 4K
href: https://radarr-4k-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://radarr5-4k.radarr5-4k:80
statusStyle: dot
widget:
type: radarr
url: http://radarr5-4k.radarr5-4k:80
key: {{ "{{HOMEPAGE_VAR_RADARR4K_KEY}}" }}
fields: ["wanted", "queued", "movies"]
enableQueue: false
- Radarr Anime:
icon: sh-radarr.svg
description: Anime Movies
href: https://radarr-anime-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://radarr5-anime.radarr5-anime:80
statusStyle: dot
widget:
type: radarr
url: http://radarr5-anime.radarr5-anime:80
key: {{ "{{HOMEPAGE_VAR_RADARRANIME_KEY}}" }}
fields: ["wanted", "queued", "movies"]
enableQueue: false
- Radarr Stand Up:
icon: sh-radarr.svg
description: Stand Up
href: https://radarr-standup-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://radarr5-standup.radarr5-standup:80
statusStyle: dot
widget:
type: radarr
url: http://radarr5-standup.radarr5-standup:80
key: {{ "{{HOMEPAGE_VAR_RADARRSTANDUP_KEY}}" }}
fields: ["wanted", "queued", "movies"]
enableQueue: false
- Music:
- Lidarr:
icon: sh-lidarr.svg
description: Music
href: https://lidarr-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://lidarr2.lidarr2:80
statusStyle: dot
widget:
type: lidarr
url: http://lidarr2.lidarr2:80
key: {{ "{{HOMEPAGE_VAR_LIDARR2_KEY}}" }}
fields: ["wanted", "queued", "artists"]
- LidaTube:
icon: sh-lidatube.png
description: Searches for Music
href: https://lidatube-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://lidatube.lidatube:80
statusStyle: dot
- Services (Servarr):
- qBittorrent:
icon: sh-qbittorrent.svg
description: P2P Downloads
href: https://qbittorrent-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://qbittorrent.qbittorrent:8080
statusStyle: dot
widget:
type: qbittorrent
url: http://qbittorrent.qbittorrent:8080
enableLeechProgress: true
- Prowlarr:
icon: sh-prowlarr.svg
description: Indexers
href: https://prowlarr-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://prowlarr.prowlarr:80
statusStyle: dot
- Soulseek:
icon: sh-slskd.png
description: slskd
href: https://slskd-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://slskd.slskd:5030
statusStyle: dot
- CWA Downloader:
icon: sh-calibre.png
description: Calibre Web Automated Book Downloader
href: https://calibre-downloader-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://calibre-web-automated-downloader.calibre-web-automated:8084
statusStyle: dot
- Tdarr:
icon: sh-tdarr.png
description: Media transcoding and health checks
href: https://tdarr-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://tdarr-web.tdarr:8265
statusStyle: dot
widget:
type: tdarr
url: http://tdarr-web.tdarr:8265
- Other Homes:
- Dev:
icon: sh-homepage.png
description: Public Homepage
href: https://home.alexlebens.dev
siteMonitor: https://home.alexlebens.dev
statusStyle: dot
- Lebens Home:
icon: sh-homepage.png
description: Lebens Homepage
href: https://home-ps10rp.boreal-beaufort.ts.net
siteMonitor: https://home-ps10rp.boreal-beaufort.ts.net
statusStyle: dot
bookmarks.yaml: |
- External Services:
- Github:
- abbr: GH
href: https://github.com/alexlebens/infrastructure
- Renovate:
- abbr: RN
href: https://developer.mend.io/[platform]/alexlebens/infrastructure
- Digital Ocean:
- abbr: DO
href: https://www.digitalocean.com/
- AWS:
- abbr: AW
href: https://aws.amazon.com/console/
- Cloudflare:
- abbr: CF
href: https://dash.cloudflare.com/b76e303258b84076ee01fd0f515c0768
- Tailscale:
- abbr: TS
href: https://login.tailscale.com/admin/machines
- ProtonVPN:
- abbr: PV
href: https://account.protonvpn.com/
- Unifi:
- abbr: UF
href: https://unifi.ui.com/
- Pushover:
- abbr: PO
href: https://pushover.net
- ReCaptcha:
- abbr: RC
href: https://www.google.com/recaptcha/admin/site/698983587
- Trackers:
- Torrentleech:
- abbr: TL
href: https://www.torrentleech.org
- Avistaz:
- abbr: AV
href: https://avistaz.to
- Cinemaz:
- abbr: CM
href: https://cinemaz.to
- Cathode Ray Tube:
- abbr: CRT
href: https://www.cathode-ray.tube
- Alpha Ratio:
- abbr: AL
href: https://alpharatio.cc/
- MV Group:
- abbr: MV
href: https://forums.mvgroup.org
service:
http:
controller: main
ports:
http:
port: 80
targetPort: 3000
protocol: HTTP
ingress:
tailscale:
enabled: true
className: tailscale
hosts:
- host: home-cl01tl
paths:
- path: /
pathType: Prefix
service:
name: homepage
port: 80
tls:
- hosts:
- home-cl01tl
persistence:
config:
enabled: true
type: configMap
name: homepage-config
advancedMounts:
main:
main:
- path: /app/config/bookmarks.yaml
readOnly: true
mountPropagation: None
subPath: bookmarks.yaml
- path: /app/config/docker.yaml
readOnly: true
mountPropagation: None
subPath: docker.yaml
- path: /app/config/kubernetes.yaml
readOnly: true
mountPropagation: None
subPath: kubernetes.yaml
- path: /app/config/services.yaml
readOnly: true
mountPropagation: None
subPath: services.yaml
- path: /app/config/settings.yaml
readOnly: true
mountPropagation: None
subPath: settings.yaml
- path: /app/config/widgets.yaml
readOnly: true
mountPropagation: None
subPath: widgets.yaml

27
clusters/cl01tl-standby/applications/jellyfin/Chart.yaml
View File

@@ -1,27 +0,0 @@
apiVersion: v2
name: jellyfin
version: 1.0.0
description: Jellyfin
keywords:
- jellyfin
- media
- movies
- tv shows
- books
- music
home: https://wiki.alexlebens.dev/doc/jellyfin-li98lrEiuA
sources:
- https://github.com/jellyfin/jellyfin
- https://github.com/jellyfin/jellyfin-vue
- https://hub.docker.com/r/jellyfin/jellyfin
- https://github.com/jellyfin/jellyfin-vue/pkgs/container/jellyfin-vue
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: jellyfin
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/jellyfin.png
appVersion: 10.10.3

57
clusters/cl01tl-standby/applications/jellyfin/templates/external-secret.yaml
View File

@@ -1,57 +0,0 @@
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: jellyfin-config-backup-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: jellyfin-config-backup-secret
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# target:
# template:
# mergePolicy: Merge
# engineVersion: v2
# data:
# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/jellyfin/jellyfin-config"
# data:
# - secretKey: BUCKET_ENDPOINT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: S3_BUCKET_ENDPOINT
# - secretKey: RESTIC_PASSWORD
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: RESTIC_PASSWORD
# - secretKey: AWS_DEFAULT_REGION
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: AWS_DEFAULT_REGION
# - secretKey: AWS_ACCESS_KEY_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: access_key
# - secretKey: AWS_SECRET_ACCESS_KEY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: secret_key

40
clusters/cl01tl-standby/applications/jellyfin/templates/persistent-volume-claim.yaml
View File

@@ -1,40 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jellyfin-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: jellyfin-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: jellyfin-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jellyfin-youtube-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: jellyfin-youtube-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: jellyfin-youtube-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadOnlyMany
resources:
requests:
storage: 1Gi

52
clusters/cl01tl-standby/applications/jellyfin/templates/persistent-volume.yaml
View File

@@ -1,52 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: jellyfin-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: jellyfin-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: jellyfin-youtube-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: jellyfin-youtube-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadOnlyMany
nfs:
path: /volume2/Storage/YouTube
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

27
clusters/cl01tl-standby/applications/jellyfin/templates/replication-source.yaml
View File

@@ -1,27 +0,0 @@
# apiVersion: volsync.backube/v1alpha1
# kind: ReplicationSource
# metadata:
# name: jellyfin-config-backup-source
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: jellyfin-config-backup-source
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# sourcePVC: jellyfin-config
# trigger:
# schedule: 0 0 */3 * *
# restic:
# pruneIntervalDays: 14
# repository: jellyfin-config-backup-secret
# retain:
# hourly: 1
# daily: 1
# weekly: 1
# monthly: 2
# yearly: 4
# copyMethod: Snapshot
# storageClassName: ceph-block
# volumeSnapshotClassName: ceph-blockpool-snapshot

104
clusters/cl01tl-standby/applications/jellyfin/values.yaml
View File

@@ -1,104 +0,0 @@
jellyfin:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/jellyfin/jellyfin
tag: 10.10.6
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
- name: JELLYFIN_hostwebclient
value: true
- name: JELLYFIN_PublishedServerUrl
value: https://jellyfin-cl01tl.boreal-beaufort.ts.net/
resources:
requests:
gpu.intel.com/i915: 1
cpu: 1
memory: 2Gi
limits:
gpu.intel.com/i915: 1
cpu: 4
serviceAccount:
create: true
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 8096
protocol: HTTP
ingress:
tailscale-main:
enabled: true
className: tailscale
hosts:
- host: jellyfin-cl01tl
paths:
- path: /
pathType: Prefix
service:
name: jellyfin
port: 80
tls:
- hosts:
- jellyfin-cl01tl
traefik:
enabled: true
className: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
cert-manager.io/cluster-issuer: letsencrypt-issuer
hosts:
- host: jellyfin.alexlebens.net
paths:
- path: /
pathType: Prefix
service:
name: jellyfin
port: 80
tls:
- hosts:
- jellyfin.alexlebens.net
secretName: jellyfin-tls-secret
persistence:
config:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 60Gi
retain: true
advancedMounts:
main:
main:
- path: /config
readOnly: false
cache:
type: emptyDir
advancedMounts:
main:
main:
- path: /cache
readOnly: false
media:
existingClaim: jellyfin-nfs-storage
advancedMounts:
main:
main:
- path: /mnt/store
readOnly: false
youtube:
existingClaim: jellyfin-youtube-nfs-storage
advancedMounts:
main:
main:
- path: /mnt/youtube
readOnly: true

25
clusters/cl01tl-standby/applications/searxng/Chart.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: v2
name: searxng
version: 1.0.0
description: Searxng
keywords:
- searxng
- search
home: https://wiki.alexlebens.dev/doc/searxng-
sources:
- https://github.com/searxng/searxng
- https://github.com/valkey-io/valkey
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
- https://github.com/bitnami/charts/tree/main/bitnami/valkey
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: searxng
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
- name: valkey
version: 2.4.0
repository: https://charts.bitnami.com/bitnami
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/svg/searxng.svg
appVersion: 1.0.0

30
clusters/cl01tl-standby/applications/searxng/templates/external-secret.yaml
View File

@@ -1,30 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: searxng-api-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: searxng-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: settings.yml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/searxng/api/config
metadataPolicy: None
property: settings.yml
- secretKey: limiter.toml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/searxng/api/config
metadataPolicy: None
property: limiter.toml

141
clusters/cl01tl-standby/applications/searxng/values.yaml
View File

@@ -1,141 +0,0 @@
searxng:
controllers:
api:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: docker.io/searxng/searxng
tag: 2025.1.26-70f1b6500
pullPolicy: IfNotPresent
env:
- name: SEARXNG_BASE_URL
value: http://searxng-api.searxng:8080
- name: SEARXNG_QUERY_URL
value: http://searxng-api.searxng:8080/search?q=<query>
- name: SEARXNG_HOSTNAME
value: searxng-api.searxng
- name: UWSGI_WORKERS
value: 4
- name: UWSGI_THREADS
value: 4
- name: ENABLE_RAG_WEB_SEARCH
value: true
- name: RAG_WEB_SEARCH_ENGINE
value: searxng
- name: RAG_WEB_SEARCH_RESULT_COUNT
value: 3
- name: RAG_WEB_SEARCH_CONCURRENT_REQUESTS
value: 10
resources:
requests:
cpu: 10m
memory: 256Mi
browser:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: docker.io/searxng/searxng
tag: 2025.1.26-70f1b6500
pullPolicy: IfNotPresent
env:
- name: SEARXNG_BASE_URL
value: https://searxng-cl01tl.boreal-beaufort.ts.net/
- name: SEARXNG_QUERY_URL
value: https://searxng-cl01tl.boreal-beaufort.ts.net/search?q=<query>
- name: SEARXNG_HOSTNAME
value: searxng-cl01tl.boreal-beaufort.ts.net
- name: SEARXNG_REDIS_URL
value: redis://searxng-valkey-primary.searxng:6379/0
- name: UWSGI_WORKERS
value: 4
- name: UWSGI_THREADS
value: 4
resources:
requests:
cpu: 10m
memory: 256Mi
serviceAccount:
create: true
service:
api:
controller: api
ports:
mail:
port: 8080
targetPort: 8080
protocol: HTTP
browser:
controller: browser
ports:
mail:
port: 80
targetPort: 8080
protocol: HTTP
ingress:
tailscale:
enabled: true
className: tailscale
hosts:
- host: searxng-cl01tl
paths:
- path: /
pathType: Prefix
service:
name: searxng-browser
port: 80
tls:
- hosts:
- searxng-cl01tl
persistence:
config:
enabled: true
type: secret
name: searxng-api-config-secret
advancedMounts:
api:
main:
- path: /etc/searxng/settings.yml
readOnly: true
mountPropagation: None
subPath: settings.yml
- path: /etc/searxng/limiter.toml
readOnly: true
mountPropagation: None
subPath: limiter.toml
api-data:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
advancedMounts:
api:
main:
- path: /etc/searxng
readOnly: false
browser-data:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
advancedMounts:
browser:
main:
- path: /etc/searxng
readOnly: false
valkey:
architecture: standalone
auth:
enabled: false
usePasswordFiles: false
primary:
persistence:
enabled: false
replica:
persistence:
enabled: false

25
clusters/cl01tl-standby/applications/slskd/Chart.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: v2
name: slskd
version: 1.0.0
description: slskd
keywords:
- slskd
- soularr
- lidarr
- music
home: https://wiki.alexlebens.dev/doc/slskd-v4Hfaqh48C
sources:
- https://github.com/slskd/slskd
- https://github.com/mrusse/soularr
- https://hub.docker.com/r/slskd/slskd
- https://hub.docker.com/r/mrusse08/soularr
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: slskd
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/slskd.png
appVersion: 0.22.1

73
clusters/cl01tl-standby/applications/slskd/templates/external-secret.yaml
View File

@@ -1,73 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: slskd-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: slskd-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: slskd.yml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/slskd/config
metadataPolicy: None
property: slskd.yml
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: soularr-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: soularr-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: config.ini
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/slskd/soularr
metadataPolicy: None
property: config.ini
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: slskd-wireguard-conf
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: slskd-wireguard-conf
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: private-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: private-key

8
clusters/cl01tl-standby/applications/slskd/templates/namespace.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: slskd
labels:
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

19
clusters/cl01tl-standby/applications/slskd/templates/persistent-volume-claim.yaml
View File

@@ -1,19 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: slskd-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: slskd-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: slskd-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

25
clusters/cl01tl-standby/applications/slskd/templates/persistent-volume.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: slskd-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: slskd-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

21
clusters/cl01tl-standby/applications/slskd/templates/service-monitor.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: slskd
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: slskd
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: metrics
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: slskd
app.kubernetes.io/instance: {{ .Release.Name }}
endpoints:
- port: http
interval: 3m
scrapeTimeout: 1m
path: /metrics

170
clusters/cl01tl-standby/applications/slskd/values.yaml
View File

@@ -1,170 +0,0 @@
slskd:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
initContainers:
init-sysctl:
image:
repository: busybox
tag: 1.37.0
pullPolicy: IfNotPresent
securityContext:
privileged: True
resources:
requests:
cpu: 100m
memory: 128Mi
command:
- /bin/sh
args:
- -ec
- |
sysctl -w net.ipv4.ip_forward=1;
sysctl -w net.ipv6.conf.all.disable_ipv6=1
containers:
main:
image:
repository: slskd/slskd
tag: 0.22.2
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
- name: PUID
value: 1000
- name: PGID
value: 1000
- name: SLSKD_UMASK
value: 000
resources:
requests:
cpu: 100m
memory: 512Mi
gluetun:
image:
repository: ghcr.io/qdm12/gluetun
tag: v3.40.0@sha256:2b42bfa046757145a5155acece417b65b4443c8033fb88661a8e9dcf7fda5a00
pullPolicy: IfNotPresent
env:
- name: VPN_SERVICE_PROVIDER
value: protonvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: slskd-wireguard-conf
key: private-key
- name: VPN_PORT_FORWARDING
value: "on"
- name: PORT_FORWARD_ONLY
value: "on"
- name: FIREWALL_OUTBOUND_SUBNETS
value: 192.168.1.0/24,10.244.0.0/16
- name: FIREWALL_INPUT_PORTS
value: 5030,50300
- name: DOT
value: "off"
securityContext:
privileged: True
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
resources:
requests:
squat.ai/tun: "1"
cpu: 10m
memory: 128Mi
limits:
squat.ai/tun: "1"
soularr:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers:
main:
image:
repository: mrusse08/soularr
tag: latest@sha256:11187ea58ea7b3686f4a2d328e721a5a8ca4d5815c43d90e9d67f5c61ca275c8
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
- name: PUID
value: 1000
- name: PGID
value: 1000
- name: SCRIPT_INTERVAL
value: 300
resources:
requests:
cpu: 100m
memory: 256Mi
serviceAccount:
create: true
service:
main:
controller: main
ports:
http:
port: 5030
targetPort: 5030
protocol: HTTP
ingress:
tailscale:
enabled: true
className: tailscale
hosts:
- host: slskd-cl01tl
paths:
- path: /
pathType: Prefix
service:
name: slskd
port: 5030
tls:
- hosts:
- slskd-cl01tl
persistence:
slskd-config:
enabled: true
type: secret
name: slskd-config-secret
advancedMounts:
main:
main:
- path: /app/slskd.yml
readOnly: true
mountPropagation: None
subPath: slskd.yml
soularr-config:
enabled: true
type: secret
name: soularr-config-secret
advancedMounts:
soularr:
main:
- path: /data/config.ini
readOnly: true
mountPropagation: None
subPath: config.ini
data:
existingClaim: slskd-nfs-storage
advancedMounts:
main:
main:
- path: /mnt/store
readOnly: false
soularr:
main:
- path: /mnt/store
readOnly: false

21
clusters/cl01tl-standby/applications/tautulli/Chart.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: v2
name: tautulli
version: 1.0.0
description: Tautulli
keywords:
- tautulli
- plex
home: https://wiki.alexlebens.dev/doc/tautulli-7FKi7SM33K
sources:
- https://github.com/Tautulli/Tautulli
- https://github.com/Tautulli/Tautulli/pkgs/container/tautulli
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: tautulli
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/tautulli.png
appVersion: v2.15.0

57
clusters/cl01tl-standby/applications/tautulli/templates/external-secret.yaml
View File

@@ -1,57 +0,0 @@
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: tautulli-config-backup-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: tautulli-config-backup-secret
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# target:
# template:
# mergePolicy: Merge
# engineVersion: v2
# data:
# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/tautulli/tautulli-config"
# data:
# - secretKey: BUCKET_ENDPOINT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: S3_BUCKET_ENDPOINT
# - secretKey: RESTIC_PASSWORD
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: RESTIC_PASSWORD
# - secretKey: AWS_DEFAULT_REGION
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: AWS_DEFAULT_REGION
# - secretKey: AWS_ACCESS_KEY_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: access_key
# - secretKey: AWS_SECRET_ACCESS_KEY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: secret_key

27
clusters/cl01tl-standby/applications/tautulli/templates/replication-source.yaml
View File

@@ -1,27 +0,0 @@
# apiVersion: volsync.backube/v1alpha1
# kind: ReplicationSource
# metadata:
# name: tautulli-config-backup-source
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: tautulli-config-backup-source
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# sourcePVC: tautulli-config
# trigger:
# schedule: 0 0 */3 * *
# restic:
# pruneIntervalDays: 14
# repository: tautulli-config-backup-secret
# retain:
# hourly: 1
# daily: 1
# weekly: 1
# monthly: 2
# yearly: 4
# copyMethod: Snapshot
# storageClassName: ceph-block
# volumeSnapshotClassName: ceph-blockpool-snapshot

164
clusters/cl01tl-standby/applications/tautulli/values.yaml
View File

@@ -1,164 +0,0 @@
tautulli:
controllers:
main:
type: deployment
annotations:
reloader.stakater.com/auto: "true"
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/tautulli/tautulli
tag: v2.15.1
pullPolicy: IfNotPresent
env:
- name: PUID
value: 1001
- name: GUID
value: 1001
- name: TZ
value: US/Central
resources:
requests:
cpu: 10m
memory: 128Mi
serviceAccount:
create: true
configMaps:
scripts:
enabled: true
data:
select_tmdb_poster.py: |
#!/usr/bin/env python
# -*- coding: utf-8 -*-
'''
Description: Selects the default TMDB poster if no poster is selected
or the current poster is from Gracenote.
Author: /u/SwiftPanda16
Requires: plexapi
Usage:
* Change the posters for an entire library:
python select_tmdb_poster.py --library "Movies"
* Change the poster for a specific item:
python select_tmdb_poster.py --rating_key 1234
* By default locked posters are skipped. To update locked posters:
python select_tmdb_poster.py --library "Movies" --include_locked
Tautulli script trigger:
* Notify on recently added
Tautulli script conditions:
* Filter which media to select the poster. Examples:
[ Media Type | is | movie ]
Tautulli script arguments:
* Recently Added:
--rating_key {rating_key}
'''
import argparse
import os
import plexapi.base
from plexapi.server import PlexServer
plexapi.base.USER_DONT_RELOAD_FOR_KEYS.add('fields')
# Environmental Variables
PLEX_URL = os.getenv('PLEX_URL')
PLEX_TOKEN = os.getenv('PLEX_TOKEN')
def select_tmdb_poster_library(library, include_locked=False):
for item in library.all(includeGuids=False):
# Only reload for fields
item.reload(**{k: 0 for k, v in item._INCLUDES.items()})
select_tmdb_poster_item(item, include_locked=include_locked)
def select_tmdb_poster_item(item, include_locked=False):
if item.isLocked('thumb') and not include_locked: # PlexAPI 4.5.10
print(f"Locked poster for {item.title}. Skipping.")
return
posters = item.posters()
selected_poster = next((p for p in posters if p.selected), None)
if selected_poster is None:
print(f"WARNING: No poster selected for {item.title}.")
else:
skipping = ' Skipping.' if selected_poster.provider != 'gracenote' else ''
print(f"Poster provider is '{selected_poster.provider}' for {item.title}.{skipping}")
if posters and (selected_poster is None or selected_poster.provider == 'gracenote'):
# Fallback to first poster if no TMDB posters are available
tmdb_poster = next((p for p in posters if p.provider == 'tmdb'), posters[0])
# Selecting the poster automatically locks it
tmdb_poster.select()
print(f"Selected {tmdb_poster.provider} poster for {item.title}.")
if __name__ == '__main__':
parser = argparse.ArgumentParser()
parser.add_argument('--rating_key', type=int)
parser.add_argument('--library')
parser.add_argument('--include_locked', action='store_true')
opts = parser.parse_args()
plex = PlexServer(PLEX_URL, PLEX_TOKEN)
if opts.rating_key:
item = plex.fetchItem(opts.rating_key)
select_tmdb_poster_item(item, opts.include_locked)
elif opts.library:
library = plex.library.section(opts.library)
select_tmdb_poster_library(library, opts.include_locked)
else:
print("No --rating_key or --library specified. Exiting.")
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 8181
protocol: HTTP
ingress:
tailscale:
enabled: true
className: tailscale
hosts:
- host: tautulli-cl01tl
paths:
- path: /
pathType: Prefix
service:
name: tautulli
port: 80
tls:
- hosts:
- tautulli-cl01tl
persistence:
config:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
main:
main:
- path: /config
readOnly: false
scripts:
enabled: true
type: configMap
name: tautulli-scripts
advancedMounts:
main:
main:
- path: /config/scripts/select_tmdb_poster.py
readOnly: true
mountPropagation: None
subPath: select_tmdb_poster.py

29
clusters/cl01tl-standby/applications/tdarr/Chart.yaml
View File

@@ -1,29 +0,0 @@
apiVersion: v2
name: tdarr
version: 1.0.0
description: Tdarr
keywords:
- tdarr
- video
- transcode
- healthchecks
home: https://wiki.alexlebens.dev/doc/tdarr-DlUb9r2tdL
sources:
- https://github.com/HaveAGitGat/Tdarr
- https://github.com/homeylab/tdarr-exporter
- https://github.com/haveagitgat/Tdarr/pkgs/container/tdarr
- https://hub.docker.com/r/homeylab/tdarr-exporter
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
- https://github.com/homeylab/helm-charts/tree/main/charts/tdarr-exporter
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: tdarr
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
- name: tdarr-exporter
version: 1.1.7
repository: https://homeylab.github.io/helm-charts/
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/tdarr.png
appVersion: 2.27.02

116
clusters/cl01tl-standby/applications/tdarr/templates/external-secret.yaml
View File

@@ -1,116 +0,0 @@
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: tdarr-config-backup-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: tdarr-config-backup-secret
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# target:
# template:
# mergePolicy: Merge
# engineVersion: v2
# data:
# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/tdarr/tdarr-config"
# data:
# - secretKey: BUCKET_ENDPOINT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: S3_BUCKET_ENDPOINT
# - secretKey: RESTIC_PASSWORD
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: RESTIC_PASSWORD
# - secretKey: AWS_DEFAULT_REGION
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: AWS_DEFAULT_REGION
# - secretKey: AWS_ACCESS_KEY_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: access_key
# - secretKey: AWS_SECRET_ACCESS_KEY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: secret_key
# ---
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: tdarr-server-backup-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: tdarr-server-backup-secret
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# target:
# template:
# mergePolicy: Merge
# engineVersion: v2
# data:
# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/tdarr/tdarr-server"
# data:
# - secretKey: BUCKET_ENDPOINT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: S3_BUCKET_ENDPOINT
# - secretKey: RESTIC_PASSWORD
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: RESTIC_PASSWORD
# - secretKey: AWS_DEFAULT_REGION
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: AWS_DEFAULT_REGION
# - secretKey: AWS_ACCESS_KEY_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: access_key
# - secretKey: AWS_SECRET_ACCESS_KEY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: secret_key

19
clusters/cl01tl-standby/applications/tdarr/templates/persistent-volume-claim.yaml
View File

@@ -1,19 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: tdarr-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: tdarr-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: tdarr-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

25
clusters/cl01tl-standby/applications/tdarr/templates/persistent-volume.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: tdarr-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: tdarr-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

56
clusters/cl01tl-standby/applications/tdarr/templates/replication-source.yaml
View File

@@ -1,56 +0,0 @@
# apiVersion: volsync.backube/v1alpha1
# kind: ReplicationSource
# metadata:
# name: tdarr-config-backup-source
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: tdarr-config-backup-source
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# sourcePVC: tdarr-config
# trigger:
# schedule: 0 0 */3 * *
# restic:
# pruneIntervalDays: 14
# repository: tdarr-config-backup-secret
# retain:
# hourly: 1
# daily: 1
# weekly: 1
# monthly: 2
# yearly: 4
# copyMethod: Snapshot
# storageClassName: ceph-block
# volumeSnapshotClassName: ceph-blockpool-snapshot
# ---
# apiVersion: volsync.backube/v1alpha1
# kind: ReplicationSource
# metadata:
# name: tdarr-server-backup-source
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: tdarr-server-backup-source
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# sourcePVC: tdarr-server
# trigger:
# schedule: 0 0 */3 * *
# restic:
# pruneIntervalDays: 14
# repository: tdarr-server-backup-secret
# retain:
# hourly: 1
# daily: 1
# weekly: 1
# monthly: 2
# yearly: 4
# copyMethod: Snapshot
# storageClassName: ceph-block
# volumeSnapshotClassName: ceph-blockpool-snapshot

174
clusters/cl01tl-standby/applications/tdarr/values.yaml
View File

@@ -1,174 +0,0 @@
tdarr:
controllers:
server:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/haveagitgat/tdarr
tag: 2.35.02
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
- name: PUID
value: "1001"
- name: PGID
value: "1001"
- name: UMASK_SET
value: "002"
- name: ffmpegVersion
value: "6"
- name: internalNode
value: "false"
- name: inContainer
value: "true"
- name: nodeName
value: tdarr-server
- name: serverIP
value: 0.0.0.0
- name: serverPort
value: "8266"
- name: webUIPort
value: "8265"
resources:
requests:
cpu: 200m
memory: 1Gi
node:
type: daemonset
revisionHistoryLimit: 3
pod:
nodeSelector:
intel.feature.node.kubernetes.io/gpu: "true"
containers:
main:
image:
repository: ghcr.io/haveagitgat/tdarr_node
tag: 2.35.02
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
- name: PUID
value: "1001"
- name: PGID
value: "1001"
- name: UMASK_SET
value: "002"
- name: ffmpegVersion
value: "6"
- name: inContainer
value: "true"
- name: nodeName
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: serverIP
value: tdarr-api
- name: serverPort
value: "8266"
resources:
limits:
gpu.intel.com/i915: 1
cpu: 2000m
requests:
gpu.intel.com/i915: 1
cpu: 10m
memory: 512Mi
serviceAccount:
create: true
service:
api:
controller: server
ports:
http:
port: 8266
targetPort: 8266
protocol: HTTP
web:
controller: server
ports:
http:
port: 8265
targetPort: 8265
protocol: HTTP
ingress:
tailscale:
enabled: true
className: tailscale
hosts:
- host: tdarr-cl01tl
paths:
- path: /
pathType: Prefix
service:
name: tdarr-web
port: 8265
tls:
- hosts:
- tdarr-cl01tl
persistence:
config:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 50Gi
retain: true
advancedMounts:
server:
main:
- path: /app/configs
readOnly: false
server:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 50Gi
retain: true
advancedMounts:
server:
main:
- path: /app/server
readOnly: false
server-cache:
type: emptyDir
advancedMounts:
server:
main:
- path: /tcache
readOnly: false
node-cache:
type: emptyDir
advancedMounts:
node:
main:
- path: /tcache
readOnly: false
media:
existingClaim: tdarr-nfs-storage
advancedMounts:
server:
main:
- path: /mnt/store
readOnly: true
node:
main:
- path: /mnt/store
readOnly: true
tdarr-exporter:
image:
name: homeylab/tdarr-exporter
tag: 1.4.2
metrics:
serviceMonitor:
enabled: true
settings:
config:
url: http://tdarr-web.tdarr:8265
verify_ssl: false
resources:
requests:
cpu: 100m
memory: 256Mi

34
clusters/cl01tl-standby/applications/tubearchivist/Chart.yaml
View File

@@ -1,34 +0,0 @@
apiVersion: v2
name: tubearchivist
version: 1.0.0
description: Tube Archivist
keywords:
- tubearchivist
- download
- video
- youtube
home: https://wiki.alexlebens.dev/doc/tube-archivist-Bv6xCDKPM5
sources:
- https://github.com/tubearchivist/tubearchivist
- https://github.com/elastic/elasticsearch
- https://github.com/redis/redis
- https://hub.docker.com/r/bbilly1/tubearchivist
- https://hub.docker.com/r/redis/redis-stack-server
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
- https://github.com/bitnami/charts/tree/main/bitnami/redis
- https://github.com/bitnami/charts/tree/main/bitnami/elasticsearch
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: tubearchivist
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
- name: elasticsearch
version: 21.4.6
repository: https://charts.bitnami.com/bitnami
- name: redis
version: 19.6.4
repository: https://charts.bitnami.com/bitnami
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/tube-archivist.png
appVersion: v0.4.11

80
clusters/cl01tl-standby/applications/tubearchivist/templates/external-secret.yaml
View File

@@ -1,80 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: tubearchivist-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ELASTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/tubearchivist/env
metadataPolicy: None
property: ELASTIC_PASSWORD
- secretKey: TA_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/tubearchivist/env
metadataPolicy: None
property: TA_PASSWORD
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: tubearchivist-elasticsearch-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ELASTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/tubearchivist/env
metadataPolicy: None
property: ELASTIC_PASSWORD
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: tubearchivist-wireguard-conf
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: tubearchivist-wireguard-conf
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: private-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: private-key

8
clusters/cl01tl-standby/applications/tubearchivist/templates/namespace.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: tubearchivist
labels:
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

19
clusters/cl01tl-standby/applications/tubearchivist/templates/persistent-volume-claim.yaml
View File

@@ -1,19 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: tubearchivist-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: tubearchivist-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: tubearchivist-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

25
clusters/cl01tl-standby/applications/tubearchivist/templates/persistent-volume.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: tubearchivist-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: tubearchivist-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/YouTube
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

183
clusters/cl01tl-standby/applications/tubearchivist/values.yaml
View File

@@ -1,183 +0,0 @@
tubearchivist:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: bbilly1/tubearchivist
tag: v0.4.13
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
- name: HOST_UID
value: 1000
- name: HOST_GID
value: 1000
- name: ES_URL
value: http://tubearchivist-elasticsearch:9200
- name: REDIS_HOST
value: tubearchivist-redis-headless
- name: TA_HOST
value: tubearchivist-cl01tl.boreal-beaufort.ts.net tubearchivist.tubearchivist
- name: TA_PORT
value: 24000
- name: TA_USERNAME
value: admin
envFrom:
- secretRef:
name: tubearchivist-config-secret
probes:
liveness:
enabled: false
custom: true
spec:
exec:
command:
- /usr/bin/env
- bash
- -c
- curl --fail http://localhost:8000/health
failureThreshold: 5
initialDelaySeconds: 60
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 10
resources:
requests:
cpu: 10m
memory: 1Gi
gluetun:
image:
repository: ghcr.io/qdm12/gluetun
tag: v3.40.0@sha256:2b42bfa046757145a5155acece417b65b4443c8033fb88661a8e9dcf7fda5a00
pullPolicy: IfNotPresent
env:
- name: VPN_SERVICE_PROVIDER
value: protonvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: tubearchivist-wireguard-conf
key: private-key
- name: VPN_PORT_FORWARDING
value: "on"
- name: PORT_FORWARD_ONLY
value: "on"
- name: FIREWALL_OUTBOUND_SUBNETS
value: 10.0.0.0/8
- name: FIREWALL_INPUT_PORTS
value: 80,8000,24000
- name: DOT
value: off
- name: DNS_KEEP_NAMESERVER
value: on
- name: DNS_PLAINTEXT_ADDRESS
value: 10.96.0.10
securityContext:
privileged: True
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
resources:
requests:
squat.ai/tun: "1"
cpu: 10m
memory: 128Mi
limits:
squat.ai/tun: "1"
serviceAccount:
create: true
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 24000
protocol: HTTP
ingress:
tailscale:
enabled: true
className: tailscale
hosts:
- host: tubearchivist-cl01tl
paths:
- path: /
pathType: Prefix
service:
name: tubearchivist
port: 80
tls:
- hosts:
- tubearchivist-cl01tl
persistence:
data:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 20Gi
retain: true
advancedMounts:
main:
main:
- path: /cache
readOnly: false
youtube:
existingClaim: tubearchivist-nfs-storage
advancedMounts:
main:
main:
- path: /youtube
readOnly: false
redis:
image:
repository: redis/redis-stack-server
tag: 7.2.0-v13
architecture: standalone
auth:
enabled: false
commonConfiguration: |-
# Enable AOF https://redis.io/topics/persistence#append-only-file
appendonly yes
# Disable RDB persistence, AOF persistence already enabled.
save ""
# Enable Redis Json module
loadmodule /opt/redis-stack/lib/rejson.so
elasticsearch:
global:
storageClass: ceph-block
extraEnvVars:
- name: discovery.type
value: single-node
- name: xpack.security.enabled
value: "true"
extraEnvVarsSecret: tubearchivist-elasticsearch-secret
extraConfig:
path:
repo: /usr/share/elasticsearch/data/snapshot
extraVolumes:
- name: snapshot
nfs:
path: /volume2/Storage/TubeArchivist
server: synologybond.alexlebens.net
extraVolumeMounts:
- name: snapshot
mountPath: /usr/share/elasticsearch/data/snapshot
snapshotRepoPath: /usr/share/elasticsearch/data/snapshot
master:
masterOnly: false
replicaCount: 1
data:
replicaCount: 0
coordinating:
replicaCount: 0
ingest:
enabled: false
replicaCount: 0

23
clusters/cl01tl-standby/monitoring/kube-prometheus-stack/Chart.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: v2
name: kube-prometheus-stack
version: 1.0.0
description: Kube Prometheus Stack
keywords:
- kube-prometheus-stack
- prometheus
- alertmanager
- metrics
- alerts
- kubernetes
home: https://wiki.alexlebens.dev/doc/kube-prometheus-stack-pPGJlzAqur
sources:
- https://github.com/prometheus/prometheus
- https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack
maintainers:
- name: alexlebens
dependencies:
- name: kube-prometheus-stack
version: 69.6.0
repository: https://prometheus-community.github.io/helm-charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/prometheus.png
appVersion: v0.79.2

37
clusters/cl01tl-standby/monitoring/kube-prometheus-stack/templates/external-secret.yaml
View File

@@ -1,37 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: alertmanager-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: discord_webhook
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /discord/webhook/alertmanager
metadataPolicy: None
property: webhook
- secretKey: pushover_token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /pushover/key
metadataPolicy: None
property: alertmanager_key
- secretKey: user_key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /pushover/key
metadataPolicy: None
property: user_key

8
clusters/cl01tl-standby/monitoring/kube-prometheus-stack/templates/namespace.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: kube-prometheus-stack
labels:
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

41
clusters/cl01tl-standby/monitoring/kube-prometheus-stack/templates/scrape-config.yaml
View File

@@ -1,41 +0,0 @@
apiVersion: monitoring.coreos.com/v1alpha1
kind: ScrapeConfig
metadata:
name: external-nodes-http
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: external-nodes
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: metrics
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
staticConfigs:
- labels:
job: external-nodes
targets:
- ps08rp.alexlebens.net:9100
- ps09rp.alexlebens.net:9100
metricsPath: /metrics
scheme: HTTP
---
apiVersion: monitoring.coreos.com/v1alpha1
kind: ScrapeConfig
metadata:
name: external-nodes-https
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: external-nodes
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: metrics
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
staticConfigs:
- labels:
job: external-nodes
targets:
- node-exporter-ps10rp.boreal-beaufort.ts.net
metricsPath: /metrics
scheme: HTTPS

16
clusters/cl01tl-standby/monitoring/kube-prometheus-stack/templates/service.yaml
View File

@@ -1,16 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: node-ps10rp
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: node-ps10rp
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: tailscale
app.kubernetes.io/part-of: {{ .Release.Name }}
annotations:
tailscale.com/tailnet-fqdn: node-exporter-ps10rp.boreal-beaufort.ts.net
spec:
externalName: placeholder
type: ExternalName

149
clusters/cl01tl-standby/monitoring/kube-prometheus-stack/values.yaml
View File

@@ -1,149 +0,0 @@
kube-prometheus-stack:
crds:
enabled: false
defaultRules:
create: true
rules:
kubeControllerManager: false
kubeSchedulerAlerting: false
kubeSchedulerRecording: false
global:
rbac:
create: true
createAggregateClusterRoles: true
alertmanager:
enabled: true
config:
route:
group_by: ["namespace", "alertname"]
group_wait: 30s
group_interval: 5m
repeat_interval: 24h
receiver: discord
routes:
- receiver: "null"
matchers:
- alertname = "Watchdog"
- receiver: "pushover"
group_wait: 10s
group_interval: 5m
repeat_interval: 24h
matchers:
- severity = "critical"
receivers:
- name: "null"
- name: discord
discord_configs:
- send_resolved: true
webhook_url_file: /etc/alertmanager/secrets/alertmanager-config-secret/discord_webhook
- name: pushover
pushover_configs:
- send_resolved: true
user_key_file: /etc/alertmanager/secrets/alertmanager-config-secret/user_key
token_file: /etc/alertmanager/secrets/alertmanager-config-secret/pushover_token
alertmanagerSpec:
secrets:
- alertmanager-config-secret
replicas: 1
grafana:
enabled: false
kubeApiServer:
tlsConfig:
insecureSkipVerify: true
kubeControllerManager:
enabled: false
kubeEtcd:
enabled: true
kubeScheduler:
enabled: false
kubeProxy:
enabled: false
kubeStateMetrics:
enabled: true
nodeExporter:
operatingSystems:
darwin:
enabled: false
prometheusOperator:
admissionWebhooks:
enabled: true
namespaces:
releaseNamespace: true
additional:
- kube-system
- kube-prometheus-stack
- argocd
- argo-workflows
- authentik
- blocky
- cert-manager
- cloudnative-pg
- descheduler
- directus
- external-dns
- freshrss
- generic-device-plugin
- gitea
- grafana
- harbor
- hoarder
- home-assistant
- immich
- jellystat
- komodo
- lidarr2
- linkwarden
- loki
- matrix-synapse
- ollama
- outline
- photoview
- qbittorrent
- radarr5
- radarr5-4k
- radarr5-anime
- radarr5-standup
- reloader
- rook-ceph
- roundcube
- slskd
- sonarr4
- sonarr4-4k
- sonarr4-anime
- speedtest-exporter
- spegel
- stalwart
- tdarr
- traefik
- trivy
- unpoller
- vault
- vaultwarden
- volsync
prometheus:
ingress:
enabled: true
ingressClassName: tailscale
labels:
tailscale.com/proxy-class: no-metrics
hosts:
- prometheus-cl01tl
tls:
- secretName: prometheus-cl01tl
hosts:
- prometheus-cl01tl
prometheusSpec:
scrapeInterval: 30s
retention: 30d
externalUrl: https://prometheus-cl01tl.boreal-beaufort.ts.net
serviceMonitorSelectorNilUsesHelmValues: false
podMonitorSelectorNilUsesHelmValues: false
scrapeConfigSelectorNilUsesHelmValues: false
storageSpec:
volumeClaimTemplate:
spec:
storageClassName: synology-iscsi-delete
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 200Gi

23
clusters/cl01tl-standby/monitoring/unpoller/Chart.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: v2
name: unpoller
version: 1.0.0
description: Unpoller
keywords:
- unpoller
- ubiquiti
- unifi
- metrics
home: https://wiki.alexlebens.dev/doc/unpoller-ZG6iBCZATk
sources:
- https://github.com/unpoller/unpoller
- https://github.com/unpoller/unpoller/pkgs/container/unpoller
- https://github.com/bjw-s/helm-charts/blob/main/charts/other/app-template/values.yaml
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: unpoller
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
icon: https://camo.githubusercontent.com/c5d07a5b3acfeac8e1c25bf56f440ffe032b86e4e7f15de82357f022a43fc927/68747470733a2f2f756e706f6c6c65722e636f6d2f696d672f6c6f676f2e706e67
appVersion: v2.11.2

30
clusters/cl01tl-standby/monitoring/unpoller/templates/external-secret.yaml
View File

@@ -1,30 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: unpoller-unifi-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: unpoller-unifi-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: UP_UNIFI_CONTROLLER_0_USER
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /unifi/auth/cl01tl
metadataPolicy: None
property: user
- secretKey: UP_UNIFI_CONTROLLER_0_PASS
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /unifi/auth/cl01tl
metadataPolicy: None
property: password

21
clusters/cl01tl-standby/monitoring/unpoller/templates/service-monitor.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: unpoller
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: unpoller
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: metrics
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: unpoller
app.kubernetes.io/instance: {{ .Release.Name }}
endpoints:
- port: metrics
interval: 30s
scrapeTimeout: 10s
path: /metrics

57
clusters/cl01tl-standby/monitoring/unpoller/values.yaml
View File

@@ -1,57 +0,0 @@
unpoller:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/unpoller/unpoller
tag: v2.14.1
pullPolicy: IfNotPresent
env:
- name: UP_UNIFI_CONTROLLER_0_SAVE_ALARMS
value: 'false'
- name: UP_UNIFI_CONTROLLER_0_SAVE_ANOMALIES
value: 'false'
- name: UP_UNIFI_CONTROLLER_0_SAVE_DPI
value: 'false'
- name: UP_UNIFI_CONTROLLER_0_SAVE_EVENTS
value: 'false'
- name: UP_UNIFI_CONTROLLER_0_SAVE_IDS
value: 'false'
- name: UP_UNIFI_CONTROLLER_0_SAVE_SITES
value: 'true'
- name: UP_UNIFI_CONTROLLER_0_URL
value: https://unifi.alexlebens.net/
- name: UP_UNIFI_CONTROLLER_0_VERIFY_SSL
value: 'false'
- name: UP_INFLUXDB_DISABLE
value: 'true'
- name: UP_PROMETHEUS_HTTP_LISTEN
value: 0.0.0.0:9130
- name: UP_PROMETHEUS_NAMESPACE
value: unpoller
- name: UP_POLLER_DEBUG
value: 'false'
- name: UP_POLLER_QUIET
value: 'false'
envFrom:
- secretRef:
name: unpoller-unifi-secret
resources:
requests:
cpu: 10m
memory: 64Mi
serviceAccount:
create: true
service:
main:
controller: main
ports:
metrics:
port: 9130
targetPort: 9130
protocol: TCP

28
clusters/cl01tl-standby/platform/qbittorrent/Chart.yaml
View File

@@ -1,28 +0,0 @@
apiVersion: v2
name: qbittorrent
version: 1.0.0
description: qBittorrent
keywords:
- qbittorrent
- downloads
- torrent
- vpn
- metrics
home: https://wiki.alexlebens.dev/doc/qbittorrent-5jBMHjtzCZ
sources:
- https://github.com/qbittorrent/qBittorrent
- https://github.com/qdm12/gluetun
- https://github.com/esanchezm/prometheus-qbittorrent-exporter
- https://docs.linuxserver.io/images/docker-qbittorrent/
- https://github.com/qdm12/gluetun/pkgs/container/gluetun
- https://hub.docker.com/r/esanchezm/prometheus-qbittorrent-exporter
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: qbittorrent
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/qbittorrent.png
appVersion: 5.0.2

20
clusters/cl01tl-standby/platform/qbittorrent/templates/config-map.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: glutun-update-script
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: glutun-update-script
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: gluetun
app.kubernetes.io/part-of: {{ .Release.Name }}
data:
update.sh: |
if ! command -v curl 2>&1 >/dev/null
then
echo "curl could not be found, installing";
apk add curl;
fi;
echo "updating port with $1";
curl -i -X POST -d "json={\"listen_port\": \"${1}\"}" "http://localhost:8080/api/v2/app/setPreferences";

23
clusters/cl01tl-standby/platform/qbittorrent/templates/external-secret.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: qbittorrent-wireguard-conf
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: qbittorrent-wireguard-conf
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: private-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: private-key

8
clusters/cl01tl-standby/platform/qbittorrent/templates/namespace.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: qbittorrent
labels:
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

40
clusters/cl01tl-standby/platform/qbittorrent/templates/persistent-volume-claim.yaml
View File

@@ -1,40 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: qbittorrent-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: qbittorrent-config
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: qbittorrent-config
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: qbittorrent-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: qbittorrent-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

52
clusters/cl01tl-standby/platform/qbittorrent/templates/persistent-volume.yaml
View File

@@ -1,52 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: qbittorrent-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: qbittorrent-config
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Torrent/QBITTORRENT
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: qbittorrent-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: qbittorrent-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

21
clusters/cl01tl-standby/platform/qbittorrent/templates/service-monitor.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: qbittorrent
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: qbittorrent
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
endpoints:
- port: metrics
interval: 30s
scrapeTimeout: 15s
path: /metrics
selector:
matchLabels:
app.kubernetes.io/name: qbittorrent
app.kubernetes.io/instance: {{ .Release.Name }}

164
clusters/cl01tl-standby/platform/qbittorrent/values.yaml
View File

@@ -1,164 +0,0 @@
qbittorrent:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
initContainers:
init-sysctl:
image:
repository: busybox
tag: 1.37.0
pullPolicy: IfNotPresent
securityContext:
privileged: True
resources:
requests:
cpu: 100m
memory: 128Mi
command:
- /bin/sh
args:
- -ec
- |
sysctl -w net.ipv4.ip_forward=1;
sysctl -w net.ipv6.conf.all.disable_ipv6=1
containers:
qbittorrent:
image:
repository: ghcr.io/linuxserver/qbittorrent
tag: 5.0.4@sha256:81a71641d2ee65fbecfabf3388f0d6b7b053e7266658b1fb7efee8900d06f010
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: UMASK_SET
value: "002"
- name: WEBUI_PORT
value: 8080
resources:
requests:
cpu: 500m
memory: 1Gi
gluetun:
image:
repository: ghcr.io/qdm12/gluetun
tag: v3.40.0@sha256:2b42bfa046757145a5155acece417b65b4443c8033fb88661a8e9dcf7fda5a00
pullPolicy: IfNotPresent
env:
- name: VPN_SERVICE_PROVIDER
value: protonvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: qbittorrent-wireguard-conf
key: private-key
- name: VPN_PORT_FORWARDING
value: "on"
- name: VPN_PORT_FORWARDING_UP_COMMAND
value: '/bin/sh -c "/gluetun/update.sh {{ printf "{{PORTS}}" }}"'
- name: PORT_FORWARD_ONLY
value: "on"
- name: FIREWALL_OUTBOUND_SUBNETS
value: 192.168.1.0/24,10.244.0.0/16
- name: FIREWALL_INPUT_PORTS
value: 8080,9022
- name: DOT
value: "off"
securityContext:
privileged: True
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
resources:
limits:
squat.ai/tun: "1"
requests:
cpu: 10m
memory: 64Mi
exporter:
image:
repository: esanchezm/prometheus-qbittorrent-exporter
tag: v1.6.0
pullPolicy: IfNotPresent
env:
- name: QBITTORRENT_HOST
value: localhost
- name: QBITTORRENT_PORT
value: "8080"
- name: EXPORTER_PORT
value: "9022"
- name: EXPORTER_LOG_LEVEL
value: INFO
resources:
requests:
cpu: 10m
memory: 64Mi
serviceAccount:
create: true
service:
main:
controller: main
ports:
http:
port: 8080
targetPort: 8080
protocol: HTTP
health:
port: 9999
targetPort: 9999
protocol: HTTP
metrics:
port: 9022
targetPort: 9022
protocol: HTTP
ingress:
tailscale:
enabled: true
className: tailscale
hosts:
- host: qbittorrent-cl01tl
paths:
- path: /
pathType: Prefix
service:
name: qbittorrent
port: 8080
tls:
- hosts:
- qbittorrent-cl01tl
persistence:
config:
type: persistentVolumeClaim
existingClaim: qbittorrent-config
advancedMounts:
main:
qbittorrent:
- path: /config
readOnly: false
update-script:
enabled: true
type: configMap
name: glutun-update-script
defaultMode: 0755
advancedMounts:
main:
gluetun:
- path: /gluetun/update.sh
subPath: update.sh
storage:
type: persistentVolumeClaim
existingClaim: qbittorrent-nfs-storage
advancedMounts:
main:
qbittorrent:
- path: /mnt/store
readOnly: false

22
clusters/cl01tl-standby/platform/unpackerr/Chart.yaml
View File

@@ -1,22 +0,0 @@
apiVersion: v2
name: unpackerr
version: 1.0.0
description: Unpackerr
keywords:
- unpackerr
- archive
- servarr
home: https://wiki.alexlebens.dev/doc/unpackerr-ZCcVdSxo4s
sources:
- https://github.com/Unpackerr/unpackerr
- https://hub.docker.com/r/golift/unpackerr
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: unpackerr
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
icon: https://avatars.githubusercontent.com/u/104323643?s=48&v=4
appVersion: 0.14.5

72
clusters/cl01tl-standby/platform/unpackerr/templates/external-secret.yaml
View File

@@ -1,72 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: unpackerr-key-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: unpackerr-key-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: UN_SONARR_0_API_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/sonarr4/key
metadataPolicy: None
property: key
- secretKey: UN_SONARR_1_API_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/sonarr4-4k/key
metadataPolicy: None
property: key
- secretKey: UN_SONARR_2_API_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/sonarr4-anime/key
metadataPolicy: None
property: key
- secretKey: UN_RADARR_0_API_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/radarr5/key
metadataPolicy: None
property: key
- secretKey: UN_RADARR_1_API_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/radarr5-4k/key
metadataPolicy: None
property: key
- secretKey: UN_RADARR_2_API_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/radarr5-anime/key
metadataPolicy: None
property: key
- secretKey: UN_RADARR_3_API_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/radarr5-standup/key
metadataPolicy: None
property: key
- secretKey: UN_LIDARR_0_API_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/lidarr2/key
metadataPolicy: None
property: key

19
clusters/cl01tl-standby/platform/unpackerr/templates/persistent-volume-claim.yaml
View File

@@ -1,19 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: unpackerr-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: unpackerr-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: unpackerr-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

25
clusters/cl01tl-standby/platform/unpackerr/templates/persistent-volume.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: unpackerr-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: unpackerr-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

67
clusters/cl01tl-standby/platform/unpackerr/values.yaml
View File

@@ -1,67 +0,0 @@
unpackerr:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: golift/unpackerr
tag: 0.14.5
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
- name: UN_WEBSERVER_METRICS
value: true
- name: UN_SONARR_0_URL
value: http://sonarr4.sonarr4:80
- name: UN_SONARR_0_PATHS_0
value: /mnt/store/Torrent/FINISHED/COMPLETED
- name: UN_SONARR_1_URL
value: http://sonarr4-4k.sonarr4-4k:80
- name: UN_SONARR_1_PATHS_0
value: /mnt/store/Torrent/FINISHED/COMPLETED
- name: UN_SONARR_2_URL
value: http://sonarr4-anime.sonarr4-anime:80
- name: UN_SONARR_2_PATHS_0
value: /mnt/store/Torrent/FINISHED/COMPLETED
- name: UN_RADARR_0_URL
value: http://radarr5.radarr5:80
- name: UN_RADARR_0_PATHS_0
value: /mnt/store/Torrent/FINISHED/COMPLETED
- name: UN_RADARR_1_URL
value: http://radarr5-4k.radarr5-4k:80
- name: UN_RADARR_1_PATHS_0
value: /mnt/store/Torrent/FINISHED/COMPLETED
- name: UN_RADARR_2_URL
value: http://radarr5-anime.radarr5-anime:80
- name: UN_RADARR_2_PATHS_0
value: /mnt/store/Torrent/FINISHED/COMPLETED
- name: UN_RADARR_3_URL
value: http://radarr5-standup.radarr5-standup:80
- name: UN_RADARR_3_PATHS_0
value: /mnt/store/Torrent/FINISHED/COMPLETED
- name: UN_LIDARR_0_URL
value: http://lidarr2.lidarr2:80
- name: UN_LIDARR_0_PATHS_0
value: /mnt/store/Torrent/FINISHED/COMPLETED
envFrom:
- secretRef:
name: unpackerr-key-secret
resources:
requests:
cpu: 10m
memory: 128Mi
serviceAccount:
create: true
persistence:
storage:
existingClaim: unpackerr-nfs-storage
advancedMounts:
main:
main:
- path: /mnt/store
readOnly: false

22
clusters/cl01tl-standby/services/external-dns/Chart.yaml
View File

@@ -1,22 +0,0 @@
apiVersion: v2
name: external-dns
version: 1.0.0
description: External DNS
keywords:
- external-dns
- dns
- unifi
- kubernetes
home: https://wiki.alexlebens.dev/doc/external-dns-Zdhuh9NAT1
sources:
- https://github.com/kubernetes-sigs/external-dns
- https://github.com/kubernetes-sigs/external-dns/tree/master/charts/external-dns
maintainers:
- name: alexlebens
dependencies:
- name: external-dns
alias: external-dns-unifi
version: 1.15.2
repository: https://kubernetes-sigs.github.io/external-dns/
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/kubernetes.png
appVersion: 1.15.0

160
clusters/cl01tl-standby/services/external-dns/templates/dns-endpoint.yaml
View File

@@ -1,160 +0,0 @@
apiVersion: externaldns.k8s.io/v1alpha1
kind: DNSEndpoint
metadata:
name: external-device-names
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: external-device-names
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: networking
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
endpoints:
# Unifi UDM
- dnsName: unifi.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 192.168.1.1
# Synology Web
- dnsName: synology.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 10.232.1.61
# Synology Storage
- dnsName: synologybond.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 10.232.1.64
# HD Homerun
- dnsName: hdhr.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 10.232.1.72
# Pi KVM
- dnsName: pikvm.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 10.232.1.71
---
apiVersion: externaldns.k8s.io/v1alpha1
kind: DNSEndpoint
metadata:
name: iot-device-names
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: iot-device-names
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: networking
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
endpoints:
# Airgradient
- dnsName: it01ag.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 10.232.1.83
# Phillips Hue
- dnsName: it02ph.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 10.232.1.85
# TubesZB ZigBee
- dnsName: it03tb.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 10.232.1.81
# TubesZB Z-Wave
- dnsName: it04tb.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 10.232.1.82
---
apiVersion: externaldns.k8s.io/v1alpha1
kind: DNSEndpoint
metadata:
name: server-host-names
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: server-host-names
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: networking
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
endpoints:
# Unifi Gateway
- dnsName: nw01un.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 192.168.1.1
# Synology
- dnsName: ps02sn.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 10.232.1.61
# Synology Storage
- dnsName: ps02sn-bond.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 10.232.1.64
# Raspberry Pi
- dnsName: ps08rp.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 10.232.1.51
# Raspberry Pi
- dnsName: ps09rp.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 10.232.1.52
---
apiVersion: externaldns.k8s.io/v1alpha1
kind: DNSEndpoint
metadata:
name: cluster-service-names
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: cluster-service-names
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: networking
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
endpoints:
# Treafik Proxy
- dnsName: traefik-cl01tl.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 10.232.1.21
# Treafik Proxy
- dnsName: blocky.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 10.232.1.22
# Treafik Proxy
- dnsName: plex.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 10.232.1.23

23
clusters/cl01tl-standby/services/external-dns/templates/external-secret.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: external-dns-unifi-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: external-dns-unifi-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: api-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /unifi/auth/cl01tl
metadataPolicy: None
property: api-key

46
clusters/cl01tl-standby/services/external-dns/values.yaml
View File

@@ -1,46 +0,0 @@
external-dns-unifi:
fullnameOverride: external-dns-unifi
serviceMonitor:
enabled: true
interval: 1m
sources:
- ingress
- crd
- gateway-httproute
- gateway-tlsroute
policy: sync
registry: txt
txtOwnerId: default
txtPrefix: k8s.
domainFilters: ["alexlebens.net"]
excludeDomains: []
provider:
name: webhook
webhook:
image:
repository: ghcr.io/kashalls/external-dns-unifi-webhook
tag: v0.4.2
env:
- name: UNIFI_HOST
value: https://192.168.1.1
- name: UNIFI_API_KEY
valueFrom:
secretKeyRef:
name: external-dns-unifi-secret
key: api-key
- name: LOG_LEVEL
value: debug
livenessProbe:
httpGet:
path: /healthz
port: http-webhook
initialDelaySeconds: 10
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /readyz
port: http-webhook
initialDelaySeconds: 10
timeoutSeconds: 5
extraArgs:
- --ignore-ingress-tls-spec

23
clusters/cl01tl-standby/services/kubernetes-cloudflare-ddns/Chart.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: v2
name: kubernetes-cloudflare-ddns
version: 1.0.0
description: Kubernetes Cloudflare DDNS
keywords:
- kubernetes-cloudflare-ddns
- cloudflare
- ddns
- kubernetes
home: https://wiki.alexlebens.dev/doc/kubernetes-ddns-STOtBY6W6q
sources:
- c
- https://hub.docker.com/r/kubitodev/kubernetes-cloudflare-ddns
- https://github.com/bjw-s/helm-charts/blob/main/charts/other/app-template/values.yaml
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: kubernetes-cloudflare-ddns
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/cloudflare.png
appVersion: "2.0.0"

44
clusters/cl01tl-standby/services/kubernetes-cloudflare-ddns/templates/external-secret.yaml
View File

@@ -1,44 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: kubernetes-cloudflare-ddns-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kubernetes-cloudflare-ddns-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: AUTH_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/alexlebens.net/ddns
metadataPolicy: None
property: token
- secretKey: NAME
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/alexlebens.net/ddns
metadataPolicy: None
property: name
- secretKey: RECORD_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/alexlebens.net/ddns
metadataPolicy: None
property: record-id
- secretKey: ZONE_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/alexlebens.net/ddns
metadataPolicy: None
property: zone-id

29
clusters/cl01tl-standby/services/kubernetes-cloudflare-ddns/values.yaml
View File

@@ -1,29 +0,0 @@
kubernetes-cloudflare-ddns:
controllers:
main:
type: cronjob
cronjob:
suspend: false
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "0 0 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 3
failedJobsHistory: 3
backoffLimit: 3
parallelism: 1
containers:
main:
image:
repository: kubitodev/kubernetes-cloudflare-ddns
tag: 2.0.0
pullPolicy: IfNotPresent
envFrom:
- secretRef:
name: kubernetes-cloudflare-ddns-secret
resources:
requests:
cpu: 10m
memory: 128Mi
serviceAccount:
create: true

23
clusters/cl01tl-standby/services/tailscale-operator/Chart.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: v2
name: tailscale-operator
version: 1.0.0
description: Tailscale Operator
keywords:
- tailscale-operator
- tailscale
- wireguard
- vpn
- kubernetes
home: https://wiki.alexlebens.dev/doc/tailscale-operator-u9TCoCqP12
sources:
- https://github.com/tailscale/tailscale/tree/main/cmd/k8s-operator/deploy
- https://hub.docker.com/r/tailscale/k8s-operator
- https://github.com/tailscale/tailscale/tree/main/cmd/k8s-operator/deploy/chart
maintainers:
- name: alexlebens
dependencies:
- name: tailscale-operator
version: 1.80.0
repository: https://pkgs.tailscale.com/helmcharts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/tailscale.png
appVersion: v1.80.0

19
clusters/cl01tl-standby/services/tailscale-operator/templates/connector.yaml
View File

@@ -1,19 +0,0 @@
apiVersion: tailscale.com/v1alpha1
kind: Connector
metadata:
name: subnet-router-local
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: subnet-router-local
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: tailscale
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
hostname: subnet-router-local-cl01tl
proxyClass: default
subnetRouter:
advertiseRoutes:
- 192.168.1.0/24
- 10.230.0.0/24
- 10.232.0.0/22

16
clusters/cl01tl-standby/services/tailscale-operator/templates/dns-config.yaml
View File

@@ -1,16 +0,0 @@
apiVersion: tailscale.com/v1alpha1
kind: DNSConfig
metadata:
name: ts-dns
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: ts-dns
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: tailscale
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
nameserver:
image:
repo: tailscale/k8s-nameserver
tag: unstable-v1.81.44

30
clusters/cl01tl-standby/services/tailscale-operator/templates/external-secrets.yaml
View File

@@ -1,30 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: operator-oauth
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: operator-oauth
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: client_id
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /tailscale/k8s-operator
metadataPolicy: None
property: clientId
- secretKey: client_secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /tailscale/k8s-operator
metadataPolicy: None
property: clientSecret

8
clusters/cl01tl-standby/services/tailscale-operator/templates/namespace.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: tailscale-operator
labels:
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

52
clusters/cl01tl-standby/services/tailscale-operator/templates/proxy-class.yaml
View File

@@ -1,52 +0,0 @@
apiVersion: tailscale.com/v1alpha1
kind: ProxyClass
metadata:
name: default
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: default
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: proxy
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
metrics:
enable: true
serviceMonitor:
enable: true
statefulSet:
pod:
tailscaleContainer:
resources:
limits:
squat.ai/tun: "1"
tailscaleInitContainer:
resources:
limits:
squat.ai/tun: "1"
---
apiVersion: tailscale.com/v1alpha1
kind: ProxyClass
metadata:
name: no-metrics
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: no-metrics
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: proxy
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
metrics:
enable: false
statefulSet:
pod:
tailscaleContainer:
resources:
limits:
squat.ai/tun: "1"
tailscaleInitContainer:
resources:
limits:
squat.ai/tun: "1"

21
clusters/cl01tl-standby/services/tailscale-operator/values.yaml
View File

@@ -1,21 +0,0 @@
tailscale-operator:
oauth: {}
installCRDs: true
operatorConfig:
defaultTags:
- "tag:k8s-operator"
logging: info
hostname: tailscale-operator-cl01tl
nodeSelector:
kubernetes.io/os: linux
operatorConfig:
securityContext:
capabilities:
add:
- NET_ADMIN
proxyConfig:
defaultTags: "tag:k8s"
firewallMode: auto
defaultProxyClass: "default"
apiServerProxyConfig:
mode: "false"

20
clusters/cl01tl-standby/storage/democratic-csi-synology-iscsi/Chart.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: v2
name: democratic-csi-synology-iscsi
version: 1.0.0
description: Democratic CSI
keywords:
- democratic-csi-synology-iscsi
- iscsi
- kubernetes
home: https://wiki.alexlebens.dev/doc/democratic-csi-tmkFKsYZm6
sources:
- https://github.com/democratic-csi/democratic-csi
- https://github.com/democratic-csi/charts/tree/master/stable/democratic-csi
maintainers:
- name: alexlebens
dependencies:
- name: democratic-csi
repository: https://democratic-csi.github.io/charts/
version: 0.14.7
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/kubernetes.png
appVersion: 0.14.7

23
clusters/cl01tl-standby/storage/democratic-csi-synology-iscsi/templates/external-secret.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: synology-iscsi-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: driver-config-file.yaml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/democratic-csi-synology-iscsi/config
metadataPolicy: None
property: driver-config-file.yaml

37
clusters/cl01tl-standby/storage/democratic-csi-synology-iscsi/values.yaml
View File

@@ -1,37 +0,0 @@
democratic-csi:
driver:
existingConfigSecret: synology-iscsi-config-secret
config:
driver: synology-iscsi
csiDriver:
name: "org.democratic-csi.iscsi-synology"
controller:
enabled: true
rbac:
enabled: true
replicaCount: 2
storageClasses:
- name: synology-iscsi-delete
defaultClass: false
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true
parameters:
fsType: ext4
- name: synology-iscsi-retain
defaultClass: false
reclaimPolicy: Retain
volumeBindingMode: Immediate
allowVolumeExpansion: true
parameters:
fsType: ext4
node:
hostPID: true
driver:
extraEnv:
- name: ISCSIADM_HOST_STRATEGY
value: nsenter
- name: ISCSIADM_HOST_PATH
value: /usr/local/sbin/iscsiadm
iscsiDirHostPath: /usr/local/etc/iscsi
iscsiDirHostPathType: ""