From cd0eefdbec9ac3ee8197039bc5470463009065e3 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Tue, 7 Apr 2026 21:03:04 -0500 Subject: [PATCH] feat: refactor apps --- clusters/cl01tl/helm/vault/values.yaml | 4 +- clusters/cl01tl/helm/vaultwarden/Chart.yaml | 2 +- clusters/cl01tl/helm/vaultwarden/values.yaml | 2 +- clusters/cl01tl/helm/volsync/values.yaml | 2 +- clusters/cl01tl/helm/whodb/Chart.yaml | 5 +-- clusters/cl01tl/helm/whodb/values.yaml | 14 ++----- clusters/cl01tl/helm/yamtrack/Chart.lock | 8 ++-- clusters/cl01tl/helm/yamtrack/Chart.yaml | 11 +++-- .../yamtrack/templates/external-secret.yaml | 6 --- clusters/cl01tl/helm/yamtrack/values.yaml | 37 ++-------------- clusters/cl01tl/helm/yubal/Chart.yaml | 5 ++- .../helm/yubal/templates/external-secret.yaml | 42 ------------------- .../helm/yubal/templates/namespace.yaml | 11 ----- clusters/cl01tl/helm/yubal/values.yaml | 12 ++---- 14 files changed, 30 insertions(+), 131 deletions(-) delete mode 100644 clusters/cl01tl/helm/yubal/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/yubal/templates/namespace.yaml diff --git a/clusters/cl01tl/helm/vault/values.yaml b/clusters/cl01tl/helm/vault/values.yaml index 8450adb0b..4b569b6ce 100644 --- a/clusters/cl01tl/helm/vault/values.yaml +++ b/clusters/cl01tl/helm/vault/values.yaml @@ -13,7 +13,7 @@ vault: resources: requests: cpu: 50m - memory: 90Mi + memory: 512Mi authDelegator: enabled: false livenessProbe: @@ -30,7 +30,7 @@ vault: size: 1Gi storageClass: ceph-block auditStorage: - enabled: true + enabled: false size: 5Gi storageClass: ceph-block standalone: diff --git a/clusters/cl01tl/helm/vaultwarden/Chart.yaml b/clusters/cl01tl/helm/vaultwarden/Chart.yaml index fc4d11458..5de637306 100644 --- a/clusters/cl01tl/helm/vaultwarden/Chart.yaml +++ b/clusters/cl01tl/helm/vaultwarden/Chart.yaml @@ -8,7 +8,7 @@ keywords: home: https://docs.alexlebens.dev/applications/vault/ sources: - https://github.com/dani-garcia/vaultwarden - - https://hub.docker.com/r/vaultwarden/server + - https://github.com/dani-garcia/vaultwarden/pkgs/container/vaultwarden - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster diff --git a/clusters/cl01tl/helm/vaultwarden/values.yaml b/clusters/cl01tl/helm/vaultwarden/values.yaml index e0de023ec..e4104445b 100644 --- a/clusters/cl01tl/helm/vaultwarden/values.yaml +++ b/clusters/cl01tl/helm/vaultwarden/values.yaml @@ -7,7 +7,7 @@ vaultwarden: containers: main: image: - repository: ghcr.io/vaultwarden/server + repository: ghcr.io/dani-garcia/vaultwarden tag: 1.35.4@sha256:43498a94b22f9563f2a94b53760ab3e710eefc0d0cac2efda4b12b9eb8690664 env: - name: DOMAIN diff --git a/clusters/cl01tl/helm/volsync/values.yaml b/clusters/cl01tl/helm/volsync/values.yaml index b8c297635..8da644be5 100644 --- a/clusters/cl01tl/helm/volsync/values.yaml +++ b/clusters/cl01tl/helm/volsync/values.yaml @@ -2,7 +2,7 @@ volsync: replicaCount: 2 image: repository: quay.io/backube/volsync - image: 0.15.0@sha256:4fedd41b3101dde090542009c4177f703d241bf4760d1767bd9df08fd8fd93a4 + tag: 0.15.0@sha256:4fedd41b3101dde090542009c4177f703d241bf4760d1767bd9df08fd8fd93a4 manageCRDs: true metrics: disableAuth: true diff --git a/clusters/cl01tl/helm/whodb/Chart.yaml b/clusters/cl01tl/helm/whodb/Chart.yaml index 4efe3265a..09331faa1 100644 --- a/clusters/cl01tl/helm/whodb/Chart.yaml +++ b/clusters/cl01tl/helm/whodb/Chart.yaml @@ -4,9 +4,8 @@ version: 1.0.0 description: WhoDB keywords: - whodb - - postgresql - - database -home: https://wiki.alexlebens.dev/s/f329e026-7ade-4a3c-a5f1-1ac1492b9786 + - database-dashboard +home: https://docs.alexlebens.dev/applications/whodb/ sources: - https://github.com/clidey/whodb - https://hub.docker.com/r/clidey/whodb diff --git a/clusters/cl01tl/helm/whodb/values.yaml b/clusters/cl01tl/helm/whodb/values.yaml index 164df6ca2..ca5c6a233 100644 --- a/clusters/cl01tl/helm/whodb/values.yaml +++ b/clusters/cl01tl/helm/whodb/values.yaml @@ -3,13 +3,11 @@ whodb: main: type: deployment replicas: 1 - strategy: Recreate containers: main: image: repository: clidey/whodb - tag: 0.104.0 - pullPolicy: IfNotPresent + tag: 0.104.0@sha256:ab485c021b862aac50bb88658f3342ca01d3eba33e933353692bc9989b2912c4 env: - name: WHODB_OLLAMA_HOST value: ollama-server-2.ollama @@ -17,8 +15,8 @@ whodb: value: 11434 resources: requests: - cpu: 10m - memory: 256Mi + cpu: 1m + memory: 20Mi service: main: controller: main @@ -26,7 +24,6 @@ whodb: http: port: 80 targetPort: 8080 - protocol: TCP route: main: kind: HTTPRoute @@ -39,11 +36,8 @@ whodb: - whodb.alexlebens.net rules: - backendRefs: - - group: '' - kind: Service - name: whodb + - name: whodb port: 80 - weight: 100 matches: - path: type: PathPrefix diff --git a/clusters/cl01tl/helm/yamtrack/Chart.lock b/clusters/cl01tl/helm/yamtrack/Chart.lock index 21f447058..535c505fd 100644 --- a/clusters/cl01tl/helm/yamtrack/Chart.lock +++ b/clusters/cl01tl/helm/yamtrack/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 4.6.2 - name: postgres-cluster repository: oci://harbor.alexlebens.net/helm-charts - version: 7.10.0 + version: 7.11.2 - name: valkey repository: oci://harbor.alexlebens.net/helm-charts - version: 0.4.0 -digest: sha256:71da007e1cef75e45b1678caa51b0d2317cb8f4dfdf7df675d534194f03650aa -generated: "2026-03-15T20:11:03.591727143Z" + version: 0.5.0 +digest: sha256:473de03f0404ca8c53e85ea2a22797a8ba040102c6dca977face60f81f3130e4 +generated: "2026-04-07T20:57:56.63402-05:00" diff --git a/clusters/cl01tl/helm/yamtrack/Chart.yaml b/clusters/cl01tl/helm/yamtrack/Chart.yaml index fb87f1392..39315d470 100644 --- a/clusters/cl01tl/helm/yamtrack/Chart.yaml +++ b/clusters/cl01tl/helm/yamtrack/Chart.yaml @@ -4,15 +4,14 @@ version: 1.0.0 description: Yamtrack keywords: - yamtrack - - media - - jellyfin -home: https://wiki.alexlebens.dev/s/74f31779-734e-42d0-852e-efd57ebdc797 + - media-tracking +home: https://docs.alexlebens.dev/applications/yamtrack/ sources: - https://github.com/FuzzyGrim/Yamtrack - - https://github.com/cloudnative-pg/cloudnative-pg - https://github.com/FuzzyGrim/Yamtrack/pkgs/container/yamtrack - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey maintainers: - name: alexlebens dependencies: @@ -22,11 +21,11 @@ dependencies: version: 4.6.2 - name: postgres-cluster alias: postgres-18-cluster - version: 7.10.0 + version: 7.11.2 repository: oci://harbor.alexlebens.net/helm-charts - name: valkey alias: valkey - version: 0.4.0 + version: 0.5.0 repository: oci://harbor.alexlebens.net/helm-charts icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/yamtrack.png # renovate: datasource=github-releases depName=FuzzyGrim/Yamtrack diff --git a/clusters/cl01tl/helm/yamtrack/templates/external-secret.yaml b/clusters/cl01tl/helm/yamtrack/templates/external-secret.yaml index 326d40c7c..1f6f5ebb7 100644 --- a/clusters/cl01tl/helm/yamtrack/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/yamtrack/templates/external-secret.yaml @@ -14,10 +14,7 @@ spec: data: - secretKey: SECRET remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/yamtrack/config - metadataPolicy: None property: SECRET --- @@ -37,8 +34,5 @@ spec: data: - secretKey: SOCIALACCOUNT_PROVIDERS remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/yamtrack - metadataPolicy: None property: SOCIALACCOUNT_PROVIDERS diff --git a/clusters/cl01tl/helm/yamtrack/values.yaml b/clusters/cl01tl/helm/yamtrack/values.yaml index d3065088e..2ec1b3443 100644 --- a/clusters/cl01tl/helm/yamtrack/values.yaml +++ b/clusters/cl01tl/helm/yamtrack/values.yaml @@ -4,16 +4,14 @@ yamtrack: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 containers: main: image: repository: ghcr.io/fuzzygrim/yamtrack - tag: 0.25.0 - pullPolicy: IfNotPresent + tag: 0.25.0@sha256:df76008258452a6cda73d971dc4ffbcbca96c5220154a02c9b70bf0bb0e24931 env: - name: TZ - value: US/Central + value: America/Chicago - name: URLS value: https://yamtrack.alexlebens.net - name: REGISTRATION @@ -60,7 +58,7 @@ yamtrack: resources: requests: cpu: 10m - memory: 256Mi + memory: 380Mi service: main: controller: main @@ -68,7 +66,6 @@ yamtrack: http: port: 80 targetPort: 8000 - protocol: HTTP route: main: kind: HTTPRoute @@ -81,11 +78,8 @@ yamtrack: - yamtrack.alexlebens.net rules: - backendRefs: - - group: '' - kind: Service - name: yamtrack + - name: yamtrack port: 80 - weight: 100 matches: - path: type: PathPrefix @@ -103,32 +97,9 @@ postgres-18-cluster: destinationBucket: postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups isWALArchiver: true - # - name: garage-remote - # index: 1 - # destinationBucket: postgres-backups - # externalSecretCredentialPath: /garage/home-infra/postgres-backups - # retentionPolicy: "90d" - # data: - # compression: bzip2 - # - name: external - # index: 1 - # endpointURL: https://nyc3.digitaloceanspaces.com - # destinationBucket: postgres-backups-ce540ddf106d186bbddca68a - # externalSecretCredentialPath: /garage/home-infra/postgres-backups - # isWALArchiver: false scheduledBackups: - name: live-backup suspend: false immediate: true schedule: "0 10 16 * * *" backupName: garage-local - # - name: weekly-backup - # suspend: true - # immediate: true - # schedule: "0 0 4 * * SAT" - # backupName: garage-remote - # - name: daily-backup - # suspend: true - # immediate: true - # schedule: "0 0 0 * * *" - # backupName: external diff --git a/clusters/cl01tl/helm/yubal/Chart.yaml b/clusters/cl01tl/helm/yubal/Chart.yaml index db8bba44c..55727ae0f 100644 --- a/clusters/cl01tl/helm/yubal/Chart.yaml +++ b/clusters/cl01tl/helm/yubal/Chart.yaml @@ -5,11 +5,11 @@ description: yubal keywords: - yubal - music - - youtube -home: https://wiki.alexlebens.dev/s/ +home: https://docs.alexlebens.dev/applications/yamtrack/ sources: - https://github.com/guillevc/yubal - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target maintainers: - name: alexlebens dependencies: @@ -21,5 +21,6 @@ dependencies: alias: volsync-target-config version: 0.8.0 repository: oci://harbor.alexlebens.net/helm-charts +icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/yubal.png # renovate: datasource=github-releases depName=guillevc/yubal appVersion: v0.7.2 diff --git a/clusters/cl01tl/helm/yubal/templates/external-secret.yaml b/clusters/cl01tl/helm/yubal/templates/external-secret.yaml deleted file mode 100644 index 5dbc54124..000000000 --- a/clusters/cl01tl/helm/yubal/templates/external-secret.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: yubal-wireguard-conf - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: yubal-wireguard-conf - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: private-key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /airvpn/conf/cl01tl - metadataPolicy: None - property: private-key - - secretKey: preshared-key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /airvpn/conf/cl01tl - metadataPolicy: None - property: preshared-key - - secretKey: addresses - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /airvpn/conf/cl01tl - metadataPolicy: None - property: addresses - - secretKey: input-ports - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /airvpn/conf/cl01tl - metadataPolicy: None - property: input-ports diff --git a/clusters/cl01tl/helm/yubal/templates/namespace.yaml b/clusters/cl01tl/helm/yubal/templates/namespace.yaml deleted file mode 100644 index 09fdc401e..000000000 --- a/clusters/cl01tl/helm/yubal/templates/namespace.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: yubal - labels: - app.kubernetes.io/name: yubal - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - pod-security.kubernetes.io/audit: privileged - pod-security.kubernetes.io/enforce: privileged - pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/helm/yubal/values.yaml b/clusters/cl01tl/helm/yubal/values.yaml index cb8007dc6..3ca085f35 100644 --- a/clusters/cl01tl/helm/yubal/values.yaml +++ b/clusters/cl01tl/helm/yubal/values.yaml @@ -4,18 +4,17 @@ yubal: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 pod: securityContext: runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch containers: main: image: repository: ghcr.io/guillevc/yubal tag: 0.7.2@sha256:906b7c90b738e77ad140178f6a5145f98c12af36e8321d427148c092836c37be - pullPolicy: IfNotPresent env: - name: YUBAL_TZ value: America/Chicago @@ -28,7 +27,7 @@ yubal: resources: requests: cpu: 10m - memory: 128Mi + memory: 200Mi service: main: controller: main @@ -36,7 +35,6 @@ yubal: http: port: 80 targetPort: 8000 - protocol: HTTP route: main: kind: HTTPRoute @@ -49,11 +47,8 @@ yubal: - yubal.alexlebens.net rules: - backendRefs: - - group: '' - kind: Service - name: yubal + - name: yubal port: 80 - weight: 100 matches: - path: type: PathPrefix @@ -64,7 +59,6 @@ yubal: storageClass: ceph-block accessMode: ReadWriteOnce size: 1Gi - retain: true advancedMounts: main: main: