update chart

clusters/cl01tl/helm/kube-prometheus-stack/values.yaml

@@ -109,7 +109,7 @@ kube-prometheus-stack:
         apiVersion: gateway.networking.k8s.io/v1
         kind: HTTPRoute
         hostnames:
-          - alertmanager.alexlebens.net
+          - prometheus.alexlebens.net
         parentRefs:
           - group: gateway.networking.k8s.io
             kind: Gateway

clusters/cl01tl/helm/metrics-server/Chart.yaml

@@ -17,4 +17,5 @@ dependencies:
     version: 3.13.0
     repository: https://kubernetes-sigs.github.io/metrics-server/
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
+# renovate: github=kubernetes-sigs/metrics-server
 appVersion: 0.8.0

clusters/cl01tl/helm/n8n/Chart.lock

@@ -4,12 +4,12 @@ dependencies:
   version: 4.5.0
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.1.4
+  version: 7.4.3
 - name: redis-replication
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.5.0
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.6.0
-digest: sha256:692bb4765e403070bc65221fdc482c180fd532a74ed799ab3d62b913df9efde0
+digest: sha256:044b0cda285583d8cb792725b75887041f82e5d6906566cd3677d2f67186d7f1
-generated: "2025-12-21T19:04:22.998905868Z"
+generated: "2025-12-23T22:38:27.330827-06:00"

clusters/cl01tl/helm/n8n/Chart.yaml

@@ -21,7 +21,7 @@ dependencies:
     version: 4.5.0
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.1.4
+    version: 7.4.3
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: redis-replication
     version: 0.5.0
@@ -31,4 +31,5 @@ dependencies:
     version: 0.6.0
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/n8n.png
+# renovate: github=n8n-io/n8n
 appVersion: 2.0.1

clusters/cl01tl/helm/n8n/templates/external-secret.yaml

@@ -19,70 +19,3 @@ spec:
         key: /cl01tl/n8n/config
         metadataPolicy: None
         property: key
-
----
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: n8n-postgresql-18-cluster-backup-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: n8n-postgresql-18-cluster-backup-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: ACCESS_KEY_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/postgres-backups
-        metadataPolicy: None
-        property: access
-    - secretKey: ACCESS_SECRET_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/postgres-backups
-        metadataPolicy: None
-        property: secret
-
----
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: n8n-postgresql-18-cluster-backup-secret-garage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: n8n-postgresql-18-cluster-backup-secret-garage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: ACCESS_KEY_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /garage/home-infra/postgres-backups
-        metadataPolicy: None
-        property: ACCESS_KEY_ID
-    - secretKey: ACCESS_SECRET_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /garage/home-infra/postgres-backups
-        metadataPolicy: None
-        property: ACCESS_SECRET_KEY
-    - secretKey: ACCESS_REGION
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /garage/home-infra/postgres-backups
-        metadataPolicy: None
-        property: ACCESS_REGION

clusters/cl01tl/helm/n8n/templates/http-route.yaml

@@ -1,47 +0,0 @@
-apiVersion: gateway.networking.k8s.io/v1
-kind: HTTPRoute
-metadata:
-  name: http-route-n8n
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: http-route-n8n
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  parentRefs:
-    - group: gateway.networking.k8s.io
-      kind: Gateway
-      name: traefik-gateway
-      namespace: traefik
-  hostnames:
-    - n8n.alexlebens.net
-  rules:
-    - matches:
-      - path:
-          type: PathPrefix
-          value: /
-      - path:
-          type: PathPrefix
-          value: /webhook-test/
-      backendRefs:
-        - group: ''
-          kind: Service
-          name: n8n-main
-          port: 80
-          weight: 100
-    - matches:
-      - path:
-          type: PathPrefix
-          value: /webhook/
-      - path:
-          type: PathPrefix
-          value: /webhook-waiting/
-      - path:
-          type: PathPrefix
-          value: /form/
-      backendRefs:
-        - group: ''
-          kind: Service
-          name: n8n-webhook
-          port: 80
-          weight: 100

clusters/cl01tl/helm/n8n/templates/service-monitor.yaml

@@ -1,61 +0,0 @@
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: n8n-main
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: n8n-main
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: n8n-main
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  endpoints:
-    - port: http
-      interval: 3m
-      scrapeTimeout: 1m
-      path: /metrics
-
----
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: n8n-worker
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: n8n-worker
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: n8n-worker
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  endpoints:
-    - port: http
-      interval: 3m
-      scrapeTimeout: 1m
-      path: /metrics
-
----
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: n8n-webhook
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: n8n-webhook
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: n8n-webhook
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  endpoints:
-    - port: http
-      interval: 3m
-      scrapeTimeout: 1m
-      path: /metrics

clusters/cl01tl/helm/n8n/values.yaml

@@ -292,6 +292,80 @@ n8n:
           port: 80
           targetPort: 5678
           protocol: HTTP
+  serviceMonitor:
+    main:
+      selector:
+        matchLabels:
+          app.kubernetes.io/name: n8n-main
+          app.kubernetes.io/instance: n8n-main
+      serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
+      endpoints:
+        - port: http
+          interval: 3m
+          scrapeTimeout: 1m
+          path: /metrics
+    worker:
+      selector:
+        matchLabels:
+          app.kubernetes.io/name: n8n-worker
+          app.kubernetes.io/instance: n8n-worker
+      serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
+      endpoints:
+        - port: http
+          interval: 3m
+          scrapeTimeout: 1m
+          path: /metrics
+    webhook:
+      selector:
+        matchLabels:
+          app.kubernetes.io/name: n8n-webhook
+          app.kubernetes.io/instance: n8n-webhook
+      serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
+      endpoints:
+        - port: http
+          interval: 3m
+          scrapeTimeout: 1m
+          path: /metrics
+  route:
+    main:
+      kind: HTTPRoute
+      parentRefs:
+        - group: gateway.networking.k8s.io
+          kind: Gateway
+          name: traefik-gateway
+          namespace: traefik
+      hostnames:
+        - n8n.alexlebens.net
+      rules:
+        - backendRefs:
+            - group: ''
+              kind: Service
+              name: n8n-main
+              port: 80
+              weight: 100
+          matches:
+            - path:
+                type: PathPrefix
+                value: /
+            - path:
+                type: PathPrefix
+                value: /webhook-test/
+        - backendRefs:
+            - group: ''
+              kind: Service
+              name: n8n-webhook
+              port: 80
+              weight: 100
+          matches:
+            - path:
+                type: PathPrefix
+                value: /webhook/
+            - path:
+                type: PathPrefix
+                value: /webhook-waiting/
+            - path:
+                type: PathPrefix
+                value: /form/
   persistence:
     data:
       storageClass: ceph-block
@@ -315,58 +389,46 @@ n8n:
               readOnly: false
 postgres-18-cluster:
   mode: recovery
-  cluster:
-    storage:
-      storageClass: local-path
-    walStorage:
-      storageClass: local-path
   recovery:
     method: objectStore
     objectStore:
-      destinationPath: s3://postgres-backups/cl01tl/n8n/n8n-postgresql-18-cluster
-      endpointURL: http://garage-main.garage:3900
       index: 1
-      endpointCredentials: n8n-postgresql-18-cluster-backup-secret-garage
   backup:
     objectStore:
       - name: garage-local
-        destinationPath: s3://postgres-backups/cl01tl/n8n/n8n-postgresql-18-cluster
         index: 1
-        endpointURL: http://garage-main.garage:3900
+        destinationBucket: postgres-backups
-        endpointCredentials: n8n-postgresql-18-cluster-backup-secret-garage
+        externalSecretCredentialPath: /garage/home-infra/postgres-backups
-        endpointCredentialsIncludeRegion: true
-        retentionPolicy: "3d"
         isWALArchiver: true
-      # - name: external
-      #   destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/n8n/n8n-postgresql-18-cluster
-      #   index: 1
-      #   retentionPolicy: "30d"
-      #   isWALArchiver: false
       # - name: garage-remote
-      #   destinationPath: s3://postgres-backups/cl01tl/n8n/n8n-postgresql-18-cluster
       #   index: 1
-      #   endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
+      #   destinationBucket: postgres-backups
-      #   endpointCredentials: n8n-postgresql-18-cluster-backup-secret-garage
+      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
-      #   retentionPolicy: "30d"
+      #   retentionPolicy: "90d"
       #   data:
       #     compression: bzip2
-      #     jobs: 2
+      # - name: external
+      #   index: 1
+      #   endpointURL: https://nyc3.digitaloceanspaces.com
+      #   destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
+      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
+      #   isWALArchiver: false
     scheduledBackups:
       - name: live-backup
         suspend: false
         immediate: true
         schedule: "0 0 0 * * *"
         backupName: garage-local
-      # - name: daily-backup
-      #   suspend: false
-      #   immediate: true
-      #   schedule: "0 0 0 * * *"
-      #   backupName: external
       # - name: weekly-backup
       #   suspend: true
       #   immediate: true
       #   schedule: "0 0 4 * * SAT"
       #   backupName: garage-remote
+      # - name: daily-backup
+      #   suspend: true
+      #   immediate: true
+      #   schedule: "0 0 0 * * *"
+      #   backupName: external
 redis-replication:
   existingSecret:
     enabled: false

clusters/cl01tl/helm/nfs/Chart.yaml

@@ -18,4 +18,5 @@ dependencies:
     version: 4.0.18
     repository: https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
+# renovate: github=kubernetes-sigs/nfs-subdir-external-provisioner
 appVersion: 4.0.18

clusters/cl01tl/helm/node-feature-discovery/Chart.yaml

@@ -17,4 +17,5 @@ dependencies:
     version: 0.18.3
     repository: oci://registry.k8s.io/nfd/charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
+# renovate: github=kubernetes-sigs/node-feature-discovery
 appVersion: 0.18.3

clusters/cl01tl/helm/ntfy/Chart.yaml

@@ -19,4 +19,5 @@ dependencies:
     repository: https://bjw-s-labs.github.io/helm-charts/
     version: 4.5.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ntfy.png
+# renovate: github=binwiederhier/ntfy
 appVersion: 2.15.0

clusters/cl01tl/helm/ntfy/templates/http-route.yaml

@@ -1,28 +0,0 @@
-apiVersion: gateway.networking.k8s.io/v1
-kind: HTTPRoute
-metadata:
-  name: http-route-ntfy
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: http-route-ntfy
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  parentRefs:
-    - group: gateway.networking.k8s.io
-      kind: Gateway
-      name: traefik-gateway
-      namespace: traefik
-  hostnames:
-    - ntfy.alexlebens.net
-  rules:
-    - matches:
-      - path:
-          type: PathPrefix
-          value: /
-      backendRefs:
-        - group: ''
-          kind: Service
-          name: ntfy
-          port: 80
-          weight: 100

clusters/cl01tl/helm/ntfy/templates/service-monitor.yaml

@@ -1,19 +0,0 @@
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: ntfy
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: ntfy
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: ntfy
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  endpoints:
-    - port: metrics
-      interval: 3m
-      scrapeTimeout: 1m
-      path: /metrics

clusters/cl01tl/helm/ntfy/values.yaml

@@ -98,6 +98,39 @@ ntfy:
           port: 9090
           targetPort: 9090
           protocol: HTTP
+  serviceMonitor:
+    main:
+      selector:
+        matchLabels:
+          app.kubernetes.io/name: ntfy
+          app.kubernetes.io/instance: ntfy
+      serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
+      endpoints:
+        - port: metrics
+          interval: 3m
+          scrapeTimeout: 1m
+          path: /metrics
+  route:
+    main:
+      kind: HTTPRoute
+      parentRefs:
+        - group: gateway.networking.k8s.io
+          kind: Gateway
+          name: traefik-gateway
+          namespace: traefik
+      hostnames:
+        - ntfy.alexlebens.net
+      rules:
+        - backendRefs:
+            - group: ''
+              kind: Service
+              name: ntfy
+              port: 80
+              weight: 100
+          matches:
+            - path:
+                type: PathPrefix
+                value: /
   persistence:
     cache:
       storageClass: ceph-block

clusters/cl01tl/helm/ollama/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 4.5.0
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.1.4
+  version: 7.4.3
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.6.0
-digest: sha256:db20d1c1312edaac4f6eab1653f73e5ab671ea638cc8b86b6df30441bc996c07
+digest: sha256:788846f7405c069ceb90e230f73426cedf4b431ec6688cbe610559678edf12f1
-generated: "2025-12-21T19:04:35.283369867Z"
+generated: "2025-12-23T22:42:20.843046-06:00"

clusters/cl01tl/helm/ollama/Chart.yaml

@@ -23,11 +23,12 @@ dependencies:
     version: 4.5.0
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.1.4
+    version: 7.4.3
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: volsync-target
     alias: volsync-target-data
     version: 0.6.0
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png
+# renovate: github=ollama/ollama
 appVersion: 0.13.3

clusters/cl01tl/helm/ollama/templates/external-secret.yaml

@@ -50,70 +50,3 @@ spec:
         key: /authentik/oidc/ollama
         metadataPolicy: None
         property: secret
-
----
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: ollama-web-postgresql-18-cluster-backup-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: ollama-web-postgresql-18-cluster-backup-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: ACCESS_KEY_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/postgres-backups
-        metadataPolicy: None
-        property: access
-    - secretKey: ACCESS_SECRET_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/postgres-backups
-        metadataPolicy: None
-        property: secret
-
----
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: ollama-web-postgresql-18-cluster-backup-secret-garage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: ollama-web-postgresql-18-cluster-backup-secret-garage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: ACCESS_KEY_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /garage/home-infra/postgres-backups
-        metadataPolicy: None
-        property: ACCESS_KEY_ID
-    - secretKey: ACCESS_SECRET_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /garage/home-infra/postgres-backups
-        metadataPolicy: None
-        property: ACCESS_SECRET_KEY
-    - secretKey: ACCESS_REGION
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /garage/home-infra/postgres-backups
-        metadataPolicy: None
-        property: ACCESS_REGION

clusters/cl01tl/helm/ollama/templates/http-route.yaml

@@ -1,28 +0,0 @@
-apiVersion: gateway.networking.k8s.io/v1
-kind: HTTPRoute
-metadata:
-  name: http-route-ollama
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: http-route-ollama
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  parentRefs:
-    - group: gateway.networking.k8s.io
-      kind: Gateway
-      name: traefik-gateway
-      namespace: traefik
-  hostnames:
-    - ollama.alexlebens.net
-  rules:
-    - matches:
-      - path:
-          type: PathPrefix
-          value: /
-      backendRefs:
-        - group: ''
-          kind: Service
-          name: ollama-web
-          port: 80
-          weight: 100

clusters/cl01tl/helm/ollama/values.yaml

@@ -195,6 +195,27 @@ ollama:
           port: 80
           targetPort: 8080
           protocol: HTTP
+  route:
+    main:
+      kind: HTTPRoute
+      parentRefs:
+        - group: gateway.networking.k8s.io
+          kind: Gateway
+          name: traefik-gateway
+          namespace: traefik
+      hostnames:
+        - ollama.alexlebens.net
+      rules:
+        - backendRefs:
+            - group: ''
+              kind: Service
+              name: ollama-web
+              port: 80
+              weight: 100
+          matches:
+            - path:
+                type: PathPrefix
+                value: /
   persistence:
     server-1:
       storageClass: ceph-block
@@ -238,61 +259,47 @@ ollama:
             - path: /app/backend/data
               readOnly: false
 postgres-18-cluster:
-  nameOverride: ollama-web-postgresql-18
   mode: recovery
-  cluster:
-    storage:
-      storageClass: local-path
-    walStorage:
-      storageClass: local-path
   recovery:
     method: objectStore
     objectStore:
-      destinationPath: s3://postgres-backups/cl01tl/ollama/ollama-web-postgresql-18-cluster
-      endpointURL: http://garage-main.garage:3900
       index: 1
-      endpointCredentials: ollama-web-postgresql-18-cluster-backup-secret-garage
   backup:
     objectStore:
       - name: garage-local
-        destinationPath: s3://postgres-backups/cl01tl/ollama/ollama-web-postgresql-18-cluster
         index: 1
-        endpointURL: http://garage-main.garage:3900
+        destinationBucket: postgres-backups
-        endpointCredentials: ollama-web-postgresql-18-cluster-backup-secret-garage
+        externalSecretCredentialPath: /garage/home-infra/postgres-backups
-        endpointCredentialsIncludeRegion: true
-        retentionPolicy: "3d"
         isWALArchiver: true
-      # - name: external
-      #   destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/ollama/ollama-web-postgresql-18-cluster
-      #   index: 1
-      #   endpointCredentials: ollama-web-postgresql-18-cluster-backup-secret
-      #   retentionPolicy: "30d"
-      #   isWALArchiver: false
       # - name: garage-remote
-      #   destinationPath: s3://postgres-backups/cl01tl/ollama/ollama-web-postgresql-18-cluster
       #   index: 1
-      #   endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
+      #   destinationBucket: postgres-backups
-      #   endpointCredentials: ollama-web-postgresql-18-cluster-backup-secret-garage
+      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
-      #   retentionPolicy: "30d"
+      #   retentionPolicy: "90d"
       #   data:
       #     compression: bzip2
-      #     jobs: 2
+      # - name: external
+      #   index: 1
+      #   endpointURL: https://nyc3.digitaloceanspaces.com
+      #   destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
+      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
+      #   isWALArchiver: false
     scheduledBackups:
       - name: live-backup
         suspend: false
         immediate: true
         schedule: "0 0 0 * * *"
         backupName: garage-local
-      # - name: daily-backup
-      #   suspend: false
-      #   immediate: true
-      #   schedule: "0 0 0 * * *"
-      #   backupName: external
       # - name: weekly-backup
       #   suspend: true
       #   immediate: true
       #   schedule: "0 0 4 * * SAT"
       #   backupName: garage-remote
+      # - name: daily-backup
+      #   suspend: true
+      #   immediate: true
+      #   schedule: "0 0 0 * * *"
+      #   backupName: external
 volsync-target-data:
   pvcTarget: ollama-web-data
   moverSecurityContext: