From 88a97644aef9607b30077b58060c7c7494550381 Mon Sep 17 00:00:00 2001
From: Alex Lebens <alexanderlebens@gmail.com>
Date: Thu, 9 Apr 2026 14:24:18 -0500
Subject: [PATCH] feat: use built in postgres

---
 clusters/cl01tl/helm/kyoo/Chart.lock          |  7 +-
 clusters/cl01tl/helm/kyoo/Chart.yaml          |  8 +-
 .../helm/kyoo/templates/external-secret.yaml  | 24 ++++++
 clusters/cl01tl/helm/kyoo/values.yaml         | 78 ++++++-------------
 4 files changed, 52 insertions(+), 65 deletions(-)

diff --git a/clusters/cl01tl/helm/kyoo/Chart.lock b/clusters/cl01tl/helm/kyoo/Chart.lock
index f8d52b524..f60bc9997 100644
--- a/clusters/cl01tl/helm/kyoo/Chart.lock
+++ b/clusters/cl01tl/helm/kyoo/Chart.lock
@@ -2,11 +2,8 @@ dependencies:
 - name: kyoo
   repository: oci://ghcr.io/zoriya/helm-charts
   version: 5.0.0
-- name: postgres-cluster
-  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.11.2
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:0a5ba08e137471d788da07502db63f5be535c2843f5bfda74fb873a997846ded
-generated: "2026-04-08T21:04:05.245024-05:00"
+digest: sha256:46a986610568c2ca342db3bb34658eb0567f967dfee8dd8a317881103da0f6f9
+generated: "2026-04-09T14:23:43.657618-05:00"
diff --git a/clusters/cl01tl/helm/kyoo/Chart.yaml b/clusters/cl01tl/helm/kyoo/Chart.yaml
index 2852a0b76..6497d97ab 100644
--- a/clusters/cl01tl/helm/kyoo/Chart.yaml
+++ b/clusters/cl01tl/helm/kyoo/Chart.yaml
@@ -22,10 +22,10 @@ dependencies:
   - name: kyoo
     repository: oci://ghcr.io/zoriya/helm-charts
     version: 5.0.0
-  - name: postgres-cluster
-    alias: postgres-18-cluster
-    version: 7.11.2
-    repository: oci://harbor.alexlebens.net/helm-charts
+  # - name: volsync-target
+  #   alias: volsync-target-db
+  #   version: 0.8.0
+  #   repository: oci://harbor.alexlebens.net/helm-charts
   - name: volsync-target
     alias: volsync-target-metadata
     version: 0.8.0
diff --git a/clusters/cl01tl/helm/kyoo/templates/external-secret.yaml b/clusters/cl01tl/helm/kyoo/templates/external-secret.yaml
index bfe8e3107..fa6fead23 100644
--- a/clusters/cl01tl/helm/kyoo/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/kyoo/templates/external-secret.yaml
@@ -29,6 +29,30 @@ spec:
         key: /tvdb/alexlebens
         property: api-key
 
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: kyoo-db-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: kyoo-db-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: postgres_user
+      remoteRef:
+        key: /cl01tl/kyoo/db
+        property: user
+    - secretKey: postgres_password
+      remoteRef:
+        key: /cl01tl/kyoo/db
+        property: password
+
 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
diff --git a/clusters/cl01tl/helm/kyoo/values.yaml b/clusters/cl01tl/helm/kyoo/values.yaml
index f1923d008..fb14c7a5f 100644
--- a/clusters/cl01tl/helm/kyoo/values.yaml
+++ b/clusters/cl01tl/helm/kyoo/values.yaml
@@ -4,28 +4,14 @@ kyoo:
       fsGroup: 1000
       fsGroupChangePolicy: OnRootMismatch
     postgres:
-      shared:
-        host: kyoo-postgresql-18-cluster-rw
-        port: 5432
-        existingSecret: kyoo-postgresql-18-cluster-app
-        userKey: user
+      infra:
+        user: kyoo_all
         passwordKey: password
-      kyoo_api:
-        database: kyoo_api
-        sslmode: disable
-        kyoo_api:
-          userKey: user
-          passwordKey: password
-          existingSecret: kyoo-postgresql-18-cluster-superuser
-      kyoo_auth:
-        database: kyoo_auth
-        sslmode: disable
-      kyoo_scanner:
-        database: kyoo_scanner
-        sslmode: disable
-      kyoo_transcoder:
-        database: kyoo_transcoder
-        sslmode: disable
+        existingSecret: kyoo-db-secret
+      shared:
+        existingSecret: kyoo-db-secret
+        userKey: postgres_user
+        passwordKey: postgres_password
   kyoo:
     address: https://kyoo.alexlebens.net
     auth:
@@ -175,41 +161,21 @@ kyoo:
   traefikproxy:
     enabled: false
   postgres:
-    enabled: false
-postgres-18-cluster:
-  mode: recovery
-  cluster:
-    enableSuperuserAccess: true
-  recovery:
-    method: objectStore
-    objectStore:
-      index: 1
-  backup:
-    objectStore:
-      - name: garage-local
-        index: 1
-        destinationBucket: postgres-backups
-        externalSecretCredentialPath: /garage/home-infra/postgres-backups
-        isWALArchiver: true
-    scheduledBackups:
-      - name: live-backup
-        suspend: false
-        immediate: true
-        schedule: "0 5 14 * * *"
-        backupName: garage-local
-  databases:
-    - name: kyoo_api
-      ensure: present
-      owner: app
-    - name: kyoo_auth
-      ensure: present
-      owner: app
-    - name: kyoo_scanner
-      ensure: present
-      owner: app
-    - name: kyoo_transcoder
-      ensure: present
-      owner: app
+    enabled: true
+    persistence:
+      enabled: true
+      size: 5Gi
+volsync-target-db:
+  pvcTarget: kyoo-db
+  local:
+    enabled: true
+    schedule: 26 8 * * *
+  remote:
+    enabled: true
+    schedule: 26 9 * * *
+  external:
+    enabled: true
+    schedule: 26 10 * * *
 volsync-target-metadata:
   pvcTarget: kyoo-apimetadata
   local: