alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity

feat: add dawarich
All checks were successful
lint-test-helm / lint-helm (push) Successful in 55s
Details
lint-test-docker / lint-docker-compose (push) Successful in 1m15s
Details
render-manifests-push / render-manifests-push (push) Successful in 1m17s
Details
renovate / renovate (push) Successful in 8m29s
Details

Browse Source
This commit is contained in:
Alex Lebens
2026-03-03 16:17:41 -06:00
parent 27f55d8240
commit ca21308ef4
9 changed files with 451 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -100,6 +100,7 @@ blocky:
blocky IN A 10.232.1.22
cilium-cl01tl IN A 10.232.1.23
;; Application Names
actual IN CNAME traefik-cl01tl
alertmanager IN CNAME traefik-cl01tl
@@ -112,6 +113,7 @@ blocky:
booklore IN CNAME traefik-cl01tl
ceph IN CNAME traefik-cl01tl
code-server IN CNAME traefik-cl01tl
dawarich IN CNAME traefik-cl01tl
directus IN CNAME traefik-cl01tl
excalidraw IN CNAME traefik-cl01tl
feishin IN CNAME traefik-cl01tl

12
clusters/cl01tl/helm/dawarich/Chart.lock Normal file
View File

@@ -0,0 +1,12 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.8.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.2.0
digest: sha256:2682dcbc71417a103cf4c1ed920caac5b14272b021dc579fb8a3cf2fedfa0490
generated: "2026-03-03T16:10:42.029406-06:00"

29
clusters/cl01tl/helm/dawarich/Chart.yaml Normal file
View File

@@ -0,0 +1,29 @@
apiVersion: v2
name: dawarich
version: 1.0.0
description: Dawarich
keywords:
- dawarich
- location
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/Freika/dawarich
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: dawarich
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey
version: 0.2.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png
# renovate: datasource=github-releases depName=Freika/dawarich
appVersion: 1.3.1

51
clusters/cl01tl/helm/dawarich/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,51 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: dawarich-key-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: dawarich-key-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/dawarich/key
metadataPolicy: None
property: key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: dawarich-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: dawarich-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: client
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/dawarich
metadataPolicy: None
property: client
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/dawarich
metadataPolicy: None
property: secret

344
clusters/cl01tl/helm/dawarich/values.yaml Normal file
View File

@@ -0,0 +1,344 @@
dawarich:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: freikin/dawarich
tag: 1.3.1
pullPolicy: IfNotPresent
command: ["web-entrypoint.sh"]
args: ["bin/rails", "server", "-p", "3000", "-b", "::"]
env:
- name: RAILS_ENV
value: production
- name: REDIS_URL
value: redis://dawarich-valkey.dawarich:6379
- name: DATABASE_HOST
valueFrom:
secretKeyRef:
name: dawarich-postgresql-18-cluster-app
key: host
- name: DATABASE_PORT
valueFrom:
secretKeyRef:
name: dawarich-postgresql-18-cluster-app
key: port
- name: DATABASE_USERNAME
valueFrom:
secretKeyRef:
name: dawarich-postgresql-18-cluster-app
key: user
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: dawarich-postgresql-18-cluster-app
key: password
- name: DATABASE_NAME
valueFrom:
secretKeyRef:
name: dawarich-postgresql-18-cluster-app
key: dbname
- name: APPLICATION_HOSTS
value: dawarich.alexlebens.net,localhost,::1,127.0.0.1
- name: TIME_ZONE
value: America/Chicago
- name: APPLICATION_PROTOCOL
value: http
- name: OIDC_ISSUER
value: https://authentik.alexlebens.net/application/o/darwich/.well-known/openid-configuration
- name: OIDC_REDIRECT_URI
value: https://dawarich.alexlebens.net/users/auth/openid_connect/callback
- name: OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: dawarich-oidc-secret
key: client
- name: OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: dawarich-oidc-secret
key: secret
- name: OIDC_PROVIDER_NAME
value: Authentik
- name: OIDC_AUTO_REGISTER
value: true
- name: PROMETHEUS_EXPORTER_ENABLED
value: true
- name: PROMETHEUS_EXPORTER_HOST
value: 0.0.0.0
- name: PROMETHEUS_EXPORTER_PORT
value: 9394
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
name: dawarich-key-secret
key: key
- name: RAILS_LOG_TO_STDOUT
value: true
- name: SELF_HOSTED
value: true
- name: STORE_GEODATA
value: true
probes:
liveness:
enabled: true
custom: true
spec:
exec:
command:
- /bin/sh
- -c
- wget -qO - http://127.0.0.1:3000/api/v1/health | grep -q '\"status\"\\s*:\\s*\"ok\"'
failureThreshold: 5
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
resources:
requests:
cpu: 10m
memory: 128Mi
sidekiq:
image:
repository: freikin/dawarich
tag: 1.3.1
pullPolicy: IfNotPresent
command: ["sidekiq-entrypoint.sh"]
args: ["sidekiq"]
env:
- name: RAILS_ENV
value: production
- name: REDIS_URL
value: redis://dawarich-valkey.dawarich:6379
- name: DATABASE_HOST
valueFrom:
secretKeyRef:
name: dawarich-postgresql-18-cluster-app
key: host
- name: DATABASE_PORT
valueFrom:
secretKeyRef:
name: dawarich-postgresql-18-cluster-app
key: port
- name: DATABASE_USERNAME
valueFrom:
secretKeyRef:
name: dawarich-postgresql-18-cluster-app
key: user
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: dawarich-postgresql-18-cluster-app
key: password
- name: DATABASE_NAME
valueFrom:
secretKeyRef:
name: dawarich-postgresql-18-cluster-app
key: dbname
- name: APPLICATION_HOSTS
value: dawarich.alexlebens.net,localhost,::1,127.0.0.1
- name: TIME_ZONE
value: America/Chicago
- name: APPLICATION_PROTOCOL
value: http
- name: DISTANCE_UNIT
value: mi
- name: OIDC_ISSUER
value: https://authentik.alexlebens.net/application/o/darwich/.well-known/openid-configuration
- name: OIDC_REDIRECT_URI
value: https://dawarich.alexlebens.net/users/auth/openid_connect/callback
- name: OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: dawarich-oidc-secret
key: client
- name: OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: dawarich-oidc-secret
key: secret
- name: OIDC_PROVIDER_NAME
value: Authentik
- name: OIDC_AUTO_REGISTER
value: true
- name: PROMETHEUS_EXPORTER_ENABLED
value: true
- name: PROMETHEUS_EXPORTER_HOST
value: 0.0.0.0
- name: PROMETHEUS_EXPORTER_PORT
value: 9394
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
name: dawarich-key-secret
key: key
- name: RAILS_LOG_TO_STDOUT
value: true
- name: SELF_HOSTED
value: true
- name: STORE_GEODATA
value: true
probes:
liveness:
enabled: true
custom: true
spec:
exec:
command:
- /bin/sh
- -c
- pgrep -f sidekiq
failureThreshold: 5
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 3000
protocol: TCP
metrics:
port: 9394
targetPort: 9394
protocol: TCP
serviceMonitor:
main:
selector:
matchLabels:
app.kubernetes.io/name: dawarich
app.kubernetes.io/instance: dawarich
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: metrics
interval: 30s
scrapeTimeout: 15s
path: /metrics
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- dawarich.alexlebens.net
rules:
- backendRefs:
- group: ""
kind: Service
name: dawarich
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence:
storage:
forceRename: dawarich-storage
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
main:
main:
- path: /var/app/storage
readOnly: false
sidekiq:
- path: /var/app/storage
readOnly: false
public:
forceRename: dawarich-public
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
main:
main:
- path: /var/app/public
readOnly: false
sidekiq:
- path: /var/app/public
readOnly: false
watched:
forceRename: dawarich-watched
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
main:
- path: /var/app/tmp/imports/watched
readOnly: false
sidekiq:
- path: /var/app/tmp/imports/watched
readOnly: false
postgres-18-cluster:
mode: standalone
cluster:
image:
repository: ghcr.io/cloudnative-pg/postgis
tag: 18.3-standard-trixie
initdb:
postInitTemplateSQL:
- CREATE EXTENSION postgis;
- CREATE EXTENSION postgis_topology;
- CREATE EXTENSION fuzzystrmatch;
- CREATE EXTENSION postgis_tiger_geocoder;
recovery:
method: objectStore
objectStore:
index: 1
backup:
objectStore:
- name: garage-local
index: 1
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: true
immediate: true
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external

3
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -167,6 +167,9 @@ gatus:
- name: home-assistant
url: https://home-assistant.alexlebens.net
<<: *defaults
- name: dawarich
url: https://dawarich.alexlebens.net
<<: *defaults
- name: actual
url: https://actual.alexlebens.net
<<: *defaults

6
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -252,6 +252,12 @@ homepage:
href: https://home-assistant.alexlebens.net
siteMonitor: http://home-assistant-main.home-assistant:80
statusStyle: dot
- Location:
icon: sh-dawarich.webp
description: Dawarich
href: https://dawarich.alexlebens.net
siteMonitor: http://dawarich.dawarich:80
statusStyle: dot
- Budgeting:
icon: sh-actual-budget.webp
description: Actual

2
hosts/ps08rp/blocky/config.yml
View File

@@ -75,6 +75,7 @@ customDNS:
blocky IN A 10.232.1.22
cilium-cl01tl IN A 10.232.1.23
;; Application Names
actual IN CNAME traefik-cl01tl
alertmanager IN CNAME traefik-cl01tl
@@ -87,6 +88,7 @@ customDNS:
booklore IN CNAME traefik-cl01tl
ceph IN CNAME traefik-cl01tl
code-server IN CNAME traefik-cl01tl
dawarich IN CNAME traefik-cl01tl
directus IN CNAME traefik-cl01tl
excalidraw IN CNAME traefik-cl01tl
feishin IN CNAME traefik-cl01tl

2
hosts/ps09rp/blocky/config.yml
View File

@@ -96,6 +96,7 @@ customDNS:
blocky IN A 10.232.1.22
cilium-cl01tl IN A 10.232.1.23
;; Application Names
actual IN CNAME traefik-cl01tl
alertmanager IN CNAME traefik-cl01tl
@@ -108,6 +109,7 @@ customDNS:
booklore IN CNAME traefik-cl01tl
ceph IN CNAME traefik-cl01tl
code-server IN CNAME traefik-cl01tl
dawarich IN CNAME traefik-cl01tl
directus IN CNAME traefik-cl01tl
excalidraw IN CNAME traefik-cl01tl
feishin IN CNAME traefik-cl01tl