diff --git a/clusters/cl01tl/helm/ntfy/Chart.lock b/clusters/cl01tl/helm/ntfy/Chart.lock index 775fae66c..45d8bda8c 100644 --- a/clusters/cl01tl/helm/ntfy/Chart.lock +++ b/clusters/cl01tl/helm/ntfy/Chart.lock @@ -2,5 +2,8 @@ dependencies: - name: app-template repository: https://bjw-s-labs.github.io/helm-charts/ version: 4.6.2 -digest: sha256:30d747f8b08ed690202fda39ab6e19bd74ebc45548847a087ddbf175abe1438c -generated: "2026-01-16T18:50:22.233502056Z" +- name: postgres-cluster + repository: oci://harbor.alexlebens.net/helm-charts + version: 7.11.2 +digest: sha256:a689da8f05654c3e83e3f1459670cc201c28b9b4444c6891dca7ac4b70c5a4be +generated: "2026-04-04T19:19:40.397469-05:00" diff --git a/clusters/cl01tl/helm/ntfy/Chart.yaml b/clusters/cl01tl/helm/ntfy/Chart.yaml index 5fb57216b..8d03936c4 100644 --- a/clusters/cl01tl/helm/ntfy/Chart.yaml +++ b/clusters/cl01tl/helm/ntfy/Chart.yaml @@ -5,8 +5,7 @@ description: Ntfy keywords: - ntfy - notifications - - messaging -home: https://wiki.alexlebens.dev/s/5bfc09dd-688b-48f0-8d33-b9bf452df98a +home: https://docs.alexlebens.dev/applications/ntfy/ sources: - https://github.com/binwiederhier/ntfy - https://hub.docker.com/r/binwiederhier/ntfy @@ -18,6 +17,10 @@ dependencies: alias: ntfy repository: https://bjw-s-labs.github.io/helm-charts/ version: 4.6.2 + - name: postgres-cluster + alias: postgres-18-cluster + version: 7.11.2 + repository: oci://harbor.alexlebens.net/helm-charts icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ntfy.png # renovate: datasource=github-releases depName=binwiederhier/ntfy appVersion: 2.21.0 diff --git a/clusters/cl01tl/helm/ntfy/templates/external-secret.yaml b/clusters/cl01tl/helm/ntfy/templates/external-secret.yaml new file mode 100644 index 000000000..b043dd4eb --- /dev/null +++ b/clusters/cl01tl/helm/ntfy/templates/external-secret.yaml @@ -0,0 +1,18 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: ntfy-config-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ntfy-config-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: attachment-cache-dir + remoteRef: + key: /garage/home-infra/ntfy-attachments + property: attachment-cache-dir diff --git a/clusters/cl01tl/helm/ntfy/values.yaml b/clusters/cl01tl/helm/ntfy/values.yaml index 21321be34..45146a865 100644 --- a/clusters/cl01tl/helm/ntfy/values.yaml +++ b/clusters/cl01tl/helm/ntfy/values.yaml @@ -4,17 +4,15 @@ ntfy: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 containers: main: image: repository: binwiederhier/ntfy - tag: v2.21.0 - pullPolicy: IfNotPresent + tag: v2.21.0@sha256:2b9e12d56a538f4402da51328eeca02696c4b207ab7fbe031c27e51a22ca9b86 args: ["serve"] env: - name: TZ - value: US/Central + value: America/Chicago - name: NTFY_BASE_URL value: https://ntfy.alexlebens.net - name: NTFY_LISTEN_HTTP @@ -32,36 +30,32 @@ ntfy: vacuum; - name: NTFY_BEHIND_PROXY value: true + # - name: NTFY_DATABASE_URL + # valueFrom: + # secretKeyRef: + # name: ntfy-postgresql-18-cluster-app + # key: uri - name: NTFY_ATTACHMENT_CACHE_DIR - value: /var/cache/ntfy/attachments + valueFrom: + secretKeyRef: + name: ntfy-config-secret + key: attachment-cache-dir - name: NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT - value: 4G + value: 10G - name: NTFY_ATTACHMENT_FILE_SIZE_LIMIT - value: 15M + value: 150M - name: NTFY_ATTACHMENT_EXPIRY_DURATION - value: 36h + value: 72h - name: NTFY_ENABLE_SIGNUP value: false - name: NTFY_ENABLE_LOGIN value: true - name: NTFY_ENABLE_RESERVATIONS value: false - # - name: NTFY_UPSTREAM_BASE_URL - # value: https://ntfy.sh - name: NTFY_AUTH_FILE value: /var/cache/ntfy/user.db - name: NTFY_AUTH_DEFAULT_ACCESS value: deny-all - # - name: NTFY_UPSTREAM_ACCESS_TOKEN - # value: "" - # - name: NTFY_WEB_PUSH_PUBLIC_KEY - # value: "" - # - name: NTFY_WEB_PUSH_PRIVATE_KEY - # value: "" - # - name: NTFY_WEB_PUSH_FILE - # value: /var/lib/ntfy/webpush.db - # - name: NTFY_WEB_PUSH_EMAIL_ADDRESS - # value: "" - name: NTFY_METRICS_LISTEN_HTTP value: :9090 - name: NTFY_LOG_LEVEL @@ -71,13 +65,9 @@ ntfy: enabled: false custom: true spec: - exec: - command: - - /usr/bin/env - - sh - - -c - - wget -q --tries=1 http://localhost:80/v1/health -O - | grep -Eo '\"healthy\"\\s*:\\s*true' || exit 1 - failureThreshold: 10 + httpGet: + path: /v1/health + port: 80 initialDelaySeconds: 60 periodSeconds: 60 successThreshold: 1 @@ -85,7 +75,7 @@ ntfy: resources: requests: cpu: 10m - memory: 128Mi + memory: 40Mi service: main: controller: main @@ -93,11 +83,9 @@ ntfy: http: port: 80 targetPort: 80 - protocol: HTTP metrics: port: 9090 targetPort: 9090 - protocol: HTTP serviceMonitor: main: selector: @@ -122,11 +110,8 @@ ntfy: - ntfy.alexlebens.net rules: - backendRefs: - - group: '' - kind: Service - name: ntfy + - name: ntfy port: 80 - weight: 100 matches: - path: type: PathPrefix @@ -141,3 +126,22 @@ ntfy: main: - path: /var/cache/ntfy readOnly: false +postgres-18-cluster: + mode: standalone + recovery: + method: objectStore + objectStore: + index: 1 + backup: + objectStore: + - name: garage-local + index: 1 + destinationBucket: postgres-backups + externalSecretCredentialPath: /garage/home-infra/postgres-backups + isWALArchiver: true + scheduledBackups: + - name: live-backup + suspend: false + immediate: true + schedule: "0 15 14 * * *" + backupName: garage-local diff --git a/clusters/cl01tl/helm/rclone/templates/external-secret.yaml b/clusters/cl01tl/helm/rclone/templates/external-secret.yaml index d35c7a5cb..a310d151e 100644 --- a/clusters/cl01tl/helm/rclone/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/rclone/templates/external-secret.yaml @@ -251,3 +251,54 @@ spec: key: /garage/config/remote metadataPolicy: None property: ENDPOINT + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: garage-ntfy-attachments-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: garage-ntfy-attachments-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/ntfy-attachments + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: ACCESS_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/ntfy-attachments + metadataPolicy: None + property: ACCESS_REGION + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/ntfy-attachments + metadataPolicy: None + property: ACCESS_SECRET_KEY + - secretKey: SRC_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/config/local + metadataPolicy: None + property: ENDPOINT + - secretKey: DEST_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/config/remote + metadataPolicy: None + property: ENDPOINT diff --git a/clusters/cl01tl/helm/rclone/values.yaml b/clusters/cl01tl/helm/rclone/values.yaml index 672e34422..6aa32c0f3 100644 --- a/clusters/cl01tl/helm/rclone/values.yaml +++ b/clusters/cl01tl/helm/rclone/values.yaml @@ -503,3 +503,86 @@ rclone: key: DEST_ENDPOINT - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE value: true + ntfy-attachments: + type: cronjob + cronjob: + suspend: false + concurrencyPolicy: Forbid + timeZone: US/Central + schedule: "10 0 * * *" + startingDeadlineSeconds: 90 + successfulJobsHistory: 1 + failedJobsHistory: 1 + backoffLimit: 3 + parallelism: 1 + containers: + sync: + image: + repository: rclone/rclone + tag: 1.73.3 + pullPolicy: IfNotPresent + args: + - sync + - src:ntfy-attachments + - dest:ntfy-attachments + - --s3-no-check-bucket + - --verbose + env: + - name: RCLONE_S3_PROVIDER + value: Other + - name: RCLONE_CONFIG_SRC_TYPE + value: s3 + - name: RCLONE_CONFIG_SRC_PROVIDER + value: Other + - name: RCLONE_CONFIG_SRC_ENV_AUTH + value: false + - name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: garage-ntfy-attachments-secret + key: ACCESS_KEY_ID + - name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: garage-ntfy-attachments-secret + key: ACCESS_SECRET_KEY + - name: RCLONE_CONFIG_SRC_REGION + valueFrom: + secretKeyRef: + name: garage-ntfy-attachments-secret + key: ACCESS_REGION + - name: RCLONE_CONFIG_SRC_ENDPOINT + valueFrom: + secretKeyRef: + name: garage-ntfy-attachments-secret + key: SRC_ENDPOINT + - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE + value: true + - name: RCLONE_CONFIG_DEST_TYPE + value: s3 + - name: RCLONE_CONFIG_DEST_PROVIDER + value: Other + - name: RCLONE_CONFIG_DEST_ENV_AUTH + value: false + - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: garage-ntfy-attachments-secret + key: ACCESS_KEY_ID + - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: garage-ntfy-attachments-secret + key: ACCESS_SECRET_KEY + - name: RCLONE_CONFIG_DEST_REGION + valueFrom: + secretKeyRef: + name: garage-ntfy-attachments-secret + key: ACCESS_REGION + - name: RCLONE_CONFIG_DEST_ENDPOINT + valueFrom: + secretKeyRef: + name: garage-ntfy-attachments-secret + key: DEST_ENDPOINT + - name: RCLONE_CONFIG_SRC_DEST_FORCE_PATH_STYLE + value: true