diff --git a/clusters/cl01tl/helm/blocky/values.yaml b/clusters/cl01tl/helm/blocky/values.yaml index 68b47538c..ab3c771c3 100644 --- a/clusters/cl01tl/helm/blocky/values.yaml +++ b/clusters/cl01tl/helm/blocky/values.yaml @@ -100,6 +100,7 @@ blocky: blocky IN A 10.232.1.22 cilium-cl01tl IN A 10.232.1.23 + ;; Application Names actual IN CNAME traefik-cl01tl alertmanager IN CNAME traefik-cl01tl @@ -112,6 +113,7 @@ blocky: booklore IN CNAME traefik-cl01tl ceph IN CNAME traefik-cl01tl code-server IN CNAME traefik-cl01tl + dawarich IN CNAME traefik-cl01tl directus IN CNAME traefik-cl01tl excalidraw IN CNAME traefik-cl01tl feishin IN CNAME traefik-cl01tl diff --git a/clusters/cl01tl/helm/dawarich/Chart.lock b/clusters/cl01tl/helm/dawarich/Chart.lock new file mode 100644 index 000000000..5a2aed0ab --- /dev/null +++ b/clusters/cl01tl/helm/dawarich/Chart.lock @@ -0,0 +1,12 @@ +dependencies: +- name: app-template + repository: https://bjw-s-labs.github.io/helm-charts/ + version: 4.6.2 +- name: postgres-cluster + repository: oci://harbor.alexlebens.net/helm-charts + version: 7.8.0 +- name: valkey + repository: oci://harbor.alexlebens.net/helm-charts + version: 0.2.0 +digest: sha256:2682dcbc71417a103cf4c1ed920caac5b14272b021dc579fb8a3cf2fedfa0490 +generated: "2026-03-03T16:10:42.029406-06:00" diff --git a/clusters/cl01tl/helm/dawarich/Chart.yaml b/clusters/cl01tl/helm/dawarich/Chart.yaml new file mode 100644 index 000000000..50ae7aa65 --- /dev/null +++ b/clusters/cl01tl/helm/dawarich/Chart.yaml @@ -0,0 +1,29 @@ +apiVersion: v2 +name: dawarich +version: 1.0.0 +description: Dawarich +keywords: + - dawarich + - location +home: https://wiki.alexlebens.dev/s/ +sources: + - https://github.com/Freika/dawarich + - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template +maintainers: + - name: alexlebens +dependencies: + - name: app-template + alias: dawarich + repository: https://bjw-s-labs.github.io/helm-charts/ + version: 4.6.2 + - name: postgres-cluster + alias: postgres-18-cluster + version: 7.8.0 + repository: oci://harbor.alexlebens.net/helm-charts + - name: valkey + alias: valkey + version: 0.2.0 + repository: oci://harbor.alexlebens.net/helm-charts +icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png +# renovate: datasource=github-releases depName=Freika/dawarich +appVersion: 1.3.1 diff --git a/clusters/cl01tl/helm/dawarich/templates/external-secret.yaml b/clusters/cl01tl/helm/dawarich/templates/external-secret.yaml new file mode 100644 index 000000000..b43be4179 --- /dev/null +++ b/clusters/cl01tl/helm/dawarich/templates/external-secret.yaml @@ -0,0 +1,51 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: dawarich-key-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: dawarich-key-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: key + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/dawarich/key + metadataPolicy: None + property: key + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: dawarich-oidc-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: dawarich-oidc-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: client + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /authentik/oidc/dawarich + metadataPolicy: None + property: client + - secretKey: secret + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /authentik/oidc/dawarich + metadataPolicy: None + property: secret diff --git a/clusters/cl01tl/helm/dawarich/values.yaml b/clusters/cl01tl/helm/dawarich/values.yaml new file mode 100644 index 000000000..aa7fcb1ca --- /dev/null +++ b/clusters/cl01tl/helm/dawarich/values.yaml @@ -0,0 +1,344 @@ +dawarich: + controllers: + main: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + containers: + main: + image: + repository: freikin/dawarich + tag: 1.3.1 + pullPolicy: IfNotPresent + command: ["web-entrypoint.sh"] + args: ["bin/rails", "server", "-p", "3000", "-b", "::"] + env: + - name: RAILS_ENV + value: production + - name: REDIS_URL + value: redis://dawarich-valkey.dawarich:6379 + - name: DATABASE_HOST + valueFrom: + secretKeyRef: + name: dawarich-postgresql-18-cluster-app + key: host + - name: DATABASE_PORT + valueFrom: + secretKeyRef: + name: dawarich-postgresql-18-cluster-app + key: port + - name: DATABASE_USERNAME + valueFrom: + secretKeyRef: + name: dawarich-postgresql-18-cluster-app + key: user + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: dawarich-postgresql-18-cluster-app + key: password + - name: DATABASE_NAME + valueFrom: + secretKeyRef: + name: dawarich-postgresql-18-cluster-app + key: dbname + - name: APPLICATION_HOSTS + value: dawarich.alexlebens.net,localhost,::1,127.0.0.1 + - name: TIME_ZONE + value: America/Chicago + - name: APPLICATION_PROTOCOL + value: http + - name: OIDC_ISSUER + value: https://authentik.alexlebens.net/application/o/darwich/.well-known/openid-configuration + - name: OIDC_REDIRECT_URI + value: https://dawarich.alexlebens.net/users/auth/openid_connect/callback + - name: OIDC_CLIENT_ID + valueFrom: + secretKeyRef: + name: dawarich-oidc-secret + key: client + - name: OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: dawarich-oidc-secret + key: secret + - name: OIDC_PROVIDER_NAME + value: Authentik + - name: OIDC_AUTO_REGISTER + value: true + - name: PROMETHEUS_EXPORTER_ENABLED + value: true + - name: PROMETHEUS_EXPORTER_HOST + value: 0.0.0.0 + - name: PROMETHEUS_EXPORTER_PORT + value: 9394 + - name: SECRET_KEY_BASE + valueFrom: + secretKeyRef: + name: dawarich-key-secret + key: key + - name: RAILS_LOG_TO_STDOUT + value: true + - name: SELF_HOSTED + value: true + - name: STORE_GEODATA + value: true + probes: + liveness: + enabled: true + custom: true + spec: + exec: + command: + - /bin/sh + - -c + - wget -qO - http://127.0.0.1:3000/api/v1/health | grep -q '\"status\"\\s*:\\s*\"ok\"' + failureThreshold: 5 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 10 + resources: + requests: + cpu: 10m + memory: 128Mi + sidekiq: + image: + repository: freikin/dawarich + tag: 1.3.1 + pullPolicy: IfNotPresent + command: ["sidekiq-entrypoint.sh"] + args: ["sidekiq"] + env: + - name: RAILS_ENV + value: production + - name: REDIS_URL + value: redis://dawarich-valkey.dawarich:6379 + - name: DATABASE_HOST + valueFrom: + secretKeyRef: + name: dawarich-postgresql-18-cluster-app + key: host + - name: DATABASE_PORT + valueFrom: + secretKeyRef: + name: dawarich-postgresql-18-cluster-app + key: port + - name: DATABASE_USERNAME + valueFrom: + secretKeyRef: + name: dawarich-postgresql-18-cluster-app + key: user + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: dawarich-postgresql-18-cluster-app + key: password + - name: DATABASE_NAME + valueFrom: + secretKeyRef: + name: dawarich-postgresql-18-cluster-app + key: dbname + - name: APPLICATION_HOSTS + value: dawarich.alexlebens.net,localhost,::1,127.0.0.1 + - name: TIME_ZONE + value: America/Chicago + - name: APPLICATION_PROTOCOL + value: http + - name: DISTANCE_UNIT + value: mi + - name: OIDC_ISSUER + value: https://authentik.alexlebens.net/application/o/darwich/.well-known/openid-configuration + - name: OIDC_REDIRECT_URI + value: https://dawarich.alexlebens.net/users/auth/openid_connect/callback + - name: OIDC_CLIENT_ID + valueFrom: + secretKeyRef: + name: dawarich-oidc-secret + key: client + - name: OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: dawarich-oidc-secret + key: secret + - name: OIDC_PROVIDER_NAME + value: Authentik + - name: OIDC_AUTO_REGISTER + value: true + - name: PROMETHEUS_EXPORTER_ENABLED + value: true + - name: PROMETHEUS_EXPORTER_HOST + value: 0.0.0.0 + - name: PROMETHEUS_EXPORTER_PORT + value: 9394 + - name: SECRET_KEY_BASE + valueFrom: + secretKeyRef: + name: dawarich-key-secret + key: key + - name: RAILS_LOG_TO_STDOUT + value: true + - name: SELF_HOSTED + value: true + - name: STORE_GEODATA + value: true + probes: + liveness: + enabled: true + custom: true + spec: + exec: + command: + - /bin/sh + - -c + - pgrep -f sidekiq + failureThreshold: 5 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 10 + resources: + requests: + cpu: 10m + memory: 128Mi + service: + main: + controller: main + ports: + http: + port: 80 + targetPort: 3000 + protocol: TCP + metrics: + port: 9394 + targetPort: 9394 + protocol: TCP + serviceMonitor: + main: + selector: + matchLabels: + app.kubernetes.io/name: dawarich + app.kubernetes.io/instance: dawarich + serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}' + endpoints: + - port: metrics + interval: 30s + scrapeTimeout: 15s + path: /metrics + route: + main: + kind: HTTPRoute + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik + hostnames: + - dawarich.alexlebens.net + rules: + - backendRefs: + - group: "" + kind: Service + name: dawarich + port: 80 + weight: 100 + matches: + - path: + type: PathPrefix + value: / + persistence: + storage: + forceRename: dawarich-storage + storageClass: ceph-block + accessMode: ReadWriteOnce + size: 5Gi + retain: true + advancedMounts: + main: + main: + - path: /var/app/storage + readOnly: false + sidekiq: + - path: /var/app/storage + readOnly: false + public: + forceRename: dawarich-public + storageClass: ceph-block + accessMode: ReadWriteOnce + size: 5Gi + retain: true + advancedMounts: + main: + main: + - path: /var/app/public + readOnly: false + sidekiq: + - path: /var/app/public + readOnly: false + watched: + forceRename: dawarich-watched + storageClass: ceph-block + accessMode: ReadWriteOnce + size: 1Gi + retain: true + advancedMounts: + main: + main: + - path: /var/app/tmp/imports/watched + readOnly: false + sidekiq: + - path: /var/app/tmp/imports/watched + readOnly: false +postgres-18-cluster: + mode: standalone + cluster: + image: + repository: ghcr.io/cloudnative-pg/postgis + tag: 18.3-standard-trixie + initdb: + postInitTemplateSQL: + - CREATE EXTENSION postgis; + - CREATE EXTENSION postgis_topology; + - CREATE EXTENSION fuzzystrmatch; + - CREATE EXTENSION postgis_tiger_geocoder; + recovery: + method: objectStore + objectStore: + index: 1 + backup: + objectStore: + - name: garage-local + index: 1 + destinationBucket: postgres-backups + externalSecretCredentialPath: /garage/home-infra/postgres-backups + isWALArchiver: true + # - name: garage-remote + # index: 1 + # destinationBucket: postgres-backups + # externalSecretCredentialPath: /garage/home-infra/postgres-backups + # retentionPolicy: "90d" + # data: + # compression: bzip2 + # - name: external + # index: 1 + # endpointURL: https://nyc3.digitaloceanspaces.com + # destinationBucket: postgres-backups-ce540ddf106d186bbddca68a + # externalSecretCredentialPath: /garage/home-infra/postgres-backups + # isWALArchiver: false + scheduledBackups: + - name: live-backup + suspend: true + immediate: true + schedule: "0 0 0 * * *" + backupName: garage-local + # - name: weekly-backup + # suspend: true + # immediate: true + # schedule: "0 0 4 * * SAT" + # backupName: garage-remote + # - name: daily-backup + # suspend: true + # immediate: true + # schedule: "0 0 0 * * *" + # backupName: external diff --git a/clusters/cl01tl/helm/gatus/values.yaml b/clusters/cl01tl/helm/gatus/values.yaml index 41094db9f..16854cacf 100644 --- a/clusters/cl01tl/helm/gatus/values.yaml +++ b/clusters/cl01tl/helm/gatus/values.yaml @@ -167,6 +167,9 @@ gatus: - name: home-assistant url: https://home-assistant.alexlebens.net <<: *defaults + - name: dawarich + url: https://dawarich.alexlebens.net + <<: *defaults - name: actual url: https://actual.alexlebens.net <<: *defaults diff --git a/clusters/cl01tl/helm/homepage/values.yaml b/clusters/cl01tl/helm/homepage/values.yaml index d12739dd7..7b7c759e2 100644 --- a/clusters/cl01tl/helm/homepage/values.yaml +++ b/clusters/cl01tl/helm/homepage/values.yaml @@ -252,6 +252,12 @@ homepage: href: https://home-assistant.alexlebens.net siteMonitor: http://home-assistant-main.home-assistant:80 statusStyle: dot + - Location: + icon: sh-dawarich.webp + description: Dawarich + href: https://dawarich.alexlebens.net + siteMonitor: http://dawarich.dawarich:80 + statusStyle: dot - Budgeting: icon: sh-actual-budget.webp description: Actual diff --git a/hosts/ps08rp/blocky/config.yml b/hosts/ps08rp/blocky/config.yml index 1bf43952f..2c42100af 100644 --- a/hosts/ps08rp/blocky/config.yml +++ b/hosts/ps08rp/blocky/config.yml @@ -75,6 +75,7 @@ customDNS: blocky IN A 10.232.1.22 cilium-cl01tl IN A 10.232.1.23 + ;; Application Names actual IN CNAME traefik-cl01tl alertmanager IN CNAME traefik-cl01tl @@ -87,6 +88,7 @@ customDNS: booklore IN CNAME traefik-cl01tl ceph IN CNAME traefik-cl01tl code-server IN CNAME traefik-cl01tl + dawarich IN CNAME traefik-cl01tl directus IN CNAME traefik-cl01tl excalidraw IN CNAME traefik-cl01tl feishin IN CNAME traefik-cl01tl diff --git a/hosts/ps09rp/blocky/config.yml b/hosts/ps09rp/blocky/config.yml index ccf6b8a9c..0ac3143a3 100644 --- a/hosts/ps09rp/blocky/config.yml +++ b/hosts/ps09rp/blocky/config.yml @@ -96,6 +96,7 @@ customDNS: blocky IN A 10.232.1.22 cilium-cl01tl IN A 10.232.1.23 + ;; Application Names actual IN CNAME traefik-cl01tl alertmanager IN CNAME traefik-cl01tl @@ -108,6 +109,7 @@ customDNS: booklore IN CNAME traefik-cl01tl ceph IN CNAME traefik-cl01tl code-server IN CNAME traefik-cl01tl + dawarich IN CNAME traefik-cl01tl directus IN CNAME traefik-cl01tl excalidraw IN CNAME traefik-cl01tl feishin IN CNAME traefik-cl01tl