alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 3 Actions Activity

migrate
All checks were successful
lint-test-helm / helm-lint (push) Successful in 12s
Details
renovate / renovate (push) Successful in 1m13s
Details
render-manifests / render-manifests-helm (push) Successful in 6m53s
Details

Browse Source
This commit is contained in:
Alex Lebens
2025-12-01 20:14:09 -06:00
parent 3e90af0eb5
commit 6da426af29
73 changed files with 93 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

423
clusters/cl01tl/helm/gatus/values.yaml Normal file
View File

@@ -0,0 +1,423 @@
gatus:
deployment:
strategy: Recreate
readinessProbe:
enabled: true
livenessProbe:
enabled: true
image:
repository: ghcr.io/twin/gatus
tag: v5.33.0
annotations:
reloader.stakater.com/auto: "true"
service:
type: ClusterIP
port: 80
targetPort: 8080
portName: http
ingress:
enabled: false
env:
NTFY_TOKEN:
valueFrom:
secretKeyRef:
name: gatus-config-secret
key: NTFY_TOKEN
OIDC_CLIENT_ID:
valueFrom:
secretKeyRef:
name: gatus-oidc-secret
key: OIDC_CLIENT_ID
OIDC_CLIENT_SECRET:
valueFrom:
secretKeyRef:
name: gatus-oidc-secret
key: OIDC_CLIENT_SECRET
POSTGRES_USER:
valueFrom:
secretKeyRef:
name: gatus-postgresql-17-cluster-app
key: username
POSTGRES_PASSWORD:
valueFrom:
secretKeyRef:
name: gatus-postgresql-17-cluster-app
key: password
POSTGRES_HOST:
valueFrom:
secretKeyRef:
name: gatus-postgresql-17-cluster-app
key: host
POSTGRES_PORT:
valueFrom:
secretKeyRef:
name: gatus-postgresql-17-cluster-app
key: port
POSTGRES_DB:
valueFrom:
secretKeyRef:
name: gatus-postgresql-17-cluster-app
key: dbname
resources:
requests:
cpu: 10m
memory: 128Mi
persistence:
enabled: true
size: 1Gi
mountPath: /data
accessModes:
- ReadWriteOnce
finalizers:
- kubernetes.io/pvc-protection
storageClassName: ceph-block
serviceMonitor:
enabled: true
interval: 1m
path: /metrics
scheme: http
scrapeTimeout: 30s
networkPolicy:
enabled: false
config:
metrics: true
connectivity:
checker:
target: 1.1.1.1:53
interval: 60s
alerting:
ntfy:
topic: "gatus-alerts"
priority: 3
url: http://ntfy.ntfy
token: ${NTFY_TOKEN}
default-alert:
failure-threshold: 5
send-on-resolved: true
click: "https://gatus.alexlebens.net"
security:
oidc:
issuer-url: https://authentik.alexlebens.net/application/o/gatus/
client-id: ${OIDC_CLIENT_ID}
client-secret: ${OIDC_CLIENT_SECRET}
redirect-url: https://gatus.alexlebens.net/authorization-code/callback
scopes: [openid]
storage:
type: postgres
path: "postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}?sslmode=disable"
default-endpoint: &defaults
group: core
conditions:
- "[STATUS] == 200"
- "[CERTIFICATE_EXPIRATION] > 240h"
interval: 30s
alerts:
- type: ntfy
endpoints:
- name: plex
url: http://plex.alexlebens.net
<<: *defaults
conditions:
- "[STATUS] == 401"
- name: jellyfin
url: https://jellyfin.alexlebens.net
<<: *defaults
- name: overseerr
url: https://overseerr.alexlebens.net
<<: *defaults
- name: yamtrack
url: https://yamtrack.alexlebens.net
<<: *defaults
- name: tubearchivist
url: https://tubearchivist.alexlebens.net
<<: *defaults
- name: immich
url: https://immich.alexlebens.net
<<: *defaults
- name: photoview
url: https://photoview.alexlebens.net
<<: *defaults
- name: audiobookshelf
url: https://audiobookshelf.alexlebens.net
<<: *defaults
- name: home-assistant
url: https://home-assistant.alexlebens.net
<<: *defaults
- name: actual
url: https://actual.alexlebens.net
<<: *defaults
- name: ollama
url: https://ollama.alexlebens.net
<<: *defaults
- name: searxng
url: https://searxng.alexlebens.net
<<: *defaults
- name: roundcube
url: https://mail.alexlebens.net
<<: *defaults
- name: kiwix
url: https://kiwix.alexlebens.net
<<: *defaults
- name: gitea
url: https://gitea.alexlebens.net
<<: *defaults
- name: home-assistant-code-server
url: https://home-assistant-code-server.alexlebens.net
<<: *defaults
- name: argocd
url: https://argocd.alexlebens.net
<<: *defaults
- name: komodo
url: https://komodo.alexlebens.net
<<: *defaults
- name: argo-workflows
url: https://argo-workflows.alexlebens.net
<<: *defaults
- name: n8n
url: https://n8n.alexlebens.net
<<: *defaults
- name: omni-tools
url: https://omni-tools.alexlebens.net
<<: *defaults
- name: headlamp
url: https://headlamp.alexlebens.net
<<: *defaults
- name: hubble
url: https://hubble.alexlebens.net
<<: *defaults
- name: grafana
url: https://grafana.alexlebens.net
<<: *defaults
- name: prometheus
url: https://prometheus.alexlebens.net
<<: *defaults
- name: alertmanager
url: https://alertmanager.alexlebens.net
<<: *defaults
- name: tautulli
url: https://tautulli.alexlebens.net
<<: *defaults
- name: jellystat
url: https://jellystat.alexlebens.net
<<: *defaults
- name: authentik
url: https://authentik.alexlebens.net
<<: *defaults
- name: stalwart
url: https://stalwart.alexlebens.net
<<: *defaults
- name: ntfy
url: https://ntfy.alexlebens.net
<<: *defaults
- name: traefik-cl01tl
url: https://traefik-cl01tl.alexlebens.net/dashboard/#/
<<: *defaults
- name: harbor
url: https://harbor.alexlebens.net
<<: *defaults
- name: unifi
url: https://unifi.alexlebens.net
<<: *defaults
- name: synology
url: https://synology.alexlebens.net
<<: *defaults
client:
insecure: true
conditions:
- "[CONNECTED] == true"
- name: hdhr
url: http://hdhr.alexlebens.net
<<: *defaults
conditions:
- "[STATUS] == 200"
- name: pikvm
url: https://pikvm.alexlebens.net/login/
<<: *defaults
client:
insecure: true
conditions:
- "[CONNECTED] == true"
- name: shelly
url: http://it05sp.alexlebens.net
<<: *defaults
conditions:
- "[STATUS] == 200"
- name: ceph
url: https://ceph.alexlebens.net
<<: *defaults
- name: pgadmin
url: https://pgadmin.alexlebens.net
<<: *defaults
- name: whodb
url: https://whodb.alexlebens.net
<<: *defaults
- name: vault
url: https://vault.alexlebens.net
<<: *defaults
- name: sonarr
url: https://sonarr.alexlebens.net
<<: *defaults
- name: sonarr-4k
url: https://sonarr-4k.alexlebens.net
<<: *defaults
- name: sonarr-anime
url: https://sonarr-anime.alexlebens.net
<<: *defaults
- name: radarr
url: https://radarr.alexlebens.net
<<: *defaults
- name: radarr-4k
url: https://radarr-4k.alexlebens.net
<<: *defaults
- name: radarr-anime
url: https://radarr-anime.alexlebens.net
<<: *defaults
- name: radarr-standup
url: https://radarr-standup.alexlebens.net
<<: *defaults
- name: lidarr
url: https://lidarr.alexlebens.net
<<: *defaults
- name: lidatube
url: https://lidatube.alexlebens.net
<<: *defaults
- name: slskd
url: https://slskd.alexlebens.net
<<: *defaults
- name: qui
url: https://qui.alexlebens.net
<<: *defaults
- name: qbittorrent
url: https://qbittorrent.alexlebens.net
<<: *defaults
- name: prowlarr
url: https://prowlarr.alexlebens.net
<<: *defaults
- name: bazarr
url: https://bazarr.alexlebens.net
<<: *defaults
conditions:
- "[STATUS] == 401"
- name: huntarr
url: https://huntarr.alexlebens.net
<<: *defaults
- name: tdarr
url: https://tdarr.alexlebens.net
<<: *defaults
- name: www
url: https://www.alexlebens.dev
<<: *defaults
group: external
- name: directus
url: https://directus.alexlebens.dev
<<: *defaults
group: external
- name: postiz
url: https://postiz.alexlebens.dev
<<: *defaults
interval: 120s
group: external
- name: matrix
url: https://chat.alexlebens.dev
<<: *defaults
group: external
- name: outline
url: https://wiki.alexlebens.dev
<<: *defaults
group: external
- name: vaultwarden
url: https://passwords.alexlebens.dev
<<: *defaults
group: external
- name: karakeep
url: https://karakeep.alexlebens.dev
<<: *defaults
group: external
- name: freshrss
url: https://rss.alexlebens.dev/i/
<<: *defaults
group: external
conditions:
- "[STATUS] == 401"
- name: gitea-external
url: https://gitea.alexlebens.dev
<<: *defaults
group: external
- name: codeserver
url: https://codeserver.alexlebens.dev
<<: *defaults
group: external
- name: public homepage
url: https://home.alexlebens.dev
<<: *defaults
group: external
- name: discord
group: public
url: https://discord.com/app
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 400"
interval: 10s
- name: reddit
group: public
url: https://reddit.com
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 400"
interval: 10s
postgres-17-cluster:
mode: recovery
cluster:
storage:
storageClass: local-path
walStorage:
storageClass: local-path
monitoring:
enabled: true
prometheusRule:
enabled: true
recovery:
method: objectStore
objectStore:
destinationPath: s3://postgres-backups/cl01tl/gatus/gatus-postgresql-17-cluster
endpointURL: http://garage-main.garage:3900
index: 1
endpointCredentials: gatus-postgresql-17-cluster-backup-secret-garage
backup:
objectStore:
- name: external
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/gatus/gatus-postgresql-17-cluster
index: 2
retentionPolicy: "30d"
isWALArchiver: false
- name: garage-local
destinationPath: s3://postgres-backups/cl01tl/gatus/gatus-postgresql-17-cluster
index: 1
endpointURL: http://garage-main.garage:3900
endpointCredentials: gatus-postgresql-17-cluster-backup-secret-garage
endpointCredentialsIncludeRegion: true
retentionPolicy: "3d"
isWALArchiver: true
# - name: garage-remote
# destinationPath: s3://postgres-backups/cl01tl/gatus/gatus-postgresql-17-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: gatus-postgresql-17-cluster-backup-secret-garage
# retentionPolicy: "30d"
# data:
# compression: bzip2
# jobs: 2
scheduledBackups:
- name: daily-backup
suspend: false
schedule: "0 0 0 * * *"
backupName: external
- name: live-backup
suspend: false
immediate: true
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: false
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote