alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 3 Actions Activity

feat: refactor more
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 34s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 27s
Details
render-manifests / render-manifests (pull_request) Successful in 50s
Details

Browse Source
This commit is contained in:
Alex Lebens
2026-03-24 20:37:01 -05:00
parent e43c77295e
commit aeffd097ce
9 changed files with 68 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
clusters/cl01tl/helm/code-server/Chart.yaml
View File

@@ -5,14 +5,14 @@ description: Code Server
keywords: keywords:
- code-server - code-server
- code - code
- ide home: https://docs.alexlebens.dev/applications/code-server/
home: https://wiki.alexlebens.dev/s/233f96bb-db70-47e4-8b22-a8efcbb0f93d
sources: sources:
- https://github.com/coder/code-server - https://github.com/coder/code-server
- https://github.com/cloudflare/cloudflared - https://github.com/linuxserver/docker-code-server
- https://hub.docker.com/r/linuxserver/code-server - https://github.com/linuxserver/docker-code-server/pkgs/container/code-server
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -28,5 +28,5 @@ dependencies:
version: 0.8.0 version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png
# renovate: datasource=github-releases depName=linuxserver/docker-code-server # renovate: datasource=github-releases depName=coder/code-server
appVersion: 4.108.1 appVersion: 4.112.0

6
clusters/cl01tl/helm/code-server/templates/external-secret.yaml
View File

@@ -14,15 +14,9 @@ spec:
data: data:
- secretKey: PASSWORD - secretKey: PASSWORD
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/code-server/auth key: /cl01tl/code-server/auth
metadataPolicy: None
property: PASSWORD property: PASSWORD
- secretKey: SUDO_PASSWORD - secretKey: SUDO_PASSWORD
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/code-server/auth key: /cl01tl/code-server/auth
metadataPolicy: None
property: SUDO_PASSWORD property: SUDO_PASSWORD

16
clusters/cl01tl/helm/code-server/values.yaml
View File

@@ -4,16 +4,18 @@ code-server:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3 pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers: containers:
main: main:
image: image:
repository: ghcr.io/linuxserver/code-server repository: ghcr.io/linuxserver/code-server
tag: 4.112.0@sha256:4bb5b8ad22268001687c047f0f04933799fb03df1eb0e1e266ba15ed2d9f4e8b tag: 4.112.0@sha256:4bb5b8ad22268001687c047f0f04933799fb03df1eb0e1e266ba15ed2d9f4e8b
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: US/Central value: America/Chicago
- name: PUID - name: PUID
value: 1000 value: 1000
- name: PGID - name: PGID
@@ -26,7 +28,7 @@ code-server:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 128Mi memory: 80Mi
service: service:
main: main:
controller: main controller: main
@@ -47,11 +49,8 @@ code-server:
- code-server.alexlebens.net - code-server.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- group: '' - name: code-server
kind: Service
name: code-server
port: 8443 port: 8443
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -62,7 +61,6 @@ code-server:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 2Gi size: 2Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:

6
clusters/cl01tl/helm/coredns/Chart.yaml
View File

@@ -5,9 +5,7 @@ description: CoreDNS
keywords: keywords:
- coredns - coredns
- dns - dns
- network home: https://docs.alexlebens.dev/applications/coredns/
- kubernetes
home: https://wiki.alexlebens.dev/s/
sources: sources:
- https://github.com/coredns/coredns - https://github.com/coredns/coredns
- https://github.com/coredns/helm - https://github.com/coredns/helm
@@ -17,6 +15,6 @@ dependencies:
- name: coredns - name: coredns
version: 1.45.2 version: 1.45.2
repository: https://coredns.github.io/helm repository: https://coredns.github.io/helm
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/coredns.png icon: https://raw.githubusercontent.com/coredns/coredns.io/refs/heads/master/static/images/favicon.png
# renovate: datasource=github-releases depName=coredns/coredns # renovate: datasource=github-releases depName=coredns/coredns
appVersion: v1.14.2 appVersion: v1.14.2

34
clusters/cl01tl/helm/coredns/values.yaml
View File

@@ -1,23 +1,18 @@
coredns: coredns:
image: image:
repository: registry.k8s.io/coredns/coredns repository: registry.k8s.io/coredns/coredns
tag: v1.14.2 tag: v1.14.2@sha256:e7e6440cfd1e919280958f5b5a6ab2b184d385bba774c12ad2a9e1e4183f90d9
replicaCount: 3 replicaCount: 3
resources: resources:
limits:
cpu: null
memory: null
requests: requests:
cpu: 50m cpu: 20m
memory: 128Mi memory: 32Mi
rollingUpdate:
maxUnavailable: 1
maxSurge: 25%
terminationGracePeriodSeconds: 30
serviceType: "ClusterIP"
prometheus: prometheus:
service: service:
enabled: true enabled: true
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9153"
monitor: monitor:
enabled: true enabled: true
namespace: kube-system namespace: kube-system
@@ -29,18 +24,7 @@ coredns:
serviceAccount: serviceAccount:
create: true create: true
name: coredns name: coredns
rbac:
create: true
isClusterService: true
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
servers: servers:
- zones: - zones:
- zone: . - zone: .
@@ -77,6 +61,8 @@ coredns:
- name: errors - name: errors
- name: cache - name: cache
parameters: 30 parameters: 30
- name: prometheus
parameters: :9153
- name: forward - name: forward
parameters: . 10.111.232.172 parameters: . 10.111.232.172
- zones: - zones:
@@ -88,6 +74,8 @@ coredns:
- name: errors - name: errors
- name: cache - name: cache
parameters: 30 parameters: 30
- name: prometheus
parameters: :9153
- name: forward - name: forward
parameters: . 10.97.20.219 parameters: . 10.97.20.219
nodeSelector: nodeSelector:
@@ -100,6 +88,4 @@ coredns:
operator: Exists operator: Exists
effect: NoSchedule effect: NoSchedule
deployment: deployment:
skipConfig: false
enabled: true
name: coredns name: coredns

5
clusters/cl01tl/helm/dawarich/Chart.yaml
View File

@@ -5,10 +5,13 @@ description: Dawarich
keywords: keywords:
- dawarich - dawarich
- location - location
home: https://wiki.alexlebens.dev/s/ home: https://docs.alexlebens.dev/applications/dawarich/
sources: sources:
- https://github.com/Freika/dawarich - https://github.com/Freika/dawarich
- https://hub.docker.com/r/freikin/dawarich
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:

9
clusters/cl01tl/helm/dawarich/templates/external-secret.yaml
View File

@@ -14,10 +14,7 @@ spec:
data: data:
- secretKey: key - secretKey: key
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/dawarich/key key: /cl01tl/dawarich/key
metadataPolicy: None
property: key property: key
--- ---
@@ -37,15 +34,9 @@ spec:
data: data:
- secretKey: client - secretKey: client
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/dawarich key: /authentik/oidc/dawarich
metadataPolicy: None
property: client property: client
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/dawarich key: /authentik/oidc/dawarich
metadataPolicy: None
property: secret property: secret

73
clusters/cl01tl/helm/dawarich/values.yaml
View File

@@ -4,15 +4,20 @@ dawarich:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: freikin/dawarich repository: freikin/dawarich
tag: 1.4.0 tag: 1.4.0@sha256:07adb7643b00d1d8f606c675931d3604317fa3851b91b74ec503df8d50734cb8
pullPolicy: IfNotPresent command:
command: ["web-entrypoint.sh"] - "web-entrypoint.sh"
args: ["bin/rails", "server", "-p", "3000", "-b", "::"] args:
- "bin/rails"
- "server"
- "-p"
- "3000"
- "-b"
- "::"
env: env:
- name: RAILS_ENV - name: RAILS_ENV
value: production value: production
@@ -86,14 +91,14 @@ dawarich:
value: true value: true
probes: probes:
liveness: liveness:
enabled: false enabled: true
custom: true custom: true
spec: spec:
exec: exec:
command: command:
- /bin/sh - /bin/sh
- -c - -c
- wget -qO - http://127.0.0.1:3000/api/v1/health | grep -Eq '\"status\"\\s*:\\s*\"ok\"' - "wget -qO - http://127.0.0.1:3000/api/v1/health | grep -q '\"status\"\\s*:\\s*\"ok\"'"
failureThreshold: 5 failureThreshold: 5
initialDelaySeconds: 60 initialDelaySeconds: 60
periodSeconds: 10 periodSeconds: 10
@@ -102,14 +107,15 @@ dawarich:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 128Mi memory: 750Mi
sidekiq: sidekiq:
image: image:
repository: freikin/dawarich repository: freikin/dawarich
tag: 1.4.0 tag: 1.4.0@sha256:07adb7643b00d1d8f606c675931d3604317fa3851b91b74ec503df8d50734cb8
pullPolicy: IfNotPresent command:
command: ["sidekiq-entrypoint.sh"] - "sidekiq-entrypoint.sh"
args: ["sidekiq"] args:
- "sidekiq"
env: env:
- name: RAILS_ENV - name: RAILS_ENV
value: production value: production
@@ -185,23 +191,19 @@ dawarich:
value: true value: true
probes: probes:
liveness: liveness:
enabled: false enabled: true
custom: true custom: true
spec: spec:
exec: exec:
command: command:
- /bin/sh - pgrep
- -c - -f
- pgrep -f sidekiq - sidekiq
failureThreshold: 5 failureThreshold: 5
initialDelaySeconds: 60 initialDelaySeconds: 60
periodSeconds: 10 periodSeconds: 10
successThreshold: 1 successThreshold: 1
timeoutSeconds: 10 timeoutSeconds: 10
resources:
requests:
cpu: 10m
memory: 128Mi
service: service:
main: main:
controller: main controller: main
@@ -238,11 +240,8 @@ dawarich:
- dawarich.alexlebens.net - dawarich.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- group: "" - name: dawarich
kind: Service
name: dawarich
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -253,7 +252,6 @@ dawarich:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 5Gi size: 5Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -267,7 +265,6 @@ dawarich:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 5Gi size: 5Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -281,7 +278,6 @@ dawarich:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 1Gi size: 1Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -313,32 +309,9 @@ postgres-18-cluster:
destinationBucket: postgres-backups destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 10 14 * * *" schedule: "0 10 14 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external

16
renovate.json
View File

@@ -155,6 +155,22 @@
"/(^|/)(?<appName>dawarich|komodo|immich|home-assistant|element-web|cilium)/" "/(^|/)(?<appName>dawarich|komodo|immich|home-assistant|element-web|cilium)/"
] ]
}, },
{
"description": "Group Bazarr dependencies",
"groupName": "bazarr",
"groupSlug": "unified-bazarr",
"matchPackageNames": [
"bazarr$"
]
},
{
"description": "Group Code Server dependencies",
"groupName": "code-server",
"groupSlug": "unified-code-server",
"matchPackageNames": [
"code-server$"
]
},
{ {
"description": "Group Rook-Ceph dependencies", "description": "Group Rook-Ceph dependencies",
"groupName": "rook-ceph", "groupName": "rook-ceph",