alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 4 Actions Activity

feat: refactor apps
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 46s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 26s
Details
render-manifests / render-manifests (pull_request) Successful in 1m28s
Details

Browse Source
This commit is contained in:
Alex Lebens
2026-04-06 17:48:10 -05:00
parent f1ce1b9f63
commit f58edfc9f9
11 changed files with 52 additions and 176 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
clusters/cl01tl/helm/roundcube/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0
version: 7.11.2
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:755aa4db5c7142d46af4a80c9fce49c3c558cc81042c9a00a0bdcd607276e856
generated: "2026-03-15T20:09:18.053504671Z"
digest: sha256:3385cf67283187e62972293322a24c0bd3cf979cd870a3f157728e50b601e4f6
generated: "2026-04-06T17:40:21.003745-05:00"

8
clusters/cl01tl/helm/roundcube/Chart.yaml
View File

@@ -4,12 +4,12 @@ version: 1.0.0
description: Roundcube
keywords:
- roundcube
- email
home: https://wiki.alexlebens.dev/s/68896660-74d8-4166-82bd-f7c282cdb08e
- email-client
home: https://docs.alexlebens.dev/applications/rclone/
sources:
- https://github.com/roundcube/roundcubemail
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/roundcube/roundcubemail
- https://hub.docker.com/_/nginx
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
maintainers:
@@ -21,7 +21,7 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.10.0
version: 7.11.2
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data

3
clusters/cl01tl/helm/roundcube/templates/external-secret.yaml
View File

@@ -14,8 +14,5 @@ spec:
data:
- secretKey: DES_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/roundcube/key
metadataPolicy: None
property: DES_KEY

63
clusters/cl01tl/helm/roundcube/values.yaml
View File

@@ -4,13 +4,11 @@ roundcube:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: roundcube/roundcubemail
tag: 1.6.15-fpm-alpine
pullPolicy: IfNotPresent
tag: 1.6.15-fpm-alpine@sha256:0e07c1c66d5a1392f0c47cc79e85e0c60095108f715037d7d0aa3fd8cbe2e780
env:
- name: ROUNDCUBEMAIL_DB_TYPE
value: pgsql
@@ -53,40 +51,32 @@ roundcube:
value: archive,zipdownload,newmail_notifier
resources:
requests:
cpu: 10m
memory: 256Mi
cpu: 1m
memory: 40Mi
nginx:
image:
repository: nginx
tag: 1.29.7-alpine-slim
pullPolicy: IfNotPresent
tag: 1.29.7-alpine-slim@sha256:0848ca84c476868cbeb6a5c2c009a98821b8540f96c44b1ba06820db50262e35
env:
- name: NGINX_HOST
value: mail.alexlebens.net
- name: NGINX_PHP_CGI
value: roundcube.roundcube:9000
resources:
requests:
cpu: 10m
memory: 128Mi
cleandb:
type: cronjob
cronjob:
suspend: false
concurrencyPolicy: Forbid
timeZone: US/Central
timeZone: America/Chicago
schedule: 30 4 * * *
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
backup:
image:
repository: roundcube/roundcubemail
tag: 1.6.15-fpm-alpine
pullPolicy: IfNotPresent
tag: 1.6.15-fpm-alpine@sha256:0e07c1c66d5a1392f0c47cc79e85e0c60095108f715037d7d0aa3fd8cbe2e780
args:
- bin/cleandb.sh
env:
- name: ROUNDCUBEMAIL_DB_TYPE
value: pgsql
@@ -123,12 +113,6 @@ roundcube:
value: elastic
- name: ROUNDCUBEMAIL_PLUGINS
value: archive,zipdownload,newmail_notifier
args:
- bin/cleandb.sh
resources:
requests:
cpu: 100m
memory: 128Mi
configMaps:
config:
enabled: true
@@ -167,11 +151,9 @@ roundcube:
mail:
port: 9000
targetPort: 9000
protocol: HTTP
web:
port: 80
targetPort: 80
protocol: HTTP
route:
main:
kind: HTTPRoute
@@ -184,11 +166,8 @@ roundcube:
- mail.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: roundcube
- name: roundcube
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -210,7 +189,6 @@ roundcube:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
main:
main:
@@ -239,35 +217,12 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 40 15 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-data:
pvcTarget: roundcube-data
local:

6
clusters/cl01tl/helm/rybbit/Chart.lock
View File

@@ -7,9 +7,9 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0
version: 7.11.2
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:9342eb966ec3e8020aa6b1d6d2ac72d2c4a46c4ed70c5cf52c16ff25d2f2b0fa
generated: "2026-03-15T20:09:33.800790437Z"
digest: sha256:95bab760e3dc94ba3affe42d2f91bc274ed520865a461cdaac61ba47eab6f39f
generated: "2026-04-06T17:43:01.938961-05:00"

8
clusters/cl01tl/helm/rybbit/Chart.yaml
View File

@@ -5,12 +5,16 @@ description: Rybbit
keywords:
- rybbit
- analytics
home: https://wiki.alexlebens.dev/s/
home: https://docs.alexlebens.dev/applications/rybbit/
sources:
- https://github.com/rybbit-io/rybbit
- https://github.com/rybbit-io/rybbit/pkgs/container/rybbit-backend
- https://github.com/rybbit-io/rybbit/pkgs/container/rybbit-client
- https://hub.docker.com/r/clickhouse/clickhouse-server/
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -23,7 +27,7 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.10.0
version: 7.11.2
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-clickhouse-data

12
clusters/cl01tl/helm/rybbit/templates/external-secret.yaml
View File

@@ -14,29 +14,17 @@ spec:
data:
- secretKey: clickhouse-user
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/rybbit/clickhouse
metadataPolicy: None
property: user
- secretKey: clickhouse-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/rybbit/clickhouse
metadataPolicy: None
property: password
- secretKey: better-auth-secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/rybbit/auth
metadataPolicy: None
property: better-auth-secret
- secretKey: mapbox-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/rybbit/auth
metadataPolicy: None
property: mapbox-token

75
clusters/cl01tl/helm/rybbit/values.yaml
View File

@@ -4,13 +4,11 @@ rybbit:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/rybbit-io/rybbit-backend
tag: v2.5.0
pullPolicy: IfNotPresent
tag: v2.5.0@sha256:fd00f61abe592f872a0e4ac13f8c7b190ab2810e72f898faea4809d7ced46eef
env:
- name: NODE_ENV
value: production
@@ -71,17 +69,12 @@ rybbit:
key: mapbox-token
probes:
liveness:
enabled: false
enabled: true
custom: true
spec:
exec:
command:
- CMD
- wget
- --no-verbose
- --tries=1
- --spider
- http://127.0.0.1:3001/api/health
httpGet:
path: /api/health
port: 3001
failureThreshold: 5
initialDelaySeconds: 10
periodSeconds: 30
@@ -90,18 +83,16 @@ rybbit:
resources:
requests:
cpu: 10m
memory: 256Mi
memory: 200Mi
client:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: harbor.alexlebens.net/images/rybbit-client
tag: v2.4.0
pullPolicy: IfNotPresent
repository: ghcr.io/rybbit-io/rybbit-client
tag: v2.5.0@sha256:741908be311a23ee4e58c5f82c6740bf75bbe4f7430ff2aec420f6189b1378b8
env:
- name: NODE_ENV
value: production
@@ -112,18 +103,16 @@ rybbit:
resources:
requests:
cpu: 10m
memory: 256Mi
memory: 100Mi
clickhouse:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: clickhouse/clickhouse-server
tag: 26.3.3
pullPolicy: IfNotPresent
tag: 26.3.3@sha256:5cfbc0598ee3bd850ac1b2ab150e6c9ec7b9207f1a97617e015325fb5df053d0
env:
- name: CLICKHOUSE_DB
value: analytics
@@ -139,17 +128,12 @@ rybbit:
key: clickhouse-password
probes:
liveness:
enabled: false
enabled: true
custom: true
spec:
exec:
command:
- CMD
- wget
- --no-verbose
- --tries=1
- --spider
- http://localhost:8123/ping
httpGet:
path: /ping
port: 8123
failureThreshold: 5
initialDelaySeconds: 10
periodSeconds: 30
@@ -157,8 +141,8 @@ rybbit:
timeoutSeconds: 5
resources:
requests:
cpu: 10m
memory: 256Mi
cpu: 40m
memory: 300Mi
configMaps:
config:
enabled: true
@@ -208,28 +192,24 @@ rybbit:
http:
port: 3001
targetPort: 3001
protocol: HTTP
client:
controller: client
ports:
http:
port: 3002
targetPort: 3002
protocol: TCP
clickhouse:
controller: clickhouse
ports:
http:
port: 8123
targetPort: 8123
protocol: TCP
persistence:
clickhouse:
forceRename: clickhouse-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: true
advancedMounts:
clickhouse:
main:
@@ -271,35 +251,12 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 45 15 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-clickhouse-data:
pvcTarget: clickhouse-data
moverSecurityContext:

5
clusters/cl01tl/helm/s3-exporter/Chart.yaml
View File

@@ -5,9 +5,7 @@ description: S3 Exporter
keywords:
- s3-exporter
- storage
- monitoring
- metrics
home: https://wiki.alexlebens.dev/s/
home: https://docs.alexlebens.dev/applications/s3-exporter/
sources:
- https://github.com/molu8bits/s3bucket_exporter
- https://hub.docker.com/r/molu8bits/s3bucket_exporter
@@ -19,5 +17,6 @@ dependencies:
alias: s3-exporter
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/amazon-s3.webp
# renovate: datasource=github-releases depName=molu8bits/s3bucket_exporter
appVersion: 1.0.2

15
clusters/cl01tl/helm/s3-exporter/templates/external-secret.yaml
View File

@@ -14,24 +14,15 @@ spec:
data:
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/all-access
metadataPolicy: None
property: AWS_ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/all-access
metadataPolicy: None
property: AWS_SECRET_ACCESS_KEY
- secretKey: AWS_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/prometheus-exporter
metadataPolicy: None
property: AWS_REGION
---
@@ -51,15 +42,9 @@ spec:
data:
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/s3-exporter
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/s3-exporter
metadataPolicy: None
property: ACCESS_SECRET_KEY

27
clusters/cl01tl/helm/s3-exporter/values.yaml
View File

@@ -4,13 +4,11 @@ s3-exporter:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: molu8bits/s3bucket_exporter
tag: 1.0.2
pullPolicy: IfNotPresent
tag: 1.0.2@sha256:75fc839c5f12cdbf20babab534959c96356b4483743e730409132bbda6944505
env:
- name: S3_NAME
value: digital-ocean
@@ -37,19 +35,17 @@ s3-exporter:
value: false
resources:
requests:
cpu: 10m
memory: 64Mi
cpu: 1m
memory: 40Mi
garage-local:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: molu8bits/s3bucket_exporter
tag: 1.0.2
pullPolicy: IfNotPresent
tag: 1.0.2@sha256:75fc839c5f12cdbf20babab534959c96356b4483743e730409132bbda6944505
env:
- name: S3_NAME
value: garage-local
@@ -73,19 +69,17 @@ s3-exporter:
value: true
resources:
requests:
cpu: 10m
memory: 64Mi
cpu: 1m
memory: 40Mi
garage-remote:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: molu8bits/s3bucket_exporter
tag: 1.0.2
pullPolicy: IfNotPresent
tag: 1.0.2@sha256:75fc839c5f12cdbf20babab534959c96356b4483743e730409132bbda6944505
env:
- name: S3_NAME
value: garage-remote
@@ -109,8 +103,8 @@ s3-exporter:
value: true
resources:
requests:
cpu: 10m
memory: 64Mi
cpu: 1m
memory: 40Mi
service:
digital-ocean:
controller: digital-ocean
@@ -118,21 +112,18 @@ s3-exporter:
metrics:
port: 9655
targetPort: 9655
protocol: TCP
garage-local:
controller: garage-local
ports:
metrics:
port: 9655
targetPort: 9655
protocol: TCP
garage-remote:
controller: garage-remote
ports:
metrics:
port: 9655
targetPort: 9655
protocol: TCP
serviceMonitor:
digital-ocean:
selector: