diff --git a/clusters/cl01tl/helm/speedtest-exporter/Chart.yaml b/clusters/cl01tl/helm/speedtest-exporter/Chart.yaml index 43e30a35e..5683b4a83 100644 --- a/clusters/cl01tl/helm/speedtest-exporter/Chart.yaml +++ b/clusters/cl01tl/helm/speedtest-exporter/Chart.yaml @@ -17,4 +17,5 @@ dependencies: version: 0.1.2 repository: https://charts.alekc.dev icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/speedtest.png +# renovate: github=MiguelNdeCarvalho/speedtest-exporter appVersion: v3.5.4 diff --git a/clusters/cl01tl/helm/stalwart/Chart.lock b/clusters/cl01tl/helm/stalwart/Chart.lock index f6efe218f..37254adde 100644 --- a/clusters/cl01tl/helm/stalwart/Chart.lock +++ b/clusters/cl01tl/helm/stalwart/Chart.lock @@ -4,12 +4,12 @@ dependencies: version: 4.5.0 - name: postgres-cluster repository: oci://harbor.alexlebens.net/helm-charts - version: 7.1.4 + version: 7.4.3 - name: redis-replication repository: oci://harbor.alexlebens.net/helm-charts version: 0.5.0 - name: volsync-target repository: oci://harbor.alexlebens.net/helm-charts version: 0.6.0 -digest: sha256:fe394de533493333298dcb88ee08d640475d7cdb28669562d8c6d628ce0a2baa -generated: "2025-12-21T19:07:40.799379406Z" +digest: sha256:59240e80c6d9788d12be874dcdb217fda0db62d395023cf2db63c0ea0d8f58a6 +generated: "2025-12-24T00:08:56.236652-06:00" diff --git a/clusters/cl01tl/helm/stalwart/Chart.yaml b/clusters/cl01tl/helm/stalwart/Chart.yaml index 1fe9ac11e..bd3915dab 100644 --- a/clusters/cl01tl/helm/stalwart/Chart.yaml +++ b/clusters/cl01tl/helm/stalwart/Chart.yaml @@ -23,7 +23,7 @@ dependencies: repository: https://bjw-s-labs.github.io/helm-charts/ - name: postgres-cluster alias: postgres-18-cluster - version: 7.1.4 + version: 7.4.3 repository: oci://harbor.alexlebens.net/helm-charts - name: redis-replication version: 0.5.0 @@ -33,4 +33,5 @@ dependencies: version: 0.6.0 repository: oci://harbor.alexlebens.net/helm-charts icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/stalwart.png +# renovate: github=stalwartlabs/mail-server appVersion: v0.14.1 diff --git a/clusters/cl01tl/helm/stalwart/templates/external-secret.yaml b/clusters/cl01tl/helm/stalwart/templates/external-secret.yaml index 80af11cdd..0aa230e95 100644 --- a/clusters/cl01tl/helm/stalwart/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/stalwart/templates/external-secret.yaml @@ -33,72 +33,3 @@ spec: key: /cl01tl/stalwart/elasticsearch metadataPolicy: None property: roles - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: stalwart-postgresql-18-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: stalwart-postgresql-18-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: stalwart-postgresql-18-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: stalwart-postgresql-18-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/helm/stalwart/templates/http-route.yaml b/clusters/cl01tl/helm/stalwart/templates/http-route.yaml deleted file mode 100644 index 3d27ae69e..000000000 --- a/clusters/cl01tl/helm/stalwart/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-stalwart - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-stalwart - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - stalwart.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: stalwart - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/stalwart/values.yaml b/clusters/cl01tl/helm/stalwart/values.yaml index e06c3de83..2afa683fc 100644 --- a/clusters/cl01tl/helm/stalwart/values.yaml +++ b/clusters/cl01tl/helm/stalwart/values.yaml @@ -39,6 +39,27 @@ stalwart: port: 993 targetPort: 993 protocol: TCP + route: + main: + kind: HTTPRoute + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik + hostnames: + - stalwart.alexlebens.net + rules: + - backendRefs: + - group: '' + kind: Service + name: stalwart + port: 80 + weight: 100 + matches: + - path: + type: PathPrefix + value: / persistence: config: forceRename: stalwart-config @@ -53,58 +74,46 @@ stalwart: readOnly: false postgres-18-cluster: mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path recovery: method: objectStore objectStore: - destinationPath: s3://postgres-backups/cl01tl/stalwart/stalwart-postgresql-18-cluster - endpointURL: http://garage-main.garage:3900 index: 1 - endpointCredentials: stalwart-postgresql-18-cluster-backup-secret-garage backup: objectStore: - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/stalwart/stalwart-postgresql-18-cluster index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: stalwart-postgresql-18-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" + destinationBucket: postgres-backups + externalSecretCredentialPath: /garage/home-infra/postgres-backups isWALArchiver: true - # - name: external - # destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/stalwart/stalwart-postgresql-18-cluster - # index: 1 - # retentionPolicy: "30d" - # isWALArchiver: false # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/stalwart/stalwart-postgresql-18-cluster # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: stalwart-postgresql-18-cluster-backup-secret-garage - # retentionPolicy: "30d" + # destinationBucket: postgres-backups + # externalSecretCredentialPath: /garage/home-infra/postgres-backups + # retentionPolicy: "90d" # data: # compression: bzip2 - # jobs: 2 + # - name: external + # index: 1 + # endpointURL: https://nyc3.digitaloceanspaces.com + # destinationBucket: postgres-backups-ce540ddf106d186bbddca68a + # externalSecretCredentialPath: /garage/home-infra/postgres-backups + # isWALArchiver: false scheduledBackups: - name: live-backup suspend: false immediate: true schedule: "0 0 0 * * *" backupName: garage-local - # - name: daily-backup - # suspend: false - # immediate: true - # schedule: "0 0 0 * * *" - # backupName: external # - name: weekly-backup # suspend: true # immediate: true # schedule: "0 0 4 * * SAT" # backupName: garage-remote + # - name: daily-backup + # suspend: true + # immediate: true + # schedule: "0 0 0 * * *" + # backupName: external redis-replication: existingSecret: enabled: false diff --git a/clusters/cl01tl/helm/tailscale-operator/Chart.yaml b/clusters/cl01tl/helm/tailscale-operator/Chart.yaml index 18ef6edd9..d777bb677 100644 --- a/clusters/cl01tl/helm/tailscale-operator/Chart.yaml +++ b/clusters/cl01tl/helm/tailscale-operator/Chart.yaml @@ -20,4 +20,5 @@ dependencies: version: 1.92.4 repository: https://pkgs.tailscale.com/helmcharts icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tailscale-light.png +# renovate: github=tailscale/tailscale appVersion: v1.90.9 diff --git a/clusters/cl01tl/helm/talos/Chart.yaml b/clusters/cl01tl/helm/talos/Chart.yaml index 346f3b2de..eac2e570d 100644 --- a/clusters/cl01tl/helm/talos/Chart.yaml +++ b/clusters/cl01tl/helm/talos/Chart.yaml @@ -23,4 +23,5 @@ dependencies: repository: https://bjw-s-labs.github.io/helm-charts/ version: 4.5.0 icon: https://avatars.githubusercontent.com/u/13804887?s=200&v=4 +# renovate: github=siderolabs/talos-backup appVersion: v0.1.0-beta.3 diff --git a/clusters/cl01tl/helm/tautulli/Chart.yaml b/clusters/cl01tl/helm/tautulli/Chart.yaml index 17eabb116..4490872bf 100644 --- a/clusters/cl01tl/helm/tautulli/Chart.yaml +++ b/clusters/cl01tl/helm/tautulli/Chart.yaml @@ -22,4 +22,5 @@ dependencies: version: 0.6.0 repository: oci://harbor.alexlebens.net/helm-charts icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tautulli.png +# renovate: github=Tautulli/Tautulli appVersion: v2.16.0 diff --git a/clusters/cl01tl/helm/tautulli/templates/http-route.yaml b/clusters/cl01tl/helm/tautulli/templates/http-route.yaml deleted file mode 100644 index e2567b045..000000000 --- a/clusters/cl01tl/helm/tautulli/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-tautulli - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-tautulli - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - tautulli.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: tautulli - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/tautulli/values.yaml b/clusters/cl01tl/helm/tautulli/values.yaml index c35de221b..a0b6a9245 100644 --- a/clusters/cl01tl/helm/tautulli/values.yaml +++ b/clusters/cl01tl/helm/tautulli/values.yaml @@ -123,6 +123,27 @@ tautulli: port: 80 targetPort: 8181 protocol: HTTP + route: + main: + kind: HTTPRoute + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik + hostnames: + - tautulli.alexlebens.net + rules: + - backendRefs: + - group: '' + kind: Service + name: tautulli + port: 80 + weight: 100 + matches: + - path: + type: PathPrefix + value: / persistence: scripts: enabled: true diff --git a/clusters/cl01tl/helm/tdarr/Chart.yaml b/clusters/cl01tl/helm/tdarr/Chart.yaml index 82f54fa29..fb3da16ae 100644 --- a/clusters/cl01tl/helm/tdarr/Chart.yaml +++ b/clusters/cl01tl/helm/tdarr/Chart.yaml @@ -34,4 +34,5 @@ dependencies: version: 0.6.0 repository: oci://harbor.alexlebens.net/helm-charts icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tdarr.png +# renovate: github=HaveAGitGat/Tdarr appVersion: 2.58.02 diff --git a/clusters/cl01tl/helm/tdarr/templates/http-route.yaml b/clusters/cl01tl/helm/tdarr/templates/http-route.yaml deleted file mode 100644 index ec80a2e81..000000000 --- a/clusters/cl01tl/helm/tdarr/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-tdarr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-tdarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - tdarr.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: tdarr-web - port: 8265 - weight: 100 diff --git a/clusters/cl01tl/helm/tdarr/values.yaml b/clusters/cl01tl/helm/tdarr/values.yaml index 749829275..f8f0f023a 100644 --- a/clusters/cl01tl/helm/tdarr/values.yaml +++ b/clusters/cl01tl/helm/tdarr/values.yaml @@ -93,6 +93,27 @@ tdarr: port: 8265 targetPort: 8265 protocol: HTTP + route: + main: + kind: HTTPRoute + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik + hostnames: + - tdarr.alexlebens.net + rules: + - backendRefs: + - group: '' + kind: Service + name: tdarr-web + port: 8265 + weight: 100 + matches: + - path: + type: PathPrefix + value: / persistence: config: forceRename: tdarr-config diff --git a/clusters/cl01tl/helm/traefik/Chart.yaml b/clusters/cl01tl/helm/traefik/Chart.yaml index 118310cdd..37fb9994e 100644 --- a/clusters/cl01tl/helm/traefik/Chart.yaml +++ b/clusters/cl01tl/helm/traefik/Chart.yaml @@ -21,4 +21,5 @@ dependencies: version: 1.13.0 repository: https://traefik.github.io/charts icon: https://cdn.jsdelivr.net/gh/selfhst/icons/webp/traefik.webp +# renovate: github=traefik/traefik appVersion: v3.6.4 diff --git a/clusters/cl01tl/helm/trivy/Chart.yaml b/clusters/cl01tl/helm/trivy/Chart.yaml index ab6102cba..a572d303d 100644 --- a/clusters/cl01tl/helm/trivy/Chart.yaml +++ b/clusters/cl01tl/helm/trivy/Chart.yaml @@ -19,4 +19,5 @@ dependencies: version: 0.31.0 repository: https://aquasecurity.github.io/helm-charts/ icon: https://raw.githubusercontent.com/aquasecurity/trivy/main/docs/imgs/logo.png +# renovate: github=aquasecurity/trivy appVersion: 0.31.0 diff --git a/clusters/cl01tl/helm/tubearchivist/Chart.yaml b/clusters/cl01tl/helm/tubearchivist/Chart.yaml index 13e34bc5e..4f7137b50 100644 --- a/clusters/cl01tl/helm/tubearchivist/Chart.yaml +++ b/clusters/cl01tl/helm/tubearchivist/Chart.yaml @@ -24,4 +24,5 @@ dependencies: version: 0.5.0 repository: oci://harbor.alexlebens.net/helm-charts icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tube-archivist.png +# renovate: github=argoproj/argo-workflows appVersion: v0.5.8 diff --git a/clusters/cl01tl/helm/tubearchivist/templates/http-route.yaml b/clusters/cl01tl/helm/tubearchivist/templates/http-route.yaml deleted file mode 100644 index daeddaf08..000000000 --- a/clusters/cl01tl/helm/tubearchivist/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-tubearchivist - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-tubearchivist - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - tubearchivist.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: tubearchivist - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/tubearchivist/values.yaml b/clusters/cl01tl/helm/tubearchivist/values.yaml index 373069cd6..cac317c97 100644 --- a/clusters/cl01tl/helm/tubearchivist/values.yaml +++ b/clusters/cl01tl/helm/tubearchivist/values.yaml @@ -87,6 +87,27 @@ tubearchivist: port: 80 targetPort: 24000 protocol: HTTP + route: + main: + kind: HTTPRoute + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik + hostnames: + - tubearchivist.alexlebens.net + rules: + - backendRefs: + - group: '' + kind: Service + name: tubearchivist + port: 80 + weight: 100 + matches: + - path: + type: PathPrefix + value: / persistence: data: storageClass: ceph-block diff --git a/clusters/cl01tl/helm/unpackerr/Chart.yaml b/clusters/cl01tl/helm/unpackerr/Chart.yaml index 89f8430d6..4a1ff16dc 100644 --- a/clusters/cl01tl/helm/unpackerr/Chart.yaml +++ b/clusters/cl01tl/helm/unpackerr/Chart.yaml @@ -19,4 +19,5 @@ dependencies: repository: https://bjw-s-labs.github.io/helm-charts/ version: 4.5.0 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/unpackerr.png +# renovate: github=Unpackerr/unpackerr appVersion: 0.14.5 diff --git a/clusters/cl01tl/helm/unpoller/Chart.yaml b/clusters/cl01tl/helm/unpoller/Chart.yaml index b40955c2e..81461d2a7 100644 --- a/clusters/cl01tl/helm/unpoller/Chart.yaml +++ b/clusters/cl01tl/helm/unpoller/Chart.yaml @@ -20,4 +20,5 @@ dependencies: repository: https://bjw-s-labs.github.io/helm-charts/ version: 4.5.0 icon: https://camo.githubusercontent.com/c5d07a5b3acfeac8e1c25bf56f440ffe032b86e4e7f15de82357f022a43fc927/68747470733a2f2f756e706f6c6c65722e636f6d2f696d672f6c6f676f2e706e67 +# renovate: github=unpoller/unpoller appVersion: v2.18.0 diff --git a/clusters/cl01tl/helm/unpoller/templates/service-monitor.yaml b/clusters/cl01tl/helm/unpoller/templates/service-monitor.yaml deleted file mode 100644 index da65103f3..000000000 --- a/clusters/cl01tl/helm/unpoller/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: unpoller - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: unpoller - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: unpoller - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: metrics - interval: 30s - scrapeTimeout: 10s - path: /metrics diff --git a/clusters/cl01tl/helm/unpoller/values.yaml b/clusters/cl01tl/helm/unpoller/values.yaml index 6afdaf167..52f1c5764 100644 --- a/clusters/cl01tl/helm/unpoller/values.yaml +++ b/clusters/cl01tl/helm/unpoller/values.yaml @@ -53,3 +53,15 @@ unpoller: port: 9130 targetPort: 9130 protocol: TCP + serviceMonitor: + main: + selector: + matchLabels: + app.kubernetes.io/name: unpoller + app.kubernetes.io/instance: unpoller + serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}' + endpoints: + - port: metrics + interval: 30s + scrapeTimeout: 10s + path: /metrics diff --git a/clusters/cl01tl/helm/vault/Chart.yaml b/clusters/cl01tl/helm/vault/Chart.yaml index 7ac122a8a..aac9182c0 100644 --- a/clusters/cl01tl/helm/vault/Chart.yaml +++ b/clusters/cl01tl/helm/vault/Chart.yaml @@ -30,4 +30,5 @@ dependencies: repository: https://bjw-s-labs.github.io/helm-charts/ version: 4.5.0 icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/vault.png +# renovate: github=hashicorp/vault appVersion: 1.21.1 diff --git a/clusters/cl01tl/helm/vault/templates/http-route.yaml b/clusters/cl01tl/helm/vault/templates/http-route.yaml index eec423414..efc9bdf25 100644 --- a/clusters/cl01tl/helm/vault/templates/http-route.yaml +++ b/clusters/cl01tl/helm/vault/templates/http-route.yaml @@ -1,10 +1,10 @@ apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: - name: http-route-vault + name: vault namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: http-route-vault + app.kubernetes.io/name: vault app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: diff --git a/clusters/cl01tl/helm/vaultwarden/Chart.lock b/clusters/cl01tl/helm/vaultwarden/Chart.lock index e17e60768..fdcb2972e 100644 --- a/clusters/cl01tl/helm/vaultwarden/Chart.lock +++ b/clusters/cl01tl/helm/vaultwarden/Chart.lock @@ -7,9 +7,9 @@ dependencies: version: 2.1.4 - name: postgres-cluster repository: oci://harbor.alexlebens.net/helm-charts - version: 7.1.4 + version: 7.4.3 - name: volsync-target repository: oci://harbor.alexlebens.net/helm-charts version: 0.6.0 -digest: sha256:82071c9d2dc27e73c80c0d92b231da700a0711ae21826da69e6c80fbfca0b623 -generated: "2025-12-21T19:07:56.33461527Z" +digest: sha256:3dca1ff68c0594d84b5b066eb9dea6931443c582933650a2ab02a662320b0730 +generated: "2025-12-24T00:23:23.112092-06:00" diff --git a/clusters/cl01tl/helm/vaultwarden/Chart.yaml b/clusters/cl01tl/helm/vaultwarden/Chart.yaml index bd693edfc..9ef4a36a3 100644 --- a/clusters/cl01tl/helm/vaultwarden/Chart.yaml +++ b/clusters/cl01tl/helm/vaultwarden/Chart.yaml @@ -27,11 +27,12 @@ dependencies: version: 2.1.4 - name: postgres-cluster alias: postgres-18-cluster - version: 7.1.4 + version: 7.4.3 repository: oci://harbor.alexlebens.net/helm-charts - name: volsync-target alias: volsync-target-data version: 0.6.0 repository: oci://harbor.alexlebens.net/helm-charts icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/vaultwarden.png +# renovate: github=dani-garcia/vaultwarden appVersion: 1.34.3 diff --git a/clusters/cl01tl/helm/vaultwarden/templates/external-secret.yaml b/clusters/cl01tl/helm/vaultwarden/templates/external-secret.yaml deleted file mode 100644 index 411083ad6..000000000 --- a/clusters/cl01tl/helm/vaultwarden/templates/external-secret.yaml +++ /dev/null @@ -1,65 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: vaultwarden-postgresql-18-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: vaultwarden-postgresql-18-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: vaultwarden-postgresql-18-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: vaultwarden-postgresql-18-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/helm/vaultwarden/values.yaml b/clusters/cl01tl/helm/vaultwarden/values.yaml index e7a282f03..fe4bb482c 100644 --- a/clusters/cl01tl/helm/vaultwarden/values.yaml +++ b/clusters/cl01tl/helm/vaultwarden/values.yaml @@ -49,58 +49,46 @@ vaultwarden: readOnly: false postgres-18-cluster: mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path recovery: method: objectStore objectStore: - destinationPath: s3://postgres-backups/cl01tl/vaultwarden/vaultwarden-postgresql-18-cluster - endpointURL: http://garage-main.garage:3900 index: 1 - endpointCredentials: vaultwarden-postgresql-18-cluster-backup-secret-garage backup: objectStore: - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/vaultwarden/vaultwarden-postgresql-18-cluster index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: vaultwarden-postgresql-18-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" + destinationBucket: postgres-backups + externalSecretCredentialPath: /garage/home-infra/postgres-backups isWALArchiver: true - # - name: external - # destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/vaultwarden/vaultwarden-postgresql-18-cluster - # index: 1 - # retentionPolicy: "30d" - # isWALArchiver: false # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/vaultwarden/vaultwarden-postgresql-18-cluster # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: vaultwarden-postgresql-18-cluster-backup-secret-garage - # retentionPolicy: "30d" + # destinationBucket: postgres-backups + # externalSecretCredentialPath: /garage/home-infra/postgres-backups + # retentionPolicy: "90d" # data: # compression: bzip2 - # jobs: 2 + # - name: external + # index: 1 + # endpointURL: https://nyc3.digitaloceanspaces.com + # destinationBucket: postgres-backups-ce540ddf106d186bbddca68a + # externalSecretCredentialPath: /garage/home-infra/postgres-backups + # isWALArchiver: false scheduledBackups: - name: live-backup suspend: false immediate: true schedule: "0 0 0 * * *" backupName: garage-local - # - name: daily-backup - # suspend: false - # immediate: true - # schedule: "0 0 0 * * *" - # backupName: external # - name: weekly-backup # suspend: true # immediate: true # schedule: "0 0 4 * * SAT" # backupName: garage-remote + # - name: daily-backup + # suspend: true + # immediate: true + # schedule: "0 0 0 * * *" + # backupName: external volsync-target-data: pvcTarget: vaultwarden-data local: diff --git a/clusters/cl01tl/helm/volsync/Chart.yaml b/clusters/cl01tl/helm/volsync/Chart.yaml index a84641df4..e49392941 100644 --- a/clusters/cl01tl/helm/volsync/Chart.yaml +++ b/clusters/cl01tl/helm/volsync/Chart.yaml @@ -19,4 +19,5 @@ dependencies: version: 0.14.0 repository: https://backube.github.io/helm-charts/ icon: https://raw.githubusercontent.com/backube/volsync/main/docs/media/volsync.svg?sanitize=true +# renovate: github=backube/volsync appVersion: 0.14.0 diff --git a/clusters/cl01tl/helm/whodb/Chart.yaml b/clusters/cl01tl/helm/whodb/Chart.yaml index 90af69e46..c2726dd08 100644 --- a/clusters/cl01tl/helm/whodb/Chart.yaml +++ b/clusters/cl01tl/helm/whodb/Chart.yaml @@ -19,4 +19,5 @@ dependencies: repository: https://bjw-s-labs.github.io/helm-charts/ version: 4.5.0 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/whodb.png +# renovate: github=clidey/whodb appVersion: 0.83.0 diff --git a/clusters/cl01tl/helm/whodb/templates/http-route.yaml b/clusters/cl01tl/helm/whodb/templates/http-route.yaml deleted file mode 100644 index 0e16e79d6..000000000 --- a/clusters/cl01tl/helm/whodb/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-whodb - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-whodb - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - whodb.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: whodb - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/whodb/values.yaml b/clusters/cl01tl/helm/whodb/values.yaml index a604210cb..42fca67a5 100644 --- a/clusters/cl01tl/helm/whodb/values.yaml +++ b/clusters/cl01tl/helm/whodb/values.yaml @@ -27,3 +27,24 @@ whodb: port: 80 targetPort: 8080 protocol: TCP + route: + main: + kind: HTTPRoute + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik + hostnames: + - whodb.alexlebens.net + rules: + - backendRefs: + - group: '' + kind: Service + name: whodb + port: 80 + weight: 100 + matches: + - path: + type: PathPrefix + value: / diff --git a/clusters/cl01tl/helm/yamtrack/Chart.lock b/clusters/cl01tl/helm/yamtrack/Chart.lock index b062be701..0a70dd069 100644 --- a/clusters/cl01tl/helm/yamtrack/Chart.lock +++ b/clusters/cl01tl/helm/yamtrack/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 4.5.0 - name: postgres-cluster repository: oci://harbor.alexlebens.net/helm-charts - version: 7.1.4 + version: 7.4.3 - name: redis-replication repository: oci://harbor.alexlebens.net/helm-charts version: 0.5.0 -digest: sha256:52ab906ef4a4f00d106cf80f1cd6e572f3cfd1d9d56a95693717cf8115ffa32d -generated: "2025-12-21T19:08:10.751927688Z" +digest: sha256:3cac306bd241321e8ef8598eefdf3652097412aeac2c855697b981e8ac15cfe3 +generated: "2025-12-24T00:26:08.737793-06:00" diff --git a/clusters/cl01tl/helm/yamtrack/Chart.yaml b/clusters/cl01tl/helm/yamtrack/Chart.yaml index e911b6f8b..46f9d016f 100644 --- a/clusters/cl01tl/helm/yamtrack/Chart.yaml +++ b/clusters/cl01tl/helm/yamtrack/Chart.yaml @@ -22,10 +22,11 @@ dependencies: version: 4.5.0 - name: postgres-cluster alias: postgres-18-cluster - version: 7.1.4 + version: 7.4.3 repository: oci://harbor.alexlebens.net/helm-charts - name: redis-replication version: 0.5.0 repository: oci://harbor.alexlebens.net/helm-charts icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/yamtrack.png +# renovate: github=FuzzyGrim/Yamtrack appVersion: 0.24.8 diff --git a/clusters/cl01tl/helm/yamtrack/templates/external-secret.yaml b/clusters/cl01tl/helm/yamtrack/templates/external-secret.yaml index 89270d19e..326d40c7c 100644 --- a/clusters/cl01tl/helm/yamtrack/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/yamtrack/templates/external-secret.yaml @@ -42,70 +42,3 @@ spec: key: /authentik/oidc/yamtrack metadataPolicy: None property: SOCIALACCOUNT_PROVIDERS - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: yamtrack-postgresql-18-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: yamtrack-postgresql-18-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: yamtrack-postgresql-18-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: yamtrack-postgresql-18-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/helm/yamtrack/templates/http-route.yaml b/clusters/cl01tl/helm/yamtrack/templates/http-route.yaml deleted file mode 100644 index 38b3fd466..000000000 --- a/clusters/cl01tl/helm/yamtrack/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-yamtrack - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-yamtrack - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - yamtrack.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: yamtrack - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/yamtrack/values.yaml b/clusters/cl01tl/helm/yamtrack/values.yaml index cbb8c7559..d8569771a 100644 --- a/clusters/cl01tl/helm/yamtrack/values.yaml +++ b/clusters/cl01tl/helm/yamtrack/values.yaml @@ -69,60 +69,69 @@ yamtrack: port: 80 targetPort: 8000 protocol: HTTP + route: + main: + kind: HTTPRoute + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik + hostnames: + - yamtrack.alexlebens.net + rules: + - backendRefs: + - group: '' + kind: Service + name: yamtrack + port: 80 + weight: 100 + matches: + - path: + type: PathPrefix + value: / postgres-18-cluster: mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path recovery: method: objectStore objectStore: - destinationPath: s3://postgres-backups/cl01tl/yamtrack/yamtrack-postgresql-18-cluster - endpointURL: http://garage-main.garage:3900 index: 1 - endpointCredentials: yamtrack-postgresql-18-cluster-backup-secret-garage backup: objectStore: - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/yamtrack/yamtrack-postgresql-18-cluster index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: yamtrack-postgresql-18-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" + destinationBucket: postgres-backups + externalSecretCredentialPath: /garage/home-infra/postgres-backups isWALArchiver: true - # - name: external - # destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/yamtrack/yamtrack-postgresql-18-cluster - # index: 1 - # retentionPolicy: "30d" - # isWALArchiver: false # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/yamtrack/yamtrack-postgresql-18-cluster # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: yamtrack-postgresql-18-cluster-backup-secret-garage - # retentionPolicy: "30d" + # destinationBucket: postgres-backups + # externalSecretCredentialPath: /garage/home-infra/postgres-backups + # retentionPolicy: "90d" # data: # compression: bzip2 - # jobs: 2 + # - name: external + # index: 1 + # endpointURL: https://nyc3.digitaloceanspaces.com + # destinationBucket: postgres-backups-ce540ddf106d186bbddca68a + # externalSecretCredentialPath: /garage/home-infra/postgres-backups + # isWALArchiver: false scheduledBackups: - name: live-backup suspend: false immediate: true schedule: "0 0 0 * * *" backupName: garage-local - # - name: daily-backup - # suspend: false - # immediate: true - # schedule: "0 0 0 * * *" - # backupName: external # - name: weekly-backup # suspend: true # immediate: true # schedule: "0 0 4 * * SAT" # backupName: garage-remote + # - name: daily-backup + # suspend: true + # immediate: true + # schedule: "0 0 0 * * *" + # backupName: external redis-replication: existingSecret: enabled: false