update chart

clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml

@@ -605,6 +605,25 @@ spec:
   resyncPeriod: 1h
   url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/immich.json
 
+---
+apiVersion: grafana.integreatly.org/v1beta1
+kind: GrafanaDashboard
+metadata:
+  name: grafana-dashboard-jellyfin
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: grafana-dashboard-jellyfin
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  instanceSelector:
+    matchLabels:
+      app: grafana-main
+  contentCacheDuration: 1h
+  folderUID: grafana-folder-application
+  resyncPeriod: 1h
+  url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/jellyfin.json
+
 ---
 apiVersion: grafana.integreatly.org/v1beta1
 kind: GrafanaDashboard

clusters/cl01tl/helm/jellystat/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 4.5.0
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.1.4
+  version: 7.4.3
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.6.0
-digest: sha256:e78c421c8c0d03aff0e873ef37790183d19dd08a1b9150056a6f85a6740ad77e
+digest: sha256:520db247b91a1f121892c8283868f7737b6de01b9928d3af06a3706119c7f373
-generated: "2025-12-21T19:03:32.744669228Z"
+generated: "2025-12-23T17:57:17.828908-06:00"

clusters/cl01tl/helm/jellystat/Chart.yaml

@@ -21,11 +21,12 @@ dependencies:
     version: 4.5.0
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.1.4
+    version: 7.4.3
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: volsync-target
     alias: volsync-target-data
     version: 0.6.0
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/jellystat.png
+# renovate: github=CyferShepard/Jellystat
 appVersion: 1.1.6

clusters/cl01tl/helm/jellystat/templates/external-secret.yaml

@@ -33,70 +33,3 @@ spec:
         key: /cl01tl/jellystat/auth
         metadataPolicy: None
         property: password
-
----
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: jellystat-postgresql-18-cluster-backup-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: jellystat-postgresql-18-cluster-backup-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: ACCESS_KEY_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/postgres-backups
-        metadataPolicy: None
-        property: access
-    - secretKey: ACCESS_SECRET_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/postgres-backups
-        metadataPolicy: None
-        property: secret
-
----
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: jellystat-postgresql-18-cluster-backup-secret-garage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: jellystat-postgresql-18-cluster-backup-secret-garage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: ACCESS_KEY_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /garage/home-infra/postgres-backups
-        metadataPolicy: None
-        property: ACCESS_KEY_ID
-    - secretKey: ACCESS_SECRET_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /garage/home-infra/postgres-backups
-        metadataPolicy: None
-        property: ACCESS_SECRET_KEY
-    - secretKey: ACCESS_REGION
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /garage/home-infra/postgres-backups
-        metadataPolicy: None
-        property: ACCESS_REGION

clusters/cl01tl/helm/jellystat/templates/http-route.yaml

@@ -1,28 +0,0 @@
-apiVersion: gateway.networking.k8s.io/v1
-kind: HTTPRoute
-metadata:
-  name: http-route-jellystat
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: http-route-jellystat
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  parentRefs:
-    - group: gateway.networking.k8s.io
-      kind: Gateway
-      name: traefik-gateway
-      namespace: traefik
-  hostnames:
-    - jellystat.alexlebens.net
-  rules:
-    - matches:
-      - path:
-          type: PathPrefix
-          value: /
-      backendRefs:
-        - group: ''
-          kind: Service
-          name: jellystat
-          port: 80
-          weight: 100

clusters/cl01tl/helm/jellystat/values.yaml

@@ -66,6 +66,27 @@ jellystat:
           port: 80
           targetPort: 3000
           protocol: HTTP
+  route:
+    main:
+      kind: HTTPRoute
+      parentRefs:
+        - group: gateway.networking.k8s.io
+          kind: Gateway
+          name: traefik-gateway
+          namespace: traefik
+      hostnames:
+        - jellystat.alexlebens.net
+      rules:
+        - backendRefs:
+            - group: ''
+              kind: Service
+              name: jellystat
+              port: 80
+              weight: 100
+          matches:
+            - path:
+                type: PathPrefix
+                value: /
   persistence:
     data:
       forceRename: jellystat-data
@@ -80,57 +101,46 @@ jellystat:
               readOnly: false
 postgres-18-cluster:
   mode: recovery
-  cluster:
-    storage:
-      storageClass: local-path
-    walStorage:
-      storageClass: local-path
   recovery:
     method: objectStore
     objectStore:
-      destinationPath: s3://postgres-backups/cl01tl/jellystat/jellystat-postgresql-18-cluster
-      endpointURL: http://garage-main.garage:3900
       index: 1
-      endpointCredentials: jellystat-postgresql-18-cluster-backup-secret-garage
   backup:
     objectStore:
       - name: garage-local
-        destinationPath: s3://postgres-backups/cl01tl/jellystat/jellystat-postgresql-18-cluster
         index: 1
-        endpointURL: http://garage-main.garage:3900
+        destinationBucket: postgres-backups
-        endpointCredentials: jellystat-postgresql-18-cluster-backup-secret-garage
+        externalSecretCredentialPath: /garage/home-infra/postgres-backups
-        endpointCredentialsIncludeRegion: true
-        retentionPolicy: "3d"
         isWALArchiver: true
-      # - name: external
-      #   destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/jellystat/jellystat-postgresql-18-cluster
-      #   index: 1
-      #   retentionPolicy: "30d"
-      #   isWALArchiver: false
       # - name: garage-remote
-      #   destinationPath: s3://postgres-backups/cl01tl/jellystat/jellystat-postgresql-18-cluster
       #   index: 1
-      #   endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
+      #   destinationBucket: postgres-backups
-      #   endpointCredentials: jellystat-postgresql-18-cluster-backup-secret-garage
+      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
-      #   retentionPolicy: "30d"
+      #   retentionPolicy: "90d"
       #   data:
       #     compression: bzip2
-      #     jobs: 2
+      # - name: external
+      #   index: 1
+      #   endpointURL: https://nyc3.digitaloceanspaces.com
+      #   destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
+      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
+      #   isWALArchiver: false
     scheduledBackups:
       - name: live-backup
         suspend: false
         immediate: true
         schedule: "0 0 0 * * *"
         backupName: garage-local
-      # - name: daily-backup
-      #   suspend: false
-      #   immediate: true
-      #   schedule: "0 0 0 * * *"
-      #   backupName: external
       # - name: weekly-backup
       #   suspend: true
       #   immediate: true
       #   schedule: "0 0 4 * * SAT"
       #   backupName: garage-remote
+      # - name: daily-backup
+      #   suspend: true
+      #   immediate: true
+      #   schedule: "0 0 0 * * *"
+      #   backupName: external
+
 volsync-target-data:
   pvcTarget: jellystat-data

clusters/cl01tl/helm/karakeep/Chart.yaml

@@ -32,4 +32,5 @@ dependencies:
     version: 0.6.0
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/webp/karakeep.webp
+# renovate: github=karakeep-app/karakeep
 appVersion: 0.29.1

clusters/cl01tl/helm/karakeep/templates/service-monitor.yaml

@@ -1,23 +0,0 @@
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: karakeep
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: karakeep
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  endpoints:
-    - port: http
-      interval: 30s
-      scrapeTimeout: 15s
-      path: /api/metrics
-      authorization:
-        credentials:
-          key: prometheus-token
-          name: karakeep-key-secret
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: karakeep
-      app.kubernetes.io/instance: {{ .Release.Name }}

clusters/cl01tl/helm/karakeep/values.yaml

@@ -120,6 +120,22 @@ karakeep:
           port: 9222
           targetPort: 9222
           protocol: HTTP
+  serviceMonitor:
+    main:
+      selector:
+        matchLabels:
+          app.kubernetes.io/name: karakeep
+          app.kubernetes.io/instance: karakeep
+      serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
+      endpoints:
+        - port: http
+          interval: 30s
+          scrapeTimeout: 15s
+          path: /api/metrics
+          authorization:
+            credentials:
+              key: prometheus-token
+              name: karakeep-key-secret
   persistence:
     data:
       forceRename: karakeep

clusters/cl01tl/helm/kiwix/Chart.yaml

@@ -18,4 +18,5 @@ dependencies:
     repository: https://bjw-s-labs.github.io/helm-charts/
     version: 4.5.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kiwix-dark.png
+# renovate: github=kiwix/kiwix-tools
 appVersion: 3.8.1

clusters/cl01tl/helm/kiwix/templates/http-route.yaml

@@ -1,28 +0,0 @@
-apiVersion: gateway.networking.k8s.io/v1
-kind: HTTPRoute
-metadata:
-  name: http-route-kiwix
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: http-route-kiwix
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  parentRefs:
-    - group: gateway.networking.k8s.io
-      kind: Gateway
-      name: traefik-gateway
-      namespace: traefik
-  hostnames:
-    - kiwix.alexlebens.net
-  rules:
-    - matches:
-      - path:
-          type: PathPrefix
-          value: /
-      backendRefs:
-        - group: ''
-          kind: Service
-          name: kiwix
-          port: 80
-          weight: 100

clusters/cl01tl/helm/kiwix/values.yaml

@@ -28,6 +28,27 @@ kiwix:
           port: 80
           targetPort: 8080
           protocol: HTTP
+  route:
+    main:
+      kind: HTTPRoute
+      parentRefs:
+        - group: gateway.networking.k8s.io
+          kind: Gateway
+          name: traefik-gateway
+          namespace: traefik
+      hostnames:
+        - kiwix.alexlebens.net
+      rules:
+        - backendRefs:
+            - group: ''
+              kind: Service
+              name: kiwix
+              port: 80
+              weight: 100
+          matches:
+            - path:
+                type: PathPrefix
+                value: /
   persistence:
     media:
       existingClaim: kiwix-nfs-storage

clusters/cl01tl/helm/komodo/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 4.5.0
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.1.4
+  version: 7.4.3
-digest: sha256:b7f3266d983008917c0d8eaaa9a5c520aa7e4a7863f8832e6cb02405af96aea0
+digest: sha256:982fc8d3fec365d0362f8ea38ecd00dd24d53d373ab3f8ac7b47bd6d6a9e8b2a
-generated: "2025-12-21T19:03:43.872906546Z"
+generated: "2025-12-23T18:08:15.003474-06:00"

clusters/cl01tl/helm/komodo/Chart.yaml

@@ -9,7 +9,7 @@ keywords:
   - docker-compose
 home: https://wiki.alexlebens.dev/s/bb7eb683-b5c7-4f50-9f2c-e8e57dc67c81
 sources:
-  - https://github.com/mbecker20/komodo
+  - https://github.com/moghtech/komodo
   - https://github.com/cloudnative-pg/cloudnative-pg
   - https://github.com/moghtech/komodo/pkgs/container/komodo-core
   - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
@@ -23,7 +23,8 @@ dependencies:
     version: 4.5.0
   - name: postgres-cluster
     alias: postgresql-17-fdb-cluster
-    version: 7.1.4
+    version: 7.4.3
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/komodo.png
+# renovate: github=moghtech/komodo
 appVersion: v1.19.5

clusters/cl01tl/helm/komodo/templates/external-secret.yaml

@@ -47,70 +47,3 @@ spec:
         key: /authentik/oidc/komodo
         metadataPolicy: None
         property: secret
-
----
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: komodo-postgresql-17-fdb-cluster-backup-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: komodo-postgresql-17-fdb-cluster-backup-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: ACCESS_KEY_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/postgres-backups
-        metadataPolicy: None
-        property: access
-    - secretKey: ACCESS_SECRET_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/postgres-backups
-        metadataPolicy: None
-        property: secret
-
----
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: komodo-postgresql-17-cluster-backup-secret-garage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: komodo-postgresql-17-cluster-backup-secret-garage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: ACCESS_KEY_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /garage/home-infra/postgres-backups
-        metadataPolicy: None
-        property: ACCESS_KEY_ID
-    - secretKey: ACCESS_SECRET_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /garage/home-infra/postgres-backups
-        metadataPolicy: None
-        property: ACCESS_SECRET_KEY
-    - secretKey: ACCESS_REGION
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /garage/home-infra/postgres-backups
-        metadataPolicy: None
-        property: ACCESS_REGION

clusters/cl01tl/helm/komodo/templates/http-route.yaml

@@ -1,28 +0,0 @@
-apiVersion: gateway.networking.k8s.io/v1
-kind: HTTPRoute
-metadata:
-  name: https-route-komodo
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: https-route-komodo
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  parentRefs:
-    - group: gateway.networking.k8s.io
-      kind: Gateway
-      name: traefik-gateway
-      namespace: traefik
-  hostnames:
-    - komodo.alexlebens.net
-  rules:
-    - matches:
-      - path:
-          type: PathPrefix
-          value: /
-      backendRefs:
-        - group: ''
-          kind: Service
-          name: komodo-main
-          port: 80
-          weight: 100

clusters/cl01tl/helm/komodo/values.yaml

@@ -122,6 +122,27 @@ komodo:
           port: 27017
           targetPort: 27017
           protocol: HTTP
+  route:
+    main:
+      kind: HTTPRoute
+      parentRefs:
+        - group: gateway.networking.k8s.io
+          kind: Gateway
+          name: traefik-gateway
+          namespace: traefik
+      hostnames:
+        - komodo.alexlebens.net
+      rules:
+        - backendRefs:
+            - group: ''
+              kind: Service
+              name: komodo-main
+              port: 80
+              weight: 100
+          matches:
+            - path:
+                type: PathPrefix
+                value: /
   persistence:
     cache:
       storageClass: ceph-block
@@ -150,10 +171,6 @@ postgresql-17-fdb-cluster:
     image:
       repository: ghcr.io/ferretdb/postgres-documentdb
       tag: "17-0.106.0-ferretdb-2.5.0"
-    storage:
-      storageClass: local-path
-    walStorage:
-      storageClass: local-path
     postgresUID: 999
     postgresGID: 999
     postgresql:
@@ -184,50 +201,39 @@ postgresql-17-fdb-cluster:
         - create extension if not exists pg_cron;
         - create extension if not exists documentdb cascade;
         - grant documentdb_admin_role to ferret;
-  recovery:
-    method: objectStore
-    objectStore:
-      destinationPath: s3://postgres-backups/cl01tl/komodo/komodo-postgresql-17-fdb-cluster
-      endpointURL: http://garage-main.garage:3900
-      index: 1
-      endpointCredentials: komodo-postgresql-17-cluster-backup-secret-garage
   backup:
     objectStore:
       - name: garage-local
-        destinationPath: s3://postgres-backups/cl01tl/komodo/komodo-postgresql-17-cluster
         index: 1
-        endpointURL: http://garage-main.garage:3900
+        destinationBucket: postgres-backups
-        endpointCredentials: komodo-postgresql-17-cluster-backup-secret-garage
+        externalSecretCredentialPath: /garage/home-infra/postgres-backups
-        endpointCredentialsIncludeRegion: true
-        retentionPolicy: "3d"
         isWALArchiver: true
-      # - name: external
-      #   destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/komodo/komodo-postgresql-17-fdb-cluster
-      #   index: 1
-      #   retentionPolicy: "30d"
-      #   isWALArchiver: false
       # - name: garage-remote
-      #   destinationPath: s3://postgres-backups/cl01tl/komodo/komodo-postgresql-17-cluster
       #   index: 1
-      #   endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
+      #   destinationBucket: postgres-backups
-      #   endpointCredentials: komodo-postgresql-17-cluster-backup-secret-garage
+      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
-      #   retentionPolicy: "30d"
+      #   retentionPolicy: "90d"
       #   data:
       #     compression: bzip2
-      #     jobs: 2
+      # - name: external
+      #   index: 1
+      #   endpointURL: https://nyc3.digitaloceanspaces.com
+      #   destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
+      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
+      #   isWALArchiver: false
     scheduledBackups:
       - name: live-backup
         suspend: false
         immediate: true
         schedule: "0 0 0 * * *"
         backupName: garage-local
-      # - name: daily-backup
-      #   suspend: false
-      #   immediate: true
-      #   schedule: "0 0 0 * * *"
-      #   backupName: external
       # - name: weekly-backup
       #   suspend: true
       #   immediate: true
       #   schedule: "0 0 4 * * SAT"
       #   backupName: garage-remote
+      # - name: daily-backup
+      #   suspend: true
+      #   immediate: true
+      #   schedule: "0 0 0 * * *"
+      #   backupName: external