alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 3 Actions Activity

feat: add s3 and init postgres
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 1m2s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 44s
Details
render-manifests / render-manifests (pull_request) Successful in 1m34s
Details

Browse Source
This commit is contained in:
Alex Lebens
2026-04-04 19:20:43 -05:00
parent 9d3a39bfe3
commit b405bb8976
6 changed files with 200 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
clusters/cl01tl/helm/ntfy/Chart.lock
View File

@@ -2,5 +2,8 @@ dependencies:
- name: app-template - name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
digest: sha256:30d747f8b08ed690202fda39ab6e19bd74ebc45548847a087ddbf175abe1438c - name: postgres-cluster
generated: "2026-01-16T18:50:22.233502056Z" repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
digest: sha256:a689da8f05654c3e83e3f1459670cc201c28b9b4444c6891dca7ac4b70c5a4be
generated: "2026-04-04T19:19:40.397469-05:00"

7
clusters/cl01tl/helm/ntfy/Chart.yaml
View File

@@ -5,8 +5,7 @@ description: Ntfy
keywords: keywords:
- ntfy - ntfy
- notifications - notifications
- messaging home: https://docs.alexlebens.dev/applications/ntfy/
home: https://wiki.alexlebens.dev/s/5bfc09dd-688b-48f0-8d33-b9bf452df98a
sources: sources:
- https://github.com/binwiederhier/ntfy - https://github.com/binwiederhier/ntfy
- https://hub.docker.com/r/binwiederhier/ntfy - https://hub.docker.com/r/binwiederhier/ntfy
@@ -18,6 +17,10 @@ dependencies:
alias: ntfy alias: ntfy
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ntfy.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ntfy.png
# renovate: datasource=github-releases depName=binwiederhier/ntfy # renovate: datasource=github-releases depName=binwiederhier/ntfy
appVersion: 2.21.0 appVersion: 2.21.0

18
clusters/cl01tl/helm/ntfy/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: ntfy-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: ntfy-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: attachment-cache-dir
remoteRef:
key: /garage/home-infra/ntfy-attachments
property: attachment-cache-dir

72
clusters/cl01tl/helm/ntfy/values.yaml
View File

@@ -4,17 +4,15 @@ ntfy:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: binwiederhier/ntfy repository: binwiederhier/ntfy
tag: v2.21.0 tag: v2.21.0@sha256:2b9e12d56a538f4402da51328eeca02696c4b207ab7fbe031c27e51a22ca9b86
pullPolicy: IfNotPresent
args: ["serve"] args: ["serve"]
env: env:
- name: TZ - name: TZ
value: US/Central value: America/Chicago
- name: NTFY_BASE_URL - name: NTFY_BASE_URL
value: https://ntfy.alexlebens.net value: https://ntfy.alexlebens.net
- name: NTFY_LISTEN_HTTP - name: NTFY_LISTEN_HTTP
@@ -32,36 +30,32 @@ ntfy:
vacuum; vacuum;
- name: NTFY_BEHIND_PROXY - name: NTFY_BEHIND_PROXY
value: true value: true
# - name: NTFY_DATABASE_URL
# valueFrom:
# secretKeyRef:
# name: ntfy-postgresql-18-cluster-app
# key: uri
- name: NTFY_ATTACHMENT_CACHE_DIR - name: NTFY_ATTACHMENT_CACHE_DIR
value: /var/cache/ntfy/attachments valueFrom:
secretKeyRef:
name: ntfy-config-secret
key: attachment-cache-dir
- name: NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT - name: NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT
value: 4G value: 10G
- name: NTFY_ATTACHMENT_FILE_SIZE_LIMIT - name: NTFY_ATTACHMENT_FILE_SIZE_LIMIT
value: 15M value: 150M
- name: NTFY_ATTACHMENT_EXPIRY_DURATION - name: NTFY_ATTACHMENT_EXPIRY_DURATION
value: 36h value: 72h
- name: NTFY_ENABLE_SIGNUP - name: NTFY_ENABLE_SIGNUP
value: false value: false
- name: NTFY_ENABLE_LOGIN - name: NTFY_ENABLE_LOGIN
value: true value: true
- name: NTFY_ENABLE_RESERVATIONS - name: NTFY_ENABLE_RESERVATIONS
value: false value: false
# - name: NTFY_UPSTREAM_BASE_URL
# value: https://ntfy.sh
- name: NTFY_AUTH_FILE - name: NTFY_AUTH_FILE
value: /var/cache/ntfy/user.db value: /var/cache/ntfy/user.db
- name: NTFY_AUTH_DEFAULT_ACCESS - name: NTFY_AUTH_DEFAULT_ACCESS
value: deny-all value: deny-all
# - name: NTFY_UPSTREAM_ACCESS_TOKEN
# value: ""
# - name: NTFY_WEB_PUSH_PUBLIC_KEY
# value: ""
# - name: NTFY_WEB_PUSH_PRIVATE_KEY
# value: ""
# - name: NTFY_WEB_PUSH_FILE
# value: /var/lib/ntfy/webpush.db
# - name: NTFY_WEB_PUSH_EMAIL_ADDRESS
# value: ""
- name: NTFY_METRICS_LISTEN_HTTP - name: NTFY_METRICS_LISTEN_HTTP
value: :9090 value: :9090
- name: NTFY_LOG_LEVEL - name: NTFY_LOG_LEVEL
@@ -71,13 +65,9 @@ ntfy:
enabled: false enabled: false
custom: true custom: true
spec: spec:
exec: httpGet:
command: path: /v1/health
- /usr/bin/env port: 80
- sh
- -c
- wget -q --tries=1 http://localhost:80/v1/health -O - | grep -Eo '\"healthy\"\\s*:\\s*true' || exit 1
failureThreshold: 10
initialDelaySeconds: 60 initialDelaySeconds: 60
periodSeconds: 60 periodSeconds: 60
successThreshold: 1 successThreshold: 1
@@ -85,7 +75,7 @@ ntfy:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 128Mi memory: 40Mi
service: service:
main: main:
controller: main controller: main
@@ -93,11 +83,9 @@ ntfy:
http: http:
port: 80 port: 80
targetPort: 80 targetPort: 80
protocol: HTTP
metrics: metrics:
port: 9090 port: 9090
targetPort: 9090 targetPort: 9090
protocol: HTTP
serviceMonitor: serviceMonitor:
main: main:
selector: selector:
@@ -122,11 +110,8 @@ ntfy:
- ntfy.alexlebens.net - ntfy.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- group: '' - name: ntfy
kind: Service
name: ntfy
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -141,3 +126,22 @@ ntfy:
main: main:
- path: /var/cache/ntfy - path: /var/cache/ntfy
readOnly: false readOnly: false
postgres-18-cluster:
mode: standalone
recovery:
method: objectStore
objectStore:
index: 1
backup:
objectStore:
- name: garage-local
index: 1
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 15 14 * * *"
backupName: garage-local

51
clusters/cl01tl/helm/rclone/templates/external-secret.yaml
View File

@@ -251,3 +251,54 @@ spec:
key: /garage/config/remote key: /garage/config/remote
metadataPolicy: None metadataPolicy: None
property: ENDPOINT property: ENDPOINT
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: garage-ntfy-attachments-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: garage-ntfy-attachments-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/ntfy-attachments
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/ntfy-attachments
metadataPolicy: None
property: ACCESS_REGION
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/ntfy-attachments
metadataPolicy: None
property: ACCESS_SECRET_KEY
- secretKey: SRC_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/config/local
metadataPolicy: None
property: ENDPOINT
- secretKey: DEST_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/config/remote
metadataPolicy: None
property: ENDPOINT

83
clusters/cl01tl/helm/rclone/values.yaml
View File

@@ -503,3 +503,86 @@ rclone:
key: DEST_ENDPOINT key: DEST_ENDPOINT
- name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
value: true value: true
ntfy-attachments:
type: cronjob
cronjob:
suspend: false
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "10 0 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
sync:
image:
repository: rclone/rclone
tag: 1.73.3
pullPolicy: IfNotPresent
args:
- sync
- src:ntfy-attachments
- dest:ntfy-attachments
- --s3-no-check-bucket
- --verbose
env:
- name: RCLONE_S3_PROVIDER
value: Other
- name: RCLONE_CONFIG_SRC_TYPE
value: s3
- name: RCLONE_CONFIG_SRC_PROVIDER
value: Other
- name: RCLONE_CONFIG_SRC_ENV_AUTH
value: false
- name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: garage-ntfy-attachments-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: garage-ntfy-attachments-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_SRC_REGION
valueFrom:
secretKeyRef:
name: garage-ntfy-attachments-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_SRC_ENDPOINT
valueFrom:
secretKeyRef:
name: garage-ntfy-attachments-secret
key: SRC_ENDPOINT
- name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
value: true
- name: RCLONE_CONFIG_DEST_TYPE
value: s3
- name: RCLONE_CONFIG_DEST_PROVIDER
value: Other
- name: RCLONE_CONFIG_DEST_ENV_AUTH
value: false
- name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: garage-ntfy-attachments-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: garage-ntfy-attachments-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_DEST_REGION
valueFrom:
secretKeyRef:
name: garage-ntfy-attachments-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_DEST_ENDPOINT
valueFrom:
secretKeyRef:
name: garage-ntfy-attachments-secret
key: DEST_ENDPOINT
- name: RCLONE_CONFIG_SRC_DEST_FORCE_PATH_STYLE
value: true