diff --git a/clusters/cl01tl/helm/roundcube/Chart.lock b/clusters/cl01tl/helm/roundcube/Chart.lock index 1693c0656..fcb47a11a 100644 --- a/clusters/cl01tl/helm/roundcube/Chart.lock +++ b/clusters/cl01tl/helm/roundcube/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 4.6.2 - name: postgres-cluster repository: oci://harbor.alexlebens.net/helm-charts - version: 7.10.0 + version: 7.11.2 - name: volsync-target repository: oci://harbor.alexlebens.net/helm-charts version: 0.8.0 -digest: sha256:755aa4db5c7142d46af4a80c9fce49c3c558cc81042c9a00a0bdcd607276e856 -generated: "2026-03-15T20:09:18.053504671Z" +digest: sha256:3385cf67283187e62972293322a24c0bd3cf979cd870a3f157728e50b601e4f6 +generated: "2026-04-06T17:40:21.003745-05:00" diff --git a/clusters/cl01tl/helm/roundcube/Chart.yaml b/clusters/cl01tl/helm/roundcube/Chart.yaml index 29780db04..0c186e341 100644 --- a/clusters/cl01tl/helm/roundcube/Chart.yaml +++ b/clusters/cl01tl/helm/roundcube/Chart.yaml @@ -4,12 +4,12 @@ version: 1.0.0 description: Roundcube keywords: - roundcube - - email -home: https://wiki.alexlebens.dev/s/68896660-74d8-4166-82bd-f7c282cdb08e + - email-client +home: https://docs.alexlebens.dev/applications/rclone/ sources: - https://github.com/roundcube/roundcubemail - - https://github.com/cloudnative-pg/cloudnative-pg - https://hub.docker.com/r/roundcube/roundcubemail + - https://hub.docker.com/_/nginx - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster maintainers: @@ -21,7 +21,7 @@ dependencies: version: 4.6.2 - name: postgres-cluster alias: postgres-18-cluster - version: 7.10.0 + version: 7.11.2 repository: oci://harbor.alexlebens.net/helm-charts - name: volsync-target alias: volsync-target-data diff --git a/clusters/cl01tl/helm/roundcube/templates/external-secret.yaml b/clusters/cl01tl/helm/roundcube/templates/external-secret.yaml index e77ee5256..4d287732c 100644 --- a/clusters/cl01tl/helm/roundcube/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/roundcube/templates/external-secret.yaml @@ -14,8 +14,5 @@ spec: data: - secretKey: DES_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/roundcube/key - metadataPolicy: None property: DES_KEY diff --git a/clusters/cl01tl/helm/roundcube/values.yaml b/clusters/cl01tl/helm/roundcube/values.yaml index 918790dc6..446ec25aa 100644 --- a/clusters/cl01tl/helm/roundcube/values.yaml +++ b/clusters/cl01tl/helm/roundcube/values.yaml @@ -4,13 +4,11 @@ roundcube: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 containers: main: image: repository: roundcube/roundcubemail - tag: 1.6.15-fpm-alpine - pullPolicy: IfNotPresent + tag: 1.6.15-fpm-alpine@sha256:0e07c1c66d5a1392f0c47cc79e85e0c60095108f715037d7d0aa3fd8cbe2e780 env: - name: ROUNDCUBEMAIL_DB_TYPE value: pgsql @@ -53,40 +51,32 @@ roundcube: value: archive,zipdownload,newmail_notifier resources: requests: - cpu: 10m - memory: 256Mi + cpu: 1m + memory: 40Mi nginx: image: repository: nginx - tag: 1.29.7-alpine-slim - pullPolicy: IfNotPresent + tag: 1.29.7-alpine-slim@sha256:0848ca84c476868cbeb6a5c2c009a98821b8540f96c44b1ba06820db50262e35 env: - name: NGINX_HOST value: mail.alexlebens.net - name: NGINX_PHP_CGI value: roundcube.roundcube:9000 - resources: - requests: - cpu: 10m - memory: 128Mi cleandb: type: cronjob cronjob: suspend: false - concurrencyPolicy: Forbid - timeZone: US/Central + timeZone: America/Chicago schedule: 30 4 * * * - startingDeadlineSeconds: 90 - successfulJobsHistory: 1 - failedJobsHistory: 1 backoffLimit: 3 parallelism: 1 containers: backup: image: repository: roundcube/roundcubemail - tag: 1.6.15-fpm-alpine - pullPolicy: IfNotPresent + tag: 1.6.15-fpm-alpine@sha256:0e07c1c66d5a1392f0c47cc79e85e0c60095108f715037d7d0aa3fd8cbe2e780 + args: + - bin/cleandb.sh env: - name: ROUNDCUBEMAIL_DB_TYPE value: pgsql @@ -123,12 +113,6 @@ roundcube: value: elastic - name: ROUNDCUBEMAIL_PLUGINS value: archive,zipdownload,newmail_notifier - args: - - bin/cleandb.sh - resources: - requests: - cpu: 100m - memory: 128Mi configMaps: config: enabled: true @@ -167,11 +151,9 @@ roundcube: mail: port: 9000 targetPort: 9000 - protocol: HTTP web: port: 80 targetPort: 80 - protocol: HTTP route: main: kind: HTTPRoute @@ -184,11 +166,8 @@ roundcube: - mail.alexlebens.net rules: - backendRefs: - - group: '' - kind: Service - name: roundcube + - name: roundcube port: 80 - weight: 100 matches: - path: type: PathPrefix @@ -210,7 +189,6 @@ roundcube: storageClass: ceph-block accessMode: ReadWriteOnce size: 5Gi - retain: true advancedMounts: main: main: @@ -239,35 +217,12 @@ postgres-18-cluster: destinationBucket: postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups isWALArchiver: true - # - name: garage-remote - # index: 1 - # destinationBucket: postgres-backups - # externalSecretCredentialPath: /garage/home-infra/postgres-backups - # retentionPolicy: "90d" - # data: - # compression: bzip2 - # - name: external - # index: 1 - # endpointURL: https://nyc3.digitaloceanspaces.com - # destinationBucket: postgres-backups-ce540ddf106d186bbddca68a - # externalSecretCredentialPath: /garage/home-infra/postgres-backups - # isWALArchiver: false scheduledBackups: - name: live-backup suspend: false immediate: true schedule: "0 40 15 * * *" backupName: garage-local - # - name: weekly-backup - # suspend: true - # immediate: true - # schedule: "0 0 4 * * SAT" - # backupName: garage-remote - # - name: daily-backup - # suspend: true - # immediate: true - # schedule: "0 0 0 * * *" - # backupName: external volsync-target-data: pvcTarget: roundcube-data local: diff --git a/clusters/cl01tl/helm/rybbit/Chart.lock b/clusters/cl01tl/helm/rybbit/Chart.lock index d833c1b16..66eb3d7aa 100644 --- a/clusters/cl01tl/helm/rybbit/Chart.lock +++ b/clusters/cl01tl/helm/rybbit/Chart.lock @@ -7,9 +7,9 @@ dependencies: version: 2.4.0 - name: postgres-cluster repository: oci://harbor.alexlebens.net/helm-charts - version: 7.10.0 + version: 7.11.2 - name: volsync-target repository: oci://harbor.alexlebens.net/helm-charts version: 0.8.0 -digest: sha256:9342eb966ec3e8020aa6b1d6d2ac72d2c4a46c4ed70c5cf52c16ff25d2f2b0fa -generated: "2026-03-15T20:09:33.800790437Z" +digest: sha256:95bab760e3dc94ba3affe42d2f91bc274ed520865a461cdaac61ba47eab6f39f +generated: "2026-04-06T17:43:01.938961-05:00" diff --git a/clusters/cl01tl/helm/rybbit/Chart.yaml b/clusters/cl01tl/helm/rybbit/Chart.yaml index 5626c2fd0..2a44b3443 100644 --- a/clusters/cl01tl/helm/rybbit/Chart.yaml +++ b/clusters/cl01tl/helm/rybbit/Chart.yaml @@ -5,12 +5,16 @@ description: Rybbit keywords: - rybbit - analytics -home: https://wiki.alexlebens.dev/s/ +home: https://docs.alexlebens.dev/applications/rybbit/ sources: - https://github.com/rybbit-io/rybbit + - https://github.com/rybbit-io/rybbit/pkgs/container/rybbit-backend + - https://github.com/rybbit-io/rybbit/pkgs/container/rybbit-client + - https://hub.docker.com/r/clickhouse/clickhouse-server/ - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target maintainers: - name: alexlebens dependencies: @@ -23,7 +27,7 @@ dependencies: version: 2.4.0 - name: postgres-cluster alias: postgres-18-cluster - version: 7.10.0 + version: 7.11.2 repository: oci://harbor.alexlebens.net/helm-charts - name: volsync-target alias: volsync-target-clickhouse-data diff --git a/clusters/cl01tl/helm/rybbit/templates/external-secret.yaml b/clusters/cl01tl/helm/rybbit/templates/external-secret.yaml index d603f0c35..b40f60b87 100644 --- a/clusters/cl01tl/helm/rybbit/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/rybbit/templates/external-secret.yaml @@ -14,29 +14,17 @@ spec: data: - secretKey: clickhouse-user remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/rybbit/clickhouse - metadataPolicy: None property: user - secretKey: clickhouse-password remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/rybbit/clickhouse - metadataPolicy: None property: password - secretKey: better-auth-secret remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/rybbit/auth - metadataPolicy: None property: better-auth-secret - secretKey: mapbox-token remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/rybbit/auth - metadataPolicy: None property: mapbox-token diff --git a/clusters/cl01tl/helm/rybbit/values.yaml b/clusters/cl01tl/helm/rybbit/values.yaml index 8a4135b7d..c2b00474b 100644 --- a/clusters/cl01tl/helm/rybbit/values.yaml +++ b/clusters/cl01tl/helm/rybbit/values.yaml @@ -4,13 +4,11 @@ rybbit: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 containers: main: image: repository: ghcr.io/rybbit-io/rybbit-backend - tag: v2.5.0 - pullPolicy: IfNotPresent + tag: v2.5.0@sha256:fd00f61abe592f872a0e4ac13f8c7b190ab2810e72f898faea4809d7ced46eef env: - name: NODE_ENV value: production @@ -71,17 +69,12 @@ rybbit: key: mapbox-token probes: liveness: - enabled: false + enabled: true custom: true spec: - exec: - command: - - CMD - - wget - - --no-verbose - - --tries=1 - - --spider - - http://127.0.0.1:3001/api/health + httpGet: + path: /api/health + port: 3001 failureThreshold: 5 initialDelaySeconds: 10 periodSeconds: 30 @@ -90,18 +83,16 @@ rybbit: resources: requests: cpu: 10m - memory: 256Mi + memory: 200Mi client: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 containers: main: image: - repository: harbor.alexlebens.net/images/rybbit-client - tag: v2.4.0 - pullPolicy: IfNotPresent + repository: ghcr.io/rybbit-io/rybbit-client + tag: v2.5.0@sha256:741908be311a23ee4e58c5f82c6740bf75bbe4f7430ff2aec420f6189b1378b8 env: - name: NODE_ENV value: production @@ -112,18 +103,16 @@ rybbit: resources: requests: cpu: 10m - memory: 256Mi + memory: 100Mi clickhouse: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 containers: main: image: repository: clickhouse/clickhouse-server - tag: 26.3.3 - pullPolicy: IfNotPresent + tag: 26.3.3@sha256:5cfbc0598ee3bd850ac1b2ab150e6c9ec7b9207f1a97617e015325fb5df053d0 env: - name: CLICKHOUSE_DB value: analytics @@ -139,17 +128,12 @@ rybbit: key: clickhouse-password probes: liveness: - enabled: false + enabled: true custom: true spec: - exec: - command: - - CMD - - wget - - --no-verbose - - --tries=1 - - --spider - - http://localhost:8123/ping + httpGet: + path: /ping + port: 8123 failureThreshold: 5 initialDelaySeconds: 10 periodSeconds: 30 @@ -157,8 +141,8 @@ rybbit: timeoutSeconds: 5 resources: requests: - cpu: 10m - memory: 256Mi + cpu: 40m + memory: 300Mi configMaps: config: enabled: true @@ -208,28 +192,24 @@ rybbit: http: port: 3001 targetPort: 3001 - protocol: HTTP client: controller: client ports: http: port: 3002 targetPort: 3002 - protocol: TCP clickhouse: controller: clickhouse ports: http: port: 8123 targetPort: 8123 - protocol: TCP persistence: clickhouse: forceRename: clickhouse-data storageClass: ceph-block accessMode: ReadWriteOnce size: 10Gi - retain: true advancedMounts: clickhouse: main: @@ -271,35 +251,12 @@ postgres-18-cluster: destinationBucket: postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups isWALArchiver: true - # - name: garage-remote - # index: 1 - # destinationBucket: postgres-backups - # externalSecretCredentialPath: /garage/home-infra/postgres-backups - # retentionPolicy: "90d" - # data: - # compression: bzip2 - # - name: external - # index: 1 - # endpointURL: https://nyc3.digitaloceanspaces.com - # destinationBucket: postgres-backups-ce540ddf106d186bbddca68a - # externalSecretCredentialPath: /garage/home-infra/postgres-backups - # isWALArchiver: false scheduledBackups: - name: live-backup suspend: false immediate: true schedule: "0 45 15 * * *" backupName: garage-local - # - name: weekly-backup - # suspend: true - # immediate: true - # schedule: "0 0 4 * * SAT" - # backupName: garage-remote - # - name: daily-backup - # suspend: true - # immediate: true - # schedule: "0 0 0 * * *" - # backupName: external volsync-target-clickhouse-data: pvcTarget: clickhouse-data moverSecurityContext: diff --git a/clusters/cl01tl/helm/s3-exporter/Chart.yaml b/clusters/cl01tl/helm/s3-exporter/Chart.yaml index d74846009..2be2351f7 100644 --- a/clusters/cl01tl/helm/s3-exporter/Chart.yaml +++ b/clusters/cl01tl/helm/s3-exporter/Chart.yaml @@ -5,9 +5,7 @@ description: S3 Exporter keywords: - s3-exporter - storage - - monitoring - - metrics -home: https://wiki.alexlebens.dev/s/ +home: https://docs.alexlebens.dev/applications/s3-exporter/ sources: - https://github.com/molu8bits/s3bucket_exporter - https://hub.docker.com/r/molu8bits/s3bucket_exporter @@ -19,5 +17,6 @@ dependencies: alias: s3-exporter repository: https://bjw-s-labs.github.io/helm-charts/ version: 4.6.2 +icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/amazon-s3.webp # renovate: datasource=github-releases depName=molu8bits/s3bucket_exporter appVersion: 1.0.2 diff --git a/clusters/cl01tl/helm/s3-exporter/templates/external-secret.yaml b/clusters/cl01tl/helm/s3-exporter/templates/external-secret.yaml index 83a73342e..34a377c54 100644 --- a/clusters/cl01tl/helm/s3-exporter/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/s3-exporter/templates/external-secret.yaml @@ -14,24 +14,15 @@ spec: data: - secretKey: AWS_ACCESS_KEY_ID remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /digital-ocean/home-infra/all-access - metadataPolicy: None property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /digital-ocean/home-infra/all-access - metadataPolicy: None property: AWS_SECRET_ACCESS_KEY - secretKey: AWS_REGION remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /digital-ocean/home-infra/prometheus-exporter - metadataPolicy: None property: AWS_REGION --- @@ -51,15 +42,9 @@ spec: data: - secretKey: AWS_ACCESS_KEY_ID remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /garage/home-infra/s3-exporter - metadataPolicy: None property: ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /garage/home-infra/s3-exporter - metadataPolicy: None property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/helm/s3-exporter/values.yaml b/clusters/cl01tl/helm/s3-exporter/values.yaml index 7916c22e8..d132255ff 100644 --- a/clusters/cl01tl/helm/s3-exporter/values.yaml +++ b/clusters/cl01tl/helm/s3-exporter/values.yaml @@ -4,13 +4,11 @@ s3-exporter: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 containers: main: image: repository: molu8bits/s3bucket_exporter - tag: 1.0.2 - pullPolicy: IfNotPresent + tag: 1.0.2@sha256:75fc839c5f12cdbf20babab534959c96356b4483743e730409132bbda6944505 env: - name: S3_NAME value: digital-ocean @@ -37,19 +35,17 @@ s3-exporter: value: false resources: requests: - cpu: 10m - memory: 64Mi + cpu: 1m + memory: 40Mi garage-local: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 containers: main: image: repository: molu8bits/s3bucket_exporter - tag: 1.0.2 - pullPolicy: IfNotPresent + tag: 1.0.2@sha256:75fc839c5f12cdbf20babab534959c96356b4483743e730409132bbda6944505 env: - name: S3_NAME value: garage-local @@ -73,19 +69,17 @@ s3-exporter: value: true resources: requests: - cpu: 10m - memory: 64Mi + cpu: 1m + memory: 40Mi garage-remote: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 containers: main: image: repository: molu8bits/s3bucket_exporter - tag: 1.0.2 - pullPolicy: IfNotPresent + tag: 1.0.2@sha256:75fc839c5f12cdbf20babab534959c96356b4483743e730409132bbda6944505 env: - name: S3_NAME value: garage-remote @@ -109,8 +103,8 @@ s3-exporter: value: true resources: requests: - cpu: 10m - memory: 64Mi + cpu: 1m + memory: 40Mi service: digital-ocean: controller: digital-ocean @@ -118,21 +112,18 @@ s3-exporter: metrics: port: 9655 targetPort: 9655 - protocol: TCP garage-local: controller: garage-local ports: metrics: port: 9655 targetPort: 9655 - protocol: TCP garage-remote: controller: garage-remote ports: metrics: port: 9655 targetPort: 9655 - protocol: TCP serviceMonitor: digital-ocean: selector: