From 615e83814f69c3ea105d1b02d93beeffdbf00700 Mon Sep 17 00:00:00 2001
From: Alex Lebens <alexanderlebens@gmail.com>
Date: Sun, 14 Dec 2025 17:11:39 -0600
Subject: [PATCH] add cluster

---
 clusters/cl01tl/helm/sonarr/Chart.lock        |  9 +-
 clusters/cl01tl/helm/sonarr/Chart.yaml        |  8 +-
 .../sonarr/templates/external-secret.yaml     | 67 ++++++++++++++
 clusters/cl01tl/helm/sonarr/values.yaml       | 89 +++++++++++++++++++
 4 files changed, 168 insertions(+), 5 deletions(-)

diff --git a/clusters/cl01tl/helm/sonarr/Chart.lock b/clusters/cl01tl/helm/sonarr/Chart.lock
index 9b7ce16ff..12dd5ae58 100644
--- a/clusters/cl01tl/helm/sonarr/Chart.lock
+++ b/clusters/cl01tl/helm/sonarr/Chart.lock
@@ -4,6 +4,9 @@ dependencies:
   version: 4.5.0
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.1
-digest: sha256:971e29970519abaf3d65a3f9d66a705086d7f4518974dd9711e8fb130fccc9d0
-generated: "2025-12-05T17:13:38.785907239Z"
+  version: 6.17.1
+- name: postgres-cluster
+  repository: oci://harbor.alexlebens.net/helm-charts
+  version: 6.17.1
+digest: sha256:e7adcf87b5a5dffabb31eb587ee1a1148d07aaa9ec3facc09700c0d474678982
+generated: "2025-12-14T17:10:35.678235-06:00"
diff --git a/clusters/cl01tl/helm/sonarr/Chart.yaml b/clusters/cl01tl/helm/sonarr/Chart.yaml
index 1f9aa0923..4d7ed52dc 100644
--- a/clusters/cl01tl/helm/sonarr/Chart.yaml
+++ b/clusters/cl01tl/helm/sonarr/Chart.yaml
@@ -26,7 +26,11 @@ dependencies:
     version: 4.5.0
   - name: postgres-cluster
     alias: postgres-17-cluster
-    version: 6.16.1
+    version: 6.17.1
+    repository: oci://harbor.alexlebens.net/helm-charts
+  - name: postgres-cluster
+    alias: postgres-18-cluster
+    version: 6.17.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png
-appVersion: 4.0.14
+appVersion: 4.0.16
diff --git a/clusters/cl01tl/helm/sonarr/templates/external-secret.yaml b/clusters/cl01tl/helm/sonarr/templates/external-secret.yaml
index 71e637fa0..bba0f8ec6 100644
--- a/clusters/cl01tl/helm/sonarr/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/sonarr/templates/external-secret.yaml
@@ -120,3 +120,70 @@ spec:
         key: /garage/home-infra/postgres-backups
         metadataPolicy: None
         property: ACCESS_REGION
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: sonarr-postgresql-18-cluster-backup-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: sonarr-postgresql-18-cluster-backup-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /digital-ocean/home-infra/postgres-backups
+        metadataPolicy: None
+        property: access
+    - secretKey: ACCESS_SECRET_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /digital-ocean/home-infra/postgres-backups
+        metadataPolicy: None
+        property: secret
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: sonarr-postgresql-18-cluster-backup-secret-garage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: sonarr-postgresql-18-cluster-backup-secret-garage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/postgres-backups
+        metadataPolicy: None
+        property: ACCESS_KEY_ID
+    - secretKey: ACCESS_SECRET_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/postgres-backups
+        metadataPolicy: None
+        property: ACCESS_SECRET_KEY
+    - secretKey: ACCESS_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/postgres-backups
+        metadataPolicy: None
+        property: ACCESS_REGION
diff --git a/clusters/cl01tl/helm/sonarr/values.yaml b/clusters/cl01tl/helm/sonarr/values.yaml
index 2f82a1f15..553f00480 100644
--- a/clusters/cl01tl/helm/sonarr/values.yaml
+++ b/clusters/cl01tl/helm/sonarr/values.yaml
@@ -85,6 +85,7 @@ postgres-17-cluster:
   nameOverride: sonarr4-postgresql-17
   mode: recovery
   cluster:
+    enableSuperuserAccess: true
     storage:
       storageClass: local-path
     walStorage:
@@ -147,3 +148,91 @@ postgres-17-cluster:
       #   suspend: false
       #   schedule: "0 26 4 * * SAT"
       #   backupName: garage-remote
+postgres-18-cluster:
+  mode: recovery
+  cluster:
+    image:
+      repository: ghcr.io/cloudnative-pg/postgresql
+      tag: 18.1-standard-trixie
+    storage:
+      storageClass: local-path
+    walStorage:
+      storageClass: local-path
+    monitoring:
+      enabled: true
+      prometheusRule:
+        enabled: true
+    resources:
+      requests:
+        memory: 1Gi
+        cpu: 200m
+    initdb:
+      database: app
+      owner: app
+    #   postInitSQL:
+    #     - CREATE DATABASE "sonarr-main" OWNER "app";
+    #     - CREATE DATABASE "sonarr-log" OWNER "app";
+  recovery:
+    method: import
+    objectStore:
+      destinationPath: s3://postgres-backups/cl01tl/sonarr/sonarr-postgresql-18-cluster
+      endpointURL: http://garage-main.garage:3900
+      index: 1
+      endpointCredentials: sonarr-postgresql-18-cluster-backup-secret-garage
+    import:
+      type: "monolith"
+      databases:
+        - sonarr-main
+        - sonarr-log
+      roles:
+        - app
+      source:
+        host: "sonarr4-postgresql-17-cluster-rw"
+        port: 5432
+        username: postgres
+        database: "*"
+        sslMode: "disable"
+        passwordSecret:
+          name: "sonarr4-postgresql-17-cluster-superuser"
+          key: "password"
+  backup:
+    objectStore:
+      - name: external
+        destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/sonarr/sonarr-postgresql-18-cluster
+        index: 1
+        endpointCredentials: sonarr-postgresql-18-cluster-backup-secret
+        retentionPolicy: "30d"
+        isWALArchiver: false
+      - name: garage-local
+        destinationPath: s3://postgres-backups/cl01tl/sonarr/sonarr-postgresql-18-cluster
+        index: 1
+        endpointURL: http://garage-main.garage:3900
+        endpointCredentials: sonarr-postgresql-18-cluster-backup-secret-garage
+        endpointCredentialsIncludeRegion: true
+        retentionPolicy: "3d"
+        isWALArchiver: true
+      # - name: garage-remote
+      #   destinationPath: s3://postgres-backups/cl01tl/sonarr/sonarr-postgresql-18-cluster
+      #   index: 1
+      #   endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
+      #   endpointCredentials: sonarr-postgresql-18-cluster-backup-secret-garage
+      #   retentionPolicy: "30d"
+      #   data:
+      #     compression: bzip2
+      #     jobs: 2
+    scheduledBackups:
+      - name: daily-backup
+        suspend: false
+        immediate: true
+        schedule: "0 0 0 * * *"
+        backupName: external
+      - name: live-backup
+        suspend: false
+        immediate: true
+        schedule: "0 0 0 * * *"
+        backupName: garage-local
+      # - name: weekly-backup
+      #   suspend: false
+      #   immediate: true
+      #   schedule: "0 26 4 * * SAT"
+      #   backupName: garage-remote