From f74d526f874366a341b247ae407ba019c3393511 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Sat, 29 Nov 2025 21:48:56 -0600 Subject: [PATCH] remove all --- LICENSE | 201 ----- README.md | 7 - .../cl01tl/applications/actual/Chart.yaml | 21 - .../actual/templates/external-secret.yaml | 55 -- .../actual/templates/http-route.yaml | 28 - .../actual/templates/replication-source.yaml | 25 - .../cl01tl/applications/actual/values.yaml | 56 -- .../applications/audiobookshelf/Chart.yaml | 23 - .../templates/external-secret.yaml | 135 --- .../audiobookshelf/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 36 - .../templates/persistent-volume.yaml | 23 - .../templates/replication-source.yaml | 52 -- .../templates/service-monitor.yaml | 19 - .../applications/audiobookshelf/values.yaml | 94 --- .../cl01tl/applications/bazarr/Chart.yaml | 23 - .../bazarr/templates/external-secret.yaml | 55 -- .../bazarr/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../bazarr/templates/persistent-volume.yaml | 23 - .../bazarr/templates/replication-source.yaml | 30 - .../cl01tl/applications/bazarr/values.yaml | 57 -- .../cl01tl/applications/booklore/Chart.yaml | 24 - .../booklore/templates/external-secret.yaml | 332 -------- .../booklore/templates/http-route.yaml | 28 - .../booklore/templates/namespace.yaml | 10 - .../templates/persistent-volume-claim.yaml | 36 - .../booklore/templates/persistent-volume.yaml | 48 -- .../templates/replication-destination.yaml | 15 - .../templates/replication-source.yaml | 129 --- .../booklore/templates/service.yaml | 14 - .../cl01tl/applications/booklore/values.yaml | 155 ---- .../applications/code-server/Chart.yaml | 28 - .../templates/external-secret.yaml | 51 -- .../code-server/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../applications/code-server/values.yaml | 47 -- .../cl01tl/applications/directus/Chart.yaml | 33 - .../directus/templates/external-secret.yaml | 245 ------ .../templates/object-bucket-claim.yaml | 11 - .../directus/templates/redis-replication.yaml | 35 - .../directus/templates/redis-sentinel.yaml | 30 - .../directus/templates/service-monitor.yaml | 43 - .../cl01tl/applications/directus/values.yaml | 214 ----- .../applications/element-web/Chart.yaml | 27 - .../templates/external-secret.yaml | 21 - .../applications/element-web/values.yaml | 28 - .../cl01tl/applications/ephemera/Chart.yaml | 23 - .../ephemera/templates/external-secret.yaml | 101 --- .../ephemera/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../ephemera/templates/persistent-volume.yaml | 23 - .../templates/replication-source.yaml | 26 - .../cl01tl/applications/ephemera/values.yaml | 107 --- .../cl01tl/applications/freshrss/Chart.yaml | 33 - .../freshrss/templates/external-secret.yaml | 219 ----- .../templates/replication-source.yaml | 35 - .../cl01tl/applications/freshrss/values.yaml | 251 ------ .../applications/home-assistant/Chart.yaml | 23 - .../templates/external-secret.yaml | 51 -- .../home-assistant/templates/http-route.yaml | 58 -- .../templates/service-monitor.yaml | 23 - .../applications/home-assistant/values.yaml | 70 -- .../applications/homepage-dev/Chart.yaml | 27 - .../templates/external-secret.yaml | 21 - .../applications/homepage-dev/values.yaml | 167 ---- .../cl01tl/applications/homepage/Chart.yaml | 21 - .../templates/cluster-role-binding.yaml | 17 - .../homepage/templates/cluster-role.yaml | 50 -- .../homepage/templates/external-secret.yaml | 105 --- .../homepage/templates/http-route.yaml | 28 - .../homepage/templates/service.yaml | 46 - .../cl01tl/applications/homepage/values.yaml | 795 ------------------ .../cl01tl/applications/huntarr/Chart.yaml | 21 - .../huntarr/templates/http-route.yaml | 28 - .../cl01tl/applications/huntarr/values.yaml | 39 - .../cl01tl/applications/immich/Chart.yaml | 26 - .../immich/templates/external-secrets.yaml | 88 -- .../immich/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../immich/templates/persistent-volume.yaml | 23 - .../immich/templates/redis-replication.yaml | 32 - .../immich/templates/service-monitor.yaml | 44 - .../cl01tl/applications/immich/values.yaml | 260 ------ .../cl01tl/applications/jellyfin/Chart.yaml | 25 - .../jellyfin/templates/external-secret.yaml | 55 -- .../jellyfin/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 36 - .../jellyfin/templates/persistent-volume.yaml | 48 -- .../templates/replication-source.yaml | 26 - .../cl01tl/applications/jellyfin/values.yaml | 68 -- .../cl01tl/applications/jellystat/Chart.yaml | 27 - .../jellystat/templates/external-secret.yaml | 159 ---- .../jellystat/templates/http-route.yaml | 28 - .../templates/replication-source.yaml | 25 - .../cl01tl/applications/jellystat/values.yaml | 136 --- .../cl01tl/applications/karakeep/Chart.yaml | 32 - .../karakeep/templates/external-secret.yaml | 161 ---- .../templates/object-bucket-claim.yaml | 11 - .../templates/replication-source.yaml | 25 - .../karakeep/templates/service-monitor.yaml | 23 - .../cl01tl/applications/karakeep/values.yaml | 155 ---- clusters/cl01tl/applications/kiwix/Chart.yaml | 21 - .../kiwix/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../kiwix/templates/persistent-volume.yaml | 23 - .../cl01tl/applications/kiwix/values.yaml | 38 - .../cl01tl/applications/libation/Chart.yaml | 22 - .../templates/persistent-volume-claim.yaml | 36 - .../libation/templates/persistent-volume.yaml | 23 - .../cl01tl/applications/libation/values.yaml | 44 - .../cl01tl/applications/lidarr/Chart.yaml | 30 - .../lidarr/templates/external-secret.yaml | 122 --- .../lidarr/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../lidarr/templates/persistent-volume.yaml | 23 - .../lidarr/templates/prometheus-rule.yaml | 32 - .../lidarr/templates/replication-source.yaml | 28 - .../lidarr/templates/service-monitor.yaml | 19 - .../cl01tl/applications/lidarr/values.yaml | 151 ---- .../cl01tl/applications/lidatube/Chart.yaml | 22 - .../lidatube/templates/external-secret.yaml | 21 - .../lidatube/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../lidatube/templates/persistent-volume.yaml | 23 - .../cl01tl/applications/lidatube/values.yaml | 66 -- .../cl01tl/applications/listenarr/Chart.yaml | 20 - .../listenarr/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../templates/persistent-volume.yaml | 23 - .../cl01tl/applications/listenarr/values.yaml | 46 - .../cl01tl/applications/omni-tools/Chart.yaml | 20 - .../omni-tools/templates/http-route.yaml | 28 - .../applications/omni-tools/values.yaml | 25 - .../cl01tl/applications/outline/Chart.yaml | 34 - .../outline/templates/external-secret.yaml | 148 ---- .../templates/object-bucket-claim.yaml | 30 - .../outline/templates/redis-replication.yaml | 32 - .../outline/templates/service-monitor.yaml | 19 - .../cl01tl/applications/outline/values.yaml | 203 ----- .../cl01tl/applications/overseerr/Chart.yaml | 21 - .../overseerr/templates/external-secret.yaml | 55 -- .../overseerr/templates/http-route.yaml | 28 - .../templates/replication-source.yaml | 25 - .../cl01tl/applications/overseerr/values.yaml | 40 - .../cl01tl/applications/photoview/Chart.yaml | 26 - .../photoview/templates/external-secrets.yaml | 65 -- .../photoview/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../templates/persistent-volume.yaml | 23 - .../cl01tl/applications/photoview/values.yaml | 130 --- clusters/cl01tl/applications/plex/Chart.yaml | 26 - .../plex/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../plex/templates/persistent-volume.yaml | 23 - clusters/cl01tl/applications/plex/values.yaml | 61 -- .../cl01tl/applications/postiz/Chart.yaml | 32 - .../postiz/templates/external-secret.yaml | 292 ------- .../postiz/templates/http-route.yaml | 28 - .../postiz/templates/redis-replication.yaml | 35 - .../postiz/templates/replication-source.yaml | 52 -- .../postiz/templates/service-monitor.yaml | 19 - .../cl01tl/applications/postiz/values.yaml | 163 ---- .../cl01tl/applications/prowlarr/Chart.yaml | 23 - .../prowlarr/templates/external-secret.yaml | 55 -- .../prowlarr/templates/http-route.yaml | 28 - .../templates/replication-source.yaml | 35 - .../cl01tl/applications/prowlarr/values.yaml | 51 -- .../cl01tl/applications/radarr-4k/Chart.yaml | 33 - .../radarr-4k/templates/external-secret.yaml | 122 --- .../radarr-4k/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../templates/persistent-volume.yaml | 23 - .../radarr-4k/templates/prometheus-rule.yaml | 32 - .../templates/replication-source.yaml | 30 - .../radarr-4k/templates/service-monitor.yaml | 19 - .../cl01tl/applications/radarr-4k/values.yaml | 151 ---- .../applications/radarr-anime/Chart.yaml | 33 - .../templates/external-secret.yaml | 122 --- .../radarr-anime/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../templates/persistent-volume.yaml | 23 - .../templates/prometheus-rule.yaml | 32 - .../templates/replication-source.yaml | 30 - .../templates/service-monitor.yaml | 19 - .../applications/radarr-anime/values.yaml | 145 ---- .../applications/radarr-standup/Chart.yaml | 32 - .../templates/external-secret.yaml | 122 --- .../radarr-standup/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../templates/persistent-volume.yaml | 23 - .../templates/prometheus-rule.yaml | 32 - .../templates/replication-source.yaml | 30 - .../templates/service-monitor.yaml | 19 - .../applications/radarr-standup/values.yaml | 145 ---- .../cl01tl/applications/radarr/Chart.yaml | 32 - .../radarr/templates/external-secret.yaml | 122 --- .../radarr/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../radarr/templates/persistent-volume.yaml | 23 - .../radarr/templates/prometheus-rule.yaml | 32 - .../radarr/templates/replication-source.yaml | 30 - .../radarr/templates/service-monitor.yaml | 19 - .../cl01tl/applications/radarr/values.yaml | 151 ---- .../cl01tl/applications/roundcube/Chart.yaml | 27 - .../roundcube/templates/external-secret.yaml | 145 ---- .../roundcube/templates/http-route.yaml | 28 - .../templates/replication-source.yaml | 25 - .../cl01tl/applications/roundcube/values.yaml | 263 ------ .../cl01tl/applications/searxng/Chart.yaml | 20 - .../searxng/templates/external-secret.yaml | 85 -- .../searxng/templates/http-route.yaml | 28 - .../searxng/templates/redis-replication.yaml | 32 - .../searxng/templates/replication-source.yaml | 25 - .../searxng/templates/service-monitor.yaml | 19 - .../cl01tl/applications/searxng/values.yaml | 113 --- .../site-documentation/Chart.yaml | 28 - .../templates/external-secret.yaml | 21 - .../site-documentation/values.yaml | 30 - .../applications/site-profile/Chart.yaml | 28 - .../templates/external-secret.yaml | 21 - .../applications/site-profile/values.yaml | 30 - clusters/cl01tl/applications/slskd/Chart.yaml | 25 - .../slskd/templates/external-secret.yaml | 67 -- .../slskd/templates/http-route.yaml | 28 - .../slskd/templates/namespace.yaml | 11 - .../templates/persistent-volume-claim.yaml | 17 - .../slskd/templates/persistent-volume.yaml | 23 - .../slskd/templates/service-monitor.yaml | 19 - .../cl01tl/applications/slskd/values.yaml | 153 ---- .../cl01tl/applications/sonarr-4k/Chart.yaml | 33 - .../sonarr-4k/templates/external-secret.yaml | 122 --- .../sonarr-4k/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../templates/persistent-volume.yaml | 23 - .../sonarr-4k/templates/prometheus-rule.yaml | 32 - .../templates/replication-source.yaml | 30 - .../sonarr-4k/templates/service-monitor.yaml | 19 - .../cl01tl/applications/sonarr-4k/values.yaml | 148 ---- .../applications/sonarr-anime/Chart.yaml | 32 - .../templates/external-secret.yaml | 122 --- .../sonarr-anime/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../templates/persistent-volume.yaml | 23 - .../templates/prometheus-rule.yaml | 32 - .../templates/replication-source.yaml | 30 - .../templates/service-monitor.yaml | 19 - .../applications/sonarr-anime/values.yaml | 148 ---- .../cl01tl/applications/sonarr/Chart.yaml | 32 - .../sonarr/templates/external-secret.yaml | 122 --- .../sonarr/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../sonarr/templates/persistent-volume.yaml | 23 - .../sonarr/templates/prometheus-rule.yaml | 32 - .../sonarr/templates/replication-source.yaml | 30 - .../sonarr/templates/service-monitor.yaml | 19 - .../cl01tl/applications/sonarr/values.yaml | 149 ---- .../cl01tl/applications/tautulli/Chart.yaml | 21 - .../tautulli/templates/external-secret.yaml | 55 -- .../tautulli/templates/http-route.yaml | 28 - .../templates/replication-source.yaml | 25 - .../cl01tl/applications/tautulli/values.yaml | 148 ---- clusters/cl01tl/applications/tdarr/Chart.yaml | 29 - .../tdarr/templates/external-secret.yaml | 112 --- .../tdarr/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../tdarr/templates/persistent-volume.yaml | 23 - .../tdarr/templates/replication-source.yaml | 52 -- .../cl01tl/applications/tdarr/values.yaml | 156 ---- .../applications/tubearchivist/Chart.yaml | 24 - .../templates/elasticsearch.yaml | 42 - .../templates/external-secret.yaml | 88 -- .../tubearchivist/templates/http-route.yaml | 28 - .../tubearchivist/templates/namespace.yaml | 11 - .../templates/persistent-volume-claim.yaml | 17 - .../templates/persistent-volume.yaml | 23 - .../templates/redis-replication.yaml | 32 - .../templates/service-monitor.yaml | 19 - .../applications/tubearchivist/values.yaml | 107 --- .../applications/vaultwarden/Chart.yaml | 34 - .../templates/external-secret.yaml | 145 ---- .../templates/replication-source.yaml | 25 - .../applications/vaultwarden/values.yaml | 107 --- .../cl01tl/applications/yamtrack/Chart.yaml | 28 - .../yamtrack/templates/external-secret.yaml | 111 --- .../yamtrack/templates/http-route.yaml | 28 - .../yamtrack/templates/redis-replication.yaml | 32 - .../yamtrack/templates/service-monitor.yaml | 19 - .../cl01tl/applications/yamtrack/values.yaml | 127 --- clusters/cl01tl/deployment/argocd/Chart.yaml | 21 - .../argocd/templates/external-secret.yaml | 88 -- .../argocd/templates/http-route.yaml | 28 - clusters/cl01tl/deployment/argocd/values.yaml | 302 ------- clusters/cl01tl/deployment/stack/Chart.yaml | 16 - .../stack/templates/application-set.yaml | 57 -- .../stack/templates/application.yaml | 192 ----- clusters/cl01tl/deployment/stack/values.yaml | 112 --- clusters/cl01tl/helm/actual/Chart.yaml | 21 - .../actual/templates/external-secret.yaml | 55 -- .../helm/actual/templates/http-route.yaml | 28 - .../actual/templates/replication-source.yaml | 25 - clusters/cl01tl/helm/actual/values.yaml | 56 -- .../cl01tl/helm/audiobookshelf/Chart.yaml | 23 - .../templates/external-secret.yaml | 135 --- .../audiobookshelf/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 36 - .../templates/persistent-volume.yaml | 23 - .../templates/replication-source.yaml | 52 -- .../templates/service-monitor.yaml | 19 - .../cl01tl/helm/audiobookshelf/values.yaml | 94 --- clusters/cl01tl/helm/bazarr/Chart.yaml | 23 - .../bazarr/templates/external-secret.yaml | 55 -- .../helm/bazarr/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../bazarr/templates/persistent-volume.yaml | 23 - .../bazarr/templates/replication-source.yaml | 30 - clusters/cl01tl/helm/bazarr/values.yaml | 57 -- clusters/cl01tl/helm/booklore/Chart.yaml | 24 - .../booklore/templates/external-secret.yaml | 332 -------- .../helm/booklore/templates/http-route.yaml | 28 - .../helm/booklore/templates/namespace.yaml | 10 - .../templates/persistent-volume-claim.yaml | 36 - .../booklore/templates/persistent-volume.yaml | 48 -- .../templates/replication-destination.yaml | 15 - .../templates/replication-source.yaml | 129 --- .../helm/booklore/templates/service.yaml | 14 - clusters/cl01tl/helm/booklore/values.yaml | 155 ---- clusters/cl01tl/helm/code-server/Chart.yaml | 28 - .../templates/external-secret.yaml | 51 -- .../code-server/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - clusters/cl01tl/helm/code-server/values.yaml | 47 -- clusters/cl01tl/helm/directus/Chart.yaml | 33 - .../directus/templates/external-secret.yaml | 245 ------ .../templates/object-bucket-claim.yaml | 11 - .../directus/templates/redis-replication.yaml | 35 - .../directus/templates/redis-sentinel.yaml | 30 - .../directus/templates/service-monitor.yaml | 43 - clusters/cl01tl/helm/directus/values.yaml | 214 ----- clusters/cl01tl/helm/element-web/Chart.yaml | 27 - .../templates/external-secret.yaml | 21 - clusters/cl01tl/helm/element-web/values.yaml | 28 - clusters/cl01tl/helm/ephemera/Chart.yaml | 23 - .../ephemera/templates/external-secret.yaml | 101 --- .../helm/ephemera/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../ephemera/templates/persistent-volume.yaml | 23 - .../templates/replication-source.yaml | 26 - clusters/cl01tl/helm/ephemera/values.yaml | 107 --- clusters/cl01tl/helm/freshrss/Chart.yaml | 33 - .../freshrss/templates/external-secret.yaml | 219 ----- .../templates/replication-source.yaml | 35 - clusters/cl01tl/helm/freshrss/values.yaml | 251 ------ .../cl01tl/helm/home-assistant/Chart.yaml | 23 - .../templates/external-secret.yaml | 51 -- .../home-assistant/templates/http-route.yaml | 58 -- .../templates/service-monitor.yaml | 23 - .../cl01tl/helm/home-assistant/values.yaml | 70 -- clusters/cl01tl/helm/homepage-dev/Chart.yaml | 27 - .../templates/external-secret.yaml | 21 - clusters/cl01tl/helm/homepage-dev/values.yaml | 167 ---- clusters/cl01tl/helm/homepage/Chart.yaml | 21 - .../templates/cluster-role-binding.yaml | 17 - .../helm/homepage/templates/cluster-role.yaml | 50 -- .../homepage/templates/external-secret.yaml | 105 --- .../helm/homepage/templates/http-route.yaml | 28 - .../helm/homepage/templates/service.yaml | 46 - clusters/cl01tl/helm/homepage/values.yaml | 795 ------------------ clusters/cl01tl/helm/huntarr/Chart.yaml | 21 - .../helm/huntarr/templates/http-route.yaml | 28 - clusters/cl01tl/helm/huntarr/values.yaml | 39 - clusters/cl01tl/helm/immich/Chart.yaml | 26 - .../immich/templates/external-secrets.yaml | 88 -- .../helm/immich/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../immich/templates/persistent-volume.yaml | 23 - .../immich/templates/redis-replication.yaml | 32 - .../immich/templates/service-monitor.yaml | 44 - clusters/cl01tl/helm/immich/values.yaml | 260 ------ clusters/cl01tl/helm/jellyfin/Chart.yaml | 25 - .../jellyfin/templates/external-secret.yaml | 55 -- .../helm/jellyfin/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 36 - .../jellyfin/templates/persistent-volume.yaml | 48 -- .../templates/replication-source.yaml | 26 - clusters/cl01tl/helm/jellyfin/values.yaml | 68 -- clusters/cl01tl/helm/jellystat/Chart.yaml | 27 - .../jellystat/templates/external-secret.yaml | 159 ---- .../helm/jellystat/templates/http-route.yaml | 28 - .../templates/replication-source.yaml | 25 - clusters/cl01tl/helm/jellystat/values.yaml | 136 --- clusters/cl01tl/helm/karakeep/Chart.yaml | 32 - .../karakeep/templates/external-secret.yaml | 161 ---- .../templates/object-bucket-claim.yaml | 11 - .../templates/replication-source.yaml | 25 - .../karakeep/templates/service-monitor.yaml | 23 - clusters/cl01tl/helm/karakeep/values.yaml | 155 ---- clusters/cl01tl/helm/kiwix/Chart.yaml | 21 - .../helm/kiwix/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../kiwix/templates/persistent-volume.yaml | 23 - clusters/cl01tl/helm/kiwix/values.yaml | 38 - clusters/cl01tl/helm/libation/Chart.yaml | 22 - .../templates/persistent-volume-claim.yaml | 36 - .../libation/templates/persistent-volume.yaml | 23 - clusters/cl01tl/helm/libation/values.yaml | 44 - clusters/cl01tl/helm/lidarr/Chart.yaml | 30 - .../lidarr/templates/external-secret.yaml | 122 --- .../helm/lidarr/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../lidarr/templates/persistent-volume.yaml | 23 - .../lidarr/templates/prometheus-rule.yaml | 32 - .../lidarr/templates/replication-source.yaml | 28 - .../lidarr/templates/service-monitor.yaml | 19 - clusters/cl01tl/helm/lidarr/values.yaml | 151 ---- clusters/cl01tl/helm/lidatube/Chart.yaml | 22 - .../lidatube/templates/external-secret.yaml | 21 - .../helm/lidatube/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../lidatube/templates/persistent-volume.yaml | 23 - clusters/cl01tl/helm/lidatube/values.yaml | 66 -- clusters/cl01tl/helm/listenarr/Chart.yaml | 20 - .../helm/listenarr/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../templates/persistent-volume.yaml | 23 - clusters/cl01tl/helm/listenarr/values.yaml | 46 - clusters/cl01tl/helm/omni-tools/Chart.yaml | 20 - .../helm/omni-tools/templates/http-route.yaml | 28 - clusters/cl01tl/helm/omni-tools/values.yaml | 25 - clusters/cl01tl/helm/outline/Chart.yaml | 34 - .../outline/templates/external-secret.yaml | 148 ---- .../templates/object-bucket-claim.yaml | 30 - .../outline/templates/redis-replication.yaml | 32 - .../outline/templates/service-monitor.yaml | 19 - clusters/cl01tl/helm/outline/values.yaml | 203 ----- clusters/cl01tl/helm/overseerr/Chart.yaml | 21 - .../overseerr/templates/external-secret.yaml | 55 -- .../helm/overseerr/templates/http-route.yaml | 28 - .../templates/replication-source.yaml | 25 - clusters/cl01tl/helm/overseerr/values.yaml | 40 - clusters/cl01tl/helm/photoview/Chart.yaml | 26 - .../photoview/templates/external-secrets.yaml | 65 -- .../helm/photoview/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../templates/persistent-volume.yaml | 23 - clusters/cl01tl/helm/photoview/values.yaml | 130 --- clusters/cl01tl/helm/plex/Chart.yaml | 26 - .../helm/plex/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../plex/templates/persistent-volume.yaml | 23 - clusters/cl01tl/helm/plex/values.yaml | 61 -- clusters/cl01tl/helm/postiz/Chart.yaml | 32 - .../postiz/templates/external-secret.yaml | 292 ------- .../helm/postiz/templates/http-route.yaml | 28 - .../postiz/templates/redis-replication.yaml | 35 - .../postiz/templates/replication-source.yaml | 52 -- .../postiz/templates/service-monitor.yaml | 19 - clusters/cl01tl/helm/postiz/values.yaml | 163 ---- clusters/cl01tl/helm/prowlarr/Chart.yaml | 23 - .../prowlarr/templates/external-secret.yaml | 55 -- .../helm/prowlarr/templates/http-route.yaml | 28 - .../templates/replication-source.yaml | 35 - clusters/cl01tl/helm/prowlarr/values.yaml | 51 -- clusters/cl01tl/helm/radarr-4k/Chart.yaml | 33 - .../radarr-4k/templates/external-secret.yaml | 122 --- .../helm/radarr-4k/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../templates/persistent-volume.yaml | 23 - .../radarr-4k/templates/prometheus-rule.yaml | 32 - .../templates/replication-source.yaml | 30 - .../radarr-4k/templates/service-monitor.yaml | 19 - clusters/cl01tl/helm/radarr-4k/values.yaml | 151 ---- clusters/cl01tl/helm/radarr-anime/Chart.yaml | 33 - .../templates/external-secret.yaml | 122 --- .../radarr-anime/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../templates/persistent-volume.yaml | 23 - .../templates/prometheus-rule.yaml | 32 - .../templates/replication-source.yaml | 30 - .../templates/service-monitor.yaml | 19 - clusters/cl01tl/helm/radarr-anime/values.yaml | 145 ---- .../cl01tl/helm/radarr-standup/Chart.yaml | 32 - .../templates/external-secret.yaml | 122 --- .../radarr-standup/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../templates/persistent-volume.yaml | 23 - .../templates/prometheus-rule.yaml | 32 - .../templates/replication-source.yaml | 30 - .../templates/service-monitor.yaml | 19 - .../cl01tl/helm/radarr-standup/values.yaml | 145 ---- clusters/cl01tl/helm/radarr/Chart.yaml | 32 - .../radarr/templates/external-secret.yaml | 122 --- .../helm/radarr/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../radarr/templates/persistent-volume.yaml | 23 - .../radarr/templates/prometheus-rule.yaml | 32 - .../radarr/templates/replication-source.yaml | 30 - .../radarr/templates/service-monitor.yaml | 19 - clusters/cl01tl/helm/radarr/values.yaml | 151 ---- clusters/cl01tl/helm/roundcube/Chart.yaml | 27 - .../roundcube/templates/external-secret.yaml | 145 ---- .../helm/roundcube/templates/http-route.yaml | 28 - .../templates/replication-source.yaml | 25 - clusters/cl01tl/helm/roundcube/values.yaml | 263 ------ clusters/cl01tl/helm/searxng/Chart.yaml | 20 - .../searxng/templates/external-secret.yaml | 85 -- .../helm/searxng/templates/http-route.yaml | 28 - .../searxng/templates/redis-replication.yaml | 32 - .../searxng/templates/replication-source.yaml | 25 - .../searxng/templates/service-monitor.yaml | 19 - clusters/cl01tl/helm/searxng/values.yaml | 113 --- .../cl01tl/helm/site-documentation/Chart.yaml | 28 - .../templates/external-secret.yaml | 21 - .../helm/site-documentation/values.yaml | 30 - clusters/cl01tl/helm/site-profile/Chart.yaml | 28 - .../templates/external-secret.yaml | 21 - clusters/cl01tl/helm/site-profile/values.yaml | 30 - clusters/cl01tl/helm/slskd/Chart.yaml | 25 - .../helm/slskd/templates/external-secret.yaml | 67 -- .../helm/slskd/templates/http-route.yaml | 28 - .../helm/slskd/templates/namespace.yaml | 11 - .../templates/persistent-volume-claim.yaml | 17 - .../slskd/templates/persistent-volume.yaml | 23 - .../helm/slskd/templates/service-monitor.yaml | 19 - clusters/cl01tl/helm/slskd/values.yaml | 153 ---- clusters/cl01tl/helm/sonarr-4k/Chart.yaml | 33 - .../sonarr-4k/templates/external-secret.yaml | 122 --- .../helm/sonarr-4k/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../templates/persistent-volume.yaml | 23 - .../sonarr-4k/templates/prometheus-rule.yaml | 32 - .../templates/replication-source.yaml | 30 - .../sonarr-4k/templates/service-monitor.yaml | 19 - clusters/cl01tl/helm/sonarr-4k/values.yaml | 148 ---- clusters/cl01tl/helm/sonarr-anime/Chart.yaml | 32 - .../templates/external-secret.yaml | 122 --- .../sonarr-anime/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../templates/persistent-volume.yaml | 23 - .../templates/prometheus-rule.yaml | 32 - .../templates/replication-source.yaml | 30 - .../templates/service-monitor.yaml | 19 - clusters/cl01tl/helm/sonarr-anime/values.yaml | 148 ---- clusters/cl01tl/helm/sonarr/Chart.yaml | 32 - .../sonarr/templates/external-secret.yaml | 122 --- .../helm/sonarr/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../sonarr/templates/persistent-volume.yaml | 23 - .../sonarr/templates/prometheus-rule.yaml | 32 - .../sonarr/templates/replication-source.yaml | 30 - .../sonarr/templates/service-monitor.yaml | 19 - clusters/cl01tl/helm/sonarr/values.yaml | 149 ---- clusters/cl01tl/helm/tautulli/Chart.yaml | 21 - .../tautulli/templates/external-secret.yaml | 55 -- .../helm/tautulli/templates/http-route.yaml | 28 - .../templates/replication-source.yaml | 25 - clusters/cl01tl/helm/tautulli/values.yaml | 148 ---- clusters/cl01tl/helm/tdarr/Chart.yaml | 29 - .../helm/tdarr/templates/external-secret.yaml | 112 --- .../helm/tdarr/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 17 - .../tdarr/templates/persistent-volume.yaml | 23 - .../tdarr/templates/replication-source.yaml | 52 -- clusters/cl01tl/helm/tdarr/values.yaml | 156 ---- clusters/cl01tl/helm/tubearchivist/Chart.yaml | 24 - .../templates/elasticsearch.yaml | 42 - .../templates/external-secret.yaml | 88 -- .../tubearchivist/templates/http-route.yaml | 28 - .../tubearchivist/templates/namespace.yaml | 11 - .../templates/persistent-volume-claim.yaml | 17 - .../templates/persistent-volume.yaml | 23 - .../templates/redis-replication.yaml | 32 - .../templates/service-monitor.yaml | 19 - .../cl01tl/helm/tubearchivist/values.yaml | 107 --- clusters/cl01tl/helm/vaultwarden/Chart.yaml | 34 - .../templates/external-secret.yaml | 145 ---- .../templates/replication-source.yaml | 25 - clusters/cl01tl/helm/vaultwarden/values.yaml | 107 --- clusters/cl01tl/helm/yamtrack/Chart.yaml | 28 - .../yamtrack/templates/external-secret.yaml | 111 --- .../helm/yamtrack/templates/http-route.yaml | 28 - .../yamtrack/templates/redis-replication.yaml | 32 - .../yamtrack/templates/service-monitor.yaml | 19 - clusters/cl01tl/helm/yamtrack/values.yaml | 127 --- .../management/argo-workflows/Chart.yaml | 31 - .../templates/external-secret.yaml | 95 --- .../argo-workflows/templates/http-route.yaml | 28 - .../argo-workflows/templates/service.yaml | 14 - .../management/argo-workflows/values.yaml | 147 ---- .../cl01tl/management/headlamp/Chart.yaml | 20 - .../templates/cluster-role-binding.yaml | 20 - .../headlamp/templates/external-secret.yaml | 56 -- .../headlamp/templates/http-route.yaml | 28 - .../headlamp/templates/service-account.yaml | 9 - .../cl01tl/management/headlamp/values.yaml | 31 - clusters/cl01tl/management/komodo/Chart.yaml | 29 - .../komodo/templates/external-secret.yaml | 116 --- .../komodo/templates/http-route.yaml | 28 - .../management/komodo/templates/service.yaml | 14 - clusters/cl01tl/management/komodo/values.yaml | 236 ------ clusters/cl01tl/management/kronic/Chart.yaml | 22 - .../kronic/templates/external-secret.yaml | 21 - .../kronic/templates/http-route.yaml | 28 - clusters/cl01tl/management/kronic/values.yaml | 17 - clusters/cl01tl/monitoring/gatus/Chart.yaml | 28 - .../gatus/templates/external-secret.yaml | 118 --- .../gatus/templates/http-route.yaml | 28 - clusters/cl01tl/monitoring/gatus/values.yaml | 423 ---------- .../monitoring/grafana-operator/Chart.yaml | 27 - .../templates/external-secret.yaml | 125 --- .../templates/grafana-dashboard.yaml | 644 -------------- .../templates/grafana-datasource.yaml | 48 -- .../templates/grafana-folder.yaml | 173 ---- .../grafana-operator/templates/grafana.yaml | 109 --- .../templates/http-route.yaml | 28 - .../templates/redis-replication.yaml | 66 -- .../templates/service-monitor.yaml | 19 - .../monitoring/grafana-operator/values.yaml | 70 -- .../kube-prometheus-stack/Chart.yaml | 29 - .../templates/external-secret.yaml | 88 -- .../templates/http-route.yaml | 58 -- .../templates/namespace.yaml | 11 - .../templates/redis-replication.yaml | 32 - .../templates/scrape-config.yaml | 81 -- .../templates/service-monitor.yaml | 19 - .../templates/service.yaml | 30 - .../kube-prometheus-stack/values.yaml | 147 ---- clusters/cl01tl/monitoring/loki/Chart.yaml | 25 - .../monitoring/loki/templates/namespace.yaml | 11 - clusters/cl01tl/monitoring/loki/values.yaml | 64 -- .../cl01tl/monitoring/s3-exporter/Chart.yaml | 22 - .../templates/external-secret.yaml | 102 --- .../templates/service-monitor.yaml | 86 -- .../cl01tl/monitoring/s3-exporter/values.yaml | 181 ---- .../cl01tl/monitoring/shelly-plug/Chart.yaml | 20 - .../templates/external-secret.yaml | 28 - .../templates/service-monitor.yaml | 19 - .../cl01tl/monitoring/shelly-plug/values.yaml | 74 -- clusters/cl01tl/monitoring/trivy/Chart.yaml | 22 - .../monitoring/trivy/templates/namespace.yaml | 11 - clusters/cl01tl/monitoring/trivy/values.yaml | 105 --- .../cl01tl/monitoring/unpoller/Chart.yaml | 23 - .../unpoller/templates/external-secret.yaml | 28 - .../unpoller/templates/service-monitor.yaml | 19 - .../cl01tl/monitoring/unpoller/values.yaml | 55 -- clusters/cl01tl/platform/authentik/Chart.yaml | 35 - .../authentik/templates/external-secret.yaml | 111 --- .../authentik/templates/http-route.yaml | 28 - .../platform/authentik/templates/ingress.yaml | 29 - .../templates/redis-replication.yaml | 32 - .../authentik/templates/service-monitor.yaml | 19 - .../cl01tl/platform/authentik/values.yaml | 108 --- .../platform/external-secrets/Chart.yaml | 18 - .../templates/cluster-secret-store.yaml | 19 - clusters/cl01tl/platform/gitea/Chart.yaml | 50 -- .../gitea/templates/external-secret.yaml | 318 ------- .../platform/gitea/templates/http-route.yaml | 28 - .../platform/gitea/templates/ingress.yaml | 29 - .../platform/gitea/templates/namespace.yaml | 11 - .../templates/persistent-volume-claim.yaml | 36 - .../gitea/templates/redis-replication.yaml | 66 -- .../gitea/templates/role-binding.yaml | 17 - .../cl01tl/platform/gitea/templates/role.yaml | 25 - .../gitea/templates/service-monitor.yaml | 39 - .../platform/gitea/templates/tcp-route.yaml | 23 - clusters/cl01tl/platform/gitea/values.yaml | 378 --------- .../cl01tl/platform/matrix-synapse/Chart.yaml | 59 -- .../templates/external-secret.yaml | 481 ----------- .../templates/redis-replication.yaml | 69 -- .../templates/replication-source.yaml | 85 -- .../templates/service-monitor.yaml | 61 -- .../platform/matrix-synapse/values.yaml | 355 -------- clusters/cl01tl/platform/n8n/Chart.yaml | 27 - .../n8n/templates/external-secret.yaml | 88 -- .../platform/n8n/templates/http-route.yaml | 47 -- .../n8n/templates/redis-replication.yaml | 32 - .../n8n/templates/service-monitor.yaml | 82 -- clusters/cl01tl/platform/n8n/values.yaml | 371 -------- clusters/cl01tl/platform/ntfy/Chart.yaml | 22 - .../platform/ntfy/templates/http-route.yaml | 28 - .../ntfy/templates/service-monitor.yaml | 19 - clusters/cl01tl/platform/ntfy/values.yaml | 110 --- clusters/cl01tl/platform/ollama/Chart.yaml | 29 - .../ollama/templates/external-secret.yaml | 176 ---- .../platform/ollama/templates/http-route.yaml | 28 - .../ollama/templates/replication-source.yaml | 28 - .../platform/ollama/templates/service.yaml | 30 - clusters/cl01tl/platform/ollama/values.yaml | 296 ------- .../cl01tl/platform/qbittorrent/Chart.yaml | 30 - .../qbittorrent/templates/config-map.yaml | 186 ---- .../templates/external-secret.yaml | 74 -- .../qbittorrent/templates/http-route.yaml | 58 -- .../qbittorrent/templates/namespace.yaml | 11 - .../templates/persistent-volume-claim.yaml | 36 - .../templates/persistent-volume.yaml | 48 -- .../templates/service-monitor.yaml | 64 -- .../cl01tl/platform/qbittorrent/values.yaml | 349 -------- clusters/cl01tl/platform/stalwart/Chart.yaml | 29 - .../stalwart/templates/elasticsearch.yaml | 29 - .../stalwart/templates/external-secret.yaml | 163 ---- .../stalwart/templates/http-route.yaml | 28 - .../stalwart/templates/namespace.yaml | 11 - .../stalwart/templates/redis-replication.yaml | 32 - .../templates/replication-source.yaml | 25 - .../stalwart/templates/service-monitor.yaml | 19 - clusters/cl01tl/platform/stalwart/values.yaml | 112 --- clusters/cl01tl/platform/unpackerr/Chart.yaml | 22 - .../unpackerr/templates/external-secret.yaml | 70 -- .../templates/persistent-volume-claim.yaml | 17 - .../templates/persistent-volume.yaml | 23 - .../cl01tl/platform/unpackerr/values.yaml | 65 -- clusters/cl01tl/platform/vault/Chart.yaml | 33 - .../vault/templates/external-secret.yaml | 353 -------- .../platform/vault/templates/http-route.yaml | 28 - .../platform/vault/templates/ingress.yaml | 29 - .../templates/persistent-volume-claim.yaml | 17 - clusters/cl01tl/platform/vault/values.yaml | 301 ------- clusters/cl01tl/services/blocky/Chart.yaml | 21 - .../blocky/templates/redis-replication.yaml | 32 - .../blocky/templates/service-monitor.yaml | 40 - clusters/cl01tl/services/blocky/values.yaml | 303 ------- .../cl01tl/services/cert-manager/Chart.yaml | 20 - .../templates/cluster-issuer.yaml | 21 - .../templates/external-secret.yaml | 21 - .../cl01tl/services/cert-manager/values.yaml | 15 - .../cl01tl/services/descheduler/Chart.yaml | 20 - .../cl01tl/services/descheduler/values.yaml | 70 -- clusters/cl01tl/services/eraser/Chart.yaml | 20 - clusters/cl01tl/services/eraser/values.yaml | 70 -- .../cl01tl/services/external-dns/Chart.yaml | 22 - .../external-dns/templates/dns-endpoint.yaml | 152 ---- .../templates/external-secret.yaml | 21 - .../cl01tl/services/external-dns/values.yaml | 46 - .../services/generic-device-plugin/Chart.yaml | 20 - .../templates/namespace.yaml | 11 - .../generic-device-plugin/values.yaml | 10 - clusters/cl01tl/services/harbor/Chart.yaml | 27 - .../harbor/templates/external-secret.yaml | 202 ----- .../services/harbor/templates/http-route.yaml | 47 -- .../harbor/templates/redis-replication.yaml | 32 - .../harbor/templates/service-monitor.yaml | 19 - clusters/cl01tl/services/harbor/values.yaml | 152 ---- .../services/intel-device-plugin/Chart.yaml | 25 - .../templates/namespace.yaml | 11 - .../services/intel-device-plugin/values.yaml | 6 - .../kubernetes-cloudflare-ddns/Chart.yaml | 23 - .../templates/external-secret.yaml | 42 - .../kubernetes-cloudflare-ddns/values.yaml | 27 - .../node-feature-discovery/Chart.yaml | 20 - .../templates/namespace.yaml | 11 - .../node-feature-discovery/values.yaml | 76 -- clusters/cl01tl/services/reloader/Chart.yaml | 20 - clusters/cl01tl/services/reloader/values.yaml | 5 - .../services/tailscale-operator/Chart.yaml | 23 - .../templates/connector.yaml | 17 - .../templates/dns-config.yaml | 14 - .../templates/external-secrets.yaml | 28 - .../templates/namespace.yaml | 11 - .../templates/proxy-class.yaml | 48 -- .../services/tailscale-operator/values.yaml | 21 - clusters/cl01tl/services/talos/Chart.yaml | 26 - .../talos/templates/external-secret.yaml | 74 -- .../services/talos/templates/secret.yaml | 11 - .../talos/templates/service-account.yaml | 12 - clusters/cl01tl/services/talos/values.yaml | 293 ------- clusters/cl01tl/services/traefik/Chart.yaml | 26 - .../traefik/templates/certificate.yaml | 17 - .../services/traefik/templates/namespace.yaml | 11 - clusters/cl01tl/services/traefik/values.yaml | 148 ---- clusters/cl01tl/standalone/cilium/Chart.yaml | 21 - .../templates/cilium-bgp-advertisement.yaml | 19 - .../templates/cilium-bgp-cluster-config.yaml | 22 - .../templates/cilium-bgp-peer-config.yaml | 23 - .../cilium-load-balancer-ip-pool.yaml | 31 - .../standalone/cilium/templates/gateway.yaml | 35 - .../cilium/templates/http-route.yaml | 28 - clusters/cl01tl/standalone/cilium/values.yaml | 103 --- clusters/cl01tl/standalone/coredns/Chart.yaml | 21 - .../cl01tl/standalone/coredns/values.yaml | 105 --- .../kubelet-serving-cert-approver/Chart.yaml | 22 - .../templates/cluster-role-binding.yaml | 17 - .../templates/cluster-role.yaml | 57 -- .../templates/namespace.yaml | 11 - .../templates/role-binding.yaml | 17 - .../kubelet-serving-cert-approver/values.yaml | 77 -- .../standalone/metrics-server/Chart.yaml | 20 - .../standalone/metrics-server/values.yaml | 12 - .../prometheus-operator-crds/Chart.yaml | 21 - clusters/cl01tl/storage/backrest/Chart.yaml | 21 - .../backrest/templates/http-route.yaml | 28 - .../templates/persistent-volume-claim.yaml | 36 - .../backrest/templates/persistent-volume.yaml | 48 -- .../storage/backrest/templates/service.yaml | 14 - clusters/cl01tl/storage/backrest/values.yaml | 84 -- .../cl01tl/storage/cloudnative-pg/Chart.yaml | 25 - .../cl01tl/storage/cloudnative-pg/values.yaml | 16 - .../democratic-csi-synology-iscsi/Chart.yaml | 20 - .../templates/external-secret.yaml | 21 - .../templates/namespace.yaml | 11 - .../democratic-csi-synology-iscsi/values.yaml | 37 - .../storage/elastic-operator/Chart.yaml | 21 - .../storage/elastic-operator/values.yaml | 14 - clusters/cl01tl/storage/garage/Chart.yaml | 22 - .../garage/templates/external-secret.yaml | 35 - .../storage/garage/templates/http-route.yaml | 58 -- .../garage/templates/service-monitor.yaml | 22 - clusters/cl01tl/storage/garage/values.yaml | 154 ---- .../storage/local-path-provisioner/Chart.yaml | 21 - .../templates/namespace.yaml | 11 - .../local-path-provisioner/values.yaml | 45 - .../storage/mariadb-operator/Chart.yaml | 24 - .../storage/mariadb-operator/values.yaml | 11 - clusters/cl01tl/storage/nfs/Chart.yaml | 21 - clusters/cl01tl/storage/nfs/values.yaml | 8 - clusters/cl01tl/storage/pgadmin/Chart.yaml | 22 - .../pgadmin/templates/external-secret.yaml | 115 --- .../storage/pgadmin/templates/http-route.yaml | 28 - .../pgadmin/templates/replication-source.yaml | 28 - clusters/cl01tl/storage/pgadmin/values.yaml | 72 -- .../cl01tl/storage/redis-operator/Chart.yaml | 21 - .../cl01tl/storage/redis-operator/values.yaml | 16 - clusters/cl01tl/storage/rook-ceph/Chart.yaml | 29 - .../rook-ceph/templates/external-secret.yaml | 21 - .../rook-ceph/templates/http-route.yaml | 58 -- .../rook-ceph/templates/namespace.yaml | 11 - clusters/cl01tl/storage/rook-ceph/values.yaml | 198 ----- .../storage/snapshot-controller/Chart.yaml | 21 - .../storage/snapshot-controller/values.yaml | 15 - clusters/cl01tl/storage/volsync/Chart.yaml | 22 - clusters/cl01tl/storage/volsync/values.yaml | 15 - clusters/cl01tl/storage/whodb/Chart.yaml | 22 - .../storage/whodb/templates/http-route.yaml | 28 - clusters/cl01tl/storage/whodb/values.yaml | 29 - hosts/pd05wd/ollama/.ts-env | 1 - hosts/pd05wd/ollama/compose.yaml | 61 -- hosts/pd05wd/stable-diffusion/.ts-env | 1 - hosts/pd05wd/stable-diffusion/compose.yaml | 68 -- hosts/pd05wd/stable-diffusion/serve.json | 16 - hosts/ps08rp/blocky/compose.yaml | 33 - hosts/ps08rp/blocky/config.yml | 240 ------ hosts/ps08rp/node-exporter/compose.yaml | 13 - hosts/ps08rp/traefik/compose.yaml | 72 -- hosts/ps09rp/blocky/compose.yaml | 33 - hosts/ps09rp/blocky/config.yml | 240 ------ hosts/ps09rp/node-exporter/compose.yaml | 13 - hosts/ps09rp/traefik/compose.yaml | 72 -- hosts/ps10rp/blocky/compose.yaml | 33 - hosts/ps10rp/blocky/config.yml | 174 ---- hosts/ps10rp/cloudflare-ddns/compose.yaml | 16 - hosts/ps10rp/garage/compose.yaml | 86 -- hosts/ps10rp/garage/garage.toml | 25 - hosts/ps10rp/garage/serve-ui.json | 16 - hosts/ps10rp/garage/serve.json | 46 - hosts/ps10rp/gitea/compose.yaml | 68 -- hosts/ps10rp/gitea/serve.json | 16 - hosts/ps10rp/homepage/compose.yaml | 58 -- .../homepage/homepage_config/bookmarks.yaml | 4 - .../homepage/homepage_config/docker.yaml | 3 - .../homepage/homepage_config/services.yaml | 46 - .../homepage/homepage_config/settings.yaml | 9 - .../homepage/homepage_config/widgets.yaml | 14 - hosts/ps10rp/homepage/serve.json | 16 - hosts/ps10rp/isponsorblocktv/compose.yaml | 10 - hosts/ps10rp/isponsorblocktv/config.json | 19 - hosts/ps10rp/komodo-periphery/.komodo-env | 1 - hosts/ps10rp/komodo-periphery/.ts-env | 1 - hosts/ps10rp/komodo-periphery/compose.yaml | 58 -- hosts/ps10rp/node-exporter/compose.yaml | 33 - hosts/ps10rp/node-exporter/serve.json | 16 - hosts/ps10rp/tailscale-subnet/compose.yaml | 24 - hosts/ps10rp/traefik/compose.yaml | 88 -- hosts/ps10rp/traefik/serve.json | 19 - renovate.json | 99 --- 873 files changed, 49510 deletions(-) delete mode 100644 LICENSE delete mode 100644 README.md delete mode 100644 clusters/cl01tl/applications/actual/Chart.yaml delete mode 100644 clusters/cl01tl/applications/actual/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/actual/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/actual/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/applications/actual/values.yaml delete mode 100644 clusters/cl01tl/applications/audiobookshelf/Chart.yaml delete mode 100644 clusters/cl01tl/applications/audiobookshelf/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/audiobookshelf/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/audiobookshelf/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/applications/audiobookshelf/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/applications/audiobookshelf/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/applications/audiobookshelf/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/applications/audiobookshelf/values.yaml delete mode 100644 clusters/cl01tl/applications/bazarr/Chart.yaml delete mode 100644 clusters/cl01tl/applications/bazarr/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/bazarr/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/bazarr/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/applications/bazarr/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/applications/bazarr/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/applications/bazarr/values.yaml delete mode 100644 clusters/cl01tl/applications/booklore/Chart.yaml delete mode 100644 clusters/cl01tl/applications/booklore/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/booklore/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/booklore/templates/namespace.yaml delete mode 100644 clusters/cl01tl/applications/booklore/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/applications/booklore/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/applications/booklore/templates/replication-destination.yaml delete mode 100644 clusters/cl01tl/applications/booklore/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/applications/booklore/templates/service.yaml delete mode 100644 clusters/cl01tl/applications/booklore/values.yaml delete mode 100644 clusters/cl01tl/applications/code-server/Chart.yaml delete mode 100644 clusters/cl01tl/applications/code-server/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/code-server/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/code-server/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/applications/code-server/values.yaml delete mode 100644 clusters/cl01tl/applications/directus/Chart.yaml delete mode 100644 clusters/cl01tl/applications/directus/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/directus/templates/object-bucket-claim.yaml delete mode 100644 clusters/cl01tl/applications/directus/templates/redis-replication.yaml delete mode 100644 clusters/cl01tl/applications/directus/templates/redis-sentinel.yaml delete mode 100644 clusters/cl01tl/applications/directus/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/applications/directus/values.yaml delete mode 100644 clusters/cl01tl/applications/element-web/Chart.yaml delete mode 100644 clusters/cl01tl/applications/element-web/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/element-web/values.yaml delete mode 100644 clusters/cl01tl/applications/ephemera/Chart.yaml delete mode 100644 clusters/cl01tl/applications/ephemera/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/ephemera/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/ephemera/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/applications/ephemera/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/applications/ephemera/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/applications/ephemera/values.yaml delete mode 100644 clusters/cl01tl/applications/freshrss/Chart.yaml delete mode 100644 clusters/cl01tl/applications/freshrss/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/freshrss/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/applications/freshrss/values.yaml delete mode 100644 clusters/cl01tl/applications/home-assistant/Chart.yaml delete mode 100644 clusters/cl01tl/applications/home-assistant/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/home-assistant/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/home-assistant/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/applications/home-assistant/values.yaml delete mode 100644 clusters/cl01tl/applications/homepage-dev/Chart.yaml delete mode 100644 clusters/cl01tl/applications/homepage-dev/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/homepage-dev/values.yaml delete mode 100644 clusters/cl01tl/applications/homepage/Chart.yaml delete mode 100644 clusters/cl01tl/applications/homepage/templates/cluster-role-binding.yaml delete mode 100644 clusters/cl01tl/applications/homepage/templates/cluster-role.yaml delete mode 100644 clusters/cl01tl/applications/homepage/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/homepage/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/homepage/templates/service.yaml delete mode 100644 clusters/cl01tl/applications/homepage/values.yaml delete mode 100644 clusters/cl01tl/applications/huntarr/Chart.yaml delete mode 100644 clusters/cl01tl/applications/huntarr/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/huntarr/values.yaml delete mode 100644 clusters/cl01tl/applications/immich/Chart.yaml delete mode 100644 clusters/cl01tl/applications/immich/templates/external-secrets.yaml delete mode 100644 clusters/cl01tl/applications/immich/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/immich/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/applications/immich/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/applications/immich/templates/redis-replication.yaml delete mode 100644 clusters/cl01tl/applications/immich/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/applications/immich/values.yaml delete mode 100644 clusters/cl01tl/applications/jellyfin/Chart.yaml delete mode 100644 clusters/cl01tl/applications/jellyfin/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/jellyfin/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/jellyfin/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/applications/jellyfin/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/applications/jellyfin/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/applications/jellyfin/values.yaml delete mode 100644 clusters/cl01tl/applications/jellystat/Chart.yaml delete mode 100644 clusters/cl01tl/applications/jellystat/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/jellystat/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/jellystat/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/applications/jellystat/values.yaml delete mode 100644 clusters/cl01tl/applications/karakeep/Chart.yaml delete mode 100644 clusters/cl01tl/applications/karakeep/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/karakeep/templates/object-bucket-claim.yaml delete mode 100644 clusters/cl01tl/applications/karakeep/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/applications/karakeep/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/applications/karakeep/values.yaml delete mode 100644 clusters/cl01tl/applications/kiwix/Chart.yaml delete mode 100644 clusters/cl01tl/applications/kiwix/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/kiwix/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/applications/kiwix/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/applications/kiwix/values.yaml delete mode 100644 clusters/cl01tl/applications/libation/Chart.yaml delete mode 100644 clusters/cl01tl/applications/libation/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/applications/libation/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/applications/libation/values.yaml delete mode 100644 clusters/cl01tl/applications/lidarr/Chart.yaml delete mode 100644 clusters/cl01tl/applications/lidarr/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/lidarr/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/lidarr/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/applications/lidarr/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/applications/lidarr/templates/prometheus-rule.yaml delete mode 100644 clusters/cl01tl/applications/lidarr/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/applications/lidarr/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/applications/lidarr/values.yaml delete mode 100644 clusters/cl01tl/applications/lidatube/Chart.yaml delete mode 100644 clusters/cl01tl/applications/lidatube/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/lidatube/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/lidatube/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/applications/lidatube/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/applications/lidatube/values.yaml delete mode 100644 clusters/cl01tl/applications/listenarr/Chart.yaml delete mode 100644 clusters/cl01tl/applications/listenarr/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/listenarr/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/applications/listenarr/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/applications/listenarr/values.yaml delete mode 100644 clusters/cl01tl/applications/omni-tools/Chart.yaml delete mode 100644 clusters/cl01tl/applications/omni-tools/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/omni-tools/values.yaml delete mode 100644 clusters/cl01tl/applications/outline/Chart.yaml delete mode 100644 clusters/cl01tl/applications/outline/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/outline/templates/object-bucket-claim.yaml delete mode 100644 clusters/cl01tl/applications/outline/templates/redis-replication.yaml delete mode 100644 clusters/cl01tl/applications/outline/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/applications/outline/values.yaml delete mode 100644 clusters/cl01tl/applications/overseerr/Chart.yaml delete mode 100644 clusters/cl01tl/applications/overseerr/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/overseerr/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/overseerr/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/applications/overseerr/values.yaml delete mode 100644 clusters/cl01tl/applications/photoview/Chart.yaml delete mode 100644 clusters/cl01tl/applications/photoview/templates/external-secrets.yaml delete mode 100644 clusters/cl01tl/applications/photoview/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/photoview/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/applications/photoview/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/applications/photoview/values.yaml delete mode 100644 clusters/cl01tl/applications/plex/Chart.yaml delete mode 100644 clusters/cl01tl/applications/plex/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/plex/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/applications/plex/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/applications/plex/values.yaml delete mode 100644 clusters/cl01tl/applications/postiz/Chart.yaml delete mode 100644 clusters/cl01tl/applications/postiz/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/postiz/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/postiz/templates/redis-replication.yaml delete mode 100644 clusters/cl01tl/applications/postiz/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/applications/postiz/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/applications/postiz/values.yaml delete mode 100644 clusters/cl01tl/applications/prowlarr/Chart.yaml delete mode 100644 clusters/cl01tl/applications/prowlarr/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/prowlarr/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/prowlarr/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/applications/prowlarr/values.yaml delete mode 100644 clusters/cl01tl/applications/radarr-4k/Chart.yaml delete mode 100644 clusters/cl01tl/applications/radarr-4k/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/radarr-4k/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/radarr-4k/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/applications/radarr-4k/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/applications/radarr-4k/templates/prometheus-rule.yaml delete mode 100644 clusters/cl01tl/applications/radarr-4k/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/applications/radarr-4k/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/applications/radarr-4k/values.yaml delete mode 100644 clusters/cl01tl/applications/radarr-anime/Chart.yaml delete mode 100644 clusters/cl01tl/applications/radarr-anime/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/radarr-anime/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/radarr-anime/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/applications/radarr-anime/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/applications/radarr-anime/templates/prometheus-rule.yaml delete mode 100644 clusters/cl01tl/applications/radarr-anime/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/applications/radarr-anime/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/applications/radarr-anime/values.yaml delete mode 100644 clusters/cl01tl/applications/radarr-standup/Chart.yaml delete mode 100644 clusters/cl01tl/applications/radarr-standup/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/radarr-standup/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/radarr-standup/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/applications/radarr-standup/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/applications/radarr-standup/templates/prometheus-rule.yaml delete mode 100644 clusters/cl01tl/applications/radarr-standup/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/applications/radarr-standup/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/applications/radarr-standup/values.yaml delete mode 100644 clusters/cl01tl/applications/radarr/Chart.yaml delete mode 100644 clusters/cl01tl/applications/radarr/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/radarr/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/radarr/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/applications/radarr/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/applications/radarr/templates/prometheus-rule.yaml delete mode 100644 clusters/cl01tl/applications/radarr/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/applications/radarr/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/applications/radarr/values.yaml delete mode 100644 clusters/cl01tl/applications/roundcube/Chart.yaml delete mode 100644 clusters/cl01tl/applications/roundcube/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/roundcube/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/roundcube/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/applications/roundcube/values.yaml delete mode 100644 clusters/cl01tl/applications/searxng/Chart.yaml delete mode 100644 clusters/cl01tl/applications/searxng/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/searxng/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/searxng/templates/redis-replication.yaml delete mode 100644 clusters/cl01tl/applications/searxng/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/applications/searxng/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/applications/searxng/values.yaml delete mode 100644 clusters/cl01tl/applications/site-documentation/Chart.yaml delete mode 100644 clusters/cl01tl/applications/site-documentation/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/site-documentation/values.yaml delete mode 100644 clusters/cl01tl/applications/site-profile/Chart.yaml delete mode 100644 clusters/cl01tl/applications/site-profile/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/site-profile/values.yaml delete mode 100644 clusters/cl01tl/applications/slskd/Chart.yaml delete mode 100644 clusters/cl01tl/applications/slskd/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/slskd/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/slskd/templates/namespace.yaml delete mode 100644 clusters/cl01tl/applications/slskd/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/applications/slskd/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/applications/slskd/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/applications/slskd/values.yaml delete mode 100644 clusters/cl01tl/applications/sonarr-4k/Chart.yaml delete mode 100644 clusters/cl01tl/applications/sonarr-4k/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/sonarr-4k/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/sonarr-4k/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/applications/sonarr-4k/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/applications/sonarr-4k/templates/prometheus-rule.yaml delete mode 100644 clusters/cl01tl/applications/sonarr-4k/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/applications/sonarr-4k/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/applications/sonarr-4k/values.yaml delete mode 100644 clusters/cl01tl/applications/sonarr-anime/Chart.yaml delete mode 100644 clusters/cl01tl/applications/sonarr-anime/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/sonarr-anime/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/sonarr-anime/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/applications/sonarr-anime/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/applications/sonarr-anime/templates/prometheus-rule.yaml delete mode 100644 clusters/cl01tl/applications/sonarr-anime/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/applications/sonarr-anime/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/applications/sonarr-anime/values.yaml delete mode 100644 clusters/cl01tl/applications/sonarr/Chart.yaml delete mode 100644 clusters/cl01tl/applications/sonarr/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/sonarr/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/sonarr/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/applications/sonarr/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/applications/sonarr/templates/prometheus-rule.yaml delete mode 100644 clusters/cl01tl/applications/sonarr/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/applications/sonarr/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/applications/sonarr/values.yaml delete mode 100644 clusters/cl01tl/applications/tautulli/Chart.yaml delete mode 100644 clusters/cl01tl/applications/tautulli/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/tautulli/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/tautulli/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/applications/tautulli/values.yaml delete mode 100644 clusters/cl01tl/applications/tdarr/Chart.yaml delete mode 100644 clusters/cl01tl/applications/tdarr/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/tdarr/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/tdarr/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/applications/tdarr/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/applications/tdarr/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/applications/tdarr/values.yaml delete mode 100644 clusters/cl01tl/applications/tubearchivist/Chart.yaml delete mode 100644 clusters/cl01tl/applications/tubearchivist/templates/elasticsearch.yaml delete mode 100644 clusters/cl01tl/applications/tubearchivist/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/tubearchivist/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/tubearchivist/templates/namespace.yaml delete mode 100644 clusters/cl01tl/applications/tubearchivist/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/applications/tubearchivist/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/applications/tubearchivist/templates/redis-replication.yaml delete mode 100644 clusters/cl01tl/applications/tubearchivist/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/applications/tubearchivist/values.yaml delete mode 100644 clusters/cl01tl/applications/vaultwarden/Chart.yaml delete mode 100644 clusters/cl01tl/applications/vaultwarden/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/vaultwarden/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/applications/vaultwarden/values.yaml delete mode 100644 clusters/cl01tl/applications/yamtrack/Chart.yaml delete mode 100644 clusters/cl01tl/applications/yamtrack/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/applications/yamtrack/templates/http-route.yaml delete mode 100644 clusters/cl01tl/applications/yamtrack/templates/redis-replication.yaml delete mode 100644 clusters/cl01tl/applications/yamtrack/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/applications/yamtrack/values.yaml delete mode 100644 clusters/cl01tl/deployment/argocd/Chart.yaml delete mode 100644 clusters/cl01tl/deployment/argocd/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/deployment/argocd/templates/http-route.yaml delete mode 100644 clusters/cl01tl/deployment/argocd/values.yaml delete mode 100644 clusters/cl01tl/deployment/stack/Chart.yaml delete mode 100644 clusters/cl01tl/deployment/stack/templates/application-set.yaml delete mode 100644 clusters/cl01tl/deployment/stack/templates/application.yaml delete mode 100644 clusters/cl01tl/deployment/stack/values.yaml delete mode 100644 clusters/cl01tl/helm/actual/Chart.yaml delete mode 100644 clusters/cl01tl/helm/actual/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/actual/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/actual/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/helm/actual/values.yaml delete mode 100644 clusters/cl01tl/helm/audiobookshelf/Chart.yaml delete mode 100644 clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/audiobookshelf/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/helm/audiobookshelf/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/helm/audiobookshelf/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/helm/audiobookshelf/values.yaml delete mode 100644 clusters/cl01tl/helm/bazarr/Chart.yaml delete mode 100644 clusters/cl01tl/helm/bazarr/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/bazarr/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/bazarr/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/helm/bazarr/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/helm/bazarr/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/helm/bazarr/values.yaml delete mode 100644 clusters/cl01tl/helm/booklore/Chart.yaml delete mode 100644 clusters/cl01tl/helm/booklore/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/booklore/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/booklore/templates/namespace.yaml delete mode 100644 clusters/cl01tl/helm/booklore/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/helm/booklore/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/helm/booklore/templates/replication-destination.yaml delete mode 100644 clusters/cl01tl/helm/booklore/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/helm/booklore/templates/service.yaml delete mode 100644 clusters/cl01tl/helm/booklore/values.yaml delete mode 100644 clusters/cl01tl/helm/code-server/Chart.yaml delete mode 100644 clusters/cl01tl/helm/code-server/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/code-server/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/code-server/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/helm/code-server/values.yaml delete mode 100644 clusters/cl01tl/helm/directus/Chart.yaml delete mode 100644 clusters/cl01tl/helm/directus/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/directus/templates/object-bucket-claim.yaml delete mode 100644 clusters/cl01tl/helm/directus/templates/redis-replication.yaml delete mode 100644 clusters/cl01tl/helm/directus/templates/redis-sentinel.yaml delete mode 100644 clusters/cl01tl/helm/directus/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/helm/directus/values.yaml delete mode 100644 clusters/cl01tl/helm/element-web/Chart.yaml delete mode 100644 clusters/cl01tl/helm/element-web/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/element-web/values.yaml delete mode 100644 clusters/cl01tl/helm/ephemera/Chart.yaml delete mode 100644 clusters/cl01tl/helm/ephemera/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/ephemera/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/ephemera/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/helm/ephemera/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/helm/ephemera/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/helm/ephemera/values.yaml delete mode 100644 clusters/cl01tl/helm/freshrss/Chart.yaml delete mode 100644 clusters/cl01tl/helm/freshrss/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/freshrss/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/helm/freshrss/values.yaml delete mode 100644 clusters/cl01tl/helm/home-assistant/Chart.yaml delete mode 100644 clusters/cl01tl/helm/home-assistant/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/home-assistant/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/home-assistant/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/helm/home-assistant/values.yaml delete mode 100644 clusters/cl01tl/helm/homepage-dev/Chart.yaml delete mode 100644 clusters/cl01tl/helm/homepage-dev/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/homepage-dev/values.yaml delete mode 100644 clusters/cl01tl/helm/homepage/Chart.yaml delete mode 100644 clusters/cl01tl/helm/homepage/templates/cluster-role-binding.yaml delete mode 100644 clusters/cl01tl/helm/homepage/templates/cluster-role.yaml delete mode 100644 clusters/cl01tl/helm/homepage/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/homepage/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/homepage/templates/service.yaml delete mode 100644 clusters/cl01tl/helm/homepage/values.yaml delete mode 100644 clusters/cl01tl/helm/huntarr/Chart.yaml delete mode 100644 clusters/cl01tl/helm/huntarr/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/huntarr/values.yaml delete mode 100644 clusters/cl01tl/helm/immich/Chart.yaml delete mode 100644 clusters/cl01tl/helm/immich/templates/external-secrets.yaml delete mode 100644 clusters/cl01tl/helm/immich/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/immich/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/helm/immich/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/helm/immich/templates/redis-replication.yaml delete mode 100644 clusters/cl01tl/helm/immich/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/helm/immich/values.yaml delete mode 100644 clusters/cl01tl/helm/jellyfin/Chart.yaml delete mode 100644 clusters/cl01tl/helm/jellyfin/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/jellyfin/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/jellyfin/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/helm/jellyfin/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/helm/jellyfin/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/helm/jellyfin/values.yaml delete mode 100644 clusters/cl01tl/helm/jellystat/Chart.yaml delete mode 100644 clusters/cl01tl/helm/jellystat/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/jellystat/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/jellystat/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/helm/jellystat/values.yaml delete mode 100644 clusters/cl01tl/helm/karakeep/Chart.yaml delete mode 100644 clusters/cl01tl/helm/karakeep/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/karakeep/templates/object-bucket-claim.yaml delete mode 100644 clusters/cl01tl/helm/karakeep/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/helm/karakeep/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/helm/karakeep/values.yaml delete mode 100644 clusters/cl01tl/helm/kiwix/Chart.yaml delete mode 100644 clusters/cl01tl/helm/kiwix/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/kiwix/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/helm/kiwix/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/helm/kiwix/values.yaml delete mode 100644 clusters/cl01tl/helm/libation/Chart.yaml delete mode 100644 clusters/cl01tl/helm/libation/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/helm/libation/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/helm/libation/values.yaml delete mode 100644 clusters/cl01tl/helm/lidarr/Chart.yaml delete mode 100644 clusters/cl01tl/helm/lidarr/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/lidarr/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/lidarr/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/helm/lidarr/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/helm/lidarr/templates/prometheus-rule.yaml delete mode 100644 clusters/cl01tl/helm/lidarr/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/helm/lidarr/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/helm/lidarr/values.yaml delete mode 100644 clusters/cl01tl/helm/lidatube/Chart.yaml delete mode 100644 clusters/cl01tl/helm/lidatube/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/lidatube/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/lidatube/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/helm/lidatube/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/helm/lidatube/values.yaml delete mode 100644 clusters/cl01tl/helm/listenarr/Chart.yaml delete mode 100644 clusters/cl01tl/helm/listenarr/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/listenarr/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/helm/listenarr/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/helm/listenarr/values.yaml delete mode 100644 clusters/cl01tl/helm/omni-tools/Chart.yaml delete mode 100644 clusters/cl01tl/helm/omni-tools/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/omni-tools/values.yaml delete mode 100644 clusters/cl01tl/helm/outline/Chart.yaml delete mode 100644 clusters/cl01tl/helm/outline/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/outline/templates/object-bucket-claim.yaml delete mode 100644 clusters/cl01tl/helm/outline/templates/redis-replication.yaml delete mode 100644 clusters/cl01tl/helm/outline/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/helm/outline/values.yaml delete mode 100644 clusters/cl01tl/helm/overseerr/Chart.yaml delete mode 100644 clusters/cl01tl/helm/overseerr/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/overseerr/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/overseerr/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/helm/overseerr/values.yaml delete mode 100644 clusters/cl01tl/helm/photoview/Chart.yaml delete mode 100644 clusters/cl01tl/helm/photoview/templates/external-secrets.yaml delete mode 100644 clusters/cl01tl/helm/photoview/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/photoview/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/helm/photoview/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/helm/photoview/values.yaml delete mode 100644 clusters/cl01tl/helm/plex/Chart.yaml delete mode 100644 clusters/cl01tl/helm/plex/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/plex/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/helm/plex/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/helm/plex/values.yaml delete mode 100644 clusters/cl01tl/helm/postiz/Chart.yaml delete mode 100644 clusters/cl01tl/helm/postiz/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/postiz/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/postiz/templates/redis-replication.yaml delete mode 100644 clusters/cl01tl/helm/postiz/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/helm/postiz/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/helm/postiz/values.yaml delete mode 100644 clusters/cl01tl/helm/prowlarr/Chart.yaml delete mode 100644 clusters/cl01tl/helm/prowlarr/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/prowlarr/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/prowlarr/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/helm/prowlarr/values.yaml delete mode 100644 clusters/cl01tl/helm/radarr-4k/Chart.yaml delete mode 100644 clusters/cl01tl/helm/radarr-4k/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/radarr-4k/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/radarr-4k/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/helm/radarr-4k/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/helm/radarr-4k/templates/prometheus-rule.yaml delete mode 100644 clusters/cl01tl/helm/radarr-4k/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/helm/radarr-4k/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/helm/radarr-4k/values.yaml delete mode 100644 clusters/cl01tl/helm/radarr-anime/Chart.yaml delete mode 100644 clusters/cl01tl/helm/radarr-anime/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/radarr-anime/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/radarr-anime/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/helm/radarr-anime/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/helm/radarr-anime/templates/prometheus-rule.yaml delete mode 100644 clusters/cl01tl/helm/radarr-anime/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/helm/radarr-anime/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/helm/radarr-anime/values.yaml delete mode 100644 clusters/cl01tl/helm/radarr-standup/Chart.yaml delete mode 100644 clusters/cl01tl/helm/radarr-standup/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/radarr-standup/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/radarr-standup/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/helm/radarr-standup/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/helm/radarr-standup/templates/prometheus-rule.yaml delete mode 100644 clusters/cl01tl/helm/radarr-standup/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/helm/radarr-standup/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/helm/radarr-standup/values.yaml delete mode 100644 clusters/cl01tl/helm/radarr/Chart.yaml delete mode 100644 clusters/cl01tl/helm/radarr/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/radarr/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/radarr/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/helm/radarr/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/helm/radarr/templates/prometheus-rule.yaml delete mode 100644 clusters/cl01tl/helm/radarr/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/helm/radarr/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/helm/radarr/values.yaml delete mode 100644 clusters/cl01tl/helm/roundcube/Chart.yaml delete mode 100644 clusters/cl01tl/helm/roundcube/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/roundcube/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/roundcube/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/helm/roundcube/values.yaml delete mode 100644 clusters/cl01tl/helm/searxng/Chart.yaml delete mode 100644 clusters/cl01tl/helm/searxng/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/searxng/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/searxng/templates/redis-replication.yaml delete mode 100644 clusters/cl01tl/helm/searxng/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/helm/searxng/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/helm/searxng/values.yaml delete mode 100644 clusters/cl01tl/helm/site-documentation/Chart.yaml delete mode 100644 clusters/cl01tl/helm/site-documentation/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/site-documentation/values.yaml delete mode 100644 clusters/cl01tl/helm/site-profile/Chart.yaml delete mode 100644 clusters/cl01tl/helm/site-profile/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/site-profile/values.yaml delete mode 100644 clusters/cl01tl/helm/slskd/Chart.yaml delete mode 100644 clusters/cl01tl/helm/slskd/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/slskd/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/slskd/templates/namespace.yaml delete mode 100644 clusters/cl01tl/helm/slskd/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/helm/slskd/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/helm/slskd/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/helm/slskd/values.yaml delete mode 100644 clusters/cl01tl/helm/sonarr-4k/Chart.yaml delete mode 100644 clusters/cl01tl/helm/sonarr-4k/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/sonarr-4k/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/sonarr-4k/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/helm/sonarr-4k/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/helm/sonarr-4k/templates/prometheus-rule.yaml delete mode 100644 clusters/cl01tl/helm/sonarr-4k/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/helm/sonarr-4k/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/helm/sonarr-4k/values.yaml delete mode 100644 clusters/cl01tl/helm/sonarr-anime/Chart.yaml delete mode 100644 clusters/cl01tl/helm/sonarr-anime/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/sonarr-anime/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/sonarr-anime/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/helm/sonarr-anime/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/helm/sonarr-anime/templates/prometheus-rule.yaml delete mode 100644 clusters/cl01tl/helm/sonarr-anime/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/helm/sonarr-anime/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/helm/sonarr-anime/values.yaml delete mode 100644 clusters/cl01tl/helm/sonarr/Chart.yaml delete mode 100644 clusters/cl01tl/helm/sonarr/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/sonarr/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/sonarr/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/helm/sonarr/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/helm/sonarr/templates/prometheus-rule.yaml delete mode 100644 clusters/cl01tl/helm/sonarr/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/helm/sonarr/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/helm/sonarr/values.yaml delete mode 100644 clusters/cl01tl/helm/tautulli/Chart.yaml delete mode 100644 clusters/cl01tl/helm/tautulli/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/tautulli/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/tautulli/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/helm/tautulli/values.yaml delete mode 100644 clusters/cl01tl/helm/tdarr/Chart.yaml delete mode 100644 clusters/cl01tl/helm/tdarr/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/tdarr/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/tdarr/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/helm/tdarr/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/helm/tdarr/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/helm/tdarr/values.yaml delete mode 100644 clusters/cl01tl/helm/tubearchivist/Chart.yaml delete mode 100644 clusters/cl01tl/helm/tubearchivist/templates/elasticsearch.yaml delete mode 100644 clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/tubearchivist/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/tubearchivist/templates/namespace.yaml delete mode 100644 clusters/cl01tl/helm/tubearchivist/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/helm/tubearchivist/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/helm/tubearchivist/templates/redis-replication.yaml delete mode 100644 clusters/cl01tl/helm/tubearchivist/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/helm/tubearchivist/values.yaml delete mode 100644 clusters/cl01tl/helm/vaultwarden/Chart.yaml delete mode 100644 clusters/cl01tl/helm/vaultwarden/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/vaultwarden/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/helm/vaultwarden/values.yaml delete mode 100644 clusters/cl01tl/helm/yamtrack/Chart.yaml delete mode 100644 clusters/cl01tl/helm/yamtrack/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/helm/yamtrack/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/yamtrack/templates/redis-replication.yaml delete mode 100644 clusters/cl01tl/helm/yamtrack/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/helm/yamtrack/values.yaml delete mode 100644 clusters/cl01tl/management/argo-workflows/Chart.yaml delete mode 100644 clusters/cl01tl/management/argo-workflows/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/management/argo-workflows/templates/http-route.yaml delete mode 100644 clusters/cl01tl/management/argo-workflows/templates/service.yaml delete mode 100644 clusters/cl01tl/management/argo-workflows/values.yaml delete mode 100644 clusters/cl01tl/management/headlamp/Chart.yaml delete mode 100644 clusters/cl01tl/management/headlamp/templates/cluster-role-binding.yaml delete mode 100644 clusters/cl01tl/management/headlamp/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/management/headlamp/templates/http-route.yaml delete mode 100644 clusters/cl01tl/management/headlamp/templates/service-account.yaml delete mode 100644 clusters/cl01tl/management/headlamp/values.yaml delete mode 100644 clusters/cl01tl/management/komodo/Chart.yaml delete mode 100644 clusters/cl01tl/management/komodo/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/management/komodo/templates/http-route.yaml delete mode 100644 clusters/cl01tl/management/komodo/templates/service.yaml delete mode 100644 clusters/cl01tl/management/komodo/values.yaml delete mode 100644 clusters/cl01tl/management/kronic/Chart.yaml delete mode 100644 clusters/cl01tl/management/kronic/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/management/kronic/templates/http-route.yaml delete mode 100644 clusters/cl01tl/management/kronic/values.yaml delete mode 100644 clusters/cl01tl/monitoring/gatus/Chart.yaml delete mode 100644 clusters/cl01tl/monitoring/gatus/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/monitoring/gatus/templates/http-route.yaml delete mode 100644 clusters/cl01tl/monitoring/gatus/values.yaml delete mode 100644 clusters/cl01tl/monitoring/grafana-operator/Chart.yaml delete mode 100644 clusters/cl01tl/monitoring/grafana-operator/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/monitoring/grafana-operator/templates/grafana-dashboard.yaml delete mode 100644 clusters/cl01tl/monitoring/grafana-operator/templates/grafana-datasource.yaml delete mode 100644 clusters/cl01tl/monitoring/grafana-operator/templates/grafana-folder.yaml delete mode 100644 clusters/cl01tl/monitoring/grafana-operator/templates/grafana.yaml delete mode 100644 clusters/cl01tl/monitoring/grafana-operator/templates/http-route.yaml delete mode 100644 clusters/cl01tl/monitoring/grafana-operator/templates/redis-replication.yaml delete mode 100644 clusters/cl01tl/monitoring/grafana-operator/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/monitoring/grafana-operator/values.yaml delete mode 100644 clusters/cl01tl/monitoring/kube-prometheus-stack/Chart.yaml delete mode 100644 clusters/cl01tl/monitoring/kube-prometheus-stack/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/monitoring/kube-prometheus-stack/templates/http-route.yaml delete mode 100644 clusters/cl01tl/monitoring/kube-prometheus-stack/templates/namespace.yaml delete mode 100644 clusters/cl01tl/monitoring/kube-prometheus-stack/templates/redis-replication.yaml delete mode 100644 clusters/cl01tl/monitoring/kube-prometheus-stack/templates/scrape-config.yaml delete mode 100644 clusters/cl01tl/monitoring/kube-prometheus-stack/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/monitoring/kube-prometheus-stack/templates/service.yaml delete mode 100644 clusters/cl01tl/monitoring/kube-prometheus-stack/values.yaml delete mode 100644 clusters/cl01tl/monitoring/loki/Chart.yaml delete mode 100644 clusters/cl01tl/monitoring/loki/templates/namespace.yaml delete mode 100644 clusters/cl01tl/monitoring/loki/values.yaml delete mode 100644 clusters/cl01tl/monitoring/s3-exporter/Chart.yaml delete mode 100644 clusters/cl01tl/monitoring/s3-exporter/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/monitoring/s3-exporter/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/monitoring/s3-exporter/values.yaml delete mode 100644 clusters/cl01tl/monitoring/shelly-plug/Chart.yaml delete mode 100644 clusters/cl01tl/monitoring/shelly-plug/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/monitoring/shelly-plug/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/monitoring/shelly-plug/values.yaml delete mode 100644 clusters/cl01tl/monitoring/trivy/Chart.yaml delete mode 100644 clusters/cl01tl/monitoring/trivy/templates/namespace.yaml delete mode 100644 clusters/cl01tl/monitoring/trivy/values.yaml delete mode 100644 clusters/cl01tl/monitoring/unpoller/Chart.yaml delete mode 100644 clusters/cl01tl/monitoring/unpoller/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/monitoring/unpoller/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/monitoring/unpoller/values.yaml delete mode 100644 clusters/cl01tl/platform/authentik/Chart.yaml delete mode 100644 clusters/cl01tl/platform/authentik/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/platform/authentik/templates/http-route.yaml delete mode 100644 clusters/cl01tl/platform/authentik/templates/ingress.yaml delete mode 100644 clusters/cl01tl/platform/authentik/templates/redis-replication.yaml delete mode 100644 clusters/cl01tl/platform/authentik/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/platform/authentik/values.yaml delete mode 100644 clusters/cl01tl/platform/external-secrets/Chart.yaml delete mode 100644 clusters/cl01tl/platform/external-secrets/templates/cluster-secret-store.yaml delete mode 100644 clusters/cl01tl/platform/gitea/Chart.yaml delete mode 100644 clusters/cl01tl/platform/gitea/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/platform/gitea/templates/http-route.yaml delete mode 100644 clusters/cl01tl/platform/gitea/templates/ingress.yaml delete mode 100644 clusters/cl01tl/platform/gitea/templates/namespace.yaml delete mode 100644 clusters/cl01tl/platform/gitea/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/platform/gitea/templates/redis-replication.yaml delete mode 100644 clusters/cl01tl/platform/gitea/templates/role-binding.yaml delete mode 100644 clusters/cl01tl/platform/gitea/templates/role.yaml delete mode 100644 clusters/cl01tl/platform/gitea/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/platform/gitea/templates/tcp-route.yaml delete mode 100644 clusters/cl01tl/platform/gitea/values.yaml delete mode 100644 clusters/cl01tl/platform/matrix-synapse/Chart.yaml delete mode 100644 clusters/cl01tl/platform/matrix-synapse/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/platform/matrix-synapse/templates/redis-replication.yaml delete mode 100644 clusters/cl01tl/platform/matrix-synapse/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/platform/matrix-synapse/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/platform/matrix-synapse/values.yaml delete mode 100644 clusters/cl01tl/platform/n8n/Chart.yaml delete mode 100644 clusters/cl01tl/platform/n8n/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/platform/n8n/templates/http-route.yaml delete mode 100644 clusters/cl01tl/platform/n8n/templates/redis-replication.yaml delete mode 100644 clusters/cl01tl/platform/n8n/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/platform/n8n/values.yaml delete mode 100644 clusters/cl01tl/platform/ntfy/Chart.yaml delete mode 100644 clusters/cl01tl/platform/ntfy/templates/http-route.yaml delete mode 100644 clusters/cl01tl/platform/ntfy/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/platform/ntfy/values.yaml delete mode 100644 clusters/cl01tl/platform/ollama/Chart.yaml delete mode 100644 clusters/cl01tl/platform/ollama/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/platform/ollama/templates/http-route.yaml delete mode 100644 clusters/cl01tl/platform/ollama/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/platform/ollama/templates/service.yaml delete mode 100644 clusters/cl01tl/platform/ollama/values.yaml delete mode 100644 clusters/cl01tl/platform/qbittorrent/Chart.yaml delete mode 100644 clusters/cl01tl/platform/qbittorrent/templates/config-map.yaml delete mode 100644 clusters/cl01tl/platform/qbittorrent/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/platform/qbittorrent/templates/http-route.yaml delete mode 100644 clusters/cl01tl/platform/qbittorrent/templates/namespace.yaml delete mode 100644 clusters/cl01tl/platform/qbittorrent/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/platform/qbittorrent/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/platform/qbittorrent/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/platform/qbittorrent/values.yaml delete mode 100644 clusters/cl01tl/platform/stalwart/Chart.yaml delete mode 100644 clusters/cl01tl/platform/stalwart/templates/elasticsearch.yaml delete mode 100644 clusters/cl01tl/platform/stalwart/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/platform/stalwart/templates/http-route.yaml delete mode 100644 clusters/cl01tl/platform/stalwart/templates/namespace.yaml delete mode 100644 clusters/cl01tl/platform/stalwart/templates/redis-replication.yaml delete mode 100644 clusters/cl01tl/platform/stalwart/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/platform/stalwart/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/platform/stalwart/values.yaml delete mode 100644 clusters/cl01tl/platform/unpackerr/Chart.yaml delete mode 100644 clusters/cl01tl/platform/unpackerr/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/platform/unpackerr/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/platform/unpackerr/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/platform/unpackerr/values.yaml delete mode 100644 clusters/cl01tl/platform/vault/Chart.yaml delete mode 100644 clusters/cl01tl/platform/vault/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/platform/vault/templates/http-route.yaml delete mode 100644 clusters/cl01tl/platform/vault/templates/ingress.yaml delete mode 100644 clusters/cl01tl/platform/vault/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/platform/vault/values.yaml delete mode 100644 clusters/cl01tl/services/blocky/Chart.yaml delete mode 100644 clusters/cl01tl/services/blocky/templates/redis-replication.yaml delete mode 100644 clusters/cl01tl/services/blocky/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/services/blocky/values.yaml delete mode 100644 clusters/cl01tl/services/cert-manager/Chart.yaml delete mode 100644 clusters/cl01tl/services/cert-manager/templates/cluster-issuer.yaml delete mode 100644 clusters/cl01tl/services/cert-manager/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/services/cert-manager/values.yaml delete mode 100644 clusters/cl01tl/services/descheduler/Chart.yaml delete mode 100644 clusters/cl01tl/services/descheduler/values.yaml delete mode 100644 clusters/cl01tl/services/eraser/Chart.yaml delete mode 100644 clusters/cl01tl/services/eraser/values.yaml delete mode 100644 clusters/cl01tl/services/external-dns/Chart.yaml delete mode 100644 clusters/cl01tl/services/external-dns/templates/dns-endpoint.yaml delete mode 100644 clusters/cl01tl/services/external-dns/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/services/external-dns/values.yaml delete mode 100644 clusters/cl01tl/services/generic-device-plugin/Chart.yaml delete mode 100644 clusters/cl01tl/services/generic-device-plugin/templates/namespace.yaml delete mode 100644 clusters/cl01tl/services/generic-device-plugin/values.yaml delete mode 100644 clusters/cl01tl/services/harbor/Chart.yaml delete mode 100644 clusters/cl01tl/services/harbor/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/services/harbor/templates/http-route.yaml delete mode 100644 clusters/cl01tl/services/harbor/templates/redis-replication.yaml delete mode 100644 clusters/cl01tl/services/harbor/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/services/harbor/values.yaml delete mode 100644 clusters/cl01tl/services/intel-device-plugin/Chart.yaml delete mode 100644 clusters/cl01tl/services/intel-device-plugin/templates/namespace.yaml delete mode 100644 clusters/cl01tl/services/intel-device-plugin/values.yaml delete mode 100644 clusters/cl01tl/services/kubernetes-cloudflare-ddns/Chart.yaml delete mode 100644 clusters/cl01tl/services/kubernetes-cloudflare-ddns/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/services/kubernetes-cloudflare-ddns/values.yaml delete mode 100644 clusters/cl01tl/services/node-feature-discovery/Chart.yaml delete mode 100644 clusters/cl01tl/services/node-feature-discovery/templates/namespace.yaml delete mode 100644 clusters/cl01tl/services/node-feature-discovery/values.yaml delete mode 100644 clusters/cl01tl/services/reloader/Chart.yaml delete mode 100644 clusters/cl01tl/services/reloader/values.yaml delete mode 100644 clusters/cl01tl/services/tailscale-operator/Chart.yaml delete mode 100644 clusters/cl01tl/services/tailscale-operator/templates/connector.yaml delete mode 100644 clusters/cl01tl/services/tailscale-operator/templates/dns-config.yaml delete mode 100644 clusters/cl01tl/services/tailscale-operator/templates/external-secrets.yaml delete mode 100644 clusters/cl01tl/services/tailscale-operator/templates/namespace.yaml delete mode 100644 clusters/cl01tl/services/tailscale-operator/templates/proxy-class.yaml delete mode 100644 clusters/cl01tl/services/tailscale-operator/values.yaml delete mode 100644 clusters/cl01tl/services/talos/Chart.yaml delete mode 100644 clusters/cl01tl/services/talos/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/services/talos/templates/secret.yaml delete mode 100644 clusters/cl01tl/services/talos/templates/service-account.yaml delete mode 100644 clusters/cl01tl/services/talos/values.yaml delete mode 100644 clusters/cl01tl/services/traefik/Chart.yaml delete mode 100644 clusters/cl01tl/services/traefik/templates/certificate.yaml delete mode 100644 clusters/cl01tl/services/traefik/templates/namespace.yaml delete mode 100644 clusters/cl01tl/services/traefik/values.yaml delete mode 100644 clusters/cl01tl/standalone/cilium/Chart.yaml delete mode 100644 clusters/cl01tl/standalone/cilium/templates/cilium-bgp-advertisement.yaml delete mode 100644 clusters/cl01tl/standalone/cilium/templates/cilium-bgp-cluster-config.yaml delete mode 100644 clusters/cl01tl/standalone/cilium/templates/cilium-bgp-peer-config.yaml delete mode 100644 clusters/cl01tl/standalone/cilium/templates/cilium-load-balancer-ip-pool.yaml delete mode 100644 clusters/cl01tl/standalone/cilium/templates/gateway.yaml delete mode 100644 clusters/cl01tl/standalone/cilium/templates/http-route.yaml delete mode 100644 clusters/cl01tl/standalone/cilium/values.yaml delete mode 100644 clusters/cl01tl/standalone/coredns/Chart.yaml delete mode 100644 clusters/cl01tl/standalone/coredns/values.yaml delete mode 100644 clusters/cl01tl/standalone/kubelet-serving-cert-approver/Chart.yaml delete mode 100644 clusters/cl01tl/standalone/kubelet-serving-cert-approver/templates/cluster-role-binding.yaml delete mode 100644 clusters/cl01tl/standalone/kubelet-serving-cert-approver/templates/cluster-role.yaml delete mode 100644 clusters/cl01tl/standalone/kubelet-serving-cert-approver/templates/namespace.yaml delete mode 100644 clusters/cl01tl/standalone/kubelet-serving-cert-approver/templates/role-binding.yaml delete mode 100644 clusters/cl01tl/standalone/kubelet-serving-cert-approver/values.yaml delete mode 100644 clusters/cl01tl/standalone/metrics-server/Chart.yaml delete mode 100644 clusters/cl01tl/standalone/metrics-server/values.yaml delete mode 100644 clusters/cl01tl/standalone/prometheus-operator-crds/Chart.yaml delete mode 100644 clusters/cl01tl/storage/backrest/Chart.yaml delete mode 100644 clusters/cl01tl/storage/backrest/templates/http-route.yaml delete mode 100644 clusters/cl01tl/storage/backrest/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl/storage/backrest/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl/storage/backrest/templates/service.yaml delete mode 100644 clusters/cl01tl/storage/backrest/values.yaml delete mode 100644 clusters/cl01tl/storage/cloudnative-pg/Chart.yaml delete mode 100644 clusters/cl01tl/storage/cloudnative-pg/values.yaml delete mode 100644 clusters/cl01tl/storage/democratic-csi-synology-iscsi/Chart.yaml delete mode 100644 clusters/cl01tl/storage/democratic-csi-synology-iscsi/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/storage/democratic-csi-synology-iscsi/templates/namespace.yaml delete mode 100644 clusters/cl01tl/storage/democratic-csi-synology-iscsi/values.yaml delete mode 100644 clusters/cl01tl/storage/elastic-operator/Chart.yaml delete mode 100644 clusters/cl01tl/storage/elastic-operator/values.yaml delete mode 100644 clusters/cl01tl/storage/garage/Chart.yaml delete mode 100644 clusters/cl01tl/storage/garage/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/storage/garage/templates/http-route.yaml delete mode 100644 clusters/cl01tl/storage/garage/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/storage/garage/values.yaml delete mode 100644 clusters/cl01tl/storage/local-path-provisioner/Chart.yaml delete mode 100644 clusters/cl01tl/storage/local-path-provisioner/templates/namespace.yaml delete mode 100644 clusters/cl01tl/storage/local-path-provisioner/values.yaml delete mode 100644 clusters/cl01tl/storage/mariadb-operator/Chart.yaml delete mode 100644 clusters/cl01tl/storage/mariadb-operator/values.yaml delete mode 100644 clusters/cl01tl/storage/nfs/Chart.yaml delete mode 100644 clusters/cl01tl/storage/nfs/values.yaml delete mode 100644 clusters/cl01tl/storage/pgadmin/Chart.yaml delete mode 100644 clusters/cl01tl/storage/pgadmin/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/storage/pgadmin/templates/http-route.yaml delete mode 100644 clusters/cl01tl/storage/pgadmin/templates/replication-source.yaml delete mode 100644 clusters/cl01tl/storage/pgadmin/values.yaml delete mode 100644 clusters/cl01tl/storage/redis-operator/Chart.yaml delete mode 100644 clusters/cl01tl/storage/redis-operator/values.yaml delete mode 100644 clusters/cl01tl/storage/rook-ceph/Chart.yaml delete mode 100644 clusters/cl01tl/storage/rook-ceph/templates/external-secret.yaml delete mode 100644 clusters/cl01tl/storage/rook-ceph/templates/http-route.yaml delete mode 100644 clusters/cl01tl/storage/rook-ceph/templates/namespace.yaml delete mode 100644 clusters/cl01tl/storage/rook-ceph/values.yaml delete mode 100644 clusters/cl01tl/storage/snapshot-controller/Chart.yaml delete mode 100644 clusters/cl01tl/storage/snapshot-controller/values.yaml delete mode 100644 clusters/cl01tl/storage/volsync/Chart.yaml delete mode 100644 clusters/cl01tl/storage/volsync/values.yaml delete mode 100644 clusters/cl01tl/storage/whodb/Chart.yaml delete mode 100644 clusters/cl01tl/storage/whodb/templates/http-route.yaml delete mode 100644 clusters/cl01tl/storage/whodb/values.yaml delete mode 100644 hosts/pd05wd/ollama/.ts-env delete mode 100644 hosts/pd05wd/ollama/compose.yaml delete mode 100644 hosts/pd05wd/stable-diffusion/.ts-env delete mode 100644 hosts/pd05wd/stable-diffusion/compose.yaml delete mode 100644 hosts/pd05wd/stable-diffusion/serve.json delete mode 100644 hosts/ps08rp/blocky/compose.yaml delete mode 100644 hosts/ps08rp/blocky/config.yml delete mode 100644 hosts/ps08rp/node-exporter/compose.yaml delete mode 100644 hosts/ps08rp/traefik/compose.yaml delete mode 100644 hosts/ps09rp/blocky/compose.yaml delete mode 100644 hosts/ps09rp/blocky/config.yml delete mode 100644 hosts/ps09rp/node-exporter/compose.yaml delete mode 100644 hosts/ps09rp/traefik/compose.yaml delete mode 100644 hosts/ps10rp/blocky/compose.yaml delete mode 100644 hosts/ps10rp/blocky/config.yml delete mode 100644 hosts/ps10rp/cloudflare-ddns/compose.yaml delete mode 100644 hosts/ps10rp/garage/compose.yaml delete mode 100644 hosts/ps10rp/garage/garage.toml delete mode 100644 hosts/ps10rp/garage/serve-ui.json delete mode 100644 hosts/ps10rp/garage/serve.json delete mode 100644 hosts/ps10rp/gitea/compose.yaml delete mode 100644 hosts/ps10rp/gitea/serve.json delete mode 100644 hosts/ps10rp/homepage/compose.yaml delete mode 100644 hosts/ps10rp/homepage/homepage_config/bookmarks.yaml delete mode 100644 hosts/ps10rp/homepage/homepage_config/docker.yaml delete mode 100644 hosts/ps10rp/homepage/homepage_config/services.yaml delete mode 100644 hosts/ps10rp/homepage/homepage_config/settings.yaml delete mode 100644 hosts/ps10rp/homepage/homepage_config/widgets.yaml delete mode 100644 hosts/ps10rp/homepage/serve.json delete mode 100644 hosts/ps10rp/isponsorblocktv/compose.yaml delete mode 100644 hosts/ps10rp/isponsorblocktv/config.json delete mode 100644 hosts/ps10rp/komodo-periphery/.komodo-env delete mode 100644 hosts/ps10rp/komodo-periphery/.ts-env delete mode 100644 hosts/ps10rp/komodo-periphery/compose.yaml delete mode 100644 hosts/ps10rp/node-exporter/compose.yaml delete mode 100644 hosts/ps10rp/node-exporter/serve.json delete mode 100644 hosts/ps10rp/tailscale-subnet/compose.yaml delete mode 100644 hosts/ps10rp/traefik/compose.yaml delete mode 100644 hosts/ps10rp/traefik/serve.json delete mode 100644 renovate.json diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 261eeb9e9..000000000 --- a/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/README.md b/README.md deleted file mode 100644 index 6552c274e..000000000 --- a/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# alexlebens.net - -GitOps definied infrastrucutre for the alexlebens.net domain. - -## License - -This project is licensed under the terms of the Apache 2.0 License license. diff --git a/clusters/cl01tl/applications/actual/Chart.yaml b/clusters/cl01tl/applications/actual/Chart.yaml deleted file mode 100644 index 4ec4b660c..000000000 --- a/clusters/cl01tl/applications/actual/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: actual -version: 1.0.0 -description: Actual -keywords: - - actual - - budget -home: https://wiki.alexlebens.dev/s/86192f45-94b7-45de-872c-6ef3fec7df5e -sources: - - https://github.com/actualbudget/actual - - https://github.com/actualbudget/actual/pkgs/container/actual - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: actual - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png -appVersion: v25.5.0 diff --git a/clusters/cl01tl/applications/actual/templates/external-secret.yaml b/clusters/cl01tl/applications/actual/templates/external-secret.yaml deleted file mode 100644 index f22be7ac2..000000000 --- a/clusters/cl01tl/applications/actual/templates/external-secret.yaml +++ /dev/null @@ -1,55 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: actual-data-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: actual-data-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/actual/actual-data" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key diff --git a/clusters/cl01tl/applications/actual/templates/http-route.yaml b/clusters/cl01tl/applications/actual/templates/http-route.yaml deleted file mode 100644 index 4b308cee3..000000000 --- a/clusters/cl01tl/applications/actual/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-actual - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-actual - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - actual.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: actual - port: 80 - weight: 100 diff --git a/clusters/cl01tl/applications/actual/templates/replication-source.yaml b/clusters/cl01tl/applications/actual/templates/replication-source.yaml deleted file mode 100644 index ba1340760..000000000 --- a/clusters/cl01tl/applications/actual/templates/replication-source.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: actual-data-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: actual-data-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: actual-data - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: actual-data-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/actual/values.yaml b/clusters/cl01tl/applications/actual/values.yaml deleted file mode 100644 index 4bec1142c..000000000 --- a/clusters/cl01tl/applications/actual/values.yaml +++ /dev/null @@ -1,56 +0,0 @@ -actual: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/actualbudget/actual - tag: 25.11.0 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - resources: - requests: - cpu: 10m - memory: 128Mi - probes: - liveness: - enabled: true - custom: true - spec: - exec: - command: - - /usr/bin/env - - bash - - -c - - node src/scripts/health-check.js - failureThreshold: 5 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 10 - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 5006 - protocol: HTTP - persistence: - data: - forceRename: actual-data - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 2Gi - retain: true - advancedMounts: - main: - main: - - path: /data - readOnly: false diff --git a/clusters/cl01tl/applications/audiobookshelf/Chart.yaml b/clusters/cl01tl/applications/audiobookshelf/Chart.yaml deleted file mode 100644 index 34b451361..000000000 --- a/clusters/cl01tl/applications/audiobookshelf/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v2 -name: audiobookshelf -version: 1.0.0 -description: Audiobookshelf -keywords: - - audiobookshelf - - books - - podcasts - - audiobooks -home: https://wiki.alexlebens.dev/s/d4d6719f-cd1c-4b6e-b78e-2d2d7a5097d7 -sources: - - https://github.com/advplyr/audiobookshelf - - https://github.com/advplyr/audiobookshelf/pkgs/container/audiobookshelf - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: audiobookshelf - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png -appVersion: 2.21.0 diff --git a/clusters/cl01tl/applications/audiobookshelf/templates/external-secret.yaml b/clusters/cl01tl/applications/audiobookshelf/templates/external-secret.yaml deleted file mode 100644 index d1da422a3..000000000 --- a/clusters/cl01tl/applications/audiobookshelf/templates/external-secret.yaml +++ /dev/null @@ -1,135 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: audiobookshelf-apprise-config - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: audiobookshelf-apprise-config - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ntfy-url - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/audiobookshelf/apprise - metadataPolicy: None - property: ntfy-url - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: audiobookshelf-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: audiobookshelf-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/audiobookshelf/audiobookshelf-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: audiobookshelf-metadata-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: audiobookshelf-metadata-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/audiobookshelf/audiobookshelf-metadata" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key diff --git a/clusters/cl01tl/applications/audiobookshelf/templates/http-route.yaml b/clusters/cl01tl/applications/audiobookshelf/templates/http-route.yaml deleted file mode 100644 index 1d9329717..000000000 --- a/clusters/cl01tl/applications/audiobookshelf/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-audiobookshelf - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-audiobookshelf - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - audiobookshelf.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: audiobookshelf - port: 80 - weight: 100 diff --git a/clusters/cl01tl/applications/audiobookshelf/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/audiobookshelf/templates/persistent-volume-claim.yaml deleted file mode 100644 index d31621e69..000000000 --- a/clusters/cl01tl/applications/audiobookshelf/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: audiobookshelf-nfs-storage-backup - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: audiobookshelf-nfs-storage-backup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeMode: Filesystem - storageClassName: nfs-client - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: audiobookshelf-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: audiobookshelf-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: audiobookshelf-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/applications/audiobookshelf/templates/persistent-volume.yaml b/clusters/cl01tl/applications/audiobookshelf/templates/persistent-volume.yaml deleted file mode 100644 index 793addc71..000000000 --- a/clusters/cl01tl/applications/audiobookshelf/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: audiobookshelf-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: audiobookshelf-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/applications/audiobookshelf/templates/replication-source.yaml b/clusters/cl01tl/applications/audiobookshelf/templates/replication-source.yaml deleted file mode 100644 index 844a9a5ab..000000000 --- a/clusters/cl01tl/applications/audiobookshelf/templates/replication-source.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: audiobookshelf-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: audiobookshelf-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: audiobookshelf-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: audiobookshelf-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot - ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: audiobookshelf-metadata-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: audiobookshelf-metadata-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: audiobookshelf-metadata - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: audiobookshelf-metadata-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/audiobookshelf/templates/service-monitor.yaml b/clusters/cl01tl/applications/audiobookshelf/templates/service-monitor.yaml deleted file mode 100644 index 5e6974279..000000000 --- a/clusters/cl01tl/applications/audiobookshelf/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: audiobookshelf-apprise - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: audiobookshelf-apprise - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - endpoints: - - port: apprise - interval: 30s - scrapeTimeout: 15s - path: /metrics - selector: - matchLabels: - app.kubernetes.io/name: audiobookshelf - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/clusters/cl01tl/applications/audiobookshelf/values.yaml b/clusters/cl01tl/applications/audiobookshelf/values.yaml deleted file mode 100644 index 91d1126da..000000000 --- a/clusters/cl01tl/applications/audiobookshelf/values.yaml +++ /dev/null @@ -1,94 +0,0 @@ -audiobookshelf: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/advplyr/audiobookshelf - tag: 2.30.0 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - resources: - requests: - cpu: 10m - memory: 128Mi - apprise-api: - image: - repository: caronc/apprise - tag: 1.2.6 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PGID - value: "1000" - - name: PUID - value: "1000" - - name: APPRISE_STORAGE_MODE - value: memory - - name: APPRISE_STATEFUL_MODE - value: disabled - - name: APPRISE_WORKER_COUNT - value: 1 - - name: APPRISE_STATELESS_URLS - valueFrom: - secretKeyRef: - name: audiobookshelf-apprise-config - key: ntfy-url - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 80 - protocol: HTTP - apprise: - port: 8000 - targetPort: 8000 - protocol: HTTP - persistence: - config: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 2Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - metadata: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 10Gi - retain: true - advancedMounts: - main: - main: - - path: /metadata - readOnly: false - backup: - existingClaim: audiobookshelf-nfs-storage-backup - advancedMounts: - main: - main: - - path: /metadata/backups - readOnly: false - audiobooks: - existingClaim: audiobookshelf-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store/ - readOnly: false diff --git a/clusters/cl01tl/applications/bazarr/Chart.yaml b/clusters/cl01tl/applications/bazarr/Chart.yaml deleted file mode 100644 index cc20db826..000000000 --- a/clusters/cl01tl/applications/bazarr/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v2 -name: bazarr -version: 1.0.0 -description: Bazarr -keywords: - - bazarr - - servarr - - subtitles -home: https://wiki.alexlebens.dev/s/92784d53-1d43-42fd-b509-f42c73454226 -sources: - - https://github.com/morpheus65535/bazarr - - https://github.com/linuxserver/docker-bazarr - - https://github.com/linuxserver/docker-bazarr/pkgs/container/bazarr - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: bazarr - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/bazarr.png -appVersion: 1.5.2 diff --git a/clusters/cl01tl/applications/bazarr/templates/external-secret.yaml b/clusters/cl01tl/applications/bazarr/templates/external-secret.yaml deleted file mode 100644 index 40e7170bb..000000000 --- a/clusters/cl01tl/applications/bazarr/templates/external-secret.yaml +++ /dev/null @@ -1,55 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: bazarr-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: bazarr-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/bazarr/bazarr-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key diff --git a/clusters/cl01tl/applications/bazarr/templates/http-route.yaml b/clusters/cl01tl/applications/bazarr/templates/http-route.yaml deleted file mode 100644 index 3e5439d60..000000000 --- a/clusters/cl01tl/applications/bazarr/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-bazarr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-bazarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - bazarr.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: bazarr - port: 80 - weight: 100 diff --git a/clusters/cl01tl/applications/bazarr/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/bazarr/templates/persistent-volume-claim.yaml deleted file mode 100644 index 6cf8cb968..000000000 --- a/clusters/cl01tl/applications/bazarr/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: bazarr-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: bazarr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: bazarr-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/applications/bazarr/templates/persistent-volume.yaml b/clusters/cl01tl/applications/bazarr/templates/persistent-volume.yaml deleted file mode 100644 index c61824875..000000000 --- a/clusters/cl01tl/applications/bazarr/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: bazarr-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: bazarr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/applications/bazarr/templates/replication-source.yaml b/clusters/cl01tl/applications/bazarr/templates/replication-source.yaml deleted file mode 100644 index fee25927c..000000000 --- a/clusters/cl01tl/applications/bazarr/templates/replication-source.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: bazarr-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: bazarr-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: bazarr-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: bazarr-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - moverSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/bazarr/values.yaml b/clusters/cl01tl/applications/bazarr/values.yaml deleted file mode 100644 index 0b824381d..000000000 --- a/clusters/cl01tl/applications/bazarr/values.yaml +++ /dev/null @@ -1,57 +0,0 @@ -bazarr: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - containers: - main: - image: - repository: ghcr.io/linuxserver/bazarr - tag: 1.5.3@sha256:2be164c02c0bb311b6c32e57d3d0ddc2813d524e89ab51a3408c1bf6fafecda5 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - resources: - requests: - cpu: 10m - memory: 256Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 6767 - protocol: HTTP - persistence: - config: - forceRename: bazarr-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - media: - existingClaim: bazarr-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: false diff --git a/clusters/cl01tl/applications/booklore/Chart.yaml b/clusters/cl01tl/applications/booklore/Chart.yaml deleted file mode 100644 index db03241d0..000000000 --- a/clusters/cl01tl/applications/booklore/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v2 -name: booklore -version: 1.0.0 -description: booklore -keywords: - - booklore - - books -home: https://wiki.alexlebens.dev/ -sources: - - https://github.com/booklore-app/BookLore - - https://github.com/booklore-app/booklore/pkgs/container/booklore - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: booklore - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: mariadb-cluster - version: 25.10.2 - repository: https://helm.mariadb.com/mariadb-operator -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/booklore.png -appVersion: v.1.10.0 diff --git a/clusters/cl01tl/applications/booklore/templates/external-secret.yaml b/clusters/cl01tl/applications/booklore/templates/external-secret.yaml deleted file mode 100644 index bae429731..000000000 --- a/clusters/cl01tl/applications/booklore/templates/external-secret.yaml +++ /dev/null @@ -1,332 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: booklore-database-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-database-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: password - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/booklore/database - metadataPolicy: None - property: password - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: booklore-data-replication-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-data-replication-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: psk.txt - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/booklore/replication - metadataPolicy: None - property: psk.txt - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: booklore-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/booklore/booklore-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /volsync/restic/digital-ocean - metadataPolicy: None - property: BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /volsync/restic/digital-ocean - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: AWS_ACCESS_KEY_ID - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: AWS_SECRET_ACCESS_KEY - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: booklore-data-backup-secret-local - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-data-backup-secret-local - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/booklore/booklore-data" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /volsync/restic/garage-local - metadataPolicy: None - property: BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /volsync/restic/garage-local - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/volsync-backups - metadataPolicy: None - property: ACCESS_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/volsync-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/volsync-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: booklore-data-backup-secret-remote - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-data-backup-secret-remote - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/booklore/booklore-data" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /volsync/restic/garage-remote - metadataPolicy: None - property: BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /volsync/restic/garage-remote - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/volsync-backups - metadataPolicy: None - property: ACCESS_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/volsync-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/volsync-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: booklore-data-backup-secret-external - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-data-backup-secret-external - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/booklore/booklore-data" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /volsync/restic/digital-ocean - metadataPolicy: None - property: BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /volsync/restic/digital-ocean - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: AWS_ACCESS_KEY_ID - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: AWS_SECRET_ACCESS_KEY - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: booklore-mariadb-cluster-backup-secret-external - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-mariadb-cluster-backup-secret-external - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: access - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/mariadb-backups - metadataPolicy: None - property: access - - secretKey: secret - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/mariadb-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: booklore-mariadb-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-mariadb-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: access - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/mariadb-backups - metadataPolicy: None - property: access - - secretKey: secret - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/mariadb-backups - metadataPolicy: None - property: secret diff --git a/clusters/cl01tl/applications/booklore/templates/http-route.yaml b/clusters/cl01tl/applications/booklore/templates/http-route.yaml deleted file mode 100644 index a6156305e..000000000 --- a/clusters/cl01tl/applications/booklore/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-booklore - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-booklore - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - booklore.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: booklore - port: 80 - weight: 100 diff --git a/clusters/cl01tl/applications/booklore/templates/namespace.yaml b/clusters/cl01tl/applications/booklore/templates/namespace.yaml deleted file mode 100644 index 11d8d8e2e..000000000 --- a/clusters/cl01tl/applications/booklore/templates/namespace.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: booklore - annotations: - volsync.backube/privileged-movers: "true" - labels: - app.kubernetes.io/name: booklore - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} diff --git a/clusters/cl01tl/applications/booklore/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/booklore/templates/persistent-volume-claim.yaml deleted file mode 100644 index f21d20472..000000000 --- a/clusters/cl01tl/applications/booklore/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: booklore-books-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-books-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: booklore-books-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi - ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: booklore-books-import-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-books-import-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: booklore-books-import-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/applications/booklore/templates/persistent-volume.yaml b/clusters/cl01tl/applications/booklore/templates/persistent-volume.yaml deleted file mode 100644 index f50dc7e7a..000000000 --- a/clusters/cl01tl/applications/booklore/templates/persistent-volume.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: booklore-books-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-books-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage/Books - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac - ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: booklore-books-import-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-books-import-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage/Books Import - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/applications/booklore/templates/replication-destination.yaml b/clusters/cl01tl/applications/booklore/templates/replication-destination.yaml deleted file mode 100644 index 5b70c0281..000000000 --- a/clusters/cl01tl/applications/booklore/templates/replication-destination.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationDestination -metadata: - name: booklore-data-replication-destination - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-data-replication-destination - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - rsyncTLS: - copyMethod: Direct - accessModes: ["ReadWriteMany"] - destinationPVC: booklore-books-nfs-storage - keySecret: booklore-data-replication-secret diff --git a/clusters/cl01tl/applications/booklore/templates/replication-source.yaml b/clusters/cl01tl/applications/booklore/templates/replication-source.yaml deleted file mode 100644 index e7d891619..000000000 --- a/clusters/cl01tl/applications/booklore/templates/replication-source.yaml +++ /dev/null @@ -1,129 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: booklore-data-replication-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-data-replication-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: booklore-data - trigger: - schedule: "0 0 * * *" - rsyncTLS: - keySecret: booklore-data-replication-secret - address: volsync-rsync-tls-dst-booklore-data-replication-destination - copyMethod: Snapshot - ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: booklore-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: booklore-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: booklore-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot - cacheCapacity: 10Gi - ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: booklore-data-backup-source-local - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-data-backup-source-local - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: booklore-data - trigger: - schedule: 0 2 * * * - restic: - pruneIntervalDays: 7 - repository: booklore-data-backup-secret-local - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot - cacheCapacity: 10Gi - ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: booklore-data-backup-source-remote - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-data-backup-source-remote - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: booklore-data - trigger: - schedule: 0 3 * * * - restic: - pruneIntervalDays: 7 - repository: booklore-data-backup-secret-remote - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot - cacheCapacity: 10Gi - ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: booklore-data-backup-source-external - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-data-backup-source-external - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: booklore-data - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: booklore-data-backup-secret-external - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot - cacheCapacity: 10Gi diff --git a/clusters/cl01tl/applications/booklore/templates/service.yaml b/clusters/cl01tl/applications/booklore/templates/service.yaml deleted file mode 100644 index 4d10a9638..000000000 --- a/clusters/cl01tl/applications/booklore/templates/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: garage-ps10rp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: garage-ps10rp - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - annotations: - tailscale.com/tailnet-fqdn: garage-ps10rp.boreal-beaufort.ts.net -spec: - externalName: placeholder - type: ExternalName diff --git a/clusters/cl01tl/applications/booklore/values.yaml b/clusters/cl01tl/applications/booklore/values.yaml deleted file mode 100644 index e8ca17ea5..000000000 --- a/clusters/cl01tl/applications/booklore/values.yaml +++ /dev/null @@ -1,155 +0,0 @@ -booklore: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/booklore-app/booklore - tag: v1.12.0 - pullPolicy: IfNotPresent - env: - - name: TZ - value: America/Chicago - - name: DATABASE_URL - value: jdbc:mariadb://booklore-mariadb-cluster-primary.booklore:3306/booklore - - name: DATABASE_USERNAME - value: booklore - - name: DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: booklore-database-secret - key: password - - name: BOOKLORE_PORT - value: 6060 - - name: SWAGGER_ENABLED - value: false - resources: - requests: - cpu: 50m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 6060 - protocol: HTTP - persistence: - config: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - main: - - path: /app/data - readOnly: false - data: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 10Gi - retain: true - advancedMounts: - main: - main: - - path: /data - readOnly: false - books-import: - type: emptyDir - advancedMounts: - main: - main: - - path: /bookdrop - readOnly: false - ingest: - existingClaim: booklore-books-import-nfs-storage - advancedMounts: - main: - main: - - path: /bookdrop/ingest - readOnly: false -mariadb-cluster: - mariadb: - rootPasswordSecretKeyRef: - generate: false - name: booklore-database-secret - key: password - storage: - size: 5Gi - replicas: 3 - galera: - enabled: true - databases: - - name: booklore - characterSet: utf8 - collate: utf8_general_ci - cleanupPolicy: Delete - requeueInterval: 10h - users: - - name: booklore - passwordSecretKeyRef: - name: booklore-database-secret - key: password - host: '%' - cleanupPolicy: Delete - requeueInterval: 10h - retryInterval: 30s - grants: - - name: booklore - privileges: - - "ALL PRIVILEGES" - database: "booklore" - table: "*" - username: booklore - grantOption: true - host: '%' - cleanupPolicy: Delete - requeueInterval: 10h - retryInterval: 30s - physicalBackups: - - name: backup-external - schedule: - cron: "0 0 * * 0" - suspend: false - immediate: true - compression: gzip - maxRetention: 720h - storage: - s3: - bucket: mariadb-backups-b230a2f5aecf080a4b372c08 - prefix: cl01tl/booklore - endpoint: nyc3.digitaloceanspaces.com - region: us-east-1 - accessKeyIdSecretKeyRef: - name: booklore-mariadb-cluster-backup-secret-external - key: access - secretAccessKeySecretKeyRef: - name: booklore-mariadb-cluster-backup-secret-external - key: secret - tls: - enabled: true - - name: backup-garage - schedule: - cron: "0 0 * * *" - suspend: false - immediate: true - compression: gzip - maxRetention: 360h - storage: - s3: - bucket: mariadb-backups - prefix: cl01tl/booklore - endpoint: garage-main.garage:3900 - region: us-east-1 - accessKeyIdSecretKeyRef: - name: booklore-mariadb-cluster-backup-secret-garage - key: access - secretAccessKeySecretKeyRef: - name: booklore-mariadb-cluster-backup-secret-garage - key: secret diff --git a/clusters/cl01tl/applications/code-server/Chart.yaml b/clusters/cl01tl/applications/code-server/Chart.yaml deleted file mode 100644 index 6dab9e91c..000000000 --- a/clusters/cl01tl/applications/code-server/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v2 -name: code-server -version: 1.0.0 -description: Code Server -keywords: - - code-server - - code - - ide -home: https://wiki.alexlebens.dev/s/233f96bb-db70-47e4-8b22-a8efcbb0f93d -sources: - - https://github.com/coder/code-server - - https://github.com/cloudflare/cloudflared - - https://hub.docker.com/r/linuxserver/code-server - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: code-server - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: cloudflared - alias: cloudflared - repository: oci://harbor.alexlebens.net/helm-charts - version: 1.23.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png -appVersion: 4.100.2 diff --git a/clusters/cl01tl/applications/code-server/templates/external-secret.yaml b/clusters/cl01tl/applications/code-server/templates/external-secret.yaml deleted file mode 100644 index 4ec6bb8ac..000000000 --- a/clusters/cl01tl/applications/code-server/templates/external-secret.yaml +++ /dev/null @@ -1,51 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: codeserver-password-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: codeserver-password-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/code-server/auth - metadataPolicy: None - property: PASSWORD - - secretKey: SUDO_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/code-server/auth - metadataPolicy: None - property: SUDO_PASSWORD - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: code-server-cloudflared-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: code-server-cloudflared-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/codeserver - metadataPolicy: None - property: token diff --git a/clusters/cl01tl/applications/code-server/templates/http-route.yaml b/clusters/cl01tl/applications/code-server/templates/http-route.yaml deleted file mode 100644 index 0bd454572..000000000 --- a/clusters/cl01tl/applications/code-server/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-code-server - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-code-server - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - code-server.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: code-server - port: 8443 - weight: 100 diff --git a/clusters/cl01tl/applications/code-server/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/code-server/templates/persistent-volume-claim.yaml deleted file mode 100644 index b4900de2a..000000000 --- a/clusters/cl01tl/applications/code-server/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: code-server-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: code-server-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeMode: Filesystem - storageClassName: nfs-client - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/applications/code-server/values.yaml b/clusters/cl01tl/applications/code-server/values.yaml deleted file mode 100644 index 6d44cc286..000000000 --- a/clusters/cl01tl/applications/code-server/values.yaml +++ /dev/null @@ -1,47 +0,0 @@ -code-server: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/linuxserver/code-server - tag: 4.106.2@sha256:a98afdbcb59559f11e5e8df284062e55da1076b2e470e13db4aae133ea82bad0 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - - name: DEFAULT_WORKSPACE - value: /config - envFrom: - - secretRef: - name: codeserver-password-secret - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 8443 - targetPort: 8443 - protocol: HTTP - persistence: - config: - existingClaim: code-server-nfs-storage - advancedMounts: - main: - main: - - path: /config - readOnly: false -cloudflared: - existingSecretName: code-server-cloudflared-secret diff --git a/clusters/cl01tl/applications/directus/Chart.yaml b/clusters/cl01tl/applications/directus/Chart.yaml deleted file mode 100644 index a5b6f8b16..000000000 --- a/clusters/cl01tl/applications/directus/Chart.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: v2 -name: directus -version: 1.0.0 -description: Directus -keywords: - - directus - - cms -home: https://wiki.alexlebens.dev/s/c2d242de-dcaa-4801-86a2-c4761dc8bf9b -sources: - - https://github.com/directus/directus - - https://github.com/cloudflare/cloudflared - - https://github.com/cloudnative-pg/cloudnative-pg - - https://hub.docker.com/r/directus/directus - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: directus - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: cloudflared - alias: cloudflared-directus - repository: oci://harbor.alexlebens.net/helm-charts - version: 1.23.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png -appVersion: 11.7.2 diff --git a/clusters/cl01tl/applications/directus/templates/external-secret.yaml b/clusters/cl01tl/applications/directus/templates/external-secret.yaml deleted file mode 100644 index a225e81e2..000000000 --- a/clusters/cl01tl/applications/directus/templates/external-secret.yaml +++ /dev/null @@ -1,245 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: directus-config - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: directus-config - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: admin-email - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/directus/config - metadataPolicy: None - property: admin-email - - secretKey: admin-password - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/directus/config - metadataPolicy: None - property: admin-password - - secretKey: secret - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/directus/config - metadataPolicy: None - property: secret - - secretKey: key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/directus/config - metadataPolicy: None - property: key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: directus-metric-token - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: directus-metric-token - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: metric-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/directus/metrics - metadataPolicy: None - property: metric-token - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: directus-redis-config - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: directus-redis-config - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: user - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/directus/redis - metadataPolicy: None - property: user - - secretKey: password - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/directus/redis - metadataPolicy: None - property: password - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: directus-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: directus-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: OIDC_CLIENT_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/directus - metadataPolicy: None - property: client - - secretKey: OIDC_CLIENT_SECRET - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/directus - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: directus-cloudflared-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: directus-cloudflared-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/directus - metadataPolicy: None - property: token - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: directus-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: directus-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: directus-postgresql-17-cluster-backup-secret-weekly - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: directus-postgresql-17-cluster-backup-secret-weekly - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: directus-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: directus-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/applications/directus/templates/object-bucket-claim.yaml b/clusters/cl01tl/applications/directus/templates/object-bucket-claim.yaml deleted file mode 100644 index a512754f0..000000000 --- a/clusters/cl01tl/applications/directus/templates/object-bucket-claim.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: objectbucket.io/v1alpha1 -kind: ObjectBucketClaim -metadata: - name: ceph-bucket-directus - labels: - app.kubernetes.io/name: ceph-bucket-directus - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - generateBucketName: bucket-directus - storageClassName: ceph-bucket diff --git a/clusters/cl01tl/applications/directus/templates/redis-replication.yaml b/clusters/cl01tl/applications/directus/templates/redis-replication.yaml deleted file mode 100644 index 7fcb79d3b..000000000 --- a/clusters/cl01tl/applications/directus/templates/redis-replication.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: redis-replication-directus - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-directus - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - clusterSize: 3 - podSecurityContext: - runAsUser: 1000 - fsGroup: 1000 - kubernetesConfig: - image: quay.io/opstree/redis:v8.2.1 - imagePullPolicy: IfNotPresent - redisSecret: - name: directus-redis-config - key: password - resources: - requests: - cpu: 50m - memory: 128Mi - storage: - volumeClaimTemplate: - spec: - storageClassName: ceph-block - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 1Gi - redisExporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.76.0 diff --git a/clusters/cl01tl/applications/directus/templates/redis-sentinel.yaml b/clusters/cl01tl/applications/directus/templates/redis-sentinel.yaml deleted file mode 100644 index b7fdb8a6a..000000000 --- a/clusters/cl01tl/applications/directus/templates/redis-sentinel.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisSentinel -metadata: - name: redis-sentinel-directus - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-sentinel-directus - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - clusterSize: 3 - podSecurityContext: - runAsUser: 1000 - fsGroup: 1000 - redisSentinelConfig: - redisReplicationName: redis-replication-directus - redisReplicationPassword: - secretKeyRef: - name: directus-redis-config - key: password - kubernetesConfig: - image: quay.io/opstree/redis-sentinel:v7.0.15 - imagePullPolicy: IfNotPresent - redisSecret: - name: directus-redis-config - key: password - resources: - requests: - cpu: 10m - memory: 128Mi diff --git a/clusters/cl01tl/applications/directus/templates/service-monitor.yaml b/clusters/cl01tl/applications/directus/templates/service-monitor.yaml deleted file mode 100644 index 2e0768ec2..000000000 --- a/clusters/cl01tl/applications/directus/templates/service-monitor.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: directus - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: directus - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: directus - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: http - interval: 30s - scrapeTimeout: 15s - path: /metrics - bearerTokenSecret: - name: directus-metric-token - key: metric-token - ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: redis-replication-directus - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-directus - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - redis-operator: "true" - env: production -spec: - selector: - matchLabels: - redis_setup_type: replication - endpoints: - - port: redis-exporter - interval: 30s - scrapeTimeout: 10s diff --git a/clusters/cl01tl/applications/directus/values.yaml b/clusters/cl01tl/applications/directus/values.yaml deleted file mode 100644 index 10200a62b..000000000 --- a/clusters/cl01tl/applications/directus/values.yaml +++ /dev/null @@ -1,214 +0,0 @@ -directus: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: directus/directus - tag: 11.13.4 - pullPolicy: IfNotPresent - env: - - name: PUBLIC_URL - value: https://directus.alexlebens.dev - - name: WEBSOCKETS_ENABLED - value: true - - name: ADMIN_EMAIL - valueFrom: - secretKeyRef: - name: directus-config - key: admin-email - - name: ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: directus-config - key: admin-password - - name: SECRET - valueFrom: - secretKeyRef: - name: directus-config - key: secret - - name: KEY - valueFrom: - secretKeyRef: - name: directus-config - key: key - - name: DB_CLIENT - value: postgres - - name: DB_HOST - valueFrom: - secretKeyRef: - name: directus-postgresql-17-cluster-app - key: host - - name: DB_DATABASE - valueFrom: - secretKeyRef: - name: directus-postgresql-17-cluster-app - key: dbname - - name: DB_PORT - valueFrom: - secretKeyRef: - name: directus-postgresql-17-cluster-app - key: port - - name: DB_USER - valueFrom: - secretKeyRef: - name: directus-postgresql-17-cluster-app - key: user - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: directus-postgresql-17-cluster-app - key: password - - name: SYNCHRONIZATION_STORE - value: redis - - name: CACHE_ENABLED - value: true - - name: CACHE_STORE - value: redis - - name: REDIS_ENABLED - value: true - - name: REDIS_HOST - value: redis-replication-directus-master - - name: REDIS_USERNAME - valueFrom: - secretKeyRef: - name: directus-redis-config - key: user - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: directus-redis-config - key: password - - name: STORAGE_LOCATIONS - value: s3 - - name: STORAGE_S3_DRIVER - value: s3 - - name: STORAGE_S3_KEY - valueFrom: - secretKeyRef: - name: ceph-bucket-directus - key: AWS_ACCESS_KEY_ID - - name: STORAGE_S3_SECRET - valueFrom: - secretKeyRef: - name: ceph-bucket-directus - key: AWS_SECRET_ACCESS_KEY - - name: STORAGE_S3_BUCKET - valueFrom: - configMapKeyRef: - name: ceph-bucket-directus - key: BUCKET_NAME - - name: STORAGE_S3_REGION - value: us-east-1 - - name: STORAGE_S3_ENDPOINT - value: http://rook-ceph-rgw-ceph-objectstore.rook-ceph.svc:80 - - name: STORAGE_S3_FORCE_PATH_STYLE - value: true - - name: AUTH_PROVIDERS - value: AUTHENTIK - - name: AUTH_AUTHENTIK_DRIVER - value: openid - - name: AUTH_AUTHENTIK_CLIENT_ID - valueFrom: - secretKeyRef: - name: directus-oidc-secret - key: OIDC_CLIENT_ID - - name: AUTH_AUTHENTIK_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: directus-oidc-secret - key: OIDC_CLIENT_SECRET - - name: AUTH_AUTHENTIK_SCOPE - value: openid profile email - - name: AUTH_AUTHENTIK_ISSUER_URL - value: https://auth.alexlebens.dev/application/o/directus/.well-known/openid-configuration - - name: AUTH_AUTHENTIK_IDENTIFIER_KEY - value: email - - name: AUTH_AUTHENTIK_ALLOW_PUBLIC_REGISTRATION - value: true - - name: AUTH_AUTHENTIK_LABEL - value: Authentik - - name: TELEMETRY - value: false - - name: METRICS_ENABLED - value: true - - name: METRICS_TOKENS - valueFrom: - secretKeyRef: - name: directus-metric-token - key: metric-token - resources: - requests: - cpu: 10m - memory: 256Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 8055 - protocol: TCP -cloudflared-directus: - name: cloudflared-directus - existingSecretName: directus-cloudflared-secret -postgres-17-cluster: - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/directus/directus-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: directus-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/directus/directus-postgresql-17-cluster - index: 1 - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/directus/directus-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: directus-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/directus/directus-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: directus-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 0 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/applications/element-web/Chart.yaml b/clusters/cl01tl/applications/element-web/Chart.yaml deleted file mode 100644 index 15490271e..000000000 --- a/clusters/cl01tl/applications/element-web/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v2 -name: element-web -version: 1.0.0 -description: Element Web -keywords: - - element-web - - chat - - matrix -home: https://wiki.alexlebens.dev/s/e3b03481-1a1d-4b56-8cd9-e75a8dcc0f6c -sources: - - https://github.com/element-hq/element-web - - https://github.com/cloudflare/cloudflared - - https://hub.docker.com/r/vectorim/element-web - - https://gitlab.com/ananace/charts/-/tree/master/charts/element-web - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared -maintainers: - - name: alexlebens -dependencies: - - name: element-web - version: 1.4.24 - repository: https://ananace.gitlab.io/charts - - name: cloudflared - alias: cloudflared - repository: oci://harbor.alexlebens.net/helm-charts - version: 1.23.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png -appVersion: v1.11.100 diff --git a/clusters/cl01tl/applications/element-web/templates/external-secret.yaml b/clusters/cl01tl/applications/element-web/templates/external-secret.yaml deleted file mode 100644 index 276c3f4a4..000000000 --- a/clusters/cl01tl/applications/element-web/templates/external-secret.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: element-web-cloudflared-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: element-web-cloudflared-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/element - metadataPolicy: None - property: token diff --git a/clusters/cl01tl/applications/element-web/values.yaml b/clusters/cl01tl/applications/element-web/values.yaml deleted file mode 100644 index 970e993ee..000000000 --- a/clusters/cl01tl/applications/element-web/values.yaml +++ /dev/null @@ -1,28 +0,0 @@ -element-web: - replicaCount: 1 - image: - repository: vectorim/element-web - tag: v1.12.4 - pullPolicy: IfNotPresent - defaultServer: - url: https://matrix.alexlebens.dev - name: alexlebens.dev - identity_url: https://alexlebens.dev - config: - disable_3pid_login: true - brand: "Alex Lebens" - branding: - welcome_background_url: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/background.jpg - auth_header_logo_url: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.png - sso_redirect_options: - immediate: true - default_theme: dark - default_country_code: US - ingress: - enabled: false - resources: - requests: - cpu: 10m - memory: 128Mi -cloudflared: - existingSecretName: element-web-cloudflared-secret diff --git a/clusters/cl01tl/applications/ephemera/Chart.yaml b/clusters/cl01tl/applications/ephemera/Chart.yaml deleted file mode 100644 index 607d0716b..000000000 --- a/clusters/cl01tl/applications/ephemera/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v2 -name: ephemera -version: 1.0.0 -description: ephemera -keywords: - - ephemera - - books -home: https://wiki.alexlebens.dev/ -sources: - - https://github.com/OrwellianEpilogue/ephemera - - https://github.com/FlareSolverr/FlareSolverr - - https://github.com/orwellianepilogue/ephemera/pkgs/container/ephemera - - https://github.com/flaresolverr/FlareSolverr/pkgs/container/flaresolverr - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: ephemera - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ephemera.png -appVersion: 1.3.1 diff --git a/clusters/cl01tl/applications/ephemera/templates/external-secret.yaml b/clusters/cl01tl/applications/ephemera/templates/external-secret.yaml deleted file mode 100644 index 492cdad34..000000000 --- a/clusters/cl01tl/applications/ephemera/templates/external-secret.yaml +++ /dev/null @@ -1,101 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: ephemera-key-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ephemera-key-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/ephemera/config - metadataPolicy: None - property: key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: ephemera-apprise-config - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ephemera-apprise-config - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ntfy-url - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/ephemera/config - metadataPolicy: None - property: ntfy-url - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: ephemera-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ephemera-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/ephemera/ephemera-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key diff --git a/clusters/cl01tl/applications/ephemera/templates/http-route.yaml b/clusters/cl01tl/applications/ephemera/templates/http-route.yaml deleted file mode 100644 index 16c8b2bbd..000000000 --- a/clusters/cl01tl/applications/ephemera/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-ephemera - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-ephemera - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - ephemera.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: ephemera - port: 80 - weight: 100 diff --git a/clusters/cl01tl/applications/ephemera/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/ephemera/templates/persistent-volume-claim.yaml deleted file mode 100644 index 1efb18d02..000000000 --- a/clusters/cl01tl/applications/ephemera/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: ephemera-import-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ephemera-import-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: ephemera-import-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/applications/ephemera/templates/persistent-volume.yaml b/clusters/cl01tl/applications/ephemera/templates/persistent-volume.yaml deleted file mode 100644 index 78d5b4e6f..000000000 --- a/clusters/cl01tl/applications/ephemera/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: ephemera-import-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ephemera-import-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage/Books Import - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/applications/ephemera/templates/replication-source.yaml b/clusters/cl01tl/applications/ephemera/templates/replication-source.yaml deleted file mode 100644 index cffd4fcdf..000000000 --- a/clusters/cl01tl/applications/ephemera/templates/replication-source.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: ephemera-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ephemera-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: ephemera-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: ephemera-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot - cacheCapacity: 10Gi diff --git a/clusters/cl01tl/applications/ephemera/values.yaml b/clusters/cl01tl/applications/ephemera/values.yaml deleted file mode 100644 index 6fca7ddfb..000000000 --- a/clusters/cl01tl/applications/ephemera/values.yaml +++ /dev/null @@ -1,107 +0,0 @@ -ephemera: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/orwellianepilogue/ephemera - tag: 1.3.1 - pullPolicy: IfNotPresent - env: - - name: AA_BASE_URL - value: https://annas-archive.org - # - name: AA_API_KEY - # valueFrom: - # secretKeyRef: - # name: ephemera-key-secret - # key: key - - name: FLARESOLVERR_URL - value: http://127.0.0.1:8191 - - name: LG_BASE_URL - value: https://gen.com - - name: PUID - value: 0 - - name: PGID - value: 0 - resources: - requests: - cpu: 50m - memory: 128Mi - flaresolverr: - image: - repository: ghcr.io/flaresolverr/flaresolverr - tag: v3.4.5 - pullPolicy: IfNotPresent - env: - - name: LOG_LEVEL - value: info - - name: LOG_HTML - value: false - - name: CAPTCHA_SOLVER - value: none - - name: TZ - value: America/Chicago - resources: - requests: - cpu: 10m - memory: 128Mi - apprise-api: - image: - repository: caronc/apprise - tag: 1.2.6 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: APPRISE_STORAGE_MODE - value: memory - - name: APPRISE_STATEFUL_MODE - value: disabled - - name: APPRISE_WORKER_COUNT - value: 1 - - name: APPRISE_STATELESS_URLS - valueFrom: - secretKeyRef: - name: ephemera-apprise-config - key: ntfy-url - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 8286 - protocol: HTTP - persistence: - config: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - main: - - path: /app/data - readOnly: false - cache: - type: emptyDir - advancedMounts: - main: - main: - - path: /app/downloads - readOnly: false - ingest: - existingClaim: ephemera-import-nfs-storage - advancedMounts: - main: - main: - - path: /app/ingest - readOnly: false diff --git a/clusters/cl01tl/applications/freshrss/Chart.yaml b/clusters/cl01tl/applications/freshrss/Chart.yaml deleted file mode 100644 index 8cfa7feab..000000000 --- a/clusters/cl01tl/applications/freshrss/Chart.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: v2 -name: freshrss -version: 1.0.0 -description: FreshRSS -keywords: - - freshrss - - rss -home: https://wiki.alexlebens.dev/s/251cb7cb-2797-4bbb-8597-32757aa96391 -sources: - - https://github.com/FreshRSS/FreshRSS - - https://github.com/cloudflare/cloudflared - - https://github.com/cloudnative-pg/cloudnative-pg - - https://hub.docker.com/r/freshrss/freshrss - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: freshrss - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: cloudflared - alias: cloudflared - repository: oci://harbor.alexlebens.net/helm-charts - version: 1.23.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/freshrss.png -appVersion: 1.26.2 diff --git a/clusters/cl01tl/applications/freshrss/templates/external-secret.yaml b/clusters/cl01tl/applications/freshrss/templates/external-secret.yaml deleted file mode 100644 index c604c9e81..000000000 --- a/clusters/cl01tl/applications/freshrss/templates/external-secret.yaml +++ /dev/null @@ -1,219 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: freshrss-install-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: freshrss-install-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ADMIN_EMAIL - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/freshrss/config - metadataPolicy: None - property: ADMIN_EMAIL - - secretKey: ADMIN_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/freshrss/config - metadataPolicy: None - property: ADMIN_PASSWORD - - secretKey: ADMIN_API_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/freshrss/config - metadataPolicy: None - property: ADMIN_API_PASSWORD - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: freshrss-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: freshrss-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: OIDC_CLIENT_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/freshrss - metadataPolicy: None - property: client - - secretKey: OIDC_CLIENT_SECRET - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/freshrss - metadataPolicy: None - property: secret - - secretKey: OIDC_CLIENT_CRYPTO_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/freshrss - metadataPolicy: None - property: crypto-key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: freshrss-cloudflared-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: freshrss-cloudflared-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/freshrss - metadataPolicy: None - property: token - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: freshrss-data-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: freshrss-data-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/freshrss/freshrss-data" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: freshrss-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: freshrss-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: freshrss-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: freshrss-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/applications/freshrss/templates/replication-source.yaml b/clusters/cl01tl/applications/freshrss/templates/replication-source.yaml deleted file mode 100644 index 0b0e03a62..000000000 --- a/clusters/cl01tl/applications/freshrss/templates/replication-source.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: freshrss-data-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: freshrss-data-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: freshrss-data - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: freshrss-data-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - moverSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - fsGroupChangePolicy: OnRootMismatch - supplementalGroups: - - 44 - - 100 - - 109 - - 65539 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/freshrss/values.yaml b/clusters/cl01tl/applications/freshrss/values.yaml deleted file mode 100644 index c328f13ec..000000000 --- a/clusters/cl01tl/applications/freshrss/values.yaml +++ /dev/null @@ -1,251 +0,0 @@ -freshrss: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - initContainers: - init-download-extension-1: - securityContext: - runAsUser: 0 - image: - repository: alpine - tag: 3.22.2 - pullPolicy: IfNotPresent - command: - - /bin/sh - - -ec - - | - apk add --no-cache git; - cd /tmp; - git clone -n --depth=1 --filter=tree:0 https://github.com/cn-tools/cntools_FreshRssExtensions.git; - cd cntools_FreshRssExtensions; - git sparse-checkout set --no-cone /xExtension-YouTubeChannel2RssFeed; - git checkout; - rm -rf /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed - cp -r xExtension-YouTubeChannel2RssFeed /var/www/FreshRSS/extensions - chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed - resources: - requests: - cpu: 10m - memory: 128Mi - init-download-extension-2: - securityContext: - runAsUser: 0 - image: - repository: alpine - tag: 3.22.2 - pullPolicy: IfNotPresent - command: - - /bin/sh - - -ec - - | - apk add --no-cache git; - cd /tmp; - git clone -n --depth=1 --filter=tree:0 https://github.com/FreshRSS/Extensions.git; - cd Extensions; - git sparse-checkout set --no-cone /xExtension-ImageProxy; - git checkout; - rm -rf /var/www/FreshRSS/extensions/xExtension-ImageProxy - cp -r xExtension-ImageProxy /var/www/FreshRSS/extensions - chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-ImageProxy - resources: - requests: - cpu: 10m - memory: 128Mi - init-download-extension-3: - securityContext: - runAsUser: 0 - image: - repository: alpine - tag: 3.22.2 - pullPolicy: IfNotPresent - command: - - /bin/sh - - -ec - - | - cd /tmp; - wget https://github.com/zimmra/xExtension-karakeep-button/archive/refs/tags/v1.1.tar.gz; - tar -xvzf *.tar.gz; - rm -rf /var/www/FreshRSS/extensions/xExtension-karakeep-button - mkdir /var/www/FreshRSS/extensions/xExtension-karakeep-button - cp -r /tmp/xExtension-karakeep-button-*/* /var/www/FreshRSS/extensions/xExtension-karakeep-button - chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-karakeep-button - resources: - requests: - cpu: 10m - memory: 128Mi - containers: - main: - image: - repository: freshrss/freshrss - tag: 1.27.1 - pullPolicy: IfNotPresent - env: - - name: PGID - value: "568" - - name: PUID - value: "568" - - name: TZ - value: US/Central - - name: FRESHRSS_ENV - value: production - - name: CRON_MIN - value: 13,43 - - name: BASE_URL - value: https://rss.alexlebens.dev - - name: DB_HOST - valueFrom: - secretKeyRef: - name: freshrss-postgresql-17-cluster-app - key: host - - name: DB_BASE - valueFrom: - secretKeyRef: - name: freshrss-postgresql-17-cluster-app - key: dbname - - name: DB_USER - valueFrom: - secretKeyRef: - name: freshrss-postgresql-17-cluster-app - key: user - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: freshrss-postgresql-17-cluster-app - key: password - - name: FRESHRSS_INSTALL - value: | - --api-enabled - --base-url $(BASE_URL) - --db-base $(DB_BASE) - --db-host $(DB_HOST) - --db-password $(DB_PASSWORD) - --db-type pgsql - --db-user $(DB_USER) - --auth-type http_auth - --default-user admin - --language en - - name: FRESHRSS_USER - value: | - --api-password $(ADMIN_API_PASSWORD) - --email $(ADMIN_EMAIL) - --language en - --password $(ADMIN_PASSWORD) - --user admin - - name: OIDC_ENABLED - value: 1 - - name: OIDC_PROVIDER_METADATA_URL - value: https://auth.alexlebens.dev/application/o/freshrss/.well-known/openid-configuration - - name: OIDC_X_FORWARDED_HEADERS - value: X-Forwarded-Port X-Forwarded-Proto X-Forwarded-Host - - name: OIDC_SCOPES - value: openid email profile - - name: OIDC_REMOTE_USER_CLAIM - value: preferred_username - envFrom: - - secretRef: - name: freshrss-oidc-secret - - secretRef: - name: freshrss-install-secret - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 80 - protocol: HTTP - persistence: - data: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - main: - - path: /var/www/FreshRSS/data - readOnly: false - extensions: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 1Gi - retain: true - advancedMounts: - main: - init-download-extension-1: - - path: /var/www/FreshRSS/extensions - readOnly: false - init-download-extension-2: - - path: /var/www/FreshRSS/extensions - readOnly: false - init-download-extension-3: - - path: /var/www/FreshRSS/extensions - readOnly: false - main: - - path: /var/www/FreshRSS/extensions - readOnly: false -cloudflared: - existingSecretName: freshrss-cloudflared-secret -postgres-17-cluster: - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/freshrss/freshrss-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: freshrss-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/freshrss/freshrss-postgresql-17-cluster - index: 1 - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/freshrss/freshrss-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: freshrss-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/freshrss/freshrss-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: freshrss-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 2 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/applications/home-assistant/Chart.yaml b/clusters/cl01tl/applications/home-assistant/Chart.yaml deleted file mode 100644 index e31b127db..000000000 --- a/clusters/cl01tl/applications/home-assistant/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v2 -name: home-assistant -version: 1.0.0 -description: Home Assistant -keywords: - - home-assistant - - home - - automation -home: https://wiki.alexlebens.dev/s/5462c17e-cd39-4082-ad01-94545a2fa3ca -sources: - - https://www.home-assistant.io/ - - https://github.com/home-assistant/core - - https://github.com/home-assistant/core/pkgs/container/home-assistant - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: home-assistant - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/home-assistant.png -appVersion: 2025.5.2 diff --git a/clusters/cl01tl/applications/home-assistant/templates/external-secret.yaml b/clusters/cl01tl/applications/home-assistant/templates/external-secret.yaml deleted file mode 100644 index 8831bf961..000000000 --- a/clusters/cl01tl/applications/home-assistant/templates/external-secret.yaml +++ /dev/null @@ -1,51 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: home-assistant-code-server-password-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: home-assistant-code-server-password-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/home-assistant/code-server/auth - metadataPolicy: None - property: PASSWORD - - secretKey: SUDO_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/home-assistant/code-server/auth - metadataPolicy: None - property: SUDO_PASSWORD - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: home-assistant-token-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: home-assistant-token-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: bearer-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/home-assistant/auth - metadataPolicy: None - property: bearer-token diff --git a/clusters/cl01tl/applications/home-assistant/templates/http-route.yaml b/clusters/cl01tl/applications/home-assistant/templates/http-route.yaml deleted file mode 100644 index 3c74c7c72..000000000 --- a/clusters/cl01tl/applications/home-assistant/templates/http-route.yaml +++ /dev/null @@ -1,58 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-home-assistant - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-home-assistant - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - home-assistant.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: home-assistant-main - port: 80 - weight: 100 - ---- -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-home-assistant-code-server - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-home-assistant-code-server - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - home-assistant-code-server.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: home-assistant-code-server - port: 8443 - weight: 100 diff --git a/clusters/cl01tl/applications/home-assistant/templates/service-monitor.yaml b/clusters/cl01tl/applications/home-assistant/templates/service-monitor.yaml deleted file mode 100644 index fa644fab1..000000000 --- a/clusters/cl01tl/applications/home-assistant/templates/service-monitor.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: home-assistant - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: home-assistant - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: home-assistant - app.kubernetes.io/service: home-assistant-main - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: http - interval: 3m - scrapeTimeout: 1m - path: /api/prometheus - bearerTokenSecret: - name: home-assistant-token-secret - key: bearer-token diff --git a/clusters/cl01tl/applications/home-assistant/values.yaml b/clusters/cl01tl/applications/home-assistant/values.yaml deleted file mode 100644 index 8e49734a4..000000000 --- a/clusters/cl01tl/applications/home-assistant/values.yaml +++ /dev/null @@ -1,70 +0,0 @@ -home-assistant: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/home-assistant/home-assistant - tag: 2025.11.3 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - resources: - requests: - cpu: 50m - memory: 512Mi - code-server: - image: - repository: ghcr.io/linuxserver/code-server - tag: 4.106.2@sha256:a98afdbcb59559f11e5e8df284062e55da1076b2e470e13db4aae133ea82bad0 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - - name: DEFAULT_WORKSPACE - value: /config - envFrom: - - secretRef: - name: home-assistant-code-server-password-secret - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 8123 - protocol: TCP - code-server: - controller: main - ports: - http: - port: 8443 - targetPort: 8443 - protocol: HTTP - persistence: - config: - forceRename: home-assistant-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - advancedMounts: - main: - main: - - path: /config - readOnly: false - code-server: - - path: /config/home-assistant - readOnly: false diff --git a/clusters/cl01tl/applications/homepage-dev/Chart.yaml b/clusters/cl01tl/applications/homepage-dev/Chart.yaml deleted file mode 100644 index 4b115d15b..000000000 --- a/clusters/cl01tl/applications/homepage-dev/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v2 -name: homepage -version: 1.0.0 -description: Homepage -keywords: - - homepage - - dashboard -home: https://wiki.alexlebens.dev/s/a5fabd91-3d89-4e2b-9417-06111aedaeaa -sources: - - https://github.com/gethomepage/homepage - - https://github.com/cloudflare/cloudflared - - https://github.com/gethomepage/homepage/pkgs/container/homepage - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: homepage - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: cloudflared - alias: cloudflared - repository: oci://harbor.alexlebens.net/helm-charts - version: 1.23.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/homepage.png -appVersion: v1.2.0 diff --git a/clusters/cl01tl/applications/homepage-dev/templates/external-secret.yaml b/clusters/cl01tl/applications/homepage-dev/templates/external-secret.yaml deleted file mode 100644 index d0292e50a..000000000 --- a/clusters/cl01tl/applications/homepage-dev/templates/external-secret.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: homepage-dev-cloudflared-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: homepage-dev-cloudflared-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/homepage-dev - metadataPolicy: None - property: token diff --git a/clusters/cl01tl/applications/homepage-dev/values.yaml b/clusters/cl01tl/applications/homepage-dev/values.yaml deleted file mode 100644 index 75dcc2964..000000000 --- a/clusters/cl01tl/applications/homepage-dev/values.yaml +++ /dev/null @@ -1,167 +0,0 @@ -homepage: - global: - nameOverride: homepage - controllers: - main: - type: deployment - annotations: - reloader.stakater.com/auto: "true" - strategy: Recreate - containers: - main: - image: - repository: ghcr.io/gethomepage/homepage - tag: v1.7.0 - pullPolicy: IfNotPresent - env: - - name: HOMEPAGE_ALLOWED_HOSTS - value: home.alexlebens.dev - resources: - requests: - cpu: 10m - memory: 128Mi - configMaps: - config: - enabled: true - data: - docker.yaml: "" - kubernetes.yaml: "" - settings.yaml: | - favicon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.svg - headerStyle: clean - hideVersion: true - color: zinc - background: - image: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/background.jpg - brightness: 50 - theme: dark - disableCollapse: true - widgets.yaml: | - - logo: - icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.png - - datetime: - text_size: xl - format: - dateStyle: long - timeStyle: short - hour12: false - - openmeteo: - label: St. Paul - latitude: 44.954445 - longitude: -93.091301 - timezone: America/Chicago - units: metric - cache: 5 - format: - maximumFractionDigits: 0 - services.yaml: | - - Applications: - - Auth: - icon: sh-authentik.webp - description: Authentik - href: https://auth.alexlebens.dev - siteMonitor: https://auth.alexlebens.dev - statusStyle: dot - - Gitea: - icon: sh-gitea.webp - description: Gitea - href: https://gitea.alexlebens.dev - siteMonitor: https://gitea.alexlebens.dev - statusStyle: dot - - Code: - icon: sh-visual-studio-code.webp - description: VS Code - href: https://codeserver.alexlebens.dev - siteMonitor: https://codeserver.alexlebens.dev - statusStyle: dot - - Site: - icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.png - description: Profile Website - href: https://www.alexlebens.dev - siteMonitor: https://www.alexlebens.dev - statusStyle: dot - - Content Management: - icon: directus.png - description: Directus - href: https://directus.alexlebens.dev - siteMonitor: https://directus.alexlebens.dev - statusStyle: dot - - Social Media Management: - icon: sh-postiz.webp - description: Postiz - href: https://postiz.alexlebens.dev - siteMonitor: https://postiz.alexlebens.dev - statusStyle: dot - - Chat: - icon: sh-element.webp - description: Matrix - href: https://chat.alexlebens.dev - siteMonitor: https://chat.alexlebens.dev - statusStyle: dot - - Wiki: - icon: sh-outline.webp - description: Outline - href: https://wiki.alexlebens.dev - siteMonitor: https://wiki.alexlebens.dev - statusStyle: dot - - Passwords: - icon: sh-vaultwarden-light.webp - description: Vaultwarden - href: https://passwords.alexlebens.dev - siteMonitor: https://passwords.alexlebens.dev - statusStyle: dot - - Bookmarks: - icon: sh-karakeep-light.webp - description: Karakeep - href: https://karakeep.alexlebens.dev - siteMonitor: https://karakeep.alexlebens.dev - statusStyle: dot - - RSS: - icon: sh-freshrss.webp - description: FreshRSS - href: https://rss.alexlebens.dev - siteMonitor: https://rss.alexlebens.dev - statusStyle: dot - bookmarks.yaml: "" - service: - http: - controller: main - ports: - http: - port: 80 - targetPort: 3000 - protocol: HTTP - persistence: - config: - enabled: true - type: configMap - name: homepage-dev - advancedMounts: - main: - main: - - path: /app/config/bookmarks.yaml - readOnly: true - mountPropagation: None - subPath: bookmarks.yaml - - path: /app/config/docker.yaml - readOnly: true - mountPropagation: None - subPath: docker.yaml - - path: /app/config/kubernetes.yaml - readOnly: true - mountPropagation: None - subPath: kubernetes.yaml - - path: /app/config/services.yaml - readOnly: true - mountPropagation: None - subPath: services.yaml - - path: /app/config/settings.yaml - readOnly: true - mountPropagation: None - subPath: settings.yaml - - path: /app/config/widgets.yaml - readOnly: true - mountPropagation: None - subPath: widgets.yaml -cloudflared: - existingSecretName: homepage-dev-cloudflared-secret diff --git a/clusters/cl01tl/applications/homepage/Chart.yaml b/clusters/cl01tl/applications/homepage/Chart.yaml deleted file mode 100644 index 13b36a778..000000000 --- a/clusters/cl01tl/applications/homepage/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: homepage -version: 1.0.0 -description: Homepage -keywords: - - homepage - - dashboard -home: https://wiki.alexlebens.dev/s/a5fabd91-3d89-4e2b-9417-06111aedaeaa -sources: - - https://github.com/gethomepage/homepage - - https://github.com/gethomepage/homepage/pkgs/container/homepage - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: homepage - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/homepage.png -appVersion: v1.2.0 diff --git a/clusters/cl01tl/applications/homepage/templates/cluster-role-binding.yaml b/clusters/cl01tl/applications/homepage/templates/cluster-role-binding.yaml deleted file mode 100644 index 224a93bd2..000000000 --- a/clusters/cl01tl/applications/homepage/templates/cluster-role-binding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: homepage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: homepage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: homepage -subjects: - - kind: ServiceAccount - name: homepage - namespace: {{ .Release.Namespace }} diff --git a/clusters/cl01tl/applications/homepage/templates/cluster-role.yaml b/clusters/cl01tl/applications/homepage/templates/cluster-role.yaml deleted file mode 100644 index 3b8b2d256..000000000 --- a/clusters/cl01tl/applications/homepage/templates/cluster-role.yaml +++ /dev/null @@ -1,50 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: homepage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: homepage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -rules: - - apiGroups: - - "" - resources: - - namespaces - - pods - - nodes - verbs: - - get - - list - - apiGroups: - - extensions - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - apiGroups: - - traefik.io - resources: - - ingressroutes - verbs: - - get - - list - - apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes - - gateways - verbs: - - get - - list - - apiGroups: - - metrics.k8s.io - resources: - - nodes - - pods - verbs: - - get - - list diff --git a/clusters/cl01tl/applications/homepage/templates/external-secret.yaml b/clusters/cl01tl/applications/homepage/templates/external-secret.yaml deleted file mode 100644 index dd79ecc3e..000000000 --- a/clusters/cl01tl/applications/homepage/templates/external-secret.yaml +++ /dev/null @@ -1,105 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: homepage-keys-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: homepage-keys-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: HOMEPAGE_VAR_SYNOLOGY_USER - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /synology/auth/cl01tl - metadataPolicy: None - property: user - - secretKey: HOMEPAGE_VAR_SYNOLOGY_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /synology/auth/cl01tl - metadataPolicy: None - property: password - - secretKey: HOMEPAGE_VAR_UNIFI_USER - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /unifi/auth/cl01tl - metadataPolicy: None - property: user - - secretKey: HOMEPAGE_VAR_UNIFI_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /unifi/auth/cl01tl - metadataPolicy: None - property: password - - secretKey: HOMEPAGE_VAR_SONARR_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/sonarr4/key - metadataPolicy: None - property: key - - secretKey: HOMEPAGE_VAR_SONARR4K_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/sonarr4-4k/key - metadataPolicy: None - property: key - - secretKey: HOMEPAGE_VAR_SONARRANIME_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/sonarr4-anime/key - metadataPolicy: None - property: key - - secretKey: HOMEPAGE_VAR_RADARR_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/radarr5/key - metadataPolicy: None - property: key - - secretKey: HOMEPAGE_VAR_RADARR4K_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/radarr5-4k/key - metadataPolicy: None - property: key - - secretKey: HOMEPAGE_VAR_RADARRANIME_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/radarr5-anime/key - metadataPolicy: None - property: key - - secretKey: HOMEPAGE_VAR_RADARRSTANDUP_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/radarr5-standup/key - metadataPolicy: None - property: key - - secretKey: HOMEPAGE_VAR_LIDARR_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/lidarr2/key - metadataPolicy: None - property: key - - secretKey: HOMEPAGE_VAR_PROWLARR_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/prowlarr/key - metadataPolicy: None - property: key diff --git a/clusters/cl01tl/applications/homepage/templates/http-route.yaml b/clusters/cl01tl/applications/homepage/templates/http-route.yaml deleted file mode 100644 index f3ccd33e2..000000000 --- a/clusters/cl01tl/applications/homepage/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-homepage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-homepage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - home.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: homepage - port: 80 - weight: 100 diff --git a/clusters/cl01tl/applications/homepage/templates/service.yaml b/clusters/cl01tl/applications/homepage/templates/service.yaml deleted file mode 100644 index 43fe2e1d9..000000000 --- a/clusters/cl01tl/applications/homepage/templates/service.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: gitea-ps10rp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-ps10rp - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - annotations: - tailscale.com/tailnet-fqdn: gitea-ps10rp.boreal-beaufort.ts.net -spec: - externalName: placeholder - type: ExternalName - ---- -apiVersion: v1 -kind: Service -metadata: - name: home-ps10rp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: home-ps10rp - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - annotations: - tailscale.com/tailnet-fqdn: home-ps10rp.boreal-beaufort.ts.net -spec: - externalName: placeholder - type: ExternalName - ---- -apiVersion: v1 -kind: Service -metadata: - name: garage-ui-ps10rp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: garage-ps10rp - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - annotations: - tailscale.com/tailnet-fqdn: garage-ui-ps10rp.boreal-beaufort.ts.net -spec: - externalName: placeholder - type: ExternalName diff --git a/clusters/cl01tl/applications/homepage/values.yaml b/clusters/cl01tl/applications/homepage/values.yaml deleted file mode 100644 index 090c6be04..000000000 --- a/clusters/cl01tl/applications/homepage/values.yaml +++ /dev/null @@ -1,795 +0,0 @@ -homepage: - global: - nameOverride: homepage - controllers: - main: - type: deployment - annotations: - reloader.stakater.com/auto: "true" - strategy: Recreate - serviceAccount: - name: homepage - pod: - automountServiceAccountToken: true - containers: - main: - image: - repository: ghcr.io/gethomepage/homepage - tag: v1.7.0 - pullPolicy: IfNotPresent - env: - - name: HOMEPAGE_ALLOWED_HOSTS - value: home.alexlebens.net - envFrom: - - secretRef: - name: homepage-keys-secret - resources: - requests: - cpu: 10m - memory: 256Mi - serviceAccount: - homepage: - enabled: true - staticToken: true - configMaps: - config: - enabled: true - data: - docker.yaml: "" - kubernetes.yaml: | - mode: cluster - settings.yaml: | - favicon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.svg - headerStyle: clean - hideVersion: true - color: zinc - background: - image: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/background.jpg - brightness: 50 - theme: dark - disableCollapse: true - layout: - - Media: - tab: Applications - icon: mdi-multimedia-#ffffff - - Public: - tab: Applications - icon: mdi-earth-#ffffff - - Internal: - tab: Applications - icon: mdi-security-network-#ffffff - - Code: - tab: Tools - icon: mdi-code-block-braces-#ffffff - - Automation: - tab: Tools - icon: mdi-wrench-#ffffff - - Monitoring: - tab: Tools - icon: mdi-chart-line-#ffffff - - Services: - tab: Services - icon: mdi-toolbox-outline-#ffffff - - Hardware: - tab: Services - icon: mdi-server-network-#ffffff - - Storage: - tab: Services - icon: mdi-database-#ffffff - - Content: - tab: Services - icon: mdi-multimedia-#ffffff - - TV Shows: - tab: Content - icon: mdi-television-#ffffff - - Movies: - tab: Content - icon: mdi-filmstrip-#ffffff - - Music: - tab: Content - icon: mdi-music-box-multiple-#ffffff - - Books: - tab: Content - icon: mdi-book-open-variant-#ffffff - - External Services: - tab: Bookmarks - icon: mdi-cloud-#ffffff - - Other Homes: - tab: Bookmarks - icon: mdi-cloud-#ffffff - - Trackers: - tab: Bookmarks - icon: mdi-cloud-#ffffff - widgets.yaml: | - - logo: - icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.png - - kubernetes: - cluster: - show: true - cpu: true - memory: true - showLabel: false - label: "Cluster" - nodes: - show: false - - datetime: - text_size: xl - format: - dateStyle: long - timeStyle: short - hour12: false - - openmeteo: - label: St. Paul - latitude: 44.954445 - longitude: -93.091301 - timezone: America/Chicago - units: metric - cache: 5 - format: - maximumFractionDigits: 0 - services.yaml: | - - Media: - - Plex: - icon: sh-plex.webp - description: Media server - href: https://plex.alexlebens.net - siteMonitor: http://plex.plex:32400 - statusStyle: dot - - Jellyfin: - icon: sh-jellyfin.webp - description: Media server - href: https://jellyfin.alexlebens.net - siteMonitor: http://jellyfin.jellyfin:80 - statusStyle: dot - - Media Requests: - icon: sh-overseerr.webp - description: Overseer - href: https://overseerr.alexlebens.net - siteMonitor: http://overseerr.overseerr:80 - statusStyle: dot - - Media Tracking: - icon: sh-yamtrack.webp - description: Yamtrack - href: https://yamtrack.alexlebens.net - siteMonitor: http://yamtrack.yamtrack:80 - statusStyle: dot - - Youtube Archive: - icon: sh-tube-archivist-light.webp - description: TubeAchivist - href: https://tubearchivist.alexlebens.net/login - siteMonitor: http://tubearchivist.tubearchivist:80 - statusStyle: dot - - Photos: - icon: sh-immich.webp - description: Immich - href: https://immich.alexlebens.net - siteMonitor: http://immich-main.immich:2283 - statusStyle: dot - - Pictures: - icon: sh-photoview.webp - description: Photoview - href: https://photoview.alexlebens.net - siteMonitor: http://photoview.photoview:80 - statusStyle: dot - - Podcasts and Audiobooks: - icon: sh-audiobookshelf.webp - description: Audiobookshelf - href: https://audiobookshelf.alexlebens.net - siteMonitor: http://audiobookshelf.audiobookshelf:80 - statusStyle: dot - - Books: - icon: sh-booklore.webp - description: Booklore - href: https://booklore.alexlebens.net - siteMonitor: http://booklore.booklore:80 - statusStyle: dot - - Public: - - Site: - icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.png - description: Profile Website - href: https://www.alexlebens.dev - siteMonitor: https://www.alexlebens.dev - statusStyle: dot - - Content Management: - icon: directus.png - description: Directus - href: https://directus.alexlebens.dev - siteMonitor: https://directus.alexlebens.dev - statusStyle: dot - - Social Media Management: - icon: sh-postiz.webp - description: Postiz - href: https://postiz.alexlebens.dev - siteMonitor: https://postiz.alexlebens.dev - statusStyle: dot - - Chat: - icon: sh-element.webp - description: Matrix - href: https://chat.alexlebens.dev - siteMonitor: https://chat.alexlebens.dev - statusStyle: dot - - Wiki: - icon: sh-outline.webp - description: Outline - href: https://wiki.alexlebens.dev - siteMonitor: https://wiki.alexlebens.dev - statusStyle: dot - - Passwords: - icon: sh-vaultwarden-light.webp - description: Vaultwarden - href: https://passwords.alexlebens.dev - siteMonitor: https://passwords.alexlebens.dev - statusStyle: dot - - Bookmarks: - icon: sh-karakeep-light.webp - description: Karakeep - href: https://karakeep.alexlebens.dev - siteMonitor: https://karakeep.alexlebens.dev - statusStyle: dot - - RSS: - icon: sh-freshrss.webp - description: FreshRSS - href: https://rss.alexlebens.dev - siteMonitor: https://rss.alexlebens.dev - statusStyle: dot - - Internal: - - Home Automation: - icon: sh-home-assistant.webp - description: Home Assistant - href: https://home-assistant.alexlebens.net - siteMonitor: http://home-assistant-main.home-assistant:80 - statusStyle: dot - - Budgeting: - icon: sh-actual-budget.webp - description: Actual - href: https://actual.alexlebens.net - siteMonitor: http://actual.actual:80 - statusStyle: dot - - AI: - icon: sh-ollama.webp - description: Ollama - href: https://ollama.alexlebens.net - siteMonitor: http://ollama-web.ollama:80 - statusStyle: dot - - AI Image: - icon: https://user-images.githubusercontent.com/36368048/196280761-1535f413-a91e-4b6a-af6a-b890f8ae204c.png - description: Stable Diffusion - href: https://stable-diffusion-pd05wd.boreal-beaufort.ts.net - siteMonitor: https://stable-diffusion-pd05wd.boreal-beaufort.ts.net - statusStyle: dot - - Search: - icon: sh-searxng.webp - description: Searxng - href: https://searxng.alexlebens.net/ - siteMonitor: http://searxng-browser.searxng:80 - statusStyle: dot - - Email: - icon: sh-roundcube.webp - description: Roundcube - href: https://mail.alexlebens.net - siteMonitor: http://roundcube.roundcube:80 - statusStyle: dot - - Wiki: - icon: sh-kiwix-light.webp - description: Kiwix - href: https://kiwix.alexlebens.net - siteMonitor: http://kiwix.kiwix:80 - statusStyle: dot - - Code: - - Code (Public): - icon: sh-gitea.webp - description: Gitea - href: https://gitea.alexlebens.dev - siteMonitor: https://gitea.alexlebens.dev - statusStyle: dot - - Code (Local): - icon: sh-gitea.webp - description: Gitea - href: https://gitea.alexlebens.net - siteMonitor: https://gitea.alexlebens.net - statusStyle: dot - - Code (ps10rp): - icon: sh-gitea.webp - description: Gitea - href: https://gitea-ps10rp.boreal-beaufort.ts.net - siteMonitor: https://gitea-ps10rp.boreal-beaufort.ts.net - statusStyle: dot - - IDE (Public): - icon: sh-visual-studio-code.webp - description: VS Code - href: https://codeserver.alexlebens.dev - siteMonitor: https://codeserver.alexlebens.dev - statusStyle: dot - - IDE (Home Assistant): - icon: sh-visual-studio-code.webp - description: Edit config for Home Assistant - href: https://home-assistant-code-server.alexlebens.net - siteMonitor: http://home-assistant-code-server.home-assistant:8443 - statusStyle: dot - - Continuous Deployment: - icon: sh-argo-cd.webp - description: ArgoCD - href: https://argocd.alexlebens.net - siteMonitor: http://argocd-server.argocd:80 - statusStyle: dot - - Docker Deployment: - icon: sh-komodo-light.webp - description: Komodo - href: https://komodo.alexlebens.net - siteMonitor: http://komodo-main.komodo:80 - statusStyle: dot - - Automation: - - Deployment Workflows: - icon: sh-argo-cd.webp - description: Argo Workflows - href: https://argo-workflows.alexlebens.net - siteMonitor: http://argo-workflows-server.argo-workflows:2746 - statusStyle: dot - - API Workflows: - icon: sh-n8n.webp - description: n8n - href: https://n8n.alexlebens.net - siteMonitor: http://n8n-main.n8n:80 - statusStyle: dot - - Jobs: - icon: https://raw.githubusercontent.com/mshade/kronic/main/static/android-chrome-192x192.png - description: Kronic - href: https://kronic.alexlebens.net - siteMonitor: http://kronic.kronic:80 - statusStyle: dot - - Uptime: - icon: sh-gatus.webp - description: Gatus - href: https://gatus.alexlebens.net - siteMonitor: http://gatus.gatus:80 - statusStyle: dot - - Tools: - icon: sh-omnitools.webp - description: OmniTools - href: https://omni-tools.alexlebens.net - siteMonitor: http://omni-tools.omni-tools:80 - statusStyle: dot - - Monitoring: - - Kubernetes: - icon: sh-headlamp.webp - description: Headlamp - href: https://headlamp.alexlebens.net - siteMonitor: http://headlamp.headlamp:80 - statusStyle: dot - - Network Monitoring: - icon: sh-cilium.webp - description: Hubble for Cilium - href: https://hubble.alexlebens.net - siteMonitor: http://hubble-ui.kube-system:80 - statusStyle: dot - - Dashboard: - icon: sh-grafana.webp - description: Grafana - href: https://grafana.alexlebens.net - siteMonitor: http://grafana-main-service.grafana-operator:3000/api/health - statusStyle: dot - - Metrics: - icon: sh-prometheus.webp - description: Prometheus - href: https://prometheus.alexlebens.net - siteMonitor: http://kube-prometheus-stack-prometheus.kube-prometheus-stack:9090 - statusStyle: dot - widget: - type: prometheus - url: http://kube-prometheus-stack-prometheus.kube-prometheus-stack:9090 - - Alerting: - icon: sh-prometheus-light.webp - description: Alertmanager - href: https://alertmanager.alexlebens.net - siteMonitor: http://kube-prometheus-stack-alertmanager.kube-prometheus-stack:9093 - statusStyle: dot - widget: - type: prometheusmetric - url: http://kube-prometheus-stack-prometheus.kube-prometheus-stack:9090 - refreshInterval: 120s - metrics: - - label: Alerts Active - query: alertmanager_alerts{state="active"} - - label: Metric Database Size - query: prometheus_tsdb_storage_blocks_bytes - format: - type: bytes - - Tautulli: - icon: sh-tautulli.webp - description: Plex Monitoring - href: https://tautulli.alexlebens.net - siteMonitor: http://tautulli.tautulli:80 - statusStyle: dot - - Jellystat: - icon: sh-jellystat.webp - description: Jellyfin Monitoring - href: https://jellystat.alexlebens.net - siteMonitor: http://jellystat.jellystat:80 - statusStyle: dot - - Services: - - Auth (Public): - icon: sh-authentik.webp - description: Authentik - href: https://auth.alexlebens.dev - siteMonitor: https://auth.alexlebens.dev - statusStyle: dot - - Auth (Local): - icon: sh-authentik.webp - description: Authentik - href: https://authentik.alexlebens.net - siteMonitor: http://authentik-server.authentik:80 - statusStyle: dot - - Email: - icon: sh-stalwart.webp - description: Stalwart - href: https://stalwart.alexlebens.net - siteMonitor: http://stalwart.stalwart:80 - statusStyle: dot - - Notifications: - icon: sh-ntfy.webp - description: ntfy - href: https://ntfy.alexlebens.net - siteMonitor: http://ntfy.ntfy:80 - statusStyle: dot - - Reverse Proxy: - icon: sh-traefik.webp - description: Traefik - href: https://traefik-cl01tl.alexlebens.net/dashboard/#/ - siteMonitor: https://traefik-cl01tl.alexlebens.net/dashboard/#/ - statusStyle: dot - widget: - type: traefik - url: https://traefik-cl01tl.alexlebens.net - - Image Cache: - icon: sh-harbor.webp - description: Harbor - href: https://harbor.alexlebens.net - siteMonitor: http://harbor-portal.harbor:80 - statusStyle: dot - - Hardware: - - Network Management (alexlebens.net): - icon: sh-ubiquiti-unifi.webp - description: Unifi - href: https://unifi.alexlebens.net - siteMonitor: https://unifi.alexlebens.net - statusStyle: dot - - Network Attached Storage: - icon: sh-synology-light.webp - description: Synology - href: https://synology.alexlebens.net - siteMonitor: https://synology.alexlebens.net - statusStyle: dot - widget: - type: diskstation - url: https://synology.alexlebens.net - username: {{ "{{HOMEPAGE_VAR_SYNOLOGY_USER}}" }} - password: {{ "{{HOMEPAGE_VAR_SYNOLOGY_PASSWORD}}" }} - volume: volume_2 - - TV Tuner: - icon: sh-hdhomerun.webp - description: HD Homerun - href: http://hdhr.alexlebens.net - siteMonitor: http://hdhr.alexlebens.net - statusStyle: dot - widget: - type: hdhomerun - url: http://hdhr.alexlebens.net - tuner: 0 - fields: ["channels", "hd"] - - KVM: - icon: sh-pikvm-light.webp - description: Pi KVM - href: https://pikvm.alexlebens.net - siteMonitor: https://pikvm.alexlebens.net - statusStyle: dot - - Server Plug: - icon: sh-shelly.webp - description: Shelly - href: http://it05sp.alexlebens.net - siteMonitor: http://it05sp.alexlebens.net - statusStyle: dot - - Storage: - - Cluster Storage: - icon: sh-ceph.webp - description: Ceph - href: https://ceph.alexlebens.net - siteMonitor: http://rook-ceph-mgr-dashboard.rook-ceph:7000 - statusStyle: dot - - Object Storage (NAS): - icon: sh-garage.webp - description: Garage - href: https://garage-webui.alexlebens.net - siteMonitor: http://garage-webui.garage:3909 - statusStyle: dot - - Object Storage (ps10rp): - icon: sh-garage.webp - description: Garage - href: https://garage-ui-ps10rp.boreal-beaufort.ts.net - siteMonitor: https://garage-ui-ps10rp.boreal-beaufort.ts.net - statusStyle: dot - - Database: - icon: sh-pgadmin-light.webp - description: PGAdmin - href: https://pgadmin.alexlebens.net - siteMonitor: http://pgadmin.pgadmin:80 - statusStyle: dot - - Database: - icon: sh-whodb.webp - description: WhoDB - href: https://whodb.alexlebens.net - siteMonitor: http://whodb.whodb:80 - statusStyle: dot - - Secrets: - icon: sh-hashicorp-vault.webp - description: Vault - href: https://vault.alexlebens.net - siteMonitor: http://vault.vault:8200 - statusStyle: dot - - Backups: - icon: sh-backrest-light.webp - description: Backrest - href: https://backrest.alexlebens.net - siteMonitor: http://backrest.backrest:80 - statusStyle: dot - - Content: - - qUI: - icon: https://raw.githubusercontent.com/autobrr/qui/8487c818886df9abb2b1456f43b54e0ba180a2bd/web/public/icons.svg - description: qbitorrent - href: https://qui.alexlebens.net - siteMonitor: http://qbittorrent-qui.qbittorrent:80 - statusStyle: dot - widget: - type: qbittorrent - url: http://qbittorrent.qbittorrent:8080 - enableLeechProgress: true - - Prowlarr: - icon: sh-prowlarr.webp - description: Indexers - href: https://prowlarr.alexlebens.net - siteMonitor: http://prowlarr.prowlarr:80 - statusStyle: dot - - Huntarr: - icon: https://raw.githubusercontent.com/plexguide/Huntarr.io/main/frontend/static/logo/128.png - description: Content upgrader - href: https://huntarr.alexlebens.net - siteMonitor: http://huntarr.huntarr:80 - statusStyle: dot - - Bazarr: - icon: sh-bazarr.webp - description: Subtitles - href: https://bazarr.alexlebens.net - siteMonitor: http://bazarr.bazarr:80 - statusStyle: dot - - Tdarr: - icon: sh-tdarr.webp - description: Media transcoding and health checks - href: https://tdarr.alexlebens.net - siteMonitor: http://tdarr-web.tdarr:8265 - statusStyle: dot - widget: - type: tdarr - url: http://tdarr-web.tdarr:8265 - - TV Shows: - - Sonarr: - icon: sh-sonarr.webp - description: TV Shows - href: https://sonarr.alexlebens.net - siteMonitor: http://sonarr.sonarr:80 - statusStyle: dot - widget: - type: sonarr - url: http://sonarr.sonarr:80 - key: {{ "{{HOMEPAGE_VAR_SONARR_KEY}}" }} - fields: ["wanted", "queued", "series"] - enableQueue: false - - Sonarr 4K: - icon: sh-sonarr.webp - description: TV Shows 4K - href: https://sonarr-4k.alexlebens.net - siteMonitor: http://sonarr-4k.sonarr-4k:80 - statusStyle: dot - widget: - type: sonarr - url: http://sonarr-4k.sonarr-4k:80 - key: {{ "{{HOMEPAGE_VAR_SONARR4K_KEY}}" }} - fields: ["wanted", "queued", "series"] - enableQueue: false - - Sonarr Anime: - icon: sh-sonarr.webp - description: Anime Shows - href: https://sonarr-anime.alexlebens.net - siteMonitor: http://sonarr-anime.sonarr-anime:80 - statusStyle: dot - widget: - type: sonarr - url: http://sonarr-anime.sonarr-anime:80 - key: {{ "{{HOMEPAGE_VAR_SONARRANIME_KEY}}" }} - fields: ["wanted", "queued", "series"] - enableQueue: false - - Movies: - - Radarr: - icon: sh-radarr.webp - description: Movies - href: https://radarr.alexlebens.net - siteMonitor: http://radarr.radarr:80 - statusStyle: dot - widget: - type: radarr - url: http://radarr.radarr:80 - key: {{ "{{HOMEPAGE_VAR_RADARR_KEY}}" }} - fields: ["wanted", "queued", "movies"] - enableQueue: false - - Radarr 4K: - icon: sh-radarr-4k.webp - description: Movies 4K - href: https://radarr-4k.alexlebens.net - siteMonitor: http://radarr-4k.radarr-4k:80 - statusStyle: dot - widget: - type: radarr - url: http://radarr-4k.radarr-4k:80 - key: {{ "{{HOMEPAGE_VAR_RADARR4K_KEY}}" }} - fields: ["wanted", "queued", "movies"] - enableQueue: false - - Radarr Anime: - icon: sh-radarr-anime.webp - description: Anime Movies - href: https://radarr-anime.alexlebens.net - siteMonitor: http://radarr-anime.radarr-anime:80 - statusStyle: dot - widget: - type: radarr - url: http://radarr-anime.radarr-anime:80 - key: {{ "{{HOMEPAGE_VAR_RADARRANIME_KEY}}" }} - fields: ["wanted", "queued", "movies"] - enableQueue: false - - Radarr Stand Up: - icon: sh-radarr-light-hybrid.webp - description: Stand Up - href: https://radarr-standup.alexlebens.net - siteMonitor: http://radarr-standup.radarr-standup:80 - statusStyle: dot - widget: - type: radarr - url: http://radarr-standup.radarr-standup:80 - key: {{ "{{HOMEPAGE_VAR_RADARRSTANDUP_KEY}}" }} - fields: ["wanted", "queued", "movies"] - enableQueue: false - - Music: - - Lidarr: - icon: sh-lidarr.webp - description: Music - href: https://lidarr.alexlebens.net - siteMonitor: http://lidarr.lidarr:80 - statusStyle: dot - widget: - type: lidarr - url: http://lidarr.lidarr:80 - key: {{ "{{HOMEPAGE_VAR_LIDARR_KEY}}" }} - fields: ["wanted", "queued", "artists"] - - LidaTube: - icon: sh-lidatube.webp - description: Searches for Music - href: https://lidatube.alexlebens.net - siteMonitor: http://lidatube.lidatube:80 - statusStyle: dot - - Soulseek: - icon: sh-slskd.webp - description: slskd - href: https://slskd.alexlebens.net - siteMonitor: http://slskd.slskd:5030 - statusStyle: dot - - Books: - - Ephemera: - icon: sh-ephemera.webp - description: Books - href: https://ephemera.alexlebens.net - siteMonitor: http://ephemera.ephemera:80 - statusStyle: dot - - Listenarr: - icon: sh-audiobookrequest.webp - description: Audiobooks - href: https://listenarr.alexlebens.net - siteMonitor: http://listenarr.listenarr:80 - statusStyle: dot - - Other Homes: - - Dev: - icon: sh-homepage.webp - description: Public Homepage - href: https://home.alexlebens.dev - siteMonitor: https://home.alexlebens.dev - statusStyle: dot - - Lebens Home: - icon: sh-homepage.webp - description: Lebens Homepage - href: https://home-ps10rp.boreal-beaufort.ts.net - siteMonitor: https://home-ps10rp.boreal-beaufort.ts.net - statusStyle: dot - bookmarks.yaml: | - - External Services: - - Github: - - abbr: GH - href: https://github.com/alexlebens - - Digital Ocean: - - abbr: DO - href: https://www.digitalocean.com/ - - AWS: - - abbr: AW - href: https://aws.amazon.com/console/ - - Cloudflare: - - abbr: CF - href: https://dash.cloudflare.com/b76e303258b84076ee01fd0f515c0768 - - Tailscale: - - abbr: TS - href: https://login.tailscale.com/admin/machines - - ProtonVPN: - - abbr: PV - href: https://account.protonvpn.com/ - - Unifi: - - abbr: UF - href: https://unifi.ui.com/ - - Pushover: - - abbr: PO - href: https://pushover.net - - ReCaptcha: - - abbr: RC - href: https://www.google.com/recaptcha/admin/site/698983587 - - Trackers: - - Torrentleech: - - abbr: TL - href: https://www.torrentleech.org - - Avistaz: - - abbr: AV - href: https://avistaz.to - - Cinemaz: - - abbr: CM - href: https://cinemaz.to - - Cathode Ray Tube: - - abbr: CRT - href: https://www.cathode-ray.tube - - Alpha Ratio: - - abbr: AL - href: https://alpharatio.cc/ - - MV Group: - - abbr: MV - href: https://forums.mvgroup.org - service: - http: - controller: main - ports: - http: - port: 80 - targetPort: 3000 - protocol: HTTP - persistence: - config: - enabled: true - type: configMap - name: homepage - advancedMounts: - main: - main: - - path: /app/config/bookmarks.yaml - readOnly: true - mountPropagation: None - subPath: bookmarks.yaml - - path: /app/config/docker.yaml - readOnly: true - mountPropagation: None - subPath: docker.yaml - - path: /app/config/kubernetes.yaml - readOnly: true - mountPropagation: None - subPath: kubernetes.yaml - - path: /app/config/services.yaml - readOnly: true - mountPropagation: None - subPath: services.yaml - - path: /app/config/settings.yaml - readOnly: true - mountPropagation: None - subPath: settings.yaml - - path: /app/config/widgets.yaml - readOnly: true - mountPropagation: None - subPath: widgets.yaml diff --git a/clusters/cl01tl/applications/huntarr/Chart.yaml b/clusters/cl01tl/applications/huntarr/Chart.yaml deleted file mode 100644 index f7a5082a7..000000000 --- a/clusters/cl01tl/applications/huntarr/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: huntarr -version: 1.0.0 -description: Huntarr -keywords: - - huntarr - - servarr -home: https://wiki.alexlebens.dev/s/831ca16e-d308-4d7b-9213-f841834c1181 -sources: - - https://github.com/plexguide/Huntarr.io - - https://hub.docker.com/r/huntarr/huntarr - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: huntarr - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/huntarr.png -appVersion: 7.0.0 diff --git a/clusters/cl01tl/applications/huntarr/templates/http-route.yaml b/clusters/cl01tl/applications/huntarr/templates/http-route.yaml deleted file mode 100644 index d2d2df1eb..000000000 --- a/clusters/cl01tl/applications/huntarr/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-huntarr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-huntarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - huntarr.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: huntarr - port: 80 - weight: 100 diff --git a/clusters/cl01tl/applications/huntarr/values.yaml b/clusters/cl01tl/applications/huntarr/values.yaml deleted file mode 100644 index b55d12871..000000000 --- a/clusters/cl01tl/applications/huntarr/values.yaml +++ /dev/null @@ -1,39 +0,0 @@ -huntarr: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/plexguide/huntarr - tag: 8.2.10 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - resources: - requests: - cpu: 100m - memory: 256Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 9705 - protocol: HTTP - persistence: - config: - forceRename: huntarr-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - advancedMounts: - main: - main: - - path: /config - readOnly: false diff --git a/clusters/cl01tl/applications/immich/Chart.yaml b/clusters/cl01tl/applications/immich/Chart.yaml deleted file mode 100644 index cf3a47ccb..000000000 --- a/clusters/cl01tl/applications/immich/Chart.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v2 -name: immich -version: 1.0.0 -description: Immich -keywords: - - immich - - photos -home: https://wiki.alexlebens.dev/s/9377ae08-2041-4b6d-bc2b-61a4f5e8faae -sources: - - https://github.com/immich-app/immich - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: immich - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/immich.png -appVersion: v2.0.1 diff --git a/clusters/cl01tl/applications/immich/templates/external-secrets.yaml b/clusters/cl01tl/applications/immich/templates/external-secrets.yaml deleted file mode 100644 index e400b550b..000000000 --- a/clusters/cl01tl/applications/immich/templates/external-secrets.yaml +++ /dev/null @@ -1,88 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: immich-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: immich-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: immich.json - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/immich/config - metadataPolicy: None - property: immich.json - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: immich-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: immich-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: immich-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: immich-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/applications/immich/templates/http-route.yaml b/clusters/cl01tl/applications/immich/templates/http-route.yaml deleted file mode 100644 index 342481ebb..000000000 --- a/clusters/cl01tl/applications/immich/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-immich - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-immich - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - immich.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: immich-main - port: 2283 - weight: 100 diff --git a/clusters/cl01tl/applications/immich/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/immich/templates/persistent-volume-claim.yaml deleted file mode 100644 index a830f81c3..000000000 --- a/clusters/cl01tl/applications/immich/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: immich-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: immich-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: immich-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/applications/immich/templates/persistent-volume.yaml b/clusters/cl01tl/applications/immich/templates/persistent-volume.yaml deleted file mode 100644 index 489121a70..000000000 --- a/clusters/cl01tl/applications/immich/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: immich-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: immich-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage/Immich - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/applications/immich/templates/redis-replication.yaml b/clusters/cl01tl/applications/immich/templates/redis-replication.yaml deleted file mode 100644 index c72a1a2c9..000000000 --- a/clusters/cl01tl/applications/immich/templates/redis-replication.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: redis-replication-immich - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-immich - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - clusterSize: 3 - podSecurityContext: - runAsUser: 1000 - fsGroup: 1000 - kubernetesConfig: - image: quay.io/opstree/redis:v8.0.3 - imagePullPolicy: IfNotPresent - resources: - requests: - cpu: 50m - memory: 128Mi - storage: - volumeClaimTemplate: - spec: - storageClassName: ceph-block - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 1Gi - redisExporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.48.0 diff --git a/clusters/cl01tl/applications/immich/templates/service-monitor.yaml b/clusters/cl01tl/applications/immich/templates/service-monitor.yaml deleted file mode 100644 index 7eed78e58..000000000 --- a/clusters/cl01tl/applications/immich/templates/service-monitor.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: immich - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: immich - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: immich - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: metrics-api - interval: 3m - scrapeTimeout: 1m - path: /metrics - - port: metrics-ms - interval: 3m - scrapeTimeout: 1m - path: /metrics - ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: redis-replication-immich - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-immich - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - redis-operator: "true" - env: production -spec: - selector: - matchLabels: - redis_setup_type: replication - endpoints: - - port: redis-exporter - interval: 30s - scrapeTimeout: 10s diff --git a/clusters/cl01tl/applications/immich/values.yaml b/clusters/cl01tl/applications/immich/values.yaml deleted file mode 100644 index ed7d330a9..000000000 --- a/clusters/cl01tl/applications/immich/values.yaml +++ /dev/null @@ -1,260 +0,0 @@ -immich: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/immich-app/immich-server - tag: v2.3.1 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: IMMICH_TELEMETRY_INCLUDE - value: all - - name: IMMICH_CONFIG_FILE - value: /config/immich.json - - name: IMMICH_MACHINE_LEARNING_URL - value: http://immich-machine-learning.immich:3003 - - name: REDIS_HOSTNAME - value: redis-replication-immich-master - - name: DB_VECTOR_EXTENSION - value: vectorchord - - name: DB_HOSTNAME - valueFrom: - secretKeyRef: - name: immich-postgresql-17-cluster-app - key: host - - name: DB_DATABASE_NAME - valueFrom: - secretKeyRef: - name: immich-postgresql-17-cluster-app - key: dbname - - name: DB_PORT - valueFrom: - secretKeyRef: - name: immich-postgresql-17-cluster-app - key: port - - name: DB_USERNAME - valueFrom: - secretKeyRef: - name: immich-postgresql-17-cluster-app - key: user - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: immich-postgresql-17-cluster-app - key: password - probes: - liveness: - enabled: true - custom: true - spec: - httpGet: - path: /api/server/ping - port: 2283 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - readiness: - enabled: true - custom: true - spec: - httpGet: - path: /api/server/ping - port: 2283 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - startup: - enabled: true - custom: true - spec: - httpGet: - path: /api/server/ping - port: 2283 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 30 - resources: - limits: - gpu.intel.com/i915: 1 - requests: - gpu.intel.com/i915: 1 - cpu: 10m - memory: 512Mi - machine-learning: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/immich-app/immich-machine-learning - tag: v2.3.1 - pullPolicy: IfNotPresent - env: - - name: TRANSFORMERS_CACHE - value: /cache - probes: - liveness: - enabled: true - custom: true - spec: - httpGet: - path: /ping - port: 3003 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - readiness: - enabled: true - custom: true - spec: - httpGet: - path: /ping - port: 3003 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - startup: - enabled: false - resources: - limits: - gpu.intel.com/i915: 1 - requests: - gpu.intel.com/i915: 1 - cpu: 10m - memory: 256Mi - service: - main: - controller: main - ports: - http: - port: 2283 - targetPort: 2283 - protocol: TCP - metrics-api: - port: 8081 - targetPort: 8081 - protocol: TCP - metrics-ms: - port: 8082 - targetPort: 8082 - protocol: TCP - machine-learning: - controller: machine-learning - ports: - http: - port: 3003 - targetPort: 3003 - protocol: TCP - persistence: - config: - enabled: true - type: secret - name: immich-config-secret - advancedMounts: - main: - main: - - path: /config/immich.json - readOnly: true - mountPropagation: None - subPath: immich.json - cache: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 10Gi - retain: true - advancedMounts: - machine-learning: - main: - - path: /cache - readOnly: false - media: - existingClaim: immich-nfs-storage - advancedMounts: - main: - main: - - path: /usr/src/app/upload - readOnly: false -postgres-17-cluster: - mode: recovery - cluster: - image: - repository: ghcr.io/tensorchord/cloudnative-vectorchord - tag: 17.5-0.4.3 - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - postgresql: - parameters: - shared_buffers: 256MB - shared_preload_libraries: - - "vchord.so" - initdb: - postInitSQL: - - CREATE EXTENSION IF NOT EXISTS "vector"; - - CREATE EXTENSION IF NOT EXISTS "vchord" CASCADE; - - CREATE EXTENSION IF NOT EXISTS "cube" CASCADE; - - CREATE EXTENSION IF NOT EXISTS "earthdistance" CASCADE; - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/immich/immich-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: immich-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/immich/immich-postgresql-17-cluster - index: 2 - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/immich/immich-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: immich-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/immich/immich-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: immich-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 4 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/applications/jellyfin/Chart.yaml b/clusters/cl01tl/applications/jellyfin/Chart.yaml deleted file mode 100644 index 7b025e3a4..000000000 --- a/clusters/cl01tl/applications/jellyfin/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v2 -name: jellyfin -version: 1.0.0 -description: Jellyfin -keywords: - - jellyfin - - media - - movies - - tv shows - - books - - music -home: https://wiki.alexlebens.dev/s/a58be5b0-7935-458a-b990-b45223e39d68 -sources: - - https://github.com/jellyfin/jellyfin - - https://hub.docker.com/r/jellyfin/jellyfin - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: jellyfin - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/jellyfin.png -appVersion: 10.10.7 diff --git a/clusters/cl01tl/applications/jellyfin/templates/external-secret.yaml b/clusters/cl01tl/applications/jellyfin/templates/external-secret.yaml deleted file mode 100644 index 1a076a796..000000000 --- a/clusters/cl01tl/applications/jellyfin/templates/external-secret.yaml +++ /dev/null @@ -1,55 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: jellyfin-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: jellyfin-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/jellyfin/jellyfin-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key diff --git a/clusters/cl01tl/applications/jellyfin/templates/http-route.yaml b/clusters/cl01tl/applications/jellyfin/templates/http-route.yaml deleted file mode 100644 index c07e8820f..000000000 --- a/clusters/cl01tl/applications/jellyfin/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-jellyfin - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-jellyfin - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - jellyfin.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: jellyfin - port: 80 - weight: 100 diff --git a/clusters/cl01tl/applications/jellyfin/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/jellyfin/templates/persistent-volume-claim.yaml deleted file mode 100644 index fdb6a5ce7..000000000 --- a/clusters/cl01tl/applications/jellyfin/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: jellyfin-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: jellyfin-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: jellyfin-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi - ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: jellyfin-youtube-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: jellyfin-youtube-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: jellyfin-youtube-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadOnlyMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/applications/jellyfin/templates/persistent-volume.yaml b/clusters/cl01tl/applications/jellyfin/templates/persistent-volume.yaml deleted file mode 100644 index af39701d4..000000000 --- a/clusters/cl01tl/applications/jellyfin/templates/persistent-volume.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: jellyfin-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: jellyfin-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac - ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: jellyfin-youtube-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: jellyfin-youtube-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadOnlyMany - nfs: - path: /volume2/Storage/YouTube - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/applications/jellyfin/templates/replication-source.yaml b/clusters/cl01tl/applications/jellyfin/templates/replication-source.yaml deleted file mode 100644 index 4f6597805..000000000 --- a/clusters/cl01tl/applications/jellyfin/templates/replication-source.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: jellyfin-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: jellyfin-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: jellyfin-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: jellyfin-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot - cacheCapacity: 10Gi diff --git a/clusters/cl01tl/applications/jellyfin/values.yaml b/clusters/cl01tl/applications/jellyfin/values.yaml deleted file mode 100644 index e8e8fa78a..000000000 --- a/clusters/cl01tl/applications/jellyfin/values.yaml +++ /dev/null @@ -1,68 +0,0 @@ -jellyfin: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/jellyfin/jellyfin - tag: 10.11.3 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: JELLYFIN_hostwebclient - value: true - - name: JELLYFIN_PublishedServerUrl - value: https://jellyfin.alexlebens.net/ - resources: - limits: - gpu.intel.com/i915: 1 - requests: - gpu.intel.com/i915: 1 - cpu: 1 - memory: 2Gi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 8096 - protocol: HTTP - persistence: - config: - forceRename: jellyfin-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 100Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - cache: - type: emptyDir - advancedMounts: - main: - main: - - path: /cache - readOnly: false - media: - existingClaim: jellyfin-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: false - youtube: - existingClaim: jellyfin-youtube-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/youtube - readOnly: true diff --git a/clusters/cl01tl/applications/jellystat/Chart.yaml b/clusters/cl01tl/applications/jellystat/Chart.yaml deleted file mode 100644 index da910c7c8..000000000 --- a/clusters/cl01tl/applications/jellystat/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v2 -name: jellystat -version: 1.0.0 -description: Jellystat -keywords: - - jellystat - - jellyfin -home: https://wiki.alexlebens.dev/s/d3fd2bf1-d2ab-4e94-a127-ee35f2d90142 -sources: - - https://github.com/CyferShepard/Jellystat - - https://github.com/cloudnative-pg/cloudnative-pg - - https://hub.docker.com/r/cyfershepard/jellystat - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: jellystat - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/jellystat.png -appVersion: 1.1.6 diff --git a/clusters/cl01tl/applications/jellystat/templates/external-secret.yaml b/clusters/cl01tl/applications/jellystat/templates/external-secret.yaml deleted file mode 100644 index 71f3821bb..000000000 --- a/clusters/cl01tl/applications/jellystat/templates/external-secret.yaml +++ /dev/null @@ -1,159 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: jellystat-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: jellystat-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: secret-key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/jellystat/auth - metadataPolicy: None - property: secret-key - - secretKey: user - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/jellystat/auth - metadataPolicy: None - property: user - - secretKey: password - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/jellystat/auth - metadataPolicy: None - property: password - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: jellystat-data-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: jellystat-data-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/jellystat/jellystat-data" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: jellystat-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: jellystat-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: jellystat-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: jellystat-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/applications/jellystat/templates/http-route.yaml b/clusters/cl01tl/applications/jellystat/templates/http-route.yaml deleted file mode 100644 index c1f9b1b4d..000000000 --- a/clusters/cl01tl/applications/jellystat/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-jellystat - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-jellystat - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - jellystat.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: jellystat - port: 80 - weight: 100 diff --git a/clusters/cl01tl/applications/jellystat/templates/replication-source.yaml b/clusters/cl01tl/applications/jellystat/templates/replication-source.yaml deleted file mode 100644 index 5cee9ea73..000000000 --- a/clusters/cl01tl/applications/jellystat/templates/replication-source.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: jellystat-data-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: jellystat-data-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: jellystat-data - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: jellystat-data-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/jellystat/values.yaml b/clusters/cl01tl/applications/jellystat/values.yaml deleted file mode 100644 index e0cf55d9c..000000000 --- a/clusters/cl01tl/applications/jellystat/values.yaml +++ /dev/null @@ -1,136 +0,0 @@ -jellystat: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: cyfershepard/jellystat - tag: 1.1.6 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: JWT_SECRET - valueFrom: - secretKeyRef: - name: jellystat-secret - key: secret-key - - name: JS_USER - valueFrom: - secretKeyRef: - name: jellystat-secret - key: user - - name: JS_PASSWORD - valueFrom: - secretKeyRef: - name: jellystat-secret - key: password - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: jellystat-postgresql-17-cluster-app - key: username - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: jellystat-postgresql-17-cluster-app - key: password - - name: POSTGRES_DB - valueFrom: - secretKeyRef: - name: jellystat-postgresql-17-cluster-app - key: dbname - - name: POSTGRES_IP - valueFrom: - secretKeyRef: - name: jellystat-postgresql-17-cluster-app - key: host - - name: POSTGRES_PORT - valueFrom: - secretKeyRef: - name: jellystat-postgresql-17-cluster-app - key: port - resources: - requests: - cpu: 10m - memory: 256Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 3000 - protocol: HTTP - persistence: - data: - forceRename: jellystat-data - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - main: - - path: /app/backend/backup-data - readOnly: false -postgres-17-cluster: - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/jellystat/jellystat-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: jellystat-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/jellystat/jellystat-postgresql-17-cluster - index: 1 - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/jellystat/jellystat-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: jellystat-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/jellystat/jellystat-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: jellystat-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 6 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/applications/karakeep/Chart.yaml b/clusters/cl01tl/applications/karakeep/Chart.yaml deleted file mode 100644 index d4fdb4501..000000000 --- a/clusters/cl01tl/applications/karakeep/Chart.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v2 -name: karakeep -version: 1.0.0 -description: Karakeep -keywords: - - karakeep - - bookmarks -home: https://wiki.alexlebens.dev/s/f8177591-8253-4e21-82d5-a556f0aeafad -sources: - - https://github.com/karakeep-app/karakeep - - https://github.com/cloudflare/cloudflared - - https://github.com/meilisearch/meilisearch - - https://github.com/karakeep-app/karakeep/pkgs/container/karakeep - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: karakeep - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: meilisearch - version: 0.17.1 - repository: https://meilisearch.github.io/meilisearch-kubernetes - - name: cloudflared - alias: cloudflared - repository: oci://harbor.alexlebens.net/helm-charts - version: 1.23.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/webp/karakeep.webp -appVersion: 0.26.0 diff --git a/clusters/cl01tl/applications/karakeep/templates/external-secret.yaml b/clusters/cl01tl/applications/karakeep/templates/external-secret.yaml deleted file mode 100644 index 5af4eb3fe..000000000 --- a/clusters/cl01tl/applications/karakeep/templates/external-secret.yaml +++ /dev/null @@ -1,161 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: karakeep-key-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: karakeep-key-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/karakeep/key - metadataPolicy: None - property: key - - secretKey: prometheus-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/karakeep/key - metadataPolicy: None - property: prometheus-token - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: karakeep-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: karakeep-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: AUTHENTIK_CLIENT_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/karakeep - metadataPolicy: None - property: client - - secretKey: AUTHENTIK_CLIENT_SECRET - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/karakeep - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: karakeep-meilisearch-master-key-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: karakeep-meilisearch-master-key-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: MEILI_MASTER_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/karakeep/meilisearch - metadataPolicy: None - property: MEILI_MASTER_KEY - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: karakeep-cloudflared-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: karakeep-cloudflared-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/karakeep - metadataPolicy: None - property: token - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: karakeep-data-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: karakeep-data-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/karakeep/karakeep-data" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key diff --git a/clusters/cl01tl/applications/karakeep/templates/object-bucket-claim.yaml b/clusters/cl01tl/applications/karakeep/templates/object-bucket-claim.yaml deleted file mode 100644 index 49c161a5b..000000000 --- a/clusters/cl01tl/applications/karakeep/templates/object-bucket-claim.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: objectbucket.io/v1alpha1 -kind: ObjectBucketClaim -metadata: - name: ceph-bucket-karakeep - labels: - app.kubernetes.io/name: ceph-bucket-karakeep - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - generateBucketName: bucket-karakeep - storageClassName: ceph-bucket diff --git a/clusters/cl01tl/applications/karakeep/templates/replication-source.yaml b/clusters/cl01tl/applications/karakeep/templates/replication-source.yaml deleted file mode 100644 index 738dff236..000000000 --- a/clusters/cl01tl/applications/karakeep/templates/replication-source.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: karakeep-data-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: karakeep-data-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: karakeep-data - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: karakeep-data-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/karakeep/templates/service-monitor.yaml b/clusters/cl01tl/applications/karakeep/templates/service-monitor.yaml deleted file mode 100644 index d5a9f353c..000000000 --- a/clusters/cl01tl/applications/karakeep/templates/service-monitor.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: karakeep - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: karakeep - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - endpoints: - - port: http - interval: 30s - scrapeTimeout: 15s - path: /api/metrics - authorization: - credentials: - key: prometheus-token - name: karakeep-key-secret - selector: - matchLabels: - app.kubernetes.io/name: karakeep - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/clusters/cl01tl/applications/karakeep/values.yaml b/clusters/cl01tl/applications/karakeep/values.yaml deleted file mode 100644 index e99929310..000000000 --- a/clusters/cl01tl/applications/karakeep/values.yaml +++ /dev/null @@ -1,155 +0,0 @@ -karakeep: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/karakeep-app/karakeep - tag: 0.28.0 - pullPolicy: IfNotPresent - env: - - name: DATA_DIR - value: /data - - name: DB_WAL_MODE - value: true - - name: NEXTAUTH_URL - value: https://karakeep.alexlebens.dev/ - - name: NEXTAUTH_SECRET - valueFrom: - secretKeyRef: - name: karakeep-key-secret - key: key - - name: PROMETHEUS_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: karakeep-key-secret - key: prometheus-token - - name: ASSET_STORE_S3_ENDPOINT - value: http://rook-ceph-rgw-ceph-objectstore.rook-ceph.svc:80 - - name: ASSET_STORE_S3_REGION - value: us-east-1 - - name: ASSET_STORE_S3_BUCKET - valueFrom: - configMapKeyRef: - name: ceph-bucket-karakeep - key: BUCKET_NAME - - name: ASSET_STORE_S3_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: ceph-bucket-karakeep - key: AWS_ACCESS_KEY_ID - - name: ASSET_STORE_S3_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: ceph-bucket-karakeep - key: AWS_SECRET_ACCESS_KEY - - name: ASSET_STORE_S3_FORCE_PATH_STYLE - value: true - - name: MEILI_ADDR - value: http://karakeep-meilisearch.karakeep:7700 - - name: MEILI_MASTER_KEY - valueFrom: - secretKeyRef: - name: karakeep-meilisearch-master-key-secret - key: MEILI_MASTER_KEY - - name: BROWSER_WEB_URL - value: http://karakeep.karakeep:9222 - - name: DISABLE_SIGNUPS - value: false - - name: OAUTH_PROVIDER_NAME - value: "Authentik" - - name: OAUTH_WELLKNOWN_URL - value: https://auth.alexlebens.dev/application/o/karakeep/.well-known/openid-configuration - - name: OAUTH_SCOPE - value: "openid email profile" - - name: OAUTH_CLIENT_ID - valueFrom: - secretKeyRef: - name: karakeep-oidc-secret - key: AUTHENTIK_CLIENT_ID - - name: OAUTH_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: karakeep-oidc-secret - key: AUTHENTIK_CLIENT_SECRET - - name: OLLAMA_BASE_URL - value: http://ollama-server-3.ollama:11434 - - name: OLLAMA_KEEP_ALIVE - value: 5m - - name: INFERENCE_TEXT_MODEL - value: gemma3:4b - - name: INFERENCE_IMAGE_MODEL - value: granite3.2-vision:2b - - name: EMBEDDING_TEXT_MODEL - value: mxbai-embed-large - - name: INFERENCE_JOB_TIMEOUT_SEC - value: 720 - resources: - requests: - cpu: 10m - memory: 256Mi - chrome: - image: - repository: gcr.io/zenika-hub/alpine-chrome - tag: 124 - pullPolicy: IfNotPresent - args: - - --no-sandbox - - --disable-gpu - - --disable-dev-shm-usage - - --remote-debugging-address=0.0.0.0 - - --remote-debugging-port=9222 - - --hide-scrollbars - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 3000 - targetPort: 3000 - protocol: HTTP - chrome: - port: 9222 - targetPort: 9222 - protocol: HTTP - persistence: - data: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 10Gi - retain: true - advancedMounts: - main: - main: - - path: /data - readOnly: false -meilisearch: - environment: - MEILI_NO_ANALYTICS: true - MEILI_ENV: production - MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true - auth: - existingMasterKeySecret: karakeep-meilisearch-master-key-secret - service: - type: ClusterIP - port: 7700 - persistence: - enabled: true - storageClass: ceph-block - size: 10Gi - resources: - requests: - cpu: 10m - memory: 128Mi - serviceMonitor: - enabled: true -cloudflared: - existingSecretName: karakeep-cloudflared-secret diff --git a/clusters/cl01tl/applications/kiwix/Chart.yaml b/clusters/cl01tl/applications/kiwix/Chart.yaml deleted file mode 100644 index 26d5be4ad..000000000 --- a/clusters/cl01tl/applications/kiwix/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: kiwix -version: 1.0.0 -description: Kiwix -keywords: - - kiwix - - wikipedia -home: https://wiki.alexlebens.dev/s/16eaaf92-3607-421f-bc66-cb3c39eeaea0 -sources: - - https://github.com/kiwix - - https://github.com/kiwix/kiwix-tools/pkgs/container/kiwix-serve - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: kiwix - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kiwix-dark.png -appVersion: 3.7.0 diff --git a/clusters/cl01tl/applications/kiwix/templates/http-route.yaml b/clusters/cl01tl/applications/kiwix/templates/http-route.yaml deleted file mode 100644 index fe180dc47..000000000 --- a/clusters/cl01tl/applications/kiwix/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-kiwix - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-kiwix - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - kiwix.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: kiwix - port: 80 - weight: 100 diff --git a/clusters/cl01tl/applications/kiwix/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/kiwix/templates/persistent-volume-claim.yaml deleted file mode 100644 index 1423bcd69..000000000 --- a/clusters/cl01tl/applications/kiwix/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: kiwix-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: kiwix-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: kiwix-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/applications/kiwix/templates/persistent-volume.yaml b/clusters/cl01tl/applications/kiwix/templates/persistent-volume.yaml deleted file mode 100644 index 5185019e7..000000000 --- a/clusters/cl01tl/applications/kiwix/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: kiwix-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: kiwix-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage/Kiwix - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/applications/kiwix/values.yaml b/clusters/cl01tl/applications/kiwix/values.yaml deleted file mode 100644 index 611733a0b..000000000 --- a/clusters/cl01tl/applications/kiwix/values.yaml +++ /dev/null @@ -1,38 +0,0 @@ -kiwix: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/kiwix/kiwix-serve - tag: 3.8.0 - pullPolicy: IfNotPresent - args: - - '*.zim' - env: - - name: PORT - value: 8080 - resources: - requests: - cpu: 50m - memory: 512Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 8080 - protocol: HTTP - persistence: - media: - existingClaim: kiwix-nfs-storage - advancedMounts: - main: - main: - - path: /data - readOnly: true diff --git a/clusters/cl01tl/applications/libation/Chart.yaml b/clusters/cl01tl/applications/libation/Chart.yaml deleted file mode 100644 index 13d95f2d4..000000000 --- a/clusters/cl01tl/applications/libation/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v2 -name: libation -version: 1.0.0 -description: Libation -keywords: - - libation - - audiobooks - - audible -home: https://wiki.alexlebens.dev/s/63beac50-a63f-45fe-b8e5-e1691dd5e9b0 -sources: - - https://github.com/rmcrackan/Libation - - https://hub.docker.com/r/rmcrackan/libation - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: libation - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/libation.png -appVersion: 12.4.3 diff --git a/clusters/cl01tl/applications/libation/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/libation/templates/persistent-volume-claim.yaml deleted file mode 100644 index bcae70a6c..000000000 --- a/clusters/cl01tl/applications/libation/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: libation-config - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: libation-config - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - storageClassName: nfs-client - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - volumeMode: Filesystem - ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: libation-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: libation-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: libation-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/applications/libation/templates/persistent-volume.yaml b/clusters/cl01tl/applications/libation/templates/persistent-volume.yaml deleted file mode 100644 index 123b69068..000000000 --- a/clusters/cl01tl/applications/libation/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: libation-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: libation-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage/Audiobooks/ - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/applications/libation/values.yaml b/clusters/cl01tl/applications/libation/values.yaml deleted file mode 100644 index 5e6dc8be9..000000000 --- a/clusters/cl01tl/applications/libation/values.yaml +++ /dev/null @@ -1,44 +0,0 @@ -libation: - controllers: - main: - type: cronjob - cronjob: - suspend: false - concurrencyPolicy: Forbid - timeZone: US/Central - schedule: "30 4 * * *" - startingDeadlineSeconds: 90 - successfulJobsHistory: 3 - failedJobsHistory: 3 - backoffLimit: 3 - parallelism: 1 - containers: - main: - image: - repository: rmcrackan/libation - tag: 12.7.4 - pullPolicy: IfNotPresent - env: - - name: SLEEP_TIME - value: "-1" - - name: LIBATION_BOOKS_DIR - value: /data - resources: - requests: - cpu: 10m - memory: 128Mi - persistence: - config: - existingClaim: libation-config - advancedMounts: - main: - main: - - path: /config - readOnly: false - data: - existingClaim: libation-nfs-storage - advancedMounts: - main: - main: - - path: /data - readOnly: false diff --git a/clusters/cl01tl/applications/lidarr/Chart.yaml b/clusters/cl01tl/applications/lidarr/Chart.yaml deleted file mode 100644 index 0eaeaa6c0..000000000 --- a/clusters/cl01tl/applications/lidarr/Chart.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: v2 -name: lidarr -version: 1.0.0 -description: Lidarr -keywords: - - lidarr - - servarr - - music - - metrics -home: https://wiki.alexlebens.dev/s/f7c4e892-aa3b-435f-b220-317dc53137ac -sources: - - https://github.com/Lidarr/Lidarr - - https://github.com/linuxserver/docker-lidarr - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/onedr0p/exportarr/pkgs/container/exportarr - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: lidarr - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/lidarr.png -appVersion: 2.13.3 diff --git a/clusters/cl01tl/applications/lidarr/templates/external-secret.yaml b/clusters/cl01tl/applications/lidarr/templates/external-secret.yaml deleted file mode 100644 index 28bf735e3..000000000 --- a/clusters/cl01tl/applications/lidarr/templates/external-secret.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: lidarr-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: lidarr-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/lidarr2/lidarr2-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: lidarr-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: lidarr-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: lidarr-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: lidarr-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/applications/lidarr/templates/http-route.yaml b/clusters/cl01tl/applications/lidarr/templates/http-route.yaml deleted file mode 100644 index 506985b16..000000000 --- a/clusters/cl01tl/applications/lidarr/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-lidarr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-lidarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - lidarr.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: lidarr - port: 80 - weight: 100 diff --git a/clusters/cl01tl/applications/lidarr/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/lidarr/templates/persistent-volume-claim.yaml deleted file mode 100644 index c1d21f84e..000000000 --- a/clusters/cl01tl/applications/lidarr/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: lidarr-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: lidarr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: lidarr-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/applications/lidarr/templates/persistent-volume.yaml b/clusters/cl01tl/applications/lidarr/templates/persistent-volume.yaml deleted file mode 100644 index 181d788f2..000000000 --- a/clusters/cl01tl/applications/lidarr/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: lidarr-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: lidarr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/applications/lidarr/templates/prometheus-rule.yaml b/clusters/cl01tl/applications/lidarr/templates/prometheus-rule.yaml deleted file mode 100644 index 80b14f110..000000000 --- a/clusters/cl01tl/applications/lidarr/templates/prometheus-rule.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: lidarr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: lidarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - groups: - - name: lidarr - rules: - - alert: ExportarrAbsent - annotations: - description: Lidarr Exportarr has disappeared from Prometheus - service discovery. - summary: Exportarr is down. - expr: | - absent(up{job=~".*lidarr.*"} == 1) - for: 5m - labels: - severity: critical - - alert: LidarrDown - annotations: - description: Lidarr service is down. - summary: Lidarr is down. - expr: | - lidarr_system_status{job=~".*lidarr.*"} == 0 - for: 5m - labels: - severity: critical diff --git a/clusters/cl01tl/applications/lidarr/templates/replication-source.yaml b/clusters/cl01tl/applications/lidarr/templates/replication-source.yaml deleted file mode 100644 index ef6c456fc..000000000 --- a/clusters/cl01tl/applications/lidarr/templates/replication-source.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: lidarr-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: lidarr-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: lidarr-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: lidarr-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - moverSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/lidarr/templates/service-monitor.yaml b/clusters/cl01tl/applications/lidarr/templates/service-monitor.yaml deleted file mode 100644 index 9011279c3..000000000 --- a/clusters/cl01tl/applications/lidarr/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: lidarr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: lidarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: lidarr - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: metrics - interval: 3m - scrapeTimeout: 1m - path: /metrics diff --git a/clusters/cl01tl/applications/lidarr/values.yaml b/clusters/cl01tl/applications/lidarr/values.yaml deleted file mode 100644 index e66609fd5..000000000 --- a/clusters/cl01tl/applications/lidarr/values.yaml +++ /dev/null @@ -1,151 +0,0 @@ -lidarr: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - containers: - main: - image: - repository: ghcr.io/linuxserver/lidarr - tag: 2.14.5@sha256:5e1235d00b5d1c1f60ca0d472e554a6611aef41aa7b5b6d88260214bf4809af0 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - resources: - requests: - cpu: 100m - memory: 256Mi - metrics: - image: - repository: ghcr.io/onedr0p/exportarr - tag: v2.3.0 - pullPolicy: IfNotPresent - args: ["lidarr"] - env: - - name: URL - value: http://localhost - - name: CONFIG - value: /config/config.xml - - name: PORT - value: 9792 - - name: ENABLE_ADDITIONAL_METRICS - value: false - - name: ENABLE_UNKNOWN_QUEUE_ITEMS - value: false - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 8686 - protocol: HTTP - metrics: - port: 9792 - targetPort: 9792 - protocol: TCP - persistence: - config: - forceRename: lidarr-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 10Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - metrics: - - path: /config - readOnly: true - media: - existingClaim: lidarr-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: false -postgres-17-cluster: - nameOverride: lidarr2-postgresql-17 - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - resources: - requests: - memory: 1Gi - cpu: 200m - initdb: - postInitSQL: - - CREATE DATABASE "lidarr-main" OWNER "app"; - - CREATE DATABASE "lidarr-log" OWNER "app"; - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/lidarr/lidarr2-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: lidarr-postgresql-17-cluster-backup-secret - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/lidarr2/lidarr2-postgresql-17-cluster - index: 1 - endpointCredentials: lidarr-postgresql-17-cluster-backup-secret - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/lidarr/lidarr2-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: lidarr-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/lidarr/lidarr2-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: lidarr-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 8 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/applications/lidatube/Chart.yaml b/clusters/cl01tl/applications/lidatube/Chart.yaml deleted file mode 100644 index e55aae496..000000000 --- a/clusters/cl01tl/applications/lidatube/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v2 -name: lidatube -version: 1.0.0 -description: LidaTube -keywords: - - lidatube - - music - - yt-dlp -home: https://wiki.alexlebens.dev/s/10d95030-85be-4ced-a8d7-b4aaeca9bee6 -sources: - - https://github.com/TheWicklowWolf/LidaTube - - https://registry.hub.docker.com/r/thewicklowwolf/lidatube - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: lidatube - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/lidatube.png -appVersion: 0.2.22 diff --git a/clusters/cl01tl/applications/lidatube/templates/external-secret.yaml b/clusters/cl01tl/applications/lidatube/templates/external-secret.yaml deleted file mode 100644 index 83be273f2..000000000 --- a/clusters/cl01tl/applications/lidatube/templates/external-secret.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: lidatube-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: lidatube-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: lidarr_api_key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/lidarr2/key - metadataPolicy: None - property: key diff --git a/clusters/cl01tl/applications/lidatube/templates/http-route.yaml b/clusters/cl01tl/applications/lidatube/templates/http-route.yaml deleted file mode 100644 index 508d72b7b..000000000 --- a/clusters/cl01tl/applications/lidatube/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-lidatube - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-lidatube - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - lidatube.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: lidatube - port: 80 - weight: 100 diff --git a/clusters/cl01tl/applications/lidatube/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/lidatube/templates/persistent-volume-claim.yaml deleted file mode 100644 index ff3c8907e..000000000 --- a/clusters/cl01tl/applications/lidatube/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: lidatube-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: lidatube-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: lidatube-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/applications/lidatube/templates/persistent-volume.yaml b/clusters/cl01tl/applications/lidatube/templates/persistent-volume.yaml deleted file mode 100644 index 35422746f..000000000 --- a/clusters/cl01tl/applications/lidatube/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: lidatube-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: lidatube-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage/Music - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/applications/lidatube/values.yaml b/clusters/cl01tl/applications/lidatube/values.yaml deleted file mode 100644 index 9e1efa5e9..000000000 --- a/clusters/cl01tl/applications/lidatube/values.yaml +++ /dev/null @@ -1,66 +0,0 @@ -lidatube: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - containers: - main: - image: - repository: thewicklowwolf/lidatube - tag: 0.2.41 - pullPolicy: IfNotPresent - env: - - name: PUID - value: 1000 - - name: PGID - value: 1000 - - name: lidarr_address - value: http://lidarr.lidarr:80 - - name: lidarr_api_key - valueFrom: - secretKeyRef: - name: lidatube-secret - key: lidarr_api_key - - name: sleep_interval - value: 360 - - name: sync_schedule - value: 4 - - name: attempt_lidarr_import - value: true - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 5000 - protocol: HTTP - persistence: - config: - forceRename: lidatube-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - main: - - path: /lidatube/config - readOnly: false - music: - existingClaim: lidatube-nfs-storage - advancedMounts: - main: - main: - - path: /lidatube/downloads - readOnly: false diff --git a/clusters/cl01tl/applications/listenarr/Chart.yaml b/clusters/cl01tl/applications/listenarr/Chart.yaml deleted file mode 100644 index c6415cb3b..000000000 --- a/clusters/cl01tl/applications/listenarr/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v2 -name: listenarr -version: 1.0.0 -description: Listenarr -keywords: - - listenarr - - audiobooks -home: https://wiki.alexlebens.dev/ -sources: - - https://github.com/therobbiedavis/Listenarr - - https://hub.docker.com/r/therobbiedavis/listenarr - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: listenarr - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -appVersion: 0.2.35 diff --git a/clusters/cl01tl/applications/listenarr/templates/http-route.yaml b/clusters/cl01tl/applications/listenarr/templates/http-route.yaml deleted file mode 100644 index 73bdae8c0..000000000 --- a/clusters/cl01tl/applications/listenarr/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-listenarr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-listenarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - listenarr.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: listenarr - port: 80 - weight: 100 diff --git a/clusters/cl01tl/applications/listenarr/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/listenarr/templates/persistent-volume-claim.yaml deleted file mode 100644 index 96a4a3e48..000000000 --- a/clusters/cl01tl/applications/listenarr/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: listenarr-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: listenarr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: listenarr-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/applications/listenarr/templates/persistent-volume.yaml b/clusters/cl01tl/applications/listenarr/templates/persistent-volume.yaml deleted file mode 100644 index a22ee2ab0..000000000 --- a/clusters/cl01tl/applications/listenarr/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: listenarr-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: listenarr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage/Audiobooks - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/applications/listenarr/values.yaml b/clusters/cl01tl/applications/listenarr/values.yaml deleted file mode 100644 index 1b1a04e84..000000000 --- a/clusters/cl01tl/applications/listenarr/values.yaml +++ /dev/null @@ -1,46 +0,0 @@ -listenarr: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: therobbiedavis/listenarr - tag: canary-0.2.35 - pullPolicy: IfNotPresent - env: - - name: LISTENARR_PUBLIC_URL - value: https://listenarr.alexlebens.net - resources: - requests: - cpu: 50m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 5000 - protocol: HTTP - persistence: - config: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - main: - - path: /app/config - readOnly: false - media: - existingClaim: listenarr-nfs-storage - advancedMounts: - main: - main: - - path: /data - readOnly: false diff --git a/clusters/cl01tl/applications/omni-tools/Chart.yaml b/clusters/cl01tl/applications/omni-tools/Chart.yaml deleted file mode 100644 index cc0017779..000000000 --- a/clusters/cl01tl/applications/omni-tools/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v2 -name: omni-tools -version: 1.0.0 -description: OmniTools -keywords: - - omni-tools -home: https://wiki.alexlebens.dev/s/8820cd36-dcf6-4ddf-8b2f-584271628a54 -sources: - - https://github.com/iib0011/omni-tools - - https://hub.docker.com/r/iib0011/omni-tools - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: omni-tools - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/omnitools.png -appVersion: 0.4.0 diff --git a/clusters/cl01tl/applications/omni-tools/templates/http-route.yaml b/clusters/cl01tl/applications/omni-tools/templates/http-route.yaml deleted file mode 100644 index 981539188..000000000 --- a/clusters/cl01tl/applications/omni-tools/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-omni-tools - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-omni-tools - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - omni-tools.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: omni-tools - port: 80 - weight: 100 diff --git a/clusters/cl01tl/applications/omni-tools/values.yaml b/clusters/cl01tl/applications/omni-tools/values.yaml deleted file mode 100644 index 43daccfcd..000000000 --- a/clusters/cl01tl/applications/omni-tools/values.yaml +++ /dev/null @@ -1,25 +0,0 @@ -omni-tools: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: iib0011/omni-tools - tag: 0.6.0 - pullPolicy: IfNotPresent - resources: - requests: - cpu: 50m - memory: 512Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 80 - protocol: HTTP diff --git a/clusters/cl01tl/applications/outline/Chart.yaml b/clusters/cl01tl/applications/outline/Chart.yaml deleted file mode 100644 index 5063d92f8..000000000 --- a/clusters/cl01tl/applications/outline/Chart.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: v2 -name: outline -version: 1.0.0 -description: Outline -keywords: - - outline - - wiki - - documentation -home: https://wiki.alexlebens.dev/s/c530c2b9-82b7-44df-b7ef-870c8b29242f -sources: - - https://github.com/outline/outline - - https://github.com/cloudflare/cloudflared - - https://github.com/cloudnative-pg/cloudnative-pg - - https://hub.docker.com/r/outlinewiki/outline - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: outline - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: cloudflared - alias: cloudflared-outline - repository: oci://harbor.alexlebens.net/helm-charts - version: 1.23.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/outline.png -appVersion: 0.84.0 diff --git a/clusters/cl01tl/applications/outline/templates/external-secret.yaml b/clusters/cl01tl/applications/outline/templates/external-secret.yaml deleted file mode 100644 index 7fa5518f1..000000000 --- a/clusters/cl01tl/applications/outline/templates/external-secret.yaml +++ /dev/null @@ -1,148 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: outline-key-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: outline-key-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: secret-key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/outline/key - metadataPolicy: None - property: secret-key - - secretKey: utils-key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/outline/key - metadataPolicy: None - property: utils-key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: outline-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: outline-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: client - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/outline - metadataPolicy: None - property: client - - secretKey: secret - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/outline - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: outline-cloudflared-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: outline-cloudflared-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/outline - metadataPolicy: None - property: token - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: outline-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: outline-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: outline-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: outline-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/applications/outline/templates/object-bucket-claim.yaml b/clusters/cl01tl/applications/outline/templates/object-bucket-claim.yaml deleted file mode 100644 index 6d780520a..000000000 --- a/clusters/cl01tl/applications/outline/templates/object-bucket-claim.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: objectbucket.io/v1alpha1 -kind: ObjectBucketClaim -metadata: - name: ceph-bucket-outline - labels: - app.kubernetes.io/name: ceph-bucket-outline - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - generateBucketName: bucket-outline - storageClassName: ceph-bucket - additionalConfig: - bucketPolicy: | - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor", - "Effect": "Allow", - "Action": [ - "s3:GetObjectAcl", - "s3:DeleteObject", - "s3:PutObject", - "s3:GetObject", - "s3:PutObjectAcl" - ], - "Resource": "arn:aws:s3:::bucket-outline-630c57e0-d475-4d78-926c-c1c082291d73/*" - } - ] - } diff --git a/clusters/cl01tl/applications/outline/templates/redis-replication.yaml b/clusters/cl01tl/applications/outline/templates/redis-replication.yaml deleted file mode 100644 index af65e0566..000000000 --- a/clusters/cl01tl/applications/outline/templates/redis-replication.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: redis-replication-outline - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-outline - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - clusterSize: 3 - podSecurityContext: - runAsUser: 1000 - fsGroup: 1000 - kubernetesConfig: - image: quay.io/opstree/redis:v8.0.3 - imagePullPolicy: IfNotPresent - resources: - requests: - cpu: 50m - memory: 128Mi - storage: - volumeClaimTemplate: - spec: - storageClassName: ceph-block - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 1Gi - redisExporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.48.0 diff --git a/clusters/cl01tl/applications/outline/templates/service-monitor.yaml b/clusters/cl01tl/applications/outline/templates/service-monitor.yaml deleted file mode 100644 index e5f767b2d..000000000 --- a/clusters/cl01tl/applications/outline/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: redis-replication-outline - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-outline - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - redis-operator: "true" - env: production -spec: - selector: - matchLabels: - redis_setup_type: replication - endpoints: - - port: redis-exporter - interval: 30s - scrapeTimeout: 10s diff --git a/clusters/cl01tl/applications/outline/values.yaml b/clusters/cl01tl/applications/outline/values.yaml deleted file mode 100644 index 6d0f6c784..000000000 --- a/clusters/cl01tl/applications/outline/values.yaml +++ /dev/null @@ -1,203 +0,0 @@ -outline: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: outlinewiki/outline - tag: 1.1.0 - pullPolicy: IfNotPresent - env: - - name: NODE_ENV - value: production - - name: URL - value: https://wiki.alexlebens.dev - - name: PORT - value: 3000 - - name: SECRET_KEY - valueFrom: - secretKeyRef: - name: outline-key-secret - key: secret-key - - name: UTILS_SECRET - valueFrom: - secretKeyRef: - name: outline-key-secret - key: utils-key - - name: POSTGRES_USERNAME - valueFrom: - secretKeyRef: - name: outline-postgresql-17-cluster-app - key: username - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: outline-postgresql-17-cluster-app - key: password - - name: POSTGRES_DATABASE_NAME - valueFrom: - secretKeyRef: - name: outline-postgresql-17-cluster-app - key: dbname - - name: POSTGRES_DATABASE_HOST - valueFrom: - secretKeyRef: - name: outline-postgresql-17-cluster-app - key: host - - name: POSTGRES_DATABASE_PORT - valueFrom: - secretKeyRef: - name: outline-postgresql-17-cluster-app - key: port - - name: DATABASE_URL - value: postgres://$(POSTGRES_USERNAME):$(POSTGRES_PASSWORD)@$(POSTGRES_DATABASE_HOST):$(POSTGRES_DATABASE_PORT)/$(POSTGRES_DATABASE_NAME) - - name: DATABASE_URL_TEST - value: postgres://$(POSTGRES_USERNAME):$(POSTGRES_PASSWORD)@$(POSTGRES_DATABASE_HOST):$(POSTGRES_DATABASE_PORT)/$(POSTGRES_DATABASE_NAME)-test - - name: DATABASE_CONNECTION_POOL_MIN - value: "2" - - name: DATABASE_CONNECTION_POOL_MAX - value: "20" - - name: PGSSLMODE - value: disable - - name: REDIS_URL - value: redis://redis-replication-outline-master.outline:6379 - - name: FILE_STORAGE - value: s3 - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: ceph-bucket-outline - key: AWS_ACCESS_KEY_ID - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: ceph-bucket-outline - key: AWS_SECRET_ACCESS_KEY - - name: AWS_REGION - value: us-east-1 - - name: AWS_S3_UPLOAD_BUCKET_NAME - valueFrom: - configMapKeyRef: - name: ceph-bucket-outline - key: BUCKET_NAME - - name: AWS_S3_UPLOAD_BUCKET_URL - value: https://objects.alexlebens.dev - - name: AWS_S3_FORCE_PATH_STYLE - value: true - - name: AWS_S3_ACL - value: private - - name: FILE_STORAGE_UPLOAD_MAX_SIZE - value: "26214400" - - name: FORCE_HTTPS - value: false - - name: ENABLE_UPDATES - value: false - - name: WEB_CONCURRENCY - value: 1 - - name: FILE_STORAGE_IMPORT_MAX_SIZE - value: 5120000 - - name: LOG_LEVEL - value: info - - name: DEFAULT_LANGUAGE - value: en_US - - name: RATE_LIMITER_ENABLED - value: false - - name: DEVELOPMENT_UNSAFE_INLINE_CSP - value: false - - name: OIDC_CLIENT_ID - valueFrom: - secretKeyRef: - name: outline-oidc-secret - key: client - - name: OIDC_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: outline-oidc-secret - key: secret - - name: OIDC_AUTH_URI - value: https://auth.alexlebens.dev/application/o/authorize/ - - name: OIDC_TOKEN_URI - value: https://auth.alexlebens.dev/application/o/token/ - - name: OIDC_USERINFO_URI - value: https://auth.alexlebens.dev/application/o/userinfo/ - - name: OIDC_USERNAME_CLAIM - value: email - - name: OIDC_DISPLAY_NAME - value: Authentik - - name: OIDC_SCOPES - value: openid profile email - resources: - requests: - cpu: 10m - memory: 512Mi - service: - main: - controller: main - ports: - http: - port: 3000 - targetPort: 3000 - protocol: HTTP -cloudflared-outline: - existingSecretName: outline-cloudflared-secret - name: cloudflared-outline -postgres-17-cluster: - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/outline/outline-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: outline-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/outline/outline-postgresql-17-cluster - index: 1 - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/outline/outline-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: outline-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/outline/outline-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: outline-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 10 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/applications/overseerr/Chart.yaml b/clusters/cl01tl/applications/overseerr/Chart.yaml deleted file mode 100644 index 69efd1844..000000000 --- a/clusters/cl01tl/applications/overseerr/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: overseerr -version: 1.0.0 -description: Overseerr -keywords: - - overseer - - media - - request -home: https://wiki.alexlebens.dev/s/ba89ec92-a15c-48d5-9c33-a28a0134b0f9 -sources: - - https://github.com/sct/overseerr - - https://github.com/sct/overseerr/pkgs/container/overseerr - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/overseerr.png -appVersion: 1.34.0 diff --git a/clusters/cl01tl/applications/overseerr/templates/external-secret.yaml b/clusters/cl01tl/applications/overseerr/templates/external-secret.yaml deleted file mode 100644 index 07fd8a0d7..000000000 --- a/clusters/cl01tl/applications/overseerr/templates/external-secret.yaml +++ /dev/null @@ -1,55 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: overseerr-main-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: overseerr-main-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/overseerr/overseerr-main" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key diff --git a/clusters/cl01tl/applications/overseerr/templates/http-route.yaml b/clusters/cl01tl/applications/overseerr/templates/http-route.yaml deleted file mode 100644 index f02422b82..000000000 --- a/clusters/cl01tl/applications/overseerr/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-overseerr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-overseerr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - overseerr.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: overseerr - port: 80 - weight: 100 diff --git a/clusters/cl01tl/applications/overseerr/templates/replication-source.yaml b/clusters/cl01tl/applications/overseerr/templates/replication-source.yaml deleted file mode 100644 index 370af3b85..000000000 --- a/clusters/cl01tl/applications/overseerr/templates/replication-source.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: overseerr-main-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: overseerr-main-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: overseerr-main - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: overseerr-main-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/overseerr/values.yaml b/clusters/cl01tl/applications/overseerr/values.yaml deleted file mode 100644 index ab54214f0..000000000 --- a/clusters/cl01tl/applications/overseerr/values.yaml +++ /dev/null @@ -1,40 +0,0 @@ -app-template: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/sct/overseerr - tag: 1.34.0 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - resources: - requests: - cpu: 10m - memory: 512Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 5055 - protocol: HTTP - persistence: - main: - forceRename: overseerr-main - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 10Gi - retain: true - advancedMounts: - main: - main: - - path: /app/config - readOnly: false diff --git a/clusters/cl01tl/applications/photoview/Chart.yaml b/clusters/cl01tl/applications/photoview/Chart.yaml deleted file mode 100644 index f8a8dd360..000000000 --- a/clusters/cl01tl/applications/photoview/Chart.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v2 -name: photoview -version: 1.0.0 -description: Photoview -keywords: - - photoview - - pictures -home: https://wiki.alexlebens.dev/s/f519a435-8388-4503-a9f9-401bdb424151 -sources: - - https://github.com/photoview/photoview - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: photoview - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/photoview.png -appVersion: 2.4.0 diff --git a/clusters/cl01tl/applications/photoview/templates/external-secrets.yaml b/clusters/cl01tl/applications/photoview/templates/external-secrets.yaml deleted file mode 100644 index 68c6cb04f..000000000 --- a/clusters/cl01tl/applications/photoview/templates/external-secrets.yaml +++ /dev/null @@ -1,65 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: photoview-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: photoview-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: photoview-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: photoview-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/applications/photoview/templates/http-route.yaml b/clusters/cl01tl/applications/photoview/templates/http-route.yaml deleted file mode 100644 index 838a90b95..000000000 --- a/clusters/cl01tl/applications/photoview/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-photoview - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-photoview - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - photoview.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: photoview - port: 80 - weight: 100 diff --git a/clusters/cl01tl/applications/photoview/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/photoview/templates/persistent-volume-claim.yaml deleted file mode 100644 index 3b4120483..000000000 --- a/clusters/cl01tl/applications/photoview/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: photoview-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: photoview-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: photoview-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/applications/photoview/templates/persistent-volume.yaml b/clusters/cl01tl/applications/photoview/templates/persistent-volume.yaml deleted file mode 100644 index dfdfb917f..000000000 --- a/clusters/cl01tl/applications/photoview/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: photoview-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: photoview-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage/Pictures - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/applications/photoview/values.yaml b/clusters/cl01tl/applications/photoview/values.yaml deleted file mode 100644 index b27700dd9..000000000 --- a/clusters/cl01tl/applications/photoview/values.yaml +++ /dev/null @@ -1,130 +0,0 @@ -photoview: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - initContainers: - init-chmod-data: - securityContext: - runAsUser: 0 - image: - repository: busybox - tag: 1.37.0 - pullPolicy: IfNotPresent - command: - - /bin/sh - - -ec - - | - /bin/chown -R 999:999 /app/cache - resources: - requests: - cpu: 100m - memory: 128Mi - containers: - main: - image: - repository: photoview/photoview - tag: 2.4.0 - pullPolicy: IfNotPresent - env: - - name: PHOTOVIEW_DATABASE_DRIVER - value: postgres - - name: PHOTOVIEW_POSTGRES_URL - valueFrom: - secretKeyRef: - name: photoview-postgresql-17-cluster-app - key: uri - - name: PHOTOVIEW_MEDIA_CACHE - value: /app/cache - resources: - requests: - cpu: 10m - memory: 512Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 80 - protocol: HTTP - persistence: - cache: - forceRename: photoview-cache - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 10Gi - retain: false - advancedMounts: - main: - init-chmod-data: - - path: /app/cache - readOnly: false - main: - - path: /app/cache - readOnly: false - media: - existingClaim: photoview-nfs-storage - advancedMounts: - main: - main: - - path: /photos - readOnly: true -postgres-17-cluster: - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/photoview/photoview-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: photoview-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/photoview/photoview-postgresql-17-cluster - index: 1 - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/photoview/photoview-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: photoview-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/photoview/photoview-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: photoview-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 12 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/applications/plex/Chart.yaml b/clusters/cl01tl/applications/plex/Chart.yaml deleted file mode 100644 index 984233394..000000000 --- a/clusters/cl01tl/applications/plex/Chart.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v2 -name: plex -version: 1.0.0 -description: Plex -keywords: - - plex - - tv shows - - movies - - music - - photos - - live tv -home: https://wiki.alexlebens.dev/s/e2833eed-f991-4b00-9fa0-5d7f403a8183 -sources: - - https://www.plex.tv/ - - https://github.com/linuxserver/docker-plex - - https://github.com/linuxserver/docker-plex/pkgs/container/plex - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: plex - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/plex.png -appVersion: 1.41.6 diff --git a/clusters/cl01tl/applications/plex/templates/http-route.yaml b/clusters/cl01tl/applications/plex/templates/http-route.yaml deleted file mode 100644 index 0ef0cbb23..000000000 --- a/clusters/cl01tl/applications/plex/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-plex - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-plex - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - plex.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: plex - port: 32400 - weight: 100 diff --git a/clusters/cl01tl/applications/plex/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/plex/templates/persistent-volume-claim.yaml deleted file mode 100644 index 61a5296c2..000000000 --- a/clusters/cl01tl/applications/plex/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: plex-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: plex-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: plex-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/applications/plex/templates/persistent-volume.yaml b/clusters/cl01tl/applications/plex/templates/persistent-volume.yaml deleted file mode 100644 index cdf01b15c..000000000 --- a/clusters/cl01tl/applications/plex/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: plex-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: plex-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/applications/plex/values.yaml b/clusters/cl01tl/applications/plex/values.yaml deleted file mode 100644 index 532c65908..000000000 --- a/clusters/cl01tl/applications/plex/values.yaml +++ /dev/null @@ -1,61 +0,0 @@ -plex: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/linuxserver/plex - tag: 1.42.2@sha256:ab81c7313fb5dc4d1f9562e5bbd5e5877a8a3c5ca6b9f9fff3437b5096a2b123 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: VERSION - value: docker - - name: PLEX_CLAIM - value: claim-XmGK2o9x54PbCzQaqj-J - resources: - limits: - gpu.intel.com/i915: 1 - requests: - gpu.intel.com/i915: 1 - cpu: 10m - memory: 512Mi - service: - main: - controller: main - type: LoadBalancer - ports: - http: - port: 32400 - targetPort: 32400 - protocol: HTTP - persistence: - config: - forceRename: plex-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 100Gi - advancedMounts: - main: - main: - - path: /config - readOnly: false - transcode: - type: emptyDir - advancedMounts: - main: - main: - - path: /transcode - readOnly: false - media: - existingClaim: plex-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: true diff --git a/clusters/cl01tl/applications/postiz/Chart.yaml b/clusters/cl01tl/applications/postiz/Chart.yaml deleted file mode 100644 index fbe1d87e3..000000000 --- a/clusters/cl01tl/applications/postiz/Chart.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v2 -name: postiz -version: 1.0.0 -description: Postiz -keywords: - - postiz - - social-media -home: https://wiki.alexlebens.dev/s/f483a06b-860b-423c-8d51-a1ce82e0fd43 -sources: - - https://github.com/gitroomhq/postiz-app - - https://github.com/cloudflare/cloudflared - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/gitroomhq/postiz-app/pkgs/container/postiz-app - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: postiz - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: cloudflared - repository: oci://harbor.alexlebens.net/helm-charts - version: 1.23.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/postiz.png -appVersion: v1.43.3 diff --git a/clusters/cl01tl/applications/postiz/templates/external-secret.yaml b/clusters/cl01tl/applications/postiz/templates/external-secret.yaml deleted file mode 100644 index 4bbfa9af3..000000000 --- a/clusters/cl01tl/applications/postiz/templates/external-secret.yaml +++ /dev/null @@ -1,292 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: postiz-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: postiz-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: JWT_SECRET - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/postiz/config - metadataPolicy: None - property: JWT_SECRET - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: postiz-redis-config - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: postiz-redis-config - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: REDIS_URL - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/postiz/redis - metadataPolicy: None - property: REDIS_URL - - secretKey: user - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/postiz/redis - metadataPolicy: None - property: user - - secretKey: password - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/postiz/redis - metadataPolicy: None - property: password - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: postiz-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: postiz-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: client - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/postiz - metadataPolicy: None - property: client - - secretKey: secret - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/postiz - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: postiz-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: postiz-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/postiz/postiz-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: postiz-uploads-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: postiz-uploads-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/postiz/postiz-uploads" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: postiz-cloudflared-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: postiz-cloudflared-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/postiz - metadataPolicy: None - property: token - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: postiz-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: postiz-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: postiz-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: postiz-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/applications/postiz/templates/http-route.yaml b/clusters/cl01tl/applications/postiz/templates/http-route.yaml deleted file mode 100644 index 382c76ca5..000000000 --- a/clusters/cl01tl/applications/postiz/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-postiz - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-postiz - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - postiz.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: postiz - port: 80 - weight: 100 diff --git a/clusters/cl01tl/applications/postiz/templates/redis-replication.yaml b/clusters/cl01tl/applications/postiz/templates/redis-replication.yaml deleted file mode 100644 index 302a81ad6..000000000 --- a/clusters/cl01tl/applications/postiz/templates/redis-replication.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: redis-replication-postiz - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-postiz - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - clusterSize: 3 - podSecurityContext: - runAsUser: 1000 - fsGroup: 1000 - kubernetesConfig: - image: quay.io/opstree/redis:v8.0.3 - imagePullPolicy: IfNotPresent - redisSecret: - name: postiz-redis-config - key: password - resources: - requests: - cpu: 50m - memory: 128Mi - storage: - volumeClaimTemplate: - spec: - storageClassName: ceph-block - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 1Gi - redisExporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.48.0 diff --git a/clusters/cl01tl/applications/postiz/templates/replication-source.yaml b/clusters/cl01tl/applications/postiz/templates/replication-source.yaml deleted file mode 100644 index 69b38cdc3..000000000 --- a/clusters/cl01tl/applications/postiz/templates/replication-source.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: postiz-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: postiz-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: postiz-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: postiz-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot - ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: postiz-uploads-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: postiz-uploads-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: postiz-uploads - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: postiz-uploads-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/postiz/templates/service-monitor.yaml b/clusters/cl01tl/applications/postiz/templates/service-monitor.yaml deleted file mode 100644 index c7e86c00f..000000000 --- a/clusters/cl01tl/applications/postiz/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: redis-replication-postiz - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-postiz - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - redis-operator: "true" - env: production -spec: - selector: - matchLabels: - redis_setup_type: replication - endpoints: - - port: redis-exporter - interval: 30s - scrapeTimeout: 10s diff --git a/clusters/cl01tl/applications/postiz/values.yaml b/clusters/cl01tl/applications/postiz/values.yaml deleted file mode 100644 index 7e2b6da94..000000000 --- a/clusters/cl01tl/applications/postiz/values.yaml +++ /dev/null @@ -1,163 +0,0 @@ -postiz: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/gitroomhq/postiz-app - tag: v2.8.3 - pullPolicy: IfNotPresent - env: - - name: MAIN_URL - value: https://postiz.alexlebens.dev - - name: FRONTEND_URL - value: https://postiz.alexlebens.dev - - name: NEXT_PUBLIC_BACKEND_URL - value: https://postiz.alexlebens.dev/api - - name: JWT_SECRET - valueFrom: - secretKeyRef: - name: postiz-config-secret - key: JWT_SECRET - - name: DATABASE_URL - valueFrom: - secretKeyRef: - name: postiz-postgresql-17-cluster-app - key: uri - - name: REDIS_URL - valueFrom: - secretKeyRef: - name: postiz-redis-config - key: REDIS_URL - - name: BACKEND_INTERNAL_URL - value: http://localhost:3000 - - name: IS_GENERAL - value: "true" - - name: STORAGE_PROVIDER - value: local - - name: UPLOAD_DIRECTORY - value: /uploads - - name: NEXT_PUBLIC_UPLOAD_DIRECTORY - value: /uploads - - name: NEXT_PUBLIC_POSTIZ_OAUTH_DISPLAY_NAME - value: Authentik - - name: NEXT_PUBLIC_POSTIZ_OAUTH_LOGO_URL - value: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png - - name: POSTIZ_GENERIC_OAUTH - value: "true" - - name: POSTIZ_OAUTH_URL - value: https://auth.alexlebens.dev - - name: POSTIZ_OAUTH_AUTH_URL - value: https://auth.alexlebens.dev/application/o/authorize/ - - name: POSTIZ_OAUTH_TOKEN_URL - value: https://auth.alexlebens.dev/application/o/token/ - - name: POSTIZ_OAUTH_USERINFO_URL - value: https://auth.alexlebens.dev/application/o/userinfo/ - - name: POSTIZ_OAUTH_CLIENT_ID - valueFrom: - secretKeyRef: - name: postiz-oidc-secret - key: client - - name: POSTIZ_OAUTH_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: postiz-oidc-secret - key: secret - - name: POSTIZ_OAUTH_SCOPE - value: openid profile email - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 5000 - protocol: HTTP - persistence: - config: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 2Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - uploads: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 10Gi - retain: true - advancedMounts: - main: - main: - - path: /uploads - readOnly: false -cloudflared: - name: cloudflared-postiz - existingSecretName: postiz-cloudflared-secret -postgres-17-cluster: - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/postiz/postiz-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: postiz-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/postiz/postiz-postgresql-17-cluster - index: 2 - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/postiz/postiz-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: postiz-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/postiz/postiz-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: postiz-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 14 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/applications/prowlarr/Chart.yaml b/clusters/cl01tl/applications/prowlarr/Chart.yaml deleted file mode 100644 index ce3c6a7cb..000000000 --- a/clusters/cl01tl/applications/prowlarr/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v2 -name: prowlarr -version: 1.0.0 -description: Prowlarr -keywords: - - prowlarr - - servarr - - trackers -home: https://wiki.alexlebens.dev/s/7f963158-15fd-4eb5-b3ac-8a3aeb79613a -sources: - - https://github.com/Prowlarr/Prowlarr - - https://github.com/linuxserver/docker-prowlarr - - https://github.com/linuxserver/docker-prowlarr/pkgs/container/prowlarr - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: prowlarr - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prowlarr.png -appVersion: 1.35.1 diff --git a/clusters/cl01tl/applications/prowlarr/templates/external-secret.yaml b/clusters/cl01tl/applications/prowlarr/templates/external-secret.yaml deleted file mode 100644 index a35545627..000000000 --- a/clusters/cl01tl/applications/prowlarr/templates/external-secret.yaml +++ /dev/null @@ -1,55 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: prowlarr-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: prowlarr-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/prowlarr/prowlarr-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key diff --git a/clusters/cl01tl/applications/prowlarr/templates/http-route.yaml b/clusters/cl01tl/applications/prowlarr/templates/http-route.yaml deleted file mode 100644 index 8e202e8b4..000000000 --- a/clusters/cl01tl/applications/prowlarr/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-prowlarr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-prowlarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - prowlarr.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: prowlarr - port: 80 - weight: 100 diff --git a/clusters/cl01tl/applications/prowlarr/templates/replication-source.yaml b/clusters/cl01tl/applications/prowlarr/templates/replication-source.yaml deleted file mode 100644 index 55af1476e..000000000 --- a/clusters/cl01tl/applications/prowlarr/templates/replication-source.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: prowlarr-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: prowlarr-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: prowlarr-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: prowlarr-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - moverSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - fsGroupChangePolicy: OnRootMismatch - supplementalGroups: - - 44 - - 100 - - 109 - - 65539 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/prowlarr/values.yaml b/clusters/cl01tl/applications/prowlarr/values.yaml deleted file mode 100644 index 0b542abde..000000000 --- a/clusters/cl01tl/applications/prowlarr/values.yaml +++ /dev/null @@ -1,51 +0,0 @@ -prowlarr: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - fsGroupChangePolicy: OnRootMismatch - supplementalGroups: - - 44 - - 100 - - 109 - - 65539 - containers: - main: - image: - repository: ghcr.io/linuxserver/prowlarr - tag: 2.3.0@sha256:475853535de3de8441b87c1457c30f2e695f4831228b12b6b7274e9da409d874 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - resources: - requests: - cpu: 10m - memory: 256Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 9696 - protocol: HTTP - persistence: - config: - forceRename: prowlarr-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false diff --git a/clusters/cl01tl/applications/radarr-4k/Chart.yaml b/clusters/cl01tl/applications/radarr-4k/Chart.yaml deleted file mode 100644 index a5fe41ee7..000000000 --- a/clusters/cl01tl/applications/radarr-4k/Chart.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: v2 -name: radarr-4k -version: 1.0.0 -description: Radarr 4K -keywords: - - radarr - - servarr - - movies - - 4k - - metrics -home: https://wiki.alexlebens.dev/s/b5687ceb-11db-49b3-9c77-bf27bc322c99 -sources: - - https://github.com/Radarr/Radarr - - https://github.com/linuxserver/docker-radarr - - https://github.com/onedr0p/exportarr - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/linuxserver/docker-radarr/pkgs/container/radarr - - https://github.com/onedr0p/exportarr/pkgs/container/exportarr - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: radarr-4k - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-4k.png -appVersion: 5.22.4 diff --git a/clusters/cl01tl/applications/radarr-4k/templates/external-secret.yaml b/clusters/cl01tl/applications/radarr-4k/templates/external-secret.yaml deleted file mode 100644 index 6890221d3..000000000 --- a/clusters/cl01tl/applications/radarr-4k/templates/external-secret.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: radarr-4k-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-4k-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/radarr5-4k/radarr5-4k-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: radarr-4k-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-4k-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: radarr-4k-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-4k-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/applications/radarr-4k/templates/http-route.yaml b/clusters/cl01tl/applications/radarr-4k/templates/http-route.yaml deleted file mode 100644 index 029939f6b..000000000 --- a/clusters/cl01tl/applications/radarr-4k/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-radarr-4k - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-radarr-4k - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - radarr-4k.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: radarr-4k - port: 80 - weight: 100 diff --git a/clusters/cl01tl/applications/radarr-4k/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/radarr-4k/templates/persistent-volume-claim.yaml deleted file mode 100644 index b05e92529..000000000 --- a/clusters/cl01tl/applications/radarr-4k/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: radarr-4k-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-4k-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: radarr-4k-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/applications/radarr-4k/templates/persistent-volume.yaml b/clusters/cl01tl/applications/radarr-4k/templates/persistent-volume.yaml deleted file mode 100644 index 435908330..000000000 --- a/clusters/cl01tl/applications/radarr-4k/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: radarr-4k-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-4k-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/applications/radarr-4k/templates/prometheus-rule.yaml b/clusters/cl01tl/applications/radarr-4k/templates/prometheus-rule.yaml deleted file mode 100644 index e3cab3d05..000000000 --- a/clusters/cl01tl/applications/radarr-4k/templates/prometheus-rule.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: radarr-4k - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-4k - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - groups: - - name: radarr-4k - rules: - - alert: ExportarrAbsent - annotations: - description: Radarr 4K Exportarr has disappeared from Prometheus - service discovery. - summary: Exportarr is down. - expr: | - absent(up{job=~".*radarr-4k.*"} == 1) - for: 5m - labels: - severity: critical - - alert: Radarr4kDown - annotations: - description: Radarr 4K service is down. - summary: Radarr 4K is down. - expr: | - radarr_4k_system_status{job=~".*radarr-4k.*"} == 0 - for: 5m - labels: - severity: critical diff --git a/clusters/cl01tl/applications/radarr-4k/templates/replication-source.yaml b/clusters/cl01tl/applications/radarr-4k/templates/replication-source.yaml deleted file mode 100644 index 6829ca51d..000000000 --- a/clusters/cl01tl/applications/radarr-4k/templates/replication-source.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: radarr-4k-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-4k-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: radarr-4k-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: radarr-4k-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - moverSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/radarr-4k/templates/service-monitor.yaml b/clusters/cl01tl/applications/radarr-4k/templates/service-monitor.yaml deleted file mode 100644 index 57d1ab55c..000000000 --- a/clusters/cl01tl/applications/radarr-4k/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: radarr-4k - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-4k - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: radarr-4k - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: metrics - interval: 3m - scrapeTimeout: 1m - path: /metrics diff --git a/clusters/cl01tl/applications/radarr-4k/values.yaml b/clusters/cl01tl/applications/radarr-4k/values.yaml deleted file mode 100644 index 3c598c07d..000000000 --- a/clusters/cl01tl/applications/radarr-4k/values.yaml +++ /dev/null @@ -1,151 +0,0 @@ -radarr-4k: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - containers: - main: - image: - repository: ghcr.io/linuxserver/radarr - tag: 6.0.4@sha256:06ac318ecb95a34c7b229568dcb4271f02cb5007bb189a0dd67a2032864187ca - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - resources: - requests: - cpu: 100m - memory: 256Mi - metrics: - image: - repository: ghcr.io/onedr0p/exportarr - tag: v2.3.0 - pullPolicy: IfNotPresent - args: ["radarr"] - env: - - name: URL - value: http://localhost - - name: CONFIG - value: /config/config.xml - - name: PORT - value: 9793 - - name: ENABLE_ADDITIONAL_METRICS - value: false - - name: ENABLE_UNKNOWN_QUEUE_ITEMS - value: false - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 7878 - protocol: HTTP - metrics: - port: 9793 - targetPort: 9793 - protocol: TCP - persistence: - config: - forceRename: radarr-4k-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 20Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - metrics: - - path: /config - readOnly: true - media: - existingClaim: radarr-4k-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: false -postgres-17-cluster: - nameOverride: radarr5-4k-postgresql-17 - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - resources: - requests: - memory: 1Gi - cpu: 200m - initdb: - postInitSQL: - - CREATE DATABASE "radarr-main" OWNER "app"; - - CREATE DATABASE "radarr-log" OWNER "app"; - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/radarr5-4k/radarr5-4k-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: radarr-4k-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/radarr5-4k/radarr5-4k-postgresql-17-cluster - index: 1 - endpointCredentials: radarr-4k-postgresql-17-cluster-backup-secret - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/radarr-4k/radarr5-4k-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: radarr-4k-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/radarr-4k/radarr5-4k-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: radarr-4k-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 18 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/applications/radarr-anime/Chart.yaml b/clusters/cl01tl/applications/radarr-anime/Chart.yaml deleted file mode 100644 index ad9532c00..000000000 --- a/clusters/cl01tl/applications/radarr-anime/Chart.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: v2 -name: radarr-anime -version: 1.0.0 -description: Radarr Anime -keywords: - - radarr - - servarr - - movies - - anime - - metrics -home: https://wiki.alexlebens.dev/s/b5687ceb-11db-49b3-9c77-bf27bc322c99 -sources: - - https://github.com/Radarr/Radarr - - https://github.com/linuxserver/docker-radarr - - https://github.com/onedr0p/exportarr - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/linuxserver/docker-radarr/pkgs/container/radarr - - https://github.com/onedr0p/exportarr/pkgs/container/exportarr - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: radarr-anime - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-anime.png -appVersion: 5.22.4 diff --git a/clusters/cl01tl/applications/radarr-anime/templates/external-secret.yaml b/clusters/cl01tl/applications/radarr-anime/templates/external-secret.yaml deleted file mode 100644 index 20beb063d..000000000 --- a/clusters/cl01tl/applications/radarr-anime/templates/external-secret.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: radarr-anime-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-anime-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/radarr5-anime/radarr5-anime-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: radarr-anime-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-anime-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: radarr-anime-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-anime-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/applications/radarr-anime/templates/http-route.yaml b/clusters/cl01tl/applications/radarr-anime/templates/http-route.yaml deleted file mode 100644 index 7fd42815c..000000000 --- a/clusters/cl01tl/applications/radarr-anime/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-radarr-anime - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-radarr-anime - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - radarr-anime.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: radarr-anime - port: 80 - weight: 100 diff --git a/clusters/cl01tl/applications/radarr-anime/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/radarr-anime/templates/persistent-volume-claim.yaml deleted file mode 100644 index 572bca509..000000000 --- a/clusters/cl01tl/applications/radarr-anime/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: radarr-anime-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-anime-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: radarr-anime-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/applications/radarr-anime/templates/persistent-volume.yaml b/clusters/cl01tl/applications/radarr-anime/templates/persistent-volume.yaml deleted file mode 100644 index de760a1b9..000000000 --- a/clusters/cl01tl/applications/radarr-anime/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: radarr-anime-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-anime-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/applications/radarr-anime/templates/prometheus-rule.yaml b/clusters/cl01tl/applications/radarr-anime/templates/prometheus-rule.yaml deleted file mode 100644 index 9134bf0c5..000000000 --- a/clusters/cl01tl/applications/radarr-anime/templates/prometheus-rule.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: radarr-anime - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-anime - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - groups: - - name: radarr-anime - rules: - - alert: ExportarrAbsent - annotations: - description: Radarr Anime Exportarr has disappeared from Prometheus - service discovery. - summary: Exportarr is down. - expr: | - absent(up{job=~".*radarr-anime.*"} == 1) - for: 5m - labels: - severity: critical - - alert: RadarrAnimeDown - annotations: - description: Radarr Anime service is down. - summary: Radarr Anime is down. - expr: | - radarr_anime_system_status{job=~".*radarr-anime.*"} == 0 - for: 5m - labels: - severity: critical diff --git a/clusters/cl01tl/applications/radarr-anime/templates/replication-source.yaml b/clusters/cl01tl/applications/radarr-anime/templates/replication-source.yaml deleted file mode 100644 index 8c2d38215..000000000 --- a/clusters/cl01tl/applications/radarr-anime/templates/replication-source.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: radarr-anime-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-anime-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: radarr-anime-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: radarr-anime-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - moverSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/radarr-anime/templates/service-monitor.yaml b/clusters/cl01tl/applications/radarr-anime/templates/service-monitor.yaml deleted file mode 100644 index a25b96e8b..000000000 --- a/clusters/cl01tl/applications/radarr-anime/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: radarr-anime - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-anime - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: radarr-anime - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: metrics - interval: 3m - scrapeTimeout: 1m - path: /metrics diff --git a/clusters/cl01tl/applications/radarr-anime/values.yaml b/clusters/cl01tl/applications/radarr-anime/values.yaml deleted file mode 100644 index 3914a9db3..000000000 --- a/clusters/cl01tl/applications/radarr-anime/values.yaml +++ /dev/null @@ -1,145 +0,0 @@ -radarr-anime: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - containers: - main: - image: - repository: ghcr.io/linuxserver/radarr - tag: 6.0.4@sha256:06ac318ecb95a34c7b229568dcb4271f02cb5007bb189a0dd67a2032864187ca - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - resources: - requests: - cpu: 10m - memory: 256Mi - metrics: - image: - repository: ghcr.io/onedr0p/exportarr - tag: v2.3.0 - pullPolicy: IfNotPresent - args: ["radarr"] - env: - - name: URL - value: http://localhost - - name: CONFIG - value: /config/config.xml - - name: PORT - value: 9793 - - name: ENABLE_ADDITIONAL_METRICS - value: false - - name: ENABLE_UNKNOWN_QUEUE_ITEMS - value: false - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 7878 - protocol: HTTP - metrics: - port: 9793 - targetPort: 9793 - protocol: TCP - persistence: - config: - forceRename: radarr-anime-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 20Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - metrics: - - path: /config - readOnly: true - media: - existingClaim: radarr-anime-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: false -postgres-17-cluster: - nameOverride: radarr5-anime-postgresql-17 - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - initdb: - postInitSQL: - - CREATE DATABASE "radarr-main" OWNER "app"; - - CREATE DATABASE "radarr-log" OWNER "app"; - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/radarr5-anime/radarr5-anime-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: radarr-anime-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/radarr5-anime/radarr5-anime-postgresql-17-cluster - index: 1 - endpointCredentials: radarr-anime-postgresql-17-cluster-backup-secret - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/radarr-anime/radarr5-anime-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: radarr-anime-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/radarr-anime/radarr5-anime-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: radarr-anime-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 20 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/applications/radarr-standup/Chart.yaml b/clusters/cl01tl/applications/radarr-standup/Chart.yaml deleted file mode 100644 index ae95dd97d..000000000 --- a/clusters/cl01tl/applications/radarr-standup/Chart.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v2 -name: radarr-standup -version: 1.0.0 -description: Radarr Stand Up -keywords: - - radarr - - servarr - - standup - - metrics -home: https://wiki.alexlebens.dev/s/b5687ceb-11db-49b3-9c77-bf27bc322c99 -sources: - - https://github.com/Radarr/Radarr - - https://github.com/linuxserver/docker-radarr - - https://github.com/onedr0p/exportarr - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/linuxserver/docker-radarr/pkgs/container/radarr - - https://github.com/onedr0p/exportarr/pkgs/container/exportarr - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: radarr-standup - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png -appVersion: 5.22.4 diff --git a/clusters/cl01tl/applications/radarr-standup/templates/external-secret.yaml b/clusters/cl01tl/applications/radarr-standup/templates/external-secret.yaml deleted file mode 100644 index 5f1f24a56..000000000 --- a/clusters/cl01tl/applications/radarr-standup/templates/external-secret.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: radarr-standup-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-standup-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/radarr5-standup/radarr5-standup-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: radarr-standup-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-standup-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: radarr-standup-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-standup-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/applications/radarr-standup/templates/http-route.yaml b/clusters/cl01tl/applications/radarr-standup/templates/http-route.yaml deleted file mode 100644 index 8d2a3c822..000000000 --- a/clusters/cl01tl/applications/radarr-standup/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-radarr-standup - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-radarr-standup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - radarr-standup.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: radarr-standup - port: 80 - weight: 100 diff --git a/clusters/cl01tl/applications/radarr-standup/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/radarr-standup/templates/persistent-volume-claim.yaml deleted file mode 100644 index 29ad7f688..000000000 --- a/clusters/cl01tl/applications/radarr-standup/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: radarr-standup-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-standup-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: radarr-standup-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/applications/radarr-standup/templates/persistent-volume.yaml b/clusters/cl01tl/applications/radarr-standup/templates/persistent-volume.yaml deleted file mode 100644 index 63cdd5dea..000000000 --- a/clusters/cl01tl/applications/radarr-standup/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: radarr-standup-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-standup-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/applications/radarr-standup/templates/prometheus-rule.yaml b/clusters/cl01tl/applications/radarr-standup/templates/prometheus-rule.yaml deleted file mode 100644 index 3e33b02c4..000000000 --- a/clusters/cl01tl/applications/radarr-standup/templates/prometheus-rule.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: radarr-standup - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-standup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - groups: - - name: radarr-standup - rules: - - alert: ExportarrAbsent - annotations: - description: Radarr Stand Up Exportarr has disappeared from Prometheus - service discovery. - summary: Exportarr is down. - expr: | - absent(up{job=~".*radarr-standup.*"} == 1) - for: 5m - labels: - severity: critical - - alert: RadarrStandUpDown - annotations: - description: Radarr Stand Up service is down. - summary: Radarr Stand Up is down. - expr: | - radarr_standup_system_status{job=~".*radarr-standup.*"} == 0 - for: 5m - labels: - severity: critical diff --git a/clusters/cl01tl/applications/radarr-standup/templates/replication-source.yaml b/clusters/cl01tl/applications/radarr-standup/templates/replication-source.yaml deleted file mode 100644 index b35406832..000000000 --- a/clusters/cl01tl/applications/radarr-standup/templates/replication-source.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: radarr-standup-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-standup-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: radarr-standup-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: radarr-standup-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - moverSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/radarr-standup/templates/service-monitor.yaml b/clusters/cl01tl/applications/radarr-standup/templates/service-monitor.yaml deleted file mode 100644 index 71c74be7e..000000000 --- a/clusters/cl01tl/applications/radarr-standup/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: radarr-standup - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-standup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: radarr-standup - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: metrics - interval: 3m - scrapeTimeout: 1m - path: /metrics diff --git a/clusters/cl01tl/applications/radarr-standup/values.yaml b/clusters/cl01tl/applications/radarr-standup/values.yaml deleted file mode 100644 index 90c032623..000000000 --- a/clusters/cl01tl/applications/radarr-standup/values.yaml +++ /dev/null @@ -1,145 +0,0 @@ -radarr-standup: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - containers: - main: - image: - repository: ghcr.io/linuxserver/radarr - tag: 6.0.4@sha256:06ac318ecb95a34c7b229568dcb4271f02cb5007bb189a0dd67a2032864187ca - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - resources: - requests: - cpu: 10m - memory: 256Mi - metrics: - image: - repository: ghcr.io/onedr0p/exportarr - tag: v2.3.0 - pullPolicy: IfNotPresent - args: ["radarr"] - env: - - name: URL - value: http://localhost - - name: CONFIG - value: /config/config.xml - - name: PORT - value: 9793 - - name: ENABLE_ADDITIONAL_METRICS - value: false - - name: ENABLE_UNKNOWN_QUEUE_ITEMS - value: false - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 7878 - protocol: HTTP - metrics: - port: 9793 - targetPort: 9793 - protocol: TCP - persistence: - config: - forceRename: radarr-standup-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 20Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - metrics: - - path: /config - readOnly: true - media: - existingClaim: radarr-standup-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: false -postgres-17-cluster: - nameOverride: radarr5-standup-postgresql-17 - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - initdb: - postInitSQL: - - CREATE DATABASE "radarr-main" OWNER "app"; - - CREATE DATABASE "radarr-log" OWNER "app"; - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/radarr5-standup/radarr5-standup-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: radarr-standup-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/radarr5-standup/radarr5-standup-postgresql-17-cluster - index: 1 - endpointCredentials: radarr-standup-postgresql-17-cluster-backup-secret - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/radarr-standup/radarr5-standup-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: radarr-standup-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/radarr-standup/radarr5-standup-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: radarr-standup-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 22 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/applications/radarr/Chart.yaml b/clusters/cl01tl/applications/radarr/Chart.yaml deleted file mode 100644 index fbb819be0..000000000 --- a/clusters/cl01tl/applications/radarr/Chart.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v2 -name: radarr -version: 1.0.0 -description: Radarr -keywords: - - radarr - - servarr - - movies - - metrics -home: https://wiki.alexlebens.dev/s/b5687ceb-11db-49b3-9c77-bf27bc322c99 -sources: - - https://github.com/Radarr/Radarr - - https://github.com/linuxserver/docker-radarr - - https://github.com/onedr0p/exportarr - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/linuxserver/docker-radarr/pkgs/container/radarr - - https://github.com/onedr0p/exportarr/pkgs/container/exportarr - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: radarr - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png -appVersion: 5.22.4 diff --git a/clusters/cl01tl/applications/radarr/templates/external-secret.yaml b/clusters/cl01tl/applications/radarr/templates/external-secret.yaml deleted file mode 100644 index aa1f929d9..000000000 --- a/clusters/cl01tl/applications/radarr/templates/external-secret.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: radarr-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/radarr5/radarr5-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: radarr-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: radarr-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/applications/radarr/templates/http-route.yaml b/clusters/cl01tl/applications/radarr/templates/http-route.yaml deleted file mode 100644 index 0dae2e263..000000000 --- a/clusters/cl01tl/applications/radarr/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-radarr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-radarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - radarr.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: radarr - port: 80 - weight: 100 diff --git a/clusters/cl01tl/applications/radarr/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/radarr/templates/persistent-volume-claim.yaml deleted file mode 100644 index 1c07245f8..000000000 --- a/clusters/cl01tl/applications/radarr/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: radarr-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: radarr-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/applications/radarr/templates/persistent-volume.yaml b/clusters/cl01tl/applications/radarr/templates/persistent-volume.yaml deleted file mode 100644 index 131d465cc..000000000 --- a/clusters/cl01tl/applications/radarr/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: radarr-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/applications/radarr/templates/prometheus-rule.yaml b/clusters/cl01tl/applications/radarr/templates/prometheus-rule.yaml deleted file mode 100644 index d5076ca9d..000000000 --- a/clusters/cl01tl/applications/radarr/templates/prometheus-rule.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: radarr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - groups: - - name: radarr - rules: - - alert: ExportarrAbsent - annotations: - description: Radarr Exportarr has disappeared from Prometheus - service discovery. - summary: Exportarr is down. - expr: | - absent(up{job=~".*radarr.*"} == 1) - for: 5m - labels: - severity: critical - - alert: RadarrDown - annotations: - description: Radarr service is down. - summary: Radarr is down. - expr: | - radarr_system_status{job=~".*radarr.*"} == 0 - for: 5m - labels: - severity: critical diff --git a/clusters/cl01tl/applications/radarr/templates/replication-source.yaml b/clusters/cl01tl/applications/radarr/templates/replication-source.yaml deleted file mode 100644 index 3d8f3c1f0..000000000 --- a/clusters/cl01tl/applications/radarr/templates/replication-source.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: radarr-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: radarr-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: radarr-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - moverSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/radarr/templates/service-monitor.yaml b/clusters/cl01tl/applications/radarr/templates/service-monitor.yaml deleted file mode 100644 index 4a5d7eb09..000000000 --- a/clusters/cl01tl/applications/radarr/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: radarr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: radarr - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: metrics - interval: 3m - scrapeTimeout: 1m - path: /metrics diff --git a/clusters/cl01tl/applications/radarr/values.yaml b/clusters/cl01tl/applications/radarr/values.yaml deleted file mode 100644 index 8d81bb8b0..000000000 --- a/clusters/cl01tl/applications/radarr/values.yaml +++ /dev/null @@ -1,151 +0,0 @@ -radarr: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - containers: - main: - image: - repository: ghcr.io/linuxserver/radarr - tag: 6.0.4@sha256:06ac318ecb95a34c7b229568dcb4271f02cb5007bb189a0dd67a2032864187ca - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - resources: - requests: - cpu: 100m - memory: 256Mi - metrics: - image: - repository: ghcr.io/onedr0p/exportarr - tag: v2.3.0 - pullPolicy: IfNotPresent - args: ["radarr"] - env: - - name: URL - value: http://localhost - - name: CONFIG - value: /config/config.xml - - name: PORT - value: 9793 - - name: ENABLE_ADDITIONAL_METRICS - value: false - - name: ENABLE_UNKNOWN_QUEUE_ITEMS - value: false - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 7878 - protocol: HTTP - metrics: - port: 9793 - targetPort: 9793 - protocol: TCP - persistence: - config: - forceRename: radarr-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 20Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - metrics: - - path: /config - readOnly: true - media: - existingClaim: radarr-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: false -postgres-17-cluster: - nameOverride: radarr5-postgresql-17 - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - resources: - requests: - memory: 1Gi - cpu: 200m - initdb: - postInitSQL: - - CREATE DATABASE "radarr-main" OWNER "app"; - - CREATE DATABASE "radarr-log" OWNER "app"; - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/radarr5/radarr5-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: radarr-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/radarr5/radarr5-postgresql-17-cluster - index: 2 - endpointCredentials: radarr-postgresql-17-cluster-backup-secret - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/radarr/radarr5-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: radarr-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/radarr/radarr5-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: radarr-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 16 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/applications/roundcube/Chart.yaml b/clusters/cl01tl/applications/roundcube/Chart.yaml deleted file mode 100644 index 788cd1b65..000000000 --- a/clusters/cl01tl/applications/roundcube/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v2 -name: roundcube -version: 1.0.0 -description: Roundcube -keywords: - - roundcube - - email -home: https://wiki.alexlebens.dev/s/68896660-74d8-4166-82bd-f7c282cdb08e -sources: - - https://github.com/roundcube/roundcubemail - - https://github.com/cloudnative-pg/cloudnative-pg - - https://hub.docker.com/r/roundcube/roundcubemail - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: roundcube - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/roundcube.png -appVersion: 1.6.10 diff --git a/clusters/cl01tl/applications/roundcube/templates/external-secret.yaml b/clusters/cl01tl/applications/roundcube/templates/external-secret.yaml deleted file mode 100644 index 23419d874..000000000 --- a/clusters/cl01tl/applications/roundcube/templates/external-secret.yaml +++ /dev/null @@ -1,145 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: roundcube-key-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: roundcube-key-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: DES_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/roundcube/key - metadataPolicy: None - property: DES_KEY - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: roundcube-data-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: roundcube-data-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/roundcube/roundcube-data" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: roundcube-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: roundcube-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: roundcube-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: roundcube-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/applications/roundcube/templates/http-route.yaml b/clusters/cl01tl/applications/roundcube/templates/http-route.yaml deleted file mode 100644 index b32e8fea1..000000000 --- a/clusters/cl01tl/applications/roundcube/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-mail - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-mail - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - mail.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: roundcube - port: 80 - weight: 100 diff --git a/clusters/cl01tl/applications/roundcube/templates/replication-source.yaml b/clusters/cl01tl/applications/roundcube/templates/replication-source.yaml deleted file mode 100644 index a7383cd31..000000000 --- a/clusters/cl01tl/applications/roundcube/templates/replication-source.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: roundcube-data-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: roundcube-data-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: roundcube-data - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: roundcube-data-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/roundcube/values.yaml b/clusters/cl01tl/applications/roundcube/values.yaml deleted file mode 100644 index 68255504f..000000000 --- a/clusters/cl01tl/applications/roundcube/values.yaml +++ /dev/null @@ -1,263 +0,0 @@ -roundcube: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: roundcube/roundcubemail - tag: 1.6.11-fpm-alpine - pullPolicy: IfNotPresent - env: - - name: ROUNDCUBEMAIL_DB_TYPE - value: pgsql - - name: ROUNDCUBEMAIL_DB_HOST - valueFrom: - secretKeyRef: - name: roundcube-postgresql-17-cluster-app - key: host - - name: ROUNDCUBEMAIL_DB_NAME - valueFrom: - secretKeyRef: - name: roundcube-postgresql-17-cluster-app - key: dbname - - name: ROUNDCUBEMAIL_DB_USER - valueFrom: - secretKeyRef: - name: roundcube-postgresql-17-cluster-app - key: user - - name: ROUNDCUBEMAIL_DB_PASSWORD - valueFrom: - secretKeyRef: - name: roundcube-postgresql-17-cluster-app - key: password - - name: ROUNDCUBEMAIL_DES_KEY - valueFrom: - secretKeyRef: - name: roundcube-key-secret - key: DES_KEY - - name: ROUNDCUBEMAIL_DEFAULT_HOST - value: stalwart.stalwart - - name: ROUNDCUBEMAIL_DEFAULT_PORT - value: 143 - - name: ROUNDCUBEMAIL_SMTP_SERVER - value: stalwart.stalwart - - name: ROUNDCUBEMAIL_SMTP_PORT - value: 25 - - name: ROUNDCUBEMAIL_SKIN - value: elastic - - name: ROUNDCUBEMAIL_PLUGINS - value: archive,zipdownload,newmail_notifier - resources: - requests: - cpu: 10m - memory: 256Mi - nginx: - image: - repository: nginx - tag: 1.29.3-alpine - pullPolicy: IfNotPresent - env: - - name: NGINX_HOST - value: mail.alexlebens.net - - name: NGINX_PHP_CGI - value: roundcube.roundcube:9000 - resources: - requests: - cpu: 10m - memory: 128Mi - cleandb: - type: cronjob - cronjob: - suspend: false - concurrencyPolicy: Forbid - timeZone: US/Central - schedule: 30 4 * * * - startingDeadlineSeconds: 90 - successfulJobsHistory: 3 - failedJobsHistory: 3 - backoffLimit: 3 - parallelism: 1 - containers: - backup: - image: - repository: roundcube/roundcubemail - tag: 1.6.11-fpm-alpine - pullPolicy: IfNotPresent - env: - - name: ROUNDCUBEMAIL_DB_TYPE - value: pgsql - - name: ROUNDCUBEMAIL_DB_HOST - valueFrom: - secretKeyRef: - name: roundcube-postgresql-17-cluster-app - key: host - - name: ROUNDCUBEMAIL_DB_NAME - valueFrom: - secretKeyRef: - name: roundcube-postgresql-17-cluster-app - key: dbname - - name: ROUNDCUBEMAIL_DB_USER - valueFrom: - secretKeyRef: - name: roundcube-postgresql-17-cluster-app - key: user - - name: ROUNDCUBEMAIL_DB_PASSWORD - valueFrom: - secretKeyRef: - name: roundcube-postgresql-17-cluster-app - key: password - - name: ROUNDCUBEMAIL_DES_KEY - valueFrom: - secretKeyRef: - name: roundcube-key-secret - key: DES_KEY - - name: ROUNDCUBEMAIL_DEFAULT_HOST - value: tls://stalwart.stalwart - - name: ROUNDCUBEMAIL_SMTP_SERVER - value: tls://stalwart.stalwart - - name: ROUNDCUBEMAIL_SKIN - value: elastic - - name: ROUNDCUBEMAIL_PLUGINS - value: archive,zipdownload,newmail_notifier - args: - - bin/cleandb.sh - resources: - requests: - cpu: 100m - memory: 128Mi - configMaps: - config: - enabled: true - data: - default.conf: | - server { - listen 80 default_server; - server_name _; - root /var/www/html; - - location / { - try_files $uri /index.php$is_args$args; - } - - location ~ \.php(/|$) { - try_files $uri =404; - fastcgi_pass roundcube:9000; - fastcgi_read_timeout 300; - proxy_read_timeout 300; - fastcgi_split_path_info ^(.+\.php)(/.*)$; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; - fastcgi_param DOCUMENT_ROOT $realpath_root; - internal; - } - - client_max_body_size 6m; - - error_log /var/log/nginx/error.log; - access_log /var/log/nginx/access.log; - } - service: - main: - controller: main - ports: - mail: - port: 9000 - targetPort: 9000 - protocol: HTTP - web: - port: 80 - targetPort: 80 - protocol: HTTP - persistence: - data: - forceRename: roundcube-data - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - main: - - path: /var/www/html - readOnly: false - nginx: - - path: /var/www/html - readOnly: false - temp: - type: emptyDir - advancedMounts: - main: - main: - - path: /tmp/roundcube-temp - readOnly: false - config: - enabled: true - type: configMap - name: roundcube-config - advancedMounts: - main: - nginx: - - path: /etc/nginx/conf.d/default.conf - readOnly: true - mountPropagation: None - subPath: default.conf -postgres-17-cluster: - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/roundcube/roundcube-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: roundcube-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/roundcube/roundcube-postgresql-17-cluster - index: 2 - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/roundcube/roundcube-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: roundcube-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/roundcube/roundcube-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: roundcube-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 24 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/applications/searxng/Chart.yaml b/clusters/cl01tl/applications/searxng/Chart.yaml deleted file mode 100644 index 84c6145fb..000000000 --- a/clusters/cl01tl/applications/searxng/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v2 -name: searxng -version: 1.0.0 -description: Searxng -keywords: - - searxng - - search -home: https://wiki.alexlebens.dev/s/6c6da68a-8725-4439-93c8-990ce824be54 -sources: - - https://github.com/searxng/searxng - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: searxng - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/searxng.png -appVersion: 1.0.0 diff --git a/clusters/cl01tl/applications/searxng/templates/external-secret.yaml b/clusters/cl01tl/applications/searxng/templates/external-secret.yaml deleted file mode 100644 index bb5ede8ad..000000000 --- a/clusters/cl01tl/applications/searxng/templates/external-secret.yaml +++ /dev/null @@ -1,85 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: searxng-api-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: searxng-api-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: settings.yml - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/searxng/api/config - metadataPolicy: None - property: settings.yml - - secretKey: limiter.toml - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/searxng/api/config - metadataPolicy: None - property: limiter.toml - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: searxng-browser-data-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: searxng-browser-data-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/searxng/searxng-browser-data" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key diff --git a/clusters/cl01tl/applications/searxng/templates/http-route.yaml b/clusters/cl01tl/applications/searxng/templates/http-route.yaml deleted file mode 100644 index 205106b74..000000000 --- a/clusters/cl01tl/applications/searxng/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-searxng - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-searxng - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - searxng.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: searxng-browser - port: 80 - weight: 100 diff --git a/clusters/cl01tl/applications/searxng/templates/redis-replication.yaml b/clusters/cl01tl/applications/searxng/templates/redis-replication.yaml deleted file mode 100644 index 21959b519..000000000 --- a/clusters/cl01tl/applications/searxng/templates/redis-replication.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: redis-replication-searxng - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-searxng - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - clusterSize: 3 - podSecurityContext: - runAsUser: 1000 - fsGroup: 1000 - kubernetesConfig: - image: quay.io/opstree/redis:v8.0.3 - imagePullPolicy: IfNotPresent - resources: - requests: - cpu: 50m - memory: 128Mi - storage: - volumeClaimTemplate: - spec: - storageClassName: ceph-block - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 1Gi - redisExporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.48.0 diff --git a/clusters/cl01tl/applications/searxng/templates/replication-source.yaml b/clusters/cl01tl/applications/searxng/templates/replication-source.yaml deleted file mode 100644 index 0c572c2e6..000000000 --- a/clusters/cl01tl/applications/searxng/templates/replication-source.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: searxng-browser-data-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: searxng-browser-data-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: searxng-browser-data - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: searxng-browser-data-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/searxng/templates/service-monitor.yaml b/clusters/cl01tl/applications/searxng/templates/service-monitor.yaml deleted file mode 100644 index ebb5165f1..000000000 --- a/clusters/cl01tl/applications/searxng/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: redis-replication-searxng - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-searxng - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - redis-operator: "true" - env: production -spec: - selector: - matchLabels: - redis_setup_type: replication - endpoints: - - port: redis-exporter - interval: 30s - scrapeTimeout: 10s diff --git a/clusters/cl01tl/applications/searxng/values.yaml b/clusters/cl01tl/applications/searxng/values.yaml deleted file mode 100644 index 011e6b7b6..000000000 --- a/clusters/cl01tl/applications/searxng/values.yaml +++ /dev/null @@ -1,113 +0,0 @@ -searxng: - controllers: - api: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: searxng/searxng - tag: latest@sha256:0124d32d77e0c7360d0b85f5d91882d1837e6ceb243c82e190f5d7e9f1401334 - pullPolicy: IfNotPresent - env: - - name: SEARXNG_BASE_URL - value: http://searxng-api.searxng:8080 - - name: SEARXNG_QUERY_URL - value: http://searxng-api.searxng:8080/search?q= - - name: SEARXNG_HOSTNAME - value: searxng-api.searxng - - name: UWSGI_WORKERS - value: 4 - - name: UWSGI_THREADS - value: 4 - - name: ENABLE_RAG_WEB_SEARCH - value: true - - name: RAG_WEB_SEARCH_ENGINE - value: searxng - - name: RAG_WEB_SEARCH_RESULT_COUNT - value: 3 - - name: RAG_WEB_SEARCH_CONCURRENT_REQUESTS - value: 10 - resources: - requests: - cpu: 10m - memory: 256Mi - browser: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: searxng/searxng - tag: latest@sha256:0124d32d77e0c7360d0b85f5d91882d1837e6ceb243c82e190f5d7e9f1401334 - pullPolicy: IfNotPresent - env: - - name: SEARXNG_BASE_URL - value: https://searxng.alexlebens.net/ - - name: SEARXNG_QUERY_URL - value: https://searxng.alexlebens.net/search?q= - - name: SEARXNG_HOSTNAME - value: searxng.alexlebens.net - - name: SEARXNG_REDIS_URL - value: redis://redis-replication-searxng-master.searxng:6379/0 - - name: UWSGI_WORKERS - value: 4 - - name: UWSGI_THREADS - value: 4 - resources: - requests: - cpu: 10m - memory: 256Mi - service: - api: - controller: api - ports: - mail: - port: 8080 - targetPort: 8080 - protocol: HTTP - browser: - controller: browser - ports: - mail: - port: 80 - targetPort: 8080 - protocol: HTTP - persistence: - config: - enabled: true - type: secret - name: searxng-api-config-secret - advancedMounts: - api: - main: - - path: /etc/searxng/settings.yml - readOnly: true - mountPropagation: None - subPath: settings.yml - - path: /etc/searxng/limiter.toml - readOnly: true - mountPropagation: None - subPath: limiter.toml - api-data: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - advancedMounts: - api: - main: - - path: /etc/searxng - readOnly: false - browser-data: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - advancedMounts: - browser: - main: - - path: /etc/searxng - readOnly: false diff --git a/clusters/cl01tl/applications/site-documentation/Chart.yaml b/clusters/cl01tl/applications/site-documentation/Chart.yaml deleted file mode 100644 index f4e151a34..000000000 --- a/clusters/cl01tl/applications/site-documentation/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v2 -name: site-documentation -version: 1.0.0 -description: Site Documentation -keywords: - - site-documentation - - astro -home: https://wiki.alexlebens.dev/s/1c39adb6-e0c6-4b01-b71f-278631adf584 -sources: - - https://github.com/alexlebens/site-documentation - - https://github.com/withastro/astro - - https://github.com/cloudflare/cloudflared - - https://github.com/alexlebens/site-documentation/pkgs/container/site-documentation - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: site-documentation - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: cloudflared - alias: cloudflared-site - repository: oci://harbor.alexlebens.net/helm-charts - version: 1.23.0 -icon: https://d21zlbwtcn424f.cloudfront.net/logo-new-round.png -appVersion: 0.8.1 diff --git a/clusters/cl01tl/applications/site-documentation/templates/external-secret.yaml b/clusters/cl01tl/applications/site-documentation/templates/external-secret.yaml deleted file mode 100644 index 31c8f9093..000000000 --- a/clusters/cl01tl/applications/site-documentation/templates/external-secret.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: site-documentation-cloudflared-api-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: site-documentation-cloudflared-api-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/site-documentation - metadataPolicy: None - property: token diff --git a/clusters/cl01tl/applications/site-documentation/values.yaml b/clusters/cl01tl/applications/site-documentation/values.yaml deleted file mode 100644 index 298ed57f1..000000000 --- a/clusters/cl01tl/applications/site-documentation/values.yaml +++ /dev/null @@ -1,30 +0,0 @@ -site-documentation: - global: - fullnameOverride: site-documentation - controllers: - main: - type: deployment - replicas: 3 - strategy: RollingUpdate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: harbor.alexlebens.net/images/site-documentation - tag: 0.0.3 - pullPolicy: IfNotPresent - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 4321 - protocol: HTTP -cloudflared-site: - name: cloudflared-site - existingSecretName: site-documentation-cloudflared-api-secret diff --git a/clusters/cl01tl/applications/site-profile/Chart.yaml b/clusters/cl01tl/applications/site-profile/Chart.yaml deleted file mode 100644 index b61c8fe12..000000000 --- a/clusters/cl01tl/applications/site-profile/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v2 -name: site-profile -version: 1.0.0 -description: Site Profile -keywords: - - site-profile - - astro -home: https://wiki.alexlebens.dev/s/1c39adb6-e0c6-4b01-b71f-278631adf584 -sources: - - https://github.com/alexlebens/site-profile - - https://github.com/withastro/astro - - https://github.com/cloudflare/cloudflared - - https://github.com/alexlebens/site-profile/pkgs/container/site-profile - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: site-profile - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: cloudflared - alias: cloudflared-site - repository: oci://harbor.alexlebens.net/helm-charts - version: 1.23.0 -icon: https://d21zlbwtcn424f.cloudfront.net/logo-new-round.png -appVersion: 2.0.1 diff --git a/clusters/cl01tl/applications/site-profile/templates/external-secret.yaml b/clusters/cl01tl/applications/site-profile/templates/external-secret.yaml deleted file mode 100644 index b81c01241..000000000 --- a/clusters/cl01tl/applications/site-profile/templates/external-secret.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: site-profile-cloudflared-api-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: site-profile-cloudflared-api-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/site-profile - metadataPolicy: None - property: token diff --git a/clusters/cl01tl/applications/site-profile/values.yaml b/clusters/cl01tl/applications/site-profile/values.yaml deleted file mode 100644 index fcc887b78..000000000 --- a/clusters/cl01tl/applications/site-profile/values.yaml +++ /dev/null @@ -1,30 +0,0 @@ -site-profile: - global: - fullnameOverride: site-profile - controllers: - main: - type: deployment - replicas: 3 - strategy: RollingUpdate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: harbor.alexlebens.net/images/site-profile - tag: 2.1.0 - pullPolicy: IfNotPresent - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 4321 - protocol: HTTP -cloudflared-site: - name: cloudflared-site - existingSecretName: site-profile-cloudflared-api-secret diff --git a/clusters/cl01tl/applications/slskd/Chart.yaml b/clusters/cl01tl/applications/slskd/Chart.yaml deleted file mode 100644 index 233f4ea2f..000000000 --- a/clusters/cl01tl/applications/slskd/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v2 -name: slskd -version: 1.0.0 -description: slskd -keywords: - - slskd - - soularr - - lidarr - - music -home: https://wiki.alexlebens.dev/s/ea931f86-1e70-480c-8002-64380b267cd7 -sources: - - https://github.com/slskd/slskd - - https://github.com/mrusse/soularr - - https://hub.docker.com/r/slskd/slskd - - https://hub.docker.com/r/mrusse08/soularr - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: slskd - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/slskd.png -appVersion: 0.22.5 diff --git a/clusters/cl01tl/applications/slskd/templates/external-secret.yaml b/clusters/cl01tl/applications/slskd/templates/external-secret.yaml deleted file mode 100644 index 0e35e7987..000000000 --- a/clusters/cl01tl/applications/slskd/templates/external-secret.yaml +++ /dev/null @@ -1,67 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: slskd-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: slskd-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: slskd.yml - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/slskd/config - metadataPolicy: None - property: slskd.yml - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: soularr-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: soularr-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: config.ini - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/slskd/soularr - metadataPolicy: None - property: config.ini - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: slskd-wireguard-conf - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: slskd-wireguard-conf - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: private-key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /protonvpn/conf/cl01tl - metadataPolicy: None - property: private-key diff --git a/clusters/cl01tl/applications/slskd/templates/http-route.yaml b/clusters/cl01tl/applications/slskd/templates/http-route.yaml deleted file mode 100644 index 5701ed24c..000000000 --- a/clusters/cl01tl/applications/slskd/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-slskd - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-slskd - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - slskd.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: slskd - port: 5030 - weight: 100 diff --git a/clusters/cl01tl/applications/slskd/templates/namespace.yaml b/clusters/cl01tl/applications/slskd/templates/namespace.yaml deleted file mode 100644 index 9793bc56d..000000000 --- a/clusters/cl01tl/applications/slskd/templates/namespace.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: slskd - labels: - app.kubernetes.io/name: slskd - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - pod-security.kubernetes.io/audit: privileged - pod-security.kubernetes.io/enforce: privileged - pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/applications/slskd/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/slskd/templates/persistent-volume-claim.yaml deleted file mode 100644 index b44e26d30..000000000 --- a/clusters/cl01tl/applications/slskd/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: slskd-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: slskd-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: slskd-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/applications/slskd/templates/persistent-volume.yaml b/clusters/cl01tl/applications/slskd/templates/persistent-volume.yaml deleted file mode 100644 index 3e234f75a..000000000 --- a/clusters/cl01tl/applications/slskd/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: slskd-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: slskd-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/applications/slskd/templates/service-monitor.yaml b/clusters/cl01tl/applications/slskd/templates/service-monitor.yaml deleted file mode 100644 index caf82f4ee..000000000 --- a/clusters/cl01tl/applications/slskd/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: slskd - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: slskd - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: slskd - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: http - interval: 3m - scrapeTimeout: 1m - path: /metrics diff --git a/clusters/cl01tl/applications/slskd/values.yaml b/clusters/cl01tl/applications/slskd/values.yaml deleted file mode 100644 index bbd10ebe1..000000000 --- a/clusters/cl01tl/applications/slskd/values.yaml +++ /dev/null @@ -1,153 +0,0 @@ -slskd: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - initContainers: - init-sysctl: - image: - repository: busybox - tag: 1.37.0 - pullPolicy: IfNotPresent - securityContext: - privileged: True - resources: - requests: - cpu: 10m - memory: 128Mi - command: - - /bin/sh - args: - - -ec - - | - sysctl -w net.ipv4.ip_forward=1; - sysctl -w net.ipv6.conf.all.disable_ipv6=1 - containers: - main: - image: - repository: slskd/slskd - tag: 0.24.0 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - - name: SLSKD_UMASK - value: 000 - resources: - requests: - cpu: 100m - memory: 512Mi - gluetun: - image: - repository: ghcr.io/qdm12/gluetun - tag: v3.40.3@sha256:ef4a44819a60469682c7b5e69183e6401171891feaa60186652d292c59e41b30 - pullPolicy: IfNotPresent - env: - - name: VPN_SERVICE_PROVIDER - value: protonvpn - - name: VPN_TYPE - value: wireguard - - name: WIREGUARD_PRIVATE_KEY - valueFrom: - secretKeyRef: - name: slskd-wireguard-conf - key: private-key - - name: VPN_PORT_FORWARDING - value: "on" - - name: PORT_FORWARD_ONLY - value: "on" - - name: FIREWALL_OUTBOUND_SUBNETS - value: 192.168.1.0/24,10.244.0.0/16 - - name: FIREWALL_INPUT_PORTS - value: 5030,50300 - - name: DOT - value: "off" - securityContext: - privileged: true - capabilities: - add: - - NET_ADMIN - - SYS_MODULE - resources: - limits: - devic.es/tun: "1" - requests: - devic.es/tun: "1" - cpu: 10m - memory: 128Mi - soularr: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - containers: - main: - image: - repository: mrusse08/soularr - tag: latest@sha256:71a0b9e5a522d76bb0ffdb6d720d681fde22417b3a5acc9ecae61c89d05d8afc - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - - name: SCRIPT_INTERVAL - value: 300 - resources: - requests: - cpu: 10m - memory: 256Mi - service: - main: - controller: main - ports: - http: - port: 5030 - targetPort: 5030 - protocol: HTTP - persistence: - slskd-config: - enabled: true - type: secret - name: slskd-config-secret - advancedMounts: - main: - main: - - path: /app/slskd.yml - readOnly: true - mountPropagation: None - subPath: slskd.yml - soularr-config: - enabled: true - type: secret - name: soularr-config-secret - advancedMounts: - soularr: - main: - - path: /data/config.ini - readOnly: true - mountPropagation: None - subPath: config.ini - data: - existingClaim: slskd-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: false - soularr: - main: - - path: /mnt/store - readOnly: false diff --git a/clusters/cl01tl/applications/sonarr-4k/Chart.yaml b/clusters/cl01tl/applications/sonarr-4k/Chart.yaml deleted file mode 100644 index 441c8912d..000000000 --- a/clusters/cl01tl/applications/sonarr-4k/Chart.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: v2 -name: sonarr-4k -version: 1.0.0 -description: Sonarr 4K -keywords: - - sonarr - - servarr - - tv shows - - 4k - - metrics -home: https://wiki.alexlebens.dev/s/3f8f5392-2e05-4bff-a798-7faf1bb24991 -sources: - - https://github.com/Sonarr/Sonarr - - https://github.com/linuxserver/docker-sonarr - - https://github.com/onedr0p/exportarr - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/linuxserver/docker-sonarr/pkgs/container/sonarr - - https://github.com/onedr0p/exportarr/pkgs/container/exportarr - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: sonarr-4k - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png -appVersion: 4.0.14 diff --git a/clusters/cl01tl/applications/sonarr-4k/templates/external-secret.yaml b/clusters/cl01tl/applications/sonarr-4k/templates/external-secret.yaml deleted file mode 100644 index 423b502df..000000000 --- a/clusters/cl01tl/applications/sonarr-4k/templates/external-secret.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: sonarr-4k-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-4k-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/sonarr4-4k/sonarr4-4k-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: sonarr-4k-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-4k-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: sonarr-4k-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-4k-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/applications/sonarr-4k/templates/http-route.yaml b/clusters/cl01tl/applications/sonarr-4k/templates/http-route.yaml deleted file mode 100644 index bdfd2a4f8..000000000 --- a/clusters/cl01tl/applications/sonarr-4k/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-sonarr-4k - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-sonarr-4k - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - sonarr-4k.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: sonarr-4k - port: 80 - weight: 100 diff --git a/clusters/cl01tl/applications/sonarr-4k/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/sonarr-4k/templates/persistent-volume-claim.yaml deleted file mode 100644 index 388857422..000000000 --- a/clusters/cl01tl/applications/sonarr-4k/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: sonarr-4k-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-4k-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: sonarr-4k-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/applications/sonarr-4k/templates/persistent-volume.yaml b/clusters/cl01tl/applications/sonarr-4k/templates/persistent-volume.yaml deleted file mode 100644 index 8049c36c9..000000000 --- a/clusters/cl01tl/applications/sonarr-4k/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: sonarr-4k-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-4k-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/applications/sonarr-4k/templates/prometheus-rule.yaml b/clusters/cl01tl/applications/sonarr-4k/templates/prometheus-rule.yaml deleted file mode 100644 index 407d04562..000000000 --- a/clusters/cl01tl/applications/sonarr-4k/templates/prometheus-rule.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: sonarr-4k - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-4k - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - groups: - - name: sonarr-4k - rules: - - alert: ExportarrAbsent - annotations: - description: Sonarr 4K Exportarr has disappeared from Prometheus - service discovery. - summary: Exportarr is down. - expr: | - absent(up{job=~".*sonarr-4k.*"} == 1) - for: 5m - labels: - severity: critical - - alert: Sonarr4KDown - annotations: - description: Sonarr 4K service is down. - summary: Sonarr 4K is down. - expr: | - sonarr_4k_system_status{job=~".*sonarr-4k.*"} == 0 - for: 5m - labels: - severity: critical diff --git a/clusters/cl01tl/applications/sonarr-4k/templates/replication-source.yaml b/clusters/cl01tl/applications/sonarr-4k/templates/replication-source.yaml deleted file mode 100644 index 998e9b558..000000000 --- a/clusters/cl01tl/applications/sonarr-4k/templates/replication-source.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: sonarr-4k-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-4k-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: sonarr-4k-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: sonarr-4k-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - moverSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/sonarr-4k/templates/service-monitor.yaml b/clusters/cl01tl/applications/sonarr-4k/templates/service-monitor.yaml deleted file mode 100644 index 3b87474f0..000000000 --- a/clusters/cl01tl/applications/sonarr-4k/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: sonarr-4k - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-4k - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: sonarr-4k - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: metrics - interval: 3m - scrapeTimeout: 1m - path: /metrics diff --git a/clusters/cl01tl/applications/sonarr-4k/values.yaml b/clusters/cl01tl/applications/sonarr-4k/values.yaml deleted file mode 100644 index 56b0a7ef7..000000000 --- a/clusters/cl01tl/applications/sonarr-4k/values.yaml +++ /dev/null @@ -1,148 +0,0 @@ -sonarr-4k: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - containers: - main: - image: - repository: ghcr.io/linuxserver/sonarr - tag: 4.0.16@sha256:60e5edcac39172294ad22d55d1b08c2c0a9fe658cad2f2c4d742ae017d7874de - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - resources: - requests: - cpu: 10m - memory: 256Mi - metrics: - image: - repository: ghcr.io/onedr0p/exportarr - tag: v2.3.0 - pullPolicy: IfNotPresent - args: ["sonarr"] - env: - - name: URL - value: http://localhost - - name: CONFIG - value: /config/config.xml - - name: PORT - value: 9794 - - name: ENABLE_ADDITIONAL_METRICS - value: false - - name: ENABLE_UNKNOWN_QUEUE_ITEMS - value: false - resources: - requests: - cpu: 10m - memory: 256Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 8989 - protocol: HTTP - metrics: - port: 9794 - targetPort: 9794 - protocol: TCP - persistence: - config: - forceRename: sonarr-4k-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 20Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - metrics: - - path: /config - readOnly: true - media: - existingClaim: sonarr-4k-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: false -postgres-17-cluster: - nameOverride: sonarr4-4k-postgresql-17 - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - resources: - requests: - memory: 512Mi - monitoring: - enabled: true - prometheusRule: - enabled: true - initdb: - postInitSQL: - - CREATE DATABASE "sonarr-main" OWNER "app"; - - CREATE DATABASE "sonarr-log" OWNER "app"; - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/sonarr-4k/sonarr4-4k-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: sonarr-4k-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/sonarr4-4k/sonarr4-4k-postgresql-17-cluster - index: 1 - endpointCredentials: sonarr-4k-postgresql-17-cluster-backup-secret - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/sonarr-4k/sonarr4-4k-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: sonarr-4k-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/sonarr-4k/sonarr4-4k-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: sonarr-4k-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 28 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/applications/sonarr-anime/Chart.yaml b/clusters/cl01tl/applications/sonarr-anime/Chart.yaml deleted file mode 100644 index f0a05f23e..000000000 --- a/clusters/cl01tl/applications/sonarr-anime/Chart.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v2 -name: sonarr-anime -version: 1.0.0 -description: Sonarr Anime -keywords: - - sonarr - - servarr - - anime - - metrics -home: https://wiki.alexlebens.dev/s/3f8f5392-2e05-4bff-a798-7faf1bb24991 -sources: - - https://github.com/Sonarr/Sonarr - - https://github.com/linuxserver/docker-sonarr - - https://github.com/onedr0p/exportarr - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/linuxserver/docker-sonarr/pkgs/container/sonarr - - https://github.com/onedr0p/exportarr/pkgs/container/exportarr - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: sonarr-anime - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png -appVersion: 4.0.14 diff --git a/clusters/cl01tl/applications/sonarr-anime/templates/external-secret.yaml b/clusters/cl01tl/applications/sonarr-anime/templates/external-secret.yaml deleted file mode 100644 index 781cce519..000000000 --- a/clusters/cl01tl/applications/sonarr-anime/templates/external-secret.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: sonarr-anime-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-anime-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/sonarr4-anime/sonarr4-anime-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: sonarr-anime-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-anime-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: sonarr-anime-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-anime-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/applications/sonarr-anime/templates/http-route.yaml b/clusters/cl01tl/applications/sonarr-anime/templates/http-route.yaml deleted file mode 100644 index 1b468f31c..000000000 --- a/clusters/cl01tl/applications/sonarr-anime/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-sonarr-anime - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-sonarr-anime - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - sonarr-anime.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: sonarr-anime - port: 80 - weight: 100 diff --git a/clusters/cl01tl/applications/sonarr-anime/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/sonarr-anime/templates/persistent-volume-claim.yaml deleted file mode 100644 index e0e63952a..000000000 --- a/clusters/cl01tl/applications/sonarr-anime/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: sonarr-anime-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-anime-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: sonarr-anime-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/applications/sonarr-anime/templates/persistent-volume.yaml b/clusters/cl01tl/applications/sonarr-anime/templates/persistent-volume.yaml deleted file mode 100644 index 3ee8f4c63..000000000 --- a/clusters/cl01tl/applications/sonarr-anime/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: sonarr-anime-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-anime-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/applications/sonarr-anime/templates/prometheus-rule.yaml b/clusters/cl01tl/applications/sonarr-anime/templates/prometheus-rule.yaml deleted file mode 100644 index dbcc8e998..000000000 --- a/clusters/cl01tl/applications/sonarr-anime/templates/prometheus-rule.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: sonarr-anime - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-anime - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - groups: - - name: sonarr-anime - rules: - - alert: ExportarrAbsent - annotations: - description: Sonarr Anime Exportarr has disappeared from Prometheus - service discovery. - summary: Exportarr is down. - expr: | - absent(up{job=~".*sonarr-anime.*"} == 1) - for: 5m - labels: - severity: critical - - alert: SonarrAnimeDown - annotations: - description: Sonarr Anime service is down. - summary: Sonarr Anime is down. - expr: | - sonarr_anime_system_status{job=~".*sonarr-anime.*"} == 0 - for: 5m - labels: - severity: critical diff --git a/clusters/cl01tl/applications/sonarr-anime/templates/replication-source.yaml b/clusters/cl01tl/applications/sonarr-anime/templates/replication-source.yaml deleted file mode 100644 index 59ad2f218..000000000 --- a/clusters/cl01tl/applications/sonarr-anime/templates/replication-source.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: sonarr-anime-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-anime-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: sonarr-anime-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: sonarr-anime-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - moverSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/sonarr-anime/templates/service-monitor.yaml b/clusters/cl01tl/applications/sonarr-anime/templates/service-monitor.yaml deleted file mode 100644 index 6e46f252a..000000000 --- a/clusters/cl01tl/applications/sonarr-anime/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: sonarr-anime - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-anime - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: sonarr-anime - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: metrics - interval: 3m - scrapeTimeout: 1m - path: /metrics diff --git a/clusters/cl01tl/applications/sonarr-anime/values.yaml b/clusters/cl01tl/applications/sonarr-anime/values.yaml deleted file mode 100644 index 5f4939f8e..000000000 --- a/clusters/cl01tl/applications/sonarr-anime/values.yaml +++ /dev/null @@ -1,148 +0,0 @@ -sonarr-anime: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - containers: - main: - image: - repository: ghcr.io/linuxserver/sonarr - tag: 4.0.16@sha256:60e5edcac39172294ad22d55d1b08c2c0a9fe658cad2f2c4d742ae017d7874de - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - resources: - requests: - cpu: 10m - memory: 256Mi - metrics: - image: - repository: ghcr.io/onedr0p/exportarr - tag: v2.3.0 - pullPolicy: IfNotPresent - args: ["sonarr"] - env: - - name: URL - value: http://localhost - - name: CONFIG - value: /config/config.xml - - name: PORT - value: 9794 - - name: ENABLE_ADDITIONAL_METRICS - value: false - - name: ENABLE_UNKNOWN_QUEUE_ITEMS - value: false - resources: - requests: - cpu: 10m - memory: 256Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 8989 - protocol: HTTP - metrics: - port: 9794 - targetPort: 9794 - protocol: TCP - persistence: - config: - forceRename: sonarr-anime-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 20Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - metrics: - - path: /config - readOnly: true - media: - existingClaim: sonarr-anime-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: false -postgres-17-cluster: - nameOverride: sonarr4-anime-postgresql-17 - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - resources: - requests: - memory: 512Mi - monitoring: - enabled: true - prometheusRule: - enabled: true - initdb: - postInitSQL: - - CREATE DATABASE "sonarr-main" OWNER "app"; - - CREATE DATABASE "sonarr-log" OWNER "app"; - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/sonarr-anime/sonarr4-anime-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: sonarr-anime-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/sonarr4-anime/sonarr4-anime-postgresql-17-cluster - index: 1 - endpointCredentials: sonarr-anime-postgresql-17-cluster-backup-secret - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/sonarr-anime/sonarr4-anime-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: sonarr-anime-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/sonarr-anime/sonarr4-anime-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: sonarr-anime-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 30 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/applications/sonarr/Chart.yaml b/clusters/cl01tl/applications/sonarr/Chart.yaml deleted file mode 100644 index 21b6dd13d..000000000 --- a/clusters/cl01tl/applications/sonarr/Chart.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v2 -name: sonarr -version: 1.0.0 -description: Sonarr -keywords: - - sonarr - - servarr - - tv shows - - metrics -home: https://wiki.alexlebens.dev/s/3f8f5392-2e05-4bff-a798-7faf1bb24991 -sources: - - https://github.com/Sonarr/Sonarr - - https://github.com/linuxserver/docker-sonarr - - https://github.com/onedr0p/exportarr - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/linuxserver/docker-sonarr/pkgs/container/sonarr - - https://github.com/onedr0p/exportarr/pkgs/container/exportarr - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: sonarr - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png -appVersion: 4.0.14 diff --git a/clusters/cl01tl/applications/sonarr/templates/external-secret.yaml b/clusters/cl01tl/applications/sonarr/templates/external-secret.yaml deleted file mode 100644 index 71e637fa0..000000000 --- a/clusters/cl01tl/applications/sonarr/templates/external-secret.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: sonarr-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/sonarr4/sonarr4-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: sonarr-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: sonarr-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/applications/sonarr/templates/http-route.yaml b/clusters/cl01tl/applications/sonarr/templates/http-route.yaml deleted file mode 100644 index dccafa675..000000000 --- a/clusters/cl01tl/applications/sonarr/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-sonarr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-sonarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - sonarr.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: sonarr - port: 80 - weight: 100 diff --git a/clusters/cl01tl/applications/sonarr/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/sonarr/templates/persistent-volume-claim.yaml deleted file mode 100644 index 72cf49562..000000000 --- a/clusters/cl01tl/applications/sonarr/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: sonarr-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: sonarr-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/applications/sonarr/templates/persistent-volume.yaml b/clusters/cl01tl/applications/sonarr/templates/persistent-volume.yaml deleted file mode 100644 index a23f24017..000000000 --- a/clusters/cl01tl/applications/sonarr/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: sonarr-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/applications/sonarr/templates/prometheus-rule.yaml b/clusters/cl01tl/applications/sonarr/templates/prometheus-rule.yaml deleted file mode 100644 index 5459fd7c3..000000000 --- a/clusters/cl01tl/applications/sonarr/templates/prometheus-rule.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: sonarr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - groups: - - name: sonarr - rules: - - alert: ExportarrAbsent - annotations: - description: Sonarr Exportarr has disappeared from Prometheus - service discovery. - summary: Exportarr is down. - expr: | - absent(up{job=~".*sonarr.*"} == 1) - for: 5m - labels: - severity: critical - - alert: SonarrDown - annotations: - description: Sonarr service is down. - summary: Sonarr is down. - expr: | - sonarr_system_status{job=~".*sonarr.*"} == 0 - for: 5m - labels: - severity: critical diff --git a/clusters/cl01tl/applications/sonarr/templates/replication-source.yaml b/clusters/cl01tl/applications/sonarr/templates/replication-source.yaml deleted file mode 100644 index 3116d7605..000000000 --- a/clusters/cl01tl/applications/sonarr/templates/replication-source.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: sonarr-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: sonarr-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: sonarr-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - moverSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/sonarr/templates/service-monitor.yaml b/clusters/cl01tl/applications/sonarr/templates/service-monitor.yaml deleted file mode 100644 index 612b0af5e..000000000 --- a/clusters/cl01tl/applications/sonarr/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: sonarr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: sonarr - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: metrics - interval: 3m - scrapeTimeout: 1m - path: /metrics diff --git a/clusters/cl01tl/applications/sonarr/values.yaml b/clusters/cl01tl/applications/sonarr/values.yaml deleted file mode 100644 index 2f82a1f15..000000000 --- a/clusters/cl01tl/applications/sonarr/values.yaml +++ /dev/null @@ -1,149 +0,0 @@ -sonarr: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - containers: - main: - image: - repository: ghcr.io/linuxserver/sonarr - tag: 4.0.16@sha256:60e5edcac39172294ad22d55d1b08c2c0a9fe658cad2f2c4d742ae017d7874de - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - resources: - requests: - cpu: 100m - memory: 256Mi - metrics: - image: - repository: ghcr.io/onedr0p/exportarr - tag: v2.3.0 - pullPolicy: IfNotPresent - args: ["sonarr"] - env: - - name: URL - value: http://localhost - - name: CONFIG - value: /config/config.xml - - name: PORT - value: 9794 - - name: ENABLE_ADDITIONAL_METRICS - value: false - - name: ENABLE_UNKNOWN_QUEUE_ITEMS - value: false - resources: - requests: - cpu: 10m - memory: 256Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 8989 - protocol: HTTP - metrics: - port: 9794 - targetPort: 9794 - protocol: TCP - persistence: - config: - forceRename: sonarr-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 20Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - metrics: - - path: /config - readOnly: true - media: - existingClaim: sonarr-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: false -postgres-17-cluster: - nameOverride: sonarr4-postgresql-17 - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - resources: - requests: - memory: 1Gi - cpu: 200m - initdb: - postInitSQL: - - CREATE DATABASE "sonarr-main" OWNER "app"; - - CREATE DATABASE "sonarr-log" OWNER "app"; - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/sonarr/sonarr4-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: sonarr-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/sonarr4/sonarr4-postgresql-17-cluster - index: 1 - endpointCredentials: sonarr-postgresql-17-cluster-backup-secret - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/sonarr/sonarr4-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: sonarr-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/sonarr/sonarr4-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: sonarr-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 26 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/applications/tautulli/Chart.yaml b/clusters/cl01tl/applications/tautulli/Chart.yaml deleted file mode 100644 index b14d2d14b..000000000 --- a/clusters/cl01tl/applications/tautulli/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: tautulli -version: 1.0.0 -description: Tautulli -keywords: - - tautulli - - plex -home: https://wiki.alexlebens.dev/s/b2f5d20a-b3c2-4e7a-b550-7b2855264408 -sources: - - https://github.com/Tautulli/Tautulli - - https://github.com/Tautulli/Tautulli/pkgs/container/tautulli - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: tautulli - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tautulli.png -appVersion: v2.15.2 diff --git a/clusters/cl01tl/applications/tautulli/templates/external-secret.yaml b/clusters/cl01tl/applications/tautulli/templates/external-secret.yaml deleted file mode 100644 index e6f3ad704..000000000 --- a/clusters/cl01tl/applications/tautulli/templates/external-secret.yaml +++ /dev/null @@ -1,55 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: tautulli-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: tautulli-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/tautulli/tautulli-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key diff --git a/clusters/cl01tl/applications/tautulli/templates/http-route.yaml b/clusters/cl01tl/applications/tautulli/templates/http-route.yaml deleted file mode 100644 index e2567b045..000000000 --- a/clusters/cl01tl/applications/tautulli/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-tautulli - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-tautulli - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - tautulli.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: tautulli - port: 80 - weight: 100 diff --git a/clusters/cl01tl/applications/tautulli/templates/replication-source.yaml b/clusters/cl01tl/applications/tautulli/templates/replication-source.yaml deleted file mode 100644 index 00e248f38..000000000 --- a/clusters/cl01tl/applications/tautulli/templates/replication-source.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: tautulli-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: tautulli-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: tautulli-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: tautulli-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/tautulli/values.yaml b/clusters/cl01tl/applications/tautulli/values.yaml deleted file mode 100644 index e666f5496..000000000 --- a/clusters/cl01tl/applications/tautulli/values.yaml +++ /dev/null @@ -1,148 +0,0 @@ -tautulli: - controllers: - main: - type: deployment - annotations: - reloader.stakater.com/auto: "true" - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/tautulli/tautulli - tag: v2.16.0 - pullPolicy: IfNotPresent - env: - - name: PUID - value: 1001 - - name: GUID - value: 1001 - - name: TZ - value: US/Central - resources: - requests: - cpu: 10m - memory: 128Mi - configMaps: - scripts: - enabled: true - data: - select_tmdb_poster.py: | - #!/usr/bin/env python - # -*- coding: utf-8 -*- - - ''' - Description: Selects the default TMDB poster if no poster is selected - or the current poster is from Gracenote. - Author: /u/SwiftPanda16 - Requires: plexapi - Usage: - * Change the posters for an entire library: - python select_tmdb_poster.py --library "Movies" - - * Change the poster for a specific item: - python select_tmdb_poster.py --rating_key 1234 - - * By default locked posters are skipped. To update locked posters: - python select_tmdb_poster.py --library "Movies" --include_locked - - Tautulli script trigger: - * Notify on recently added - Tautulli script conditions: - * Filter which media to select the poster. Examples: - [ Media Type | is | movie ] - Tautulli script arguments: - * Recently Added: - --rating_key {rating_key} - ''' - - import argparse - import os - import plexapi.base - from plexapi.server import PlexServer - plexapi.base.USER_DONT_RELOAD_FOR_KEYS.add('fields') - - - # Environmental Variables - PLEX_URL = os.getenv('PLEX_URL') - PLEX_TOKEN = os.getenv('PLEX_TOKEN') - - - def select_tmdb_poster_library(library, include_locked=False): - for item in library.all(includeGuids=False): - # Only reload for fields - item.reload(**{k: 0 for k, v in item._INCLUDES.items()}) - select_tmdb_poster_item(item, include_locked=include_locked) - - - def select_tmdb_poster_item(item, include_locked=False): - if item.isLocked('thumb') and not include_locked: # PlexAPI 4.5.10 - print(f"Locked poster for {item.title}. Skipping.") - return - - posters = item.posters() - selected_poster = next((p for p in posters if p.selected), None) - - if selected_poster is None: - print(f"WARNING: No poster selected for {item.title}.") - else: - skipping = ' Skipping.' if selected_poster.provider != 'gracenote' else '' - print(f"Poster provider is '{selected_poster.provider}' for {item.title}.{skipping}") - - if posters and (selected_poster is None or selected_poster.provider == 'gracenote'): - # Fallback to first poster if no TMDB posters are available - tmdb_poster = next((p for p in posters if p.provider == 'tmdb'), posters[0]) - # Selecting the poster automatically locks it - tmdb_poster.select() - print(f"Selected {tmdb_poster.provider} poster for {item.title}.") - - - if __name__ == '__main__': - parser = argparse.ArgumentParser() - parser.add_argument('--rating_key', type=int) - parser.add_argument('--library') - parser.add_argument('--include_locked', action='store_true') - opts = parser.parse_args() - - plex = PlexServer(PLEX_URL, PLEX_TOKEN) - - if opts.rating_key: - item = plex.fetchItem(opts.rating_key) - select_tmdb_poster_item(item, opts.include_locked) - elif opts.library: - library = plex.library.section(opts.library) - select_tmdb_poster_library(library, opts.include_locked) - else: - print("No --rating_key or --library specified. Exiting.") - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 8181 - protocol: HTTP - persistence: - config: - forceRename: tautulli-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - scripts: - enabled: true - type: configMap - name: tautulli-scripts - advancedMounts: - main: - main: - - path: /config/scripts/select_tmdb_poster.py - readOnly: true - mountPropagation: None - subPath: select_tmdb_poster.py diff --git a/clusters/cl01tl/applications/tdarr/Chart.yaml b/clusters/cl01tl/applications/tdarr/Chart.yaml deleted file mode 100644 index c0ec75b8b..000000000 --- a/clusters/cl01tl/applications/tdarr/Chart.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v2 -name: tdarr -version: 1.0.0 -description: Tdarr -keywords: - - tdarr - - video - - transcode - - healthchecks -home: https://wiki.alexlebens.dev/s/0a8c0a10-7847-4081-8a4b-5e6ac4cb1d62 -sources: - - https://github.com/HaveAGitGat/Tdarr - - https://github.com/homeylab/tdarr-exporter - - https://github.com/haveagitgat/Tdarr/pkgs/container/tdarr - - https://hub.docker.com/r/homeylab/tdarr-exporter - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://github.com/homeylab/helm-charts/tree/main/charts/tdarr-exporter -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: tdarr - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: tdarr-exporter - version: 1.1.7 - repository: https://homeylab.github.io/helm-charts/ -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tdarr.png -appVersion: 2.40.01 diff --git a/clusters/cl01tl/applications/tdarr/templates/external-secret.yaml b/clusters/cl01tl/applications/tdarr/templates/external-secret.yaml deleted file mode 100644 index a974a5f0b..000000000 --- a/clusters/cl01tl/applications/tdarr/templates/external-secret.yaml +++ /dev/null @@ -1,112 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: tdarr-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: tdarr-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/tdarr/tdarr-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: tdarr-server-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: tdarr-server-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/tdarr/tdarr-server" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key diff --git a/clusters/cl01tl/applications/tdarr/templates/http-route.yaml b/clusters/cl01tl/applications/tdarr/templates/http-route.yaml deleted file mode 100644 index ec80a2e81..000000000 --- a/clusters/cl01tl/applications/tdarr/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-tdarr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-tdarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - tdarr.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: tdarr-web - port: 8265 - weight: 100 diff --git a/clusters/cl01tl/applications/tdarr/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/tdarr/templates/persistent-volume-claim.yaml deleted file mode 100644 index f86557f72..000000000 --- a/clusters/cl01tl/applications/tdarr/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: tdarr-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: tdarr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: tdarr-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/applications/tdarr/templates/persistent-volume.yaml b/clusters/cl01tl/applications/tdarr/templates/persistent-volume.yaml deleted file mode 100644 index c3da6a310..000000000 --- a/clusters/cl01tl/applications/tdarr/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: tdarr-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: tdarr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/applications/tdarr/templates/replication-source.yaml b/clusters/cl01tl/applications/tdarr/templates/replication-source.yaml deleted file mode 100644 index dd58cd175..000000000 --- a/clusters/cl01tl/applications/tdarr/templates/replication-source.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: tdarr-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: tdarr-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: tdarr-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: tdarr-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot - ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: tdarr-server-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: tdarr-server-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: tdarr-server - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: tdarr-server-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/tdarr/values.yaml b/clusters/cl01tl/applications/tdarr/values.yaml deleted file mode 100644 index 1160e0602..000000000 --- a/clusters/cl01tl/applications/tdarr/values.yaml +++ /dev/null @@ -1,156 +0,0 @@ -tdarr: - controllers: - server: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/haveagitgat/tdarr - tag: 2.58.02 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: "1001" - - name: PGID - value: "1001" - - name: UMASK_SET - value: "002" - - name: ffmpegVersion - value: "6" - - name: internalNode - value: "false" - - name: inContainer - value: "true" - - name: nodeName - value: tdarr-server - - name: serverIP - value: 0.0.0.0 - - name: serverPort - value: "8266" - - name: webUIPort - value: "8265" - resources: - requests: - cpu: 200m - memory: 1Gi - node: - type: daemonset - revisionHistoryLimit: 3 - pod: - nodeSelector: - intel.feature.node.kubernetes.io/gpu: "true" - containers: - main: - image: - repository: ghcr.io/haveagitgat/tdarr_node - tag: 2.58.02 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: "1001" - - name: PGID - value: "1001" - - name: UMASK_SET - value: "002" - - name: ffmpegVersion - value: "6" - - name: inContainer - value: "true" - - name: nodeName - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: serverIP - value: tdarr-api - - name: serverPort - value: "8266" - resources: - limits: - gpu.intel.com/i915: 1 - requests: - gpu.intel.com/i915: 1 - cpu: 10m - memory: 512Mi - service: - api: - controller: server - ports: - http: - port: 8266 - targetPort: 8266 - protocol: HTTP - web: - controller: server - ports: - http: - port: 8265 - targetPort: 8265 - protocol: HTTP - persistence: - config: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 50Gi - retain: true - advancedMounts: - server: - main: - - path: /app/configs - readOnly: false - server: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 50Gi - retain: true - advancedMounts: - server: - main: - - path: /app/server - readOnly: false - server-cache: - type: emptyDir - advancedMounts: - server: - main: - - path: /tcache - readOnly: false - node-cache: - type: emptyDir - advancedMounts: - node: - main: - - path: /tcache - readOnly: false - media: - existingClaim: tdarr-nfs-storage - advancedMounts: - server: - main: - - path: /mnt/store - readOnly: true - node: - main: - - path: /mnt/store - readOnly: true -tdarr-exporter: - image: - name: homeylab/tdarr-exporter - tag: 1.4.2 - metrics: - serviceMonitor: - enabled: true - settings: - config: - url: http://tdarr-web.tdarr:8265 - verify_ssl: false - resources: - requests: - cpu: 10m - memory: 256Mi diff --git a/clusters/cl01tl/applications/tubearchivist/Chart.yaml b/clusters/cl01tl/applications/tubearchivist/Chart.yaml deleted file mode 100644 index 8930ea092..000000000 --- a/clusters/cl01tl/applications/tubearchivist/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v2 -name: tubearchivist -version: 1.0.0 -description: Tube Archivist -keywords: - - tubearchivist - - download - - video - - youtube -home: https://wiki.alexlebens.dev/s/9a5f89bb-3cae-43ab-b651-d39f69a05e93 -sources: - - https://github.com/tubearchivist/tubearchivist - - https://github.com/elastic/elasticsearch - - https://hub.docker.com/r/bbilly1/tubearchivist - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: tubearchivist - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tube-archivist.png -appVersion: v0.5.2 diff --git a/clusters/cl01tl/applications/tubearchivist/templates/elasticsearch.yaml b/clusters/cl01tl/applications/tubearchivist/templates/elasticsearch.yaml deleted file mode 100644 index d9d2c4b76..000000000 --- a/clusters/cl01tl/applications/tubearchivist/templates/elasticsearch.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: elasticsearch.k8s.elastic.co/v1 -kind: Elasticsearch -metadata: - name: elasticsearch-tubearchivist - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: elasticsearch-tubearchivist - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - version: 8.18.0 - auth: - fileRealm: - - secretName: tubearchivist-elasticsearch-secret - nodeSets: - - name: default - count: 1 - config: - node.store.allow_mmap: false - path.repo: /usr/share/elasticsearch/data/snapshot - podTemplate: - spec: - volumes: - - name: tubearchivist-snapshot-nfs-storage - nfs: - path: /volume2/Storage/TubeArchivist - server: synologybond.alexlebens.net - containers: - - name: elasticsearch - volumeMounts: - - name: tubearchivist-snapshot-nfs-storage - mountPath: /usr/share/elasticsearch/data/snapshot - volumeClaimTemplates: - - metadata: - name: elasticsearch-data - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 10Gi - storageClassName: ceph-block diff --git a/clusters/cl01tl/applications/tubearchivist/templates/external-secret.yaml b/clusters/cl01tl/applications/tubearchivist/templates/external-secret.yaml deleted file mode 100644 index bdd4d9d91..000000000 --- a/clusters/cl01tl/applications/tubearchivist/templates/external-secret.yaml +++ /dev/null @@ -1,88 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: tubearchivist-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: tubearchivist-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ELASTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/tubearchivist/env - metadataPolicy: None - property: ELASTIC_PASSWORD - - secretKey: TA_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/tubearchivist/env - metadataPolicy: None - property: TA_PASSWORD - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: tubearchivist-elasticsearch-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: tubearchivist-elasticsearch-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: username - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/tubearchivist/elasticsearch - metadataPolicy: None - property: username - - secretKey: password - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/tubearchivist/elasticsearch - metadataPolicy: None - property: password - - secretKey: roles - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/tubearchivist/elasticsearch - metadataPolicy: None - property: roles - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: tubearchivist-wireguard-conf - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: tubearchivist-wireguard-conf - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: private-key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /protonvpn/conf/cl01tl - metadataPolicy: None - property: private-key diff --git a/clusters/cl01tl/applications/tubearchivist/templates/http-route.yaml b/clusters/cl01tl/applications/tubearchivist/templates/http-route.yaml deleted file mode 100644 index daeddaf08..000000000 --- a/clusters/cl01tl/applications/tubearchivist/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-tubearchivist - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-tubearchivist - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - tubearchivist.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: tubearchivist - port: 80 - weight: 100 diff --git a/clusters/cl01tl/applications/tubearchivist/templates/namespace.yaml b/clusters/cl01tl/applications/tubearchivist/templates/namespace.yaml deleted file mode 100644 index 0f2687e94..000000000 --- a/clusters/cl01tl/applications/tubearchivist/templates/namespace.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: tubearchivist - labels: - app.kubernetes.io/name: tubearchivist - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - pod-security.kubernetes.io/audit: privileged - pod-security.kubernetes.io/enforce: privileged - pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/applications/tubearchivist/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/tubearchivist/templates/persistent-volume-claim.yaml deleted file mode 100644 index 6c8dcc160..000000000 --- a/clusters/cl01tl/applications/tubearchivist/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: tubearchivist-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: tubearchivist-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: tubearchivist-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/applications/tubearchivist/templates/persistent-volume.yaml b/clusters/cl01tl/applications/tubearchivist/templates/persistent-volume.yaml deleted file mode 100644 index 62bab667a..000000000 --- a/clusters/cl01tl/applications/tubearchivist/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: tubearchivist-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: tubearchivist-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage/YouTube - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/applications/tubearchivist/templates/redis-replication.yaml b/clusters/cl01tl/applications/tubearchivist/templates/redis-replication.yaml deleted file mode 100644 index 0be064303..000000000 --- a/clusters/cl01tl/applications/tubearchivist/templates/redis-replication.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: redis-replication-tubearchivist - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-tubearchivist - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - clusterSize: 3 - podSecurityContext: - runAsUser: 1000 - fsGroup: 1000 - kubernetesConfig: - image: quay.io/opstree/redis:v8.0.3 - imagePullPolicy: IfNotPresent - resources: - requests: - cpu: 50m - memory: 128Mi - storage: - volumeClaimTemplate: - spec: - storageClassName: ceph-block - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 1Gi - redisExporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.48.0 diff --git a/clusters/cl01tl/applications/tubearchivist/templates/service-monitor.yaml b/clusters/cl01tl/applications/tubearchivist/templates/service-monitor.yaml deleted file mode 100644 index cf9e8bb5c..000000000 --- a/clusters/cl01tl/applications/tubearchivist/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: redis-replication-tubearchivist - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-tubearchivist - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - redis-operator: "true" - env: production -spec: - selector: - matchLabels: - redis_setup_type: replication - endpoints: - - port: redis-exporter - interval: 30s - scrapeTimeout: 10s diff --git a/clusters/cl01tl/applications/tubearchivist/values.yaml b/clusters/cl01tl/applications/tubearchivist/values.yaml deleted file mode 100644 index 793d5a7f0..000000000 --- a/clusters/cl01tl/applications/tubearchivist/values.yaml +++ /dev/null @@ -1,107 +0,0 @@ -tubearchivist: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: bbilly1/tubearchivist - tag: v0.5.8 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: HOST_UID - value: 1000 - - name: HOST_GID - value: 1000 - - name: ES_URL - value: https://elasticsearch-tubearchivist-es-http.tubearchivist:9200 - - name: ES_DISABLE_VERIFY_SSL - value: true - - name: REDIS_CON - value: redis://redis-replication-tubearchivist-master.tubearchivist:6379 - - name: TA_HOST - value: https://tubearchivist.alexlebens.net http://tubearchivist.tubearchivist:80/ - - name: TA_PORT - value: 24000 - - name: TA_USERNAME - value: admin - envFrom: - - secretRef: - name: tubearchivist-config-secret - resources: - requests: - cpu: 10m - memory: 1Gi - gluetun: - image: - repository: ghcr.io/qdm12/gluetun - tag: v3.40.3@sha256:ef4a44819a60469682c7b5e69183e6401171891feaa60186652d292c59e41b30 - pullPolicy: IfNotPresent - env: - - name: VPN_SERVICE_PROVIDER - value: protonvpn - - name: VPN_TYPE - value: wireguard - - name: WIREGUARD_PRIVATE_KEY - valueFrom: - secretKeyRef: - name: tubearchivist-wireguard-conf - key: private-key - - name: VPN_PORT_FORWARDING - value: "on" - - name: PORT_FORWARD_ONLY - value: "on" - - name: FIREWALL_OUTBOUND_SUBNETS - value: 10.0.0.0/8 - - name: FIREWALL_INPUT_PORTS - value: 80,8000,24000 - - name: DOT - value: off - - name: DNS_KEEP_NAMESERVER - value: on - - name: DNS_PLAINTEXT_ADDRESS - value: 10.96.0.10 - securityContext: - privileged: True - capabilities: - add: - - NET_ADMIN - - SYS_MODULE - resources: - limits: - devic.es/tun: "1" - requests: - devic.es/tun: "1" - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 24000 - protocol: HTTP - persistence: - data: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 40Gi - retain: true - advancedMounts: - main: - main: - - path: /cache - readOnly: false - youtube: - existingClaim: tubearchivist-nfs-storage - advancedMounts: - main: - main: - - path: /youtube - readOnly: false diff --git a/clusters/cl01tl/applications/vaultwarden/Chart.yaml b/clusters/cl01tl/applications/vaultwarden/Chart.yaml deleted file mode 100644 index 4c50b8034..000000000 --- a/clusters/cl01tl/applications/vaultwarden/Chart.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: v2 -name: vaultwarden -version: 1.0.0 -description: Vaultwarden -keywords: - - vaultwarden - - bitwarden - - password -home: https://wiki.alexlebens.dev/s/fecd00f9-ebce-43eb-b066-3721b15432e3 -sources: - - https://github.com/dani-garcia/vaultwarden - - https://github.com/cloudflare/cloudflared - - https://github.com/cloudnative-pg/cloudnative-pg - - https://hub.docker.com/r/vaultwarden/server - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: vaultwarden - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: cloudflared - alias: cloudflared - repository: oci://harbor.alexlebens.net/helm-charts - version: 1.23.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/vaultwarden.png -appVersion: 1.33.2 diff --git a/clusters/cl01tl/applications/vaultwarden/templates/external-secret.yaml b/clusters/cl01tl/applications/vaultwarden/templates/external-secret.yaml deleted file mode 100644 index 30d1165b4..000000000 --- a/clusters/cl01tl/applications/vaultwarden/templates/external-secret.yaml +++ /dev/null @@ -1,145 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: vaultwarden-cloudflared-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: vaultwarden-cloudflared-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/vaultwarden - metadataPolicy: None - property: token - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: vaultwarden-data-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: vaultwarden-data-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/vaultwarden/vaultwarden-data" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: vaultwarden-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: vaultwarden-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: vaultwarden-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: vaultwarden-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/applications/vaultwarden/templates/replication-source.yaml b/clusters/cl01tl/applications/vaultwarden/templates/replication-source.yaml deleted file mode 100644 index a2ba4bcdd..000000000 --- a/clusters/cl01tl/applications/vaultwarden/templates/replication-source.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: vaultwarden-data-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: vaultwarden-data-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: vaultwarden-data - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: vaultwarden-data-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/vaultwarden/values.yaml b/clusters/cl01tl/applications/vaultwarden/values.yaml deleted file mode 100644 index 76d79709d..000000000 --- a/clusters/cl01tl/applications/vaultwarden/values.yaml +++ /dev/null @@ -1,107 +0,0 @@ -vaultwarden: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: vaultwarden/server - tag: 1.34.3 - pullPolicy: IfNotPresent - env: - - name: DOMAIN - value: https://passwords.alexlebens.dev - - name: SIGNUPS_ALLOWED - value: "false" - - name: INVITATIONS_ALLOWED - value: "false" - - name: DATABASE_URL - valueFrom: - secretKeyRef: - name: vaultwarden-postgresql-17-cluster-app - key: uri - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 80 - protocol: HTTP - persistence: - config: - forceRename: vaultwarden-data - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - main: - - path: /data - readOnly: false -cloudflared: - existingSecretName: vaultwarden-cloudflared-secret -postgres-17-cluster: - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/vaultwarden/vaultwarden-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: vaultwarden-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/vaultwarden/vaultwarden-postgresql-17-cluster - index: 1 - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/vaultwarden/vaultwarden-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: vaultwarden-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/vaultwarden/vaultwarden-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: vaultwarden-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 32 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/applications/yamtrack/Chart.yaml b/clusters/cl01tl/applications/yamtrack/Chart.yaml deleted file mode 100644 index e4f6f61a1..000000000 --- a/clusters/cl01tl/applications/yamtrack/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v2 -name: yamtrack -version: 1.0.0 -description: Yamtrack -keywords: - - yamtrack - - media - - jellyfin -home: https://wiki.alexlebens.dev/s/74f31779-734e-42d0-852e-efd57ebdc797 -sources: - - https://github.com/FuzzyGrim/Yamtrack - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/FuzzyGrim/Yamtrack/pkgs/container/yamtrack - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: yamtrack - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/yamtrack.png -appVersion: 0.22.7 diff --git a/clusters/cl01tl/applications/yamtrack/templates/external-secret.yaml b/clusters/cl01tl/applications/yamtrack/templates/external-secret.yaml deleted file mode 100644 index 9ef41c193..000000000 --- a/clusters/cl01tl/applications/yamtrack/templates/external-secret.yaml +++ /dev/null @@ -1,111 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: yamtrack-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: yamtrack-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: SECRET - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/yamtrack/config - metadataPolicy: None - property: SECRET - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: yamtrack-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: yamtrack-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: SOCIALACCOUNT_PROVIDERS - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/yamtrack - metadataPolicy: None - property: SOCIALACCOUNT_PROVIDERS - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: yamtrack-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: yamtrack-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: yamtrack-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: yamtrack-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/applications/yamtrack/templates/http-route.yaml b/clusters/cl01tl/applications/yamtrack/templates/http-route.yaml deleted file mode 100644 index 38b3fd466..000000000 --- a/clusters/cl01tl/applications/yamtrack/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-yamtrack - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-yamtrack - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - yamtrack.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: yamtrack - port: 80 - weight: 100 diff --git a/clusters/cl01tl/applications/yamtrack/templates/redis-replication.yaml b/clusters/cl01tl/applications/yamtrack/templates/redis-replication.yaml deleted file mode 100644 index 96c57159c..000000000 --- a/clusters/cl01tl/applications/yamtrack/templates/redis-replication.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: redis-replication-yamtrack - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-yamtrack - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - clusterSize: 3 - podSecurityContext: - runAsUser: 1000 - fsGroup: 1000 - kubernetesConfig: - image: quay.io/opstree/redis:v8.0.3 - imagePullPolicy: IfNotPresent - resources: - requests: - cpu: 50m - memory: 128Mi - storage: - volumeClaimTemplate: - spec: - storageClassName: ceph-block - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 1Gi - redisExporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.48.0 diff --git a/clusters/cl01tl/applications/yamtrack/templates/service-monitor.yaml b/clusters/cl01tl/applications/yamtrack/templates/service-monitor.yaml deleted file mode 100644 index e2538360a..000000000 --- a/clusters/cl01tl/applications/yamtrack/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: redis-replication-yamtrack - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-yamtrack - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - redis-operator: "true" - env: production -spec: - selector: - matchLabels: - redis_setup_type: replication - endpoints: - - port: redis-exporter - interval: 30s - scrapeTimeout: 10s diff --git a/clusters/cl01tl/applications/yamtrack/values.yaml b/clusters/cl01tl/applications/yamtrack/values.yaml deleted file mode 100644 index c3348a1b7..000000000 --- a/clusters/cl01tl/applications/yamtrack/values.yaml +++ /dev/null @@ -1,127 +0,0 @@ -yamtrack: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/fuzzygrim/yamtrack - tag: 0.24.7 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: URLS - value: https://yamtrack.alexlebens.net - - name: REGISTRATION - value: false - - name: SOCIAL_PROVIDERS - value: allauth.socialaccount.providers.openid_connect - - name: SOCIALACCOUNT_PROVIDERS - valueFrom: - secretKeyRef: - name: yamtrack-oidc-secret - key: SOCIALACCOUNT_PROVIDERS - - name: SECRET - valueFrom: - secretKeyRef: - name: yamtrack-config-secret - key: SECRET - - name: REDIS_URL - value: redis://redis-replication-yamtrack-master.yamtrack:6379 - - name: DB_USER - valueFrom: - secretKeyRef: - name: yamtrack-postgresql-17-cluster-app - key: username - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: yamtrack-postgresql-17-cluster-app - key: password - - name: DB_NAME - valueFrom: - secretKeyRef: - name: yamtrack-postgresql-17-cluster-app - key: dbname - - name: DB_HOST - valueFrom: - secretKeyRef: - name: yamtrack-postgresql-17-cluster-app - key: host - - name: DB_PORT - valueFrom: - secretKeyRef: - name: yamtrack-postgresql-17-cluster-app - key: port - resources: - requests: - cpu: 10m - memory: 256Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 8000 - protocol: HTTP -postgres-17-cluster: - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/yamtrack/yamtrack-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: yamtrack-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/yamtrack/yamtrack-postgresql-17-cluster - index: 2 - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/yamtrack/yamtrack-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: yamtrack-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/yamtrack/yamtrack-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: yamtrack-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 34 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/deployment/argocd/Chart.yaml b/clusters/cl01tl/deployment/argocd/Chart.yaml deleted file mode 100644 index c58f8b1d2..000000000 --- a/clusters/cl01tl/deployment/argocd/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: argocd -version: 1.0.0 -description: Argo CD -keywords: - - argo-cd - - delivery - - deployment - - gitops -home: https://wiki.alexlebens.dev/s/8a75cf26-b9df-437e-9cc5-2ef47e871a5f -sources: - - https://github.com/argoproj/argo-cd - - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd -maintainers: - - name: alexlebens -dependencies: - - name: argo-cd - version: 9.1.4 - repository: https://argoproj.github.io/argo-helm -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png -appVersion: 3.0.0 diff --git a/clusters/cl01tl/deployment/argocd/templates/external-secret.yaml b/clusters/cl01tl/deployment/argocd/templates/external-secret.yaml deleted file mode 100644 index 4ae81bf7d..000000000 --- a/clusters/cl01tl/deployment/argocd/templates/external-secret.yaml +++ /dev/null @@ -1,88 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: argocd-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: argocd-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: secret - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/argocd - metadataPolicy: None - property: secret - - secretKey: client - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/argocd - metadataPolicy: None - property: client - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: argocd-notifications-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: argocd-notifications-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ntfy-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /ntfy/user/cl01tl - metadataPolicy: None - property: token - -# --- -# apiVersion: external-secrets.io/v1 -# kind: ExternalSecret -# metadata: -# name: argocd-gitea-repo-infrastructure-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: argocd-gitea-repo-infrastructure-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# data: -# - secretKey: type -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/argocd/credentials/repo/infrastructure -# metadataPolicy: None -# property: type -# - secretKey: url -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/argocd/credentials/repo/infrastructure -# metadataPolicy: None -# property: url -# - secretKey: sshPrivateKey -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/argocd/credentials/repo/infrastructure -# metadataPolicy: None -# property: sshPrivateKey diff --git a/clusters/cl01tl/deployment/argocd/templates/http-route.yaml b/clusters/cl01tl/deployment/argocd/templates/http-route.yaml deleted file mode 100644 index b9c977eef..000000000 --- a/clusters/cl01tl/deployment/argocd/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-argocd - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-argocd - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - argocd.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: argocd-server - port: 80 - weight: 100 diff --git a/clusters/cl01tl/deployment/argocd/values.yaml b/clusters/cl01tl/deployment/argocd/values.yaml deleted file mode 100644 index 4b93cd83b..000000000 --- a/clusters/cl01tl/deployment/argocd/values.yaml +++ /dev/null @@ -1,302 +0,0 @@ -argo-cd: - crds: - install: true - configs: - cm: - admin.enabled: true - timeout.reconciliation: 100s - timeout.reconciliation.jitter: 60s - url: https://argocd.alexlebens.net - statusbadge.url: https://argocd.alexlebens.net/ - statusbadge.enabled: true - dex.config: | - connectors: - - config: - issuer: https://authentik.alexlebens.net/application/o/argocd/ - clientID: $argocd-oidc-secret:client - clientSecret: $argocd-oidc-secret:secret - insecureEnableGroups: true - scopes: - - openid - - profile - - email - name: authentik - type: oidc - id: authentik - params: - server.insecure: true - rbac: - policy.csv: | - g, ArgoCD Admins, role:admin - cmp: - create: true - plugins: - cdk8s: - init: - command: [cdk8s] - args: [import] - generate: - command: [cdk8s, synth] - args: [--stdout] - discover: - fileName: "*.go" - controller: - replicas: 1 - metrics: - enabled: true - serviceMonitor: - enabled: true - dex: - enabled: true - metrics: - enabled: true - serviceMonitor: - enabled: true - livenessProbe: - enabled: true - readinessProbe: - enabled: true - redis-ha: - enabled: true - auth: false - redisSecretInit: - enabled: true - server: - replicas: 2 - extensions: - enabled: true - extensionList: - - name: extension-trivy - env: - - name: EXTENSION_URL - value: https://github.com/mziyabo/argocd-trivy-extension/releases/download/v0.2.0/extension-trivy.tar - - name: EXTENSION_CHECKSUM_URL - value: https://github.com/mziyabo/argocd-trivy-extension/releases/download/v0.2.0/extension-trivy_checksums.txt - metrics: - enabled: true - serviceMonitor: - enabled: true - ingress: - enabled: false - repoServer: - replicas: 2 - extraContainers: - - name: cmp-cdk8s - command: - - /var/run/argocd/argocd-cmp-server - image: ghcr.io/akuity/cdk8s-cmp-typescript:1.0 - securityContext: - runAsNonRoot: true - runAsUser: 999 - volumeMounts: - - mountPath: /var/run/argocd - name: var-files - - mountPath: /home/argocd/cmp-server/plugins - name: plugins - - mountPath: /home/argocd/cmp-server/config/plugin.yaml - subPath: cdk8s.yaml - name: argocd-cmp-cm - - mountPath: /tmp - name: cmp-tmp - volumes: - - name: argocd-cmp-cm - configMap: - name: argocd-cmp-cm - - name: cmp-tmp - emptyDir: {} - metrics: - enabled: true - serviceMonitor: - enabled: true - applicationSet: - replicas: 2 - metrics: - enabled: true - serviceMonitor: - enabled: true - livenessProbe: - enabled: true - readinessProbe: - enabled: true - notifications: - enabled: true - context: - argocdUrl: https://argocd.alexlebens.net - secret: - create: false - name: argocd-notifications-secret - metrics: - enabled: true - serviceMonitor: - enabled: true - notifiers: - service.webhook.ntfy: | - url: http://ntfy.ntfy/ - headers: - - name: Authorization - value: Bearer $ntfy-token - livenessProbe: - enabled: true - readinessProbe: - enabled: true - subscriptions: - - recipients: - - ntfy - triggers: - - on-created - - on-deleted - - on-deployed - - on-health-degraded - - on-sync-failed - - on-sync-running - - on-sync-status-unknown - - on-sync-succeeded - templates: - template.app-created: | - webhook: - ntfy: - method: POST - body: | - { - "topic": "argocd", - "message": "{{.app.metadata.name}} has been created.", - "title": "Created: {{.app.metadata.name}}", - "tags": ["building_construction"], - "priority": 4, - "click": "{{.context.argocdUrl}}/applications/argocd/{{.app.metadata.name}}" - } - template.app-deleted: | - webhook: - ntfy: - method: POST - body: | - { - "topic": "argocd", - "message": "{{.app.metadata.name}} has been deleted", - "title": "Deleted: {{.app.metadata.name}}", - "tags": ["warning"], - "priority": 4, - "click": "{{.context.argocdUrl}}" - } - template.app-deployed: | - webhook: - ntfy: - method: POST - body: | - { - "topic": "argocd", - "message": "{{.app.metadata.name}} is now running new version of deployments manifests", - "title": "Deployed: {{.app.metadata.name}}", - "tags": ["+1"], - "priority": 3, - "click": "{{.context.argocdUrl}}/applications/argocd/{{.app.metadata.name}}" - } - template.app-health-degraded: | - webhook: - ntfy: - method: POST - body: | - { - "topic": "argocd", - "message": "{{.app.metadata.name}} health has degraded", - "title": "Degraded: {{.app.metadata.name}}", - "tags": ["rotating_light"], - "priority": 4, - "click": "{{.context.argocdUrl}}/applications/argocd/{{.app.metadata.name}}" - } - template.app-sync-failed: | - webhook: - ntfy: - method: POST - body: | - { - "topic": "argocd", - "message": "{{.app.metadata.name}} sync has failed at {{.app.status.operationState.finishedAt}} with the following error: {{.app.status.operationState.message}}", - "title": "Sync Failed: {{.app.metadata.name}}", - "tags": ["rotating_light"], - "priority": 4, - "click": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true" - } - template.app-sync-running: | - webhook: - ntfy: - method: POST - body: | - { - "topic": "argocd", - "message": "{{.app.metadata.name}} sync has started at {{.app.status.operationState.startedAt}}", - "title": "Sync Running: {{.app.metadata.name}}", - "tags": ["runner"], - "priority": 3, - "click": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true" - } - template.app-sync-status-unknown: | - webhook: - ntfy: - method: POST - body: | - { - "topic": "argocd", - "message": "{{.app.metadata.name}} sync status is unknown", - "title": "Sync Unknown: {{.app.metadata.name}}", - "tags": ["question"], - "priority": 3, - "click": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}" - } - template.app-sync-succeeded: | - webhook: - ntfy: - method: POST - body: | - { - "topic": "argocd", - "message": "{{.app.metadata.name}} has been successfully synced at {{.app.status.operationState.finishedAt}}", - "title": "Sync Succeeded: {{.app.metadata.name}}", - "tags": ["+1"], - "priority": 3, - "click": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true" - } - triggers: - trigger.on-created: | - - description: Application {{.app.metadata.name}} has been created. - oncePer: app.metadata.name - send: - - app-created - when: "true" - trigger.on-deleted: | - - description: Application {{.app.metadata.name}} has been deleted. - oncePer: app.metadata.name - send: - - app-deleted - when: app.metadata.deletionTimestamp != nil - trigger.on-deployed: | - - description: Application is synced and healthy. Triggered once per commit. - oncePer: app.status.operationState.syncResult.revision - send: - - app-deployed - when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy' - trigger.on-health-degraded: | - - description: Application has degraded - send: - - app-health-degraded - when: app.status.health.status == 'Degraded' and time.Now().Sub(time.Parse(app.status.health.lastTransitionTime).Minutes() >= 15 - trigger.on-sync-failed: | - - description: Application syncing has failed - send: - - app-sync-failed - when: app.status.operationState.phase in ['Error', 'Failed'] - trigger.on-sync-running: | - - description: Application is being synced - send: - - app-sync-running - when: app.status.operationState.phase in ['Running'] - trigger.on-sync-status-unknown: | - - description: Application status is 'Unknown' - send: - - app-sync-status-unknown - when: app.status.sync.status == 'Unknown' - trigger.on-sync-succeeded: | - - description: Application syncing has succeeded - send: - - app-sync-succeeded - when: app.status.operationState.phase in ['Succeeded'] diff --git a/clusters/cl01tl/deployment/stack/Chart.yaml b/clusters/cl01tl/deployment/stack/Chart.yaml deleted file mode 100644 index 8bc54ecd2..000000000 --- a/clusters/cl01tl/deployment/stack/Chart.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v2 -name: stack -version: 1.0.0 -description: Stack -keywords: - - argo-cd - - stack - - deployment -home: https://wiki.alexlebens.dev/s/0c2d1896-710d-4972-9bc8-08d71987428a -sources: - - https://github.com/argoproj/argo-cd - - https://gitea.alexlebens.dev/alexlebens/infrastructure -maintainers: - - name: alexlebens -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png -appVersion: 1.0.0 diff --git a/clusters/cl01tl/deployment/stack/templates/application-set.yaml b/clusters/cl01tl/deployment/stack/templates/application-set.yaml deleted file mode 100644 index 5217807bb..000000000 --- a/clusters/cl01tl/deployment/stack/templates/application-set.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- range $index, $stack := .Values.applicationSet }} ---- -apiVersion: argoproj.io/v1alpha1 -kind: ApplicationSet -metadata: - name: {{ $stack.name }} - namespace: {{ $.Release.Namespace }} - labels: - app.kubernetes.io/name: {{ $stack.name }} - app.kubernetes.io/instance: {{ $stack.name }} - app.kubernetes.io/part-of: {{ $.Release.Name }} -spec: - syncPolicy: - applicationsSync: create-update - preserveResourcesOnDeletion: false - generators: - - git: - repoURL: {{ $.Values.git.repo }} - revision: {{ $.Values.git.revision }} - directories: - - path: "clusters/{{ $.Values.cluster.name }}/{{ $stack.name }}/*" - template: - metadata: - name: '{{ `{{path.basename}}` }}' - spec: - destination: - name: in-cluster - namespace: '{{ $stack.namespace | default `{{path.basename}}` }}' - project: default - revisionHistoryLimit: 3 - source: - repoURL: {{ $.Values.git.repo }} - targetRevision: {{ $.Values.git.revision }} - path: '{{ `{{path}}` }}' - helm: - releaseName: "{{ `{{path.basename}}` }}" - {{- if $stack.ignoreDifferences }} - ignoreDifferences: - {{- toYaml $stack.ignoreDifferences | nindent 8 }} - {{ end }} - syncPolicy: - automated: - prune: {{ $stack.syncPolicy.automated.prune | default false }} - selfHeal: {{ $stack.syncPolicy.automated.selfHeal | default false }} - retry: - limit: 3 - backoff: - duration: 1m - factor: 2 - maxDuration: 15m - syncOptions: - - CreateNamespace={{ $stack.syncPolicy.syncOptions.createNamespace | default true }} - - ApplyOutOfSyncOnly={{ $stack.syncPolicy.syncOptions.applyOutOfSyncOnly | default true }} - - ServerSideApply={{ $stack.syncPolicy.syncOptions.serverSideApply | default true }} - - PruneLast={{ $stack.syncPolicy.syncOptions.pruneLast | default true }} - - RespectIgnoreDifferences={{ $stack.syncPolicy.syncOptions.respectIgnoreDifferences | default true }} -{{- end }} diff --git a/clusters/cl01tl/deployment/stack/templates/application.yaml b/clusters/cl01tl/deployment/stack/templates/application.yaml deleted file mode 100644 index d02c809fd..000000000 --- a/clusters/cl01tl/deployment/stack/templates/application.yaml +++ /dev/null @@ -1,192 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: cilium - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: cilium - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: default - source: - repoURL: {{ .Values.git.repo }} - targetRevision: {{ .Values.git.revision }} - path: clusters/{{ .Values.cluster.name }}/standalone/cilium - destination: - name: in-cluster - namespace: kube-system - revisionHistoryLimit: 3 - ignoreDifferences: - - group: monitoring.coreos.com - kind: ServiceMonitor - jqPathExpressions: - - .spec.endpoints[]?.relabelings[]?.action - syncPolicy: - automated: - prune: true - retry: - limit: 10 - backoff: - duration: 1m - factor: 2 - maxDuration: 16m - syncOptions: - - CreateNamespace=false - - ApplyOutOfSyncOnly=true - - ServerSideApply=true - - PruneLast=true - - RespectIgnoreDifferences=true - ---- -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: coredns - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: coredns - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: default - source: - repoURL: {{ .Values.git.repo }} - targetRevision: {{ .Values.git.revision }} - path: clusters/{{ .Values.cluster.name }}/standalone/coredns - destination: - name: in-cluster - namespace: kube-system - revisionHistoryLimit: 10 - syncPolicy: - automated: - prune: true - selfHeal: true - retry: - limit: 10 - backoff: - duration: 1m - factor: 2 - maxDuration: 16m - syncOptions: - - CreateNamespace=false - - ApplyOutOfSyncOnly=true - - ServerSideApply=true - - PruneLast=true - ---- -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: metrics-server - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: metrics-server - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: default - source: - repoURL: {{ .Values.git.repo }} - targetRevision: {{ .Values.git.revision }} - path: clusters/{{ .Values.cluster.name }}/standalone/metrics-server - destination: - name: in-cluster - namespace: kube-system - revisionHistoryLimit: 3 - syncPolicy: - automated: - prune: true - selfHeal: true - retry: - limit: 10 - backoff: - duration: 1m - factor: 2 - maxDuration: 16m - syncOptions: - - CreateNamespace=false - - ApplyOutOfSyncOnly=true - - ServerSideApply=true - - PruneLast=true - ---- -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: kubelet-serving-cert-approver - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: kubelet-serving-cert-approver - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: default - source: - repoURL: {{ .Values.git.repo }} - targetRevision: {{ .Values.git.revision }} - path: clusters/{{ .Values.cluster.name }}/standalone/kubelet-serving-cert-approver - destination: - name: in-cluster - namespace: kubelet-serving-cert-approver - revisionHistoryLimit: 3 - syncPolicy: - automated: - prune: true - retry: - limit: 10 - backoff: - duration: 1m - factor: 2 - maxDuration: 16m - syncOptions: - - CreateNamespace=true - - ApplyOutOfSyncOnly=true - - ServerSideApply=true - - PruneLast=true - ---- -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: prometheus-operator-crds - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: prometheus-operator-crds - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: default - source: - repoURL: {{ .Values.git.repo }} - targetRevision: {{ .Values.git.revision }} - path: clusters/{{ .Values.cluster.name }}/standalone/prometheus-operator-crds - destination: - name: in-cluster - namespace: kube-system - revisionHistoryLimit: 3 - syncPolicy: - automated: - prune: true - selfHeal: false - retry: - limit: 10 - backoff: - duration: 1m - factor: 2 - maxDuration: 16m - syncOptions: - - CreateNamespace=false - - ApplyOutOfSyncOnly=true - - ServerSideApply=true - - PruneLast=true diff --git a/clusters/cl01tl/deployment/stack/values.yaml b/clusters/cl01tl/deployment/stack/values.yaml deleted file mode 100644 index 810ff0032..000000000 --- a/clusters/cl01tl/deployment/stack/values.yaml +++ /dev/null @@ -1,112 +0,0 @@ -cluster: - name: cl01tl -git: - # repo: git@github.com:alexlebens/infrastructure.git - # repo: https://github.com/alexlebens/infrastructure.git - repo: http://gitea-http.gitea:3000/alexlebens/infrastructure - # repo: ssh://git@gitea-ssh.gitea/alexlebens/infrastructure - revision: HEAD -applicationSet: - - name: applications - ignoreDifferences: - - group: "" - kind: Service - jqPathExpressions: - - .spec.externalName - syncPolicy: - automated: - prune: true - syncOptions: - serverSideApply: true - - name: deployment - namespace: argocd - syncPolicy: - automated: - prune: true - syncOptions: - serverSideApply: true - - name: management - ignoreDifferences: - - group: "" - kind: Service - jqPathExpressions: - - .spec.externalName - syncPolicy: - automated: - prune: true - syncOptions: - serverSideApply: true - - name: monitoring - ignoreDifferences: - - group: "" - kind: Service - jqPathExpressions: - - .spec.externalName - - group: "apps" - kind: StatefulSet - jqPathExpressions: - - .spec.volumeClaimTemplates[]?.apiVersion - - .spec.volumeClaimTemplates[]?.kind - - .spec.volumeClaimTemplates[]?.metadata.creationTimestamp - syncPolicy: - automated: - prune: true - syncOptions: - serverSideApply: true - - name: platform - ignoreDifferences: - - group: "" - kind: Service - jqPathExpressions: - - .spec.externalName - - group: "apps" - kind: StatefulSet - jqPathExpressions: - - .spec.volumeClaimTemplates[]?.apiVersion - - .spec.volumeClaimTemplates[]?.kind - - .spec.volumeClaimTemplates[]?.metadata.creationTimestamp - syncPolicy: - automated: - prune: true - syncOptions: - serverSideApply: true - - name: services - ignoreDifferences: - - group: "" - kind: GpuDevicePlugin - jqPathExpressions: - - .metadata.annotations[] - - group: "apps" - kind: "Deployment" - jsonPointers: - - /spec/template/metadata/annotations/checksum~1secret - - /spec/template/metadata/annotations/checksum~1secret-core - - /spec/template/metadata/annotations/checksum~1secret-jobservice - - /spec/template/metadata/annotations/checksum~1tls - - group: "apps" - kind: "StatefulSet" - jsonPointers: - - /spec/template/metadata/annotations/checksum~1secret - - /spec/template/metadata/annotations/checksum~1tls - - group: "apps" - kind: StatefulSet - jqPathExpressions: - - .spec.volumeClaimTemplates[]?.apiVersion - - .spec.volumeClaimTemplates[]?.kind - - .spec.volumeClaimTemplates[]?.metadata.creationTimestamp - syncPolicy: - automated: - prune: true - syncOptions: - serverSideApply: true - - name: storage - ignoreDifferences: - - group: "" - kind: Service - jqPathExpressions: - - .spec.externalName - syncPolicy: - automated: - prune: true - syncOptions: - serverSideApply: true diff --git a/clusters/cl01tl/helm/actual/Chart.yaml b/clusters/cl01tl/helm/actual/Chart.yaml deleted file mode 100644 index 6b8121ad6..000000000 --- a/clusters/cl01tl/helm/actual/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: actual -version: 1.0.0 -description: Actual -keywords: - - actual - - budget -home: https://wiki.alexlebens.dev/s/86192f45-94b7-45de-872c-6ef3fec7df5e -sources: - - https://github.com/actualbudget/actual - - https://github.com/actualbudget/actual/pkgs/container/actual - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: actual - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png -appVersion: 25.11.0 diff --git a/clusters/cl01tl/helm/actual/templates/external-secret.yaml b/clusters/cl01tl/helm/actual/templates/external-secret.yaml deleted file mode 100644 index f22be7ac2..000000000 --- a/clusters/cl01tl/helm/actual/templates/external-secret.yaml +++ /dev/null @@ -1,55 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: actual-data-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: actual-data-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/actual/actual-data" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key diff --git a/clusters/cl01tl/helm/actual/templates/http-route.yaml b/clusters/cl01tl/helm/actual/templates/http-route.yaml deleted file mode 100644 index 4b308cee3..000000000 --- a/clusters/cl01tl/helm/actual/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-actual - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-actual - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - actual.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: actual - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/actual/templates/replication-source.yaml b/clusters/cl01tl/helm/actual/templates/replication-source.yaml deleted file mode 100644 index ba1340760..000000000 --- a/clusters/cl01tl/helm/actual/templates/replication-source.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: actual-data-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: actual-data-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: actual-data - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: actual-data-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/helm/actual/values.yaml b/clusters/cl01tl/helm/actual/values.yaml deleted file mode 100644 index 4bec1142c..000000000 --- a/clusters/cl01tl/helm/actual/values.yaml +++ /dev/null @@ -1,56 +0,0 @@ -actual: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/actualbudget/actual - tag: 25.11.0 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - resources: - requests: - cpu: 10m - memory: 128Mi - probes: - liveness: - enabled: true - custom: true - spec: - exec: - command: - - /usr/bin/env - - bash - - -c - - node src/scripts/health-check.js - failureThreshold: 5 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 10 - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 5006 - protocol: HTTP - persistence: - data: - forceRename: actual-data - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 2Gi - retain: true - advancedMounts: - main: - main: - - path: /data - readOnly: false diff --git a/clusters/cl01tl/helm/audiobookshelf/Chart.yaml b/clusters/cl01tl/helm/audiobookshelf/Chart.yaml deleted file mode 100644 index 34b451361..000000000 --- a/clusters/cl01tl/helm/audiobookshelf/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v2 -name: audiobookshelf -version: 1.0.0 -description: Audiobookshelf -keywords: - - audiobookshelf - - books - - podcasts - - audiobooks -home: https://wiki.alexlebens.dev/s/d4d6719f-cd1c-4b6e-b78e-2d2d7a5097d7 -sources: - - https://github.com/advplyr/audiobookshelf - - https://github.com/advplyr/audiobookshelf/pkgs/container/audiobookshelf - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: audiobookshelf - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png -appVersion: 2.21.0 diff --git a/clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml b/clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml deleted file mode 100644 index d1da422a3..000000000 --- a/clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml +++ /dev/null @@ -1,135 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: audiobookshelf-apprise-config - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: audiobookshelf-apprise-config - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ntfy-url - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/audiobookshelf/apprise - metadataPolicy: None - property: ntfy-url - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: audiobookshelf-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: audiobookshelf-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/audiobookshelf/audiobookshelf-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: audiobookshelf-metadata-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: audiobookshelf-metadata-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/audiobookshelf/audiobookshelf-metadata" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key diff --git a/clusters/cl01tl/helm/audiobookshelf/templates/http-route.yaml b/clusters/cl01tl/helm/audiobookshelf/templates/http-route.yaml deleted file mode 100644 index 1d9329717..000000000 --- a/clusters/cl01tl/helm/audiobookshelf/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-audiobookshelf - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-audiobookshelf - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - audiobookshelf.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: audiobookshelf - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume-claim.yaml deleted file mode 100644 index d31621e69..000000000 --- a/clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: audiobookshelf-nfs-storage-backup - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: audiobookshelf-nfs-storage-backup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeMode: Filesystem - storageClassName: nfs-client - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: audiobookshelf-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: audiobookshelf-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: audiobookshelf-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume.yaml b/clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume.yaml deleted file mode 100644 index 793addc71..000000000 --- a/clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: audiobookshelf-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: audiobookshelf-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/helm/audiobookshelf/templates/replication-source.yaml b/clusters/cl01tl/helm/audiobookshelf/templates/replication-source.yaml deleted file mode 100644 index 844a9a5ab..000000000 --- a/clusters/cl01tl/helm/audiobookshelf/templates/replication-source.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: audiobookshelf-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: audiobookshelf-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: audiobookshelf-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: audiobookshelf-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot - ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: audiobookshelf-metadata-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: audiobookshelf-metadata-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: audiobookshelf-metadata - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: audiobookshelf-metadata-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/helm/audiobookshelf/templates/service-monitor.yaml b/clusters/cl01tl/helm/audiobookshelf/templates/service-monitor.yaml deleted file mode 100644 index 5e6974279..000000000 --- a/clusters/cl01tl/helm/audiobookshelf/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: audiobookshelf-apprise - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: audiobookshelf-apprise - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - endpoints: - - port: apprise - interval: 30s - scrapeTimeout: 15s - path: /metrics - selector: - matchLabels: - app.kubernetes.io/name: audiobookshelf - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/clusters/cl01tl/helm/audiobookshelf/values.yaml b/clusters/cl01tl/helm/audiobookshelf/values.yaml deleted file mode 100644 index 91d1126da..000000000 --- a/clusters/cl01tl/helm/audiobookshelf/values.yaml +++ /dev/null @@ -1,94 +0,0 @@ -audiobookshelf: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/advplyr/audiobookshelf - tag: 2.30.0 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - resources: - requests: - cpu: 10m - memory: 128Mi - apprise-api: - image: - repository: caronc/apprise - tag: 1.2.6 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PGID - value: "1000" - - name: PUID - value: "1000" - - name: APPRISE_STORAGE_MODE - value: memory - - name: APPRISE_STATEFUL_MODE - value: disabled - - name: APPRISE_WORKER_COUNT - value: 1 - - name: APPRISE_STATELESS_URLS - valueFrom: - secretKeyRef: - name: audiobookshelf-apprise-config - key: ntfy-url - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 80 - protocol: HTTP - apprise: - port: 8000 - targetPort: 8000 - protocol: HTTP - persistence: - config: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 2Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - metadata: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 10Gi - retain: true - advancedMounts: - main: - main: - - path: /metadata - readOnly: false - backup: - existingClaim: audiobookshelf-nfs-storage-backup - advancedMounts: - main: - main: - - path: /metadata/backups - readOnly: false - audiobooks: - existingClaim: audiobookshelf-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store/ - readOnly: false diff --git a/clusters/cl01tl/helm/bazarr/Chart.yaml b/clusters/cl01tl/helm/bazarr/Chart.yaml deleted file mode 100644 index cc20db826..000000000 --- a/clusters/cl01tl/helm/bazarr/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v2 -name: bazarr -version: 1.0.0 -description: Bazarr -keywords: - - bazarr - - servarr - - subtitles -home: https://wiki.alexlebens.dev/s/92784d53-1d43-42fd-b509-f42c73454226 -sources: - - https://github.com/morpheus65535/bazarr - - https://github.com/linuxserver/docker-bazarr - - https://github.com/linuxserver/docker-bazarr/pkgs/container/bazarr - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: bazarr - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/bazarr.png -appVersion: 1.5.2 diff --git a/clusters/cl01tl/helm/bazarr/templates/external-secret.yaml b/clusters/cl01tl/helm/bazarr/templates/external-secret.yaml deleted file mode 100644 index 40e7170bb..000000000 --- a/clusters/cl01tl/helm/bazarr/templates/external-secret.yaml +++ /dev/null @@ -1,55 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: bazarr-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: bazarr-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/bazarr/bazarr-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key diff --git a/clusters/cl01tl/helm/bazarr/templates/http-route.yaml b/clusters/cl01tl/helm/bazarr/templates/http-route.yaml deleted file mode 100644 index 3e5439d60..000000000 --- a/clusters/cl01tl/helm/bazarr/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-bazarr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-bazarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - bazarr.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: bazarr - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/bazarr/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/bazarr/templates/persistent-volume-claim.yaml deleted file mode 100644 index 6cf8cb968..000000000 --- a/clusters/cl01tl/helm/bazarr/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: bazarr-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: bazarr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: bazarr-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/helm/bazarr/templates/persistent-volume.yaml b/clusters/cl01tl/helm/bazarr/templates/persistent-volume.yaml deleted file mode 100644 index c61824875..000000000 --- a/clusters/cl01tl/helm/bazarr/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: bazarr-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: bazarr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/helm/bazarr/templates/replication-source.yaml b/clusters/cl01tl/helm/bazarr/templates/replication-source.yaml deleted file mode 100644 index fee25927c..000000000 --- a/clusters/cl01tl/helm/bazarr/templates/replication-source.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: bazarr-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: bazarr-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: bazarr-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: bazarr-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - moverSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/helm/bazarr/values.yaml b/clusters/cl01tl/helm/bazarr/values.yaml deleted file mode 100644 index 0b824381d..000000000 --- a/clusters/cl01tl/helm/bazarr/values.yaml +++ /dev/null @@ -1,57 +0,0 @@ -bazarr: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - containers: - main: - image: - repository: ghcr.io/linuxserver/bazarr - tag: 1.5.3@sha256:2be164c02c0bb311b6c32e57d3d0ddc2813d524e89ab51a3408c1bf6fafecda5 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - resources: - requests: - cpu: 10m - memory: 256Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 6767 - protocol: HTTP - persistence: - config: - forceRename: bazarr-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - media: - existingClaim: bazarr-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: false diff --git a/clusters/cl01tl/helm/booklore/Chart.yaml b/clusters/cl01tl/helm/booklore/Chart.yaml deleted file mode 100644 index db03241d0..000000000 --- a/clusters/cl01tl/helm/booklore/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v2 -name: booklore -version: 1.0.0 -description: booklore -keywords: - - booklore - - books -home: https://wiki.alexlebens.dev/ -sources: - - https://github.com/booklore-app/BookLore - - https://github.com/booklore-app/booklore/pkgs/container/booklore - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: booklore - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: mariadb-cluster - version: 25.10.2 - repository: https://helm.mariadb.com/mariadb-operator -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/booklore.png -appVersion: v.1.10.0 diff --git a/clusters/cl01tl/helm/booklore/templates/external-secret.yaml b/clusters/cl01tl/helm/booklore/templates/external-secret.yaml deleted file mode 100644 index bae429731..000000000 --- a/clusters/cl01tl/helm/booklore/templates/external-secret.yaml +++ /dev/null @@ -1,332 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: booklore-database-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-database-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: password - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/booklore/database - metadataPolicy: None - property: password - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: booklore-data-replication-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-data-replication-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: psk.txt - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/booklore/replication - metadataPolicy: None - property: psk.txt - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: booklore-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/booklore/booklore-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /volsync/restic/digital-ocean - metadataPolicy: None - property: BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /volsync/restic/digital-ocean - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: AWS_ACCESS_KEY_ID - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: AWS_SECRET_ACCESS_KEY - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: booklore-data-backup-secret-local - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-data-backup-secret-local - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/booklore/booklore-data" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /volsync/restic/garage-local - metadataPolicy: None - property: BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /volsync/restic/garage-local - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/volsync-backups - metadataPolicy: None - property: ACCESS_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/volsync-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/volsync-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: booklore-data-backup-secret-remote - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-data-backup-secret-remote - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/booklore/booklore-data" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /volsync/restic/garage-remote - metadataPolicy: None - property: BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /volsync/restic/garage-remote - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/volsync-backups - metadataPolicy: None - property: ACCESS_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/volsync-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/volsync-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: booklore-data-backup-secret-external - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-data-backup-secret-external - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/booklore/booklore-data" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /volsync/restic/digital-ocean - metadataPolicy: None - property: BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /volsync/restic/digital-ocean - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: AWS_ACCESS_KEY_ID - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: AWS_SECRET_ACCESS_KEY - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: booklore-mariadb-cluster-backup-secret-external - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-mariadb-cluster-backup-secret-external - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: access - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/mariadb-backups - metadataPolicy: None - property: access - - secretKey: secret - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/mariadb-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: booklore-mariadb-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-mariadb-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: access - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/mariadb-backups - metadataPolicy: None - property: access - - secretKey: secret - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/mariadb-backups - metadataPolicy: None - property: secret diff --git a/clusters/cl01tl/helm/booklore/templates/http-route.yaml b/clusters/cl01tl/helm/booklore/templates/http-route.yaml deleted file mode 100644 index a6156305e..000000000 --- a/clusters/cl01tl/helm/booklore/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-booklore - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-booklore - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - booklore.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: booklore - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/booklore/templates/namespace.yaml b/clusters/cl01tl/helm/booklore/templates/namespace.yaml deleted file mode 100644 index 11d8d8e2e..000000000 --- a/clusters/cl01tl/helm/booklore/templates/namespace.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: booklore - annotations: - volsync.backube/privileged-movers: "true" - labels: - app.kubernetes.io/name: booklore - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} diff --git a/clusters/cl01tl/helm/booklore/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/booklore/templates/persistent-volume-claim.yaml deleted file mode 100644 index f21d20472..000000000 --- a/clusters/cl01tl/helm/booklore/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: booklore-books-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-books-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: booklore-books-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi - ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: booklore-books-import-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-books-import-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: booklore-books-import-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/helm/booklore/templates/persistent-volume.yaml b/clusters/cl01tl/helm/booklore/templates/persistent-volume.yaml deleted file mode 100644 index f50dc7e7a..000000000 --- a/clusters/cl01tl/helm/booklore/templates/persistent-volume.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: booklore-books-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-books-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage/Books - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac - ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: booklore-books-import-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-books-import-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage/Books Import - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/helm/booklore/templates/replication-destination.yaml b/clusters/cl01tl/helm/booklore/templates/replication-destination.yaml deleted file mode 100644 index 5b70c0281..000000000 --- a/clusters/cl01tl/helm/booklore/templates/replication-destination.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationDestination -metadata: - name: booklore-data-replication-destination - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-data-replication-destination - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - rsyncTLS: - copyMethod: Direct - accessModes: ["ReadWriteMany"] - destinationPVC: booklore-books-nfs-storage - keySecret: booklore-data-replication-secret diff --git a/clusters/cl01tl/helm/booklore/templates/replication-source.yaml b/clusters/cl01tl/helm/booklore/templates/replication-source.yaml deleted file mode 100644 index e7d891619..000000000 --- a/clusters/cl01tl/helm/booklore/templates/replication-source.yaml +++ /dev/null @@ -1,129 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: booklore-data-replication-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-data-replication-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: booklore-data - trigger: - schedule: "0 0 * * *" - rsyncTLS: - keySecret: booklore-data-replication-secret - address: volsync-rsync-tls-dst-booklore-data-replication-destination - copyMethod: Snapshot - ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: booklore-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: booklore-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: booklore-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot - cacheCapacity: 10Gi - ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: booklore-data-backup-source-local - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-data-backup-source-local - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: booklore-data - trigger: - schedule: 0 2 * * * - restic: - pruneIntervalDays: 7 - repository: booklore-data-backup-secret-local - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot - cacheCapacity: 10Gi - ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: booklore-data-backup-source-remote - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-data-backup-source-remote - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: booklore-data - trigger: - schedule: 0 3 * * * - restic: - pruneIntervalDays: 7 - repository: booklore-data-backup-secret-remote - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot - cacheCapacity: 10Gi - ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: booklore-data-backup-source-external - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: booklore-data-backup-source-external - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: booklore-data - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: booklore-data-backup-secret-external - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot - cacheCapacity: 10Gi diff --git a/clusters/cl01tl/helm/booklore/templates/service.yaml b/clusters/cl01tl/helm/booklore/templates/service.yaml deleted file mode 100644 index 4d10a9638..000000000 --- a/clusters/cl01tl/helm/booklore/templates/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: garage-ps10rp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: garage-ps10rp - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - annotations: - tailscale.com/tailnet-fqdn: garage-ps10rp.boreal-beaufort.ts.net -spec: - externalName: placeholder - type: ExternalName diff --git a/clusters/cl01tl/helm/booklore/values.yaml b/clusters/cl01tl/helm/booklore/values.yaml deleted file mode 100644 index e8ca17ea5..000000000 --- a/clusters/cl01tl/helm/booklore/values.yaml +++ /dev/null @@ -1,155 +0,0 @@ -booklore: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/booklore-app/booklore - tag: v1.12.0 - pullPolicy: IfNotPresent - env: - - name: TZ - value: America/Chicago - - name: DATABASE_URL - value: jdbc:mariadb://booklore-mariadb-cluster-primary.booklore:3306/booklore - - name: DATABASE_USERNAME - value: booklore - - name: DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: booklore-database-secret - key: password - - name: BOOKLORE_PORT - value: 6060 - - name: SWAGGER_ENABLED - value: false - resources: - requests: - cpu: 50m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 6060 - protocol: HTTP - persistence: - config: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - main: - - path: /app/data - readOnly: false - data: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 10Gi - retain: true - advancedMounts: - main: - main: - - path: /data - readOnly: false - books-import: - type: emptyDir - advancedMounts: - main: - main: - - path: /bookdrop - readOnly: false - ingest: - existingClaim: booklore-books-import-nfs-storage - advancedMounts: - main: - main: - - path: /bookdrop/ingest - readOnly: false -mariadb-cluster: - mariadb: - rootPasswordSecretKeyRef: - generate: false - name: booklore-database-secret - key: password - storage: - size: 5Gi - replicas: 3 - galera: - enabled: true - databases: - - name: booklore - characterSet: utf8 - collate: utf8_general_ci - cleanupPolicy: Delete - requeueInterval: 10h - users: - - name: booklore - passwordSecretKeyRef: - name: booklore-database-secret - key: password - host: '%' - cleanupPolicy: Delete - requeueInterval: 10h - retryInterval: 30s - grants: - - name: booklore - privileges: - - "ALL PRIVILEGES" - database: "booklore" - table: "*" - username: booklore - grantOption: true - host: '%' - cleanupPolicy: Delete - requeueInterval: 10h - retryInterval: 30s - physicalBackups: - - name: backup-external - schedule: - cron: "0 0 * * 0" - suspend: false - immediate: true - compression: gzip - maxRetention: 720h - storage: - s3: - bucket: mariadb-backups-b230a2f5aecf080a4b372c08 - prefix: cl01tl/booklore - endpoint: nyc3.digitaloceanspaces.com - region: us-east-1 - accessKeyIdSecretKeyRef: - name: booklore-mariadb-cluster-backup-secret-external - key: access - secretAccessKeySecretKeyRef: - name: booklore-mariadb-cluster-backup-secret-external - key: secret - tls: - enabled: true - - name: backup-garage - schedule: - cron: "0 0 * * *" - suspend: false - immediate: true - compression: gzip - maxRetention: 360h - storage: - s3: - bucket: mariadb-backups - prefix: cl01tl/booklore - endpoint: garage-main.garage:3900 - region: us-east-1 - accessKeyIdSecretKeyRef: - name: booklore-mariadb-cluster-backup-secret-garage - key: access - secretAccessKeySecretKeyRef: - name: booklore-mariadb-cluster-backup-secret-garage - key: secret diff --git a/clusters/cl01tl/helm/code-server/Chart.yaml b/clusters/cl01tl/helm/code-server/Chart.yaml deleted file mode 100644 index 6dab9e91c..000000000 --- a/clusters/cl01tl/helm/code-server/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v2 -name: code-server -version: 1.0.0 -description: Code Server -keywords: - - code-server - - code - - ide -home: https://wiki.alexlebens.dev/s/233f96bb-db70-47e4-8b22-a8efcbb0f93d -sources: - - https://github.com/coder/code-server - - https://github.com/cloudflare/cloudflared - - https://hub.docker.com/r/linuxserver/code-server - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: code-server - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: cloudflared - alias: cloudflared - repository: oci://harbor.alexlebens.net/helm-charts - version: 1.23.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png -appVersion: 4.100.2 diff --git a/clusters/cl01tl/helm/code-server/templates/external-secret.yaml b/clusters/cl01tl/helm/code-server/templates/external-secret.yaml deleted file mode 100644 index 4ec6bb8ac..000000000 --- a/clusters/cl01tl/helm/code-server/templates/external-secret.yaml +++ /dev/null @@ -1,51 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: codeserver-password-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: codeserver-password-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/code-server/auth - metadataPolicy: None - property: PASSWORD - - secretKey: SUDO_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/code-server/auth - metadataPolicy: None - property: SUDO_PASSWORD - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: code-server-cloudflared-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: code-server-cloudflared-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/codeserver - metadataPolicy: None - property: token diff --git a/clusters/cl01tl/helm/code-server/templates/http-route.yaml b/clusters/cl01tl/helm/code-server/templates/http-route.yaml deleted file mode 100644 index 0bd454572..000000000 --- a/clusters/cl01tl/helm/code-server/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-code-server - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-code-server - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - code-server.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: code-server - port: 8443 - weight: 100 diff --git a/clusters/cl01tl/helm/code-server/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/code-server/templates/persistent-volume-claim.yaml deleted file mode 100644 index b4900de2a..000000000 --- a/clusters/cl01tl/helm/code-server/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: code-server-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: code-server-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeMode: Filesystem - storageClassName: nfs-client - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/helm/code-server/values.yaml b/clusters/cl01tl/helm/code-server/values.yaml deleted file mode 100644 index 6d44cc286..000000000 --- a/clusters/cl01tl/helm/code-server/values.yaml +++ /dev/null @@ -1,47 +0,0 @@ -code-server: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/linuxserver/code-server - tag: 4.106.2@sha256:a98afdbcb59559f11e5e8df284062e55da1076b2e470e13db4aae133ea82bad0 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - - name: DEFAULT_WORKSPACE - value: /config - envFrom: - - secretRef: - name: codeserver-password-secret - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 8443 - targetPort: 8443 - protocol: HTTP - persistence: - config: - existingClaim: code-server-nfs-storage - advancedMounts: - main: - main: - - path: /config - readOnly: false -cloudflared: - existingSecretName: code-server-cloudflared-secret diff --git a/clusters/cl01tl/helm/directus/Chart.yaml b/clusters/cl01tl/helm/directus/Chart.yaml deleted file mode 100644 index a5b6f8b16..000000000 --- a/clusters/cl01tl/helm/directus/Chart.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: v2 -name: directus -version: 1.0.0 -description: Directus -keywords: - - directus - - cms -home: https://wiki.alexlebens.dev/s/c2d242de-dcaa-4801-86a2-c4761dc8bf9b -sources: - - https://github.com/directus/directus - - https://github.com/cloudflare/cloudflared - - https://github.com/cloudnative-pg/cloudnative-pg - - https://hub.docker.com/r/directus/directus - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: directus - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: cloudflared - alias: cloudflared-directus - repository: oci://harbor.alexlebens.net/helm-charts - version: 1.23.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png -appVersion: 11.7.2 diff --git a/clusters/cl01tl/helm/directus/templates/external-secret.yaml b/clusters/cl01tl/helm/directus/templates/external-secret.yaml deleted file mode 100644 index a225e81e2..000000000 --- a/clusters/cl01tl/helm/directus/templates/external-secret.yaml +++ /dev/null @@ -1,245 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: directus-config - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: directus-config - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: admin-email - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/directus/config - metadataPolicy: None - property: admin-email - - secretKey: admin-password - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/directus/config - metadataPolicy: None - property: admin-password - - secretKey: secret - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/directus/config - metadataPolicy: None - property: secret - - secretKey: key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/directus/config - metadataPolicy: None - property: key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: directus-metric-token - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: directus-metric-token - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: metric-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/directus/metrics - metadataPolicy: None - property: metric-token - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: directus-redis-config - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: directus-redis-config - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: user - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/directus/redis - metadataPolicy: None - property: user - - secretKey: password - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/directus/redis - metadataPolicy: None - property: password - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: directus-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: directus-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: OIDC_CLIENT_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/directus - metadataPolicy: None - property: client - - secretKey: OIDC_CLIENT_SECRET - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/directus - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: directus-cloudflared-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: directus-cloudflared-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/directus - metadataPolicy: None - property: token - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: directus-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: directus-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: directus-postgresql-17-cluster-backup-secret-weekly - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: directus-postgresql-17-cluster-backup-secret-weekly - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: directus-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: directus-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/helm/directus/templates/object-bucket-claim.yaml b/clusters/cl01tl/helm/directus/templates/object-bucket-claim.yaml deleted file mode 100644 index a512754f0..000000000 --- a/clusters/cl01tl/helm/directus/templates/object-bucket-claim.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: objectbucket.io/v1alpha1 -kind: ObjectBucketClaim -metadata: - name: ceph-bucket-directus - labels: - app.kubernetes.io/name: ceph-bucket-directus - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - generateBucketName: bucket-directus - storageClassName: ceph-bucket diff --git a/clusters/cl01tl/helm/directus/templates/redis-replication.yaml b/clusters/cl01tl/helm/directus/templates/redis-replication.yaml deleted file mode 100644 index 7fcb79d3b..000000000 --- a/clusters/cl01tl/helm/directus/templates/redis-replication.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: redis-replication-directus - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-directus - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - clusterSize: 3 - podSecurityContext: - runAsUser: 1000 - fsGroup: 1000 - kubernetesConfig: - image: quay.io/opstree/redis:v8.2.1 - imagePullPolicy: IfNotPresent - redisSecret: - name: directus-redis-config - key: password - resources: - requests: - cpu: 50m - memory: 128Mi - storage: - volumeClaimTemplate: - spec: - storageClassName: ceph-block - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 1Gi - redisExporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.76.0 diff --git a/clusters/cl01tl/helm/directus/templates/redis-sentinel.yaml b/clusters/cl01tl/helm/directus/templates/redis-sentinel.yaml deleted file mode 100644 index b7fdb8a6a..000000000 --- a/clusters/cl01tl/helm/directus/templates/redis-sentinel.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisSentinel -metadata: - name: redis-sentinel-directus - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-sentinel-directus - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - clusterSize: 3 - podSecurityContext: - runAsUser: 1000 - fsGroup: 1000 - redisSentinelConfig: - redisReplicationName: redis-replication-directus - redisReplicationPassword: - secretKeyRef: - name: directus-redis-config - key: password - kubernetesConfig: - image: quay.io/opstree/redis-sentinel:v7.0.15 - imagePullPolicy: IfNotPresent - redisSecret: - name: directus-redis-config - key: password - resources: - requests: - cpu: 10m - memory: 128Mi diff --git a/clusters/cl01tl/helm/directus/templates/service-monitor.yaml b/clusters/cl01tl/helm/directus/templates/service-monitor.yaml deleted file mode 100644 index 2e0768ec2..000000000 --- a/clusters/cl01tl/helm/directus/templates/service-monitor.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: directus - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: directus - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: directus - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: http - interval: 30s - scrapeTimeout: 15s - path: /metrics - bearerTokenSecret: - name: directus-metric-token - key: metric-token - ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: redis-replication-directus - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-directus - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - redis-operator: "true" - env: production -spec: - selector: - matchLabels: - redis_setup_type: replication - endpoints: - - port: redis-exporter - interval: 30s - scrapeTimeout: 10s diff --git a/clusters/cl01tl/helm/directus/values.yaml b/clusters/cl01tl/helm/directus/values.yaml deleted file mode 100644 index 10200a62b..000000000 --- a/clusters/cl01tl/helm/directus/values.yaml +++ /dev/null @@ -1,214 +0,0 @@ -directus: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: directus/directus - tag: 11.13.4 - pullPolicy: IfNotPresent - env: - - name: PUBLIC_URL - value: https://directus.alexlebens.dev - - name: WEBSOCKETS_ENABLED - value: true - - name: ADMIN_EMAIL - valueFrom: - secretKeyRef: - name: directus-config - key: admin-email - - name: ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: directus-config - key: admin-password - - name: SECRET - valueFrom: - secretKeyRef: - name: directus-config - key: secret - - name: KEY - valueFrom: - secretKeyRef: - name: directus-config - key: key - - name: DB_CLIENT - value: postgres - - name: DB_HOST - valueFrom: - secretKeyRef: - name: directus-postgresql-17-cluster-app - key: host - - name: DB_DATABASE - valueFrom: - secretKeyRef: - name: directus-postgresql-17-cluster-app - key: dbname - - name: DB_PORT - valueFrom: - secretKeyRef: - name: directus-postgresql-17-cluster-app - key: port - - name: DB_USER - valueFrom: - secretKeyRef: - name: directus-postgresql-17-cluster-app - key: user - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: directus-postgresql-17-cluster-app - key: password - - name: SYNCHRONIZATION_STORE - value: redis - - name: CACHE_ENABLED - value: true - - name: CACHE_STORE - value: redis - - name: REDIS_ENABLED - value: true - - name: REDIS_HOST - value: redis-replication-directus-master - - name: REDIS_USERNAME - valueFrom: - secretKeyRef: - name: directus-redis-config - key: user - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: directus-redis-config - key: password - - name: STORAGE_LOCATIONS - value: s3 - - name: STORAGE_S3_DRIVER - value: s3 - - name: STORAGE_S3_KEY - valueFrom: - secretKeyRef: - name: ceph-bucket-directus - key: AWS_ACCESS_KEY_ID - - name: STORAGE_S3_SECRET - valueFrom: - secretKeyRef: - name: ceph-bucket-directus - key: AWS_SECRET_ACCESS_KEY - - name: STORAGE_S3_BUCKET - valueFrom: - configMapKeyRef: - name: ceph-bucket-directus - key: BUCKET_NAME - - name: STORAGE_S3_REGION - value: us-east-1 - - name: STORAGE_S3_ENDPOINT - value: http://rook-ceph-rgw-ceph-objectstore.rook-ceph.svc:80 - - name: STORAGE_S3_FORCE_PATH_STYLE - value: true - - name: AUTH_PROVIDERS - value: AUTHENTIK - - name: AUTH_AUTHENTIK_DRIVER - value: openid - - name: AUTH_AUTHENTIK_CLIENT_ID - valueFrom: - secretKeyRef: - name: directus-oidc-secret - key: OIDC_CLIENT_ID - - name: AUTH_AUTHENTIK_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: directus-oidc-secret - key: OIDC_CLIENT_SECRET - - name: AUTH_AUTHENTIK_SCOPE - value: openid profile email - - name: AUTH_AUTHENTIK_ISSUER_URL - value: https://auth.alexlebens.dev/application/o/directus/.well-known/openid-configuration - - name: AUTH_AUTHENTIK_IDENTIFIER_KEY - value: email - - name: AUTH_AUTHENTIK_ALLOW_PUBLIC_REGISTRATION - value: true - - name: AUTH_AUTHENTIK_LABEL - value: Authentik - - name: TELEMETRY - value: false - - name: METRICS_ENABLED - value: true - - name: METRICS_TOKENS - valueFrom: - secretKeyRef: - name: directus-metric-token - key: metric-token - resources: - requests: - cpu: 10m - memory: 256Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 8055 - protocol: TCP -cloudflared-directus: - name: cloudflared-directus - existingSecretName: directus-cloudflared-secret -postgres-17-cluster: - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/directus/directus-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: directus-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/directus/directus-postgresql-17-cluster - index: 1 - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/directus/directus-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: directus-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/directus/directus-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: directus-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 0 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/helm/element-web/Chart.yaml b/clusters/cl01tl/helm/element-web/Chart.yaml deleted file mode 100644 index 15490271e..000000000 --- a/clusters/cl01tl/helm/element-web/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v2 -name: element-web -version: 1.0.0 -description: Element Web -keywords: - - element-web - - chat - - matrix -home: https://wiki.alexlebens.dev/s/e3b03481-1a1d-4b56-8cd9-e75a8dcc0f6c -sources: - - https://github.com/element-hq/element-web - - https://github.com/cloudflare/cloudflared - - https://hub.docker.com/r/vectorim/element-web - - https://gitlab.com/ananace/charts/-/tree/master/charts/element-web - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared -maintainers: - - name: alexlebens -dependencies: - - name: element-web - version: 1.4.24 - repository: https://ananace.gitlab.io/charts - - name: cloudflared - alias: cloudflared - repository: oci://harbor.alexlebens.net/helm-charts - version: 1.23.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png -appVersion: v1.11.100 diff --git a/clusters/cl01tl/helm/element-web/templates/external-secret.yaml b/clusters/cl01tl/helm/element-web/templates/external-secret.yaml deleted file mode 100644 index 276c3f4a4..000000000 --- a/clusters/cl01tl/helm/element-web/templates/external-secret.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: element-web-cloudflared-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: element-web-cloudflared-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/element - metadataPolicy: None - property: token diff --git a/clusters/cl01tl/helm/element-web/values.yaml b/clusters/cl01tl/helm/element-web/values.yaml deleted file mode 100644 index 970e993ee..000000000 --- a/clusters/cl01tl/helm/element-web/values.yaml +++ /dev/null @@ -1,28 +0,0 @@ -element-web: - replicaCount: 1 - image: - repository: vectorim/element-web - tag: v1.12.4 - pullPolicy: IfNotPresent - defaultServer: - url: https://matrix.alexlebens.dev - name: alexlebens.dev - identity_url: https://alexlebens.dev - config: - disable_3pid_login: true - brand: "Alex Lebens" - branding: - welcome_background_url: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/background.jpg - auth_header_logo_url: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.png - sso_redirect_options: - immediate: true - default_theme: dark - default_country_code: US - ingress: - enabled: false - resources: - requests: - cpu: 10m - memory: 128Mi -cloudflared: - existingSecretName: element-web-cloudflared-secret diff --git a/clusters/cl01tl/helm/ephemera/Chart.yaml b/clusters/cl01tl/helm/ephemera/Chart.yaml deleted file mode 100644 index 607d0716b..000000000 --- a/clusters/cl01tl/helm/ephemera/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v2 -name: ephemera -version: 1.0.0 -description: ephemera -keywords: - - ephemera - - books -home: https://wiki.alexlebens.dev/ -sources: - - https://github.com/OrwellianEpilogue/ephemera - - https://github.com/FlareSolverr/FlareSolverr - - https://github.com/orwellianepilogue/ephemera/pkgs/container/ephemera - - https://github.com/flaresolverr/FlareSolverr/pkgs/container/flaresolverr - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: ephemera - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ephemera.png -appVersion: 1.3.1 diff --git a/clusters/cl01tl/helm/ephemera/templates/external-secret.yaml b/clusters/cl01tl/helm/ephemera/templates/external-secret.yaml deleted file mode 100644 index 492cdad34..000000000 --- a/clusters/cl01tl/helm/ephemera/templates/external-secret.yaml +++ /dev/null @@ -1,101 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: ephemera-key-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ephemera-key-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/ephemera/config - metadataPolicy: None - property: key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: ephemera-apprise-config - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ephemera-apprise-config - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ntfy-url - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/ephemera/config - metadataPolicy: None - property: ntfy-url - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: ephemera-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ephemera-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/ephemera/ephemera-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key diff --git a/clusters/cl01tl/helm/ephemera/templates/http-route.yaml b/clusters/cl01tl/helm/ephemera/templates/http-route.yaml deleted file mode 100644 index 16c8b2bbd..000000000 --- a/clusters/cl01tl/helm/ephemera/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-ephemera - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-ephemera - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - ephemera.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: ephemera - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/ephemera/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/ephemera/templates/persistent-volume-claim.yaml deleted file mode 100644 index 1efb18d02..000000000 --- a/clusters/cl01tl/helm/ephemera/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: ephemera-import-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ephemera-import-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: ephemera-import-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/helm/ephemera/templates/persistent-volume.yaml b/clusters/cl01tl/helm/ephemera/templates/persistent-volume.yaml deleted file mode 100644 index 78d5b4e6f..000000000 --- a/clusters/cl01tl/helm/ephemera/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: ephemera-import-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ephemera-import-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage/Books Import - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/helm/ephemera/templates/replication-source.yaml b/clusters/cl01tl/helm/ephemera/templates/replication-source.yaml deleted file mode 100644 index cffd4fcdf..000000000 --- a/clusters/cl01tl/helm/ephemera/templates/replication-source.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: ephemera-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ephemera-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: ephemera-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: ephemera-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot - cacheCapacity: 10Gi diff --git a/clusters/cl01tl/helm/ephemera/values.yaml b/clusters/cl01tl/helm/ephemera/values.yaml deleted file mode 100644 index 6fca7ddfb..000000000 --- a/clusters/cl01tl/helm/ephemera/values.yaml +++ /dev/null @@ -1,107 +0,0 @@ -ephemera: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/orwellianepilogue/ephemera - tag: 1.3.1 - pullPolicy: IfNotPresent - env: - - name: AA_BASE_URL - value: https://annas-archive.org - # - name: AA_API_KEY - # valueFrom: - # secretKeyRef: - # name: ephemera-key-secret - # key: key - - name: FLARESOLVERR_URL - value: http://127.0.0.1:8191 - - name: LG_BASE_URL - value: https://gen.com - - name: PUID - value: 0 - - name: PGID - value: 0 - resources: - requests: - cpu: 50m - memory: 128Mi - flaresolverr: - image: - repository: ghcr.io/flaresolverr/flaresolverr - tag: v3.4.5 - pullPolicy: IfNotPresent - env: - - name: LOG_LEVEL - value: info - - name: LOG_HTML - value: false - - name: CAPTCHA_SOLVER - value: none - - name: TZ - value: America/Chicago - resources: - requests: - cpu: 10m - memory: 128Mi - apprise-api: - image: - repository: caronc/apprise - tag: 1.2.6 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: APPRISE_STORAGE_MODE - value: memory - - name: APPRISE_STATEFUL_MODE - value: disabled - - name: APPRISE_WORKER_COUNT - value: 1 - - name: APPRISE_STATELESS_URLS - valueFrom: - secretKeyRef: - name: ephemera-apprise-config - key: ntfy-url - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 8286 - protocol: HTTP - persistence: - config: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - main: - - path: /app/data - readOnly: false - cache: - type: emptyDir - advancedMounts: - main: - main: - - path: /app/downloads - readOnly: false - ingest: - existingClaim: ephemera-import-nfs-storage - advancedMounts: - main: - main: - - path: /app/ingest - readOnly: false diff --git a/clusters/cl01tl/helm/freshrss/Chart.yaml b/clusters/cl01tl/helm/freshrss/Chart.yaml deleted file mode 100644 index 8cfa7feab..000000000 --- a/clusters/cl01tl/helm/freshrss/Chart.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: v2 -name: freshrss -version: 1.0.0 -description: FreshRSS -keywords: - - freshrss - - rss -home: https://wiki.alexlebens.dev/s/251cb7cb-2797-4bbb-8597-32757aa96391 -sources: - - https://github.com/FreshRSS/FreshRSS - - https://github.com/cloudflare/cloudflared - - https://github.com/cloudnative-pg/cloudnative-pg - - https://hub.docker.com/r/freshrss/freshrss - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: freshrss - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: cloudflared - alias: cloudflared - repository: oci://harbor.alexlebens.net/helm-charts - version: 1.23.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/freshrss.png -appVersion: 1.26.2 diff --git a/clusters/cl01tl/helm/freshrss/templates/external-secret.yaml b/clusters/cl01tl/helm/freshrss/templates/external-secret.yaml deleted file mode 100644 index c604c9e81..000000000 --- a/clusters/cl01tl/helm/freshrss/templates/external-secret.yaml +++ /dev/null @@ -1,219 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: freshrss-install-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: freshrss-install-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ADMIN_EMAIL - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/freshrss/config - metadataPolicy: None - property: ADMIN_EMAIL - - secretKey: ADMIN_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/freshrss/config - metadataPolicy: None - property: ADMIN_PASSWORD - - secretKey: ADMIN_API_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/freshrss/config - metadataPolicy: None - property: ADMIN_API_PASSWORD - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: freshrss-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: freshrss-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: OIDC_CLIENT_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/freshrss - metadataPolicy: None - property: client - - secretKey: OIDC_CLIENT_SECRET - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/freshrss - metadataPolicy: None - property: secret - - secretKey: OIDC_CLIENT_CRYPTO_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/freshrss - metadataPolicy: None - property: crypto-key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: freshrss-cloudflared-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: freshrss-cloudflared-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/freshrss - metadataPolicy: None - property: token - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: freshrss-data-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: freshrss-data-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/freshrss/freshrss-data" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: freshrss-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: freshrss-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: freshrss-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: freshrss-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/helm/freshrss/templates/replication-source.yaml b/clusters/cl01tl/helm/freshrss/templates/replication-source.yaml deleted file mode 100644 index 0b0e03a62..000000000 --- a/clusters/cl01tl/helm/freshrss/templates/replication-source.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: freshrss-data-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: freshrss-data-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: freshrss-data - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: freshrss-data-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - moverSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - fsGroupChangePolicy: OnRootMismatch - supplementalGroups: - - 44 - - 100 - - 109 - - 65539 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/helm/freshrss/values.yaml b/clusters/cl01tl/helm/freshrss/values.yaml deleted file mode 100644 index c328f13ec..000000000 --- a/clusters/cl01tl/helm/freshrss/values.yaml +++ /dev/null @@ -1,251 +0,0 @@ -freshrss: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - initContainers: - init-download-extension-1: - securityContext: - runAsUser: 0 - image: - repository: alpine - tag: 3.22.2 - pullPolicy: IfNotPresent - command: - - /bin/sh - - -ec - - | - apk add --no-cache git; - cd /tmp; - git clone -n --depth=1 --filter=tree:0 https://github.com/cn-tools/cntools_FreshRssExtensions.git; - cd cntools_FreshRssExtensions; - git sparse-checkout set --no-cone /xExtension-YouTubeChannel2RssFeed; - git checkout; - rm -rf /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed - cp -r xExtension-YouTubeChannel2RssFeed /var/www/FreshRSS/extensions - chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed - resources: - requests: - cpu: 10m - memory: 128Mi - init-download-extension-2: - securityContext: - runAsUser: 0 - image: - repository: alpine - tag: 3.22.2 - pullPolicy: IfNotPresent - command: - - /bin/sh - - -ec - - | - apk add --no-cache git; - cd /tmp; - git clone -n --depth=1 --filter=tree:0 https://github.com/FreshRSS/Extensions.git; - cd Extensions; - git sparse-checkout set --no-cone /xExtension-ImageProxy; - git checkout; - rm -rf /var/www/FreshRSS/extensions/xExtension-ImageProxy - cp -r xExtension-ImageProxy /var/www/FreshRSS/extensions - chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-ImageProxy - resources: - requests: - cpu: 10m - memory: 128Mi - init-download-extension-3: - securityContext: - runAsUser: 0 - image: - repository: alpine - tag: 3.22.2 - pullPolicy: IfNotPresent - command: - - /bin/sh - - -ec - - | - cd /tmp; - wget https://github.com/zimmra/xExtension-karakeep-button/archive/refs/tags/v1.1.tar.gz; - tar -xvzf *.tar.gz; - rm -rf /var/www/FreshRSS/extensions/xExtension-karakeep-button - mkdir /var/www/FreshRSS/extensions/xExtension-karakeep-button - cp -r /tmp/xExtension-karakeep-button-*/* /var/www/FreshRSS/extensions/xExtension-karakeep-button - chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-karakeep-button - resources: - requests: - cpu: 10m - memory: 128Mi - containers: - main: - image: - repository: freshrss/freshrss - tag: 1.27.1 - pullPolicy: IfNotPresent - env: - - name: PGID - value: "568" - - name: PUID - value: "568" - - name: TZ - value: US/Central - - name: FRESHRSS_ENV - value: production - - name: CRON_MIN - value: 13,43 - - name: BASE_URL - value: https://rss.alexlebens.dev - - name: DB_HOST - valueFrom: - secretKeyRef: - name: freshrss-postgresql-17-cluster-app - key: host - - name: DB_BASE - valueFrom: - secretKeyRef: - name: freshrss-postgresql-17-cluster-app - key: dbname - - name: DB_USER - valueFrom: - secretKeyRef: - name: freshrss-postgresql-17-cluster-app - key: user - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: freshrss-postgresql-17-cluster-app - key: password - - name: FRESHRSS_INSTALL - value: | - --api-enabled - --base-url $(BASE_URL) - --db-base $(DB_BASE) - --db-host $(DB_HOST) - --db-password $(DB_PASSWORD) - --db-type pgsql - --db-user $(DB_USER) - --auth-type http_auth - --default-user admin - --language en - - name: FRESHRSS_USER - value: | - --api-password $(ADMIN_API_PASSWORD) - --email $(ADMIN_EMAIL) - --language en - --password $(ADMIN_PASSWORD) - --user admin - - name: OIDC_ENABLED - value: 1 - - name: OIDC_PROVIDER_METADATA_URL - value: https://auth.alexlebens.dev/application/o/freshrss/.well-known/openid-configuration - - name: OIDC_X_FORWARDED_HEADERS - value: X-Forwarded-Port X-Forwarded-Proto X-Forwarded-Host - - name: OIDC_SCOPES - value: openid email profile - - name: OIDC_REMOTE_USER_CLAIM - value: preferred_username - envFrom: - - secretRef: - name: freshrss-oidc-secret - - secretRef: - name: freshrss-install-secret - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 80 - protocol: HTTP - persistence: - data: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - main: - - path: /var/www/FreshRSS/data - readOnly: false - extensions: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 1Gi - retain: true - advancedMounts: - main: - init-download-extension-1: - - path: /var/www/FreshRSS/extensions - readOnly: false - init-download-extension-2: - - path: /var/www/FreshRSS/extensions - readOnly: false - init-download-extension-3: - - path: /var/www/FreshRSS/extensions - readOnly: false - main: - - path: /var/www/FreshRSS/extensions - readOnly: false -cloudflared: - existingSecretName: freshrss-cloudflared-secret -postgres-17-cluster: - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/freshrss/freshrss-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: freshrss-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/freshrss/freshrss-postgresql-17-cluster - index: 1 - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/freshrss/freshrss-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: freshrss-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/freshrss/freshrss-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: freshrss-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 2 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/helm/home-assistant/Chart.yaml b/clusters/cl01tl/helm/home-assistant/Chart.yaml deleted file mode 100644 index e31b127db..000000000 --- a/clusters/cl01tl/helm/home-assistant/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v2 -name: home-assistant -version: 1.0.0 -description: Home Assistant -keywords: - - home-assistant - - home - - automation -home: https://wiki.alexlebens.dev/s/5462c17e-cd39-4082-ad01-94545a2fa3ca -sources: - - https://www.home-assistant.io/ - - https://github.com/home-assistant/core - - https://github.com/home-assistant/core/pkgs/container/home-assistant - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: home-assistant - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/home-assistant.png -appVersion: 2025.5.2 diff --git a/clusters/cl01tl/helm/home-assistant/templates/external-secret.yaml b/clusters/cl01tl/helm/home-assistant/templates/external-secret.yaml deleted file mode 100644 index 8831bf961..000000000 --- a/clusters/cl01tl/helm/home-assistant/templates/external-secret.yaml +++ /dev/null @@ -1,51 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: home-assistant-code-server-password-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: home-assistant-code-server-password-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/home-assistant/code-server/auth - metadataPolicy: None - property: PASSWORD - - secretKey: SUDO_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/home-assistant/code-server/auth - metadataPolicy: None - property: SUDO_PASSWORD - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: home-assistant-token-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: home-assistant-token-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: bearer-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/home-assistant/auth - metadataPolicy: None - property: bearer-token diff --git a/clusters/cl01tl/helm/home-assistant/templates/http-route.yaml b/clusters/cl01tl/helm/home-assistant/templates/http-route.yaml deleted file mode 100644 index 3c74c7c72..000000000 --- a/clusters/cl01tl/helm/home-assistant/templates/http-route.yaml +++ /dev/null @@ -1,58 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-home-assistant - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-home-assistant - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - home-assistant.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: home-assistant-main - port: 80 - weight: 100 - ---- -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-home-assistant-code-server - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-home-assistant-code-server - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - home-assistant-code-server.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: home-assistant-code-server - port: 8443 - weight: 100 diff --git a/clusters/cl01tl/helm/home-assistant/templates/service-monitor.yaml b/clusters/cl01tl/helm/home-assistant/templates/service-monitor.yaml deleted file mode 100644 index fa644fab1..000000000 --- a/clusters/cl01tl/helm/home-assistant/templates/service-monitor.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: home-assistant - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: home-assistant - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: home-assistant - app.kubernetes.io/service: home-assistant-main - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: http - interval: 3m - scrapeTimeout: 1m - path: /api/prometheus - bearerTokenSecret: - name: home-assistant-token-secret - key: bearer-token diff --git a/clusters/cl01tl/helm/home-assistant/values.yaml b/clusters/cl01tl/helm/home-assistant/values.yaml deleted file mode 100644 index 8e49734a4..000000000 --- a/clusters/cl01tl/helm/home-assistant/values.yaml +++ /dev/null @@ -1,70 +0,0 @@ -home-assistant: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/home-assistant/home-assistant - tag: 2025.11.3 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - resources: - requests: - cpu: 50m - memory: 512Mi - code-server: - image: - repository: ghcr.io/linuxserver/code-server - tag: 4.106.2@sha256:a98afdbcb59559f11e5e8df284062e55da1076b2e470e13db4aae133ea82bad0 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - - name: DEFAULT_WORKSPACE - value: /config - envFrom: - - secretRef: - name: home-assistant-code-server-password-secret - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 8123 - protocol: TCP - code-server: - controller: main - ports: - http: - port: 8443 - targetPort: 8443 - protocol: HTTP - persistence: - config: - forceRename: home-assistant-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - advancedMounts: - main: - main: - - path: /config - readOnly: false - code-server: - - path: /config/home-assistant - readOnly: false diff --git a/clusters/cl01tl/helm/homepage-dev/Chart.yaml b/clusters/cl01tl/helm/homepage-dev/Chart.yaml deleted file mode 100644 index 4b115d15b..000000000 --- a/clusters/cl01tl/helm/homepage-dev/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v2 -name: homepage -version: 1.0.0 -description: Homepage -keywords: - - homepage - - dashboard -home: https://wiki.alexlebens.dev/s/a5fabd91-3d89-4e2b-9417-06111aedaeaa -sources: - - https://github.com/gethomepage/homepage - - https://github.com/cloudflare/cloudflared - - https://github.com/gethomepage/homepage/pkgs/container/homepage - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: homepage - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: cloudflared - alias: cloudflared - repository: oci://harbor.alexlebens.net/helm-charts - version: 1.23.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/homepage.png -appVersion: v1.2.0 diff --git a/clusters/cl01tl/helm/homepage-dev/templates/external-secret.yaml b/clusters/cl01tl/helm/homepage-dev/templates/external-secret.yaml deleted file mode 100644 index d0292e50a..000000000 --- a/clusters/cl01tl/helm/homepage-dev/templates/external-secret.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: homepage-dev-cloudflared-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: homepage-dev-cloudflared-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/homepage-dev - metadataPolicy: None - property: token diff --git a/clusters/cl01tl/helm/homepage-dev/values.yaml b/clusters/cl01tl/helm/homepage-dev/values.yaml deleted file mode 100644 index 75dcc2964..000000000 --- a/clusters/cl01tl/helm/homepage-dev/values.yaml +++ /dev/null @@ -1,167 +0,0 @@ -homepage: - global: - nameOverride: homepage - controllers: - main: - type: deployment - annotations: - reloader.stakater.com/auto: "true" - strategy: Recreate - containers: - main: - image: - repository: ghcr.io/gethomepage/homepage - tag: v1.7.0 - pullPolicy: IfNotPresent - env: - - name: HOMEPAGE_ALLOWED_HOSTS - value: home.alexlebens.dev - resources: - requests: - cpu: 10m - memory: 128Mi - configMaps: - config: - enabled: true - data: - docker.yaml: "" - kubernetes.yaml: "" - settings.yaml: | - favicon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.svg - headerStyle: clean - hideVersion: true - color: zinc - background: - image: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/background.jpg - brightness: 50 - theme: dark - disableCollapse: true - widgets.yaml: | - - logo: - icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.png - - datetime: - text_size: xl - format: - dateStyle: long - timeStyle: short - hour12: false - - openmeteo: - label: St. Paul - latitude: 44.954445 - longitude: -93.091301 - timezone: America/Chicago - units: metric - cache: 5 - format: - maximumFractionDigits: 0 - services.yaml: | - - Applications: - - Auth: - icon: sh-authentik.webp - description: Authentik - href: https://auth.alexlebens.dev - siteMonitor: https://auth.alexlebens.dev - statusStyle: dot - - Gitea: - icon: sh-gitea.webp - description: Gitea - href: https://gitea.alexlebens.dev - siteMonitor: https://gitea.alexlebens.dev - statusStyle: dot - - Code: - icon: sh-visual-studio-code.webp - description: VS Code - href: https://codeserver.alexlebens.dev - siteMonitor: https://codeserver.alexlebens.dev - statusStyle: dot - - Site: - icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.png - description: Profile Website - href: https://www.alexlebens.dev - siteMonitor: https://www.alexlebens.dev - statusStyle: dot - - Content Management: - icon: directus.png - description: Directus - href: https://directus.alexlebens.dev - siteMonitor: https://directus.alexlebens.dev - statusStyle: dot - - Social Media Management: - icon: sh-postiz.webp - description: Postiz - href: https://postiz.alexlebens.dev - siteMonitor: https://postiz.alexlebens.dev - statusStyle: dot - - Chat: - icon: sh-element.webp - description: Matrix - href: https://chat.alexlebens.dev - siteMonitor: https://chat.alexlebens.dev - statusStyle: dot - - Wiki: - icon: sh-outline.webp - description: Outline - href: https://wiki.alexlebens.dev - siteMonitor: https://wiki.alexlebens.dev - statusStyle: dot - - Passwords: - icon: sh-vaultwarden-light.webp - description: Vaultwarden - href: https://passwords.alexlebens.dev - siteMonitor: https://passwords.alexlebens.dev - statusStyle: dot - - Bookmarks: - icon: sh-karakeep-light.webp - description: Karakeep - href: https://karakeep.alexlebens.dev - siteMonitor: https://karakeep.alexlebens.dev - statusStyle: dot - - RSS: - icon: sh-freshrss.webp - description: FreshRSS - href: https://rss.alexlebens.dev - siteMonitor: https://rss.alexlebens.dev - statusStyle: dot - bookmarks.yaml: "" - service: - http: - controller: main - ports: - http: - port: 80 - targetPort: 3000 - protocol: HTTP - persistence: - config: - enabled: true - type: configMap - name: homepage-dev - advancedMounts: - main: - main: - - path: /app/config/bookmarks.yaml - readOnly: true - mountPropagation: None - subPath: bookmarks.yaml - - path: /app/config/docker.yaml - readOnly: true - mountPropagation: None - subPath: docker.yaml - - path: /app/config/kubernetes.yaml - readOnly: true - mountPropagation: None - subPath: kubernetes.yaml - - path: /app/config/services.yaml - readOnly: true - mountPropagation: None - subPath: services.yaml - - path: /app/config/settings.yaml - readOnly: true - mountPropagation: None - subPath: settings.yaml - - path: /app/config/widgets.yaml - readOnly: true - mountPropagation: None - subPath: widgets.yaml -cloudflared: - existingSecretName: homepage-dev-cloudflared-secret diff --git a/clusters/cl01tl/helm/homepage/Chart.yaml b/clusters/cl01tl/helm/homepage/Chart.yaml deleted file mode 100644 index 13b36a778..000000000 --- a/clusters/cl01tl/helm/homepage/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: homepage -version: 1.0.0 -description: Homepage -keywords: - - homepage - - dashboard -home: https://wiki.alexlebens.dev/s/a5fabd91-3d89-4e2b-9417-06111aedaeaa -sources: - - https://github.com/gethomepage/homepage - - https://github.com/gethomepage/homepage/pkgs/container/homepage - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: homepage - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/homepage.png -appVersion: v1.2.0 diff --git a/clusters/cl01tl/helm/homepage/templates/cluster-role-binding.yaml b/clusters/cl01tl/helm/homepage/templates/cluster-role-binding.yaml deleted file mode 100644 index 224a93bd2..000000000 --- a/clusters/cl01tl/helm/homepage/templates/cluster-role-binding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: homepage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: homepage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: homepage -subjects: - - kind: ServiceAccount - name: homepage - namespace: {{ .Release.Namespace }} diff --git a/clusters/cl01tl/helm/homepage/templates/cluster-role.yaml b/clusters/cl01tl/helm/homepage/templates/cluster-role.yaml deleted file mode 100644 index 3b8b2d256..000000000 --- a/clusters/cl01tl/helm/homepage/templates/cluster-role.yaml +++ /dev/null @@ -1,50 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: homepage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: homepage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -rules: - - apiGroups: - - "" - resources: - - namespaces - - pods - - nodes - verbs: - - get - - list - - apiGroups: - - extensions - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - apiGroups: - - traefik.io - resources: - - ingressroutes - verbs: - - get - - list - - apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes - - gateways - verbs: - - get - - list - - apiGroups: - - metrics.k8s.io - resources: - - nodes - - pods - verbs: - - get - - list diff --git a/clusters/cl01tl/helm/homepage/templates/external-secret.yaml b/clusters/cl01tl/helm/homepage/templates/external-secret.yaml deleted file mode 100644 index dd79ecc3e..000000000 --- a/clusters/cl01tl/helm/homepage/templates/external-secret.yaml +++ /dev/null @@ -1,105 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: homepage-keys-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: homepage-keys-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: HOMEPAGE_VAR_SYNOLOGY_USER - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /synology/auth/cl01tl - metadataPolicy: None - property: user - - secretKey: HOMEPAGE_VAR_SYNOLOGY_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /synology/auth/cl01tl - metadataPolicy: None - property: password - - secretKey: HOMEPAGE_VAR_UNIFI_USER - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /unifi/auth/cl01tl - metadataPolicy: None - property: user - - secretKey: HOMEPAGE_VAR_UNIFI_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /unifi/auth/cl01tl - metadataPolicy: None - property: password - - secretKey: HOMEPAGE_VAR_SONARR_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/sonarr4/key - metadataPolicy: None - property: key - - secretKey: HOMEPAGE_VAR_SONARR4K_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/sonarr4-4k/key - metadataPolicy: None - property: key - - secretKey: HOMEPAGE_VAR_SONARRANIME_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/sonarr4-anime/key - metadataPolicy: None - property: key - - secretKey: HOMEPAGE_VAR_RADARR_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/radarr5/key - metadataPolicy: None - property: key - - secretKey: HOMEPAGE_VAR_RADARR4K_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/radarr5-4k/key - metadataPolicy: None - property: key - - secretKey: HOMEPAGE_VAR_RADARRANIME_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/radarr5-anime/key - metadataPolicy: None - property: key - - secretKey: HOMEPAGE_VAR_RADARRSTANDUP_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/radarr5-standup/key - metadataPolicy: None - property: key - - secretKey: HOMEPAGE_VAR_LIDARR_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/lidarr2/key - metadataPolicy: None - property: key - - secretKey: HOMEPAGE_VAR_PROWLARR_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/prowlarr/key - metadataPolicy: None - property: key diff --git a/clusters/cl01tl/helm/homepage/templates/http-route.yaml b/clusters/cl01tl/helm/homepage/templates/http-route.yaml deleted file mode 100644 index f3ccd33e2..000000000 --- a/clusters/cl01tl/helm/homepage/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-homepage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-homepage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - home.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: homepage - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/homepage/templates/service.yaml b/clusters/cl01tl/helm/homepage/templates/service.yaml deleted file mode 100644 index 43fe2e1d9..000000000 --- a/clusters/cl01tl/helm/homepage/templates/service.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: gitea-ps10rp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-ps10rp - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - annotations: - tailscale.com/tailnet-fqdn: gitea-ps10rp.boreal-beaufort.ts.net -spec: - externalName: placeholder - type: ExternalName - ---- -apiVersion: v1 -kind: Service -metadata: - name: home-ps10rp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: home-ps10rp - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - annotations: - tailscale.com/tailnet-fqdn: home-ps10rp.boreal-beaufort.ts.net -spec: - externalName: placeholder - type: ExternalName - ---- -apiVersion: v1 -kind: Service -metadata: - name: garage-ui-ps10rp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: garage-ps10rp - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - annotations: - tailscale.com/tailnet-fqdn: garage-ui-ps10rp.boreal-beaufort.ts.net -spec: - externalName: placeholder - type: ExternalName diff --git a/clusters/cl01tl/helm/homepage/values.yaml b/clusters/cl01tl/helm/homepage/values.yaml deleted file mode 100644 index 090c6be04..000000000 --- a/clusters/cl01tl/helm/homepage/values.yaml +++ /dev/null @@ -1,795 +0,0 @@ -homepage: - global: - nameOverride: homepage - controllers: - main: - type: deployment - annotations: - reloader.stakater.com/auto: "true" - strategy: Recreate - serviceAccount: - name: homepage - pod: - automountServiceAccountToken: true - containers: - main: - image: - repository: ghcr.io/gethomepage/homepage - tag: v1.7.0 - pullPolicy: IfNotPresent - env: - - name: HOMEPAGE_ALLOWED_HOSTS - value: home.alexlebens.net - envFrom: - - secretRef: - name: homepage-keys-secret - resources: - requests: - cpu: 10m - memory: 256Mi - serviceAccount: - homepage: - enabled: true - staticToken: true - configMaps: - config: - enabled: true - data: - docker.yaml: "" - kubernetes.yaml: | - mode: cluster - settings.yaml: | - favicon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.svg - headerStyle: clean - hideVersion: true - color: zinc - background: - image: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/background.jpg - brightness: 50 - theme: dark - disableCollapse: true - layout: - - Media: - tab: Applications - icon: mdi-multimedia-#ffffff - - Public: - tab: Applications - icon: mdi-earth-#ffffff - - Internal: - tab: Applications - icon: mdi-security-network-#ffffff - - Code: - tab: Tools - icon: mdi-code-block-braces-#ffffff - - Automation: - tab: Tools - icon: mdi-wrench-#ffffff - - Monitoring: - tab: Tools - icon: mdi-chart-line-#ffffff - - Services: - tab: Services - icon: mdi-toolbox-outline-#ffffff - - Hardware: - tab: Services - icon: mdi-server-network-#ffffff - - Storage: - tab: Services - icon: mdi-database-#ffffff - - Content: - tab: Services - icon: mdi-multimedia-#ffffff - - TV Shows: - tab: Content - icon: mdi-television-#ffffff - - Movies: - tab: Content - icon: mdi-filmstrip-#ffffff - - Music: - tab: Content - icon: mdi-music-box-multiple-#ffffff - - Books: - tab: Content - icon: mdi-book-open-variant-#ffffff - - External Services: - tab: Bookmarks - icon: mdi-cloud-#ffffff - - Other Homes: - tab: Bookmarks - icon: mdi-cloud-#ffffff - - Trackers: - tab: Bookmarks - icon: mdi-cloud-#ffffff - widgets.yaml: | - - logo: - icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.png - - kubernetes: - cluster: - show: true - cpu: true - memory: true - showLabel: false - label: "Cluster" - nodes: - show: false - - datetime: - text_size: xl - format: - dateStyle: long - timeStyle: short - hour12: false - - openmeteo: - label: St. Paul - latitude: 44.954445 - longitude: -93.091301 - timezone: America/Chicago - units: metric - cache: 5 - format: - maximumFractionDigits: 0 - services.yaml: | - - Media: - - Plex: - icon: sh-plex.webp - description: Media server - href: https://plex.alexlebens.net - siteMonitor: http://plex.plex:32400 - statusStyle: dot - - Jellyfin: - icon: sh-jellyfin.webp - description: Media server - href: https://jellyfin.alexlebens.net - siteMonitor: http://jellyfin.jellyfin:80 - statusStyle: dot - - Media Requests: - icon: sh-overseerr.webp - description: Overseer - href: https://overseerr.alexlebens.net - siteMonitor: http://overseerr.overseerr:80 - statusStyle: dot - - Media Tracking: - icon: sh-yamtrack.webp - description: Yamtrack - href: https://yamtrack.alexlebens.net - siteMonitor: http://yamtrack.yamtrack:80 - statusStyle: dot - - Youtube Archive: - icon: sh-tube-archivist-light.webp - description: TubeAchivist - href: https://tubearchivist.alexlebens.net/login - siteMonitor: http://tubearchivist.tubearchivist:80 - statusStyle: dot - - Photos: - icon: sh-immich.webp - description: Immich - href: https://immich.alexlebens.net - siteMonitor: http://immich-main.immich:2283 - statusStyle: dot - - Pictures: - icon: sh-photoview.webp - description: Photoview - href: https://photoview.alexlebens.net - siteMonitor: http://photoview.photoview:80 - statusStyle: dot - - Podcasts and Audiobooks: - icon: sh-audiobookshelf.webp - description: Audiobookshelf - href: https://audiobookshelf.alexlebens.net - siteMonitor: http://audiobookshelf.audiobookshelf:80 - statusStyle: dot - - Books: - icon: sh-booklore.webp - description: Booklore - href: https://booklore.alexlebens.net - siteMonitor: http://booklore.booklore:80 - statusStyle: dot - - Public: - - Site: - icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.png - description: Profile Website - href: https://www.alexlebens.dev - siteMonitor: https://www.alexlebens.dev - statusStyle: dot - - Content Management: - icon: directus.png - description: Directus - href: https://directus.alexlebens.dev - siteMonitor: https://directus.alexlebens.dev - statusStyle: dot - - Social Media Management: - icon: sh-postiz.webp - description: Postiz - href: https://postiz.alexlebens.dev - siteMonitor: https://postiz.alexlebens.dev - statusStyle: dot - - Chat: - icon: sh-element.webp - description: Matrix - href: https://chat.alexlebens.dev - siteMonitor: https://chat.alexlebens.dev - statusStyle: dot - - Wiki: - icon: sh-outline.webp - description: Outline - href: https://wiki.alexlebens.dev - siteMonitor: https://wiki.alexlebens.dev - statusStyle: dot - - Passwords: - icon: sh-vaultwarden-light.webp - description: Vaultwarden - href: https://passwords.alexlebens.dev - siteMonitor: https://passwords.alexlebens.dev - statusStyle: dot - - Bookmarks: - icon: sh-karakeep-light.webp - description: Karakeep - href: https://karakeep.alexlebens.dev - siteMonitor: https://karakeep.alexlebens.dev - statusStyle: dot - - RSS: - icon: sh-freshrss.webp - description: FreshRSS - href: https://rss.alexlebens.dev - siteMonitor: https://rss.alexlebens.dev - statusStyle: dot - - Internal: - - Home Automation: - icon: sh-home-assistant.webp - description: Home Assistant - href: https://home-assistant.alexlebens.net - siteMonitor: http://home-assistant-main.home-assistant:80 - statusStyle: dot - - Budgeting: - icon: sh-actual-budget.webp - description: Actual - href: https://actual.alexlebens.net - siteMonitor: http://actual.actual:80 - statusStyle: dot - - AI: - icon: sh-ollama.webp - description: Ollama - href: https://ollama.alexlebens.net - siteMonitor: http://ollama-web.ollama:80 - statusStyle: dot - - AI Image: - icon: https://user-images.githubusercontent.com/36368048/196280761-1535f413-a91e-4b6a-af6a-b890f8ae204c.png - description: Stable Diffusion - href: https://stable-diffusion-pd05wd.boreal-beaufort.ts.net - siteMonitor: https://stable-diffusion-pd05wd.boreal-beaufort.ts.net - statusStyle: dot - - Search: - icon: sh-searxng.webp - description: Searxng - href: https://searxng.alexlebens.net/ - siteMonitor: http://searxng-browser.searxng:80 - statusStyle: dot - - Email: - icon: sh-roundcube.webp - description: Roundcube - href: https://mail.alexlebens.net - siteMonitor: http://roundcube.roundcube:80 - statusStyle: dot - - Wiki: - icon: sh-kiwix-light.webp - description: Kiwix - href: https://kiwix.alexlebens.net - siteMonitor: http://kiwix.kiwix:80 - statusStyle: dot - - Code: - - Code (Public): - icon: sh-gitea.webp - description: Gitea - href: https://gitea.alexlebens.dev - siteMonitor: https://gitea.alexlebens.dev - statusStyle: dot - - Code (Local): - icon: sh-gitea.webp - description: Gitea - href: https://gitea.alexlebens.net - siteMonitor: https://gitea.alexlebens.net - statusStyle: dot - - Code (ps10rp): - icon: sh-gitea.webp - description: Gitea - href: https://gitea-ps10rp.boreal-beaufort.ts.net - siteMonitor: https://gitea-ps10rp.boreal-beaufort.ts.net - statusStyle: dot - - IDE (Public): - icon: sh-visual-studio-code.webp - description: VS Code - href: https://codeserver.alexlebens.dev - siteMonitor: https://codeserver.alexlebens.dev - statusStyle: dot - - IDE (Home Assistant): - icon: sh-visual-studio-code.webp - description: Edit config for Home Assistant - href: https://home-assistant-code-server.alexlebens.net - siteMonitor: http://home-assistant-code-server.home-assistant:8443 - statusStyle: dot - - Continuous Deployment: - icon: sh-argo-cd.webp - description: ArgoCD - href: https://argocd.alexlebens.net - siteMonitor: http://argocd-server.argocd:80 - statusStyle: dot - - Docker Deployment: - icon: sh-komodo-light.webp - description: Komodo - href: https://komodo.alexlebens.net - siteMonitor: http://komodo-main.komodo:80 - statusStyle: dot - - Automation: - - Deployment Workflows: - icon: sh-argo-cd.webp - description: Argo Workflows - href: https://argo-workflows.alexlebens.net - siteMonitor: http://argo-workflows-server.argo-workflows:2746 - statusStyle: dot - - API Workflows: - icon: sh-n8n.webp - description: n8n - href: https://n8n.alexlebens.net - siteMonitor: http://n8n-main.n8n:80 - statusStyle: dot - - Jobs: - icon: https://raw.githubusercontent.com/mshade/kronic/main/static/android-chrome-192x192.png - description: Kronic - href: https://kronic.alexlebens.net - siteMonitor: http://kronic.kronic:80 - statusStyle: dot - - Uptime: - icon: sh-gatus.webp - description: Gatus - href: https://gatus.alexlebens.net - siteMonitor: http://gatus.gatus:80 - statusStyle: dot - - Tools: - icon: sh-omnitools.webp - description: OmniTools - href: https://omni-tools.alexlebens.net - siteMonitor: http://omni-tools.omni-tools:80 - statusStyle: dot - - Monitoring: - - Kubernetes: - icon: sh-headlamp.webp - description: Headlamp - href: https://headlamp.alexlebens.net - siteMonitor: http://headlamp.headlamp:80 - statusStyle: dot - - Network Monitoring: - icon: sh-cilium.webp - description: Hubble for Cilium - href: https://hubble.alexlebens.net - siteMonitor: http://hubble-ui.kube-system:80 - statusStyle: dot - - Dashboard: - icon: sh-grafana.webp - description: Grafana - href: https://grafana.alexlebens.net - siteMonitor: http://grafana-main-service.grafana-operator:3000/api/health - statusStyle: dot - - Metrics: - icon: sh-prometheus.webp - description: Prometheus - href: https://prometheus.alexlebens.net - siteMonitor: http://kube-prometheus-stack-prometheus.kube-prometheus-stack:9090 - statusStyle: dot - widget: - type: prometheus - url: http://kube-prometheus-stack-prometheus.kube-prometheus-stack:9090 - - Alerting: - icon: sh-prometheus-light.webp - description: Alertmanager - href: https://alertmanager.alexlebens.net - siteMonitor: http://kube-prometheus-stack-alertmanager.kube-prometheus-stack:9093 - statusStyle: dot - widget: - type: prometheusmetric - url: http://kube-prometheus-stack-prometheus.kube-prometheus-stack:9090 - refreshInterval: 120s - metrics: - - label: Alerts Active - query: alertmanager_alerts{state="active"} - - label: Metric Database Size - query: prometheus_tsdb_storage_blocks_bytes - format: - type: bytes - - Tautulli: - icon: sh-tautulli.webp - description: Plex Monitoring - href: https://tautulli.alexlebens.net - siteMonitor: http://tautulli.tautulli:80 - statusStyle: dot - - Jellystat: - icon: sh-jellystat.webp - description: Jellyfin Monitoring - href: https://jellystat.alexlebens.net - siteMonitor: http://jellystat.jellystat:80 - statusStyle: dot - - Services: - - Auth (Public): - icon: sh-authentik.webp - description: Authentik - href: https://auth.alexlebens.dev - siteMonitor: https://auth.alexlebens.dev - statusStyle: dot - - Auth (Local): - icon: sh-authentik.webp - description: Authentik - href: https://authentik.alexlebens.net - siteMonitor: http://authentik-server.authentik:80 - statusStyle: dot - - Email: - icon: sh-stalwart.webp - description: Stalwart - href: https://stalwart.alexlebens.net - siteMonitor: http://stalwart.stalwart:80 - statusStyle: dot - - Notifications: - icon: sh-ntfy.webp - description: ntfy - href: https://ntfy.alexlebens.net - siteMonitor: http://ntfy.ntfy:80 - statusStyle: dot - - Reverse Proxy: - icon: sh-traefik.webp - description: Traefik - href: https://traefik-cl01tl.alexlebens.net/dashboard/#/ - siteMonitor: https://traefik-cl01tl.alexlebens.net/dashboard/#/ - statusStyle: dot - widget: - type: traefik - url: https://traefik-cl01tl.alexlebens.net - - Image Cache: - icon: sh-harbor.webp - description: Harbor - href: https://harbor.alexlebens.net - siteMonitor: http://harbor-portal.harbor:80 - statusStyle: dot - - Hardware: - - Network Management (alexlebens.net): - icon: sh-ubiquiti-unifi.webp - description: Unifi - href: https://unifi.alexlebens.net - siteMonitor: https://unifi.alexlebens.net - statusStyle: dot - - Network Attached Storage: - icon: sh-synology-light.webp - description: Synology - href: https://synology.alexlebens.net - siteMonitor: https://synology.alexlebens.net - statusStyle: dot - widget: - type: diskstation - url: https://synology.alexlebens.net - username: {{ "{{HOMEPAGE_VAR_SYNOLOGY_USER}}" }} - password: {{ "{{HOMEPAGE_VAR_SYNOLOGY_PASSWORD}}" }} - volume: volume_2 - - TV Tuner: - icon: sh-hdhomerun.webp - description: HD Homerun - href: http://hdhr.alexlebens.net - siteMonitor: http://hdhr.alexlebens.net - statusStyle: dot - widget: - type: hdhomerun - url: http://hdhr.alexlebens.net - tuner: 0 - fields: ["channels", "hd"] - - KVM: - icon: sh-pikvm-light.webp - description: Pi KVM - href: https://pikvm.alexlebens.net - siteMonitor: https://pikvm.alexlebens.net - statusStyle: dot - - Server Plug: - icon: sh-shelly.webp - description: Shelly - href: http://it05sp.alexlebens.net - siteMonitor: http://it05sp.alexlebens.net - statusStyle: dot - - Storage: - - Cluster Storage: - icon: sh-ceph.webp - description: Ceph - href: https://ceph.alexlebens.net - siteMonitor: http://rook-ceph-mgr-dashboard.rook-ceph:7000 - statusStyle: dot - - Object Storage (NAS): - icon: sh-garage.webp - description: Garage - href: https://garage-webui.alexlebens.net - siteMonitor: http://garage-webui.garage:3909 - statusStyle: dot - - Object Storage (ps10rp): - icon: sh-garage.webp - description: Garage - href: https://garage-ui-ps10rp.boreal-beaufort.ts.net - siteMonitor: https://garage-ui-ps10rp.boreal-beaufort.ts.net - statusStyle: dot - - Database: - icon: sh-pgadmin-light.webp - description: PGAdmin - href: https://pgadmin.alexlebens.net - siteMonitor: http://pgadmin.pgadmin:80 - statusStyle: dot - - Database: - icon: sh-whodb.webp - description: WhoDB - href: https://whodb.alexlebens.net - siteMonitor: http://whodb.whodb:80 - statusStyle: dot - - Secrets: - icon: sh-hashicorp-vault.webp - description: Vault - href: https://vault.alexlebens.net - siteMonitor: http://vault.vault:8200 - statusStyle: dot - - Backups: - icon: sh-backrest-light.webp - description: Backrest - href: https://backrest.alexlebens.net - siteMonitor: http://backrest.backrest:80 - statusStyle: dot - - Content: - - qUI: - icon: https://raw.githubusercontent.com/autobrr/qui/8487c818886df9abb2b1456f43b54e0ba180a2bd/web/public/icons.svg - description: qbitorrent - href: https://qui.alexlebens.net - siteMonitor: http://qbittorrent-qui.qbittorrent:80 - statusStyle: dot - widget: - type: qbittorrent - url: http://qbittorrent.qbittorrent:8080 - enableLeechProgress: true - - Prowlarr: - icon: sh-prowlarr.webp - description: Indexers - href: https://prowlarr.alexlebens.net - siteMonitor: http://prowlarr.prowlarr:80 - statusStyle: dot - - Huntarr: - icon: https://raw.githubusercontent.com/plexguide/Huntarr.io/main/frontend/static/logo/128.png - description: Content upgrader - href: https://huntarr.alexlebens.net - siteMonitor: http://huntarr.huntarr:80 - statusStyle: dot - - Bazarr: - icon: sh-bazarr.webp - description: Subtitles - href: https://bazarr.alexlebens.net - siteMonitor: http://bazarr.bazarr:80 - statusStyle: dot - - Tdarr: - icon: sh-tdarr.webp - description: Media transcoding and health checks - href: https://tdarr.alexlebens.net - siteMonitor: http://tdarr-web.tdarr:8265 - statusStyle: dot - widget: - type: tdarr - url: http://tdarr-web.tdarr:8265 - - TV Shows: - - Sonarr: - icon: sh-sonarr.webp - description: TV Shows - href: https://sonarr.alexlebens.net - siteMonitor: http://sonarr.sonarr:80 - statusStyle: dot - widget: - type: sonarr - url: http://sonarr.sonarr:80 - key: {{ "{{HOMEPAGE_VAR_SONARR_KEY}}" }} - fields: ["wanted", "queued", "series"] - enableQueue: false - - Sonarr 4K: - icon: sh-sonarr.webp - description: TV Shows 4K - href: https://sonarr-4k.alexlebens.net - siteMonitor: http://sonarr-4k.sonarr-4k:80 - statusStyle: dot - widget: - type: sonarr - url: http://sonarr-4k.sonarr-4k:80 - key: {{ "{{HOMEPAGE_VAR_SONARR4K_KEY}}" }} - fields: ["wanted", "queued", "series"] - enableQueue: false - - Sonarr Anime: - icon: sh-sonarr.webp - description: Anime Shows - href: https://sonarr-anime.alexlebens.net - siteMonitor: http://sonarr-anime.sonarr-anime:80 - statusStyle: dot - widget: - type: sonarr - url: http://sonarr-anime.sonarr-anime:80 - key: {{ "{{HOMEPAGE_VAR_SONARRANIME_KEY}}" }} - fields: ["wanted", "queued", "series"] - enableQueue: false - - Movies: - - Radarr: - icon: sh-radarr.webp - description: Movies - href: https://radarr.alexlebens.net - siteMonitor: http://radarr.radarr:80 - statusStyle: dot - widget: - type: radarr - url: http://radarr.radarr:80 - key: {{ "{{HOMEPAGE_VAR_RADARR_KEY}}" }} - fields: ["wanted", "queued", "movies"] - enableQueue: false - - Radarr 4K: - icon: sh-radarr-4k.webp - description: Movies 4K - href: https://radarr-4k.alexlebens.net - siteMonitor: http://radarr-4k.radarr-4k:80 - statusStyle: dot - widget: - type: radarr - url: http://radarr-4k.radarr-4k:80 - key: {{ "{{HOMEPAGE_VAR_RADARR4K_KEY}}" }} - fields: ["wanted", "queued", "movies"] - enableQueue: false - - Radarr Anime: - icon: sh-radarr-anime.webp - description: Anime Movies - href: https://radarr-anime.alexlebens.net - siteMonitor: http://radarr-anime.radarr-anime:80 - statusStyle: dot - widget: - type: radarr - url: http://radarr-anime.radarr-anime:80 - key: {{ "{{HOMEPAGE_VAR_RADARRANIME_KEY}}" }} - fields: ["wanted", "queued", "movies"] - enableQueue: false - - Radarr Stand Up: - icon: sh-radarr-light-hybrid.webp - description: Stand Up - href: https://radarr-standup.alexlebens.net - siteMonitor: http://radarr-standup.radarr-standup:80 - statusStyle: dot - widget: - type: radarr - url: http://radarr-standup.radarr-standup:80 - key: {{ "{{HOMEPAGE_VAR_RADARRSTANDUP_KEY}}" }} - fields: ["wanted", "queued", "movies"] - enableQueue: false - - Music: - - Lidarr: - icon: sh-lidarr.webp - description: Music - href: https://lidarr.alexlebens.net - siteMonitor: http://lidarr.lidarr:80 - statusStyle: dot - widget: - type: lidarr - url: http://lidarr.lidarr:80 - key: {{ "{{HOMEPAGE_VAR_LIDARR_KEY}}" }} - fields: ["wanted", "queued", "artists"] - - LidaTube: - icon: sh-lidatube.webp - description: Searches for Music - href: https://lidatube.alexlebens.net - siteMonitor: http://lidatube.lidatube:80 - statusStyle: dot - - Soulseek: - icon: sh-slskd.webp - description: slskd - href: https://slskd.alexlebens.net - siteMonitor: http://slskd.slskd:5030 - statusStyle: dot - - Books: - - Ephemera: - icon: sh-ephemera.webp - description: Books - href: https://ephemera.alexlebens.net - siteMonitor: http://ephemera.ephemera:80 - statusStyle: dot - - Listenarr: - icon: sh-audiobookrequest.webp - description: Audiobooks - href: https://listenarr.alexlebens.net - siteMonitor: http://listenarr.listenarr:80 - statusStyle: dot - - Other Homes: - - Dev: - icon: sh-homepage.webp - description: Public Homepage - href: https://home.alexlebens.dev - siteMonitor: https://home.alexlebens.dev - statusStyle: dot - - Lebens Home: - icon: sh-homepage.webp - description: Lebens Homepage - href: https://home-ps10rp.boreal-beaufort.ts.net - siteMonitor: https://home-ps10rp.boreal-beaufort.ts.net - statusStyle: dot - bookmarks.yaml: | - - External Services: - - Github: - - abbr: GH - href: https://github.com/alexlebens - - Digital Ocean: - - abbr: DO - href: https://www.digitalocean.com/ - - AWS: - - abbr: AW - href: https://aws.amazon.com/console/ - - Cloudflare: - - abbr: CF - href: https://dash.cloudflare.com/b76e303258b84076ee01fd0f515c0768 - - Tailscale: - - abbr: TS - href: https://login.tailscale.com/admin/machines - - ProtonVPN: - - abbr: PV - href: https://account.protonvpn.com/ - - Unifi: - - abbr: UF - href: https://unifi.ui.com/ - - Pushover: - - abbr: PO - href: https://pushover.net - - ReCaptcha: - - abbr: RC - href: https://www.google.com/recaptcha/admin/site/698983587 - - Trackers: - - Torrentleech: - - abbr: TL - href: https://www.torrentleech.org - - Avistaz: - - abbr: AV - href: https://avistaz.to - - Cinemaz: - - abbr: CM - href: https://cinemaz.to - - Cathode Ray Tube: - - abbr: CRT - href: https://www.cathode-ray.tube - - Alpha Ratio: - - abbr: AL - href: https://alpharatio.cc/ - - MV Group: - - abbr: MV - href: https://forums.mvgroup.org - service: - http: - controller: main - ports: - http: - port: 80 - targetPort: 3000 - protocol: HTTP - persistence: - config: - enabled: true - type: configMap - name: homepage - advancedMounts: - main: - main: - - path: /app/config/bookmarks.yaml - readOnly: true - mountPropagation: None - subPath: bookmarks.yaml - - path: /app/config/docker.yaml - readOnly: true - mountPropagation: None - subPath: docker.yaml - - path: /app/config/kubernetes.yaml - readOnly: true - mountPropagation: None - subPath: kubernetes.yaml - - path: /app/config/services.yaml - readOnly: true - mountPropagation: None - subPath: services.yaml - - path: /app/config/settings.yaml - readOnly: true - mountPropagation: None - subPath: settings.yaml - - path: /app/config/widgets.yaml - readOnly: true - mountPropagation: None - subPath: widgets.yaml diff --git a/clusters/cl01tl/helm/huntarr/Chart.yaml b/clusters/cl01tl/helm/huntarr/Chart.yaml deleted file mode 100644 index f7a5082a7..000000000 --- a/clusters/cl01tl/helm/huntarr/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: huntarr -version: 1.0.0 -description: Huntarr -keywords: - - huntarr - - servarr -home: https://wiki.alexlebens.dev/s/831ca16e-d308-4d7b-9213-f841834c1181 -sources: - - https://github.com/plexguide/Huntarr.io - - https://hub.docker.com/r/huntarr/huntarr - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: huntarr - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/huntarr.png -appVersion: 7.0.0 diff --git a/clusters/cl01tl/helm/huntarr/templates/http-route.yaml b/clusters/cl01tl/helm/huntarr/templates/http-route.yaml deleted file mode 100644 index d2d2df1eb..000000000 --- a/clusters/cl01tl/helm/huntarr/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-huntarr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-huntarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - huntarr.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: huntarr - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/huntarr/values.yaml b/clusters/cl01tl/helm/huntarr/values.yaml deleted file mode 100644 index b55d12871..000000000 --- a/clusters/cl01tl/helm/huntarr/values.yaml +++ /dev/null @@ -1,39 +0,0 @@ -huntarr: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/plexguide/huntarr - tag: 8.2.10 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - resources: - requests: - cpu: 100m - memory: 256Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 9705 - protocol: HTTP - persistence: - config: - forceRename: huntarr-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - advancedMounts: - main: - main: - - path: /config - readOnly: false diff --git a/clusters/cl01tl/helm/immich/Chart.yaml b/clusters/cl01tl/helm/immich/Chart.yaml deleted file mode 100644 index cf3a47ccb..000000000 --- a/clusters/cl01tl/helm/immich/Chart.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v2 -name: immich -version: 1.0.0 -description: Immich -keywords: - - immich - - photos -home: https://wiki.alexlebens.dev/s/9377ae08-2041-4b6d-bc2b-61a4f5e8faae -sources: - - https://github.com/immich-app/immich - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: immich - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/immich.png -appVersion: v2.0.1 diff --git a/clusters/cl01tl/helm/immich/templates/external-secrets.yaml b/clusters/cl01tl/helm/immich/templates/external-secrets.yaml deleted file mode 100644 index e400b550b..000000000 --- a/clusters/cl01tl/helm/immich/templates/external-secrets.yaml +++ /dev/null @@ -1,88 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: immich-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: immich-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: immich.json - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/immich/config - metadataPolicy: None - property: immich.json - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: immich-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: immich-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: immich-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: immich-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/helm/immich/templates/http-route.yaml b/clusters/cl01tl/helm/immich/templates/http-route.yaml deleted file mode 100644 index 342481ebb..000000000 --- a/clusters/cl01tl/helm/immich/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-immich - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-immich - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - immich.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: immich-main - port: 2283 - weight: 100 diff --git a/clusters/cl01tl/helm/immich/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/immich/templates/persistent-volume-claim.yaml deleted file mode 100644 index a830f81c3..000000000 --- a/clusters/cl01tl/helm/immich/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: immich-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: immich-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: immich-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/helm/immich/templates/persistent-volume.yaml b/clusters/cl01tl/helm/immich/templates/persistent-volume.yaml deleted file mode 100644 index 489121a70..000000000 --- a/clusters/cl01tl/helm/immich/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: immich-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: immich-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage/Immich - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/helm/immich/templates/redis-replication.yaml b/clusters/cl01tl/helm/immich/templates/redis-replication.yaml deleted file mode 100644 index c72a1a2c9..000000000 --- a/clusters/cl01tl/helm/immich/templates/redis-replication.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: redis-replication-immich - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-immich - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - clusterSize: 3 - podSecurityContext: - runAsUser: 1000 - fsGroup: 1000 - kubernetesConfig: - image: quay.io/opstree/redis:v8.0.3 - imagePullPolicy: IfNotPresent - resources: - requests: - cpu: 50m - memory: 128Mi - storage: - volumeClaimTemplate: - spec: - storageClassName: ceph-block - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 1Gi - redisExporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.48.0 diff --git a/clusters/cl01tl/helm/immich/templates/service-monitor.yaml b/clusters/cl01tl/helm/immich/templates/service-monitor.yaml deleted file mode 100644 index 7eed78e58..000000000 --- a/clusters/cl01tl/helm/immich/templates/service-monitor.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: immich - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: immich - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: immich - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: metrics-api - interval: 3m - scrapeTimeout: 1m - path: /metrics - - port: metrics-ms - interval: 3m - scrapeTimeout: 1m - path: /metrics - ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: redis-replication-immich - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-immich - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - redis-operator: "true" - env: production -spec: - selector: - matchLabels: - redis_setup_type: replication - endpoints: - - port: redis-exporter - interval: 30s - scrapeTimeout: 10s diff --git a/clusters/cl01tl/helm/immich/values.yaml b/clusters/cl01tl/helm/immich/values.yaml deleted file mode 100644 index ed7d330a9..000000000 --- a/clusters/cl01tl/helm/immich/values.yaml +++ /dev/null @@ -1,260 +0,0 @@ -immich: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/immich-app/immich-server - tag: v2.3.1 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: IMMICH_TELEMETRY_INCLUDE - value: all - - name: IMMICH_CONFIG_FILE - value: /config/immich.json - - name: IMMICH_MACHINE_LEARNING_URL - value: http://immich-machine-learning.immich:3003 - - name: REDIS_HOSTNAME - value: redis-replication-immich-master - - name: DB_VECTOR_EXTENSION - value: vectorchord - - name: DB_HOSTNAME - valueFrom: - secretKeyRef: - name: immich-postgresql-17-cluster-app - key: host - - name: DB_DATABASE_NAME - valueFrom: - secretKeyRef: - name: immich-postgresql-17-cluster-app - key: dbname - - name: DB_PORT - valueFrom: - secretKeyRef: - name: immich-postgresql-17-cluster-app - key: port - - name: DB_USERNAME - valueFrom: - secretKeyRef: - name: immich-postgresql-17-cluster-app - key: user - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: immich-postgresql-17-cluster-app - key: password - probes: - liveness: - enabled: true - custom: true - spec: - httpGet: - path: /api/server/ping - port: 2283 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - readiness: - enabled: true - custom: true - spec: - httpGet: - path: /api/server/ping - port: 2283 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - startup: - enabled: true - custom: true - spec: - httpGet: - path: /api/server/ping - port: 2283 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 30 - resources: - limits: - gpu.intel.com/i915: 1 - requests: - gpu.intel.com/i915: 1 - cpu: 10m - memory: 512Mi - machine-learning: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/immich-app/immich-machine-learning - tag: v2.3.1 - pullPolicy: IfNotPresent - env: - - name: TRANSFORMERS_CACHE - value: /cache - probes: - liveness: - enabled: true - custom: true - spec: - httpGet: - path: /ping - port: 3003 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - readiness: - enabled: true - custom: true - spec: - httpGet: - path: /ping - port: 3003 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - startup: - enabled: false - resources: - limits: - gpu.intel.com/i915: 1 - requests: - gpu.intel.com/i915: 1 - cpu: 10m - memory: 256Mi - service: - main: - controller: main - ports: - http: - port: 2283 - targetPort: 2283 - protocol: TCP - metrics-api: - port: 8081 - targetPort: 8081 - protocol: TCP - metrics-ms: - port: 8082 - targetPort: 8082 - protocol: TCP - machine-learning: - controller: machine-learning - ports: - http: - port: 3003 - targetPort: 3003 - protocol: TCP - persistence: - config: - enabled: true - type: secret - name: immich-config-secret - advancedMounts: - main: - main: - - path: /config/immich.json - readOnly: true - mountPropagation: None - subPath: immich.json - cache: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 10Gi - retain: true - advancedMounts: - machine-learning: - main: - - path: /cache - readOnly: false - media: - existingClaim: immich-nfs-storage - advancedMounts: - main: - main: - - path: /usr/src/app/upload - readOnly: false -postgres-17-cluster: - mode: recovery - cluster: - image: - repository: ghcr.io/tensorchord/cloudnative-vectorchord - tag: 17.5-0.4.3 - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - postgresql: - parameters: - shared_buffers: 256MB - shared_preload_libraries: - - "vchord.so" - initdb: - postInitSQL: - - CREATE EXTENSION IF NOT EXISTS "vector"; - - CREATE EXTENSION IF NOT EXISTS "vchord" CASCADE; - - CREATE EXTENSION IF NOT EXISTS "cube" CASCADE; - - CREATE EXTENSION IF NOT EXISTS "earthdistance" CASCADE; - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/immich/immich-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: immich-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/immich/immich-postgresql-17-cluster - index: 2 - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/immich/immich-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: immich-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/immich/immich-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: immich-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 4 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/helm/jellyfin/Chart.yaml b/clusters/cl01tl/helm/jellyfin/Chart.yaml deleted file mode 100644 index 7b025e3a4..000000000 --- a/clusters/cl01tl/helm/jellyfin/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v2 -name: jellyfin -version: 1.0.0 -description: Jellyfin -keywords: - - jellyfin - - media - - movies - - tv shows - - books - - music -home: https://wiki.alexlebens.dev/s/a58be5b0-7935-458a-b990-b45223e39d68 -sources: - - https://github.com/jellyfin/jellyfin - - https://hub.docker.com/r/jellyfin/jellyfin - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: jellyfin - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/jellyfin.png -appVersion: 10.10.7 diff --git a/clusters/cl01tl/helm/jellyfin/templates/external-secret.yaml b/clusters/cl01tl/helm/jellyfin/templates/external-secret.yaml deleted file mode 100644 index 1a076a796..000000000 --- a/clusters/cl01tl/helm/jellyfin/templates/external-secret.yaml +++ /dev/null @@ -1,55 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: jellyfin-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: jellyfin-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/jellyfin/jellyfin-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key diff --git a/clusters/cl01tl/helm/jellyfin/templates/http-route.yaml b/clusters/cl01tl/helm/jellyfin/templates/http-route.yaml deleted file mode 100644 index c07e8820f..000000000 --- a/clusters/cl01tl/helm/jellyfin/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-jellyfin - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-jellyfin - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - jellyfin.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: jellyfin - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/jellyfin/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/jellyfin/templates/persistent-volume-claim.yaml deleted file mode 100644 index fdb6a5ce7..000000000 --- a/clusters/cl01tl/helm/jellyfin/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: jellyfin-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: jellyfin-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: jellyfin-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi - ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: jellyfin-youtube-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: jellyfin-youtube-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: jellyfin-youtube-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadOnlyMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/helm/jellyfin/templates/persistent-volume.yaml b/clusters/cl01tl/helm/jellyfin/templates/persistent-volume.yaml deleted file mode 100644 index af39701d4..000000000 --- a/clusters/cl01tl/helm/jellyfin/templates/persistent-volume.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: jellyfin-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: jellyfin-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac - ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: jellyfin-youtube-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: jellyfin-youtube-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadOnlyMany - nfs: - path: /volume2/Storage/YouTube - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/helm/jellyfin/templates/replication-source.yaml b/clusters/cl01tl/helm/jellyfin/templates/replication-source.yaml deleted file mode 100644 index 4f6597805..000000000 --- a/clusters/cl01tl/helm/jellyfin/templates/replication-source.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: jellyfin-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: jellyfin-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: jellyfin-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: jellyfin-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot - cacheCapacity: 10Gi diff --git a/clusters/cl01tl/helm/jellyfin/values.yaml b/clusters/cl01tl/helm/jellyfin/values.yaml deleted file mode 100644 index e8e8fa78a..000000000 --- a/clusters/cl01tl/helm/jellyfin/values.yaml +++ /dev/null @@ -1,68 +0,0 @@ -jellyfin: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/jellyfin/jellyfin - tag: 10.11.3 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: JELLYFIN_hostwebclient - value: true - - name: JELLYFIN_PublishedServerUrl - value: https://jellyfin.alexlebens.net/ - resources: - limits: - gpu.intel.com/i915: 1 - requests: - gpu.intel.com/i915: 1 - cpu: 1 - memory: 2Gi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 8096 - protocol: HTTP - persistence: - config: - forceRename: jellyfin-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 100Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - cache: - type: emptyDir - advancedMounts: - main: - main: - - path: /cache - readOnly: false - media: - existingClaim: jellyfin-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: false - youtube: - existingClaim: jellyfin-youtube-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/youtube - readOnly: true diff --git a/clusters/cl01tl/helm/jellystat/Chart.yaml b/clusters/cl01tl/helm/jellystat/Chart.yaml deleted file mode 100644 index da910c7c8..000000000 --- a/clusters/cl01tl/helm/jellystat/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v2 -name: jellystat -version: 1.0.0 -description: Jellystat -keywords: - - jellystat - - jellyfin -home: https://wiki.alexlebens.dev/s/d3fd2bf1-d2ab-4e94-a127-ee35f2d90142 -sources: - - https://github.com/CyferShepard/Jellystat - - https://github.com/cloudnative-pg/cloudnative-pg - - https://hub.docker.com/r/cyfershepard/jellystat - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: jellystat - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/jellystat.png -appVersion: 1.1.6 diff --git a/clusters/cl01tl/helm/jellystat/templates/external-secret.yaml b/clusters/cl01tl/helm/jellystat/templates/external-secret.yaml deleted file mode 100644 index 71f3821bb..000000000 --- a/clusters/cl01tl/helm/jellystat/templates/external-secret.yaml +++ /dev/null @@ -1,159 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: jellystat-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: jellystat-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: secret-key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/jellystat/auth - metadataPolicy: None - property: secret-key - - secretKey: user - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/jellystat/auth - metadataPolicy: None - property: user - - secretKey: password - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/jellystat/auth - metadataPolicy: None - property: password - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: jellystat-data-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: jellystat-data-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/jellystat/jellystat-data" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: jellystat-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: jellystat-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: jellystat-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: jellystat-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/helm/jellystat/templates/http-route.yaml b/clusters/cl01tl/helm/jellystat/templates/http-route.yaml deleted file mode 100644 index c1f9b1b4d..000000000 --- a/clusters/cl01tl/helm/jellystat/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-jellystat - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-jellystat - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - jellystat.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: jellystat - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/jellystat/templates/replication-source.yaml b/clusters/cl01tl/helm/jellystat/templates/replication-source.yaml deleted file mode 100644 index 5cee9ea73..000000000 --- a/clusters/cl01tl/helm/jellystat/templates/replication-source.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: jellystat-data-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: jellystat-data-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: jellystat-data - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: jellystat-data-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/helm/jellystat/values.yaml b/clusters/cl01tl/helm/jellystat/values.yaml deleted file mode 100644 index e0cf55d9c..000000000 --- a/clusters/cl01tl/helm/jellystat/values.yaml +++ /dev/null @@ -1,136 +0,0 @@ -jellystat: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: cyfershepard/jellystat - tag: 1.1.6 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: JWT_SECRET - valueFrom: - secretKeyRef: - name: jellystat-secret - key: secret-key - - name: JS_USER - valueFrom: - secretKeyRef: - name: jellystat-secret - key: user - - name: JS_PASSWORD - valueFrom: - secretKeyRef: - name: jellystat-secret - key: password - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: jellystat-postgresql-17-cluster-app - key: username - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: jellystat-postgresql-17-cluster-app - key: password - - name: POSTGRES_DB - valueFrom: - secretKeyRef: - name: jellystat-postgresql-17-cluster-app - key: dbname - - name: POSTGRES_IP - valueFrom: - secretKeyRef: - name: jellystat-postgresql-17-cluster-app - key: host - - name: POSTGRES_PORT - valueFrom: - secretKeyRef: - name: jellystat-postgresql-17-cluster-app - key: port - resources: - requests: - cpu: 10m - memory: 256Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 3000 - protocol: HTTP - persistence: - data: - forceRename: jellystat-data - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - main: - - path: /app/backend/backup-data - readOnly: false -postgres-17-cluster: - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/jellystat/jellystat-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: jellystat-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/jellystat/jellystat-postgresql-17-cluster - index: 1 - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/jellystat/jellystat-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: jellystat-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/jellystat/jellystat-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: jellystat-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 6 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/helm/karakeep/Chart.yaml b/clusters/cl01tl/helm/karakeep/Chart.yaml deleted file mode 100644 index d4fdb4501..000000000 --- a/clusters/cl01tl/helm/karakeep/Chart.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v2 -name: karakeep -version: 1.0.0 -description: Karakeep -keywords: - - karakeep - - bookmarks -home: https://wiki.alexlebens.dev/s/f8177591-8253-4e21-82d5-a556f0aeafad -sources: - - https://github.com/karakeep-app/karakeep - - https://github.com/cloudflare/cloudflared - - https://github.com/meilisearch/meilisearch - - https://github.com/karakeep-app/karakeep/pkgs/container/karakeep - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: karakeep - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: meilisearch - version: 0.17.1 - repository: https://meilisearch.github.io/meilisearch-kubernetes - - name: cloudflared - alias: cloudflared - repository: oci://harbor.alexlebens.net/helm-charts - version: 1.23.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/webp/karakeep.webp -appVersion: 0.26.0 diff --git a/clusters/cl01tl/helm/karakeep/templates/external-secret.yaml b/clusters/cl01tl/helm/karakeep/templates/external-secret.yaml deleted file mode 100644 index 5af4eb3fe..000000000 --- a/clusters/cl01tl/helm/karakeep/templates/external-secret.yaml +++ /dev/null @@ -1,161 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: karakeep-key-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: karakeep-key-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/karakeep/key - metadataPolicy: None - property: key - - secretKey: prometheus-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/karakeep/key - metadataPolicy: None - property: prometheus-token - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: karakeep-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: karakeep-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: AUTHENTIK_CLIENT_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/karakeep - metadataPolicy: None - property: client - - secretKey: AUTHENTIK_CLIENT_SECRET - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/karakeep - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: karakeep-meilisearch-master-key-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: karakeep-meilisearch-master-key-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: MEILI_MASTER_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/karakeep/meilisearch - metadataPolicy: None - property: MEILI_MASTER_KEY - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: karakeep-cloudflared-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: karakeep-cloudflared-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/karakeep - metadataPolicy: None - property: token - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: karakeep-data-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: karakeep-data-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/karakeep/karakeep-data" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key diff --git a/clusters/cl01tl/helm/karakeep/templates/object-bucket-claim.yaml b/clusters/cl01tl/helm/karakeep/templates/object-bucket-claim.yaml deleted file mode 100644 index 49c161a5b..000000000 --- a/clusters/cl01tl/helm/karakeep/templates/object-bucket-claim.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: objectbucket.io/v1alpha1 -kind: ObjectBucketClaim -metadata: - name: ceph-bucket-karakeep - labels: - app.kubernetes.io/name: ceph-bucket-karakeep - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - generateBucketName: bucket-karakeep - storageClassName: ceph-bucket diff --git a/clusters/cl01tl/helm/karakeep/templates/replication-source.yaml b/clusters/cl01tl/helm/karakeep/templates/replication-source.yaml deleted file mode 100644 index 738dff236..000000000 --- a/clusters/cl01tl/helm/karakeep/templates/replication-source.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: karakeep-data-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: karakeep-data-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: karakeep-data - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: karakeep-data-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/helm/karakeep/templates/service-monitor.yaml b/clusters/cl01tl/helm/karakeep/templates/service-monitor.yaml deleted file mode 100644 index d5a9f353c..000000000 --- a/clusters/cl01tl/helm/karakeep/templates/service-monitor.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: karakeep - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: karakeep - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - endpoints: - - port: http - interval: 30s - scrapeTimeout: 15s - path: /api/metrics - authorization: - credentials: - key: prometheus-token - name: karakeep-key-secret - selector: - matchLabels: - app.kubernetes.io/name: karakeep - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/clusters/cl01tl/helm/karakeep/values.yaml b/clusters/cl01tl/helm/karakeep/values.yaml deleted file mode 100644 index e99929310..000000000 --- a/clusters/cl01tl/helm/karakeep/values.yaml +++ /dev/null @@ -1,155 +0,0 @@ -karakeep: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/karakeep-app/karakeep - tag: 0.28.0 - pullPolicy: IfNotPresent - env: - - name: DATA_DIR - value: /data - - name: DB_WAL_MODE - value: true - - name: NEXTAUTH_URL - value: https://karakeep.alexlebens.dev/ - - name: NEXTAUTH_SECRET - valueFrom: - secretKeyRef: - name: karakeep-key-secret - key: key - - name: PROMETHEUS_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: karakeep-key-secret - key: prometheus-token - - name: ASSET_STORE_S3_ENDPOINT - value: http://rook-ceph-rgw-ceph-objectstore.rook-ceph.svc:80 - - name: ASSET_STORE_S3_REGION - value: us-east-1 - - name: ASSET_STORE_S3_BUCKET - valueFrom: - configMapKeyRef: - name: ceph-bucket-karakeep - key: BUCKET_NAME - - name: ASSET_STORE_S3_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: ceph-bucket-karakeep - key: AWS_ACCESS_KEY_ID - - name: ASSET_STORE_S3_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: ceph-bucket-karakeep - key: AWS_SECRET_ACCESS_KEY - - name: ASSET_STORE_S3_FORCE_PATH_STYLE - value: true - - name: MEILI_ADDR - value: http://karakeep-meilisearch.karakeep:7700 - - name: MEILI_MASTER_KEY - valueFrom: - secretKeyRef: - name: karakeep-meilisearch-master-key-secret - key: MEILI_MASTER_KEY - - name: BROWSER_WEB_URL - value: http://karakeep.karakeep:9222 - - name: DISABLE_SIGNUPS - value: false - - name: OAUTH_PROVIDER_NAME - value: "Authentik" - - name: OAUTH_WELLKNOWN_URL - value: https://auth.alexlebens.dev/application/o/karakeep/.well-known/openid-configuration - - name: OAUTH_SCOPE - value: "openid email profile" - - name: OAUTH_CLIENT_ID - valueFrom: - secretKeyRef: - name: karakeep-oidc-secret - key: AUTHENTIK_CLIENT_ID - - name: OAUTH_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: karakeep-oidc-secret - key: AUTHENTIK_CLIENT_SECRET - - name: OLLAMA_BASE_URL - value: http://ollama-server-3.ollama:11434 - - name: OLLAMA_KEEP_ALIVE - value: 5m - - name: INFERENCE_TEXT_MODEL - value: gemma3:4b - - name: INFERENCE_IMAGE_MODEL - value: granite3.2-vision:2b - - name: EMBEDDING_TEXT_MODEL - value: mxbai-embed-large - - name: INFERENCE_JOB_TIMEOUT_SEC - value: 720 - resources: - requests: - cpu: 10m - memory: 256Mi - chrome: - image: - repository: gcr.io/zenika-hub/alpine-chrome - tag: 124 - pullPolicy: IfNotPresent - args: - - --no-sandbox - - --disable-gpu - - --disable-dev-shm-usage - - --remote-debugging-address=0.0.0.0 - - --remote-debugging-port=9222 - - --hide-scrollbars - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 3000 - targetPort: 3000 - protocol: HTTP - chrome: - port: 9222 - targetPort: 9222 - protocol: HTTP - persistence: - data: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 10Gi - retain: true - advancedMounts: - main: - main: - - path: /data - readOnly: false -meilisearch: - environment: - MEILI_NO_ANALYTICS: true - MEILI_ENV: production - MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true - auth: - existingMasterKeySecret: karakeep-meilisearch-master-key-secret - service: - type: ClusterIP - port: 7700 - persistence: - enabled: true - storageClass: ceph-block - size: 10Gi - resources: - requests: - cpu: 10m - memory: 128Mi - serviceMonitor: - enabled: true -cloudflared: - existingSecretName: karakeep-cloudflared-secret diff --git a/clusters/cl01tl/helm/kiwix/Chart.yaml b/clusters/cl01tl/helm/kiwix/Chart.yaml deleted file mode 100644 index 26d5be4ad..000000000 --- a/clusters/cl01tl/helm/kiwix/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: kiwix -version: 1.0.0 -description: Kiwix -keywords: - - kiwix - - wikipedia -home: https://wiki.alexlebens.dev/s/16eaaf92-3607-421f-bc66-cb3c39eeaea0 -sources: - - https://github.com/kiwix - - https://github.com/kiwix/kiwix-tools/pkgs/container/kiwix-serve - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: kiwix - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kiwix-dark.png -appVersion: 3.7.0 diff --git a/clusters/cl01tl/helm/kiwix/templates/http-route.yaml b/clusters/cl01tl/helm/kiwix/templates/http-route.yaml deleted file mode 100644 index fe180dc47..000000000 --- a/clusters/cl01tl/helm/kiwix/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-kiwix - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-kiwix - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - kiwix.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: kiwix - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/kiwix/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/kiwix/templates/persistent-volume-claim.yaml deleted file mode 100644 index 1423bcd69..000000000 --- a/clusters/cl01tl/helm/kiwix/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: kiwix-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: kiwix-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: kiwix-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/helm/kiwix/templates/persistent-volume.yaml b/clusters/cl01tl/helm/kiwix/templates/persistent-volume.yaml deleted file mode 100644 index 5185019e7..000000000 --- a/clusters/cl01tl/helm/kiwix/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: kiwix-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: kiwix-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage/Kiwix - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/helm/kiwix/values.yaml b/clusters/cl01tl/helm/kiwix/values.yaml deleted file mode 100644 index 611733a0b..000000000 --- a/clusters/cl01tl/helm/kiwix/values.yaml +++ /dev/null @@ -1,38 +0,0 @@ -kiwix: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/kiwix/kiwix-serve - tag: 3.8.0 - pullPolicy: IfNotPresent - args: - - '*.zim' - env: - - name: PORT - value: 8080 - resources: - requests: - cpu: 50m - memory: 512Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 8080 - protocol: HTTP - persistence: - media: - existingClaim: kiwix-nfs-storage - advancedMounts: - main: - main: - - path: /data - readOnly: true diff --git a/clusters/cl01tl/helm/libation/Chart.yaml b/clusters/cl01tl/helm/libation/Chart.yaml deleted file mode 100644 index 13d95f2d4..000000000 --- a/clusters/cl01tl/helm/libation/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v2 -name: libation -version: 1.0.0 -description: Libation -keywords: - - libation - - audiobooks - - audible -home: https://wiki.alexlebens.dev/s/63beac50-a63f-45fe-b8e5-e1691dd5e9b0 -sources: - - https://github.com/rmcrackan/Libation - - https://hub.docker.com/r/rmcrackan/libation - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: libation - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/libation.png -appVersion: 12.4.3 diff --git a/clusters/cl01tl/helm/libation/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/libation/templates/persistent-volume-claim.yaml deleted file mode 100644 index bcae70a6c..000000000 --- a/clusters/cl01tl/helm/libation/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: libation-config - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: libation-config - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - storageClassName: nfs-client - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - volumeMode: Filesystem - ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: libation-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: libation-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: libation-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/helm/libation/templates/persistent-volume.yaml b/clusters/cl01tl/helm/libation/templates/persistent-volume.yaml deleted file mode 100644 index 123b69068..000000000 --- a/clusters/cl01tl/helm/libation/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: libation-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: libation-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage/Audiobooks/ - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/helm/libation/values.yaml b/clusters/cl01tl/helm/libation/values.yaml deleted file mode 100644 index 5e6dc8be9..000000000 --- a/clusters/cl01tl/helm/libation/values.yaml +++ /dev/null @@ -1,44 +0,0 @@ -libation: - controllers: - main: - type: cronjob - cronjob: - suspend: false - concurrencyPolicy: Forbid - timeZone: US/Central - schedule: "30 4 * * *" - startingDeadlineSeconds: 90 - successfulJobsHistory: 3 - failedJobsHistory: 3 - backoffLimit: 3 - parallelism: 1 - containers: - main: - image: - repository: rmcrackan/libation - tag: 12.7.4 - pullPolicy: IfNotPresent - env: - - name: SLEEP_TIME - value: "-1" - - name: LIBATION_BOOKS_DIR - value: /data - resources: - requests: - cpu: 10m - memory: 128Mi - persistence: - config: - existingClaim: libation-config - advancedMounts: - main: - main: - - path: /config - readOnly: false - data: - existingClaim: libation-nfs-storage - advancedMounts: - main: - main: - - path: /data - readOnly: false diff --git a/clusters/cl01tl/helm/lidarr/Chart.yaml b/clusters/cl01tl/helm/lidarr/Chart.yaml deleted file mode 100644 index 0eaeaa6c0..000000000 --- a/clusters/cl01tl/helm/lidarr/Chart.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: v2 -name: lidarr -version: 1.0.0 -description: Lidarr -keywords: - - lidarr - - servarr - - music - - metrics -home: https://wiki.alexlebens.dev/s/f7c4e892-aa3b-435f-b220-317dc53137ac -sources: - - https://github.com/Lidarr/Lidarr - - https://github.com/linuxserver/docker-lidarr - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/onedr0p/exportarr/pkgs/container/exportarr - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: lidarr - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/lidarr.png -appVersion: 2.13.3 diff --git a/clusters/cl01tl/helm/lidarr/templates/external-secret.yaml b/clusters/cl01tl/helm/lidarr/templates/external-secret.yaml deleted file mode 100644 index 28bf735e3..000000000 --- a/clusters/cl01tl/helm/lidarr/templates/external-secret.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: lidarr-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: lidarr-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/lidarr2/lidarr2-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: lidarr-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: lidarr-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: lidarr-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: lidarr-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/helm/lidarr/templates/http-route.yaml b/clusters/cl01tl/helm/lidarr/templates/http-route.yaml deleted file mode 100644 index 506985b16..000000000 --- a/clusters/cl01tl/helm/lidarr/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-lidarr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-lidarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - lidarr.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: lidarr - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/lidarr/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/lidarr/templates/persistent-volume-claim.yaml deleted file mode 100644 index c1d21f84e..000000000 --- a/clusters/cl01tl/helm/lidarr/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: lidarr-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: lidarr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: lidarr-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/helm/lidarr/templates/persistent-volume.yaml b/clusters/cl01tl/helm/lidarr/templates/persistent-volume.yaml deleted file mode 100644 index 181d788f2..000000000 --- a/clusters/cl01tl/helm/lidarr/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: lidarr-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: lidarr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/helm/lidarr/templates/prometheus-rule.yaml b/clusters/cl01tl/helm/lidarr/templates/prometheus-rule.yaml deleted file mode 100644 index 80b14f110..000000000 --- a/clusters/cl01tl/helm/lidarr/templates/prometheus-rule.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: lidarr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: lidarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - groups: - - name: lidarr - rules: - - alert: ExportarrAbsent - annotations: - description: Lidarr Exportarr has disappeared from Prometheus - service discovery. - summary: Exportarr is down. - expr: | - absent(up{job=~".*lidarr.*"} == 1) - for: 5m - labels: - severity: critical - - alert: LidarrDown - annotations: - description: Lidarr service is down. - summary: Lidarr is down. - expr: | - lidarr_system_status{job=~".*lidarr.*"} == 0 - for: 5m - labels: - severity: critical diff --git a/clusters/cl01tl/helm/lidarr/templates/replication-source.yaml b/clusters/cl01tl/helm/lidarr/templates/replication-source.yaml deleted file mode 100644 index ef6c456fc..000000000 --- a/clusters/cl01tl/helm/lidarr/templates/replication-source.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: lidarr-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: lidarr-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: lidarr-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: lidarr-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - moverSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/helm/lidarr/templates/service-monitor.yaml b/clusters/cl01tl/helm/lidarr/templates/service-monitor.yaml deleted file mode 100644 index 9011279c3..000000000 --- a/clusters/cl01tl/helm/lidarr/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: lidarr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: lidarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: lidarr - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: metrics - interval: 3m - scrapeTimeout: 1m - path: /metrics diff --git a/clusters/cl01tl/helm/lidarr/values.yaml b/clusters/cl01tl/helm/lidarr/values.yaml deleted file mode 100644 index e66609fd5..000000000 --- a/clusters/cl01tl/helm/lidarr/values.yaml +++ /dev/null @@ -1,151 +0,0 @@ -lidarr: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - containers: - main: - image: - repository: ghcr.io/linuxserver/lidarr - tag: 2.14.5@sha256:5e1235d00b5d1c1f60ca0d472e554a6611aef41aa7b5b6d88260214bf4809af0 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - resources: - requests: - cpu: 100m - memory: 256Mi - metrics: - image: - repository: ghcr.io/onedr0p/exportarr - tag: v2.3.0 - pullPolicy: IfNotPresent - args: ["lidarr"] - env: - - name: URL - value: http://localhost - - name: CONFIG - value: /config/config.xml - - name: PORT - value: 9792 - - name: ENABLE_ADDITIONAL_METRICS - value: false - - name: ENABLE_UNKNOWN_QUEUE_ITEMS - value: false - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 8686 - protocol: HTTP - metrics: - port: 9792 - targetPort: 9792 - protocol: TCP - persistence: - config: - forceRename: lidarr-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 10Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - metrics: - - path: /config - readOnly: true - media: - existingClaim: lidarr-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: false -postgres-17-cluster: - nameOverride: lidarr2-postgresql-17 - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - resources: - requests: - memory: 1Gi - cpu: 200m - initdb: - postInitSQL: - - CREATE DATABASE "lidarr-main" OWNER "app"; - - CREATE DATABASE "lidarr-log" OWNER "app"; - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/lidarr/lidarr2-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: lidarr-postgresql-17-cluster-backup-secret - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/lidarr2/lidarr2-postgresql-17-cluster - index: 1 - endpointCredentials: lidarr-postgresql-17-cluster-backup-secret - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/lidarr/lidarr2-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: lidarr-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/lidarr/lidarr2-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: lidarr-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 8 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/helm/lidatube/Chart.yaml b/clusters/cl01tl/helm/lidatube/Chart.yaml deleted file mode 100644 index e55aae496..000000000 --- a/clusters/cl01tl/helm/lidatube/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v2 -name: lidatube -version: 1.0.0 -description: LidaTube -keywords: - - lidatube - - music - - yt-dlp -home: https://wiki.alexlebens.dev/s/10d95030-85be-4ced-a8d7-b4aaeca9bee6 -sources: - - https://github.com/TheWicklowWolf/LidaTube - - https://registry.hub.docker.com/r/thewicklowwolf/lidatube - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: lidatube - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/lidatube.png -appVersion: 0.2.22 diff --git a/clusters/cl01tl/helm/lidatube/templates/external-secret.yaml b/clusters/cl01tl/helm/lidatube/templates/external-secret.yaml deleted file mode 100644 index 83be273f2..000000000 --- a/clusters/cl01tl/helm/lidatube/templates/external-secret.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: lidatube-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: lidatube-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: lidarr_api_key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/lidarr2/key - metadataPolicy: None - property: key diff --git a/clusters/cl01tl/helm/lidatube/templates/http-route.yaml b/clusters/cl01tl/helm/lidatube/templates/http-route.yaml deleted file mode 100644 index 508d72b7b..000000000 --- a/clusters/cl01tl/helm/lidatube/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-lidatube - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-lidatube - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - lidatube.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: lidatube - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/lidatube/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/lidatube/templates/persistent-volume-claim.yaml deleted file mode 100644 index ff3c8907e..000000000 --- a/clusters/cl01tl/helm/lidatube/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: lidatube-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: lidatube-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: lidatube-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/helm/lidatube/templates/persistent-volume.yaml b/clusters/cl01tl/helm/lidatube/templates/persistent-volume.yaml deleted file mode 100644 index 35422746f..000000000 --- a/clusters/cl01tl/helm/lidatube/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: lidatube-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: lidatube-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage/Music - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/helm/lidatube/values.yaml b/clusters/cl01tl/helm/lidatube/values.yaml deleted file mode 100644 index 9e1efa5e9..000000000 --- a/clusters/cl01tl/helm/lidatube/values.yaml +++ /dev/null @@ -1,66 +0,0 @@ -lidatube: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - containers: - main: - image: - repository: thewicklowwolf/lidatube - tag: 0.2.41 - pullPolicy: IfNotPresent - env: - - name: PUID - value: 1000 - - name: PGID - value: 1000 - - name: lidarr_address - value: http://lidarr.lidarr:80 - - name: lidarr_api_key - valueFrom: - secretKeyRef: - name: lidatube-secret - key: lidarr_api_key - - name: sleep_interval - value: 360 - - name: sync_schedule - value: 4 - - name: attempt_lidarr_import - value: true - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 5000 - protocol: HTTP - persistence: - config: - forceRename: lidatube-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - main: - - path: /lidatube/config - readOnly: false - music: - existingClaim: lidatube-nfs-storage - advancedMounts: - main: - main: - - path: /lidatube/downloads - readOnly: false diff --git a/clusters/cl01tl/helm/listenarr/Chart.yaml b/clusters/cl01tl/helm/listenarr/Chart.yaml deleted file mode 100644 index c6415cb3b..000000000 --- a/clusters/cl01tl/helm/listenarr/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v2 -name: listenarr -version: 1.0.0 -description: Listenarr -keywords: - - listenarr - - audiobooks -home: https://wiki.alexlebens.dev/ -sources: - - https://github.com/therobbiedavis/Listenarr - - https://hub.docker.com/r/therobbiedavis/listenarr - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: listenarr - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -appVersion: 0.2.35 diff --git a/clusters/cl01tl/helm/listenarr/templates/http-route.yaml b/clusters/cl01tl/helm/listenarr/templates/http-route.yaml deleted file mode 100644 index 73bdae8c0..000000000 --- a/clusters/cl01tl/helm/listenarr/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-listenarr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-listenarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - listenarr.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: listenarr - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/listenarr/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/listenarr/templates/persistent-volume-claim.yaml deleted file mode 100644 index 96a4a3e48..000000000 --- a/clusters/cl01tl/helm/listenarr/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: listenarr-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: listenarr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: listenarr-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/helm/listenarr/templates/persistent-volume.yaml b/clusters/cl01tl/helm/listenarr/templates/persistent-volume.yaml deleted file mode 100644 index a22ee2ab0..000000000 --- a/clusters/cl01tl/helm/listenarr/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: listenarr-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: listenarr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage/Audiobooks - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/helm/listenarr/values.yaml b/clusters/cl01tl/helm/listenarr/values.yaml deleted file mode 100644 index 1b1a04e84..000000000 --- a/clusters/cl01tl/helm/listenarr/values.yaml +++ /dev/null @@ -1,46 +0,0 @@ -listenarr: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: therobbiedavis/listenarr - tag: canary-0.2.35 - pullPolicy: IfNotPresent - env: - - name: LISTENARR_PUBLIC_URL - value: https://listenarr.alexlebens.net - resources: - requests: - cpu: 50m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 5000 - protocol: HTTP - persistence: - config: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - main: - - path: /app/config - readOnly: false - media: - existingClaim: listenarr-nfs-storage - advancedMounts: - main: - main: - - path: /data - readOnly: false diff --git a/clusters/cl01tl/helm/omni-tools/Chart.yaml b/clusters/cl01tl/helm/omni-tools/Chart.yaml deleted file mode 100644 index cc0017779..000000000 --- a/clusters/cl01tl/helm/omni-tools/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v2 -name: omni-tools -version: 1.0.0 -description: OmniTools -keywords: - - omni-tools -home: https://wiki.alexlebens.dev/s/8820cd36-dcf6-4ddf-8b2f-584271628a54 -sources: - - https://github.com/iib0011/omni-tools - - https://hub.docker.com/r/iib0011/omni-tools - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: omni-tools - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/omnitools.png -appVersion: 0.4.0 diff --git a/clusters/cl01tl/helm/omni-tools/templates/http-route.yaml b/clusters/cl01tl/helm/omni-tools/templates/http-route.yaml deleted file mode 100644 index 981539188..000000000 --- a/clusters/cl01tl/helm/omni-tools/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-omni-tools - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-omni-tools - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - omni-tools.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: omni-tools - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/omni-tools/values.yaml b/clusters/cl01tl/helm/omni-tools/values.yaml deleted file mode 100644 index 43daccfcd..000000000 --- a/clusters/cl01tl/helm/omni-tools/values.yaml +++ /dev/null @@ -1,25 +0,0 @@ -omni-tools: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: iib0011/omni-tools - tag: 0.6.0 - pullPolicy: IfNotPresent - resources: - requests: - cpu: 50m - memory: 512Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 80 - protocol: HTTP diff --git a/clusters/cl01tl/helm/outline/Chart.yaml b/clusters/cl01tl/helm/outline/Chart.yaml deleted file mode 100644 index 5063d92f8..000000000 --- a/clusters/cl01tl/helm/outline/Chart.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: v2 -name: outline -version: 1.0.0 -description: Outline -keywords: - - outline - - wiki - - documentation -home: https://wiki.alexlebens.dev/s/c530c2b9-82b7-44df-b7ef-870c8b29242f -sources: - - https://github.com/outline/outline - - https://github.com/cloudflare/cloudflared - - https://github.com/cloudnative-pg/cloudnative-pg - - https://hub.docker.com/r/outlinewiki/outline - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: outline - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: cloudflared - alias: cloudflared-outline - repository: oci://harbor.alexlebens.net/helm-charts - version: 1.23.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/outline.png -appVersion: 0.84.0 diff --git a/clusters/cl01tl/helm/outline/templates/external-secret.yaml b/clusters/cl01tl/helm/outline/templates/external-secret.yaml deleted file mode 100644 index 7fa5518f1..000000000 --- a/clusters/cl01tl/helm/outline/templates/external-secret.yaml +++ /dev/null @@ -1,148 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: outline-key-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: outline-key-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: secret-key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/outline/key - metadataPolicy: None - property: secret-key - - secretKey: utils-key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/outline/key - metadataPolicy: None - property: utils-key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: outline-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: outline-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: client - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/outline - metadataPolicy: None - property: client - - secretKey: secret - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/outline - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: outline-cloudflared-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: outline-cloudflared-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/outline - metadataPolicy: None - property: token - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: outline-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: outline-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: outline-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: outline-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/helm/outline/templates/object-bucket-claim.yaml b/clusters/cl01tl/helm/outline/templates/object-bucket-claim.yaml deleted file mode 100644 index 6d780520a..000000000 --- a/clusters/cl01tl/helm/outline/templates/object-bucket-claim.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: objectbucket.io/v1alpha1 -kind: ObjectBucketClaim -metadata: - name: ceph-bucket-outline - labels: - app.kubernetes.io/name: ceph-bucket-outline - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - generateBucketName: bucket-outline - storageClassName: ceph-bucket - additionalConfig: - bucketPolicy: | - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor", - "Effect": "Allow", - "Action": [ - "s3:GetObjectAcl", - "s3:DeleteObject", - "s3:PutObject", - "s3:GetObject", - "s3:PutObjectAcl" - ], - "Resource": "arn:aws:s3:::bucket-outline-630c57e0-d475-4d78-926c-c1c082291d73/*" - } - ] - } diff --git a/clusters/cl01tl/helm/outline/templates/redis-replication.yaml b/clusters/cl01tl/helm/outline/templates/redis-replication.yaml deleted file mode 100644 index af65e0566..000000000 --- a/clusters/cl01tl/helm/outline/templates/redis-replication.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: redis-replication-outline - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-outline - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - clusterSize: 3 - podSecurityContext: - runAsUser: 1000 - fsGroup: 1000 - kubernetesConfig: - image: quay.io/opstree/redis:v8.0.3 - imagePullPolicy: IfNotPresent - resources: - requests: - cpu: 50m - memory: 128Mi - storage: - volumeClaimTemplate: - spec: - storageClassName: ceph-block - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 1Gi - redisExporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.48.0 diff --git a/clusters/cl01tl/helm/outline/templates/service-monitor.yaml b/clusters/cl01tl/helm/outline/templates/service-monitor.yaml deleted file mode 100644 index e5f767b2d..000000000 --- a/clusters/cl01tl/helm/outline/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: redis-replication-outline - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-outline - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - redis-operator: "true" - env: production -spec: - selector: - matchLabels: - redis_setup_type: replication - endpoints: - - port: redis-exporter - interval: 30s - scrapeTimeout: 10s diff --git a/clusters/cl01tl/helm/outline/values.yaml b/clusters/cl01tl/helm/outline/values.yaml deleted file mode 100644 index 6d0f6c784..000000000 --- a/clusters/cl01tl/helm/outline/values.yaml +++ /dev/null @@ -1,203 +0,0 @@ -outline: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: outlinewiki/outline - tag: 1.1.0 - pullPolicy: IfNotPresent - env: - - name: NODE_ENV - value: production - - name: URL - value: https://wiki.alexlebens.dev - - name: PORT - value: 3000 - - name: SECRET_KEY - valueFrom: - secretKeyRef: - name: outline-key-secret - key: secret-key - - name: UTILS_SECRET - valueFrom: - secretKeyRef: - name: outline-key-secret - key: utils-key - - name: POSTGRES_USERNAME - valueFrom: - secretKeyRef: - name: outline-postgresql-17-cluster-app - key: username - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: outline-postgresql-17-cluster-app - key: password - - name: POSTGRES_DATABASE_NAME - valueFrom: - secretKeyRef: - name: outline-postgresql-17-cluster-app - key: dbname - - name: POSTGRES_DATABASE_HOST - valueFrom: - secretKeyRef: - name: outline-postgresql-17-cluster-app - key: host - - name: POSTGRES_DATABASE_PORT - valueFrom: - secretKeyRef: - name: outline-postgresql-17-cluster-app - key: port - - name: DATABASE_URL - value: postgres://$(POSTGRES_USERNAME):$(POSTGRES_PASSWORD)@$(POSTGRES_DATABASE_HOST):$(POSTGRES_DATABASE_PORT)/$(POSTGRES_DATABASE_NAME) - - name: DATABASE_URL_TEST - value: postgres://$(POSTGRES_USERNAME):$(POSTGRES_PASSWORD)@$(POSTGRES_DATABASE_HOST):$(POSTGRES_DATABASE_PORT)/$(POSTGRES_DATABASE_NAME)-test - - name: DATABASE_CONNECTION_POOL_MIN - value: "2" - - name: DATABASE_CONNECTION_POOL_MAX - value: "20" - - name: PGSSLMODE - value: disable - - name: REDIS_URL - value: redis://redis-replication-outline-master.outline:6379 - - name: FILE_STORAGE - value: s3 - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: ceph-bucket-outline - key: AWS_ACCESS_KEY_ID - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: ceph-bucket-outline - key: AWS_SECRET_ACCESS_KEY - - name: AWS_REGION - value: us-east-1 - - name: AWS_S3_UPLOAD_BUCKET_NAME - valueFrom: - configMapKeyRef: - name: ceph-bucket-outline - key: BUCKET_NAME - - name: AWS_S3_UPLOAD_BUCKET_URL - value: https://objects.alexlebens.dev - - name: AWS_S3_FORCE_PATH_STYLE - value: true - - name: AWS_S3_ACL - value: private - - name: FILE_STORAGE_UPLOAD_MAX_SIZE - value: "26214400" - - name: FORCE_HTTPS - value: false - - name: ENABLE_UPDATES - value: false - - name: WEB_CONCURRENCY - value: 1 - - name: FILE_STORAGE_IMPORT_MAX_SIZE - value: 5120000 - - name: LOG_LEVEL - value: info - - name: DEFAULT_LANGUAGE - value: en_US - - name: RATE_LIMITER_ENABLED - value: false - - name: DEVELOPMENT_UNSAFE_INLINE_CSP - value: false - - name: OIDC_CLIENT_ID - valueFrom: - secretKeyRef: - name: outline-oidc-secret - key: client - - name: OIDC_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: outline-oidc-secret - key: secret - - name: OIDC_AUTH_URI - value: https://auth.alexlebens.dev/application/o/authorize/ - - name: OIDC_TOKEN_URI - value: https://auth.alexlebens.dev/application/o/token/ - - name: OIDC_USERINFO_URI - value: https://auth.alexlebens.dev/application/o/userinfo/ - - name: OIDC_USERNAME_CLAIM - value: email - - name: OIDC_DISPLAY_NAME - value: Authentik - - name: OIDC_SCOPES - value: openid profile email - resources: - requests: - cpu: 10m - memory: 512Mi - service: - main: - controller: main - ports: - http: - port: 3000 - targetPort: 3000 - protocol: HTTP -cloudflared-outline: - existingSecretName: outline-cloudflared-secret - name: cloudflared-outline -postgres-17-cluster: - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/outline/outline-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: outline-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/outline/outline-postgresql-17-cluster - index: 1 - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/outline/outline-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: outline-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/outline/outline-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: outline-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 10 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/helm/overseerr/Chart.yaml b/clusters/cl01tl/helm/overseerr/Chart.yaml deleted file mode 100644 index 69efd1844..000000000 --- a/clusters/cl01tl/helm/overseerr/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: overseerr -version: 1.0.0 -description: Overseerr -keywords: - - overseer - - media - - request -home: https://wiki.alexlebens.dev/s/ba89ec92-a15c-48d5-9c33-a28a0134b0f9 -sources: - - https://github.com/sct/overseerr - - https://github.com/sct/overseerr/pkgs/container/overseerr - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/overseerr.png -appVersion: 1.34.0 diff --git a/clusters/cl01tl/helm/overseerr/templates/external-secret.yaml b/clusters/cl01tl/helm/overseerr/templates/external-secret.yaml deleted file mode 100644 index 07fd8a0d7..000000000 --- a/clusters/cl01tl/helm/overseerr/templates/external-secret.yaml +++ /dev/null @@ -1,55 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: overseerr-main-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: overseerr-main-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/overseerr/overseerr-main" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key diff --git a/clusters/cl01tl/helm/overseerr/templates/http-route.yaml b/clusters/cl01tl/helm/overseerr/templates/http-route.yaml deleted file mode 100644 index f02422b82..000000000 --- a/clusters/cl01tl/helm/overseerr/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-overseerr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-overseerr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - overseerr.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: overseerr - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/overseerr/templates/replication-source.yaml b/clusters/cl01tl/helm/overseerr/templates/replication-source.yaml deleted file mode 100644 index 370af3b85..000000000 --- a/clusters/cl01tl/helm/overseerr/templates/replication-source.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: overseerr-main-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: overseerr-main-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: overseerr-main - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: overseerr-main-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/helm/overseerr/values.yaml b/clusters/cl01tl/helm/overseerr/values.yaml deleted file mode 100644 index ab54214f0..000000000 --- a/clusters/cl01tl/helm/overseerr/values.yaml +++ /dev/null @@ -1,40 +0,0 @@ -app-template: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/sct/overseerr - tag: 1.34.0 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - resources: - requests: - cpu: 10m - memory: 512Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 5055 - protocol: HTTP - persistence: - main: - forceRename: overseerr-main - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 10Gi - retain: true - advancedMounts: - main: - main: - - path: /app/config - readOnly: false diff --git a/clusters/cl01tl/helm/photoview/Chart.yaml b/clusters/cl01tl/helm/photoview/Chart.yaml deleted file mode 100644 index f8a8dd360..000000000 --- a/clusters/cl01tl/helm/photoview/Chart.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v2 -name: photoview -version: 1.0.0 -description: Photoview -keywords: - - photoview - - pictures -home: https://wiki.alexlebens.dev/s/f519a435-8388-4503-a9f9-401bdb424151 -sources: - - https://github.com/photoview/photoview - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: photoview - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/photoview.png -appVersion: 2.4.0 diff --git a/clusters/cl01tl/helm/photoview/templates/external-secrets.yaml b/clusters/cl01tl/helm/photoview/templates/external-secrets.yaml deleted file mode 100644 index 68c6cb04f..000000000 --- a/clusters/cl01tl/helm/photoview/templates/external-secrets.yaml +++ /dev/null @@ -1,65 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: photoview-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: photoview-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: photoview-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: photoview-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/helm/photoview/templates/http-route.yaml b/clusters/cl01tl/helm/photoview/templates/http-route.yaml deleted file mode 100644 index 838a90b95..000000000 --- a/clusters/cl01tl/helm/photoview/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-photoview - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-photoview - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - photoview.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: photoview - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/photoview/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/photoview/templates/persistent-volume-claim.yaml deleted file mode 100644 index 3b4120483..000000000 --- a/clusters/cl01tl/helm/photoview/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: photoview-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: photoview-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: photoview-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/helm/photoview/templates/persistent-volume.yaml b/clusters/cl01tl/helm/photoview/templates/persistent-volume.yaml deleted file mode 100644 index dfdfb917f..000000000 --- a/clusters/cl01tl/helm/photoview/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: photoview-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: photoview-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage/Pictures - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/helm/photoview/values.yaml b/clusters/cl01tl/helm/photoview/values.yaml deleted file mode 100644 index b27700dd9..000000000 --- a/clusters/cl01tl/helm/photoview/values.yaml +++ /dev/null @@ -1,130 +0,0 @@ -photoview: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - initContainers: - init-chmod-data: - securityContext: - runAsUser: 0 - image: - repository: busybox - tag: 1.37.0 - pullPolicy: IfNotPresent - command: - - /bin/sh - - -ec - - | - /bin/chown -R 999:999 /app/cache - resources: - requests: - cpu: 100m - memory: 128Mi - containers: - main: - image: - repository: photoview/photoview - tag: 2.4.0 - pullPolicy: IfNotPresent - env: - - name: PHOTOVIEW_DATABASE_DRIVER - value: postgres - - name: PHOTOVIEW_POSTGRES_URL - valueFrom: - secretKeyRef: - name: photoview-postgresql-17-cluster-app - key: uri - - name: PHOTOVIEW_MEDIA_CACHE - value: /app/cache - resources: - requests: - cpu: 10m - memory: 512Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 80 - protocol: HTTP - persistence: - cache: - forceRename: photoview-cache - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 10Gi - retain: false - advancedMounts: - main: - init-chmod-data: - - path: /app/cache - readOnly: false - main: - - path: /app/cache - readOnly: false - media: - existingClaim: photoview-nfs-storage - advancedMounts: - main: - main: - - path: /photos - readOnly: true -postgres-17-cluster: - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/photoview/photoview-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: photoview-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/photoview/photoview-postgresql-17-cluster - index: 1 - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/photoview/photoview-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: photoview-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/photoview/photoview-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: photoview-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 12 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/helm/plex/Chart.yaml b/clusters/cl01tl/helm/plex/Chart.yaml deleted file mode 100644 index 984233394..000000000 --- a/clusters/cl01tl/helm/plex/Chart.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v2 -name: plex -version: 1.0.0 -description: Plex -keywords: - - plex - - tv shows - - movies - - music - - photos - - live tv -home: https://wiki.alexlebens.dev/s/e2833eed-f991-4b00-9fa0-5d7f403a8183 -sources: - - https://www.plex.tv/ - - https://github.com/linuxserver/docker-plex - - https://github.com/linuxserver/docker-plex/pkgs/container/plex - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: plex - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/plex.png -appVersion: 1.41.6 diff --git a/clusters/cl01tl/helm/plex/templates/http-route.yaml b/clusters/cl01tl/helm/plex/templates/http-route.yaml deleted file mode 100644 index 0ef0cbb23..000000000 --- a/clusters/cl01tl/helm/plex/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-plex - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-plex - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - plex.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: plex - port: 32400 - weight: 100 diff --git a/clusters/cl01tl/helm/plex/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/plex/templates/persistent-volume-claim.yaml deleted file mode 100644 index 61a5296c2..000000000 --- a/clusters/cl01tl/helm/plex/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: plex-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: plex-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: plex-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/helm/plex/templates/persistent-volume.yaml b/clusters/cl01tl/helm/plex/templates/persistent-volume.yaml deleted file mode 100644 index cdf01b15c..000000000 --- a/clusters/cl01tl/helm/plex/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: plex-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: plex-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/helm/plex/values.yaml b/clusters/cl01tl/helm/plex/values.yaml deleted file mode 100644 index 532c65908..000000000 --- a/clusters/cl01tl/helm/plex/values.yaml +++ /dev/null @@ -1,61 +0,0 @@ -plex: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/linuxserver/plex - tag: 1.42.2@sha256:ab81c7313fb5dc4d1f9562e5bbd5e5877a8a3c5ca6b9f9fff3437b5096a2b123 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: VERSION - value: docker - - name: PLEX_CLAIM - value: claim-XmGK2o9x54PbCzQaqj-J - resources: - limits: - gpu.intel.com/i915: 1 - requests: - gpu.intel.com/i915: 1 - cpu: 10m - memory: 512Mi - service: - main: - controller: main - type: LoadBalancer - ports: - http: - port: 32400 - targetPort: 32400 - protocol: HTTP - persistence: - config: - forceRename: plex-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 100Gi - advancedMounts: - main: - main: - - path: /config - readOnly: false - transcode: - type: emptyDir - advancedMounts: - main: - main: - - path: /transcode - readOnly: false - media: - existingClaim: plex-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: true diff --git a/clusters/cl01tl/helm/postiz/Chart.yaml b/clusters/cl01tl/helm/postiz/Chart.yaml deleted file mode 100644 index fbe1d87e3..000000000 --- a/clusters/cl01tl/helm/postiz/Chart.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v2 -name: postiz -version: 1.0.0 -description: Postiz -keywords: - - postiz - - social-media -home: https://wiki.alexlebens.dev/s/f483a06b-860b-423c-8d51-a1ce82e0fd43 -sources: - - https://github.com/gitroomhq/postiz-app - - https://github.com/cloudflare/cloudflared - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/gitroomhq/postiz-app/pkgs/container/postiz-app - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: postiz - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: cloudflared - repository: oci://harbor.alexlebens.net/helm-charts - version: 1.23.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/postiz.png -appVersion: v1.43.3 diff --git a/clusters/cl01tl/helm/postiz/templates/external-secret.yaml b/clusters/cl01tl/helm/postiz/templates/external-secret.yaml deleted file mode 100644 index 4bbfa9af3..000000000 --- a/clusters/cl01tl/helm/postiz/templates/external-secret.yaml +++ /dev/null @@ -1,292 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: postiz-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: postiz-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: JWT_SECRET - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/postiz/config - metadataPolicy: None - property: JWT_SECRET - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: postiz-redis-config - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: postiz-redis-config - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: REDIS_URL - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/postiz/redis - metadataPolicy: None - property: REDIS_URL - - secretKey: user - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/postiz/redis - metadataPolicy: None - property: user - - secretKey: password - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/postiz/redis - metadataPolicy: None - property: password - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: postiz-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: postiz-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: client - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/postiz - metadataPolicy: None - property: client - - secretKey: secret - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/postiz - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: postiz-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: postiz-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/postiz/postiz-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: postiz-uploads-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: postiz-uploads-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/postiz/postiz-uploads" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: postiz-cloudflared-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: postiz-cloudflared-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/postiz - metadataPolicy: None - property: token - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: postiz-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: postiz-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: postiz-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: postiz-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/helm/postiz/templates/http-route.yaml b/clusters/cl01tl/helm/postiz/templates/http-route.yaml deleted file mode 100644 index 382c76ca5..000000000 --- a/clusters/cl01tl/helm/postiz/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-postiz - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-postiz - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - postiz.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: postiz - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/postiz/templates/redis-replication.yaml b/clusters/cl01tl/helm/postiz/templates/redis-replication.yaml deleted file mode 100644 index 302a81ad6..000000000 --- a/clusters/cl01tl/helm/postiz/templates/redis-replication.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: redis-replication-postiz - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-postiz - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - clusterSize: 3 - podSecurityContext: - runAsUser: 1000 - fsGroup: 1000 - kubernetesConfig: - image: quay.io/opstree/redis:v8.0.3 - imagePullPolicy: IfNotPresent - redisSecret: - name: postiz-redis-config - key: password - resources: - requests: - cpu: 50m - memory: 128Mi - storage: - volumeClaimTemplate: - spec: - storageClassName: ceph-block - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 1Gi - redisExporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.48.0 diff --git a/clusters/cl01tl/helm/postiz/templates/replication-source.yaml b/clusters/cl01tl/helm/postiz/templates/replication-source.yaml deleted file mode 100644 index 69b38cdc3..000000000 --- a/clusters/cl01tl/helm/postiz/templates/replication-source.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: postiz-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: postiz-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: postiz-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: postiz-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot - ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: postiz-uploads-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: postiz-uploads-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: postiz-uploads - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: postiz-uploads-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/helm/postiz/templates/service-monitor.yaml b/clusters/cl01tl/helm/postiz/templates/service-monitor.yaml deleted file mode 100644 index c7e86c00f..000000000 --- a/clusters/cl01tl/helm/postiz/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: redis-replication-postiz - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-postiz - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - redis-operator: "true" - env: production -spec: - selector: - matchLabels: - redis_setup_type: replication - endpoints: - - port: redis-exporter - interval: 30s - scrapeTimeout: 10s diff --git a/clusters/cl01tl/helm/postiz/values.yaml b/clusters/cl01tl/helm/postiz/values.yaml deleted file mode 100644 index 7e2b6da94..000000000 --- a/clusters/cl01tl/helm/postiz/values.yaml +++ /dev/null @@ -1,163 +0,0 @@ -postiz: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/gitroomhq/postiz-app - tag: v2.8.3 - pullPolicy: IfNotPresent - env: - - name: MAIN_URL - value: https://postiz.alexlebens.dev - - name: FRONTEND_URL - value: https://postiz.alexlebens.dev - - name: NEXT_PUBLIC_BACKEND_URL - value: https://postiz.alexlebens.dev/api - - name: JWT_SECRET - valueFrom: - secretKeyRef: - name: postiz-config-secret - key: JWT_SECRET - - name: DATABASE_URL - valueFrom: - secretKeyRef: - name: postiz-postgresql-17-cluster-app - key: uri - - name: REDIS_URL - valueFrom: - secretKeyRef: - name: postiz-redis-config - key: REDIS_URL - - name: BACKEND_INTERNAL_URL - value: http://localhost:3000 - - name: IS_GENERAL - value: "true" - - name: STORAGE_PROVIDER - value: local - - name: UPLOAD_DIRECTORY - value: /uploads - - name: NEXT_PUBLIC_UPLOAD_DIRECTORY - value: /uploads - - name: NEXT_PUBLIC_POSTIZ_OAUTH_DISPLAY_NAME - value: Authentik - - name: NEXT_PUBLIC_POSTIZ_OAUTH_LOGO_URL - value: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png - - name: POSTIZ_GENERIC_OAUTH - value: "true" - - name: POSTIZ_OAUTH_URL - value: https://auth.alexlebens.dev - - name: POSTIZ_OAUTH_AUTH_URL - value: https://auth.alexlebens.dev/application/o/authorize/ - - name: POSTIZ_OAUTH_TOKEN_URL - value: https://auth.alexlebens.dev/application/o/token/ - - name: POSTIZ_OAUTH_USERINFO_URL - value: https://auth.alexlebens.dev/application/o/userinfo/ - - name: POSTIZ_OAUTH_CLIENT_ID - valueFrom: - secretKeyRef: - name: postiz-oidc-secret - key: client - - name: POSTIZ_OAUTH_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: postiz-oidc-secret - key: secret - - name: POSTIZ_OAUTH_SCOPE - value: openid profile email - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 5000 - protocol: HTTP - persistence: - config: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 2Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - uploads: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 10Gi - retain: true - advancedMounts: - main: - main: - - path: /uploads - readOnly: false -cloudflared: - name: cloudflared-postiz - existingSecretName: postiz-cloudflared-secret -postgres-17-cluster: - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/postiz/postiz-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: postiz-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/postiz/postiz-postgresql-17-cluster - index: 2 - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/postiz/postiz-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: postiz-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/postiz/postiz-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: postiz-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 14 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/helm/prowlarr/Chart.yaml b/clusters/cl01tl/helm/prowlarr/Chart.yaml deleted file mode 100644 index ce3c6a7cb..000000000 --- a/clusters/cl01tl/helm/prowlarr/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v2 -name: prowlarr -version: 1.0.0 -description: Prowlarr -keywords: - - prowlarr - - servarr - - trackers -home: https://wiki.alexlebens.dev/s/7f963158-15fd-4eb5-b3ac-8a3aeb79613a -sources: - - https://github.com/Prowlarr/Prowlarr - - https://github.com/linuxserver/docker-prowlarr - - https://github.com/linuxserver/docker-prowlarr/pkgs/container/prowlarr - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: prowlarr - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prowlarr.png -appVersion: 1.35.1 diff --git a/clusters/cl01tl/helm/prowlarr/templates/external-secret.yaml b/clusters/cl01tl/helm/prowlarr/templates/external-secret.yaml deleted file mode 100644 index a35545627..000000000 --- a/clusters/cl01tl/helm/prowlarr/templates/external-secret.yaml +++ /dev/null @@ -1,55 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: prowlarr-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: prowlarr-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/prowlarr/prowlarr-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key diff --git a/clusters/cl01tl/helm/prowlarr/templates/http-route.yaml b/clusters/cl01tl/helm/prowlarr/templates/http-route.yaml deleted file mode 100644 index 8e202e8b4..000000000 --- a/clusters/cl01tl/helm/prowlarr/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-prowlarr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-prowlarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - prowlarr.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: prowlarr - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/prowlarr/templates/replication-source.yaml b/clusters/cl01tl/helm/prowlarr/templates/replication-source.yaml deleted file mode 100644 index 55af1476e..000000000 --- a/clusters/cl01tl/helm/prowlarr/templates/replication-source.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: prowlarr-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: prowlarr-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: prowlarr-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: prowlarr-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - moverSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - fsGroupChangePolicy: OnRootMismatch - supplementalGroups: - - 44 - - 100 - - 109 - - 65539 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/helm/prowlarr/values.yaml b/clusters/cl01tl/helm/prowlarr/values.yaml deleted file mode 100644 index 0b542abde..000000000 --- a/clusters/cl01tl/helm/prowlarr/values.yaml +++ /dev/null @@ -1,51 +0,0 @@ -prowlarr: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - fsGroupChangePolicy: OnRootMismatch - supplementalGroups: - - 44 - - 100 - - 109 - - 65539 - containers: - main: - image: - repository: ghcr.io/linuxserver/prowlarr - tag: 2.3.0@sha256:475853535de3de8441b87c1457c30f2e695f4831228b12b6b7274e9da409d874 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - resources: - requests: - cpu: 10m - memory: 256Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 9696 - protocol: HTTP - persistence: - config: - forceRename: prowlarr-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false diff --git a/clusters/cl01tl/helm/radarr-4k/Chart.yaml b/clusters/cl01tl/helm/radarr-4k/Chart.yaml deleted file mode 100644 index a5fe41ee7..000000000 --- a/clusters/cl01tl/helm/radarr-4k/Chart.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: v2 -name: radarr-4k -version: 1.0.0 -description: Radarr 4K -keywords: - - radarr - - servarr - - movies - - 4k - - metrics -home: https://wiki.alexlebens.dev/s/b5687ceb-11db-49b3-9c77-bf27bc322c99 -sources: - - https://github.com/Radarr/Radarr - - https://github.com/linuxserver/docker-radarr - - https://github.com/onedr0p/exportarr - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/linuxserver/docker-radarr/pkgs/container/radarr - - https://github.com/onedr0p/exportarr/pkgs/container/exportarr - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: radarr-4k - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-4k.png -appVersion: 5.22.4 diff --git a/clusters/cl01tl/helm/radarr-4k/templates/external-secret.yaml b/clusters/cl01tl/helm/radarr-4k/templates/external-secret.yaml deleted file mode 100644 index 6890221d3..000000000 --- a/clusters/cl01tl/helm/radarr-4k/templates/external-secret.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: radarr-4k-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-4k-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/radarr5-4k/radarr5-4k-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: radarr-4k-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-4k-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: radarr-4k-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-4k-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/helm/radarr-4k/templates/http-route.yaml b/clusters/cl01tl/helm/radarr-4k/templates/http-route.yaml deleted file mode 100644 index 029939f6b..000000000 --- a/clusters/cl01tl/helm/radarr-4k/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-radarr-4k - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-radarr-4k - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - radarr-4k.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: radarr-4k - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/radarr-4k/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/radarr-4k/templates/persistent-volume-claim.yaml deleted file mode 100644 index b05e92529..000000000 --- a/clusters/cl01tl/helm/radarr-4k/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: radarr-4k-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-4k-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: radarr-4k-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/helm/radarr-4k/templates/persistent-volume.yaml b/clusters/cl01tl/helm/radarr-4k/templates/persistent-volume.yaml deleted file mode 100644 index 435908330..000000000 --- a/clusters/cl01tl/helm/radarr-4k/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: radarr-4k-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-4k-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/helm/radarr-4k/templates/prometheus-rule.yaml b/clusters/cl01tl/helm/radarr-4k/templates/prometheus-rule.yaml deleted file mode 100644 index e3cab3d05..000000000 --- a/clusters/cl01tl/helm/radarr-4k/templates/prometheus-rule.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: radarr-4k - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-4k - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - groups: - - name: radarr-4k - rules: - - alert: ExportarrAbsent - annotations: - description: Radarr 4K Exportarr has disappeared from Prometheus - service discovery. - summary: Exportarr is down. - expr: | - absent(up{job=~".*radarr-4k.*"} == 1) - for: 5m - labels: - severity: critical - - alert: Radarr4kDown - annotations: - description: Radarr 4K service is down. - summary: Radarr 4K is down. - expr: | - radarr_4k_system_status{job=~".*radarr-4k.*"} == 0 - for: 5m - labels: - severity: critical diff --git a/clusters/cl01tl/helm/radarr-4k/templates/replication-source.yaml b/clusters/cl01tl/helm/radarr-4k/templates/replication-source.yaml deleted file mode 100644 index 6829ca51d..000000000 --- a/clusters/cl01tl/helm/radarr-4k/templates/replication-source.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: radarr-4k-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-4k-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: radarr-4k-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: radarr-4k-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - moverSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/helm/radarr-4k/templates/service-monitor.yaml b/clusters/cl01tl/helm/radarr-4k/templates/service-monitor.yaml deleted file mode 100644 index 57d1ab55c..000000000 --- a/clusters/cl01tl/helm/radarr-4k/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: radarr-4k - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-4k - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: radarr-4k - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: metrics - interval: 3m - scrapeTimeout: 1m - path: /metrics diff --git a/clusters/cl01tl/helm/radarr-4k/values.yaml b/clusters/cl01tl/helm/radarr-4k/values.yaml deleted file mode 100644 index 3c598c07d..000000000 --- a/clusters/cl01tl/helm/radarr-4k/values.yaml +++ /dev/null @@ -1,151 +0,0 @@ -radarr-4k: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - containers: - main: - image: - repository: ghcr.io/linuxserver/radarr - tag: 6.0.4@sha256:06ac318ecb95a34c7b229568dcb4271f02cb5007bb189a0dd67a2032864187ca - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - resources: - requests: - cpu: 100m - memory: 256Mi - metrics: - image: - repository: ghcr.io/onedr0p/exportarr - tag: v2.3.0 - pullPolicy: IfNotPresent - args: ["radarr"] - env: - - name: URL - value: http://localhost - - name: CONFIG - value: /config/config.xml - - name: PORT - value: 9793 - - name: ENABLE_ADDITIONAL_METRICS - value: false - - name: ENABLE_UNKNOWN_QUEUE_ITEMS - value: false - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 7878 - protocol: HTTP - metrics: - port: 9793 - targetPort: 9793 - protocol: TCP - persistence: - config: - forceRename: radarr-4k-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 20Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - metrics: - - path: /config - readOnly: true - media: - existingClaim: radarr-4k-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: false -postgres-17-cluster: - nameOverride: radarr5-4k-postgresql-17 - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - resources: - requests: - memory: 1Gi - cpu: 200m - initdb: - postInitSQL: - - CREATE DATABASE "radarr-main" OWNER "app"; - - CREATE DATABASE "radarr-log" OWNER "app"; - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/radarr5-4k/radarr5-4k-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: radarr-4k-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/radarr5-4k/radarr5-4k-postgresql-17-cluster - index: 1 - endpointCredentials: radarr-4k-postgresql-17-cluster-backup-secret - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/radarr-4k/radarr5-4k-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: radarr-4k-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/radarr-4k/radarr5-4k-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: radarr-4k-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 18 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/helm/radarr-anime/Chart.yaml b/clusters/cl01tl/helm/radarr-anime/Chart.yaml deleted file mode 100644 index ad9532c00..000000000 --- a/clusters/cl01tl/helm/radarr-anime/Chart.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: v2 -name: radarr-anime -version: 1.0.0 -description: Radarr Anime -keywords: - - radarr - - servarr - - movies - - anime - - metrics -home: https://wiki.alexlebens.dev/s/b5687ceb-11db-49b3-9c77-bf27bc322c99 -sources: - - https://github.com/Radarr/Radarr - - https://github.com/linuxserver/docker-radarr - - https://github.com/onedr0p/exportarr - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/linuxserver/docker-radarr/pkgs/container/radarr - - https://github.com/onedr0p/exportarr/pkgs/container/exportarr - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: radarr-anime - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-anime.png -appVersion: 5.22.4 diff --git a/clusters/cl01tl/helm/radarr-anime/templates/external-secret.yaml b/clusters/cl01tl/helm/radarr-anime/templates/external-secret.yaml deleted file mode 100644 index 20beb063d..000000000 --- a/clusters/cl01tl/helm/radarr-anime/templates/external-secret.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: radarr-anime-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-anime-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/radarr5-anime/radarr5-anime-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: radarr-anime-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-anime-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: radarr-anime-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-anime-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/helm/radarr-anime/templates/http-route.yaml b/clusters/cl01tl/helm/radarr-anime/templates/http-route.yaml deleted file mode 100644 index 7fd42815c..000000000 --- a/clusters/cl01tl/helm/radarr-anime/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-radarr-anime - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-radarr-anime - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - radarr-anime.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: radarr-anime - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/radarr-anime/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/radarr-anime/templates/persistent-volume-claim.yaml deleted file mode 100644 index 572bca509..000000000 --- a/clusters/cl01tl/helm/radarr-anime/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: radarr-anime-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-anime-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: radarr-anime-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/helm/radarr-anime/templates/persistent-volume.yaml b/clusters/cl01tl/helm/radarr-anime/templates/persistent-volume.yaml deleted file mode 100644 index de760a1b9..000000000 --- a/clusters/cl01tl/helm/radarr-anime/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: radarr-anime-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-anime-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/helm/radarr-anime/templates/prometheus-rule.yaml b/clusters/cl01tl/helm/radarr-anime/templates/prometheus-rule.yaml deleted file mode 100644 index 9134bf0c5..000000000 --- a/clusters/cl01tl/helm/radarr-anime/templates/prometheus-rule.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: radarr-anime - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-anime - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - groups: - - name: radarr-anime - rules: - - alert: ExportarrAbsent - annotations: - description: Radarr Anime Exportarr has disappeared from Prometheus - service discovery. - summary: Exportarr is down. - expr: | - absent(up{job=~".*radarr-anime.*"} == 1) - for: 5m - labels: - severity: critical - - alert: RadarrAnimeDown - annotations: - description: Radarr Anime service is down. - summary: Radarr Anime is down. - expr: | - radarr_anime_system_status{job=~".*radarr-anime.*"} == 0 - for: 5m - labels: - severity: critical diff --git a/clusters/cl01tl/helm/radarr-anime/templates/replication-source.yaml b/clusters/cl01tl/helm/radarr-anime/templates/replication-source.yaml deleted file mode 100644 index 8c2d38215..000000000 --- a/clusters/cl01tl/helm/radarr-anime/templates/replication-source.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: radarr-anime-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-anime-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: radarr-anime-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: radarr-anime-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - moverSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/helm/radarr-anime/templates/service-monitor.yaml b/clusters/cl01tl/helm/radarr-anime/templates/service-monitor.yaml deleted file mode 100644 index a25b96e8b..000000000 --- a/clusters/cl01tl/helm/radarr-anime/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: radarr-anime - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-anime - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: radarr-anime - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: metrics - interval: 3m - scrapeTimeout: 1m - path: /metrics diff --git a/clusters/cl01tl/helm/radarr-anime/values.yaml b/clusters/cl01tl/helm/radarr-anime/values.yaml deleted file mode 100644 index 3914a9db3..000000000 --- a/clusters/cl01tl/helm/radarr-anime/values.yaml +++ /dev/null @@ -1,145 +0,0 @@ -radarr-anime: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - containers: - main: - image: - repository: ghcr.io/linuxserver/radarr - tag: 6.0.4@sha256:06ac318ecb95a34c7b229568dcb4271f02cb5007bb189a0dd67a2032864187ca - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - resources: - requests: - cpu: 10m - memory: 256Mi - metrics: - image: - repository: ghcr.io/onedr0p/exportarr - tag: v2.3.0 - pullPolicy: IfNotPresent - args: ["radarr"] - env: - - name: URL - value: http://localhost - - name: CONFIG - value: /config/config.xml - - name: PORT - value: 9793 - - name: ENABLE_ADDITIONAL_METRICS - value: false - - name: ENABLE_UNKNOWN_QUEUE_ITEMS - value: false - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 7878 - protocol: HTTP - metrics: - port: 9793 - targetPort: 9793 - protocol: TCP - persistence: - config: - forceRename: radarr-anime-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 20Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - metrics: - - path: /config - readOnly: true - media: - existingClaim: radarr-anime-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: false -postgres-17-cluster: - nameOverride: radarr5-anime-postgresql-17 - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - initdb: - postInitSQL: - - CREATE DATABASE "radarr-main" OWNER "app"; - - CREATE DATABASE "radarr-log" OWNER "app"; - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/radarr5-anime/radarr5-anime-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: radarr-anime-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/radarr5-anime/radarr5-anime-postgresql-17-cluster - index: 1 - endpointCredentials: radarr-anime-postgresql-17-cluster-backup-secret - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/radarr-anime/radarr5-anime-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: radarr-anime-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/radarr-anime/radarr5-anime-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: radarr-anime-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 20 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/helm/radarr-standup/Chart.yaml b/clusters/cl01tl/helm/radarr-standup/Chart.yaml deleted file mode 100644 index ae95dd97d..000000000 --- a/clusters/cl01tl/helm/radarr-standup/Chart.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v2 -name: radarr-standup -version: 1.0.0 -description: Radarr Stand Up -keywords: - - radarr - - servarr - - standup - - metrics -home: https://wiki.alexlebens.dev/s/b5687ceb-11db-49b3-9c77-bf27bc322c99 -sources: - - https://github.com/Radarr/Radarr - - https://github.com/linuxserver/docker-radarr - - https://github.com/onedr0p/exportarr - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/linuxserver/docker-radarr/pkgs/container/radarr - - https://github.com/onedr0p/exportarr/pkgs/container/exportarr - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: radarr-standup - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png -appVersion: 5.22.4 diff --git a/clusters/cl01tl/helm/radarr-standup/templates/external-secret.yaml b/clusters/cl01tl/helm/radarr-standup/templates/external-secret.yaml deleted file mode 100644 index 5f1f24a56..000000000 --- a/clusters/cl01tl/helm/radarr-standup/templates/external-secret.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: radarr-standup-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-standup-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/radarr5-standup/radarr5-standup-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: radarr-standup-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-standup-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: radarr-standup-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-standup-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/helm/radarr-standup/templates/http-route.yaml b/clusters/cl01tl/helm/radarr-standup/templates/http-route.yaml deleted file mode 100644 index 8d2a3c822..000000000 --- a/clusters/cl01tl/helm/radarr-standup/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-radarr-standup - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-radarr-standup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - radarr-standup.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: radarr-standup - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/radarr-standup/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/radarr-standup/templates/persistent-volume-claim.yaml deleted file mode 100644 index 29ad7f688..000000000 --- a/clusters/cl01tl/helm/radarr-standup/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: radarr-standup-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-standup-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: radarr-standup-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/helm/radarr-standup/templates/persistent-volume.yaml b/clusters/cl01tl/helm/radarr-standup/templates/persistent-volume.yaml deleted file mode 100644 index 63cdd5dea..000000000 --- a/clusters/cl01tl/helm/radarr-standup/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: radarr-standup-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-standup-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/helm/radarr-standup/templates/prometheus-rule.yaml b/clusters/cl01tl/helm/radarr-standup/templates/prometheus-rule.yaml deleted file mode 100644 index 3e33b02c4..000000000 --- a/clusters/cl01tl/helm/radarr-standup/templates/prometheus-rule.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: radarr-standup - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-standup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - groups: - - name: radarr-standup - rules: - - alert: ExportarrAbsent - annotations: - description: Radarr Stand Up Exportarr has disappeared from Prometheus - service discovery. - summary: Exportarr is down. - expr: | - absent(up{job=~".*radarr-standup.*"} == 1) - for: 5m - labels: - severity: critical - - alert: RadarrStandUpDown - annotations: - description: Radarr Stand Up service is down. - summary: Radarr Stand Up is down. - expr: | - radarr_standup_system_status{job=~".*radarr-standup.*"} == 0 - for: 5m - labels: - severity: critical diff --git a/clusters/cl01tl/helm/radarr-standup/templates/replication-source.yaml b/clusters/cl01tl/helm/radarr-standup/templates/replication-source.yaml deleted file mode 100644 index b35406832..000000000 --- a/clusters/cl01tl/helm/radarr-standup/templates/replication-source.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: radarr-standup-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-standup-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: radarr-standup-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: radarr-standup-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - moverSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/helm/radarr-standup/templates/service-monitor.yaml b/clusters/cl01tl/helm/radarr-standup/templates/service-monitor.yaml deleted file mode 100644 index 71c74be7e..000000000 --- a/clusters/cl01tl/helm/radarr-standup/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: radarr-standup - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-standup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: radarr-standup - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: metrics - interval: 3m - scrapeTimeout: 1m - path: /metrics diff --git a/clusters/cl01tl/helm/radarr-standup/values.yaml b/clusters/cl01tl/helm/radarr-standup/values.yaml deleted file mode 100644 index 90c032623..000000000 --- a/clusters/cl01tl/helm/radarr-standup/values.yaml +++ /dev/null @@ -1,145 +0,0 @@ -radarr-standup: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - containers: - main: - image: - repository: ghcr.io/linuxserver/radarr - tag: 6.0.4@sha256:06ac318ecb95a34c7b229568dcb4271f02cb5007bb189a0dd67a2032864187ca - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - resources: - requests: - cpu: 10m - memory: 256Mi - metrics: - image: - repository: ghcr.io/onedr0p/exportarr - tag: v2.3.0 - pullPolicy: IfNotPresent - args: ["radarr"] - env: - - name: URL - value: http://localhost - - name: CONFIG - value: /config/config.xml - - name: PORT - value: 9793 - - name: ENABLE_ADDITIONAL_METRICS - value: false - - name: ENABLE_UNKNOWN_QUEUE_ITEMS - value: false - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 7878 - protocol: HTTP - metrics: - port: 9793 - targetPort: 9793 - protocol: TCP - persistence: - config: - forceRename: radarr-standup-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 20Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - metrics: - - path: /config - readOnly: true - media: - existingClaim: radarr-standup-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: false -postgres-17-cluster: - nameOverride: radarr5-standup-postgresql-17 - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - initdb: - postInitSQL: - - CREATE DATABASE "radarr-main" OWNER "app"; - - CREATE DATABASE "radarr-log" OWNER "app"; - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/radarr5-standup/radarr5-standup-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: radarr-standup-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/radarr5-standup/radarr5-standup-postgresql-17-cluster - index: 1 - endpointCredentials: radarr-standup-postgresql-17-cluster-backup-secret - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/radarr-standup/radarr5-standup-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: radarr-standup-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/radarr-standup/radarr5-standup-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: radarr-standup-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 22 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/helm/radarr/Chart.yaml b/clusters/cl01tl/helm/radarr/Chart.yaml deleted file mode 100644 index fbb819be0..000000000 --- a/clusters/cl01tl/helm/radarr/Chart.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v2 -name: radarr -version: 1.0.0 -description: Radarr -keywords: - - radarr - - servarr - - movies - - metrics -home: https://wiki.alexlebens.dev/s/b5687ceb-11db-49b3-9c77-bf27bc322c99 -sources: - - https://github.com/Radarr/Radarr - - https://github.com/linuxserver/docker-radarr - - https://github.com/onedr0p/exportarr - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/linuxserver/docker-radarr/pkgs/container/radarr - - https://github.com/onedr0p/exportarr/pkgs/container/exportarr - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: radarr - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png -appVersion: 5.22.4 diff --git a/clusters/cl01tl/helm/radarr/templates/external-secret.yaml b/clusters/cl01tl/helm/radarr/templates/external-secret.yaml deleted file mode 100644 index aa1f929d9..000000000 --- a/clusters/cl01tl/helm/radarr/templates/external-secret.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: radarr-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/radarr5/radarr5-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: radarr-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: radarr-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/helm/radarr/templates/http-route.yaml b/clusters/cl01tl/helm/radarr/templates/http-route.yaml deleted file mode 100644 index 0dae2e263..000000000 --- a/clusters/cl01tl/helm/radarr/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-radarr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-radarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - radarr.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: radarr - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/radarr/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/radarr/templates/persistent-volume-claim.yaml deleted file mode 100644 index 1c07245f8..000000000 --- a/clusters/cl01tl/helm/radarr/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: radarr-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: radarr-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/helm/radarr/templates/persistent-volume.yaml b/clusters/cl01tl/helm/radarr/templates/persistent-volume.yaml deleted file mode 100644 index 131d465cc..000000000 --- a/clusters/cl01tl/helm/radarr/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: radarr-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/helm/radarr/templates/prometheus-rule.yaml b/clusters/cl01tl/helm/radarr/templates/prometheus-rule.yaml deleted file mode 100644 index d5076ca9d..000000000 --- a/clusters/cl01tl/helm/radarr/templates/prometheus-rule.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: radarr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - groups: - - name: radarr - rules: - - alert: ExportarrAbsent - annotations: - description: Radarr Exportarr has disappeared from Prometheus - service discovery. - summary: Exportarr is down. - expr: | - absent(up{job=~".*radarr.*"} == 1) - for: 5m - labels: - severity: critical - - alert: RadarrDown - annotations: - description: Radarr service is down. - summary: Radarr is down. - expr: | - radarr_system_status{job=~".*radarr.*"} == 0 - for: 5m - labels: - severity: critical diff --git a/clusters/cl01tl/helm/radarr/templates/replication-source.yaml b/clusters/cl01tl/helm/radarr/templates/replication-source.yaml deleted file mode 100644 index 3d8f3c1f0..000000000 --- a/clusters/cl01tl/helm/radarr/templates/replication-source.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: radarr-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: radarr-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: radarr-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - moverSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/helm/radarr/templates/service-monitor.yaml b/clusters/cl01tl/helm/radarr/templates/service-monitor.yaml deleted file mode 100644 index 4a5d7eb09..000000000 --- a/clusters/cl01tl/helm/radarr/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: radarr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: radarr - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: metrics - interval: 3m - scrapeTimeout: 1m - path: /metrics diff --git a/clusters/cl01tl/helm/radarr/values.yaml b/clusters/cl01tl/helm/radarr/values.yaml deleted file mode 100644 index 8d81bb8b0..000000000 --- a/clusters/cl01tl/helm/radarr/values.yaml +++ /dev/null @@ -1,151 +0,0 @@ -radarr: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - containers: - main: - image: - repository: ghcr.io/linuxserver/radarr - tag: 6.0.4@sha256:06ac318ecb95a34c7b229568dcb4271f02cb5007bb189a0dd67a2032864187ca - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - resources: - requests: - cpu: 100m - memory: 256Mi - metrics: - image: - repository: ghcr.io/onedr0p/exportarr - tag: v2.3.0 - pullPolicy: IfNotPresent - args: ["radarr"] - env: - - name: URL - value: http://localhost - - name: CONFIG - value: /config/config.xml - - name: PORT - value: 9793 - - name: ENABLE_ADDITIONAL_METRICS - value: false - - name: ENABLE_UNKNOWN_QUEUE_ITEMS - value: false - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 7878 - protocol: HTTP - metrics: - port: 9793 - targetPort: 9793 - protocol: TCP - persistence: - config: - forceRename: radarr-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 20Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - metrics: - - path: /config - readOnly: true - media: - existingClaim: radarr-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: false -postgres-17-cluster: - nameOverride: radarr5-postgresql-17 - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - resources: - requests: - memory: 1Gi - cpu: 200m - initdb: - postInitSQL: - - CREATE DATABASE "radarr-main" OWNER "app"; - - CREATE DATABASE "radarr-log" OWNER "app"; - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/radarr5/radarr5-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: radarr-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/radarr5/radarr5-postgresql-17-cluster - index: 2 - endpointCredentials: radarr-postgresql-17-cluster-backup-secret - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/radarr/radarr5-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: radarr-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/radarr/radarr5-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: radarr-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 16 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/helm/roundcube/Chart.yaml b/clusters/cl01tl/helm/roundcube/Chart.yaml deleted file mode 100644 index 788cd1b65..000000000 --- a/clusters/cl01tl/helm/roundcube/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v2 -name: roundcube -version: 1.0.0 -description: Roundcube -keywords: - - roundcube - - email -home: https://wiki.alexlebens.dev/s/68896660-74d8-4166-82bd-f7c282cdb08e -sources: - - https://github.com/roundcube/roundcubemail - - https://github.com/cloudnative-pg/cloudnative-pg - - https://hub.docker.com/r/roundcube/roundcubemail - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: roundcube - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/roundcube.png -appVersion: 1.6.10 diff --git a/clusters/cl01tl/helm/roundcube/templates/external-secret.yaml b/clusters/cl01tl/helm/roundcube/templates/external-secret.yaml deleted file mode 100644 index 23419d874..000000000 --- a/clusters/cl01tl/helm/roundcube/templates/external-secret.yaml +++ /dev/null @@ -1,145 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: roundcube-key-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: roundcube-key-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: DES_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/roundcube/key - metadataPolicy: None - property: DES_KEY - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: roundcube-data-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: roundcube-data-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/roundcube/roundcube-data" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: roundcube-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: roundcube-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: roundcube-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: roundcube-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/helm/roundcube/templates/http-route.yaml b/clusters/cl01tl/helm/roundcube/templates/http-route.yaml deleted file mode 100644 index b32e8fea1..000000000 --- a/clusters/cl01tl/helm/roundcube/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-mail - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-mail - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - mail.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: roundcube - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/roundcube/templates/replication-source.yaml b/clusters/cl01tl/helm/roundcube/templates/replication-source.yaml deleted file mode 100644 index a7383cd31..000000000 --- a/clusters/cl01tl/helm/roundcube/templates/replication-source.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: roundcube-data-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: roundcube-data-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: roundcube-data - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: roundcube-data-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/helm/roundcube/values.yaml b/clusters/cl01tl/helm/roundcube/values.yaml deleted file mode 100644 index 68255504f..000000000 --- a/clusters/cl01tl/helm/roundcube/values.yaml +++ /dev/null @@ -1,263 +0,0 @@ -roundcube: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: roundcube/roundcubemail - tag: 1.6.11-fpm-alpine - pullPolicy: IfNotPresent - env: - - name: ROUNDCUBEMAIL_DB_TYPE - value: pgsql - - name: ROUNDCUBEMAIL_DB_HOST - valueFrom: - secretKeyRef: - name: roundcube-postgresql-17-cluster-app - key: host - - name: ROUNDCUBEMAIL_DB_NAME - valueFrom: - secretKeyRef: - name: roundcube-postgresql-17-cluster-app - key: dbname - - name: ROUNDCUBEMAIL_DB_USER - valueFrom: - secretKeyRef: - name: roundcube-postgresql-17-cluster-app - key: user - - name: ROUNDCUBEMAIL_DB_PASSWORD - valueFrom: - secretKeyRef: - name: roundcube-postgresql-17-cluster-app - key: password - - name: ROUNDCUBEMAIL_DES_KEY - valueFrom: - secretKeyRef: - name: roundcube-key-secret - key: DES_KEY - - name: ROUNDCUBEMAIL_DEFAULT_HOST - value: stalwart.stalwart - - name: ROUNDCUBEMAIL_DEFAULT_PORT - value: 143 - - name: ROUNDCUBEMAIL_SMTP_SERVER - value: stalwart.stalwart - - name: ROUNDCUBEMAIL_SMTP_PORT - value: 25 - - name: ROUNDCUBEMAIL_SKIN - value: elastic - - name: ROUNDCUBEMAIL_PLUGINS - value: archive,zipdownload,newmail_notifier - resources: - requests: - cpu: 10m - memory: 256Mi - nginx: - image: - repository: nginx - tag: 1.29.3-alpine - pullPolicy: IfNotPresent - env: - - name: NGINX_HOST - value: mail.alexlebens.net - - name: NGINX_PHP_CGI - value: roundcube.roundcube:9000 - resources: - requests: - cpu: 10m - memory: 128Mi - cleandb: - type: cronjob - cronjob: - suspend: false - concurrencyPolicy: Forbid - timeZone: US/Central - schedule: 30 4 * * * - startingDeadlineSeconds: 90 - successfulJobsHistory: 3 - failedJobsHistory: 3 - backoffLimit: 3 - parallelism: 1 - containers: - backup: - image: - repository: roundcube/roundcubemail - tag: 1.6.11-fpm-alpine - pullPolicy: IfNotPresent - env: - - name: ROUNDCUBEMAIL_DB_TYPE - value: pgsql - - name: ROUNDCUBEMAIL_DB_HOST - valueFrom: - secretKeyRef: - name: roundcube-postgresql-17-cluster-app - key: host - - name: ROUNDCUBEMAIL_DB_NAME - valueFrom: - secretKeyRef: - name: roundcube-postgresql-17-cluster-app - key: dbname - - name: ROUNDCUBEMAIL_DB_USER - valueFrom: - secretKeyRef: - name: roundcube-postgresql-17-cluster-app - key: user - - name: ROUNDCUBEMAIL_DB_PASSWORD - valueFrom: - secretKeyRef: - name: roundcube-postgresql-17-cluster-app - key: password - - name: ROUNDCUBEMAIL_DES_KEY - valueFrom: - secretKeyRef: - name: roundcube-key-secret - key: DES_KEY - - name: ROUNDCUBEMAIL_DEFAULT_HOST - value: tls://stalwart.stalwart - - name: ROUNDCUBEMAIL_SMTP_SERVER - value: tls://stalwart.stalwart - - name: ROUNDCUBEMAIL_SKIN - value: elastic - - name: ROUNDCUBEMAIL_PLUGINS - value: archive,zipdownload,newmail_notifier - args: - - bin/cleandb.sh - resources: - requests: - cpu: 100m - memory: 128Mi - configMaps: - config: - enabled: true - data: - default.conf: | - server { - listen 80 default_server; - server_name _; - root /var/www/html; - - location / { - try_files $uri /index.php$is_args$args; - } - - location ~ \.php(/|$) { - try_files $uri =404; - fastcgi_pass roundcube:9000; - fastcgi_read_timeout 300; - proxy_read_timeout 300; - fastcgi_split_path_info ^(.+\.php)(/.*)$; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; - fastcgi_param DOCUMENT_ROOT $realpath_root; - internal; - } - - client_max_body_size 6m; - - error_log /var/log/nginx/error.log; - access_log /var/log/nginx/access.log; - } - service: - main: - controller: main - ports: - mail: - port: 9000 - targetPort: 9000 - protocol: HTTP - web: - port: 80 - targetPort: 80 - protocol: HTTP - persistence: - data: - forceRename: roundcube-data - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - main: - - path: /var/www/html - readOnly: false - nginx: - - path: /var/www/html - readOnly: false - temp: - type: emptyDir - advancedMounts: - main: - main: - - path: /tmp/roundcube-temp - readOnly: false - config: - enabled: true - type: configMap - name: roundcube-config - advancedMounts: - main: - nginx: - - path: /etc/nginx/conf.d/default.conf - readOnly: true - mountPropagation: None - subPath: default.conf -postgres-17-cluster: - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/roundcube/roundcube-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: roundcube-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/roundcube/roundcube-postgresql-17-cluster - index: 2 - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/roundcube/roundcube-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: roundcube-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/roundcube/roundcube-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: roundcube-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 24 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/helm/searxng/Chart.yaml b/clusters/cl01tl/helm/searxng/Chart.yaml deleted file mode 100644 index 84c6145fb..000000000 --- a/clusters/cl01tl/helm/searxng/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v2 -name: searxng -version: 1.0.0 -description: Searxng -keywords: - - searxng - - search -home: https://wiki.alexlebens.dev/s/6c6da68a-8725-4439-93c8-990ce824be54 -sources: - - https://github.com/searxng/searxng - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: searxng - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/searxng.png -appVersion: 1.0.0 diff --git a/clusters/cl01tl/helm/searxng/templates/external-secret.yaml b/clusters/cl01tl/helm/searxng/templates/external-secret.yaml deleted file mode 100644 index bb5ede8ad..000000000 --- a/clusters/cl01tl/helm/searxng/templates/external-secret.yaml +++ /dev/null @@ -1,85 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: searxng-api-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: searxng-api-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: settings.yml - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/searxng/api/config - metadataPolicy: None - property: settings.yml - - secretKey: limiter.toml - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/searxng/api/config - metadataPolicy: None - property: limiter.toml - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: searxng-browser-data-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: searxng-browser-data-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/searxng/searxng-browser-data" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key diff --git a/clusters/cl01tl/helm/searxng/templates/http-route.yaml b/clusters/cl01tl/helm/searxng/templates/http-route.yaml deleted file mode 100644 index 205106b74..000000000 --- a/clusters/cl01tl/helm/searxng/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-searxng - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-searxng - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - searxng.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: searxng-browser - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/searxng/templates/redis-replication.yaml b/clusters/cl01tl/helm/searxng/templates/redis-replication.yaml deleted file mode 100644 index 21959b519..000000000 --- a/clusters/cl01tl/helm/searxng/templates/redis-replication.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: redis-replication-searxng - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-searxng - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - clusterSize: 3 - podSecurityContext: - runAsUser: 1000 - fsGroup: 1000 - kubernetesConfig: - image: quay.io/opstree/redis:v8.0.3 - imagePullPolicy: IfNotPresent - resources: - requests: - cpu: 50m - memory: 128Mi - storage: - volumeClaimTemplate: - spec: - storageClassName: ceph-block - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 1Gi - redisExporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.48.0 diff --git a/clusters/cl01tl/helm/searxng/templates/replication-source.yaml b/clusters/cl01tl/helm/searxng/templates/replication-source.yaml deleted file mode 100644 index 0c572c2e6..000000000 --- a/clusters/cl01tl/helm/searxng/templates/replication-source.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: searxng-browser-data-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: searxng-browser-data-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: searxng-browser-data - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: searxng-browser-data-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/helm/searxng/templates/service-monitor.yaml b/clusters/cl01tl/helm/searxng/templates/service-monitor.yaml deleted file mode 100644 index ebb5165f1..000000000 --- a/clusters/cl01tl/helm/searxng/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: redis-replication-searxng - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-searxng - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - redis-operator: "true" - env: production -spec: - selector: - matchLabels: - redis_setup_type: replication - endpoints: - - port: redis-exporter - interval: 30s - scrapeTimeout: 10s diff --git a/clusters/cl01tl/helm/searxng/values.yaml b/clusters/cl01tl/helm/searxng/values.yaml deleted file mode 100644 index 011e6b7b6..000000000 --- a/clusters/cl01tl/helm/searxng/values.yaml +++ /dev/null @@ -1,113 +0,0 @@ -searxng: - controllers: - api: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: searxng/searxng - tag: latest@sha256:0124d32d77e0c7360d0b85f5d91882d1837e6ceb243c82e190f5d7e9f1401334 - pullPolicy: IfNotPresent - env: - - name: SEARXNG_BASE_URL - value: http://searxng-api.searxng:8080 - - name: SEARXNG_QUERY_URL - value: http://searxng-api.searxng:8080/search?q= - - name: SEARXNG_HOSTNAME - value: searxng-api.searxng - - name: UWSGI_WORKERS - value: 4 - - name: UWSGI_THREADS - value: 4 - - name: ENABLE_RAG_WEB_SEARCH - value: true - - name: RAG_WEB_SEARCH_ENGINE - value: searxng - - name: RAG_WEB_SEARCH_RESULT_COUNT - value: 3 - - name: RAG_WEB_SEARCH_CONCURRENT_REQUESTS - value: 10 - resources: - requests: - cpu: 10m - memory: 256Mi - browser: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: searxng/searxng - tag: latest@sha256:0124d32d77e0c7360d0b85f5d91882d1837e6ceb243c82e190f5d7e9f1401334 - pullPolicy: IfNotPresent - env: - - name: SEARXNG_BASE_URL - value: https://searxng.alexlebens.net/ - - name: SEARXNG_QUERY_URL - value: https://searxng.alexlebens.net/search?q= - - name: SEARXNG_HOSTNAME - value: searxng.alexlebens.net - - name: SEARXNG_REDIS_URL - value: redis://redis-replication-searxng-master.searxng:6379/0 - - name: UWSGI_WORKERS - value: 4 - - name: UWSGI_THREADS - value: 4 - resources: - requests: - cpu: 10m - memory: 256Mi - service: - api: - controller: api - ports: - mail: - port: 8080 - targetPort: 8080 - protocol: HTTP - browser: - controller: browser - ports: - mail: - port: 80 - targetPort: 8080 - protocol: HTTP - persistence: - config: - enabled: true - type: secret - name: searxng-api-config-secret - advancedMounts: - api: - main: - - path: /etc/searxng/settings.yml - readOnly: true - mountPropagation: None - subPath: settings.yml - - path: /etc/searxng/limiter.toml - readOnly: true - mountPropagation: None - subPath: limiter.toml - api-data: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - advancedMounts: - api: - main: - - path: /etc/searxng - readOnly: false - browser-data: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - advancedMounts: - browser: - main: - - path: /etc/searxng - readOnly: false diff --git a/clusters/cl01tl/helm/site-documentation/Chart.yaml b/clusters/cl01tl/helm/site-documentation/Chart.yaml deleted file mode 100644 index f4e151a34..000000000 --- a/clusters/cl01tl/helm/site-documentation/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v2 -name: site-documentation -version: 1.0.0 -description: Site Documentation -keywords: - - site-documentation - - astro -home: https://wiki.alexlebens.dev/s/1c39adb6-e0c6-4b01-b71f-278631adf584 -sources: - - https://github.com/alexlebens/site-documentation - - https://github.com/withastro/astro - - https://github.com/cloudflare/cloudflared - - https://github.com/alexlebens/site-documentation/pkgs/container/site-documentation - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: site-documentation - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: cloudflared - alias: cloudflared-site - repository: oci://harbor.alexlebens.net/helm-charts - version: 1.23.0 -icon: https://d21zlbwtcn424f.cloudfront.net/logo-new-round.png -appVersion: 0.8.1 diff --git a/clusters/cl01tl/helm/site-documentation/templates/external-secret.yaml b/clusters/cl01tl/helm/site-documentation/templates/external-secret.yaml deleted file mode 100644 index 31c8f9093..000000000 --- a/clusters/cl01tl/helm/site-documentation/templates/external-secret.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: site-documentation-cloudflared-api-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: site-documentation-cloudflared-api-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/site-documentation - metadataPolicy: None - property: token diff --git a/clusters/cl01tl/helm/site-documentation/values.yaml b/clusters/cl01tl/helm/site-documentation/values.yaml deleted file mode 100644 index 298ed57f1..000000000 --- a/clusters/cl01tl/helm/site-documentation/values.yaml +++ /dev/null @@ -1,30 +0,0 @@ -site-documentation: - global: - fullnameOverride: site-documentation - controllers: - main: - type: deployment - replicas: 3 - strategy: RollingUpdate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: harbor.alexlebens.net/images/site-documentation - tag: 0.0.3 - pullPolicy: IfNotPresent - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 4321 - protocol: HTTP -cloudflared-site: - name: cloudflared-site - existingSecretName: site-documentation-cloudflared-api-secret diff --git a/clusters/cl01tl/helm/site-profile/Chart.yaml b/clusters/cl01tl/helm/site-profile/Chart.yaml deleted file mode 100644 index b61c8fe12..000000000 --- a/clusters/cl01tl/helm/site-profile/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v2 -name: site-profile -version: 1.0.0 -description: Site Profile -keywords: - - site-profile - - astro -home: https://wiki.alexlebens.dev/s/1c39adb6-e0c6-4b01-b71f-278631adf584 -sources: - - https://github.com/alexlebens/site-profile - - https://github.com/withastro/astro - - https://github.com/cloudflare/cloudflared - - https://github.com/alexlebens/site-profile/pkgs/container/site-profile - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: site-profile - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: cloudflared - alias: cloudflared-site - repository: oci://harbor.alexlebens.net/helm-charts - version: 1.23.0 -icon: https://d21zlbwtcn424f.cloudfront.net/logo-new-round.png -appVersion: 2.0.1 diff --git a/clusters/cl01tl/helm/site-profile/templates/external-secret.yaml b/clusters/cl01tl/helm/site-profile/templates/external-secret.yaml deleted file mode 100644 index b81c01241..000000000 --- a/clusters/cl01tl/helm/site-profile/templates/external-secret.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: site-profile-cloudflared-api-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: site-profile-cloudflared-api-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/site-profile - metadataPolicy: None - property: token diff --git a/clusters/cl01tl/helm/site-profile/values.yaml b/clusters/cl01tl/helm/site-profile/values.yaml deleted file mode 100644 index fcc887b78..000000000 --- a/clusters/cl01tl/helm/site-profile/values.yaml +++ /dev/null @@ -1,30 +0,0 @@ -site-profile: - global: - fullnameOverride: site-profile - controllers: - main: - type: deployment - replicas: 3 - strategy: RollingUpdate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: harbor.alexlebens.net/images/site-profile - tag: 2.1.0 - pullPolicy: IfNotPresent - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 4321 - protocol: HTTP -cloudflared-site: - name: cloudflared-site - existingSecretName: site-profile-cloudflared-api-secret diff --git a/clusters/cl01tl/helm/slskd/Chart.yaml b/clusters/cl01tl/helm/slskd/Chart.yaml deleted file mode 100644 index 233f4ea2f..000000000 --- a/clusters/cl01tl/helm/slskd/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v2 -name: slskd -version: 1.0.0 -description: slskd -keywords: - - slskd - - soularr - - lidarr - - music -home: https://wiki.alexlebens.dev/s/ea931f86-1e70-480c-8002-64380b267cd7 -sources: - - https://github.com/slskd/slskd - - https://github.com/mrusse/soularr - - https://hub.docker.com/r/slskd/slskd - - https://hub.docker.com/r/mrusse08/soularr - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: slskd - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/slskd.png -appVersion: 0.22.5 diff --git a/clusters/cl01tl/helm/slskd/templates/external-secret.yaml b/clusters/cl01tl/helm/slskd/templates/external-secret.yaml deleted file mode 100644 index 0e35e7987..000000000 --- a/clusters/cl01tl/helm/slskd/templates/external-secret.yaml +++ /dev/null @@ -1,67 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: slskd-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: slskd-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: slskd.yml - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/slskd/config - metadataPolicy: None - property: slskd.yml - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: soularr-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: soularr-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: config.ini - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/slskd/soularr - metadataPolicy: None - property: config.ini - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: slskd-wireguard-conf - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: slskd-wireguard-conf - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: private-key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /protonvpn/conf/cl01tl - metadataPolicy: None - property: private-key diff --git a/clusters/cl01tl/helm/slskd/templates/http-route.yaml b/clusters/cl01tl/helm/slskd/templates/http-route.yaml deleted file mode 100644 index 5701ed24c..000000000 --- a/clusters/cl01tl/helm/slskd/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-slskd - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-slskd - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - slskd.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: slskd - port: 5030 - weight: 100 diff --git a/clusters/cl01tl/helm/slskd/templates/namespace.yaml b/clusters/cl01tl/helm/slskd/templates/namespace.yaml deleted file mode 100644 index 9793bc56d..000000000 --- a/clusters/cl01tl/helm/slskd/templates/namespace.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: slskd - labels: - app.kubernetes.io/name: slskd - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - pod-security.kubernetes.io/audit: privileged - pod-security.kubernetes.io/enforce: privileged - pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/helm/slskd/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/slskd/templates/persistent-volume-claim.yaml deleted file mode 100644 index b44e26d30..000000000 --- a/clusters/cl01tl/helm/slskd/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: slskd-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: slskd-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: slskd-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/helm/slskd/templates/persistent-volume.yaml b/clusters/cl01tl/helm/slskd/templates/persistent-volume.yaml deleted file mode 100644 index 3e234f75a..000000000 --- a/clusters/cl01tl/helm/slskd/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: slskd-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: slskd-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/helm/slskd/templates/service-monitor.yaml b/clusters/cl01tl/helm/slskd/templates/service-monitor.yaml deleted file mode 100644 index caf82f4ee..000000000 --- a/clusters/cl01tl/helm/slskd/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: slskd - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: slskd - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: slskd - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: http - interval: 3m - scrapeTimeout: 1m - path: /metrics diff --git a/clusters/cl01tl/helm/slskd/values.yaml b/clusters/cl01tl/helm/slskd/values.yaml deleted file mode 100644 index bbd10ebe1..000000000 --- a/clusters/cl01tl/helm/slskd/values.yaml +++ /dev/null @@ -1,153 +0,0 @@ -slskd: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - initContainers: - init-sysctl: - image: - repository: busybox - tag: 1.37.0 - pullPolicy: IfNotPresent - securityContext: - privileged: True - resources: - requests: - cpu: 10m - memory: 128Mi - command: - - /bin/sh - args: - - -ec - - | - sysctl -w net.ipv4.ip_forward=1; - sysctl -w net.ipv6.conf.all.disable_ipv6=1 - containers: - main: - image: - repository: slskd/slskd - tag: 0.24.0 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - - name: SLSKD_UMASK - value: 000 - resources: - requests: - cpu: 100m - memory: 512Mi - gluetun: - image: - repository: ghcr.io/qdm12/gluetun - tag: v3.40.3@sha256:ef4a44819a60469682c7b5e69183e6401171891feaa60186652d292c59e41b30 - pullPolicy: IfNotPresent - env: - - name: VPN_SERVICE_PROVIDER - value: protonvpn - - name: VPN_TYPE - value: wireguard - - name: WIREGUARD_PRIVATE_KEY - valueFrom: - secretKeyRef: - name: slskd-wireguard-conf - key: private-key - - name: VPN_PORT_FORWARDING - value: "on" - - name: PORT_FORWARD_ONLY - value: "on" - - name: FIREWALL_OUTBOUND_SUBNETS - value: 192.168.1.0/24,10.244.0.0/16 - - name: FIREWALL_INPUT_PORTS - value: 5030,50300 - - name: DOT - value: "off" - securityContext: - privileged: true - capabilities: - add: - - NET_ADMIN - - SYS_MODULE - resources: - limits: - devic.es/tun: "1" - requests: - devic.es/tun: "1" - cpu: 10m - memory: 128Mi - soularr: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - containers: - main: - image: - repository: mrusse08/soularr - tag: latest@sha256:71a0b9e5a522d76bb0ffdb6d720d681fde22417b3a5acc9ecae61c89d05d8afc - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - - name: SCRIPT_INTERVAL - value: 300 - resources: - requests: - cpu: 10m - memory: 256Mi - service: - main: - controller: main - ports: - http: - port: 5030 - targetPort: 5030 - protocol: HTTP - persistence: - slskd-config: - enabled: true - type: secret - name: slskd-config-secret - advancedMounts: - main: - main: - - path: /app/slskd.yml - readOnly: true - mountPropagation: None - subPath: slskd.yml - soularr-config: - enabled: true - type: secret - name: soularr-config-secret - advancedMounts: - soularr: - main: - - path: /data/config.ini - readOnly: true - mountPropagation: None - subPath: config.ini - data: - existingClaim: slskd-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: false - soularr: - main: - - path: /mnt/store - readOnly: false diff --git a/clusters/cl01tl/helm/sonarr-4k/Chart.yaml b/clusters/cl01tl/helm/sonarr-4k/Chart.yaml deleted file mode 100644 index 441c8912d..000000000 --- a/clusters/cl01tl/helm/sonarr-4k/Chart.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: v2 -name: sonarr-4k -version: 1.0.0 -description: Sonarr 4K -keywords: - - sonarr - - servarr - - tv shows - - 4k - - metrics -home: https://wiki.alexlebens.dev/s/3f8f5392-2e05-4bff-a798-7faf1bb24991 -sources: - - https://github.com/Sonarr/Sonarr - - https://github.com/linuxserver/docker-sonarr - - https://github.com/onedr0p/exportarr - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/linuxserver/docker-sonarr/pkgs/container/sonarr - - https://github.com/onedr0p/exportarr/pkgs/container/exportarr - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: sonarr-4k - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png -appVersion: 4.0.14 diff --git a/clusters/cl01tl/helm/sonarr-4k/templates/external-secret.yaml b/clusters/cl01tl/helm/sonarr-4k/templates/external-secret.yaml deleted file mode 100644 index 423b502df..000000000 --- a/clusters/cl01tl/helm/sonarr-4k/templates/external-secret.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: sonarr-4k-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-4k-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/sonarr4-4k/sonarr4-4k-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: sonarr-4k-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-4k-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: sonarr-4k-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-4k-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/helm/sonarr-4k/templates/http-route.yaml b/clusters/cl01tl/helm/sonarr-4k/templates/http-route.yaml deleted file mode 100644 index bdfd2a4f8..000000000 --- a/clusters/cl01tl/helm/sonarr-4k/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-sonarr-4k - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-sonarr-4k - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - sonarr-4k.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: sonarr-4k - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/sonarr-4k/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/sonarr-4k/templates/persistent-volume-claim.yaml deleted file mode 100644 index 388857422..000000000 --- a/clusters/cl01tl/helm/sonarr-4k/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: sonarr-4k-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-4k-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: sonarr-4k-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/helm/sonarr-4k/templates/persistent-volume.yaml b/clusters/cl01tl/helm/sonarr-4k/templates/persistent-volume.yaml deleted file mode 100644 index 8049c36c9..000000000 --- a/clusters/cl01tl/helm/sonarr-4k/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: sonarr-4k-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-4k-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/helm/sonarr-4k/templates/prometheus-rule.yaml b/clusters/cl01tl/helm/sonarr-4k/templates/prometheus-rule.yaml deleted file mode 100644 index 407d04562..000000000 --- a/clusters/cl01tl/helm/sonarr-4k/templates/prometheus-rule.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: sonarr-4k - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-4k - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - groups: - - name: sonarr-4k - rules: - - alert: ExportarrAbsent - annotations: - description: Sonarr 4K Exportarr has disappeared from Prometheus - service discovery. - summary: Exportarr is down. - expr: | - absent(up{job=~".*sonarr-4k.*"} == 1) - for: 5m - labels: - severity: critical - - alert: Sonarr4KDown - annotations: - description: Sonarr 4K service is down. - summary: Sonarr 4K is down. - expr: | - sonarr_4k_system_status{job=~".*sonarr-4k.*"} == 0 - for: 5m - labels: - severity: critical diff --git a/clusters/cl01tl/helm/sonarr-4k/templates/replication-source.yaml b/clusters/cl01tl/helm/sonarr-4k/templates/replication-source.yaml deleted file mode 100644 index 998e9b558..000000000 --- a/clusters/cl01tl/helm/sonarr-4k/templates/replication-source.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: sonarr-4k-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-4k-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: sonarr-4k-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: sonarr-4k-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - moverSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/helm/sonarr-4k/templates/service-monitor.yaml b/clusters/cl01tl/helm/sonarr-4k/templates/service-monitor.yaml deleted file mode 100644 index 3b87474f0..000000000 --- a/clusters/cl01tl/helm/sonarr-4k/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: sonarr-4k - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-4k - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: sonarr-4k - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: metrics - interval: 3m - scrapeTimeout: 1m - path: /metrics diff --git a/clusters/cl01tl/helm/sonarr-4k/values.yaml b/clusters/cl01tl/helm/sonarr-4k/values.yaml deleted file mode 100644 index 56b0a7ef7..000000000 --- a/clusters/cl01tl/helm/sonarr-4k/values.yaml +++ /dev/null @@ -1,148 +0,0 @@ -sonarr-4k: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - containers: - main: - image: - repository: ghcr.io/linuxserver/sonarr - tag: 4.0.16@sha256:60e5edcac39172294ad22d55d1b08c2c0a9fe658cad2f2c4d742ae017d7874de - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - resources: - requests: - cpu: 10m - memory: 256Mi - metrics: - image: - repository: ghcr.io/onedr0p/exportarr - tag: v2.3.0 - pullPolicy: IfNotPresent - args: ["sonarr"] - env: - - name: URL - value: http://localhost - - name: CONFIG - value: /config/config.xml - - name: PORT - value: 9794 - - name: ENABLE_ADDITIONAL_METRICS - value: false - - name: ENABLE_UNKNOWN_QUEUE_ITEMS - value: false - resources: - requests: - cpu: 10m - memory: 256Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 8989 - protocol: HTTP - metrics: - port: 9794 - targetPort: 9794 - protocol: TCP - persistence: - config: - forceRename: sonarr-4k-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 20Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - metrics: - - path: /config - readOnly: true - media: - existingClaim: sonarr-4k-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: false -postgres-17-cluster: - nameOverride: sonarr4-4k-postgresql-17 - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - resources: - requests: - memory: 512Mi - monitoring: - enabled: true - prometheusRule: - enabled: true - initdb: - postInitSQL: - - CREATE DATABASE "sonarr-main" OWNER "app"; - - CREATE DATABASE "sonarr-log" OWNER "app"; - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/sonarr-4k/sonarr4-4k-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: sonarr-4k-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/sonarr4-4k/sonarr4-4k-postgresql-17-cluster - index: 1 - endpointCredentials: sonarr-4k-postgresql-17-cluster-backup-secret - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/sonarr-4k/sonarr4-4k-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: sonarr-4k-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/sonarr-4k/sonarr4-4k-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: sonarr-4k-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 28 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/helm/sonarr-anime/Chart.yaml b/clusters/cl01tl/helm/sonarr-anime/Chart.yaml deleted file mode 100644 index f0a05f23e..000000000 --- a/clusters/cl01tl/helm/sonarr-anime/Chart.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v2 -name: sonarr-anime -version: 1.0.0 -description: Sonarr Anime -keywords: - - sonarr - - servarr - - anime - - metrics -home: https://wiki.alexlebens.dev/s/3f8f5392-2e05-4bff-a798-7faf1bb24991 -sources: - - https://github.com/Sonarr/Sonarr - - https://github.com/linuxserver/docker-sonarr - - https://github.com/onedr0p/exportarr - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/linuxserver/docker-sonarr/pkgs/container/sonarr - - https://github.com/onedr0p/exportarr/pkgs/container/exportarr - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: sonarr-anime - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png -appVersion: 4.0.14 diff --git a/clusters/cl01tl/helm/sonarr-anime/templates/external-secret.yaml b/clusters/cl01tl/helm/sonarr-anime/templates/external-secret.yaml deleted file mode 100644 index 781cce519..000000000 --- a/clusters/cl01tl/helm/sonarr-anime/templates/external-secret.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: sonarr-anime-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-anime-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/sonarr4-anime/sonarr4-anime-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: sonarr-anime-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-anime-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: sonarr-anime-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-anime-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/helm/sonarr-anime/templates/http-route.yaml b/clusters/cl01tl/helm/sonarr-anime/templates/http-route.yaml deleted file mode 100644 index 1b468f31c..000000000 --- a/clusters/cl01tl/helm/sonarr-anime/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-sonarr-anime - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-sonarr-anime - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - sonarr-anime.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: sonarr-anime - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/sonarr-anime/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/sonarr-anime/templates/persistent-volume-claim.yaml deleted file mode 100644 index e0e63952a..000000000 --- a/clusters/cl01tl/helm/sonarr-anime/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: sonarr-anime-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-anime-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: sonarr-anime-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/helm/sonarr-anime/templates/persistent-volume.yaml b/clusters/cl01tl/helm/sonarr-anime/templates/persistent-volume.yaml deleted file mode 100644 index 3ee8f4c63..000000000 --- a/clusters/cl01tl/helm/sonarr-anime/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: sonarr-anime-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-anime-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/helm/sonarr-anime/templates/prometheus-rule.yaml b/clusters/cl01tl/helm/sonarr-anime/templates/prometheus-rule.yaml deleted file mode 100644 index dbcc8e998..000000000 --- a/clusters/cl01tl/helm/sonarr-anime/templates/prometheus-rule.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: sonarr-anime - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-anime - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - groups: - - name: sonarr-anime - rules: - - alert: ExportarrAbsent - annotations: - description: Sonarr Anime Exportarr has disappeared from Prometheus - service discovery. - summary: Exportarr is down. - expr: | - absent(up{job=~".*sonarr-anime.*"} == 1) - for: 5m - labels: - severity: critical - - alert: SonarrAnimeDown - annotations: - description: Sonarr Anime service is down. - summary: Sonarr Anime is down. - expr: | - sonarr_anime_system_status{job=~".*sonarr-anime.*"} == 0 - for: 5m - labels: - severity: critical diff --git a/clusters/cl01tl/helm/sonarr-anime/templates/replication-source.yaml b/clusters/cl01tl/helm/sonarr-anime/templates/replication-source.yaml deleted file mode 100644 index 59ad2f218..000000000 --- a/clusters/cl01tl/helm/sonarr-anime/templates/replication-source.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: sonarr-anime-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-anime-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: sonarr-anime-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: sonarr-anime-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - moverSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/helm/sonarr-anime/templates/service-monitor.yaml b/clusters/cl01tl/helm/sonarr-anime/templates/service-monitor.yaml deleted file mode 100644 index 6e46f252a..000000000 --- a/clusters/cl01tl/helm/sonarr-anime/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: sonarr-anime - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-anime - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: sonarr-anime - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: metrics - interval: 3m - scrapeTimeout: 1m - path: /metrics diff --git a/clusters/cl01tl/helm/sonarr-anime/values.yaml b/clusters/cl01tl/helm/sonarr-anime/values.yaml deleted file mode 100644 index 5f4939f8e..000000000 --- a/clusters/cl01tl/helm/sonarr-anime/values.yaml +++ /dev/null @@ -1,148 +0,0 @@ -sonarr-anime: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - containers: - main: - image: - repository: ghcr.io/linuxserver/sonarr - tag: 4.0.16@sha256:60e5edcac39172294ad22d55d1b08c2c0a9fe658cad2f2c4d742ae017d7874de - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - resources: - requests: - cpu: 10m - memory: 256Mi - metrics: - image: - repository: ghcr.io/onedr0p/exportarr - tag: v2.3.0 - pullPolicy: IfNotPresent - args: ["sonarr"] - env: - - name: URL - value: http://localhost - - name: CONFIG - value: /config/config.xml - - name: PORT - value: 9794 - - name: ENABLE_ADDITIONAL_METRICS - value: false - - name: ENABLE_UNKNOWN_QUEUE_ITEMS - value: false - resources: - requests: - cpu: 10m - memory: 256Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 8989 - protocol: HTTP - metrics: - port: 9794 - targetPort: 9794 - protocol: TCP - persistence: - config: - forceRename: sonarr-anime-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 20Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - metrics: - - path: /config - readOnly: true - media: - existingClaim: sonarr-anime-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: false -postgres-17-cluster: - nameOverride: sonarr4-anime-postgresql-17 - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - resources: - requests: - memory: 512Mi - monitoring: - enabled: true - prometheusRule: - enabled: true - initdb: - postInitSQL: - - CREATE DATABASE "sonarr-main" OWNER "app"; - - CREATE DATABASE "sonarr-log" OWNER "app"; - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/sonarr-anime/sonarr4-anime-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: sonarr-anime-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/sonarr4-anime/sonarr4-anime-postgresql-17-cluster - index: 1 - endpointCredentials: sonarr-anime-postgresql-17-cluster-backup-secret - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/sonarr-anime/sonarr4-anime-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: sonarr-anime-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/sonarr-anime/sonarr4-anime-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: sonarr-anime-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 30 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/helm/sonarr/Chart.yaml b/clusters/cl01tl/helm/sonarr/Chart.yaml deleted file mode 100644 index 21b6dd13d..000000000 --- a/clusters/cl01tl/helm/sonarr/Chart.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v2 -name: sonarr -version: 1.0.0 -description: Sonarr -keywords: - - sonarr - - servarr - - tv shows - - metrics -home: https://wiki.alexlebens.dev/s/3f8f5392-2e05-4bff-a798-7faf1bb24991 -sources: - - https://github.com/Sonarr/Sonarr - - https://github.com/linuxserver/docker-sonarr - - https://github.com/onedr0p/exportarr - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/linuxserver/docker-sonarr/pkgs/container/sonarr - - https://github.com/onedr0p/exportarr/pkgs/container/exportarr - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: sonarr - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png -appVersion: 4.0.14 diff --git a/clusters/cl01tl/helm/sonarr/templates/external-secret.yaml b/clusters/cl01tl/helm/sonarr/templates/external-secret.yaml deleted file mode 100644 index 71e637fa0..000000000 --- a/clusters/cl01tl/helm/sonarr/templates/external-secret.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: sonarr-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/sonarr4/sonarr4-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: sonarr-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: sonarr-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/helm/sonarr/templates/http-route.yaml b/clusters/cl01tl/helm/sonarr/templates/http-route.yaml deleted file mode 100644 index dccafa675..000000000 --- a/clusters/cl01tl/helm/sonarr/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-sonarr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-sonarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - sonarr.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: sonarr - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/sonarr/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/sonarr/templates/persistent-volume-claim.yaml deleted file mode 100644 index 72cf49562..000000000 --- a/clusters/cl01tl/helm/sonarr/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: sonarr-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: sonarr-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/helm/sonarr/templates/persistent-volume.yaml b/clusters/cl01tl/helm/sonarr/templates/persistent-volume.yaml deleted file mode 100644 index a23f24017..000000000 --- a/clusters/cl01tl/helm/sonarr/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: sonarr-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/helm/sonarr/templates/prometheus-rule.yaml b/clusters/cl01tl/helm/sonarr/templates/prometheus-rule.yaml deleted file mode 100644 index 5459fd7c3..000000000 --- a/clusters/cl01tl/helm/sonarr/templates/prometheus-rule.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: sonarr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - groups: - - name: sonarr - rules: - - alert: ExportarrAbsent - annotations: - description: Sonarr Exportarr has disappeared from Prometheus - service discovery. - summary: Exportarr is down. - expr: | - absent(up{job=~".*sonarr.*"} == 1) - for: 5m - labels: - severity: critical - - alert: SonarrDown - annotations: - description: Sonarr service is down. - summary: Sonarr is down. - expr: | - sonarr_system_status{job=~".*sonarr.*"} == 0 - for: 5m - labels: - severity: critical diff --git a/clusters/cl01tl/helm/sonarr/templates/replication-source.yaml b/clusters/cl01tl/helm/sonarr/templates/replication-source.yaml deleted file mode 100644 index 3116d7605..000000000 --- a/clusters/cl01tl/helm/sonarr/templates/replication-source.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: sonarr-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: sonarr-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: sonarr-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - moverSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/helm/sonarr/templates/service-monitor.yaml b/clusters/cl01tl/helm/sonarr/templates/service-monitor.yaml deleted file mode 100644 index 612b0af5e..000000000 --- a/clusters/cl01tl/helm/sonarr/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: sonarr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: sonarr - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: metrics - interval: 3m - scrapeTimeout: 1m - path: /metrics diff --git a/clusters/cl01tl/helm/sonarr/values.yaml b/clusters/cl01tl/helm/sonarr/values.yaml deleted file mode 100644 index 2f82a1f15..000000000 --- a/clusters/cl01tl/helm/sonarr/values.yaml +++ /dev/null @@ -1,149 +0,0 @@ -sonarr: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - containers: - main: - image: - repository: ghcr.io/linuxserver/sonarr - tag: 4.0.16@sha256:60e5edcac39172294ad22d55d1b08c2c0a9fe658cad2f2c4d742ae017d7874de - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - resources: - requests: - cpu: 100m - memory: 256Mi - metrics: - image: - repository: ghcr.io/onedr0p/exportarr - tag: v2.3.0 - pullPolicy: IfNotPresent - args: ["sonarr"] - env: - - name: URL - value: http://localhost - - name: CONFIG - value: /config/config.xml - - name: PORT - value: 9794 - - name: ENABLE_ADDITIONAL_METRICS - value: false - - name: ENABLE_UNKNOWN_QUEUE_ITEMS - value: false - resources: - requests: - cpu: 10m - memory: 256Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 8989 - protocol: HTTP - metrics: - port: 9794 - targetPort: 9794 - protocol: TCP - persistence: - config: - forceRename: sonarr-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 20Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - metrics: - - path: /config - readOnly: true - media: - existingClaim: sonarr-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: false -postgres-17-cluster: - nameOverride: sonarr4-postgresql-17 - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - resources: - requests: - memory: 1Gi - cpu: 200m - initdb: - postInitSQL: - - CREATE DATABASE "sonarr-main" OWNER "app"; - - CREATE DATABASE "sonarr-log" OWNER "app"; - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/sonarr/sonarr4-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: sonarr-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/sonarr4/sonarr4-postgresql-17-cluster - index: 1 - endpointCredentials: sonarr-postgresql-17-cluster-backup-secret - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/sonarr/sonarr4-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: sonarr-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/sonarr/sonarr4-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: sonarr-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 26 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/helm/tautulli/Chart.yaml b/clusters/cl01tl/helm/tautulli/Chart.yaml deleted file mode 100644 index b14d2d14b..000000000 --- a/clusters/cl01tl/helm/tautulli/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: tautulli -version: 1.0.0 -description: Tautulli -keywords: - - tautulli - - plex -home: https://wiki.alexlebens.dev/s/b2f5d20a-b3c2-4e7a-b550-7b2855264408 -sources: - - https://github.com/Tautulli/Tautulli - - https://github.com/Tautulli/Tautulli/pkgs/container/tautulli - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: tautulli - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tautulli.png -appVersion: v2.15.2 diff --git a/clusters/cl01tl/helm/tautulli/templates/external-secret.yaml b/clusters/cl01tl/helm/tautulli/templates/external-secret.yaml deleted file mode 100644 index e6f3ad704..000000000 --- a/clusters/cl01tl/helm/tautulli/templates/external-secret.yaml +++ /dev/null @@ -1,55 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: tautulli-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: tautulli-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/tautulli/tautulli-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key diff --git a/clusters/cl01tl/helm/tautulli/templates/http-route.yaml b/clusters/cl01tl/helm/tautulli/templates/http-route.yaml deleted file mode 100644 index e2567b045..000000000 --- a/clusters/cl01tl/helm/tautulli/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-tautulli - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-tautulli - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - tautulli.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: tautulli - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/tautulli/templates/replication-source.yaml b/clusters/cl01tl/helm/tautulli/templates/replication-source.yaml deleted file mode 100644 index 00e248f38..000000000 --- a/clusters/cl01tl/helm/tautulli/templates/replication-source.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: tautulli-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: tautulli-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: tautulli-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: tautulli-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/helm/tautulli/values.yaml b/clusters/cl01tl/helm/tautulli/values.yaml deleted file mode 100644 index e666f5496..000000000 --- a/clusters/cl01tl/helm/tautulli/values.yaml +++ /dev/null @@ -1,148 +0,0 @@ -tautulli: - controllers: - main: - type: deployment - annotations: - reloader.stakater.com/auto: "true" - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/tautulli/tautulli - tag: v2.16.0 - pullPolicy: IfNotPresent - env: - - name: PUID - value: 1001 - - name: GUID - value: 1001 - - name: TZ - value: US/Central - resources: - requests: - cpu: 10m - memory: 128Mi - configMaps: - scripts: - enabled: true - data: - select_tmdb_poster.py: | - #!/usr/bin/env python - # -*- coding: utf-8 -*- - - ''' - Description: Selects the default TMDB poster if no poster is selected - or the current poster is from Gracenote. - Author: /u/SwiftPanda16 - Requires: plexapi - Usage: - * Change the posters for an entire library: - python select_tmdb_poster.py --library "Movies" - - * Change the poster for a specific item: - python select_tmdb_poster.py --rating_key 1234 - - * By default locked posters are skipped. To update locked posters: - python select_tmdb_poster.py --library "Movies" --include_locked - - Tautulli script trigger: - * Notify on recently added - Tautulli script conditions: - * Filter which media to select the poster. Examples: - [ Media Type | is | movie ] - Tautulli script arguments: - * Recently Added: - --rating_key {rating_key} - ''' - - import argparse - import os - import plexapi.base - from plexapi.server import PlexServer - plexapi.base.USER_DONT_RELOAD_FOR_KEYS.add('fields') - - - # Environmental Variables - PLEX_URL = os.getenv('PLEX_URL') - PLEX_TOKEN = os.getenv('PLEX_TOKEN') - - - def select_tmdb_poster_library(library, include_locked=False): - for item in library.all(includeGuids=False): - # Only reload for fields - item.reload(**{k: 0 for k, v in item._INCLUDES.items()}) - select_tmdb_poster_item(item, include_locked=include_locked) - - - def select_tmdb_poster_item(item, include_locked=False): - if item.isLocked('thumb') and not include_locked: # PlexAPI 4.5.10 - print(f"Locked poster for {item.title}. Skipping.") - return - - posters = item.posters() - selected_poster = next((p for p in posters if p.selected), None) - - if selected_poster is None: - print(f"WARNING: No poster selected for {item.title}.") - else: - skipping = ' Skipping.' if selected_poster.provider != 'gracenote' else '' - print(f"Poster provider is '{selected_poster.provider}' for {item.title}.{skipping}") - - if posters and (selected_poster is None or selected_poster.provider == 'gracenote'): - # Fallback to first poster if no TMDB posters are available - tmdb_poster = next((p for p in posters if p.provider == 'tmdb'), posters[0]) - # Selecting the poster automatically locks it - tmdb_poster.select() - print(f"Selected {tmdb_poster.provider} poster for {item.title}.") - - - if __name__ == '__main__': - parser = argparse.ArgumentParser() - parser.add_argument('--rating_key', type=int) - parser.add_argument('--library') - parser.add_argument('--include_locked', action='store_true') - opts = parser.parse_args() - - plex = PlexServer(PLEX_URL, PLEX_TOKEN) - - if opts.rating_key: - item = plex.fetchItem(opts.rating_key) - select_tmdb_poster_item(item, opts.include_locked) - elif opts.library: - library = plex.library.section(opts.library) - select_tmdb_poster_library(library, opts.include_locked) - else: - print("No --rating_key or --library specified. Exiting.") - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 8181 - protocol: HTTP - persistence: - config: - forceRename: tautulli-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - scripts: - enabled: true - type: configMap - name: tautulli-scripts - advancedMounts: - main: - main: - - path: /config/scripts/select_tmdb_poster.py - readOnly: true - mountPropagation: None - subPath: select_tmdb_poster.py diff --git a/clusters/cl01tl/helm/tdarr/Chart.yaml b/clusters/cl01tl/helm/tdarr/Chart.yaml deleted file mode 100644 index c0ec75b8b..000000000 --- a/clusters/cl01tl/helm/tdarr/Chart.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v2 -name: tdarr -version: 1.0.0 -description: Tdarr -keywords: - - tdarr - - video - - transcode - - healthchecks -home: https://wiki.alexlebens.dev/s/0a8c0a10-7847-4081-8a4b-5e6ac4cb1d62 -sources: - - https://github.com/HaveAGitGat/Tdarr - - https://github.com/homeylab/tdarr-exporter - - https://github.com/haveagitgat/Tdarr/pkgs/container/tdarr - - https://hub.docker.com/r/homeylab/tdarr-exporter - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://github.com/homeylab/helm-charts/tree/main/charts/tdarr-exporter -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: tdarr - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: tdarr-exporter - version: 1.1.7 - repository: https://homeylab.github.io/helm-charts/ -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tdarr.png -appVersion: 2.40.01 diff --git a/clusters/cl01tl/helm/tdarr/templates/external-secret.yaml b/clusters/cl01tl/helm/tdarr/templates/external-secret.yaml deleted file mode 100644 index a974a5f0b..000000000 --- a/clusters/cl01tl/helm/tdarr/templates/external-secret.yaml +++ /dev/null @@ -1,112 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: tdarr-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: tdarr-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/tdarr/tdarr-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: tdarr-server-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: tdarr-server-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/tdarr/tdarr-server" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key diff --git a/clusters/cl01tl/helm/tdarr/templates/http-route.yaml b/clusters/cl01tl/helm/tdarr/templates/http-route.yaml deleted file mode 100644 index ec80a2e81..000000000 --- a/clusters/cl01tl/helm/tdarr/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-tdarr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-tdarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - tdarr.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: tdarr-web - port: 8265 - weight: 100 diff --git a/clusters/cl01tl/helm/tdarr/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/tdarr/templates/persistent-volume-claim.yaml deleted file mode 100644 index f86557f72..000000000 --- a/clusters/cl01tl/helm/tdarr/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: tdarr-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: tdarr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: tdarr-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/helm/tdarr/templates/persistent-volume.yaml b/clusters/cl01tl/helm/tdarr/templates/persistent-volume.yaml deleted file mode 100644 index c3da6a310..000000000 --- a/clusters/cl01tl/helm/tdarr/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: tdarr-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: tdarr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/helm/tdarr/templates/replication-source.yaml b/clusters/cl01tl/helm/tdarr/templates/replication-source.yaml deleted file mode 100644 index dd58cd175..000000000 --- a/clusters/cl01tl/helm/tdarr/templates/replication-source.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: tdarr-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: tdarr-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: tdarr-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: tdarr-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot - ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: tdarr-server-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: tdarr-server-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: tdarr-server - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: tdarr-server-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/helm/tdarr/values.yaml b/clusters/cl01tl/helm/tdarr/values.yaml deleted file mode 100644 index 1160e0602..000000000 --- a/clusters/cl01tl/helm/tdarr/values.yaml +++ /dev/null @@ -1,156 +0,0 @@ -tdarr: - controllers: - server: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/haveagitgat/tdarr - tag: 2.58.02 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: "1001" - - name: PGID - value: "1001" - - name: UMASK_SET - value: "002" - - name: ffmpegVersion - value: "6" - - name: internalNode - value: "false" - - name: inContainer - value: "true" - - name: nodeName - value: tdarr-server - - name: serverIP - value: 0.0.0.0 - - name: serverPort - value: "8266" - - name: webUIPort - value: "8265" - resources: - requests: - cpu: 200m - memory: 1Gi - node: - type: daemonset - revisionHistoryLimit: 3 - pod: - nodeSelector: - intel.feature.node.kubernetes.io/gpu: "true" - containers: - main: - image: - repository: ghcr.io/haveagitgat/tdarr_node - tag: 2.58.02 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: "1001" - - name: PGID - value: "1001" - - name: UMASK_SET - value: "002" - - name: ffmpegVersion - value: "6" - - name: inContainer - value: "true" - - name: nodeName - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: serverIP - value: tdarr-api - - name: serverPort - value: "8266" - resources: - limits: - gpu.intel.com/i915: 1 - requests: - gpu.intel.com/i915: 1 - cpu: 10m - memory: 512Mi - service: - api: - controller: server - ports: - http: - port: 8266 - targetPort: 8266 - protocol: HTTP - web: - controller: server - ports: - http: - port: 8265 - targetPort: 8265 - protocol: HTTP - persistence: - config: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 50Gi - retain: true - advancedMounts: - server: - main: - - path: /app/configs - readOnly: false - server: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 50Gi - retain: true - advancedMounts: - server: - main: - - path: /app/server - readOnly: false - server-cache: - type: emptyDir - advancedMounts: - server: - main: - - path: /tcache - readOnly: false - node-cache: - type: emptyDir - advancedMounts: - node: - main: - - path: /tcache - readOnly: false - media: - existingClaim: tdarr-nfs-storage - advancedMounts: - server: - main: - - path: /mnt/store - readOnly: true - node: - main: - - path: /mnt/store - readOnly: true -tdarr-exporter: - image: - name: homeylab/tdarr-exporter - tag: 1.4.2 - metrics: - serviceMonitor: - enabled: true - settings: - config: - url: http://tdarr-web.tdarr:8265 - verify_ssl: false - resources: - requests: - cpu: 10m - memory: 256Mi diff --git a/clusters/cl01tl/helm/tubearchivist/Chart.yaml b/clusters/cl01tl/helm/tubearchivist/Chart.yaml deleted file mode 100644 index 8930ea092..000000000 --- a/clusters/cl01tl/helm/tubearchivist/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v2 -name: tubearchivist -version: 1.0.0 -description: Tube Archivist -keywords: - - tubearchivist - - download - - video - - youtube -home: https://wiki.alexlebens.dev/s/9a5f89bb-3cae-43ab-b651-d39f69a05e93 -sources: - - https://github.com/tubearchivist/tubearchivist - - https://github.com/elastic/elasticsearch - - https://hub.docker.com/r/bbilly1/tubearchivist - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: tubearchivist - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tube-archivist.png -appVersion: v0.5.2 diff --git a/clusters/cl01tl/helm/tubearchivist/templates/elasticsearch.yaml b/clusters/cl01tl/helm/tubearchivist/templates/elasticsearch.yaml deleted file mode 100644 index d9d2c4b76..000000000 --- a/clusters/cl01tl/helm/tubearchivist/templates/elasticsearch.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: elasticsearch.k8s.elastic.co/v1 -kind: Elasticsearch -metadata: - name: elasticsearch-tubearchivist - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: elasticsearch-tubearchivist - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - version: 8.18.0 - auth: - fileRealm: - - secretName: tubearchivist-elasticsearch-secret - nodeSets: - - name: default - count: 1 - config: - node.store.allow_mmap: false - path.repo: /usr/share/elasticsearch/data/snapshot - podTemplate: - spec: - volumes: - - name: tubearchivist-snapshot-nfs-storage - nfs: - path: /volume2/Storage/TubeArchivist - server: synologybond.alexlebens.net - containers: - - name: elasticsearch - volumeMounts: - - name: tubearchivist-snapshot-nfs-storage - mountPath: /usr/share/elasticsearch/data/snapshot - volumeClaimTemplates: - - metadata: - name: elasticsearch-data - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 10Gi - storageClassName: ceph-block diff --git a/clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml b/clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml deleted file mode 100644 index bdd4d9d91..000000000 --- a/clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml +++ /dev/null @@ -1,88 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: tubearchivist-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: tubearchivist-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ELASTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/tubearchivist/env - metadataPolicy: None - property: ELASTIC_PASSWORD - - secretKey: TA_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/tubearchivist/env - metadataPolicy: None - property: TA_PASSWORD - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: tubearchivist-elasticsearch-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: tubearchivist-elasticsearch-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: username - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/tubearchivist/elasticsearch - metadataPolicy: None - property: username - - secretKey: password - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/tubearchivist/elasticsearch - metadataPolicy: None - property: password - - secretKey: roles - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/tubearchivist/elasticsearch - metadataPolicy: None - property: roles - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: tubearchivist-wireguard-conf - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: tubearchivist-wireguard-conf - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: private-key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /protonvpn/conf/cl01tl - metadataPolicy: None - property: private-key diff --git a/clusters/cl01tl/helm/tubearchivist/templates/http-route.yaml b/clusters/cl01tl/helm/tubearchivist/templates/http-route.yaml deleted file mode 100644 index daeddaf08..000000000 --- a/clusters/cl01tl/helm/tubearchivist/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-tubearchivist - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-tubearchivist - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - tubearchivist.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: tubearchivist - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/tubearchivist/templates/namespace.yaml b/clusters/cl01tl/helm/tubearchivist/templates/namespace.yaml deleted file mode 100644 index 0f2687e94..000000000 --- a/clusters/cl01tl/helm/tubearchivist/templates/namespace.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: tubearchivist - labels: - app.kubernetes.io/name: tubearchivist - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - pod-security.kubernetes.io/audit: privileged - pod-security.kubernetes.io/enforce: privileged - pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/helm/tubearchivist/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/tubearchivist/templates/persistent-volume-claim.yaml deleted file mode 100644 index 6c8dcc160..000000000 --- a/clusters/cl01tl/helm/tubearchivist/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: tubearchivist-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: tubearchivist-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: tubearchivist-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/helm/tubearchivist/templates/persistent-volume.yaml b/clusters/cl01tl/helm/tubearchivist/templates/persistent-volume.yaml deleted file mode 100644 index 62bab667a..000000000 --- a/clusters/cl01tl/helm/tubearchivist/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: tubearchivist-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: tubearchivist-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage/YouTube - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/helm/tubearchivist/templates/redis-replication.yaml b/clusters/cl01tl/helm/tubearchivist/templates/redis-replication.yaml deleted file mode 100644 index 0be064303..000000000 --- a/clusters/cl01tl/helm/tubearchivist/templates/redis-replication.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: redis-replication-tubearchivist - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-tubearchivist - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - clusterSize: 3 - podSecurityContext: - runAsUser: 1000 - fsGroup: 1000 - kubernetesConfig: - image: quay.io/opstree/redis:v8.0.3 - imagePullPolicy: IfNotPresent - resources: - requests: - cpu: 50m - memory: 128Mi - storage: - volumeClaimTemplate: - spec: - storageClassName: ceph-block - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 1Gi - redisExporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.48.0 diff --git a/clusters/cl01tl/helm/tubearchivist/templates/service-monitor.yaml b/clusters/cl01tl/helm/tubearchivist/templates/service-monitor.yaml deleted file mode 100644 index cf9e8bb5c..000000000 --- a/clusters/cl01tl/helm/tubearchivist/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: redis-replication-tubearchivist - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-tubearchivist - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - redis-operator: "true" - env: production -spec: - selector: - matchLabels: - redis_setup_type: replication - endpoints: - - port: redis-exporter - interval: 30s - scrapeTimeout: 10s diff --git a/clusters/cl01tl/helm/tubearchivist/values.yaml b/clusters/cl01tl/helm/tubearchivist/values.yaml deleted file mode 100644 index 793d5a7f0..000000000 --- a/clusters/cl01tl/helm/tubearchivist/values.yaml +++ /dev/null @@ -1,107 +0,0 @@ -tubearchivist: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: bbilly1/tubearchivist - tag: v0.5.8 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: HOST_UID - value: 1000 - - name: HOST_GID - value: 1000 - - name: ES_URL - value: https://elasticsearch-tubearchivist-es-http.tubearchivist:9200 - - name: ES_DISABLE_VERIFY_SSL - value: true - - name: REDIS_CON - value: redis://redis-replication-tubearchivist-master.tubearchivist:6379 - - name: TA_HOST - value: https://tubearchivist.alexlebens.net http://tubearchivist.tubearchivist:80/ - - name: TA_PORT - value: 24000 - - name: TA_USERNAME - value: admin - envFrom: - - secretRef: - name: tubearchivist-config-secret - resources: - requests: - cpu: 10m - memory: 1Gi - gluetun: - image: - repository: ghcr.io/qdm12/gluetun - tag: v3.40.3@sha256:ef4a44819a60469682c7b5e69183e6401171891feaa60186652d292c59e41b30 - pullPolicy: IfNotPresent - env: - - name: VPN_SERVICE_PROVIDER - value: protonvpn - - name: VPN_TYPE - value: wireguard - - name: WIREGUARD_PRIVATE_KEY - valueFrom: - secretKeyRef: - name: tubearchivist-wireguard-conf - key: private-key - - name: VPN_PORT_FORWARDING - value: "on" - - name: PORT_FORWARD_ONLY - value: "on" - - name: FIREWALL_OUTBOUND_SUBNETS - value: 10.0.0.0/8 - - name: FIREWALL_INPUT_PORTS - value: 80,8000,24000 - - name: DOT - value: off - - name: DNS_KEEP_NAMESERVER - value: on - - name: DNS_PLAINTEXT_ADDRESS - value: 10.96.0.10 - securityContext: - privileged: True - capabilities: - add: - - NET_ADMIN - - SYS_MODULE - resources: - limits: - devic.es/tun: "1" - requests: - devic.es/tun: "1" - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 24000 - protocol: HTTP - persistence: - data: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 40Gi - retain: true - advancedMounts: - main: - main: - - path: /cache - readOnly: false - youtube: - existingClaim: tubearchivist-nfs-storage - advancedMounts: - main: - main: - - path: /youtube - readOnly: false diff --git a/clusters/cl01tl/helm/vaultwarden/Chart.yaml b/clusters/cl01tl/helm/vaultwarden/Chart.yaml deleted file mode 100644 index 4c50b8034..000000000 --- a/clusters/cl01tl/helm/vaultwarden/Chart.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: v2 -name: vaultwarden -version: 1.0.0 -description: Vaultwarden -keywords: - - vaultwarden - - bitwarden - - password -home: https://wiki.alexlebens.dev/s/fecd00f9-ebce-43eb-b066-3721b15432e3 -sources: - - https://github.com/dani-garcia/vaultwarden - - https://github.com/cloudflare/cloudflared - - https://github.com/cloudnative-pg/cloudnative-pg - - https://hub.docker.com/r/vaultwarden/server - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: vaultwarden - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: cloudflared - alias: cloudflared - repository: oci://harbor.alexlebens.net/helm-charts - version: 1.23.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/vaultwarden.png -appVersion: 1.33.2 diff --git a/clusters/cl01tl/helm/vaultwarden/templates/external-secret.yaml b/clusters/cl01tl/helm/vaultwarden/templates/external-secret.yaml deleted file mode 100644 index 30d1165b4..000000000 --- a/clusters/cl01tl/helm/vaultwarden/templates/external-secret.yaml +++ /dev/null @@ -1,145 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: vaultwarden-cloudflared-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: vaultwarden-cloudflared-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/vaultwarden - metadataPolicy: None - property: token - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: vaultwarden-data-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: vaultwarden-data-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/vaultwarden/vaultwarden-data" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: vaultwarden-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: vaultwarden-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: vaultwarden-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: vaultwarden-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/helm/vaultwarden/templates/replication-source.yaml b/clusters/cl01tl/helm/vaultwarden/templates/replication-source.yaml deleted file mode 100644 index a2ba4bcdd..000000000 --- a/clusters/cl01tl/helm/vaultwarden/templates/replication-source.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: vaultwarden-data-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: vaultwarden-data-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: vaultwarden-data - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: vaultwarden-data-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/helm/vaultwarden/values.yaml b/clusters/cl01tl/helm/vaultwarden/values.yaml deleted file mode 100644 index 76d79709d..000000000 --- a/clusters/cl01tl/helm/vaultwarden/values.yaml +++ /dev/null @@ -1,107 +0,0 @@ -vaultwarden: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: vaultwarden/server - tag: 1.34.3 - pullPolicy: IfNotPresent - env: - - name: DOMAIN - value: https://passwords.alexlebens.dev - - name: SIGNUPS_ALLOWED - value: "false" - - name: INVITATIONS_ALLOWED - value: "false" - - name: DATABASE_URL - valueFrom: - secretKeyRef: - name: vaultwarden-postgresql-17-cluster-app - key: uri - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 80 - protocol: HTTP - persistence: - config: - forceRename: vaultwarden-data - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - main: - - path: /data - readOnly: false -cloudflared: - existingSecretName: vaultwarden-cloudflared-secret -postgres-17-cluster: - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/vaultwarden/vaultwarden-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: vaultwarden-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/vaultwarden/vaultwarden-postgresql-17-cluster - index: 1 - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/vaultwarden/vaultwarden-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: vaultwarden-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/vaultwarden/vaultwarden-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: vaultwarden-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 32 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/helm/yamtrack/Chart.yaml b/clusters/cl01tl/helm/yamtrack/Chart.yaml deleted file mode 100644 index e4f6f61a1..000000000 --- a/clusters/cl01tl/helm/yamtrack/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v2 -name: yamtrack -version: 1.0.0 -description: Yamtrack -keywords: - - yamtrack - - media - - jellyfin -home: https://wiki.alexlebens.dev/s/74f31779-734e-42d0-852e-efd57ebdc797 -sources: - - https://github.com/FuzzyGrim/Yamtrack - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/FuzzyGrim/Yamtrack/pkgs/container/yamtrack - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: yamtrack - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/yamtrack.png -appVersion: 0.22.7 diff --git a/clusters/cl01tl/helm/yamtrack/templates/external-secret.yaml b/clusters/cl01tl/helm/yamtrack/templates/external-secret.yaml deleted file mode 100644 index 9ef41c193..000000000 --- a/clusters/cl01tl/helm/yamtrack/templates/external-secret.yaml +++ /dev/null @@ -1,111 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: yamtrack-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: yamtrack-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: SECRET - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/yamtrack/config - metadataPolicy: None - property: SECRET - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: yamtrack-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: yamtrack-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: SOCIALACCOUNT_PROVIDERS - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/yamtrack - metadataPolicy: None - property: SOCIALACCOUNT_PROVIDERS - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: yamtrack-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: yamtrack-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: yamtrack-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: yamtrack-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/helm/yamtrack/templates/http-route.yaml b/clusters/cl01tl/helm/yamtrack/templates/http-route.yaml deleted file mode 100644 index 38b3fd466..000000000 --- a/clusters/cl01tl/helm/yamtrack/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-yamtrack - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-yamtrack - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - yamtrack.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: yamtrack - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/yamtrack/templates/redis-replication.yaml b/clusters/cl01tl/helm/yamtrack/templates/redis-replication.yaml deleted file mode 100644 index 96c57159c..000000000 --- a/clusters/cl01tl/helm/yamtrack/templates/redis-replication.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: redis-replication-yamtrack - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-yamtrack - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - clusterSize: 3 - podSecurityContext: - runAsUser: 1000 - fsGroup: 1000 - kubernetesConfig: - image: quay.io/opstree/redis:v8.0.3 - imagePullPolicy: IfNotPresent - resources: - requests: - cpu: 50m - memory: 128Mi - storage: - volumeClaimTemplate: - spec: - storageClassName: ceph-block - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 1Gi - redisExporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.48.0 diff --git a/clusters/cl01tl/helm/yamtrack/templates/service-monitor.yaml b/clusters/cl01tl/helm/yamtrack/templates/service-monitor.yaml deleted file mode 100644 index e2538360a..000000000 --- a/clusters/cl01tl/helm/yamtrack/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: redis-replication-yamtrack - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-yamtrack - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - redis-operator: "true" - env: production -spec: - selector: - matchLabels: - redis_setup_type: replication - endpoints: - - port: redis-exporter - interval: 30s - scrapeTimeout: 10s diff --git a/clusters/cl01tl/helm/yamtrack/values.yaml b/clusters/cl01tl/helm/yamtrack/values.yaml deleted file mode 100644 index c3348a1b7..000000000 --- a/clusters/cl01tl/helm/yamtrack/values.yaml +++ /dev/null @@ -1,127 +0,0 @@ -yamtrack: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/fuzzygrim/yamtrack - tag: 0.24.7 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: URLS - value: https://yamtrack.alexlebens.net - - name: REGISTRATION - value: false - - name: SOCIAL_PROVIDERS - value: allauth.socialaccount.providers.openid_connect - - name: SOCIALACCOUNT_PROVIDERS - valueFrom: - secretKeyRef: - name: yamtrack-oidc-secret - key: SOCIALACCOUNT_PROVIDERS - - name: SECRET - valueFrom: - secretKeyRef: - name: yamtrack-config-secret - key: SECRET - - name: REDIS_URL - value: redis://redis-replication-yamtrack-master.yamtrack:6379 - - name: DB_USER - valueFrom: - secretKeyRef: - name: yamtrack-postgresql-17-cluster-app - key: username - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: yamtrack-postgresql-17-cluster-app - key: password - - name: DB_NAME - valueFrom: - secretKeyRef: - name: yamtrack-postgresql-17-cluster-app - key: dbname - - name: DB_HOST - valueFrom: - secretKeyRef: - name: yamtrack-postgresql-17-cluster-app - key: host - - name: DB_PORT - valueFrom: - secretKeyRef: - name: yamtrack-postgresql-17-cluster-app - key: port - resources: - requests: - cpu: 10m - memory: 256Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 8000 - protocol: HTTP -postgres-17-cluster: - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/yamtrack/yamtrack-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: yamtrack-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/yamtrack/yamtrack-postgresql-17-cluster - index: 2 - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/yamtrack/yamtrack-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: yamtrack-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/yamtrack/yamtrack-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: yamtrack-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 34 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/management/argo-workflows/Chart.yaml b/clusters/cl01tl/management/argo-workflows/Chart.yaml deleted file mode 100644 index c664e755a..000000000 --- a/clusters/cl01tl/management/argo-workflows/Chart.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v2 -name: argo-workflows -version: 1.0.0 -description: Argo Workflows -keywords: - - argo-workflows - - argo-events - - workflows - - events -home: https://wiki.alexlebens.dev/s/a268508f-d81d-4b4b-8bd5-9058edaea635 -sources: - - https://github.com/argoproj/argo-workflows - - https://github.com/argoproj/argo-events - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/argoproj/argo-helm/tree/main/charts - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: argo-workflows - version: 0.45.28 - repository: https://argoproj.github.io/argo-helm - - name: argo-events - version: 2.4.17 - repository: https://argoproj.github.io/argo-helm - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png -appVersion: v3.6.7 diff --git a/clusters/cl01tl/management/argo-workflows/templates/external-secret.yaml b/clusters/cl01tl/management/argo-workflows/templates/external-secret.yaml deleted file mode 100644 index 355d08ba4..000000000 --- a/clusters/cl01tl/management/argo-workflows/templates/external-secret.yaml +++ /dev/null @@ -1,95 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: argo-workflows-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: argo-workflows-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: secret - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/argo-workflows - metadataPolicy: None - property: secret - - secretKey: client - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/argo-workflows - metadataPolicy: None - property: client - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: argo-workflows-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: argo-workflows-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: argo-workflows-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: argo-workflows-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/management/argo-workflows/templates/http-route.yaml b/clusters/cl01tl/management/argo-workflows/templates/http-route.yaml deleted file mode 100644 index 6ec1451cc..000000000 --- a/clusters/cl01tl/management/argo-workflows/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-argo-workflows - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-argo-workflows - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - argo-workflows.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: argo-workflows-server - port: 2746 - weight: 100 diff --git a/clusters/cl01tl/management/argo-workflows/templates/service.yaml b/clusters/cl01tl/management/argo-workflows/templates/service.yaml deleted file mode 100644 index 4d10a9638..000000000 --- a/clusters/cl01tl/management/argo-workflows/templates/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: garage-ps10rp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: garage-ps10rp - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - annotations: - tailscale.com/tailnet-fqdn: garage-ps10rp.boreal-beaufort.ts.net -spec: - externalName: placeholder - type: ExternalName diff --git a/clusters/cl01tl/management/argo-workflows/values.yaml b/clusters/cl01tl/management/argo-workflows/values.yaml deleted file mode 100644 index 29a700952..000000000 --- a/clusters/cl01tl/management/argo-workflows/values.yaml +++ /dev/null @@ -1,147 +0,0 @@ -argo-workflows: - controller: - metricsConfig: - enabled: true - persistence: - connectionPool: - maxIdleConns: 100 - maxOpenConns: 0 - nodeStatusOffLoad: true - archive: true - postgresql: - host: argo-workflows-postgresql-17-cluster-rw - port: 5432 - database: app - tableName: app - userNameSecret: - name: argo-workflows-postgresql-17-cluster-app - key: username - passwordSecret: - name: argo-workflows-postgresql-17-cluster-app - key: password - ssl: false - sslMode: disable - workflowWorkers: 2 - workflowTTLWorkers: 1 - podCleanupWorkers: 1 - cronWorkflowWorkers: 1 - resources: - requests: - cpu: 10m - memory: 128Mi - serviceMonitor: - enabled: true - name: workflow-controller - workflowNamespaces: - - argocd - - argo-workflows - server: - authModes: - - sso - ingress: - enabled: false - sso: - enabled: true - issuer: https://authentik.alexlebens.net/application/o/argo-workflows/ - clientId: - name: argo-workflows-oidc-secret - key: client - clientSecret: - name: argo-workflows-oidc-secret - key: secret - redirectUrl: https://argo-workflows.alexlebens.net/oauth2/callback - rbac: - enabled: false - scopes: - - openid - - email - - profile - useStaticCredentials: true - artifactRepository: - archiveLogs: false - s3: {} - # accessKeySecret: - # name: "{{ .Release.Name }}-minio" - # key: accesskey - # secretKeySecret: - # name: "{{ .Release.Name }}-minio" - # key: secretkey - # insecure: true - # bucket: - # endpoint: - # region: - # encryptionOptions: - # enableEncryption: true - -argo-events: - controller: - resources: - requests: - cpu: 10m - memory: 128Mi - metrics: - enabled: true - serviceMonitor: - enabled: true - webhook: - enabled: true - resources: - requests: - cpu: 10m - memory: 128Mi -postgres-17-cluster: - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/argo-workflows/argo-workflows-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: argo-workflows-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/argo-workflows/argo-workflows-postgresql-17-cluster - index: 1 - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/argo-workflows/argo-workflows-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: argo-workflows-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/argo-workflows/argo-workflows-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: argo-workflows-postgresql-17-cluster-backup-secret-garage - # endpointCredentialsIncludeRegion: true - # retentionPolicy: "30d" - # data: - # compression: bzip2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: true - # schedule: "0 0 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/management/headlamp/Chart.yaml b/clusters/cl01tl/management/headlamp/Chart.yaml deleted file mode 100644 index cdd1d9532..000000000 --- a/clusters/cl01tl/management/headlamp/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v2 -name: headlamp -version: 1.0.0 -description: Headlamp -keywords: - - headlamp - - dashboard - - kubernetes -home: https://wiki.alexlebens.dev/s/6cc43960-78df-459d-aab6-433844249243 -sources: - - https://github.com/headlamp-k8s/headlamp - - https://github.com/headlamp-k8s/headlamp/tree/main/charts/headlamp -maintainers: - - name: alexlebens -dependencies: - - name: headlamp - version: 0.38.0 - repository: https://kubernetes-sigs.github.io/headlamp/ -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/headlamp.png -appVersion: 0.37.0 diff --git a/clusters/cl01tl/management/headlamp/templates/cluster-role-binding.yaml b/clusters/cl01tl/management/headlamp/templates/cluster-role-binding.yaml deleted file mode 100644 index 0ac308d3a..000000000 --- a/clusters/cl01tl/management/headlamp/templates/cluster-role-binding.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: cluster-admin-oidc - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: cluster-admin-oidc - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -roleRef: - kind: ClusterRole - name: cluster-admin - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: User - name: alexanderlebens@gmail.com - apiGroup: rbac.authorization.k8s.io - - kind: ServiceAccount - name: headlamp-admin - namespace: headlamp diff --git a/clusters/cl01tl/management/headlamp/templates/external-secret.yaml b/clusters/cl01tl/management/headlamp/templates/external-secret.yaml deleted file mode 100644 index 52ab40ae4..000000000 --- a/clusters/cl01tl/management/headlamp/templates/external-secret.yaml +++ /dev/null @@ -1,56 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: headlamp-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: headlamp-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: OIDC_CLIENT_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/headlamp - metadataPolicy: None - property: client - - secretKey: OIDC_CLIENT_SECRET - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/headlamp - metadataPolicy: None - property: secret - - secretKey: OIDC_ISSUER_URL - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/headlamp - metadataPolicy: None - property: issuer - - secretKey: OIDC_SCOPES - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/headlamp - metadataPolicy: None - property: scopes - - secretKey: OIDC_VALIDATOR_ISSUER_URL - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/headlamp - metadataPolicy: None - property: validator-issuer-url - - secretKey: OIDC_VALIDATOR_CLIENT_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/headlamp - metadataPolicy: None - property: validator-client-id diff --git a/clusters/cl01tl/management/headlamp/templates/http-route.yaml b/clusters/cl01tl/management/headlamp/templates/http-route.yaml deleted file mode 100644 index 385c0da6a..000000000 --- a/clusters/cl01tl/management/headlamp/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: https-route-headlamp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: https-route-headlamp - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - headlamp.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: headlamp - port: 80 - weight: 100 diff --git a/clusters/cl01tl/management/headlamp/templates/service-account.yaml b/clusters/cl01tl/management/headlamp/templates/service-account.yaml deleted file mode 100644 index e31ff0631..000000000 --- a/clusters/cl01tl/management/headlamp/templates/service-account.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: headlamp-admin - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: headlamp-admin - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} diff --git a/clusters/cl01tl/management/headlamp/values.yaml b/clusters/cl01tl/management/headlamp/values.yaml deleted file mode 100644 index 33f395991..000000000 --- a/clusters/cl01tl/management/headlamp/values.yaml +++ /dev/null @@ -1,31 +0,0 @@ -headlamp: - replicaCount: 2 - config: - oidc: - secret: - create: false - externalSecret: - enabled: true - name: headlamp-oidc-secret - watchPlugins: true - resources: - requests: - cpu: 10m - memory: 128Mi - pluginsManager: - enabled: true - securityContext: - readOnlyRootFilesystem: false - runAsNonRoot: false - runAsUser: 0 - configContent: | - plugins: - - name: cert-manager - source: https://artifacthub.io/packages/headlamp/headlamp-plugins/headlamp_cert-manager - version: 0.1.0 - - name: trivy - source: https://artifacthub.io/packages/headlamp/headlamp-trivy/headlamp_trivy - version: 0.3.1 - installOptions: - parallel: true - maxConcurrent: 2 diff --git a/clusters/cl01tl/management/komodo/Chart.yaml b/clusters/cl01tl/management/komodo/Chart.yaml deleted file mode 100644 index 0d6f1bd55..000000000 --- a/clusters/cl01tl/management/komodo/Chart.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v2 -name: komodo -version: 1.0.0 -description: Komodo -keywords: - - komodo - - deployment - - dashboard - - docker-compose -home: https://wiki.alexlebens.dev/s/bb7eb683-b5c7-4f50-9f2c-e8e57dc67c81 -sources: - - https://github.com/mbecker20/komodo - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/moghtech/komodo/pkgs/container/komodo-core - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: komodo - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: postgres-cluster - alias: postgresql-17-fdb-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/komodo.png -appVersion: v1.17.5 diff --git a/clusters/cl01tl/management/komodo/templates/external-secret.yaml b/clusters/cl01tl/management/komodo/templates/external-secret.yaml deleted file mode 100644 index 73541fdf6..000000000 --- a/clusters/cl01tl/management/komodo/templates/external-secret.yaml +++ /dev/null @@ -1,116 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: komodo-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: komodo-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: passkey - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/komodo/config - metadataPolicy: None - property: passkey - - secretKey: jwt - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/komodo/config - metadataPolicy: None - property: jwt - - secretKey: webhook - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/komodo/config - metadataPolicy: None - property: webhook - - secretKey: oidc-client-id - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/komodo - metadataPolicy: None - property: client - - secretKey: oidc-client-secret - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/komodo - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: komodo-postgresql-17-fdb-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: komodo-postgresql-17-fdb-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: komodo-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: komodo-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/management/komodo/templates/http-route.yaml b/clusters/cl01tl/management/komodo/templates/http-route.yaml deleted file mode 100644 index f8dfd3b4d..000000000 --- a/clusters/cl01tl/management/komodo/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: https-route-komodo - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: https-route-komodo - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - komodo.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: komodo-main - port: 80 - weight: 100 diff --git a/clusters/cl01tl/management/komodo/templates/service.yaml b/clusters/cl01tl/management/komodo/templates/service.yaml deleted file mode 100644 index 14f1e20df..000000000 --- a/clusters/cl01tl/management/komodo/templates/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: komodo-periphery-ps10rp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: komodo-periphery-ps10rp - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - annotations: - tailscale.com/tailnet-fqdn: komodo-periphery-ps10rp.boreal-beaufort.ts.net -spec: - externalName: placeholder - type: ExternalName diff --git a/clusters/cl01tl/management/komodo/values.yaml b/clusters/cl01tl/management/komodo/values.yaml deleted file mode 100644 index 03ba6ddff..000000000 --- a/clusters/cl01tl/management/komodo/values.yaml +++ /dev/null @@ -1,236 +0,0 @@ -komodo: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/moghtech/komodo-core - tag: 1.19.5 - pullPolicy: IfNotPresent - env: - - name: COMPOSE_LOGGING_DRIVER - value: local - - name: KOMODO_HOST - value: https://komodo.alexlebens.net - - name: KOMODO_TITLE - value: Komodo - - name: PASSKEY - valueFrom: - secretKeyRef: - name: komodo-secret - key: passkey - - name: KOMODO_MONITORING_INTERVAL - value: 15-sec - - name: KOMODO_RESOURCE_POLL_INTERVAL - value: 5-min - - name: KOMODO_PASSKEY - valueFrom: - secretKeyRef: - name: komodo-secret - key: passkey - - name: KOMODO_WEBHOOK_SECRET - valueFrom: - secretKeyRef: - name: komodo-secret - key: webhook - - name: KOMODO_JWT_SECRET - valueFrom: - secretKeyRef: - name: komodo-secret - key: jwt - - name: KOMODO_LOCAL_AUTH - value: true - - name: KOMODO_ENABLE_NEW_USERS - value: true - - name: KOMODO_DISABLE_NON_ADMIN_CREATE - value: true - - name: KOMODO_TRANSPARENT_MODE - value: false - - name: PERIPHERY_SSL_ENABLED - value: false - - name: DB_USERNAME - valueFrom: - secretKeyRef: - name: komodo-postgresql-17-fdb-cluster-app - key: user - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: komodo-postgresql-17-fdb-cluster-app - key: password - - name: KOMODO_DATABASE_URI - value: mongodb://$(DB_USERNAME):$(DB_PASSWORD)@komodo-ferretdb-2.komodo:27017/komodo - - name: KOMODO_OIDC_ENABLED - value: true - - name: KOMODO_OIDC_PROVIDER - value: http://authentik-server.authentik/application/o/komodo/ - - name: KOMODO_OIDC_REDIRECT_HOST - value: https://authentik.alexlebens.net - - name: KOMODO_OIDC_CLIENT_ID - valueFrom: - secretKeyRef: - name: komodo-secret - key: oidc-client-id - - name: KOMODO_OIDC_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: komodo-secret - key: oidc-client-secret - - name: KOMODO_OIDC_USE_FULL_EMAIL - value: true - resources: - requests: - cpu: 10m - memory: 128Mi - ferretdb-2: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/ferretdb/ferretdb - tag: 2.7.0 - pullPolicy: IfNotPresent - env: - - name: FERRETDB_POSTGRESQL_URL - valueFrom: - secretKeyRef: - name: komodo-postgresql-17-fdb-cluster-app - key: uri - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 9120 - protocol: HTTP - ferretdb-2: - controller: ferretdb-2 - ports: - http: - port: 27017 - targetPort: 27017 - protocol: HTTP - persistence: - cache: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - main: - - path: /repo-cache - readOnly: false - syncs: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - main: - - path: /syncs - readOnly: false -postgresql-17-fdb-cluster: - nameOverride: komodo-postgresql-17-fdb - mode: standalone - cluster: - image: - repository: ghcr.io/ferretdb/postgres-documentdb - tag: "17-0.106.0-ferretdb-2.5.0" - storage: - storageClass: local-path - walStorage: - storageClass: local-path - postgresUID: 999 - postgresGID: 999 - enableSuperuserAccess: true - monitoring: - enabled: true - prometheusRule: - enabled: true - postgresql: - parameters: - cron.database_name: 'ferretDB' - documentdb.enableCompact: "true" - documentdb.enableLetAndCollationForQueryMatch: "true" - documentdb.enableNowSystemVariable: "true" - documentdb.enableSortbyIdPushDownToPrimaryKey: "true" - documentdb.enableSchemaValidation: "true" - documentdb.enableBypassDocumentValidation: "true" - documentdb.enableUserCrud: "true" - documentdb.maxUserLimit: "100" - shared_buffers: 128MB - max_slot_wal_keep_size: 2000MB - hot_standby_feedback: "on" - pg_hba: - - host ferretDB postgres localhost trust - - host ferretDB ferret localhost trust - shared_preload_libraries: - - pg_cron - - pg_documentdb_core - - pg_documentdb - initdb: - database: ferretDB - owner: ferret - postInitApplicationSQL: - - create extension if not exists pg_cron; - - create extension if not exists documentdb cascade; - - grant documentdb_admin_role to ferret; - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/komodo/komodo-postgresql-17-fdb-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: komodo-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/komodo/komodo-postgresql-17-fdb-cluster - index: 2 - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/komodo/komodo-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: komodo-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/komodo/komodo-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: komodo-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 0 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/management/kronic/Chart.yaml b/clusters/cl01tl/management/kronic/Chart.yaml deleted file mode 100644 index d587555a7..000000000 --- a/clusters/cl01tl/management/kronic/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v2 -name: kronic -version: 1.0.0 -description: Kronic -keywords: - - kronic - - cron-job - - dashboard - - kubernetes -home: https://wiki.alexlebens.dev/s/f1191e27-264a-42bf-a3aa-3dcc35820a62 -sources: - - https://github.com/mshade/kronic - - https://github.com/mshade/kronic/pkgs/container/kronic - - https://github.com/mshade/kronic/tree/main/chart/kronic -maintainers: - - name: alexlebens -dependencies: - - name: kronic - repository: https://mshade.github.io/kronic/ - version: 0.1.7 -icon: https://raw.githubusercontent.com/mshade/kronic/main/static/android-chrome-192x192.png -appVersion: v0.1.4 diff --git a/clusters/cl01tl/management/kronic/templates/external-secret.yaml b/clusters/cl01tl/management/kronic/templates/external-secret.yaml deleted file mode 100644 index 42d008a7e..000000000 --- a/clusters/cl01tl/management/kronic/templates/external-secret.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: kronic-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: kronic-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: password - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/kronic/auth - metadataPolicy: None - property: password diff --git a/clusters/cl01tl/management/kronic/templates/http-route.yaml b/clusters/cl01tl/management/kronic/templates/http-route.yaml deleted file mode 100644 index fcfc42f08..000000000 --- a/clusters/cl01tl/management/kronic/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: https-route-kronic - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: https-route-kronic - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - kronic.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: kronic - port: 80 - weight: 100 diff --git a/clusters/cl01tl/management/kronic/values.yaml b/clusters/cl01tl/management/kronic/values.yaml deleted file mode 100644 index 0ca4cbd44..000000000 --- a/clusters/cl01tl/management/kronic/values.yaml +++ /dev/null @@ -1,17 +0,0 @@ -kronic: - replicaCount: 1 - image: - repository: ghcr.io/mshade/kronic - tag: v0.1.4 - auth: - enabled: true - adminUsername: kronic - existingSecretName: kronic-config-secret - env: - KRONIC_ALLOW_NAMESPACES: "gitea,vault,talos,libation,kubernetes-cloudflare-ddns" - ingress: - enabled: false - resources: - requests: - cpu: 10m - memory: 256Mi diff --git a/clusters/cl01tl/monitoring/gatus/Chart.yaml b/clusters/cl01tl/monitoring/gatus/Chart.yaml deleted file mode 100644 index b5fa9b2d8..000000000 --- a/clusters/cl01tl/monitoring/gatus/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v2 -name: gatus -version: 1.0.0 -description: Gatus -keywords: - - gatus - - healthcheck - - uptime - - metrics -home: https://wiki.alexlebens.dev/s/2a2b0c83-81c7-49e3-aafc-daff4ff23ce2 -sources: - - https://github.com/TwiN/gatus - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/TwiN/gatus/pkgs/container/gatus - - https://github.com/TwiN/helm-charts/tree/master/charts/gatus - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: gatus - repository: https://twin.github.io/helm-charts - version: 1.4.4 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/gatus.png -appVersion: v5.12.0 diff --git a/clusters/cl01tl/monitoring/gatus/templates/external-secret.yaml b/clusters/cl01tl/monitoring/gatus/templates/external-secret.yaml deleted file mode 100644 index 5669abdb8..000000000 --- a/clusters/cl01tl/monitoring/gatus/templates/external-secret.yaml +++ /dev/null @@ -1,118 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: gatus-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gatus-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: NTFY_TOKEN - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /ntfy/user/cl01tl - metadataPolicy: None - property: token - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: gatus-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gatus-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: OIDC_CLIENT_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/gatus - metadataPolicy: None - property: client - - secretKey: OIDC_CLIENT_SECRET - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/gatus - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: gatus-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gatus-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: gatus-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gatus-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/monitoring/gatus/templates/http-route.yaml b/clusters/cl01tl/monitoring/gatus/templates/http-route.yaml deleted file mode 100644 index 4cccfab5b..000000000 --- a/clusters/cl01tl/monitoring/gatus/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-gatus - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-gatus - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - gatus.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: gatus - port: 80 - weight: 100 diff --git a/clusters/cl01tl/monitoring/gatus/values.yaml b/clusters/cl01tl/monitoring/gatus/values.yaml deleted file mode 100644 index 4e9aa15a6..000000000 --- a/clusters/cl01tl/monitoring/gatus/values.yaml +++ /dev/null @@ -1,423 +0,0 @@ -gatus: - deployment: - strategy: Recreate - readinessProbe: - enabled: true - livenessProbe: - enabled: true - image: - repository: ghcr.io/twin/gatus - tag: v5.33.0 - annotations: - reloader.stakater.com/auto: "true" - service: - type: ClusterIP - port: 80 - targetPort: 8080 - portName: http - ingress: - enabled: false - env: - NTFY_TOKEN: - valueFrom: - secretKeyRef: - name: gatus-config-secret - key: NTFY_TOKEN - OIDC_CLIENT_ID: - valueFrom: - secretKeyRef: - name: gatus-oidc-secret - key: OIDC_CLIENT_ID - OIDC_CLIENT_SECRET: - valueFrom: - secretKeyRef: - name: gatus-oidc-secret - key: OIDC_CLIENT_SECRET - POSTGRES_USER: - valueFrom: - secretKeyRef: - name: gatus-postgresql-17-cluster-app - key: username - POSTGRES_PASSWORD: - valueFrom: - secretKeyRef: - name: gatus-postgresql-17-cluster-app - key: password - POSTGRES_HOST: - valueFrom: - secretKeyRef: - name: gatus-postgresql-17-cluster-app - key: host - POSTGRES_PORT: - valueFrom: - secretKeyRef: - name: gatus-postgresql-17-cluster-app - key: port - POSTGRES_DB: - valueFrom: - secretKeyRef: - name: gatus-postgresql-17-cluster-app - key: dbname - resources: - requests: - cpu: 10m - memory: 128Mi - persistence: - enabled: true - size: 1Gi - mountPath: /data - accessModes: - - ReadWriteOnce - finalizers: - - kubernetes.io/pvc-protection - storageClassName: ceph-block - serviceMonitor: - enabled: true - interval: 1m - path: /metrics - scheme: http - scrapeTimeout: 30s - networkPolicy: - enabled: false - config: - metrics: true - connectivity: - checker: - target: 1.1.1.1:53 - interval: 60s - alerting: - ntfy: - topic: "gatus-alerts" - priority: 3 - url: http://ntfy.ntfy - token: ${NTFY_TOKEN} - default-alert: - failure-threshold: 5 - send-on-resolved: true - click: "https://gatus.alexlebens.net" - security: - oidc: - issuer-url: https://authentik.alexlebens.net/application/o/gatus/ - client-id: ${OIDC_CLIENT_ID} - client-secret: ${OIDC_CLIENT_SECRET} - redirect-url: https://gatus.alexlebens.net/authorization-code/callback - scopes: [openid] - storage: - type: postgres - path: "postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}?sslmode=disable" - default-endpoint: &defaults - group: core - conditions: - - "[STATUS] == 200" - - "[CERTIFICATE_EXPIRATION] > 240h" - interval: 30s - alerts: - - type: ntfy - endpoints: - - name: plex - url: http://plex.alexlebens.net - <<: *defaults - conditions: - - "[STATUS] == 401" - - name: jellyfin - url: https://jellyfin.alexlebens.net - <<: *defaults - - name: overseerr - url: https://overseerr.alexlebens.net - <<: *defaults - - name: yamtrack - url: https://yamtrack.alexlebens.net - <<: *defaults - - name: tubearchivist - url: https://tubearchivist.alexlebens.net - <<: *defaults - - name: immich - url: https://immich.alexlebens.net - <<: *defaults - - name: photoview - url: https://photoview.alexlebens.net - <<: *defaults - - name: audiobookshelf - url: https://audiobookshelf.alexlebens.net - <<: *defaults - - name: home-assistant - url: https://home-assistant.alexlebens.net - <<: *defaults - - name: actual - url: https://actual.alexlebens.net - <<: *defaults - - name: ollama - url: https://ollama.alexlebens.net - <<: *defaults - - name: searxng - url: https://searxng.alexlebens.net - <<: *defaults - - name: roundcube - url: https://mail.alexlebens.net - <<: *defaults - - name: kiwix - url: https://kiwix.alexlebens.net - <<: *defaults - - name: gitea - url: https://gitea.alexlebens.net - <<: *defaults - - name: home-assistant-code-server - url: https://home-assistant-code-server.alexlebens.net - <<: *defaults - - name: argocd - url: https://argocd.alexlebens.net - <<: *defaults - - name: komodo - url: https://komodo.alexlebens.net - <<: *defaults - - name: argo-workflows - url: https://argo-workflows.alexlebens.net - <<: *defaults - - name: n8n - url: https://n8n.alexlebens.net - <<: *defaults - - name: omni-tools - url: https://omni-tools.alexlebens.net - <<: *defaults - - name: headlamp - url: https://headlamp.alexlebens.net - <<: *defaults - - name: hubble - url: https://hubble.alexlebens.net - <<: *defaults - - name: grafana - url: https://grafana.alexlebens.net - <<: *defaults - - name: prometheus - url: https://prometheus.alexlebens.net - <<: *defaults - - name: alertmanager - url: https://alertmanager.alexlebens.net - <<: *defaults - - name: tautulli - url: https://tautulli.alexlebens.net - <<: *defaults - - name: jellystat - url: https://jellystat.alexlebens.net - <<: *defaults - - name: authentik - url: https://authentik.alexlebens.net - <<: *defaults - - name: stalwart - url: https://stalwart.alexlebens.net - <<: *defaults - - name: ntfy - url: https://ntfy.alexlebens.net - <<: *defaults - - name: traefik-cl01tl - url: https://traefik-cl01tl.alexlebens.net/dashboard/#/ - <<: *defaults - - name: harbor - url: https://harbor.alexlebens.net - <<: *defaults - - name: unifi - url: https://unifi.alexlebens.net - <<: *defaults - - name: synology - url: https://synology.alexlebens.net - <<: *defaults - client: - insecure: true - conditions: - - "[CONNECTED] == true" - - name: hdhr - url: http://hdhr.alexlebens.net - <<: *defaults - conditions: - - "[STATUS] == 200" - - name: pikvm - url: https://pikvm.alexlebens.net/login/ - <<: *defaults - client: - insecure: true - conditions: - - "[CONNECTED] == true" - - name: shelly - url: http://it05sp.alexlebens.net - <<: *defaults - conditions: - - "[STATUS] == 200" - - name: ceph - url: https://ceph.alexlebens.net - <<: *defaults - - name: pgadmin - url: https://pgadmin.alexlebens.net - <<: *defaults - - name: whodb - url: https://whodb.alexlebens.net - <<: *defaults - - name: vault - url: https://vault.alexlebens.net - <<: *defaults - - name: sonarr - url: https://sonarr.alexlebens.net - <<: *defaults - - name: sonarr-4k - url: https://sonarr-4k.alexlebens.net - <<: *defaults - - name: sonarr-anime - url: https://sonarr-anime.alexlebens.net - <<: *defaults - - name: radarr - url: https://radarr.alexlebens.net - <<: *defaults - - name: radarr-4k - url: https://radarr-4k.alexlebens.net - <<: *defaults - - name: radarr-anime - url: https://radarr-anime.alexlebens.net - <<: *defaults - - name: radarr-standup - url: https://radarr-standup.alexlebens.net - <<: *defaults - - name: lidarr - url: https://lidarr.alexlebens.net - <<: *defaults - - name: lidatube - url: https://lidatube.alexlebens.net - <<: *defaults - - name: slskd - url: https://slskd.alexlebens.net - <<: *defaults - - name: qui - url: https://qui.alexlebens.net - <<: *defaults - - name: qbittorrent - url: https://qbittorrent.alexlebens.net - <<: *defaults - - name: prowlarr - url: https://prowlarr.alexlebens.net - <<: *defaults - - name: bazarr - url: https://bazarr.alexlebens.net - <<: *defaults - conditions: - - "[STATUS] == 401" - - name: huntarr - url: https://huntarr.alexlebens.net - <<: *defaults - - name: tdarr - url: https://tdarr.alexlebens.net - <<: *defaults - - name: www - url: https://www.alexlebens.dev - <<: *defaults - group: external - - name: directus - url: https://directus.alexlebens.dev - <<: *defaults - group: external - - name: postiz - url: https://postiz.alexlebens.dev - <<: *defaults - interval: 120s - group: external - - name: matrix - url: https://chat.alexlebens.dev - <<: *defaults - group: external - - name: outline - url: https://wiki.alexlebens.dev - <<: *defaults - group: external - - name: vaultwarden - url: https://passwords.alexlebens.dev - <<: *defaults - group: external - - name: karakeep - url: https://karakeep.alexlebens.dev - <<: *defaults - group: external - - name: freshrss - url: https://rss.alexlebens.dev/i/ - <<: *defaults - group: external - conditions: - - "[STATUS] == 401" - - name: gitea-external - url: https://gitea.alexlebens.dev - <<: *defaults - group: external - - name: codeserver - url: https://codeserver.alexlebens.dev - <<: *defaults - group: external - - name: public homepage - url: https://home.alexlebens.dev - <<: *defaults - group: external - - name: discord - group: public - url: https://discord.com/app - conditions: - - "[STATUS] == 200" - - "[RESPONSE_TIME] < 400" - interval: 10s - - name: reddit - group: public - url: https://reddit.com - conditions: - - "[STATUS] == 200" - - "[RESPONSE_TIME] < 400" - interval: 10s -postgres-17-cluster: - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/gatus/gatus-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: gatus-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/gatus/gatus-postgresql-17-cluster - index: 2 - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/gatus/gatus-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: gatus-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/gatus/gatus-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: gatus-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 0 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/monitoring/grafana-operator/Chart.yaml b/clusters/cl01tl/monitoring/grafana-operator/Chart.yaml deleted file mode 100644 index 980a2dbdd..000000000 --- a/clusters/cl01tl/monitoring/grafana-operator/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v2 -name: grafana-operator -version: 1.0.0 -description: Grafana Operator -keywords: - - grafana-operator - - dashboard - - metrics - - logs -home: https://wiki.alexlebens.dev/s/3e5723e1-2ab7-45ab-b496-b8854907fa39 -sources: - - https://github.com/grafana/grafana-operator - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/grafana/grafana-operator/tree/master/deploy/helm/grafana-operator - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: grafana-operator - version: v5.20.0 - repository: https://grafana.github.io/helm-charts - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/grafana.png -appVersion: v5.18.0 diff --git a/clusters/cl01tl/monitoring/grafana-operator/templates/external-secret.yaml b/clusters/cl01tl/monitoring/grafana-operator/templates/external-secret.yaml deleted file mode 100644 index db74a2440..000000000 --- a/clusters/cl01tl/monitoring/grafana-operator/templates/external-secret.yaml +++ /dev/null @@ -1,125 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: grafana-auth-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-auth-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: admin-user - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/grafana/auth - metadataPolicy: None - property: admin-user - - secretKey: admin-password - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/grafana/auth - metadataPolicy: None - property: admin-password - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: grafana-oauth-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-oauth-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: AUTH_CLIENT_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/grafana - metadataPolicy: None - property: client - - secretKey: AUTH_CLIENT_SECRET - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/grafana - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: grafana-operator-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-operator-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: grafana-operator-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-operator-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/monitoring/grafana-operator/templates/grafana-dashboard.yaml b/clusters/cl01tl/monitoring/grafana-operator/templates/grafana-dashboard.yaml deleted file mode 100644 index 6e24965a3..000000000 --- a/clusters/cl01tl/monitoring/grafana-operator/templates/grafana-dashboard.yaml +++ /dev/null @@ -1,644 +0,0 @@ -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-ceph - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-ceph - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-system - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/ceph.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-coredns - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-coredns - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-system - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/coredns.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-etcd - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-etcd - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-system - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/etcd.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-system - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/garage.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-loki - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-loki - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-system - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/loki.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-node-full - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-node-full - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-system - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/node-full.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-node-short - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-node-short - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-system - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/node-short.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-argocd - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-argocd - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-service - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/argocd.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-blocky - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-blocky - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-service - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/blocky.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-cert-manager - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-cert-manager - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-service - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/cert-manager.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-cloudnative-pg - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-cloudnative-pg - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-service - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/cloudnative-pg.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-descheduler - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-descheduler - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-service - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/descheduler.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-gatus - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-gatus - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-service - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/gatus.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-operator - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-operator - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-service - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/grafana-operator.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-harbor - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-harbor - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-service - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/harbor.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-redis-replication - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-redis-replication - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-service - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/redis-replication.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-redis-operator - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-redis-operator - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-service - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/redis-operator.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-speedtest-exporter - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-speedtest-exporter - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-service - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/speedtest-exporter.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-spegel - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-spegel - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-service - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/spegel.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-traefik - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-traefik - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-service - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/traefik.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-trivy - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-trivy - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-service - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/trivy.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-unpoller - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-unpoller - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-service - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/unpoller.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-volsync - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-volsync - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-service - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/volsync.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-s3 - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-s3 - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-platform - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/s3.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-authentik - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-authentik - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-platform - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/authentik.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-gitea - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-gitea - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-platform - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/gitea.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-ntfy - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-ntfy - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-platform - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/ntfy.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-qbittorrent - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-qbittorrent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-platform - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/qbittorrent.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-vault - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-vault - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-platform - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/vault.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-airgradient - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-airgradient - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-iot - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/iot/airgradient.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-server-power-consumption - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-server-power-consumption - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-iot - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/iot/server-power-consumption.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-immich - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-immich - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-application - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/immich.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-radarr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-radarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-application - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/radarr.json - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: grafana-dashboard-sonarr - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-dashboard-sonarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - contentCacheDuration: 1h - folderUID: grafana-folder-application - resyncPeriod: 1h - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/sonarr.json diff --git a/clusters/cl01tl/monitoring/grafana-operator/templates/grafana-datasource.yaml b/clusters/cl01tl/monitoring/grafana-operator/templates/grafana-datasource.yaml deleted file mode 100644 index a664206ee..000000000 --- a/clusters/cl01tl/monitoring/grafana-operator/templates/grafana-datasource.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDatasource -metadata: - name: grafana-datasource-prometheus - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-datasource-prometheus - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - datasource: - name: Prometheus - type: prometheus - url: http://kube-prometheus-stack-prometheus.kube-prometheus-stack:9090/ - access: proxy - isDefault: true - jsonData: - timeInterval: 30s - instanceSelector: - matchLabels: - app: grafana-main - plugins: - - name: camptocamp-prometheus-alertmanager-datasource - version: 2.1.0 - resyncPeriod: 30s - uid: kube-prometheus-stack - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDatasource -metadata: - name: grafana-datasource-loki - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-datasource-loki - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - datasource: - name: Loki - type: loki - url: http://loki.loki:3100/ - access: proxy - instanceSelector: - matchLabels: - app: grafana-main - resyncPeriod: 30s - uid: loki diff --git a/clusters/cl01tl/monitoring/grafana-operator/templates/grafana-folder.yaml b/clusters/cl01tl/monitoring/grafana-operator/templates/grafana-folder.yaml deleted file mode 100644 index ca49f4867..000000000 --- a/clusters/cl01tl/monitoring/grafana-operator/templates/grafana-folder.yaml +++ /dev/null @@ -1,173 +0,0 @@ -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaFolder -metadata: - name: grafana-folder-application - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-folder-application - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - title: Application - uid: grafana-folder-application - resyncPeriod: 30s - permissions: | - { - "items": [ - { - "role": "Admin", - "permission": 4 - }, - { - "role": "Editor", - "permission": 2 - }, - { - "role": "Viewer", - "permission": 1 - } - ] - } - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaFolder -metadata: - name: grafana-folder-iot - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-folder-iot - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - title: IoT - uid: grafana-folder-iot - resyncPeriod: 30s - permissions: | - { - "items": [ - { - "role": "Admin", - "permission": 4 - }, - { - "role": "Editor", - "permission": 2 - }, - { - "role": "Viewer", - "permission": 1 - } - ] - } - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaFolder -metadata: - name: grafana-folder-platform - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-folder-platform - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - title: Platform - uid: grafana-folder-platform - resyncPeriod: 30s - permissions: | - { - "items": [ - { - "role": "Admin", - "permission": 4 - }, - { - "role": "Editor", - "permission": 2 - }, - { - "role": "Viewer", - "permission": 1 - } - ] - } - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaFolder -metadata: - name: grafana-folder-service - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-folder-service - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app: grafana-main - title: Service - uid: grafana-folder-service - resyncPeriod: 30s - permissions: | - { - "items": [ - { - "role": "Admin", - "permission": 4 - }, - { - "role": "Editor", - "permission": 2 - }, - { - "role": "Viewer", - "permission": 1 - } - ] - } - ---- -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaFolder -metadata: - name: grafana-folder-system - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-folder-system - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - instanceSelector: - matchLabels: - app.kubernetes.io/name: grafana-main - title: System - uid: grafana-folder-system - resyncPeriod: 30s - permissions: | - { - "items": [ - { - "role": "Admin", - "permission": 4 - }, - { - "role": "Editor", - "permission": 2 - }, - { - "role": "Viewer", - "permission": 1 - } - ] - } diff --git a/clusters/cl01tl/monitoring/grafana-operator/templates/grafana.yaml b/clusters/cl01tl/monitoring/grafana-operator/templates/grafana.yaml deleted file mode 100644 index d3acf692f..000000000 --- a/clusters/cl01tl/monitoring/grafana-operator/templates/grafana.yaml +++ /dev/null @@ -1,109 +0,0 @@ -apiVersion: grafana.integreatly.org/v1beta1 -kind: Grafana -metadata: - name: grafana-main - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-main - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - app: grafana-main -spec: - config: - analytics: - enabled: "false" - check_for_updates: "false" - reporting_enabled: "false" - server: - domain: alexlebens.net - root_url: https://grafana.alexlebens.net - log: - mode: "console" - users: - auto_assign_org: "true" - auto_assign_org_id: "1" - auth: - disable_login_form: "true" - auto_login: "true" - signout_redirect_url: https://authentik.alexlebens.net/application/o/grafana/end-session/ - auth.generic_oauth: - enabled: "true" - name: Authentik - allow_sign_up: "true" - client_id: ${AUTH_CLIENT_ID} - client_secret: ${AUTH_CLIENT_SECRET} - scopes: openid profile email - auth_url: https://authentik.alexlebens.net/application/o/authorize/ - token_url: https://authentik.alexlebens.net/application/o/token/ - api_url: https://authentik.alexlebens.net/application/o/userinfo/ - role_attribute_path: contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer' - database: - type: postgres - host: "${DB_HOST}:${DB_PORT}" - name: ${DB_DATABASE} - user: ${DB_USER} - password: ${DB_PASSWORD} - remote_cache: - type: redis - connstr: addr=redis-replication-remote-cache-master.grafana-operator:6379,pool_size=100,db=0,ssl=false - unified_alerting: - enabled: "true" - ha_redis_address: redis-replication-unified-alerting-master.grafana-operator:6379 - deployment: - spec: - replicas: 3 - template: - spec: - containers: - - name: grafana - image: grafana/grafana:12.0.0 - resources: - requests: - cpu: 100m - memory: 128Mi - env: - - name: AUTH_CLIENT_ID - valueFrom: - secretKeyRef: - name: grafana-oauth-secret - key: AUTH_CLIENT_ID - - name: AUTH_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: grafana-oauth-secret - key: AUTH_CLIENT_SECRET - - name: ADMIN_USER - valueFrom: - secretKeyRef: - name: grafana-auth-secret - key: admin-user - - name: ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: grafana-auth-secret - key: admin-password - - name: DB_HOST - valueFrom: - secretKeyRef: - name: grafana-operator-postgresql-17-cluster-app - key: host - - name: DB_DATABASE - valueFrom: - secretKeyRef: - name: grafana-operator-postgresql-17-cluster-app - key: dbname - - name: DB_PORT - valueFrom: - secretKeyRef: - name: grafana-operator-postgresql-17-cluster-app - key: port - - name: DB_USER - valueFrom: - secretKeyRef: - name: grafana-operator-postgresql-17-cluster-app - key: user - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: grafana-operator-postgresql-17-cluster-app - key: password diff --git a/clusters/cl01tl/monitoring/grafana-operator/templates/http-route.yaml b/clusters/cl01tl/monitoring/grafana-operator/templates/http-route.yaml deleted file mode 100644 index edc23ed29..000000000 --- a/clusters/cl01tl/monitoring/grafana-operator/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-grafana - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-grafana - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - grafana.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: grafana-main-service - port: 3000 - weight: 100 diff --git a/clusters/cl01tl/monitoring/grafana-operator/templates/redis-replication.yaml b/clusters/cl01tl/monitoring/grafana-operator/templates/redis-replication.yaml deleted file mode 100644 index 02634d9be..000000000 --- a/clusters/cl01tl/monitoring/grafana-operator/templates/redis-replication.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: redis-replication-unified-alerting - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-unified-alerting - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - clusterSize: 3 - podSecurityContext: - runAsUser: 1000 - fsGroup: 1000 - kubernetesConfig: - image: quay.io/opstree/redis:v8.0.3 - imagePullPolicy: IfNotPresent - resources: - requests: - cpu: 50m - memory: 128Mi - storage: - volumeClaimTemplate: - spec: - storageClassName: ceph-block - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 1Gi - redisExporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.48.0 - ---- -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: redis-replication-remote-cache - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-remote-cache - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - clusterSize: 3 - podSecurityContext: - runAsUser: 1000 - fsGroup: 1000 - kubernetesConfig: - image: quay.io/opstree/redis:v8.0.3 - imagePullPolicy: IfNotPresent - resources: - requests: - cpu: 50m - memory: 128Mi - storage: - volumeClaimTemplate: - spec: - storageClassName: ceph-block - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 1Gi - redisExporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.48.0 diff --git a/clusters/cl01tl/monitoring/grafana-operator/templates/service-monitor.yaml b/clusters/cl01tl/monitoring/grafana-operator/templates/service-monitor.yaml deleted file mode 100644 index 3acedd21d..000000000 --- a/clusters/cl01tl/monitoring/grafana-operator/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: redis-replication-grafana-operator - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-grafana-operator - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - redis-operator: "true" - env: production -spec: - selector: - matchLabels: - redis_setup_type: replication - endpoints: - - port: redis-exporter - interval: 30s - scrapeTimeout: 10s diff --git a/clusters/cl01tl/monitoring/grafana-operator/values.yaml b/clusters/cl01tl/monitoring/grafana-operator/values.yaml deleted file mode 100644 index b9823748b..000000000 --- a/clusters/cl01tl/monitoring/grafana-operator/values.yaml +++ /dev/null @@ -1,70 +0,0 @@ -grafana-operator: - replicas: 2 - serviceAccount: - create: true - rbac: - create: true - resources: - requests: - cpu: 10m - memory: 64Mi - serviceMonitor: - enabled: true - dashboard: - enabled: false -postgres-17-cluster: - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/grafana-operator/grafana-operator-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: grafana-operator-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/grafana-operator/grafana-operator-postgresql-17-cluster - index: 2 - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/grafana-operator/grafana-operator-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: grafana-operator-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/grafana-operator/grafana-operator-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: grafana-operator-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 0 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/monitoring/kube-prometheus-stack/Chart.yaml b/clusters/cl01tl/monitoring/kube-prometheus-stack/Chart.yaml deleted file mode 100644 index 013c7ee75..000000000 --- a/clusters/cl01tl/monitoring/kube-prometheus-stack/Chart.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v2 -name: kube-prometheus-stack -version: 1.0.0 -description: Kube Prometheus Stack -keywords: - - kube-prometheus-stack - - prometheus - - alertmanager - - metrics - - alerts - - kubernetes -home: https://wiki.alexlebens.dev/s/cd9fc3a4-aa88-4285-8886-91a6c5aecf7d -sources: - - https://github.com/prometheus/prometheus - - https://github.com/alexbakker/alertmanager-ntfy - - https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack - - https://github.com/bjw-s/helm-charts/blob/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: kube-prometheus-stack - version: 79.7.1 - repository: oci://ghcr.io/prometheus-community/charts - - name: app-template - alias: ntfy-alertmanager - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png -appVersion: v0.82.0 diff --git a/clusters/cl01tl/monitoring/kube-prometheus-stack/templates/external-secret.yaml b/clusters/cl01tl/monitoring/kube-prometheus-stack/templates/external-secret.yaml deleted file mode 100644 index d30e24db4..000000000 --- a/clusters/cl01tl/monitoring/kube-prometheus-stack/templates/external-secret.yaml +++ /dev/null @@ -1,88 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: alertmanager-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: alertmanager-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: pushover_token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /pushover/key - metadataPolicy: None - property: alertmanager_key - - secretKey: pushover_user_key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /pushover/key - metadataPolicy: None - property: user_key - - secretKey: ntfy_password - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/kube-prometheus-stack/ntfy-alertmanager - metadataPolicy: None - property: ntfy_password - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: garage-metric-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: garage-metric-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/token - metadataPolicy: None - property: metric - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: ntfy-alertmanager-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ntfy-alertmanager-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ntfy_password - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/kube-prometheus-stack/ntfy-alertmanager - metadataPolicy: None - property: ntfy_password - - secretKey: config - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/kube-prometheus-stack/ntfy-alertmanager - metadataPolicy: None - property: config diff --git a/clusters/cl01tl/monitoring/kube-prometheus-stack/templates/http-route.yaml b/clusters/cl01tl/monitoring/kube-prometheus-stack/templates/http-route.yaml deleted file mode 100644 index f4ad82be5..000000000 --- a/clusters/cl01tl/monitoring/kube-prometheus-stack/templates/http-route.yaml +++ /dev/null @@ -1,58 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-prometheus - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-prometheus - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - prometheus.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: prometheus-operated - port: 9090 - weight: 100 - ---- -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-alertmanager - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-alertmanager - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - alertmanager.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: kube-prometheus-stack-alertmanager - port: 9093 - weight: 100 diff --git a/clusters/cl01tl/monitoring/kube-prometheus-stack/templates/namespace.yaml b/clusters/cl01tl/monitoring/kube-prometheus-stack/templates/namespace.yaml deleted file mode 100644 index 992072a1e..000000000 --- a/clusters/cl01tl/monitoring/kube-prometheus-stack/templates/namespace.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: kube-prometheus-stack - labels: - app.kubernetes.io/name: kube-prometheus-stack - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - pod-security.kubernetes.io/audit: privileged - pod-security.kubernetes.io/enforce: privileged - pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/monitoring/kube-prometheus-stack/templates/redis-replication.yaml b/clusters/cl01tl/monitoring/kube-prometheus-stack/templates/redis-replication.yaml deleted file mode 100644 index 1499e825b..000000000 --- a/clusters/cl01tl/monitoring/kube-prometheus-stack/templates/redis-replication.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: redis-replication-kube-prometheus-stack - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-kube-prometheus-stack - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - clusterSize: 3 - podSecurityContext: - runAsUser: 1000 - fsGroup: 1000 - kubernetesConfig: - image: quay.io/opstree/redis:v8.0.3 - imagePullPolicy: IfNotPresent - resources: - requests: - cpu: 50m - memory: 128Mi - storage: - volumeClaimTemplate: - spec: - storageClassName: ceph-block - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 1Gi - redisExporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.48.0 diff --git a/clusters/cl01tl/monitoring/kube-prometheus-stack/templates/scrape-config.yaml b/clusters/cl01tl/monitoring/kube-prometheus-stack/templates/scrape-config.yaml deleted file mode 100644 index 72e295dc1..000000000 --- a/clusters/cl01tl/monitoring/kube-prometheus-stack/templates/scrape-config.yaml +++ /dev/null @@ -1,81 +0,0 @@ -apiVersion: monitoring.coreos.com/v1alpha1 -kind: ScrapeConfig -metadata: - name: external-nodes-http - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: external-nodes-http - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - staticConfigs: - - labels: - job: external-nodes - targets: - - ps08rp.alexlebens.net:9100 - - ps09rp.alexlebens.net:9100 - metricsPath: /metrics - scheme: HTTP - ---- -apiVersion: monitoring.coreos.com/v1alpha1 -kind: ScrapeConfig -metadata: - name: external-nodes-https - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: external-nodes-https - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - staticConfigs: - - labels: - job: external-nodes - targets: - - node-exporter-ps10rp.boreal-beaufort.ts.net - metricsPath: /metrics - scheme: HTTPS - ---- -apiVersion: monitoring.coreos.com/v1alpha1 -kind: ScrapeConfig -metadata: - name: airgradient-http - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: airgradient-http - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - staticConfigs: - - labels: - job: airgradient - targets: - - it01ag.alexlebens.net:9926 - metricsPath: /metrics - scheme: HTTP - ---- -apiVersion: monitoring.coreos.com/v1alpha1 -kind: ScrapeConfig -metadata: - name: garage-https - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: garage-https - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - staticConfigs: - - labels: - job: garage - targets: - - garage-ps10rp.boreal-beaufort.ts.net:3903 - metricsPath: /metrics - scrapeInterval: 1m - scheme: HTTPS - authorization: - type: Bearer - credentials: - key: token - name: garage-metric-secret diff --git a/clusters/cl01tl/monitoring/kube-prometheus-stack/templates/service-monitor.yaml b/clusters/cl01tl/monitoring/kube-prometheus-stack/templates/service-monitor.yaml deleted file mode 100644 index b4715af05..000000000 --- a/clusters/cl01tl/monitoring/kube-prometheus-stack/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: redis-replication-kube-prometheus-stack - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-kube-prometheus-stack - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - redis-operator: "true" - env: production -spec: - selector: - matchLabels: - redis_setup_type: replication - endpoints: - - port: redis-exporter - interval: 30s - scrapeTimeout: 10s diff --git a/clusters/cl01tl/monitoring/kube-prometheus-stack/templates/service.yaml b/clusters/cl01tl/monitoring/kube-prometheus-stack/templates/service.yaml deleted file mode 100644 index 28a6f22f9..000000000 --- a/clusters/cl01tl/monitoring/kube-prometheus-stack/templates/service.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: node-ps10rp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: node-ps10rp - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - annotations: - tailscale.com/tailnet-fqdn: node-exporter-ps10rp.boreal-beaufort.ts.net -spec: - externalName: placeholder - type: ExternalName - ---- -apiVersion: v1 -kind: Service -metadata: - name: garage-ps10rp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: garage-ps10rp - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - annotations: - tailscale.com/tailnet-fqdn: garage-ps10rp.boreal-beaufort.ts.net -spec: - externalName: placeholder - type: ExternalName diff --git a/clusters/cl01tl/monitoring/kube-prometheus-stack/values.yaml b/clusters/cl01tl/monitoring/kube-prometheus-stack/values.yaml deleted file mode 100644 index b56a7c3a0..000000000 --- a/clusters/cl01tl/monitoring/kube-prometheus-stack/values.yaml +++ /dev/null @@ -1,147 +0,0 @@ -kube-prometheus-stack: - crds: - enabled: false - defaultRules: - create: true - rules: - kubeControllerManager: false - kubeSchedulerAlerting: false - kubeSchedulerRecording: false - global: - rbac: - create: true - createAggregateClusterRoles: true - alertmanager: - enabled: true - config: - route: - group_by: ["namespace", "alertname"] - group_wait: 30s - group_interval: 5m - repeat_interval: 24h - receiver: ntfy - routes: - - receiver: ntfy - group_wait: 10s - group_interval: 5m - repeat_interval: 24h - receivers: - - name: pushover - pushover_configs: - - send_resolved: true - user_key_file: /etc/alertmanager/secrets/alertmanager-config-secret/pushover_user_key - token_file: /etc/alertmanager/secrets/alertmanager-config-secret/pushover_token - - name: ntfy - webhook_configs: - - url: http://ntfy-alertmanager.kube-prometheus-stack:80 - http_config: - basic_auth: - username: ntfy-alertmanager - password_file: /etc/alertmanager/secrets/alertmanager-config-secret/ntfy_password - alertmanagerSpec: - secrets: - - alertmanager-config-secret - replicas: 1 - grafana: - enabled: false - kubeApiServer: - tlsConfig: - insecureSkipVerify: true - kubeControllerManager: - enabled: false - kubeEtcd: - enabled: true - service: - selector: - k8s-app: kube-controller-manager - serviceMonitor: - relabelings: - - sourceLabels: [__meta_kubernetes_pod_node_name] - separator: ; - regex: ^(.*)$ - targetLabel: nodename - replacement: $1 - action: replace - metricRelabelings: - - action: labeldrop - regex: pod - kubeScheduler: - enabled: false - kubeProxy: - enabled: false - kubeStateMetrics: - enabled: true - nodeExporter: - operatingSystems: - darwin: - enabled: false - prometheusOperator: - admissionWebhooks: - enabled: true - annotations: - argocd.argoproj.io/hook: PreSync - argocd.argoproj.io/hook-delete-policy: HookSucceeded - patch: - annotations: - argocd.argoproj.io/hook: PreSync - argocd.argoproj.io/hook-delete-policy: HookSucceeded - mutatingWebhookConfiguration: - annotations: - argocd.argoproj.io/hook: PreSync - validatingWebhookConfiguration: - annotations: - argocd.argoproj.io/hook: PreSync - prometheus: - ingress: - enabled: false - prometheusSpec: - scrapeInterval: 30s - retention: 30d - externalUrl: https://prometheus.alexlebens.net - ruleSelectorNilUsesHelmValues: false - serviceMonitorSelectorNilUsesHelmValues: false - podMonitorSelectorNilUsesHelmValues: false - scrapeConfigSelectorNilUsesHelmValues: false - storageSpec: - volumeClaimTemplate: - spec: - storageClassName: synology-iscsi-delete - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 250Gi -ntfy-alertmanager: - global: - fullnameOverride: ntfy-alertmanager - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: xenrox/ntfy-alertmanager - tag: 0.5.0 - pullPolicy: IfNotPresent - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 8080 - protocol: HTTP - persistence: - config: - enabled: true - type: secret - name: ntfy-alertmanager-config-secret - advancedMounts: - main: - main: - - path: /etc/ntfy-alertmanager/config - readOnly: true - mountPropagation: None - subPath: config diff --git a/clusters/cl01tl/monitoring/loki/Chart.yaml b/clusters/cl01tl/monitoring/loki/Chart.yaml deleted file mode 100644 index 70998482c..000000000 --- a/clusters/cl01tl/monitoring/loki/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v2 -name: loki -version: 1.0.0 -description: Loki -keywords: - - loki - - promtail - - logs - - kubernetes -home: https://wiki.alexlebens.dev/s/c5a4dc61-5487-46c9-88f1-cac363742d30 -sources: - - https://github.com/grafana/loki - - https://github.com/grafana/loki/tree/main/production/helm/loki - - https://github.com/grafana/helm-charts/tree/main/charts/promtail -maintainers: - - name: alexlebens -dependencies: - - name: loki - version: 6.46.0 - repository: https://grafana.github.io/helm-charts - - name: promtail - version: 6.17.1 - repository: https://grafana.github.io/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/loki.png -appVersion: 3.4.2 diff --git a/clusters/cl01tl/monitoring/loki/templates/namespace.yaml b/clusters/cl01tl/monitoring/loki/templates/namespace.yaml deleted file mode 100644 index d2683e954..000000000 --- a/clusters/cl01tl/monitoring/loki/templates/namespace.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: loki - labels: - app.kubernetes.io/name: loki - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - pod-security.kubernetes.io/audit: privileged - pod-security.kubernetes.io/enforce: privileged - pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/monitoring/loki/values.yaml b/clusters/cl01tl/monitoring/loki/values.yaml deleted file mode 100644 index 96c752d1c..000000000 --- a/clusters/cl01tl/monitoring/loki/values.yaml +++ /dev/null @@ -1,64 +0,0 @@ -loki: - deploymentMode: SingleBinary - loki: - auth_enabled: false - commonConfig: - replication_factor: 1 - ingester_client: - pool_config: - remote_timeout: 10s - remote_timeout: 10s - limits_config: - allow_structured_metadata: false - max_streams_per_user: 100000 - ingestion_rate_mb: 1024 - ingestion_burst_size_mb: 1024 - retention_period: 7d - compactor: - delete_request_store: filesystem - working_directory: /var/loki/compactor - compaction_interval: 10m - retention_enabled: true - retention_delete_delay: 2h - retention_delete_worker_count: 150 - storage: - type: filesystem - schemaConfig: - configs: - - from: "2024-01-11" - store: boltdb-shipper - object_store: filesystem - schema: v13 - index: - period: 24h - enterprise: - enabled: false - gateway: - enabled: true - basicAuth: - enabled: false - singleBinary: - replicas: 1 - persistence: - enableStatefulSetAutoDeletePVC: true - enabled: true - size: 150Gi - storageClass: synology-iscsi-delete - write: - replicas: 0 - read: - replicas: 0 - backend: - replicas: 0 -promtail: - service: - labels: - promtail: 3.0.0 - serviceMonitor: - enabled: true - prometheusRule: - enabled: false - config: - clients: - - url: http://loki-gateway.loki.svc.cluster.local:80/loki/api/v1/push - tenant_id: 1 diff --git a/clusters/cl01tl/monitoring/s3-exporter/Chart.yaml b/clusters/cl01tl/monitoring/s3-exporter/Chart.yaml deleted file mode 100644 index d8537ecc6..000000000 --- a/clusters/cl01tl/monitoring/s3-exporter/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v2 -name: s3-exporter -version: 1.0.0 -description: S3 Exporter -keywords: - - s3-exporter - - storage - - monitoring - - metrics -home: https://wiki.alexlebens.dev/s/ -sources: - - https://github.com/molu8bits/s3bucket_exporter - - https://hub.docker.com/r/molu8bits/s3bucket_exporter - - https://github.com/bjw-s/helm-charts/blob/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: s3-exporter - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -appVersion: 1.0.2 diff --git a/clusters/cl01tl/monitoring/s3-exporter/templates/external-secret.yaml b/clusters/cl01tl/monitoring/s3-exporter/templates/external-secret.yaml deleted file mode 100644 index 20dc701d4..000000000 --- a/clusters/cl01tl/monitoring/s3-exporter/templates/external-secret.yaml +++ /dev/null @@ -1,102 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: s3-do-home-infra-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: s3-do-home-infra-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/all-access - metadataPolicy: None - property: AWS_ACCESS_KEY_ID - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/all-access - metadataPolicy: None - property: AWS_SECRET_ACCESS_KEY - - secretKey: AWS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/prometheus-exporter - metadataPolicy: None - property: AWS_REGION - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: s3-ceph-directus-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: s3-ceph-directus-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/directus/ceph - metadataPolicy: None - property: AWS_ACCESS_KEY_ID - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/directus/ceph - metadataPolicy: None - property: AWS_SECRET_ACCESS_KEY - - secretKey: BUCKET_HOST - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/directus/ceph - metadataPolicy: None - property: BUCKET_HOST - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: s3-garage-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: s3-garage-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/s3-exporter - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/s3-exporter - metadataPolicy: None - property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/monitoring/s3-exporter/templates/service-monitor.yaml b/clusters/cl01tl/monitoring/s3-exporter/templates/service-monitor.yaml deleted file mode 100644 index 965de901c..000000000 --- a/clusters/cl01tl/monitoring/s3-exporter/templates/service-monitor.yaml +++ /dev/null @@ -1,86 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: s3-exporter-digital-ocean - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: s3-exporter-digital-ocean - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: s3-exporter - app.kubernetes.io/instance: s3-exporter - app.kubernetes.io/service: s3-exporter-digital-ocean - endpoints: - - port: metrics - interval: 5m - scrapeTimeout: 120s - path: /metrics - ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: s3-exporter-ceph-directus - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: s3-exporter-ceph-directus - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: s3-exporter - app.kubernetes.io/instance: s3-exporter - app.kubernetes.io/service: s3-exporter-ceph-directus - endpoints: - - port: metrics - interval: 5m - scrapeTimeout: 120s - path: /metrics - ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: s3-exporter-garage-local - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: s3-exporter-garage-local - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: s3-exporter - app.kubernetes.io/instance: s3-exporter - app.kubernetes.io/service: s3-exporter-garage-local - endpoints: - - port: metrics - interval: 5m - scrapeTimeout: 120s - path: /metrics - ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: s3-exporter-garage-remote - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: s3-exporter-garage-remote - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: s3-exporter - app.kubernetes.io/instance: s3-exporter - app.kubernetes.io/service: s3-exporter-garage-remote - endpoints: - - port: metrics - interval: 5m - scrapeTimeout: 120s - path: /metrics diff --git a/clusters/cl01tl/monitoring/s3-exporter/values.yaml b/clusters/cl01tl/monitoring/s3-exporter/values.yaml deleted file mode 100644 index 202f0febe..000000000 --- a/clusters/cl01tl/monitoring/s3-exporter/values.yaml +++ /dev/null @@ -1,181 +0,0 @@ -s3-exporter: - controllers: - digital-ocean: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: molu8bits/s3bucket_exporter - tag: 1.0.2 - pullPolicy: IfNotPresent - env: - - name: S3_NAME - value: digital-ocean - - name: S3_ENDPOINT - value: https://nyc3.digitaloceanspaces.com - - name: S3_ACCESS_KEY - valueFrom: - secretKeyRef: - name: s3-do-home-infra-secret - key: AWS_ACCESS_KEY_ID - - name: S3_SECRET_KEY - valueFrom: - secretKeyRef: - name: s3-do-home-infra-secret - key: AWS_SECRET_ACCESS_KEY - - name: S3_REGION - valueFrom: - secretKeyRef: - name: s3-do-home-infra-secret - key: AWS_REGION - - name: LOG_LEVEL - value: info - - name: S3_FORCE_PATH_STYLE - value: false - resources: - requests: - cpu: 10m - memory: 64Mi - ceph-directus: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: molu8bits/s3bucket_exporter - tag: 1.0.2 - pullPolicy: IfNotPresent - env: - - name: S3_NAME - value: ceph-directus - - name: S3_ENDPOINT - valueFrom: - secretKeyRef: - name: s3-ceph-directus-secret - key: BUCKET_HOST - - name: S3_ACCESS_KEY - valueFrom: - secretKeyRef: - name: s3-ceph-directus-secret - key: AWS_ACCESS_KEY_ID - - name: S3_SECRET_KEY - valueFrom: - secretKeyRef: - name: s3-ceph-directus-secret - key: AWS_SECRET_ACCESS_KEY - - name: S3_REGION - value: us-east-1 - - name: LOG_LEVEL - value: info - - name: S3_FORCE_PATH_STYLE - value: true - resources: - requests: - cpu: 10m - memory: 64Mi - garage-local: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: molu8bits/s3bucket_exporter - tag: 1.0.2 - pullPolicy: IfNotPresent - env: - - name: S3_NAME - value: garage-local - - name: S3_ENDPOINT - value: http://garage-main.garage:3900 - - name: S3_ACCESS_KEY - valueFrom: - secretKeyRef: - name: s3-garage-secret - key: AWS_ACCESS_KEY_ID - - name: S3_SECRET_KEY - valueFrom: - secretKeyRef: - name: s3-garage-secret - key: AWS_SECRET_ACCESS_KEY - - name: S3_REGION - value: us-east-1 - - name: LOG_LEVEL - value: debug - - name: S3_FORCE_PATH_STYLE - value: true - resources: - requests: - cpu: 10m - memory: 64Mi - garage-remote: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: molu8bits/s3bucket_exporter - tag: 1.0.2 - pullPolicy: IfNotPresent - env: - - name: S3_NAME - value: garage-remote - - name: S3_ENDPOINT - value: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - - name: S3_ACCESS_KEY - valueFrom: - secretKeyRef: - name: s3-garage-secret - key: AWS_ACCESS_KEY_ID - - name: S3_SECRET_KEY - valueFrom: - secretKeyRef: - name: s3-garage-secret - key: AWS_SECRET_ACCESS_KEY - - name: S3_REGION - value: us-east-1 - - name: LOG_LEVEL - value: debug - - name: S3_FORCE_PATH_STYLE - value: true - resources: - requests: - cpu: 10m - memory: 64Mi - service: - digital-ocean: - controller: digital-ocean - ports: - metrics: - port: 9655 - targetPort: 9655 - protocol: TCP - ceph-directus: - controller: ceph-directus - ports: - metrics: - port: 9655 - targetPort: 9655 - protocol: TCP - garage-local: - controller: garage-local - ports: - metrics: - port: 9655 - targetPort: 9655 - protocol: TCP - garage-remote: - controller: garage-remote - ports: - metrics: - port: 9655 - targetPort: 9655 - protocol: TCP diff --git a/clusters/cl01tl/monitoring/shelly-plug/Chart.yaml b/clusters/cl01tl/monitoring/shelly-plug/Chart.yaml deleted file mode 100644 index 2678fa61b..000000000 --- a/clusters/cl01tl/monitoring/shelly-plug/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v2 -name: shelly-plug -version: 1.0.0 -description: Shelly Plug -keywords: - - shelly-plug - - metrics -home: https://wiki.alexlebens.dev/s/18b5575c-3a57-4515-89a0-b23d6df8dec4 -sources: - - https://github.com/geerlingguy/shelly-plug-prometheus - - https://hub.docker.com/_/php - - https://github.com/bjw-s/helm-charts/blob/main/charts/other/app-template/values.yaml -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: shelly-plug - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -appVersion: 1.0.0 diff --git a/clusters/cl01tl/monitoring/shelly-plug/templates/external-secret.yaml b/clusters/cl01tl/monitoring/shelly-plug/templates/external-secret.yaml deleted file mode 100644 index 5fb51c129..000000000 --- a/clusters/cl01tl/monitoring/shelly-plug/templates/external-secret.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: shelly-plug-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: shelly-plug-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: SHELLY_HTTP_USERNAME - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /shelly-plug/auth/it05sp - metadataPolicy: None - property: SHELLY_HTTP_USERNAME - - secretKey: SHELLY_HTTP_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /shelly-plug/auth/it05sp - metadataPolicy: None - property: SHELLY_HTTP_PASSWORD diff --git a/clusters/cl01tl/monitoring/shelly-plug/templates/service-monitor.yaml b/clusters/cl01tl/monitoring/shelly-plug/templates/service-monitor.yaml deleted file mode 100644 index e2070e4a4..000000000 --- a/clusters/cl01tl/monitoring/shelly-plug/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: shelly-plug - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: shelly-plug - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: shelly-plug - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: metrics - interval: 30s - scrapeTimeout: 10s - path: /metrics diff --git a/clusters/cl01tl/monitoring/shelly-plug/values.yaml b/clusters/cl01tl/monitoring/shelly-plug/values.yaml deleted file mode 100644 index e82618aa1..000000000 --- a/clusters/cl01tl/monitoring/shelly-plug/values.yaml +++ /dev/null @@ -1,74 +0,0 @@ -shelly-plug: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - initContainers: - init-fetch-repo: - securityContext: - runAsUser: 0 - image: - repository: alpine/git - tag: latest - pullPolicy: IfNotPresent - command: - - /bin/sh - - -ec - - | - cd /var/www/html - if [ -d ".git" ]; then - echo "Git repository found. Pulling latest changes..." - git pull - else - echo "Not a git repository. Initializing ..." - git init - git remote add origin https://github.com/geerlingguy/shelly-plug-prometheus.git - git fetch origin - git checkout origin/master -ft - fi - resources: - requests: - cpu: 10m - memory: 128Mi - containers: - main: - image: - repository: php - tag: 8.4.15-apache-bookworm - pullPolicy: IfNotPresent - env: - - name: SHELLY_HOSTNAME - value: it05sp.alexlebens.net - - name: SHELLY_GENERATION - value: 2 - envFrom: - - secretRef: - name: shelly-plug-config-secret - resources: - requests: - cpu: 10m - memory: 64Mi - service: - main: - controller: main - ports: - metrics: - port: 80 - targetPort: 80 - protocol: TCP - persistence: - script: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 1Gi - retain: true - advancedMounts: - main: - init-fetch-repo: - - path: /var/www/html - readOnly: false - main: - - path: /var/www/html - readOnly: false diff --git a/clusters/cl01tl/monitoring/trivy/Chart.yaml b/clusters/cl01tl/monitoring/trivy/Chart.yaml deleted file mode 100644 index fa2670382..000000000 --- a/clusters/cl01tl/monitoring/trivy/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v2 -name: trivy -version: 1.0.0 -description: Trivy -keywords: - - trivy - - vulnerability - - monitoring - - kubernetes -home: https://wiki.alexlebens.dev/s/5cffa529-4c2e-4126-99eb-cc4aeb5a49b3 -sources: - - https://github.com/aquasecurity/trivy - - https://github.com/aquasecurity/trivy-operator - - https://github.com/aquasecurity/trivy-operator/tree/main/deploy/helm -maintainers: - - name: alexlebens -dependencies: - - name: trivy-operator - version: 0.31.0 - repository: https://aquasecurity.github.io/helm-charts/ -icon: https://raw.githubusercontent.com/aquasecurity/trivy/main/docs/imgs/logo.png -appVersion: v0.26.1 diff --git a/clusters/cl01tl/monitoring/trivy/templates/namespace.yaml b/clusters/cl01tl/monitoring/trivy/templates/namespace.yaml deleted file mode 100644 index eb7c54ed8..000000000 --- a/clusters/cl01tl/monitoring/trivy/templates/namespace.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: trivy - labels: - app.kubernetes.io/name: trivy - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - pod-security.kubernetes.io/audit: privileged - pod-security.kubernetes.io/enforce: privileged - pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/monitoring/trivy/values.yaml b/clusters/cl01tl/monitoring/trivy/values.yaml deleted file mode 100644 index 3fb79d605..000000000 --- a/clusters/cl01tl/monitoring/trivy/values.yaml +++ /dev/null @@ -1,105 +0,0 @@ -trivy-operator: - targetWorkloads: "pod,replicaset,replicationcontroller,statefulset,daemonset,cronjob,job" - operator: - replicas: 1 - vulnerabilityScannerEnabled: false - sbomGenerationEnabled: false - clusterSbomCacheEnabled: false - configAuditScannerEnabled: true - rbacAssessmentScannerEnabled: true - infraAssessmentScannerEnabled: false - clusterComplianceEnabled: false - serviceMonitor: - enabled: true - trivy: - createConfig: true - image: - registry: mirror.gcr.io - repository: aquasec/trivy - tag: 0.67.2 - storageClassEnabled: true - storageClassName: ceph-block - storageSize: "5Gi" - registry: - mirror: - "registry-1.docker.io": proxy-registry-1.docker.io - "quay.io": proxy-quay.io - "registry.k8s.io": proxy-registry.k8s - "gcr.io": proxy-gcr.io - "ghcr.io": proxy-ghcr.io - "hub.docker": proxy-hub.docker - severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL - slow: true - resources: - requests: - cpu: 100m - memory: 128M - supportedConfigAuditKinds: "Workload,Service,Role,ClusterRole,NetworkPolicy,Ingress,LimitRange,ResourceQuota" - server: - resources: - requests: - cpu: 200m - memory: 512Mi - replicas: 1 - compliance: - reportType: summary - cron: 0 5 * * * - specs: - - k8s-cis-1.23 - - k8s-nsa-1.0 - - k8s-pss-baseline-0.1 - - k8s-pss-restricted-0.1 - volumeMounts: - - mountPath: /tmp - name: cache-policies - readOnly: false - volumes: - - name: cache-policies - emptyDir: {} - resources: - requests: - cpu: 100m - memory: 128Mi - nodeCollector: - tolerations: - - key: node-role.kubernetes.io/control-plane - operator: Exists - effect: NoSchedule - volumeMounts: - - name: var-lib-etcd - mountPath: /var/lib/etcd - readOnly: true - - name: var-lib-kubelet - mountPath: /var/lib/kubelet - readOnly: true - - name: var-lib-kube-scheduler - mountPath: /var/lib/kube-scheduler - readOnly: true - - name: var-lib-kube-controller-manager - mountPath: /var/lib/kube-controller-manager - readOnly: true - - name: etc-kubernetes - mountPath: /etc/kubernetes - readOnly: true - - name: etc-cni-netd - mountPath: /etc/cni/net.d/ - readOnly: true - volumes: - - name: var-lib-etcd - hostPath: - path: /var/lib/etcd - - name: var-lib-kubelet - hostPath: - path: /var/lib/kubelet - - name: var-lib-kube-scheduler - hostPath: - path: /var/lib/kube-scheduler - - name: var-lib-kube-controller-manager - hostPath: - path: /var/lib/kube-controller-manager - - name: etc-kubernetes - hostPath: - path: /etc/kubernetes - - name: etc-cni-netd - hostPath: - path: /etc/cni/net.d/ diff --git a/clusters/cl01tl/monitoring/unpoller/Chart.yaml b/clusters/cl01tl/monitoring/unpoller/Chart.yaml deleted file mode 100644 index 9bc486ece..000000000 --- a/clusters/cl01tl/monitoring/unpoller/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v2 -name: unpoller -version: 1.0.0 -description: Unpoller -keywords: - - unpoller - - ubiquiti - - unifi - - metrics -home: https://wiki.alexlebens.dev/s/cac4e7b1-3d8e-4a32-993c-c6b3f1d2c344 -sources: - - https://github.com/unpoller/unpoller - - https://github.com/unpoller/unpoller/pkgs/container/unpoller - - https://github.com/bjw-s/helm-charts/blob/main/charts/other/app-template/values.yaml -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: unpoller - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://camo.githubusercontent.com/c5d07a5b3acfeac8e1c25bf56f440ffe032b86e4e7f15de82357f022a43fc927/68747470733a2f2f756e706f6c6c65722e636f6d2f696d672f6c6f676f2e706e67 -appVersion: v2.15.3 diff --git a/clusters/cl01tl/monitoring/unpoller/templates/external-secret.yaml b/clusters/cl01tl/monitoring/unpoller/templates/external-secret.yaml deleted file mode 100644 index ac23d4f6b..000000000 --- a/clusters/cl01tl/monitoring/unpoller/templates/external-secret.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: unpoller-unifi-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: unpoller-unifi-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: UP_UNIFI_CONTROLLER_0_USER - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /unifi/auth/cl01tl - metadataPolicy: None - property: user - - secretKey: UP_UNIFI_CONTROLLER_0_PASS - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /unifi/auth/cl01tl - metadataPolicy: None - property: password diff --git a/clusters/cl01tl/monitoring/unpoller/templates/service-monitor.yaml b/clusters/cl01tl/monitoring/unpoller/templates/service-monitor.yaml deleted file mode 100644 index da65103f3..000000000 --- a/clusters/cl01tl/monitoring/unpoller/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: unpoller - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: unpoller - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: unpoller - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: metrics - interval: 30s - scrapeTimeout: 10s - path: /metrics diff --git a/clusters/cl01tl/monitoring/unpoller/values.yaml b/clusters/cl01tl/monitoring/unpoller/values.yaml deleted file mode 100644 index 06725413a..000000000 --- a/clusters/cl01tl/monitoring/unpoller/values.yaml +++ /dev/null @@ -1,55 +0,0 @@ -unpoller: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/unpoller/unpoller - tag: v2.15.4 - pullPolicy: IfNotPresent - env: - - name: UP_UNIFI_CONTROLLER_0_SAVE_ALARMS - value: 'false' - - name: UP_UNIFI_CONTROLLER_0_SAVE_ANOMALIES - value: 'false' - - name: UP_UNIFI_CONTROLLER_0_SAVE_DPI - value: 'false' - - name: UP_UNIFI_CONTROLLER_0_SAVE_EVENTS - value: 'false' - - name: UP_UNIFI_CONTROLLER_0_SAVE_IDS - value: 'false' - - name: UP_UNIFI_CONTROLLER_0_SAVE_SITES - value: 'true' - - name: UP_UNIFI_CONTROLLER_0_URL - value: https://unifi.alexlebens.net/ - - name: UP_UNIFI_CONTROLLER_0_VERIFY_SSL - value: 'false' - - name: UP_INFLUXDB_DISABLE - value: 'true' - - name: UP_PROMETHEUS_HTTP_LISTEN - value: 0.0.0.0:9130 - - name: UP_PROMETHEUS_NAMESPACE - value: unpoller - - name: UP_POLLER_DEBUG - value: 'false' - - name: UP_POLLER_QUIET - value: 'false' - envFrom: - - secretRef: - name: unpoller-unifi-secret - resources: - requests: - cpu: 10m - memory: 64Mi - service: - main: - controller: main - ports: - metrics: - port: 9130 - targetPort: 9130 - protocol: TCP diff --git a/clusters/cl01tl/platform/authentik/Chart.yaml b/clusters/cl01tl/platform/authentik/Chart.yaml deleted file mode 100644 index c861c569b..000000000 --- a/clusters/cl01tl/platform/authentik/Chart.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: v2 -name: authentik -version: 1.0.0 -description: Authentik -keywords: - - authentik - - sso - - oidc - - ldap - - idp - - authentication -home: https://wiki.alexlebens.dev/s/45ca5171-581f-41d2-b6fb-2b0915029a2d -sources: - - https://github.com/goauthentik/authentik - - https://github.com/cloudflare/cloudflared - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/goauthentik/helm - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: authentik - version: 2025.10.2 - repository: https://charts.goauthentik.io/ - - name: cloudflared - alias: cloudflared - repository: oci://harbor.alexlebens.net/helm-charts - version: 1.23.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png -appVersion: 2025.4.1 diff --git a/clusters/cl01tl/platform/authentik/templates/external-secret.yaml b/clusters/cl01tl/platform/authentik/templates/external-secret.yaml deleted file mode 100644 index a7a5e73b9..000000000 --- a/clusters/cl01tl/platform/authentik/templates/external-secret.yaml +++ /dev/null @@ -1,111 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: authentik-key-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: authentik-key-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/authentik/key - metadataPolicy: None - property: key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: authentik-cloudflared-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: authentik-cloudflared-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/authentik - metadataPolicy: None - property: token - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: authentik-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: authentik-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: authentik-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: authentik-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/platform/authentik/templates/http-route.yaml b/clusters/cl01tl/platform/authentik/templates/http-route.yaml deleted file mode 100644 index e718842d5..000000000 --- a/clusters/cl01tl/platform/authentik/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-authentik - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-authentik - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - authentik.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: authentik-server - port: 80 - weight: 100 diff --git a/clusters/cl01tl/platform/authentik/templates/ingress.yaml b/clusters/cl01tl/platform/authentik/templates/ingress.yaml deleted file mode 100644 index a3aecfa8f..000000000 --- a/clusters/cl01tl/platform/authentik/templates/ingress.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: authentik-tailscale - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: authentik-tailscale - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - tailscale.com/proxy-class: no-metrics - annotations: - tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true" -spec: - ingressClassName: tailscale - tls: - - hosts: - - auth-cl01tl - secretName: auth-cl01tl - rules: - - host: auth-cl01tl - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: authentik-server - port: - number: 80 diff --git a/clusters/cl01tl/platform/authentik/templates/redis-replication.yaml b/clusters/cl01tl/platform/authentik/templates/redis-replication.yaml deleted file mode 100644 index d2005d2fa..000000000 --- a/clusters/cl01tl/platform/authentik/templates/redis-replication.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: redis-replication-authentik - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-authentik - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - clusterSize: 3 - podSecurityContext: - runAsUser: 1000 - fsGroup: 1000 - kubernetesConfig: - image: quay.io/opstree/redis:v8.0.3 - imagePullPolicy: IfNotPresent - resources: - requests: - cpu: 50m - memory: 128Mi - storage: - volumeClaimTemplate: - spec: - storageClassName: ceph-block - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 1Gi - redisExporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.48.0 diff --git a/clusters/cl01tl/platform/authentik/templates/service-monitor.yaml b/clusters/cl01tl/platform/authentik/templates/service-monitor.yaml deleted file mode 100644 index c61f61088..000000000 --- a/clusters/cl01tl/platform/authentik/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: redis-replication-authentik - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-authentik - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - redis-operator: "true" - env: production -spec: - selector: - matchLabels: - redis_setup_type: replication - endpoints: - - port: redis-exporter - interval: 30s - scrapeTimeout: 10s diff --git a/clusters/cl01tl/platform/authentik/values.yaml b/clusters/cl01tl/platform/authentik/values.yaml deleted file mode 100644 index 2670289d3..000000000 --- a/clusters/cl01tl/platform/authentik/values.yaml +++ /dev/null @@ -1,108 +0,0 @@ -authentik: - global: - env: - - name: AUTHENTIK_SECRET_KEY - valueFrom: - secretKeyRef: - name: authentik-key-secret - key: key - - name: AUTHENTIK_POSTGRESQL__HOST - valueFrom: - secretKeyRef: - name: authentik-postgresql-17-cluster-app - key: host - - name: AUTHENTIK_POSTGRESQL__NAME - valueFrom: - secretKeyRef: - name: authentik-postgresql-17-cluster-app - key: dbname - - name: AUTHENTIK_POSTGRESQL__USER - valueFrom: - secretKeyRef: - name: authentik-postgresql-17-cluster-app - key: user - - name: AUTHENTIK_POSTGRESQL__PASSWORD - valueFrom: - secretKeyRef: - name: authentik-postgresql-17-cluster-app - key: password - authentik: - redis: - host: redis-replication-authentik-master - server: - name: server - replicas: 1 - metrics: - enabled: true - serviceMonitor: - enabled: true - ingress: - enabled: false - worker: - name: worker - replicas: 1 - prometheus: - rules: - enabled: true - postgresql: - enabled: false - redis: - enabled: false -cloudflared: - existingSecretName: authentik-cloudflared-secret -postgres-17-cluster: - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/authentik/authentik-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: authentik-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/authentik/authentik-postgresql-17-cluster - index: 1 - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/authentik/authentik-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: authentik-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/authentik/authentik-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: authentik-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 0 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/platform/external-secrets/Chart.yaml b/clusters/cl01tl/platform/external-secrets/Chart.yaml deleted file mode 100644 index c101623c7..000000000 --- a/clusters/cl01tl/platform/external-secrets/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v2 -name: external-secrets -version: 1.0.0 -description: External Secrets -keywords: - - external-secrets - - secrets - - vault -home: https://wiki.alexlebens.dev/s/d29044fb-0d63-4500-8853-2971964f356a -sources: - - https://github.com/external-secrets/external-secrets - - https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets -dependencies: - - name: external-secrets - version: 1.1.0 - repository: https://charts.external-secrets.io -icon: https://avatars.githubusercontent.com/u/68335991?s=48&v=4 -appVersion: 0.17.0 diff --git a/clusters/cl01tl/platform/external-secrets/templates/cluster-secret-store.yaml b/clusters/cl01tl/platform/external-secrets/templates/cluster-secret-store.yaml deleted file mode 100644 index eb19a37b3..000000000 --- a/clusters/cl01tl/platform/external-secrets/templates/cluster-secret-store.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ClusterSecretStore -metadata: - name: vault - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: vault - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - provider: - vault: - server: http://vault-internal.vault:8200 - path: secret - auth: - tokenSecretRef: - namespace: vault - name: vault-token - key: token diff --git a/clusters/cl01tl/platform/gitea/Chart.yaml b/clusters/cl01tl/platform/gitea/Chart.yaml deleted file mode 100644 index faaa34509..000000000 --- a/clusters/cl01tl/platform/gitea/Chart.yaml +++ /dev/null @@ -1,50 +0,0 @@ -apiVersion: v2 -name: gitea -version: 1.0.0 -description: Gitea -keywords: - - gitea - - git - - code -home: https://wiki.alexlebens.dev/s/94060f71-fd05-4f78-9af2-053f8f221acd -sources: - - https://github.com/go-gitea/gitea - - https://github.com/renovatebot/renovate - - https://github.com/Angatar/s3cmd - - https://github.com/meilisearch/meilisearch - - https://github.com/cloudflare/cloudflared - - https://github.com/cloudnative-pg/cloudnative-pg - - https://hub.docker.com/r/gitea/gitea - - https://hub.docker.com/r/renovate/renovate - - https://hub.docker.com/r/d3fk/s3cmd/ - - https://gitea.com/gitea/helm-chart - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: gitea - version: 12.4.0 - repository: https://dl.gitea.io/charts/ - - name: gitea-actions - repository: oci://harbor.alexlebens.net/helm-charts - version: 0.2.1 - - name: app-template - alias: backup - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: meilisearch - version: 0.17.1 - repository: https://meilisearch.github.io/meilisearch-kubernetes - - name: cloudflared - alias: cloudflared - repository: oci://harbor.alexlebens.net/helm-charts - version: 1.23.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/gitea.png -appVersion: 1.23.7 diff --git a/clusters/cl01tl/platform/gitea/templates/external-secret.yaml b/clusters/cl01tl/platform/gitea/templates/external-secret.yaml deleted file mode 100644 index bd9610a22..000000000 --- a/clusters/cl01tl/platform/gitea/templates/external-secret.yaml +++ /dev/null @@ -1,318 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: gitea-admin-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-admin-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: username - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/gitea/auth/admin - metadataPolicy: None - property: username - - secretKey: password - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/gitea/auth/admin - metadataPolicy: None - property: password - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: gitea-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: secret - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/gitea - metadataPolicy: None - property: secret - - secretKey: key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/gitea - metadataPolicy: None - property: client - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: gitea-runner-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-runner-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/gitea/runner - metadataPolicy: None - property: token - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: gitea-renovate-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-renovate-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: RENOVATE_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/gitea/renovate - metadataPolicy: None - property: RENOVATE_ENDPOINT - - secretKey: RENOVATE_GIT_AUTHOR - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/gitea/renovate - metadataPolicy: None - property: RENOVATE_GIT_AUTHOR - - secretKey: RENOVATE_TOKEN - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/gitea/renovate - metadataPolicy: None - property: RENOVATE_TOKEN - - secretKey: RENOVATE_GIT_PRIVATE_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/gitea/renovate - metadataPolicy: None - property: id_rsa - - secretKey: RENOVATE_GITHUB_COM_TOKEN - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /github/gitea-cl01tl - metadataPolicy: None - property: token - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: gitea-renovate-ssh-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-renovate-ssh-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: config - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/gitea/renovate - metadataPolicy: None - property: ssh_config - - secretKey: id_rsa - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/gitea/renovate - metadataPolicy: None - property: id_rsa - - secretKey: id_rsa.pub - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/gitea/renovate - metadataPolicy: None - property: id_rsa.pub - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: gitea-s3cmd-config - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-s3cmd-config - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: .s3cfg - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/gitea-backup - metadataPolicy: None - property: s3cfg - - secretKey: BUCKET - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/gitea-backup - metadataPolicy: None - property: BUCKET - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: gitea-meilisearch-master-key-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-meilisearch-master-key-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - ISSUE_INDEXER_CONN_STR: "http://:{{ `{{ .MEILI_MASTER_KEY }}` }}@gitea-meilisearch.gitea:7700/" - data: - - secretKey: MEILI_MASTER_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/gitea/meilisearch - metadataPolicy: None - property: MEILI_MASTER_KEY - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: gitea-cloudflared-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-cloudflared-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/gitea - metadataPolicy: None - property: token - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: gitea-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: gitea-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/platform/gitea/templates/http-route.yaml b/clusters/cl01tl/platform/gitea/templates/http-route.yaml deleted file mode 100644 index 40bd09aaa..000000000 --- a/clusters/cl01tl/platform/gitea/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-gitea - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-gitea - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - gitea.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: gitea-http - port: 3000 - weight: 100 diff --git a/clusters/cl01tl/platform/gitea/templates/ingress.yaml b/clusters/cl01tl/platform/gitea/templates/ingress.yaml deleted file mode 100644 index b348af72a..000000000 --- a/clusters/cl01tl/platform/gitea/templates/ingress.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: gitea-tailscale - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-tailscale - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - tailscale.com/proxy-class: no-metrics - annotations: - tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true" -spec: - ingressClassName: tailscale - tls: - - hosts: - - gitea-cl01tl - secretName: gitea-cl01tl - rules: - - host: gitea-cl01tl - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - name: gitea-http - port: - name: http diff --git a/clusters/cl01tl/platform/gitea/templates/namespace.yaml b/clusters/cl01tl/platform/gitea/templates/namespace.yaml deleted file mode 100644 index 16080cc7f..000000000 --- a/clusters/cl01tl/platform/gitea/templates/namespace.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: gitea - labels: - app.kubernetes.io/name: gitea - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - pod-security.kubernetes.io/audit: privileged - pod-security.kubernetes.io/enforce: privileged - pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/platform/gitea/templates/persistent-volume-claim.yaml b/clusters/cl01tl/platform/gitea/templates/persistent-volume-claim.yaml deleted file mode 100644 index 3569fc448..000000000 --- a/clusters/cl01tl/platform/gitea/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: gitea-nfs-storage-backup - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-nfs-storage-backup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeMode: Filesystem - storageClassName: nfs-client - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: gitea-themes-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-themes-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeMode: Filesystem - storageClassName: nfs-client - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/platform/gitea/templates/redis-replication.yaml b/clusters/cl01tl/platform/gitea/templates/redis-replication.yaml deleted file mode 100644 index 3d1f96312..000000000 --- a/clusters/cl01tl/platform/gitea/templates/redis-replication.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: redis-replication-gitea - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-gitea - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - clusterSize: 3 - podSecurityContext: - runAsUser: 1000 - fsGroup: 1000 - kubernetesConfig: - image: quay.io/opstree/redis:v8.0.3 - imagePullPolicy: IfNotPresent - resources: - requests: - cpu: 50m - memory: 128Mi - storage: - volumeClaimTemplate: - spec: - storageClassName: ceph-block - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 10Gi - redisExporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.48.0 - ---- -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: redis-replication-renovate - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-renovate - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - clusterSize: 3 - podSecurityContext: - runAsUser: 1000 - fsGroup: 1000 - kubernetesConfig: - image: quay.io/opstree/redis:v8.0.3 - imagePullPolicy: IfNotPresent - resources: - requests: - cpu: 50m - memory: 128Mi - storage: - volumeClaimTemplate: - spec: - storageClassName: ceph-block - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 1Gi - redisExporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.48.0 diff --git a/clusters/cl01tl/platform/gitea/templates/role-binding.yaml b/clusters/cl01tl/platform/gitea/templates/role-binding.yaml deleted file mode 100644 index 8d08e52a7..000000000 --- a/clusters/cl01tl/platform/gitea/templates/role-binding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: gitea-backup - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-backup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: gitea-backup -subjects: - - kind: ServiceAccount - name: gitea-backup - namespace: {{ .Release.Namespace }} diff --git a/clusters/cl01tl/platform/gitea/templates/role.yaml b/clusters/cl01tl/platform/gitea/templates/role.yaml deleted file mode 100644 index 073f24301..000000000 --- a/clusters/cl01tl/platform/gitea/templates/role.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: gitea-backup - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-backup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -rules: - - apiGroups: - - "" - resources: - - pods - - pods/exec - verbs: - - create - - list - - apiGroups: - - apps - resources: - - deployments - verbs: - - get - - list diff --git a/clusters/cl01tl/platform/gitea/templates/service-monitor.yaml b/clusters/cl01tl/platform/gitea/templates/service-monitor.yaml deleted file mode 100644 index 2285c010e..000000000 --- a/clusters/cl01tl/platform/gitea/templates/service-monitor.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: gitea - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: gitea - app.kubernetes.io/instance: {{ .Release.Name }} - matchExpressions: - - { key: app.kubernetes.io/controller, operator: NotIn, values: [backup] } - endpoints: - - port: http - ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: redis-replication-gitea - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-gitea - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - redis-operator: "true" - env: production -spec: - selector: - matchLabels: - redis_setup_type: replication - endpoints: - - port: redis-exporter - interval: 30s - scrapeTimeout: 10s diff --git a/clusters/cl01tl/platform/gitea/templates/tcp-route.yaml b/clusters/cl01tl/platform/gitea/templates/tcp-route.yaml deleted file mode 100644 index 804198798..000000000 --- a/clusters/cl01tl/platform/gitea/templates/tcp-route.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1alpha2 -kind: TCPRoute -metadata: - name: tcp-route-gitea-ssh - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: tcp-route-gitea-ssh - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - sectionName: ssh - rules: - - backendRefs: - - group: '' - kind: Service - name: gitea-ssh - port: 22 - weight: 100 diff --git a/clusters/cl01tl/platform/gitea/values.yaml b/clusters/cl01tl/platform/gitea/values.yaml deleted file mode 100644 index a3837548c..000000000 --- a/clusters/cl01tl/platform/gitea/values.yaml +++ /dev/null @@ -1,378 +0,0 @@ -gitea: - global: - imageRegistry: registry.hub.docker.com - replicaCount: 3 - image: - repository: gitea/gitea - tag: 1.25.2 - service: - http: - type: ClusterIP - port: 3000 - clusterIP: 10.103.160.139 - ssh: - type: ClusterIP - port: 22 - clusterIP: 10.103.160.140 - ingress: - enabled: false - persistence: - storageClass: ceph-filesystem - size: 40Gi - accessModes: - - ReadWriteMany - extraVolumes: - - name: gitea-nfs-storage-backup - persistentVolumeClaim: - claimName: gitea-nfs-storage-backup - - name: gitea-themes-storage - persistentVolumeClaim: - claimName: gitea-themes-storage - extraInitVolumeMounts: - - name: gitea-themes-storage - readOnly: false - mountPath: /data/gitea/public/assets/css - extraContainerVolumeMounts: - - mountPath: /opt/backup - name: gitea-nfs-storage-backup - readOnly: false - - name: gitea-themes-storage - readOnly: true - mountPath: /data/gitea/public/assets/css - initPreScript: | - wget https://github.com/catppuccin/gitea/releases/latest/download/catppuccin-gitea.tar.gz; - tar -xvzf catppuccin-gitea.tar.gz -C /data/gitea/public/assets/css; - rm catppuccin-gitea.tar.gz; - gitea: - metrics: - enabled: true - serviceMonitor: - enabled: false - oauth: - - name: Authentik - provider: openidConnect - existingSecret: gitea-oidc-secret - autoDiscoverUrl: https://auth.alexlebens.dev/application/o/gitea/.well-known/openid-configuration - iconUrl: https://goauthentik.io/img/icon.png - scopes: "email profile" - config: - APP_NAME: Gitea - server: - PROTOCOL: http - DOMAIN: gitea.alexlebens.dev - ROOT_URL: https://gitea.alexlebens.dev - LOCAL_ROOT_URL: http://gitea-http.gitea.svc.cluster.local:3000 - START_SSH_SERVER: true - SSH_DOMAIN: gitea.alexlebens.net - SSH_PORT: 22 - SSH_LISTEN_PORT: 22 - ENABLE_PPROF: true - LANDING_PAGE: explore - database: - DB_TYPE: postgres - SCHEMA: public - oauth2_client: - ENABLE_AUTO_REGISTRATION: true - cache: - ENABLED: true - ADAPTER: redis - HOST: redis://redis-replication-gitea-master.gitea:6379 - queue: - TYPE: redis - CONN_STR: redis://redis-replication-gitea-master.gitea:6379 - session: - PROVIDER: redis - PROVIDER_CONFIG: redis://redis-replication-gitea-master.gitea:6379 - indexer: - ISSUE_INDEXER_ENABLED: true - ISSUE_INDEXER_TYPE: meilisearch - REPO_INDEXER_ENABLED: false - actions: - ENABLED: true - service: - REGISTER_MANUAL_CONFIRM: true - SHOW_REGISTRATION_BUTTON: false - ALLOW_ONLY_EXTERNAL_REGISTRATION: true - explore: - REQUIRE_SIGNIN_VIEW: true - webhook: - ALLOWED_HOST_LIST: private - ui: - DEFAULT_THEME: gitea-auto - THEMES: gitea-light,gitea-dark,gitea-auto,catppuccin-rosewater-auto,catppuccin-flamingo-auto,catppuccin-pink-auto,catppuccin-mauve-auto,catppuccin-red-auto,catppuccin-maroon-auto,catppuccin-peach-auto,catppuccin-yellow-auto,catppuccin-green-auto,catppuccin-teal-auto,catppuccin-sky-auto,catppuccin-sapphire-auto,catppuccin-blue-auto,catppuccin-lavender-auto,catppuccin-latte-rosewater,catppuccin-latte-flamingo,catppuccin-latte-pink,catppuccin-latte-mauve,catppuccin-latte-red,catppuccin-latte-maroon,catppuccin-latte-peach,catppuccin-latte-yellow,catppuccin-latte-green,catppuccin-latte-teal,catppuccin-latte-sky,catppuccin-latte-sapphire,catppuccin-latte-blue,catppuccin-latte-lavender,catppuccin-frappe-rosewater,catppuccin-frappe-flamingo,catppuccin-frappe-pink,catppuccin-frappe-mauve,catppuccin-frappe-red,catppuccin-frappe-maroon,catppuccin-frappe-peach,catppuccin-frappe-yellow,catppuccin-frappe-green,catppuccin-frappe-teal,catppuccin-frappe-sky,catppuccin-frappe-sapphire,catppuccin-frappe-blue,catppuccin-frappe-lavender,catppuccin-macchiato-rosewater,catppuccin-macchiato-flamingo,catppuccin-macchiato-pink,catppuccin-macchiato-mauve,catppuccin-macchiato-red,catppuccin-macchiato-maroon,catppuccin-macchiato-peach,catppuccin-macchiato-yellow,catppuccin-macchiato-green,catppuccin-macchiato-teal,catppuccin-macchiato-sky,catppuccin-macchiato-sapphire,catppuccin-macchiato-blue,catppuccin-macchiato-lavender,catppuccin-mocha-rosewater,catppuccin-mocha-flamingo,catppuccin-mocha-pink,catppuccin-mocha-mauve,catppuccin-mocha-red,catppuccin-mocha-maroon,catppuccin-mocha-peach,catppuccin-mocha-yellow,catppuccin-mocha-green,catppuccin-mocha-teal,catppuccin-mocha-sky,catppuccin-mocha-sapphire,catppuccin-mocha-blue,catppuccin-mocha-lavender - mirror: - DEFAULT_INTERVAL: 10m - repo-archive: - ENABLED: false - additionalConfigFromEnvs: - - name: GITEA__DATABASE__HOST - valueFrom: - secretKeyRef: - name: gitea-postgresql-17-cluster-app - key: host - - name: GITEA__DATABASE__NAME - valueFrom: - secretKeyRef: - name: gitea-postgresql-17-cluster-app - key: dbname - - name: GITEA__DATABASE__USER - valueFrom: - secretKeyRef: - name: gitea-postgresql-17-cluster-app - key: user - - name: GITEA__DATABASE__PASSWD - valueFrom: - secretKeyRef: - name: gitea-postgresql-17-cluster-app - key: password - - name: GITEA__INDEXER__ISSUE_INDEXER_CONN_STR - valueFrom: - secretKeyRef: - name: gitea-meilisearch-master-key-secret - key: ISSUE_INDEXER_CONN_STR - valkey-cluster: - enabled: false - valkey: - enabled: false - postgresql-ha: - enabled: false - postgresql: - enabled: false -gitea-actions: - enabled: true - global: - fullnameOverride: gitea-actions - statefulset: - replicas: 6 - actRunner: - repository: gitea/act_runner - tag: 0.2.13 - config: | - log: - level: debug - cache: - enabled: false - runner: - labels: - - "ubuntu-latest:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-24.04" - - "ubuntu-js:docker://harbor.alexlebens.net/proxy-ghcr.io/catthehacker/ubuntu:js-24.04" - - "ubuntu-24.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-24.04" - - "ubuntu-22.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-22.04" - dind: - repository: docker - tag: 25.0.2-dind - persistence: - storageClass: ceph-block - size: 5Gi - init: - image: - repository: busybox - tag: "1.37.0" - existingSecret: gitea-runner-secret - existingSecretKey: token - giteaRootURL: http://gitea-http.gitea:3000 -backup: - global: - fullnameOverride: gitea-backup - controllers: - backup: - type: cronjob - cronjob: - suspend: false - concurrencyPolicy: Forbid - timeZone: US/Central - schedule: 0 4 */2 * * - startingDeadlineSeconds: 90 - successfulJobsHistory: 3 - failedJobsHistory: 3 - backoffLimit: 3 - parallelism: 1 - serviceAccount: - name: gitea-backup - pod: - automountServiceAccountToken: true - initContainers: - backup: - image: - repository: bitnami/kubectl - tag: latest - pullPolicy: IfNotPresent - command: - - sh - args: - - -ec - - | - kubectl exec -it deploy/gitea -n gitea -- rm -f /opt/backup/gitea-backup.zip; - kubectl exec -it deploy/gitea -n gitea -- /app/gitea/gitea dump -c /data/gitea/conf/app.ini --file /opt/backup/gitea-backup.zip; - resources: - requests: - cpu: 100m - memory: 128Mi - containers: - s3-backup: - image: - repository: d3fk/s3cmd - tag: latest@sha256:7bdbd33bb3d044884598898b9e9b383385759fbd6ebf52888700bd9b0e0fab91 - pullPolicy: IfNotPresent - command: - - /bin/sh - args: - - -ec - - | - echo ">> Running S3 backup for Gitea" - s3cmd put --no-check-md5 --no-check-certificate -v /opt/backup/gitea-backup.zip ${BUCKET}/cl01tl/gitea-backup-$(date +"%Y%m%d-%H-%M").zip; - mv /opt/backup/gitea-backup.zip /opt/backup/gitea-backup-$(date +"%Y%m%d-%H-%M").zip; - echo ">> Completed S3 backup for Gitea" - env: - - name: BUCKET - valueFrom: - secretKeyRef: - name: gitea-s3cmd-config - key: BUCKET - resources: - requests: - cpu: 100m - memory: 128Mi - s3-prune: - image: - repository: d3fk/s3cmd - tag: latest@sha256:7bdbd33bb3d044884598898b9e9b383385759fbd6ebf52888700bd9b0e0fab91 - pullPolicy: IfNotPresent - command: - - /bin/sh - args: - - -ec - - | - export DATE_RANGE=$(date -d @$(( $(date +%s) - 604800 )) +%Y%m%d); - export FILE_MATCH="$BUCKET/cl01tl/gitea-backup-$DATE_RANGE-09-00.zip" - echo ">> Running S3 prune for Gitea backup repository" - echo ">> Backups prior to '$DATE_RANGE' will be removed" - echo ">> Backups to be removed:" - s3cmd ls ${BUCKET}/cl01tl/ | - awk -v file_match="$FILE_MATCH" '$4 < file_match {print $4}' - echo ">> Deleting ..." - s3cmd ls ${BUCKET}/cl01tl/ | - awk -v file_match="$FILE_MATCH" '$4 < file_match {print $4}' | - while read file; do - s3cmd del "$file"; - done; - echo ">> Completed S3 prune for Gitea backup repository" - env: - - name: BUCKET - valueFrom: - secretKeyRef: - name: gitea-s3cmd-config - key: BUCKET - resources: - requests: - cpu: 100m - memory: 128Mi - serviceAccount: - gitea-backup: - enabled: true - persistence: - config: - existingClaim: gitea-nfs-storage-backup - advancedMounts: - backup: - s3-backup: - - path: /opt/backup - readOnly: false - s3cmd-config: - enabled: true - type: secret - name: gitea-s3cmd-config - advancedMounts: - backup: - s3-backup: - - path: /root/.s3cfg - readOnly: true - mountPropagation: None - subPath: .s3cfg - s3-prune: - - path: /root/.s3cfg - readOnly: true - mountPropagation: None - subPath: .s3cfg -meilisearch: - environment: - MEILI_NO_ANALYTICS: true - MEILI_ENV: production - MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true - auth: - existingMasterKeySecret: gitea-meilisearch-master-key-secret - service: - type: ClusterIP - port: 7700 - persistence: - enabled: true - storageClass: ceph-block - size: 5Gi - resources: - requests: - cpu: 10m - memory: 128Mi - serviceMonitor: - enabled: true -cloudflared: - existingSecretName: gitea-cloudflared-secret -postgres-17-cluster: - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - resources: - requests: - memory: 1Gi - cpu: 200m - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/gitea/gitea-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: gitea-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/gitea/gitea-postgresql-17-cluster - index: 1 - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/gitea/gitea-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: gitea-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/gitea/gitea-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: gitea-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 0 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/platform/matrix-synapse/Chart.yaml b/clusters/cl01tl/platform/matrix-synapse/Chart.yaml deleted file mode 100644 index c08cc3917..000000000 --- a/clusters/cl01tl/platform/matrix-synapse/Chart.yaml +++ /dev/null @@ -1,59 +0,0 @@ -apiVersion: v2 -name: matrix-synapse -version: 1.0.0 -description: Matrix Synapse -keywords: - - matrix-synapse - - matrix - - chat - - bridge - - matrix-hookshot - - mautrix-discord - - mautrix-whatsapp -home: https://wiki.alexlebens.dev/s/bd7e7f66-136a-41b8-8144-847bacbb3059 -sources: - - https://github.com/element-hq/synapse - - https://github.com/matrix-org/matrix-hookshot - - https://github.com/mautrix/discord - - https://github.com/mautrix/whatsapp - - https://github.com/cloudflare/cloudflared - - https://github.com/cloudnative-pg/cloudnative-pg - - https://hub.docker.com/r/halfshot/matrix-hookshot - - https://mau.dev/mautrix/discord/container_registry - - https://mau.dev/mautrix/whatsapp/container_registry - - https://gitlab.com/ananace/charts/-/tree/master/charts/matrix-synapse - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: matrix-synapse - version: 3.12.16 - repository: https://ananace.gitlab.io/charts - - name: app-template - alias: matrix-hookshot - version: 4.4.0 - repository: https://bjw-s-labs.github.io/helm-charts/ - # - name: app-template - # alias: mautrix-discord - # repository: https://bjw-s-labs.github.io/helm-charts/ - # version: 4.0.1 - # - name: app-template - # alias: mautrix-whatsapp - # repository: https://bjw-s-labs.github.io/helm-charts/ - # version: 4.0.1 - - name: cloudflared - alias: cloudflared-synapse - version: 1.23.0 - repository: oci://harbor.alexlebens.net/helm-charts - - name: cloudflared - alias: cloudflared-hookshot - version: 1.23.0 - repository: oci://harbor.alexlebens.net/helm-charts - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/matrix.png -appVersion: 1.129.0 diff --git a/clusters/cl01tl/platform/matrix-synapse/templates/external-secret.yaml b/clusters/cl01tl/platform/matrix-synapse/templates/external-secret.yaml deleted file mode 100644 index d3a8c9f91..000000000 --- a/clusters/cl01tl/platform/matrix-synapse/templates/external-secret.yaml +++ /dev/null @@ -1,481 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: matrix-synapse-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: matrix-synapse-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: oidc.yaml - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/matrix-synapse/config - metadataPolicy: None - property: oidc.yaml - - secretKey: config.yaml - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/matrix-synapse/config - metadataPolicy: None - property: config.yaml - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: matrix-synapse-signingkey - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: matrix-synapse-signingkey - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: signing.key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/matrix-synapse/config - metadataPolicy: None - property: signing-key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: matrix-hookshot-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: matrix-hookshot-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: config.yml - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/matrix-synapse/hookshot - metadataPolicy: None - property: config - - secretKey: registration.yml - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/matrix-synapse/hookshot - metadataPolicy: None - property: registration - - secretKey: hookshot-registration.yaml - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/matrix-synapse/hookshot - metadataPolicy: None - property: registration - - secretKey: passkey.pem - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/matrix-synapse/hookshot - metadataPolicy: None - property: passkey - -# --- -# apiVersion: external-secrets.io/v1 -# kind: ExternalSecret -# metadata: -# name: mautrix-discord-config-secret -# namespace: {{ .Release.Namespace }} - # labels: - # app.kubernetes.io/name: {{ .Release.Name }} - # app.kubernetes.io/instance: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# data: -# - secretKey: config.yaml -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/matrix-synapse/mautrix-discord -# metadataPolicy: None -# property: config -# - secretKey: mautrix-discord-registration.yaml -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/matrix-synapse/mautrix-discord -# metadataPolicy: None -# property: registration - -# --- -# apiVersion: external-secrets.io/v1 -# kind: ExternalSecret -# metadata: -# name: mautrix-whatsapp-config-secret -# namespace: {{ .Release.Namespace }} - # labels: - # app.kubernetes.io/name: {{ .Release.Name }} - # app.kubernetes.io/instance: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# data: -# - secretKey: config.yaml -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/matrix-synapse/mautrix-whatsapp -# metadataPolicy: None -# property: config -# - secretKey: mautrix-whatsapp-registration.yaml -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/matrix-synapse/mautrix-whatsapp -# metadataPolicy: None -# property: registration - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: double-puppet-registration-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: double-puppet-registration-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: double-puppet-registration.yaml - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/matrix-synapse/double-puppet - metadataPolicy: None - property: registration - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: matrix-synapse-redis-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: matrix-synapse-redis-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: password - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/matrix-synapse/redis - metadataPolicy: None - property: password - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: matrix-synapse-cloudflared-synapse-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: matrix-synapse-cloudflared-synapse-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/matrix-synapse - metadataPolicy: None - property: token - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: matrix-synapse-cloudflared-hookshot-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: matrix-synapse-cloudflared-hookshot-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/matrix-hookshot - metadataPolicy: None - property: token - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: matrix-synapse-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: matrix-synapse-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/matrix-synapse/matrix-synapse" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - -# --- -# apiVersion: external-secrets.io/v1 -# kind: ExternalSecret -# metadata: -# name: mautrix-discord-data-backup-secret -# namespace: {{ .Release.Namespace }} - # labels: - # app.kubernetes.io/name: {{ .Release.Name }} - # app.kubernetes.io/instance: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/matrix-synapse/mautrix-discord-data" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key - -# --- -# apiVersion: external-secrets.io/v1 -# kind: ExternalSecret -# metadata: -# name: mautrix-whatsapp-data-backup-secret -# namespace: {{ .Release.Namespace }} - # labels: - # app.kubernetes.io/name: {{ .Release.Name }} - # app.kubernetes.io/instance: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/matrix-synapse/mautrix-whatsapp-data" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: matrix-synapse-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: matrix-synapse-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: matrix-synapse-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: matrix-synapse-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/platform/matrix-synapse/templates/redis-replication.yaml b/clusters/cl01tl/platform/matrix-synapse/templates/redis-replication.yaml deleted file mode 100644 index 1f85cd571..000000000 --- a/clusters/cl01tl/platform/matrix-synapse/templates/redis-replication.yaml +++ /dev/null @@ -1,69 +0,0 @@ -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: redis-replication-matrix-synapse - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-matrix-synapse - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - clusterSize: 3 - podSecurityContext: - runAsUser: 1000 - fsGroup: 1000 - kubernetesConfig: - image: quay.io/opstree/redis:v8.0.3 - imagePullPolicy: IfNotPresent - redisSecret: - name: matrix-synapse-redis-secret - key: password - resources: - requests: - cpu: 50m - memory: 128Mi - storage: - volumeClaimTemplate: - spec: - storageClassName: ceph-block - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 1Gi - redisExporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.48.0 - ---- -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: redis-replication-hookshot - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-hookshot - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - clusterSize: 3 - podSecurityContext: - runAsUser: 1000 - fsGroup: 1000 - kubernetesConfig: - image: quay.io/opstree/redis:v8.0.3 - imagePullPolicy: IfNotPresent - resources: - requests: - cpu: 50m - memory: 128Mi - storage: - volumeClaimTemplate: - spec: - storageClassName: ceph-block - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 1Gi - redisExporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.48.0 diff --git a/clusters/cl01tl/platform/matrix-synapse/templates/replication-source.yaml b/clusters/cl01tl/platform/matrix-synapse/templates/replication-source.yaml deleted file mode 100644 index b507d4c91..000000000 --- a/clusters/cl01tl/platform/matrix-synapse/templates/replication-source.yaml +++ /dev/null @@ -1,85 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: matrix-synapse-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: matrix-synapse-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: matrix-synapse - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: matrix-synapse-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot - -# --- -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: mautrix-discord-data-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: mautrix-discord-data-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: mautrix-discord-data -# trigger: -# schedule: 0 4 * * * -# restic: -# pruneIntervalDays: 7 -# repository: mautrix-discord-data-backup-secret -# retain: -# hourly: 1 -# daily: 3 -# weekly: 2 -# monthly: 2 -# yearly: 4 -# moverSecurityContext: -# runAsUser: 1337 -# runAsGroup: 1337 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot - -# --- -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: mautrix-whatsapp-data-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: mautrix-whatsapp-data-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: mautrix-whatsapp-data -# trigger: -# schedule: 0 4 * * * -# restic: -# pruneIntervalDays: 7 -# repository: mautrix-whatsapp-data-backup-secret -# retain: -# hourly: 1 -# daily: 3 -# weekly: 2 -# monthly: 2 -# yearly: 4 -# moverSecurityContext: -# runAsUser: 1337 -# runAsGroup: 1337 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/platform/matrix-synapse/templates/service-monitor.yaml b/clusters/cl01tl/platform/matrix-synapse/templates/service-monitor.yaml deleted file mode 100644 index 99fc2e158..000000000 --- a/clusters/cl01tl/platform/matrix-synapse/templates/service-monitor.yaml +++ /dev/null @@ -1,61 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: matrix-synapse - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: matrix-synapse - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: matrix-synapse - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - targetPort: 9090 - interval: 3m - scrapeTimeout: 1m - path: /_synapse/metrics - ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: matrix-hookshot - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: matrix-hookshot - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: matrix-hookshot - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - targetPort: 9001 - interval: 3m - scrapeTimeout: 1m - path: /metrics - ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: redis-replication-matrix-synapse - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-matrix-synapse - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - redis-operator: "true" - env: production -spec: - selector: - matchLabels: - redis_setup_type: replication - endpoints: - - port: redis-exporter - interval: 30s - scrapeTimeout: 10s diff --git a/clusters/cl01tl/platform/matrix-synapse/values.yaml b/clusters/cl01tl/platform/matrix-synapse/values.yaml deleted file mode 100644 index 328cb6dc1..000000000 --- a/clusters/cl01tl/platform/matrix-synapse/values.yaml +++ /dev/null @@ -1,355 +0,0 @@ -matrix-synapse: - serverName: alexlebens.dev - publicServerName: matrix.alexlebens.dev - argoCD: true - signingkey: - job: - enabled: false - existingSecret: matrix-synapse-signingkey - existingSecretKey: signing.key - config: - reportStats: false - enableRegistration: true - trustedKeyServers: [] - extraConfig: - enable_metrics: true - enable_registration_without_verification: true - password_config: - enabled: false - sso: - client_whitelist: - - https://chat.alexlebens.dev/ - update_profile_information: true - synapse: - strategy: - type: Recreate - extraVolumes: - - name: matrix-synapse-config-secret - secret: - secretName: matrix-synapse-config-secret - - name: matrix-hookshot-config-secret - secret: - secretName: matrix-hookshot-config-secret - # - name: mautrix-discord-config-secret - # secret: - # secretName: mautrix-discord-config-secret - # - name: mautrix-whatsapp-config-secret - # secret: - # secretName: mautrix-whatsapp-config-secret - - name: double-puppet-registration-secret - secret: - secretName: double-puppet-registration-secret - extraVolumeMounts: - - name: matrix-synapse-config-secret - mountPath: /synapse/config/conf.d/oidc.yaml - subPath: oidc.yaml - readOnly: true - - name: matrix-synapse-config-secret - mountPath: /synapse/config/conf.d/config.yaml - subPath: config.yaml - readOnly: true - - name: matrix-hookshot-config-secret - mountPath: /synapse/config/conf.d/hookshot-registration.yaml - subPath: hookshot-registration.yaml - readOnly: true - # - name: mautrix-discord-config-secret - # mountPath: /synapse/config/conf.d/mautrix-discord-registration.yaml - # subPath: mautrix-discord-registration.yaml - # readOnly: true - # - name: mautrix-whatsapp-config-secret - # mountPath: /synapse/config/conf.d/mautrix-whatsapp-registration.yaml - # subPath: mautrix-whatsapp-registration.yaml - # readOnly: true - - name: double-puppet-registration-secret - mountPath: /synapse/config/conf.d/double-puppet-registration.yaml - subPath: double-puppet-registration.yaml - readOnly: true - resources: - requests: - cpu: 10m - memory: 128Mi - workers: - default: - replicaCount: 0 - generic_worker: - enabled: false - pusher: - enabled: false - appservice: - enabled: false - federation_sender: - enabled: false - media_repository: - enabled: false - user_dir: - enabled: false - wellknown: - enabled: true - server: - m.server: matrix.alexlebens.dev:443 - client: - m.homeserver: - base_url: https://matrix.alexlebens.dev - postgresql: - enabled: false - externalPostgresql: - host: matrix-synapse-postgresql-17-cluster-rw - port: 5432 - username: app - database: app - existingSecret: matrix-synapse-postgresql-17-cluster-app - existingSecretPasswordKey: password - redis: - enabled: false - externalRedis: - host: redis-replication-matrix-synapse-master - port: 6379 - existingSecret: matrix-synapse-redis-secret - existingSecretPasswordKey: password - persistence: - enabled: true - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 10Gi - volumePermissions: - enabled: true - uid: 666 - gid: 666 - ingress: - enabled: false -matrix-hookshot: - global: - fullnameOverride: matrix-hookshot - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: halfshot/matrix-hookshot - tag: 7.2.0 - pullPolicy: IfNotPresent - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - webhook: - port: 9000 - targetPort: 9000 - protocol: HTTP - metrics: - port: 9001 - targetPort: 9001 - protocol: HTTP - appservice: - port: 9002 - targetPort: 9002 - protocol: HTTP - homeserver: - port: 9993 - targetPort: 9993 - protocol: HTTP - persistence: - config: - enabled: true - type: secret - name: matrix-hookshot-config-secret - advancedMounts: - main: - main: - - path: /data/config.yml - readOnly: true - mountPropagation: None - subPath: config.yml - registration: - enabled: true - type: secret - name: matrix-hookshot-config-secret - advancedMounts: - main: - main: - - path: /data/registration.yml - readOnly: true - mountPropagation: None - subPath: registration.yml - passkey: - enabled: true - type: secret - name: matrix-hookshot-config-secret - advancedMounts: - main: - main: - - path: /data/passkey.pem - readOnly: true - mountPropagation: None - subPath: passkey.pem -mautrix-discord: - global: - fullnameOverride: mautrix-discord - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: dock.mau.dev/mautrix/discord - tag: v0.7.5 - pullPolicy: IfNotPresent - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 29334 - targetPort: 29334 - protocol: HTTP - persistence: - data: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 500Mi - retain: true - advancedMounts: - main: - main: - - path: /data - readOnly: false - config: - enabled: true - type: secret - name: mautrix-discord-config-secret - advancedMounts: - main: - main: - - path: /data/config.yaml - readOnly: true - mountPropagation: None - subPath: config.yaml -mautrix-whatsapp: - global: - fullnameOverride: mautrix-whatsapp - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: dock.mau.dev/mautrix/whatsapp - tag: v0.2511.0 - pullPolicy: IfNotPresent - resources: - requests: - cpu: 10m - memory: 64Mi - service: - main: - controller: main - ports: - http: - port: 29333 - targetPort: 29333 - protocol: HTTP - persistence: - data: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 500Mi - retain: true - advancedMounts: - main: - main: - - path: /data - readOnly: false - config: - enabled: true - type: secret - name: mautrix-whatsapp-config-secret - advancedMounts: - main: - main: - - path: /data/config.yaml - readOnly: true - mountPropagation: None - subPath: config.yaml -cloudflared-synapse: - name: cloudflared-synapse - existingSecretName: matrix-synapse-cloudflared-synapse-secret -cloudflared-hookshot: - name: cloudflared-hookshot - existingSecretName: matrix-synapse-cloudflared-hookshot-secret -postgres-17-cluster: - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - resources: - requests: - cpu: 200m - monitoring: - enabled: true - prometheusRule: - enabled: true - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/matrix-synapse/matrix-synapse-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: matrix-synapse-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/matrix-synapse/matrix-synapse-postgresql-17-cluster - index: 2 - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/matrix-synapse/matrix-synapse-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: matrix-synapse-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/matrix-synapse/matrix-synapse-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: matrix-synapse-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 0 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/platform/n8n/Chart.yaml b/clusters/cl01tl/platform/n8n/Chart.yaml deleted file mode 100644 index 043691c31..000000000 --- a/clusters/cl01tl/platform/n8n/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v2 -name: n8n -version: 1.0.0 -description: n8n -keywords: - - n8n - - automation -home: https://wiki.alexlebens.dev/s/e4544bd4-c66a-420c-8020-c54b2078181a -sources: - - https://github.com/n8n-io/n8n - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/n8n-io/n8n/pkgs/container/n8n - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: n8n - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/n8n.png -appVersion: 1.93.0 diff --git a/clusters/cl01tl/platform/n8n/templates/external-secret.yaml b/clusters/cl01tl/platform/n8n/templates/external-secret.yaml deleted file mode 100644 index 136c7dd02..000000000 --- a/clusters/cl01tl/platform/n8n/templates/external-secret.yaml +++ /dev/null @@ -1,88 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: n8n-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: n8n-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/n8n/config - metadataPolicy: None - property: key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: n8n-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: n8n-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: n8n-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: n8n-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/platform/n8n/templates/http-route.yaml b/clusters/cl01tl/platform/n8n/templates/http-route.yaml deleted file mode 100644 index 74ebf0111..000000000 --- a/clusters/cl01tl/platform/n8n/templates/http-route.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-n8n - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-n8n - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - n8n.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - - path: - type: PathPrefix - value: /webhook-test/ - backendRefs: - - group: '' - kind: Service - name: n8n-main - port: 80 - weight: 100 - - matches: - - path: - type: PathPrefix - value: /webhook/ - - path: - type: PathPrefix - value: /webhook-waiting/ - - path: - type: PathPrefix - value: /form/ - backendRefs: - - group: '' - kind: Service - name: n8n-webhook - port: 80 - weight: 100 diff --git a/clusters/cl01tl/platform/n8n/templates/redis-replication.yaml b/clusters/cl01tl/platform/n8n/templates/redis-replication.yaml deleted file mode 100644 index f112879c1..000000000 --- a/clusters/cl01tl/platform/n8n/templates/redis-replication.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: redis-replication-n8n - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-n8n - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - clusterSize: 3 - podSecurityContext: - runAsUser: 1000 - fsGroup: 1000 - kubernetesConfig: - image: quay.io/opstree/redis:v8.0.3 - imagePullPolicy: IfNotPresent - resources: - requests: - cpu: 50m - memory: 128Mi - storage: - volumeClaimTemplate: - spec: - storageClassName: ceph-block - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 1Gi - redisExporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.48.0 diff --git a/clusters/cl01tl/platform/n8n/templates/service-monitor.yaml b/clusters/cl01tl/platform/n8n/templates/service-monitor.yaml deleted file mode 100644 index 887e70323..000000000 --- a/clusters/cl01tl/platform/n8n/templates/service-monitor.yaml +++ /dev/null @@ -1,82 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: n8n-main - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: n8n-main - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: n8n-main - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: http - interval: 3m - scrapeTimeout: 1m - path: /metrics - ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: n8n-worker - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: n8n-worker - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: n8n-worker - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: http - interval: 3m - scrapeTimeout: 1m - path: /metrics - ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: n8n-webhook - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: n8n-webhook - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: n8n-webhook - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: http - interval: 3m - scrapeTimeout: 1m - path: /metrics - ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: redis-replication-n8n - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-n8n - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - redis-operator: "true" - env: production -spec: - selector: - matchLabels: - redis_setup_type: replication - endpoints: - - port: redis-exporter - interval: 30s - scrapeTimeout: 10s diff --git a/clusters/cl01tl/platform/n8n/values.yaml b/clusters/cl01tl/platform/n8n/values.yaml deleted file mode 100644 index 9104843d5..000000000 --- a/clusters/cl01tl/platform/n8n/values.yaml +++ /dev/null @@ -1,371 +0,0 @@ -n8n: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/n8n-io/n8n - tag: 1.121.2 - pullPolicy: IfNotPresent - env: - - name: GENERIC_TIMEZONE - value: US/Central - - name: DB_TYPE - value: postgresdb - - name: DB_POSTGRESDB_DATABASE - valueFrom: - secretKeyRef: - name: n8n-postgresql-17-cluster-app - key: dbname - - name: DB_POSTGRESDB_HOST - valueFrom: - secretKeyRef: - name: n8n-postgresql-17-cluster-app - key: host - - name: DB_POSTGRESDB_PORT - valueFrom: - secretKeyRef: - name: n8n-postgresql-17-cluster-app - key: port - - name: DB_POSTGRESDB_USER - valueFrom: - secretKeyRef: - name: n8n-postgresql-17-cluster-app - key: user - - name: DB_POSTGRESDB_PASSWORD - valueFrom: - secretKeyRef: - name: n8n-postgresql-17-cluster-app - key: password - - name: N8N_METRICS - value: true - - name: QUEUE_HEALTH_CHECK_ACTIVE - value: true - - name: EXECUTIONS_MODE - value: queue - - name: QUEUE_BULL_REDIS_HOST - value: redis-replication-n8n-master.n8n - - name: N8N_ENCRYPTION_KEY - valueFrom: - secretKeyRef: - name: n8n-config-secret - key: key - - name: WEBHOOK_URL - value: https://n8n.alexlebens.net/ - probes: - liveness: - enabled: true - custom: true - spec: - httpGet: - path: /healthz - port: 5678 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - readiness: - enabled: true - custom: true - spec: - httpGet: - path: /healthz/readiness - port: 5678 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - resources: - requests: - cpu: 10m - memory: 128Mi - worker: - type: daemonset - revisionHistoryLimit: 3 - pod: - nodeSelector: - kubernetes.io/arch: amd64 - containers: - main: - image: - repository: ghcr.io/n8n-io/n8n - tag: 1.121.2 - pullPolicy: IfNotPresent - command: - - n8n - args: - - worker - # - --concurrency=10 - env: - - name: GENERIC_TIMEZONE - value: US/Central - - name: DB_TYPE - value: postgresdb - - name: DB_POSTGRESDB_DATABASE - valueFrom: - secretKeyRef: - name: n8n-postgresql-17-cluster-app - key: dbname - - name: DB_POSTGRESDB_HOST - valueFrom: - secretKeyRef: - name: n8n-postgresql-17-cluster-app - key: host - - name: DB_POSTGRESDB_PORT - valueFrom: - secretKeyRef: - name: n8n-postgresql-17-cluster-app - key: port - - name: DB_POSTGRESDB_USER - valueFrom: - secretKeyRef: - name: n8n-postgresql-17-cluster-app - key: user - - name: DB_POSTGRESDB_PASSWORD - valueFrom: - secretKeyRef: - name: n8n-postgresql-17-cluster-app - key: password - - name: N8N_METRICS - value: true - - name: N8N_RUNNERS_ENABLED - value: true - - name: N8N_BLOCK_ENV_ACCESS_IN_NODE - value: true - - name: N8N_GIT_NODE_DISABLE_BARE_REPOS - value: true - - name: QUEUE_HEALTH_CHECK_ACTIVE - value: true - - name: EXECUTIONS_MODE - value: queue - - name: QUEUE_BULL_REDIS_HOST - value: redis-replication-n8n-master.n8n - - name: N8N_ENCRYPTION_KEY - valueFrom: - secretKeyRef: - name: n8n-config-secret - key: key - - name: WEBHOOK_URL - value: https://n8n.alexlebens.net/ - probes: - liveness: - enabled: false - custom: true - spec: - httpGet: - path: /healthz - port: 5678 - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - readiness: - enabled: false - custom: true - spec: - httpGet: - path: /healthz/readiness - port: 5678 - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - resources: - requests: - cpu: 10m - memory: 128Mi - webhook: - type: daemonset - revisionHistoryLimit: 3 - pod: - nodeSelector: - kubernetes.io/arch: amd64 - containers: - main: - image: - repository: ghcr.io/n8n-io/n8n - tag: 1.121.2 - pullPolicy: IfNotPresent - command: - - n8n - args: - - webhook - env: - - name: GENERIC_TIMEZONE - value: US/Central - - name: DB_TYPE - value: postgresdb - - name: DB_POSTGRESDB_DATABASE - valueFrom: - secretKeyRef: - name: n8n-postgresql-17-cluster-app - key: dbname - - name: DB_POSTGRESDB_HOST - valueFrom: - secretKeyRef: - name: n8n-postgresql-17-cluster-app - key: host - - name: DB_POSTGRESDB_PORT - valueFrom: - secretKeyRef: - name: n8n-postgresql-17-cluster-app - key: port - - name: DB_POSTGRESDB_USER - valueFrom: - secretKeyRef: - name: n8n-postgresql-17-cluster-app - key: user - - name: DB_POSTGRESDB_PASSWORD - valueFrom: - secretKeyRef: - name: n8n-postgresql-17-cluster-app - key: password - - name: N8N_METRICS - value: true - - name: QUEUE_HEALTH_CHECK_ACTIVE - value: true - - name: EXECUTIONS_MODE - value: queue - - name: QUEUE_BULL_REDIS_HOST - value: redis-replication-n8n-master.n8n - - name: N8N_ENCRYPTION_KEY - valueFrom: - secretKeyRef: - name: n8n-config-secret - key: key - - name: WEBHOOK_URL - value: https://n8n.alexlebens.net/ - - name: N8N_DIAGNOSTICS_ENABLED - value: false - - name: N8N_VERSION_NOTIFICATIONS_ENABLED - value: false - probes: - liveness: - enabled: true - custom: true - spec: - httpGet: - path: /healthz - port: 5678 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - readiness: - enabled: true - custom: true - spec: - httpGet: - path: /healthz/readiness - port: 5678 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 5678 - protocol: HTTP - worker: - controller: worker - ports: - http: - port: 80 - targetPort: 5678 - protocol: HTTP - webhook: - controller: webhook - ports: - http: - port: 80 - targetPort: 5678 - protocol: HTTP - persistence: - data: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - advancedMounts: - main: - main: - - path: /data - readOnly: false - cache: - type: emptyDir - advancedMounts: - worker: - main: - - path: /home/node/.n8n - readOnly: false - webhook: - main: - - path: /home/node/.n8n - readOnly: false -postgres-17-cluster: - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/n8n/n8n-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: n8n-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/n8n/n8n-postgresql-17-cluster - index: 2 - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/n8n/n8n-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: n8n-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/n8n/n8n-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: n8n-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 0 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/platform/ntfy/Chart.yaml b/clusters/cl01tl/platform/ntfy/Chart.yaml deleted file mode 100644 index 5b2a358c0..000000000 --- a/clusters/cl01tl/platform/ntfy/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v2 -name: ntfy -version: 1.0.0 -description: Ntfy -keywords: - - ntfy - - notifications - - messaging -home: https://wiki.alexlebens.dev/s/5bfc09dd-688b-48f0-8d33-b9bf452df98a -sources: - - https://github.com/binwiederhier/ntfy - - https://hub.docker.com/r/binwiederhier/ntfy - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: ntfy - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ntfy.png -appVersion: 2.11.0 diff --git a/clusters/cl01tl/platform/ntfy/templates/http-route.yaml b/clusters/cl01tl/platform/ntfy/templates/http-route.yaml deleted file mode 100644 index ac8220f84..000000000 --- a/clusters/cl01tl/platform/ntfy/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-ntfy - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-ntfy - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - ntfy.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: ntfy - port: 80 - weight: 100 diff --git a/clusters/cl01tl/platform/ntfy/templates/service-monitor.yaml b/clusters/cl01tl/platform/ntfy/templates/service-monitor.yaml deleted file mode 100644 index 3f73b06be..000000000 --- a/clusters/cl01tl/platform/ntfy/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: ntfy - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ntfy - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: ntfy - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: metrics - interval: 3m - scrapeTimeout: 1m - path: /metrics diff --git a/clusters/cl01tl/platform/ntfy/values.yaml b/clusters/cl01tl/platform/ntfy/values.yaml deleted file mode 100644 index d01919bb9..000000000 --- a/clusters/cl01tl/platform/ntfy/values.yaml +++ /dev/null @@ -1,110 +0,0 @@ -ntfy: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: binwiederhier/ntfy - tag: v2.15.0 - pullPolicy: IfNotPresent - args: ["serve"] - env: - - name: TZ - value: US/Central - - name: NTFY_BASE_URL - value: https://ntfy.alexlebens.net - - name: NTFY_LISTEN_HTTP - value: :80 - - name: NTFY_CACHE_FILE - value: /var/cache/ntfy/cache.db - - name: NTFY_CACHE_DURATION - value: 36h - - name: NTFY_CACHE_STARTUP_QUERIES - value: | - pragma journal_mode = WAL; - pragma synchronous = normal; - pragma temp_store = memory; - pragma busy_timeout = 15000; - vacuum; - - name: NTFY_BEHIND_PROXY - value: true - - name: NTFY_ATTACHMENT_CACHE_DIR - value: /var/cache/ntfy/attachments - - name: NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT - value: 4G - - name: NTFY_ATTACHMENT_FILE_SIZE_LIMIT - value: 15M - - name: NTFY_ATTACHMENT_EXPIRY_DURATION - value: 36h - - name: NTFY_ENABLE_SIGNUP - value: false - - name: NTFY_ENABLE_LOGIN - value: true - - name: NTFY_ENABLE_RESERVATIONS - value: false - # - name: NTFY_UPSTREAM_BASE_URL - # value: https://ntfy.sh - - name: NTFY_AUTH_FILE - value: /var/cache/ntfy/user.db - - name: NTFY_AUTH_DEFAULT_ACCESS - value: deny-all - # - name: NTFY_UPSTREAM_ACCESS_TOKEN - # value: "" - # - name: NTFY_WEB_PUSH_PUBLIC_KEY - # value: "" - # - name: NTFY_WEB_PUSH_PRIVATE_KEY - # value: "" - # - name: NTFY_WEB_PUSH_FILE - # value: /var/lib/ntfy/webpush.db - # - name: NTFY_WEB_PUSH_EMAIL_ADDRESS - # value: "" - - name: NTFY_METRICS_LISTEN_HTTP - value: :9090 - - name: NTFY_LOG_LEVEL - value: info - probes: - liveness: - enabled: false - custom: true - spec: - exec: - command: - - /usr/bin/env - - sh - - -c - - wget -q --tries=1 http://localhost:80/v1/health -O - | grep -Eo '\"healthy\"\\s*:\\s*true' || exit 1 - failureThreshold: 10 - initialDelaySeconds: 60 - periodSeconds: 60 - successThreshold: 1 - timeoutSeconds: 30 - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 80 - protocol: HTTP - metrics: - port: 9090 - targetPort: 9090 - protocol: HTTP - persistence: - cache: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - advancedMounts: - main: - main: - - path: /var/cache/ntfy - readOnly: false diff --git a/clusters/cl01tl/platform/ollama/Chart.yaml b/clusters/cl01tl/platform/ollama/Chart.yaml deleted file mode 100644 index 0b4d98c08..000000000 --- a/clusters/cl01tl/platform/ollama/Chart.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v2 -name: ollama -version: 1.0.0 -description: Ollama -keywords: - - ollama - - ai -home: https://wiki.alexlebens.dev/s/9f4823e0-8488-4c23-b85e-81ca0ee7ea1a -sources: - - https://github.com/ollama/ollama - - https://github.com/open-webui/open-webui - - https://github.com/cloudnative-pg/cloudnative-pg - - https://hub.docker.com/r/ollama/ollama - - https://github.com/open-webui/open-webui/pkgs/container/open-webui - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: ollama - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png -appVersion: 0.7.0 diff --git a/clusters/cl01tl/platform/ollama/templates/external-secret.yaml b/clusters/cl01tl/platform/ollama/templates/external-secret.yaml deleted file mode 100644 index 42036ae77..000000000 --- a/clusters/cl01tl/platform/ollama/templates/external-secret.yaml +++ /dev/null @@ -1,176 +0,0 @@ - -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: ollama-key-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ollama-key-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/ollama/key - metadataPolicy: None - property: key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: ollama-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ollama-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: client - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/ollama - metadataPolicy: None - property: client - - secretKey: secret - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/ollama - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: ollama-web-data-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ollama-web-data-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/ollama/ollama-web" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: ollama-web-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ollama-web-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: ollama-web-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ollama-web-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/platform/ollama/templates/http-route.yaml b/clusters/cl01tl/platform/ollama/templates/http-route.yaml deleted file mode 100644 index 66cffda00..000000000 --- a/clusters/cl01tl/platform/ollama/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-ollama - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-ollama - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - ollama.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: ollama-web - port: 80 - weight: 100 diff --git a/clusters/cl01tl/platform/ollama/templates/replication-source.yaml b/clusters/cl01tl/platform/ollama/templates/replication-source.yaml deleted file mode 100644 index 8add7efa0..000000000 --- a/clusters/cl01tl/platform/ollama/templates/replication-source.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: ollama-web-data-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ollama-web-data-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: ollama-web-data - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: ollama-web-data-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - moverSecurityContext: - runAsUser: 1337 - runAsGroup: 1337 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/platform/ollama/templates/service.yaml b/clusters/cl01tl/platform/ollama/templates/service.yaml deleted file mode 100644 index 0cf1ca1be..000000000 --- a/clusters/cl01tl/platform/ollama/templates/service.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: ollama-pd05wd - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ollama-pd05wd - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - annotations: - tailscale.com/tailnet-fqdn: ollama-pd05wd.boreal-beaufort.ts.net -spec: - externalName: placeholder - type: ExternalName - ---- -apiVersion: v1 -kind: Service -metadata: - name: stable-diffusion-pd05wd - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: stable-diffusion-pd05wd - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - annotations: - tailscale.com/tailnet-fqdn: stable-diffusion-pd05wd.boreal-beaufort.ts.net -spec: - externalName: placeholder - type: ExternalName diff --git a/clusters/cl01tl/platform/ollama/values.yaml b/clusters/cl01tl/platform/ollama/values.yaml deleted file mode 100644 index 7b7f45d4c..000000000 --- a/clusters/cl01tl/platform/ollama/values.yaml +++ /dev/null @@ -1,296 +0,0 @@ -ollama: - controllers: - server-1: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - labels: - ollama-type: server - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: ollama-type - operator: In - values: - - server - topologyKey: kubernetes.io/hostname - containers: - main: - image: - repository: ollama/ollama - tag: 0.13.0 - pullPolicy: IfNotPresent - env: - - name: OLLAMA_KEEP_ALIVE - value: 24h - - name: OLLAMA_HOST - value: 0.0.0.0 - resources: - limits: - gpu.intel.com/i915: 1 - requests: - cpu: 100m - memory: 1Gi - gpu.intel.com/i915: 1 - server-2: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - labels: - ollama-type: server - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: ollama-type - operator: In - values: - - server - topologyKey: kubernetes.io/hostname - containers: - main: - image: - repository: ollama/ollama - tag: 0.13.0 - pullPolicy: IfNotPresent - env: - - name: OLLAMA_KEEP_ALIVE - value: 24h - - name: OLLAMA_HOST - value: 0.0.0.0 - resources: - limits: - gpu.intel.com/i915: 1 - requests: - cpu: 100m - memory: 1Gi - gpu.intel.com/i915: 1 - server-3: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - labels: - ollama-type: server - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: ollama-type - operator: In - values: - - server - topologyKey: kubernetes.io/hostname - containers: - main: - image: - repository: ollama/ollama - tag: 0.13.0 - pullPolicy: IfNotPresent - env: - - name: OLLAMA_KEEP_ALIVE - value: 24h - - name: OLLAMA_HOST - value: 0.0.0.0 - resources: - limits: - gpu.intel.com/i915: 1 - requests: - cpu: 100m - memory: 1Gi - gpu.intel.com/i915: 1 - web: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/open-webui/open-webui - tag: v0.6.37 - pullPolicy: IfNotPresent - env: - - name: ENV - value: prod - - name: WEBUI_AUTH - value: true - - name: WEBUI_NAME - value: Ollama - - name: WEBUI_URL - value: http://ollama.alexlebens.net - - name: ENABLE_LOGIN_FORM - value: false - - name: DEFAULT_USER_ROLE - value: admin - - name: WEBUI_SECRET_KEY - valueFrom: - secretKeyRef: - name: ollama-key-secret - key: key - - name: DATABASE_URL - valueFrom: - secretKeyRef: - name: ollama-web-postgresql-17-cluster-app - key: uri - - name: OLLAMA_BASE_URL - value: http://ollama-server-1.ollama:11434 - - name: ENABLE_OAUTH_SIGNUP - value: true - - name: OAUTH_USERNAME_CLAIM - value: preferred_username - - name: OAUTH_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: ollama-oidc-secret - key: secret - - name: OAUTH_CLIENT_ID - valueFrom: - secretKeyRef: - name: ollama-oidc-secret - key: client - - name: OAUTH_PROVIDER_NAME - value: Authentik - - name: OPENID_PROVIDER_URL - value: https://authentik.alexlebens.net/application/o/ollama/.well-known/openid-configuration - resources: - requests: - cpu: 10m - memory: 1Gi - service: - server-1: - controller: server-1 - ports: - http: - port: 11434 - targetPort: 11434 - protocol: HTTP - server-2: - controller: server-2 - ports: - http: - port: 11434 - targetPort: 11434 - protocol: HTTP - server-3: - controller: server-3 - ports: - http: - port: 11434 - targetPort: 11434 - protocol: HTTP - web: - controller: web - ports: - http: - port: 80 - targetPort: 8080 - protocol: HTTP - persistence: - server-1: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 40Gi - retain: true - advancedMounts: - server-1: - main: - - path: /root/.ollama - readOnly: false - server-2: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 40Gi - retain: true - advancedMounts: - server-2: - main: - - path: /root/.ollama - readOnly: false - server-3: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 40Gi - retain: true - advancedMounts: - server-3: - main: - - path: /root/.ollama - readOnly: false - web-data: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - web: - main: - - path: /app/backend/data - readOnly: false -postgres-17-cluster: - nameOverride: ollama-web-postgresql-17 - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/ollama/ollama-web-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: ollama-web-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/ollama/ollama-web-postgresql-17-cluster - index: 1 - endpointCredentials: ollama-web-postgresql-17-cluster-backup-secret - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/ollama/ollama-web-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: ollama-web-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/ollama/ollama-web-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: ollama-web-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 0 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/platform/qbittorrent/Chart.yaml b/clusters/cl01tl/platform/qbittorrent/Chart.yaml deleted file mode 100644 index efa380e77..000000000 --- a/clusters/cl01tl/platform/qbittorrent/Chart.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: v2 -name: qbittorrent -version: 1.0.0 -description: qBittorrent -keywords: - - qbittorrent - - downloads - - torrent - - vpn - - metrics -home: https://wiki.alexlebens.dev/s/832cd960-0ae1-4637-873a-d83c4c24b911 -sources: - - https://github.com/qbittorrent/qBittorrent - - https://github.com/qdm12/gluetun - - https://github.com/esanchezm/prometheus-qbittorrent-exporter - - https://github.com/StuffAnThings/qbit_manage - - https://docs.linuxserver.io/images/docker-qbittorrent/ - - https://github.com/qdm12/gluetun/pkgs/container/gluetun - - https://hub.docker.com/r/esanchezm/prometheus-qbittorrent-exporter - - https://github.com/stuffanthings/qbit_manage/pkgs/container/qbit_manage - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: qbittorrent - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/qbittorrent.png -appVersion: 5.1.2 diff --git a/clusters/cl01tl/platform/qbittorrent/templates/config-map.yaml b/clusters/cl01tl/platform/qbittorrent/templates/config-map.yaml deleted file mode 100644 index 748b6c01f..000000000 --- a/clusters/cl01tl/platform/qbittorrent/templates/config-map.yaml +++ /dev/null @@ -1,186 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: glutun-update-script - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: glutun-update-script - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -data: - update.sh: | - if ! command -v curl 2>&1 >/dev/null - then - echo "curl could not be found, installing"; - apk add curl; - fi; - echo "updating port with $1"; - curl -i -X POST -d "json={\"listen_port\": \"${1}\"}" "http://localhost:8080/api/v2/app/setPreferences"; - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: qbit-manage-config - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: qbit-manage-config - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -data: - config.yml: | - # Please refer to the link below for more details on how to set up the configuration file - # https://github.com/StuffAnThings/qbit_manage/wiki/Config-Setup - - commands: - dry_run: false - recheck: true - cat_update: true - tag_update: true - rem_unregistered: true - tag_tracker_error: true - rem_orphaned: true - tag_nohardlinks: false - share_limits: true - skip_qb_version_check: true - skip_cleanup: false - - qbt: - host: qbittorrent.qbittorrent:8080 - user: - pass: - - settings: - force_auto_tmm: true - tracker_error_tag: tracker-error - share_limits_tag: share-limit - share_limits_min_seeding_time_tag: seed-time-not-reached - cat_filter_completed: false - share_limits_filter_completed: false - rem_unregistered_filter_completed: false - cat_update_all: true - disable_qbt_default_share_limits: true - tag_stalled_torrents: true - nohardlinks_tag: no-hardlinks - stalled_tag: stalled - share_limits_min_num_seeds_tag: min-seeds-not-reached - share_limits_last_active_tag: last-active-not-reached - tag_nohardlinks_filter_completed: true - force_auto_tmm_ignore_tags: [] - rem_unregistered_ignore_list: [] - - directory: - root_dir: /mnt/store/Torrent/ - recycle_bin: /qbittorrent/Trash - torrents_dir: /qbittorrent/qBittorrent/BT_backup - orphaned_dir: /qbittorrent/Orphaned - - cat: - lidarr: /mnt/store/Torrent/FINISHED/LIDARR - prowlarr: /mnt/store/Torrent/FINISHED/SAVE - radarr: /mnt/store/Torrent/FINISHED/RADARR - radarr-4k: /mnt/store/Torrent/FINISHED/RADARR4K - radarr-anime: /mnt/store/Torrent/FINISHED/RADARRANIME - radarr-standup: /mnt/store/Torrent/FINISHED/RADARRSTANDUP - sonarr: /mnt/store/Torrent/FINISHED/SONARR - sonarr-4k: /mnt/store/Torrent/FINISHED/SONARR4K - sonarr-anime: /mnt/store/Torrent/FINISHED/SONARRANIME - -< ZIM: /mnt/store/Kiwix - -< SAVE: /mnt/store/Torrent/FINISHED/SAVE - -< IMPORT: /mnt/store/Torrent/FINISHED/IMPORT - -< COMPLETED: /mnt/store/Torrent/FINISHED/COMPLETED - - tracker: - alpharatio.cc: - tag: AlphaRatio - avistaz: - tag: Avistaz - cathode-ray.tube: - tag: CathodeRayTube - mvgroup.org: - tag: MVGroup - torrentleech|tleechreload: - tag: TorrentLeech - archive.org: - tag: InternetArchive - openzim.org: - tag: Zim - coppersurfer.tk|arenabg.com|explodie.org|tfile.co|1337x.org|zer0day.to|i2p.rocks|ccc.de|nwps.ws|opentrackr.org: - tag: Other - - share_limits: - private: - priority: 1 - include_any_tags: - - AlphaRatio - - TorrentLeech - categories: - - -< COMPLETED - max_ratio: 2.0 - min_seeding_time: 14d - max_seeding_time: 30d - min_num_seeds: 2 - last_active: 3d - cleanup: true - # save: - # priority: 2 - # categories: - # - -< SAVE - # max_ratio: 2.0 - # min_seeding_time: 14d - # max_seeding_time: 30d - # min_num_seeds: 2 - # last_active: 30d - # cleanup: false - # zim: - # priority: 3 - # categories: - # - -< ZIM - # max_ratio: 2.0 - # min_seeding_time: 14d - # max_seeding_time: 30d - # min_num_seeds: 2 - # last_active: 30d - # cleanup: false - default: - priority: 999 - include_any_tags: - - Other - categories: - - -< COMPLETED - max_seeding_time: 3d - limit_upload_speed: 100 - cleanup: true - - recyclebin: - enabled: true - empty_after_x_days: 7 - save_torrents: true - split_by_category: true - - orphaned: - empty_after_x_days: 30 - exclude_patterns: - - /mnt/store/Torrent/QBITTORRENT/* - - /mnt/store/Torrent/TORRENT/* - - /mnt/store/Torrent/DOWNLOADING/* - - '**/.DS_Store' - - '**/Thumbs.db' - - '**/@eaDir' - - '**/*.!qB' - - '**/*_unpackerred' - max_orphaned_files_to_delete: 50 - - # apprise: - # api_url: http://localhost:8000/notify - # notify_url: "" - # - # webhooks: - # error: apprise - # run_start: apprise - # run_end: apprise - # function: - # rem_orphaned: apprise - # cleanup_dirs: apprise - # tag_tracker_error: - # share_limits: diff --git a/clusters/cl01tl/platform/qbittorrent/templates/external-secret.yaml b/clusters/cl01tl/platform/qbittorrent/templates/external-secret.yaml deleted file mode 100644 index f69798801..000000000 --- a/clusters/cl01tl/platform/qbittorrent/templates/external-secret.yaml +++ /dev/null @@ -1,74 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: qbittorrent-wireguard-conf - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: qbittorrent-wireguard-conf - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: private-key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /protonvpn/conf/cl01tl - metadataPolicy: None - property: private-key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: qbittorrent-qbit-manage-config - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: qbittorrent-qbit-manage-config - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ntfy-url - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/qbittorrent/qbit-manage - metadataPolicy: None - property: ntfy-url - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: qui-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: qui-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: secret - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/qui - metadataPolicy: None - property: secret - - secretKey: client - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/qui - metadataPolicy: None - property: client diff --git a/clusters/cl01tl/platform/qbittorrent/templates/http-route.yaml b/clusters/cl01tl/platform/qbittorrent/templates/http-route.yaml deleted file mode 100644 index e5a3672ab..000000000 --- a/clusters/cl01tl/platform/qbittorrent/templates/http-route.yaml +++ /dev/null @@ -1,58 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-qbittorrent - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-qbittorrent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - qbittorrent.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: qbittorrent - port: 8080 - weight: 100 - ---- -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-qui - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-qui - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - qui.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: qbittorrent-qui - port: 80 - weight: 100 diff --git a/clusters/cl01tl/platform/qbittorrent/templates/namespace.yaml b/clusters/cl01tl/platform/qbittorrent/templates/namespace.yaml deleted file mode 100644 index 37fd60393..000000000 --- a/clusters/cl01tl/platform/qbittorrent/templates/namespace.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: qbittorrent - labels: - app.kubernetes.io/name: qbittorrent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - pod-security.kubernetes.io/audit: privileged - pod-security.kubernetes.io/enforce: privileged - pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/platform/qbittorrent/templates/persistent-volume-claim.yaml b/clusters/cl01tl/platform/qbittorrent/templates/persistent-volume-claim.yaml deleted file mode 100644 index 3fc42619f..000000000 --- a/clusters/cl01tl/platform/qbittorrent/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: qbittorrent-config - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: qbittorrent-config - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: qbittorrent-config - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi - ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: qbittorrent-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: qbittorrent-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: qbittorrent-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/platform/qbittorrent/templates/persistent-volume.yaml b/clusters/cl01tl/platform/qbittorrent/templates/persistent-volume.yaml deleted file mode 100644 index 854415bda..000000000 --- a/clusters/cl01tl/platform/qbittorrent/templates/persistent-volume.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: qbittorrent-config - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: qbittorrent-config - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage/Torrent/QBITTORRENT - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac - ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: qbittorrent-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: qbittorrent-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/platform/qbittorrent/templates/service-monitor.yaml b/clusters/cl01tl/platform/qbittorrent/templates/service-monitor.yaml deleted file mode 100644 index 887c6d096..000000000 --- a/clusters/cl01tl/platform/qbittorrent/templates/service-monitor.yaml +++ /dev/null @@ -1,64 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: qbittorrent - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: qbittorrent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - endpoints: - - port: metrics - interval: 30s - scrapeTimeout: 15s - path: /metrics - selector: - matchLabels: - app.kubernetes.io/service: qbittorrent - app.kubernetes.io/name: {{ .Release.Name }} - app.kubernetes.io/instance: {{ .Release.Name }} - ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: qbittorrent-apprise - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: qbittorrent-apprise - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - endpoints: - - port: apprise - interval: 30s - scrapeTimeout: 15s - path: /metrics - selector: - matchLabels: - app.kubernetes.io/service: qbittorrent-qbit-manage - app.kubernetes.io/name: {{ .Release.Name }} - app.kubernetes.io/instance: {{ .Release.Name }} - ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: qbittorrent-qui - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: qbittorrent-qui - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - endpoints: - - port: metrics - interval: 30s - scrapeTimeout: 15s - path: /metrics - selector: - matchLabels: - app.kubernetes.io/service: qbittorrent-qui - app.kubernetes.io/name: {{ .Release.Name }} - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/clusters/cl01tl/platform/qbittorrent/values.yaml b/clusters/cl01tl/platform/qbittorrent/values.yaml deleted file mode 100644 index 4b583727c..000000000 --- a/clusters/cl01tl/platform/qbittorrent/values.yaml +++ /dev/null @@ -1,349 +0,0 @@ -qbittorrent: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - initContainers: - init-sysctl: - image: - repository: busybox - tag: 1.37.0 - pullPolicy: IfNotPresent - securityContext: - privileged: True - resources: - requests: - cpu: 10m - memory: 128Mi - command: - - /bin/sh - args: - - -ec - - | - sysctl -w net.ipv4.ip_forward=1; - sysctl -w net.ipv6.conf.all.disable_ipv6=1 - containers: - qbittorrent: - image: - repository: ghcr.io/linuxserver/qbittorrent - tag: 5.1.4@sha256:26a08cd60d81e632aba8947b2c64dfd5f870a5f4a837ec4abedf2e1d174df891 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: "1000" - - name: PGID - value: "1000" - - name: UMASK_SET - value: "002" - - name: WEBUI_PORT - value: 8080 - - name: DOCKER_MODS - value: ghcr.io/themepark-dev/theme.park:qbittorrent - - name: TP_COMMUNITY_THEME - value: true - - name: TP_THEME - value: catppuccin-mocha - resources: - requests: - cpu: 500m - memory: 1Gi - gluetun: - image: - repository: ghcr.io/qdm12/gluetun - tag: v3.40.3@sha256:ef4a44819a60469682c7b5e69183e6401171891feaa60186652d292c59e41b30 - pullPolicy: IfNotPresent - env: - - name: VPN_SERVICE_PROVIDER - value: protonvpn - - name: VPN_TYPE - value: wireguard - - name: WIREGUARD_PRIVATE_KEY - valueFrom: - secretKeyRef: - name: qbittorrent-wireguard-conf - key: private-key - - name: VPN_PORT_FORWARDING - value: "on" - - name: VPN_PORT_FORWARDING_UP_COMMAND - value: '/bin/sh -c "/gluetun/update.sh {{ printf "{{PORTS}}" }}"' - - name: PORT_FORWARD_ONLY - value: "on" - - name: FIREWALL_OUTBOUND_SUBNETS - value: 192.168.1.0/24,10.244.0.0/16 - - name: FIREWALL_INPUT_PORTS - value: 8080,9022 - - name: DOT - value: "off" - securityContext: - privileged: True - capabilities: - add: - - NET_ADMIN - - SYS_MODULE - resources: - limits: - devic.es/tun: "1" - requests: - devic.es/tun: "1" - cpu: 10m - memory: 64Mi - exporter: - image: - repository: esanchezm/prometheus-qbittorrent-exporter - tag: v1.6.0 - pullPolicy: IfNotPresent - env: - - name: QBITTORRENT_HOST - value: localhost - - name: QBITTORRENT_PORT - value: "8080" - - name: EXPORTER_PORT - value: "9022" - - name: EXPORTER_LOG_LEVEL - value: INFO - resources: - requests: - cpu: 10m - memory: 64Mi - qbit-manage: - type: deployment - annotations: - reloader.stakater.com/auto: "true" - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - initContainers: - init-copy-config: - image: - repository: busybox - tag: 1.37.0 - pullPolicy: IfNotPresent - resources: - requests: - cpu: 10m - memory: 128Mi - command: - - /bin/sh - - -ec - - | - cp /config/config.yml /app/config/config.yml - containers: - qbit-manage: - image: - repository: ghcr.io/stuffanthings/qbit_manage - tag: v4.6.4 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: QBT_SCHEDULE - value: 0 * * * * - - name: QBT_STARTUP_DELAY - value: 360 - - name: QBT_CONFIG_DIR - value: /app/config/ - - name: QBT_LOGFILE - value: /app/var/activity.log - - name: QBT_LOG_LEVEL - value: INFO - resources: - requests: - cpu: 10m - memory: 64Mi - apprise-api: - image: - repository: caronc/apprise - tag: 1.2.6 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PGID - value: "1000" - - name: PUID - value: "1000" - - name: APPRISE_STORAGE_MODE - value: memory - - name: APPRISE_STATEFUL_MODE - value: disabled - - name: APPRISE_WORKER_COUNT - value: 1 - - name: APPRISE_STATELESS_URLS - valueFrom: - secretKeyRef: - name: qbittorrent-qbit-manage-config - key: ntfy-url - resources: - requests: - cpu: 10m - memory: 128Mi - qui: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - qui: - image: - repository: ghcr.io/autobrr/qui - tag: v1.7.0 - pullPolicy: IfNotPresent - env: - - name: QUI__METRICS_ENABLED - value: true - - name: QUI__METRICS_HOST - value: 0.0.0.0 - - name: QUI__METRICS_PORT - value: 9074 - - name: QUI__OIDC_ENABLED - value: true - - name: QUI__OIDC_ISSUER - value: https://auth.alexlebens.dev/application/o/qui/ - - name: QUI__OIDC_CLIENT_ID - valueFrom: - secretKeyRef: - name: qui-oidc-secret - key: client - - name: QUI__OIDC_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: qui-oidc-secret - key: secret - - name: QUI__OIDC_REDIRECT_URL - value: https://qui.alexlebens.net/api/auth/oidc/callback - - name: QUI__OIDC_DISABLE_BUILT_IN_LOGIN - value: false - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - forceRename: qbittorrent - ports: - http: - port: 8080 - targetPort: 8080 - protocol: HTTP - health: - port: 9999 - targetPort: 9999 - protocol: HTTP - metrics: - port: 9022 - targetPort: 9022 - protocol: HTTP - qbit-manage: - controller: qbit-manage - ports: - apprise: - port: 8000 - targetPort: 8000 - protocol: HTTP - qui: - controller: qui - ports: - http: - port: 80 - targetPort: 7476 - protocol: HTTP - metrics: - port: 9074 - targetPort: 9074 - protocol: HTTP - persistence: - config: - type: persistentVolumeClaim - existingClaim: qbittorrent-config - advancedMounts: - main: - qbittorrent: - - path: /config - readOnly: false - qbit-manage: - qbit-manage: - - path: /qbittorrent - readOnly: false - theme-data: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 1Gi - retain: true - advancedMounts: - main: - qbittorrent: - - path: /themepark - readOnly: false - update-script: - enabled: true - type: configMap - name: glutun-update-script - defaultMode: 0755 - advancedMounts: - main: - gluetun: - - path: /gluetun/update.sh - subPath: update.sh - qbit-manage-config-data: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 1Gi - retain: true - advancedMounts: - qbit-manage: - init-copy-config: - - path: /app/config - readOnly: false - qbit-manage: - - path: /app/config - readOnly: false - qbit-manage-config: - enabled: true - type: configMap - name: qbit-manage-config - advancedMounts: - qbit-manage: - init-copy-config: - - path: /config/config.yml - readOnly: true - mountPropagation: None - subPath: config.yml - qbit-manage: - - path: /config/config.yml - readOnly: true - mountPropagation: None - subPath: config.yml - qbit-manage-config-var: - type: emptyDir - advancedMounts: - qbit-manage: - qbit-manage: - - path: /app/var - readOnly: false - qui-config-data: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 1Gi - retain: true - advancedMounts: - qui: - qui: - - path: /config - readOnly: false - storage: - type: persistentVolumeClaim - existingClaim: qbittorrent-nfs-storage - advancedMounts: - main: - qbittorrent: - - path: /mnt/store - readOnly: false - qbit-manage: - qbit-manage: - - path: /mnt/store - readOnly: false diff --git a/clusters/cl01tl/platform/stalwart/Chart.yaml b/clusters/cl01tl/platform/stalwart/Chart.yaml deleted file mode 100644 index 6d22d4224..000000000 --- a/clusters/cl01tl/platform/stalwart/Chart.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v2 -name: stalwart -version: 1.0.0 -description: Stalwart -keywords: - - stalwart - - email - - smtp -home: https://wiki.alexlebens.dev/s/e10d3a19-9329-4443-a023-6ab70ffaff6e -sources: - - https://github.com/stalwartlabs/mail-server - - https://github.com/elastic/elasticsearch - - https://github.com/cloudnative-pg/cloudnative-pg - - https://hub.docker.com/r/stalwartlabs/mail-server - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: stalwart - version: 4.4.0 - repository: https://bjw-s-labs.github.io/helm-charts/ - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: oci://harbor.alexlebens.net/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/stalwart.png -appVersion: v0.11.8 diff --git a/clusters/cl01tl/platform/stalwart/templates/elasticsearch.yaml b/clusters/cl01tl/platform/stalwart/templates/elasticsearch.yaml deleted file mode 100644 index 4281c751d..000000000 --- a/clusters/cl01tl/platform/stalwart/templates/elasticsearch.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: elasticsearch.k8s.elastic.co/v1 -kind: Elasticsearch -metadata: - name: elasticsearch-stalwart - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: elasticsearch-stalwart - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - version: 8.18.0 - auth: - fileRealm: - - secretName: stalwart-elasticsearch-secret - nodeSets: - - name: default - count: 1 - config: - node.store.allow_mmap: false - volumeClaimTemplates: - - metadata: - name: elasticsearch-data - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5Gi - storageClassName: ceph-block diff --git a/clusters/cl01tl/platform/stalwart/templates/external-secret.yaml b/clusters/cl01tl/platform/stalwart/templates/external-secret.yaml deleted file mode 100644 index 04bda8915..000000000 --- a/clusters/cl01tl/platform/stalwart/templates/external-secret.yaml +++ /dev/null @@ -1,163 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: stalwart-elasticsearch-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: stalwart-elasticsearch-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: username - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/stalwart/elasticsearch - metadataPolicy: None - property: username - - secretKey: password - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/stalwart/elasticsearch - metadataPolicy: None - property: password - - secretKey: roles - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/stalwart/elasticsearch - metadataPolicy: None - property: roles - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: stalwart-config-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: stalwart-config-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: backup - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/stalwart/stalwart-config" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: stalwart-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: stalwart-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: stalwart-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: stalwart-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/platform/stalwart/templates/http-route.yaml b/clusters/cl01tl/platform/stalwart/templates/http-route.yaml deleted file mode 100644 index 3d27ae69e..000000000 --- a/clusters/cl01tl/platform/stalwart/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-stalwart - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-stalwart - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - stalwart.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: stalwart - port: 80 - weight: 100 diff --git a/clusters/cl01tl/platform/stalwart/templates/namespace.yaml b/clusters/cl01tl/platform/stalwart/templates/namespace.yaml deleted file mode 100644 index 884be40ab..000000000 --- a/clusters/cl01tl/platform/stalwart/templates/namespace.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: stalwart - labels: - app.kubernetes.io/name: stalwart - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - pod-security.kubernetes.io/audit: privileged - pod-security.kubernetes.io/enforce: privileged - pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/platform/stalwart/templates/redis-replication.yaml b/clusters/cl01tl/platform/stalwart/templates/redis-replication.yaml deleted file mode 100644 index f79732a14..000000000 --- a/clusters/cl01tl/platform/stalwart/templates/redis-replication.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: redis-replication-stalwart - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-stalwart - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - clusterSize: 3 - podSecurityContext: - runAsUser: 1000 - fsGroup: 1000 - kubernetesConfig: - image: quay.io/opstree/redis:v8.0.3 - imagePullPolicy: IfNotPresent - resources: - requests: - cpu: 50m - memory: 128Mi - storage: - volumeClaimTemplate: - spec: - storageClassName: ceph-block - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 1Gi - redisExporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.48.0 diff --git a/clusters/cl01tl/platform/stalwart/templates/replication-source.yaml b/clusters/cl01tl/platform/stalwart/templates/replication-source.yaml deleted file mode 100644 index c838ec05a..000000000 --- a/clusters/cl01tl/platform/stalwart/templates/replication-source.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: stalwart-config-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: stalwart-config-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: stalwart-config - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: stalwart-config-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/platform/stalwart/templates/service-monitor.yaml b/clusters/cl01tl/platform/stalwart/templates/service-monitor.yaml deleted file mode 100644 index 24c6d2e63..000000000 --- a/clusters/cl01tl/platform/stalwart/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: redis-replication-stalwart - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-stalwart - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - redis-operator: "true" - env: production -spec: - selector: - matchLabels: - redis_setup_type: replication - endpoints: - - port: redis-exporter - interval: 30s - scrapeTimeout: 10s diff --git a/clusters/cl01tl/platform/stalwart/values.yaml b/clusters/cl01tl/platform/stalwart/values.yaml deleted file mode 100644 index e71ab4730..000000000 --- a/clusters/cl01tl/platform/stalwart/values.yaml +++ /dev/null @@ -1,112 +0,0 @@ -stalwart: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: stalwartlabs/stalwart - tag: v0.14.1 - pullPolicy: IfNotPresent - resources: - requests: - cpu: 10m - memory: 128Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 8080 - protocol: HTTP - smtp: - port: 25 - targetPort: 25 - protocol: TCP - smtps: - port: 465 - targetPort: 465 - protocol: TCP - imap: - port: 143 - targetPort: 143 - protocol: TCP - imaps: - port: 993 - targetPort: 993 - protocol: TCP - persistence: - config: - forceRename: stalwart-config - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 10Gi - retain: true - advancedMounts: - main: - main: - - path: /opt/stalwart - readOnly: false -postgres-17-cluster: - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - resources: - requests: - cpu: 200m - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/stalwart/stalwart-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: stalwart-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/stalwart/stalwart-postgresql-17-cluster - index: 1 - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/stalwart/stalwart-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: stalwart-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/stalwart/stalwart-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: stalwart-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 0 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/platform/unpackerr/Chart.yaml b/clusters/cl01tl/platform/unpackerr/Chart.yaml deleted file mode 100644 index cba152845..000000000 --- a/clusters/cl01tl/platform/unpackerr/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v2 -name: unpackerr -version: 1.0.0 -description: Unpackerr -keywords: - - unpackerr - - archive - - servarr -home: https://wiki.alexlebens.dev/s/7d3193ee-4ca3-4477-bdb0-44f2258bc088 -sources: - - https://github.com/Unpackerr/unpackerr - - https://hub.docker.com/r/golift/unpackerr - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: unpackerr - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/unpackerr.png -appVersion: 0.14.5 diff --git a/clusters/cl01tl/platform/unpackerr/templates/external-secret.yaml b/clusters/cl01tl/platform/unpackerr/templates/external-secret.yaml deleted file mode 100644 index caa831b9a..000000000 --- a/clusters/cl01tl/platform/unpackerr/templates/external-secret.yaml +++ /dev/null @@ -1,70 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: unpackerr-key-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: unpackerr-key-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: UN_SONARR_0_API_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/sonarr4/key - metadataPolicy: None - property: key - - secretKey: UN_SONARR_1_API_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/sonarr4-4k/key - metadataPolicy: None - property: key - - secretKey: UN_SONARR_2_API_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/sonarr4-anime/key - metadataPolicy: None - property: key - - secretKey: UN_RADARR_0_API_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/radarr5/key - metadataPolicy: None - property: key - - secretKey: UN_RADARR_1_API_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/radarr5-4k/key - metadataPolicy: None - property: key - - secretKey: UN_RADARR_2_API_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/radarr5-anime/key - metadataPolicy: None - property: key - - secretKey: UN_RADARR_3_API_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/radarr5-standup/key - metadataPolicy: None - property: key - - secretKey: UN_LIDARR_0_API_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/lidarr2/key - metadataPolicy: None - property: key diff --git a/clusters/cl01tl/platform/unpackerr/templates/persistent-volume-claim.yaml b/clusters/cl01tl/platform/unpackerr/templates/persistent-volume-claim.yaml deleted file mode 100644 index 8d6232ee0..000000000 --- a/clusters/cl01tl/platform/unpackerr/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: unpackerr-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: unpackerr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: unpackerr-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/platform/unpackerr/templates/persistent-volume.yaml b/clusters/cl01tl/platform/unpackerr/templates/persistent-volume.yaml deleted file mode 100644 index d49f8056e..000000000 --- a/clusters/cl01tl/platform/unpackerr/templates/persistent-volume.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: unpackerr-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: unpackerr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/platform/unpackerr/values.yaml b/clusters/cl01tl/platform/unpackerr/values.yaml deleted file mode 100644 index bd4fd2728..000000000 --- a/clusters/cl01tl/platform/unpackerr/values.yaml +++ /dev/null @@ -1,65 +0,0 @@ -unpackerr: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: golift/unpackerr - tag: 0.14.5 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: UN_WEBSERVER_METRICS - value: true - - name: UN_SONARR_0_URL - value: http://sonarr.sonarr:80 - - name: UN_SONARR_0_PATHS_0 - value: /mnt/store/Torrent/FINISHED/COMPLETED - - name: UN_SONARR_1_URL - value: http://sonarr-4k.sonarr-4k:80 - - name: UN_SONARR_1_PATHS_0 - value: /mnt/store/Torrent/FINISHED/COMPLETED - - name: UN_SONARR_2_URL - value: http://sonarr-anime.sonarr-anime:80 - - name: UN_SONARR_2_PATHS_0 - value: /mnt/store/Torrent/FINISHED/COMPLETED - - name: UN_RADARR_0_URL - value: http://radarr.radarr:80 - - name: UN_RADARR_0_PATHS_0 - value: /mnt/store/Torrent/FINISHED/COMPLETED - - name: UN_RADARR_1_URL - value: http://radarr-4k.radarr-4k:80 - - name: UN_RADARR_1_PATHS_0 - value: /mnt/store/Torrent/FINISHED/COMPLETED - - name: UN_RADARR_2_URL - value: http://radarr-anime.radarr-anime:80 - - name: UN_RADARR_2_PATHS_0 - value: /mnt/store/Torrent/FINISHED/COMPLETED - - name: UN_RADARR_3_URL - value: http://radarr-standup.radarr-standup:80 - - name: UN_RADARR_3_PATHS_0 - value: /mnt/store/Torrent/FINISHED/COMPLETED - - name: UN_LIDARR_0_URL - value: http://lidarr.lidarr:80 - - name: UN_LIDARR_0_PATHS_0 - value: /mnt/store/Torrent/FINISHED/COMPLETED - envFrom: - - secretRef: - name: unpackerr-key-secret - resources: - requests: - cpu: 10m - memory: 128Mi - persistence: - storage: - existingClaim: unpackerr-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: false diff --git a/clusters/cl01tl/platform/vault/Chart.yaml b/clusters/cl01tl/platform/vault/Chart.yaml deleted file mode 100644 index 2456baced..000000000 --- a/clusters/cl01tl/platform/vault/Chart.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: v2 -name: vault -version: 1.0.0 -description: Vault -keywords: - - vault - - secrets -home: https://wiki.alexlebens.dev/s/5e40fae1-53a5-4bd0-9953-6fcbe88f1987 -sources: - - https://github.com/hashicorp/vault - - https://github.com/Angatar/s3cmd - - https://github.com/lrstanley/vault-unseal - - https://hub.docker.com/r/hashicorp/vault - - https://hub.docker.com/r/d3fk/s3cmd/ - - https://github.com/lrstanley/vault-unseal/pkgs/container/vault-unseal - - https://github.com/hashicorp/vault-helm - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: vault - version: 0.31.0 - repository: https://helm.releases.hashicorp.com - - name: app-template - alias: snapshot - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: app-template - alias: unseal - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/vault.png -appVersion: 1.19.3 diff --git a/clusters/cl01tl/platform/vault/templates/external-secret.yaml b/clusters/cl01tl/platform/vault/templates/external-secret.yaml deleted file mode 100644 index 5b90c8646..000000000 --- a/clusters/cl01tl/platform/vault/templates/external-secret.yaml +++ /dev/null @@ -1,353 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: vault-snapshot-agent-token - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: vault-snapshot-agent-token - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: VAULT_APPROLE_ROLE_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/snapshot - metadataPolicy: None - property: VAULT_APPROLE_ROLE_ID - - secretKey: VAULT_APPROLE_SECRET_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/snapshot - metadataPolicy: None - property: VAULT_APPROLE_SECRET_ID - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: vault-s3cmd-config - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: vault-s3cmd-config - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: .s3cfg - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/vault-backup - metadataPolicy: None - property: s3cfg - - secretKey: BUCKET - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/vault-backup - metadataPolicy: None - property: BUCKET - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: vault-unseal-config-1 - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: vault-unseal-config-1 - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ENVIRONMENT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None - property: ENVIRONMENT - - secretKey: CHECK_INTERVAL - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None - property: CHECK_INTERVAL - - secretKey: MAX_CHECK_INTERVAL - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None - property: MAX_CHECK_INTERVAL - - secretKey: NODES - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None - property: NODES - - secretKey: TLS_SKIP_VERIFY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None - property: TLS_SKIP_VERIFY - - secretKey: TOKENS - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None - property: TOKENS - - secretKey: EMAIL_ENABLED - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None - property: EMAIL_ENABLED - - secretKey: NOTIFY_MAX_ELAPSED - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None - property: NOTIFY_MAX_ELAPSED - - secretKey: NOTIFY_QUEUE_DELAY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None - property: NOTIFY_QUEUE_DELAY - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: vault-unseal-config-2 - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: vault-unseal-config-2 - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ENVIRONMENT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None - property: ENVIRONMENT - - secretKey: CHECK_INTERVAL - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None - property: CHECK_INTERVAL - - secretKey: MAX_CHECK_INTERVAL - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None - property: MAX_CHECK_INTERVAL - - secretKey: NODES - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None - property: NODES - - secretKey: TLS_SKIP_VERIFY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None - property: TLS_SKIP_VERIFY - - secretKey: TOKENS - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None - property: TOKENS - - secretKey: EMAIL_ENABLED - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None - property: EMAIL_ENABLED - - secretKey: NOTIFY_MAX_ELAPSED - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None - property: NOTIFY_MAX_ELAPSED - - secretKey: NOTIFY_QUEUE_DELAY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None - property: NOTIFY_QUEUE_DELAY - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: vault-unseal-config-3 - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: vault-unseal-config-3 - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ENVIRONMENT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None - property: ENVIRONMENT - - secretKey: CHECK_INTERVAL - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None - property: CHECK_INTERVAL - - secretKey: MAX_CHECK_INTERVAL - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None - property: MAX_CHECK_INTERVAL - - secretKey: NODES - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None - property: NODES - - secretKey: TLS_SKIP_VERIFY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None - property: TLS_SKIP_VERIFY - - secretKey: TOKENS - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None - property: TOKENS - - secretKey: EMAIL_ENABLED - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None - property: EMAIL_ENABLED - - secretKey: NOTIFY_MAX_ELAPSED - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None - property: NOTIFY_MAX_ELAPSED - - secretKey: NOTIFY_QUEUE_DELAY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None - property: NOTIFY_QUEUE_DELAY - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: vault-token - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: vault-token - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/token - metadataPolicy: None - property: token - - secretKey: unseal_key_1 - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/token - metadataPolicy: None - property: unseal_key_1 - - secretKey: unseal_key_2 - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/token - metadataPolicy: None - property: unseal_key_2 - - secretKey: unseal_key_3 - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/token - metadataPolicy: None - property: unseal_key_3 - - secretKey: unseal_key_4 - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/token - metadataPolicy: None - property: unseal_key_4 - - secretKey: unseal_key_5 - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/token - metadataPolicy: None - property: unseal_key_5 diff --git a/clusters/cl01tl/platform/vault/templates/http-route.yaml b/clusters/cl01tl/platform/vault/templates/http-route.yaml deleted file mode 100644 index eec423414..000000000 --- a/clusters/cl01tl/platform/vault/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-vault - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-vault - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - vault.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: vault-active - port: 8200 - weight: 100 diff --git a/clusters/cl01tl/platform/vault/templates/ingress.yaml b/clusters/cl01tl/platform/vault/templates/ingress.yaml deleted file mode 100644 index 878705702..000000000 --- a/clusters/cl01tl/platform/vault/templates/ingress.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: vault-tailscale - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: vault-tailscale - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - tailscale.com/proxy-class: no-metrics - annotations: - tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true" -spec: - ingressClassName: tailscale - tls: - - hosts: - - vault-cl01tl - secretName: vault-cl01tl - rules: - - host: vault-cl01tl - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: vault-active - port: - number: 8200 diff --git a/clusters/cl01tl/platform/vault/templates/persistent-volume-claim.yaml b/clusters/cl01tl/platform/vault/templates/persistent-volume-claim.yaml deleted file mode 100644 index a3d4eb322..000000000 --- a/clusters/cl01tl/platform/vault/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: vault-nfs-storage-backup - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: vault-nfs-storage-backup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeMode: Filesystem - storageClassName: nfs-client - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/platform/vault/values.yaml b/clusters/cl01tl/platform/vault/values.yaml deleted file mode 100644 index c606b28be..000000000 --- a/clusters/cl01tl/platform/vault/values.yaml +++ /dev/null @@ -1,301 +0,0 @@ -vault: - global: - enabled: true - tlsDisable: true - psp: - enable: false - serverTelemetry: - prometheusOperator: true - injector: - enabled: false - server: - enabled: true - image: - repository: hashicorp/vault - tag: 1.21.1 - updateStrategyType: "RollingUpdate" - logLevel: debug - logFormat: standard - resources: - requests: - cpu: 50m - memory: 512Mi - ingress: - enabled: false - route: - enabled: false - authDelegator: - enabled: false - readinessProbe: - enabled: true - port: 8200 - livenessProbe: - enabled: false - volumes: - - name: vault-nfs-storage-backup - persistentVolumeClaim: - claimName: vault-nfs-storage-backup - volumeMounts: - - mountPath: /opt/backups/ - name: vault-nfs-storage-backup - readOnly: false - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: server - topologyKey: kubernetes.io/hostname - networkPolicy: - enabled: false - service: - enabled: true - active: - enabled: true - standby: - enabled: false - type: ClusterIP - port: 8200 - targetPort: 8200 - dataStorage: - enabled: true - size: 1Gi - mountPath: "/vault/data" - accessMode: ReadWriteOnce - auditStorage: - enabled: false - size: 5Gi - mountPath: "/vault/audit" - accessMode: ReadWriteOnce - dev: - enabled: false - standalone: - enabled: false - ha: - enabled: true - replicas: 3 - raft: - enabled: true - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - telemetry { - unauthenticated_metrics_access = "true" - } - } - - storage "raft" { - path = "/vault/data" - retry_join { - leader_api_addr = "http://vault-0.vault-internal:8200" - } - retry_join { - leader_api_addr = "http://vault-1.vault-internal:8200" - } - retry_join { - leader_api_addr = "http://vault-2.vault-internal:8200" - } - } - - service_registration "kubernetes" {} - - telemetry { - prometheus_retention_time = "30s" - disable_hostname = true - } - - disruptionBudget: - enabled: true - maxUnavailable: null - serviceAccount: - create: true - serviceDiscovery: - enabled: true - hostNetwork: false - ui: - enabled: true - publishNotReadyAddresses: true - activeVaultPodOnly: false - serviceType: "ClusterIP" - serviceNodePort: null - externalPort: 8200 - targetPort: 8200 - csi: - enabled: false - serverTelemetry: - serviceMonitor: - enabled: true - interval: 30s - scrapeTimeout: 10s - prometheusRules: - enabled: true - rules: - - alert: vault-HighResponseTime - annotations: - message: The response time of Vault is over 500ms on average over the last 5 minutes. - expr: vault_core_handle_request{quantile="0.5", namespace="mynamespace"} > 500 - for: 5m - labels: - severity: warning - - alert: vault-HighResponseTime - annotations: - message: The response time of Vault is over 1s on average over the last 5 minutes. - expr: vault_core_handle_request{quantile="0.5", namespace="mynamespace"} > 1000 - for: 5m - labels: - severity: critical -snapshot: - global: - fullnameOverride: vault-snapshot - controllers: - snapshot: - type: cronjob - cronjob: - suspend: false - concurrencyPolicy: Forbid - timeZone: US/Central - schedule: 0 4 * * * - startingDeadlineSeconds: 90 - successfulJobsHistory: 3 - failedJobsHistory: 3 - backoffLimit: 3 - parallelism: 1 - initContainers: - snapshot: - image: - repository: hashicorp/vault - tag: 1.21.1 - pullPolicy: IfNotPresent - command: - - /bin/ash - args: - - -ec - - | - apk add --no-cache jq; - echo ">> Running Vault snapshot" - export VAULT_TOKEN=$(vault write auth/approle/login role_id=$VAULT_APPROLE_ROLE_ID secret_id=$VAULT_APPROLE_SECRET_ID -format=json | jq -r .auth.client_token); - vault operator raft snapshot save /opt/backup/vault-snapshot-latest.snap; - cp /opt/backup/vault-snapshot-latest.snap /opt/backup/vault-snapshot-$(date +"%Y%m%d-%H-%M").snap; - cp /opt/backup/vault-snapshot-latest.snap /opt/backup/vault-snapshot-s3.snap; - echo ">> Completed Vault snapshot" - envFrom: - - secretRef: - name: vault-snapshot-agent-token - env: - - name: VAULT_ADDR - value: http://vault-active.vault.svc.cluster.local:8200 - resources: - requests: - cpu: 10m - memory: 64Mi - containers: - s3-backup: - image: - repository: d3fk/s3cmd - tag: latest@sha256:7bdbd33bb3d044884598898b9e9b383385759fbd6ebf52888700bd9b0e0fab91 - pullPolicy: IfNotPresent - command: - - /bin/sh - args: - - -ec - - | - echo ">> Running S3 backup for Vault snapshot" - s3cmd put --no-check-md5 --no-check-certificate -v /opt/backup/vault-snapshot-s3.snap ${BUCKET}/cl01tl/cl01tl-vault-snapshots/vault-snapshot-$(date +"%Y%m%d-%H-%M").snap; - rm -f /opt/backup/vault-snapshot-s3.snap; - echo ">> Completed S3 backup for Vault snapshot" - env: - - name: BUCKET - valueFrom: - secretKeyRef: - name: vault-s3cmd-config - key: BUCKET - resources: - requests: - cpu: 100m - memory: 128Mi - persistence: - config: - existingClaim: vault-nfs-storage-backup - advancedMounts: - snapshot: - snapshot: - - path: /opt/backup - readOnly: false - s3-backup: - - path: /opt/backup - readOnly: false - s3cmd-config: - enabled: true - type: secret - name: vault-s3cmd-config - advancedMounts: - snapshot: - s3-backup: - - path: /root/.s3cfg - readOnly: true - mountPropagation: None - subPath: .s3cfg -unseal: - global: - fullnameOverride: vault-unseal - controllers: - unseal-1: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/lrstanley/vault-unseal - tag: 0.7.2 - pullPolicy: IfNotPresent - envFrom: - - secretRef: - name: vault-unseal-config-1 - resources: - requests: - cpu: 10m - memory: 24Mi - unseal-2: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/lrstanley/vault-unseal - tag: 0.7.2 - pullPolicy: IfNotPresent - envFrom: - - secretRef: - name: vault-unseal-config-2 - resources: - requests: - cpu: 10m - memory: 24Mi - unseal-3: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/lrstanley/vault-unseal - tag: 0.7.2 - pullPolicy: IfNotPresent - envFrom: - - secretRef: - name: vault-unseal-config-3 - resources: - requests: - cpu: 10m - memory: 24Mi diff --git a/clusters/cl01tl/services/blocky/Chart.yaml b/clusters/cl01tl/services/blocky/Chart.yaml deleted file mode 100644 index 9c584b55b..000000000 --- a/clusters/cl01tl/services/blocky/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: blocky -version: 1.0.0 -description: Blocky -keywords: - - blocky - - dns -home: https://wiki.alexlebens.dev/s/cf70113d-20bc-48ad-afb8-1e22ed3fd62a -sources: - - https://github.com/0xERR0R/blocky - - https://hub.docker.com/r/spx01/blocky - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: blocky - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/blocky.png -appVersion: v0.25 diff --git a/clusters/cl01tl/services/blocky/templates/redis-replication.yaml b/clusters/cl01tl/services/blocky/templates/redis-replication.yaml deleted file mode 100644 index eb410adf7..000000000 --- a/clusters/cl01tl/services/blocky/templates/redis-replication.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: redis-replication-blocky - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-blocky - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - clusterSize: 3 - podSecurityContext: - runAsUser: 1000 - fsGroup: 1000 - kubernetesConfig: - image: quay.io/opstree/redis:v8.0.3 - imagePullPolicy: IfNotPresent - resources: - requests: - cpu: 50m - memory: 128Mi - storage: - volumeClaimTemplate: - spec: - storageClassName: ceph-block - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 1Gi - redisExporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.48.0 diff --git a/clusters/cl01tl/services/blocky/templates/service-monitor.yaml b/clusters/cl01tl/services/blocky/templates/service-monitor.yaml deleted file mode 100644 index d8b7e2993..000000000 --- a/clusters/cl01tl/services/blocky/templates/service-monitor.yaml +++ /dev/null @@ -1,40 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: blocky - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: blocky - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: blocky - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: metrics - interval: 30s - scrapeTimeout: 10s - path: /metrics - ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: redis-replication-blocky - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-blocky - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - redis-operator: "true" - env: production -spec: - selector: - matchLabels: - redis_setup_type: replication - endpoints: - - port: redis-exporter - interval: 30s - scrapeTimeout: 10s diff --git a/clusters/cl01tl/services/blocky/values.yaml b/clusters/cl01tl/services/blocky/values.yaml deleted file mode 100644 index 84af3c18a..000000000 --- a/clusters/cl01tl/services/blocky/values.yaml +++ /dev/null @@ -1,303 +0,0 @@ -blocky: - controllers: - main: - type: deployment - replicas: 3 - strategy: RollingUpdate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/0xerr0r/blocky - tag: v0.28.2@sha256:5f84a54e4ee950c4ab21db905b7497476ece2f4e1a376d23ab8c4855cabddcba - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - resources: - requests: - cpu: 10m - memory: 128Mi - configMaps: - config: - enabled: true - data: - config.yml: | - upstreams: - init: - strategy: fast - groups: - default: - - tcp-tls:1.1.1.1:853 - - tcp-tls:1.0.0.1:853 - strategy: parallel_best - timeout: 2s - - connectIPVersion: v4 - - customDNS: - filterUnmappedTypes: false - zone: | - $ORIGIN alexlebens.net. - $TTL 86400 - - ;; Name Server - IN NS patryk.ns.cloudflare.com. - IN NS veda.ns.cloudflare.com. - IN NS dns1. - IN NS dns2. - IN NS dns3. - - dns1 IN A 10.232.1.22 - dns2 IN A 10.232.1.51 - dns3 IN A 10.232.1.52 - - - ;; Computer Names - nw01un IN A 192.168.1.1 ; Unifi Gateway - - ps08rp IN A 10.232.1.51 ; DNS - ps09rp IN A 10.232.1.52 ; DNS - ps02sn IN A 10.232.1.61 ; Synology Web - ps02sn-bond IN A 10.232.1.64 ; Synology Bond for Storage - - pd05wd IN A 10.230.0.115 ; Desktop - pl02mc IN A 10.230.0.105 ; Laptop - - dv01hr IN A 10.232.1.72 ; HD Homerun - dv02kv IN A 10.232.1.71 ; Pi KVM - - it01ag IN A 10.232.1.83 ; Airgradient - it02ph IN A 10.232.1.85 ; Phillips Hue - it03tb IN A 10.232.1.81 ; TubesZB ZigBee - it04tb IN A 10.232.1.82 ; TubesZB Z-Wave - it05sp IN A 10.230.0.100 ; Shelly Plug - - - ;; Common Names - synology IN CNAME ps02sn - synologybond IN CNAME ps02sn-bond - unifi IN CNAME nw01un - airgradient IN CNAME it01ag - hdhr IN CNAME dv01hr - pikvm IN CNAME dv02kv - - - ;; Service Names - cl01tl IN A 10.232.1.11 - cl01tl IN A 10.232.1.12 - cl01tl IN A 10.232.1.13 - - cl01tl-api IN A 10.232.1.11 - cl01tl-api IN A 10.232.1.12 - cl01tl-api IN A 10.232.1.13 - - cl01tl-endpoint IN A 10.232.1.21 - cl01tl-endpoint IN A 10.232.1.22 - cl01tl-endpoint IN A 10.232.1.23 - - cl01tl-gateway IN A 10.232.1.200 - - traefik-cl01tl IN A 10.232.1.21 - blocky IN A 10.232.1.22 - plex-lb IN A 10.232.1.23 - - ;; Application Names - actual IN CNAME traefik-cl01tl - alertmanager IN CNAME traefik-cl01tl - argo-workflows IN CNAME traefik-cl01tl - argocd IN CNAME traefik-cl01tl - audiobookshelf IN CNAME traefik-cl01tl - authentik IN CNAME traefik-cl01tl - backrest IN CNAME traefik-cl01tl - bazarr IN CNAME traefik-cl01tl - booklore IN CNAME traefik-cl01tl - ceph IN CNAME traefik-cl01tl - code-server IN CNAME traefik-cl01tl - ephemera IN CNAME traefik-cl01tl - garage-s3 IN CNAME traefik-cl01tl - garage-webui IN CNAME traefik-cl01tl - gatus IN CNAME traefik-cl01tl - gitea IN CNAME traefik-cl01tl - grafana IN CNAME traefik-cl01tl - harbor IN CNAME traefik-cl01tl - headlamp IN CNAME traefik-cl01tl - home IN CNAME traefik-cl01tl - home-assistant IN CNAME traefik-cl01tl - home-assistant-code-server IN CNAME traefik-cl01tl - hubble IN CNAME cl01tl-gateway - huntarr IN CNAME traefik-cl01tl - immich IN CNAME traefik-cl01tl - jellyfin IN CNAME traefik-cl01tl - jellystat IN CNAME traefik-cl01tl - kiwix IN CNAME traefik-cl01tl - komodo IN CNAME traefik-cl01tl - kronic IN CNAME traefik-cl01tl - lidarr IN CNAME traefik-cl01tl - lidatube IN CNAME traefik-cl01tl - listenarr IN CNAME traefik-cl01tl - mail IN CNAME traefik-cl01tl - n8n IN CNAME traefik-cl01tl - ntfy IN CNAME traefik-cl01tl - objects IN CNAME traefik-cl01tl - ollama IN CNAME traefik-cl01tl - omni-tools IN CNAME traefik-cl01tl - overseerr IN CNAME traefik-cl01tl - pgadmin IN CNAME traefik-cl01tl - photoview IN CNAME traefik-cl01tl - plex IN CNAME traefik-cl01tl - postiz IN CNAME traefik-cl01tl - prometheus IN CNAME traefik-cl01tl - prowlarr IN CNAME traefik-cl01tl - qbittorrent IN CNAME traefik-cl01tl - qui IN CNAME traefik-cl01tl - radarr IN CNAME traefik-cl01tl - radarr-4k IN CNAME traefik-cl01tl - radarr-anime IN CNAME traefik-cl01tl - radarr-standup IN CNAME traefik-cl01tl - searxng IN CNAME traefik-cl01tl - slskd IN CNAME traefik-cl01tl - sonarr IN CNAME traefik-cl01tl - sonarr-4k IN CNAME traefik-cl01tl - sonarr-anime IN CNAME traefik-cl01tl - stalwart IN CNAME traefik-cl01tl - tautulli IN CNAME traefik-cl01tl - tdarr IN CNAME traefik-cl01tl - tubearchivist IN CNAME traefik-cl01tl - vault IN CNAME traefik-cl01tl - whodb IN CNAME traefik-cl01tl - yamtrack IN CNAME traefik-cl01tl - - blocking: - denylists: - sus: - - https://v.firebog.net/hosts/static/w3kbl.txt - ads: - - https://v.firebog.net/hosts/AdguardDNS.txt - - https://v.firebog.net/hosts/Admiral.txt - - https://v.firebog.net/hosts/Easylist.txt - - https://adaway.org/hosts.txt - priv: - - https://v.firebog.net/hosts/Easyprivacy.txt - - https://v.firebog.net/hosts/Prigent-Ads.txt - mal: - - https://v.firebog.net/hosts/Prigent-Crypto.txt - - https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt - pro: - - https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/pro.plus.txt - allowlists: - sus: - - | - *.alexlebens.net - *.alexlebens.dev - *.boreal-beaufort.ts.net - ads: - - | - *.alexlebens.net - *.alexlebens.dev - *.boreal-beaufort.ts.net - priv: - - | - *.alexlebens.net - *.alexlebens.dev - *.boreal-beaufort.ts.net - mal: - - | - *.alexlebens.net - *.alexlebens.dev - *.boreal-beaufort.ts.net - pro: - - | - *.alexlebens.net - *.alexlebens.dev - *.boreal-beaufort.ts.net - clientGroupsBlock: - default: - - sus - - ads - - priv - - mal - - pro - blockType: zeroIp - blockTTL: 1m - loading: - refreshPeriod: 24h - downloads: - timeout: 60s - attempts: 5 - cooldown: 10s - concurrency: 16 - strategy: fast - maxErrorsPerSource: 5 - - caching: - minTime: 5m - maxTime: 30m - maxItemsCount: 0 - prefetching: true - prefetchExpires: 2h - prefetchThreshold: 5 - prefetchMaxItemsCount: 0 - cacheTimeNegative: 30m - - redis: - address: redis-replication-blocky-master.blocky:6379 - required: true - - prometheus: - enable: true - path: /metrics - - queryLog: - type: console - logRetentionDays: 7 - creationAttempts: 1 - creationCooldown: 2s - flushInterval: 30s - - minTlsServeVersion: 1.3 - - ports: - dns: 53 - http: 4000 - - log: - level: info - format: text - timestamp: true - privacy: false - - service: - dns-external: - controller: main - type: LoadBalancer - annotations: - tailscale.com/expose: "true" - ports: - tcp: - port: 53 - targetPort: 53 - protocol: TCP - udp: - port: 53 - targetPort: 53 - protocol: UDP - metrics: - controller: main - ports: - metrics: - port: 4000 - targetPort: 4000 - protocol: TCP - persistence: - config: - enabled: true - type: configMap - name: blocky - advancedMounts: - main: - main: - - path: /app/config.yml - readOnly: true - mountPropagation: None - subPath: config.yml diff --git a/clusters/cl01tl/services/cert-manager/Chart.yaml b/clusters/cl01tl/services/cert-manager/Chart.yaml deleted file mode 100644 index 1139cbf31..000000000 --- a/clusters/cl01tl/services/cert-manager/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v2 -name: cert-manager -version: 1.0.0 -description: Cert Manager -keywords: - - cert-manager - - certificates - - kubernetes -home: https://wiki.alexlebens.dev/s/368fe718-eedb-40e0-a5a7-fad03cdc6b09 -sources: - - https://github.com/cert-manager/cert-manager - - https://github.com/cert-manager/cert-manager/tree/master/deploy/charts/cert-manager -maintainers: - - name: alexlebens -dependencies: - - name: cert-manager - version: v1.19.1 - repository: https://charts.jetstack.io -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/cert-manager.png -appVersion: v1.17.2 diff --git a/clusters/cl01tl/services/cert-manager/templates/cluster-issuer.yaml b/clusters/cl01tl/services/cert-manager/templates/cluster-issuer.yaml deleted file mode 100644 index a5d9a90b9..000000000 --- a/clusters/cl01tl/services/cert-manager/templates/cluster-issuer.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt-issuer -spec: - acme: - email: alexanderlebens@gmail.com - server: https://acme-v02.api.letsencrypt.org/directory - privateKeySecretRef: - name: letsencrypt-issuer-account-key - solvers: - - selector: - dnsZones: - - "alexlebens.net" - - "*.alexlebens.net" - dns01: - cloudflare: - email: alexanderlebens@gmail.com - apiTokenSecretRef: - name: cloudflare-api-token - key: api-token diff --git a/clusters/cl01tl/services/cert-manager/templates/external-secret.yaml b/clusters/cl01tl/services/cert-manager/templates/external-secret.yaml deleted file mode 100644 index c5fd46799..000000000 --- a/clusters/cl01tl/services/cert-manager/templates/external-secret.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: cloudflare-api-token - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: cloudflare-api-token - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: api-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/alexlebens.net/clusterissuer - metadataPolicy: None - property: token diff --git a/clusters/cl01tl/services/cert-manager/values.yaml b/clusters/cl01tl/services/cert-manager/values.yaml deleted file mode 100644 index 43ffbf7ca..000000000 --- a/clusters/cl01tl/services/cert-manager/values.yaml +++ /dev/null @@ -1,15 +0,0 @@ -cert-manager: - crds: - enabled: true - keep: true - replicaCount: 2 - extraArgs: - - --enable-gateway-api - prometheus: - enabled: true - servicemonitor: - enabled: true - honorLabels: true - cainjector: - enabled: true - replicaCount: 2 diff --git a/clusters/cl01tl/services/descheduler/Chart.yaml b/clusters/cl01tl/services/descheduler/Chart.yaml deleted file mode 100644 index 3032d3f8a..000000000 --- a/clusters/cl01tl/services/descheduler/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v2 -name: descheduler -version: 1.0.0 -description: Descheduler -keywords: - - descheduler - - kube-scheduler - - kubernetes -home: https://wiki.alexlebens.dev/s/0c38b7e4-4573-487c-82b0-4eeeb00e1276 -sources: - - https://github.com/kubernetes-sigs/descheduler - - https://github.com/kubernetes-sigs/descheduler/tree/master/charts/descheduler -maintainers: - - name: alexlebens -dependencies: - - name: descheduler - version: 0.34.0 - repository: https://kubernetes-sigs.github.io/descheduler/ -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png -appVersion: 0.33.0 diff --git a/clusters/cl01tl/services/descheduler/values.yaml b/clusters/cl01tl/services/descheduler/values.yaml deleted file mode 100644 index 1baf832f2..000000000 --- a/clusters/cl01tl/services/descheduler/values.yaml +++ /dev/null @@ -1,70 +0,0 @@ -descheduler: - kind: Deployment - resources: - requests: - cpu: 10m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - deschedulingInterval: 5m - replicas: 1 - leaderElection: - enabled: false - command: - - "/bin/descheduler" - cmdOptions: - v: 3 - deschedulerPolicyAPIVersion: "descheduler/v1alpha2" - deschedulerPolicy: - profiles: - - name: default - pluginConfig: - - name: DefaultEvictor - args: - ignorePvcPods: true - evictLocalStoragePods: false - evictDaemonSetPods: false - - name: RemoveDuplicates - - name: RemovePodsViolatingNodeAffinity - args: - nodeAffinityType: - - requiredDuringSchedulingIgnoredDuringExecution - - name: RemovePodsViolatingNodeTaints - - name: RemovePodsViolatingInterPodAntiAffinity - - name: RemovePodsViolatingTopologySpreadConstraint - - name: LowNodeUtilization - args: - thresholds: - cpu: 20 - memory: 20 - pods: 20 - targetThresholds: - cpu: 60 - memory: 60 - pods: 60 - plugins: - balance: - enabled: - - RemoveDuplicates - - RemovePodsViolatingTopologySpreadConstraint - - LowNodeUtilization - deschedule: - enabled: - - RemovePodsViolatingNodeTaints - - RemovePodsViolatingNodeAffinity - - RemovePodsViolatingInterPodAntiAffinity - rbac: - create: true - serviceAccount: - create: true - service: - enabled: true - serviceMonitor: - enabled: true diff --git a/clusters/cl01tl/services/eraser/Chart.yaml b/clusters/cl01tl/services/eraser/Chart.yaml deleted file mode 100644 index 294b84d40..000000000 --- a/clusters/cl01tl/services/eraser/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v2 -name: eraser -version: 1.0.0 -description: Eraser -keywords: - - eraser - - images - - kubernetes -home: https://wiki.alexlebens.dev/s/bb53ffae-0eda-4ed6-9fdd-894e672b4377 -sources: - - https://github.com/eraser-dev/eraser - - https://github.com/eraser-dev/eraser/tree/main/charts/eraser -maintainers: - - name: alexlebens -dependencies: - - name: eraser - version: v1.3.1 - repository: https://eraser-dev.github.io/eraser/charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png -appVersion: v1.3.1 diff --git a/clusters/cl01tl/services/eraser/values.yaml b/clusters/cl01tl/services/eraser/values.yaml deleted file mode 100644 index 47bebd3af..000000000 --- a/clusters/cl01tl/services/eraser/values.yaml +++ /dev/null @@ -1,70 +0,0 @@ -eraser: - runtimeConfig: - apiVersion: eraser.sh/v1alpha3 - kind: EraserConfig - manager: - runtime: - name: containerd - address: unix:///run/containerd/containerd.sock - logLevel: info - scheduling: - repeatInterval: 24h - beginImmediately: true - profile: - enabled: false - port: 6060 - imageJob: - successRatio: 1.0 - cleanup: - delayOnSuccess: 0s - delayOnFailure: 24h - nodeFilter: - type: exclude - selectors: - - eraser.sh/cleanup.filter - - kubernetes.io/os=windows - components: - collector: - enabled: true - request: - cpu: 10m - memory: 128Mi - scanner: - enabled: false - request: - cpu: 100m - memory: 128Mi - config: "" # | - # cacheDir: /var/lib/trivy - # dbRepo: ghcr.io/aquasecurity/trivy-db - # deleteFailedImages: true - # deleteEOLImages: true - # vulnerabilities: - # ignoreUnfixed: true - # types: - # - os - # - library - # securityChecks: - # - vuln - # severities: - # - CRITICAL - # - HIGH - # - MEDIUM - # - LOW - # ignoredStatuses: - # timeout: - # total: 23h - # perImage: 1h - remover: - request: - cpu: 10m - memory: 128Mi - deploy: - securityContext: - allowPrivilegeEscalation: false - resources: - requests: - cpu: 10m - memory: 30Mi - nodeSelector: - kubernetes.io/os: linux diff --git a/clusters/cl01tl/services/external-dns/Chart.yaml b/clusters/cl01tl/services/external-dns/Chart.yaml deleted file mode 100644 index 75844841e..000000000 --- a/clusters/cl01tl/services/external-dns/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v2 -name: external-dns -version: 1.0.0 -description: External DNS -keywords: - - external-dns - - dns - - unifi - - kubernetes -home: https://wiki.alexlebens.dev/s/7b50e4da-5dc1-4f62-baf9-14b5fed64552 -sources: - - https://github.com/kubernetes-sigs/external-dns - - https://github.com/kubernetes-sigs/external-dns/tree/master/charts/external-dns -maintainers: - - name: alexlebens -dependencies: - - name: external-dns - alias: external-dns-unifi - version: 1.19.0 - repository: https://kubernetes-sigs.github.io/external-dns/ -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png -appVersion: 1.16.1 diff --git a/clusters/cl01tl/services/external-dns/templates/dns-endpoint.yaml b/clusters/cl01tl/services/external-dns/templates/dns-endpoint.yaml deleted file mode 100644 index 4411732b9..000000000 --- a/clusters/cl01tl/services/external-dns/templates/dns-endpoint.yaml +++ /dev/null @@ -1,152 +0,0 @@ -apiVersion: externaldns.k8s.io/v1alpha1 -kind: DNSEndpoint -metadata: - name: external-device-names - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: external-device-names - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - endpoints: - # Unifi UDM - - dnsName: unifi.alexlebens.net - recordTTL: 180 - recordType: A - targets: - - 192.168.1.1 - # Synology Web - - dnsName: synology.alexlebens.net - recordTTL: 180 - recordType: A - targets: - - 10.232.1.61 - # Synology Storage - - dnsName: synologybond.alexlebens.net - recordTTL: 180 - recordType: A - targets: - - 10.232.1.64 - # HD Homerun - - dnsName: hdhr.alexlebens.net - recordTTL: 180 - recordType: A - targets: - - 10.232.1.72 - # Pi KVM - - dnsName: pikvm.alexlebens.net - recordTTL: 180 - recordType: A - targets: - - 10.232.1.71 - ---- -apiVersion: externaldns.k8s.io/v1alpha1 -kind: DNSEndpoint -metadata: - name: iot-device-names - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: iot-device-names - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - endpoints: - # Airgradient - - dnsName: it01ag.alexlebens.net - recordTTL: 180 - recordType: A - targets: - - 10.232.1.83 - # Phillips Hue - - dnsName: it02ph.alexlebens.net - recordTTL: 180 - recordType: A - targets: - - 10.232.1.85 - # TubesZB ZigBee - - dnsName: it03tb.alexlebens.net - recordTTL: 180 - recordType: A - targets: - - 10.232.1.81 - # TubesZB Z-Wave - - dnsName: it04tb.alexlebens.net - recordTTL: 180 - recordType: A - targets: - - 10.232.1.82 - ---- -apiVersion: externaldns.k8s.io/v1alpha1 -kind: DNSEndpoint -metadata: - name: server-host-names - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: server-host-names - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - endpoints: - # Unifi Gateway - - dnsName: nw01un.alexlebens.net - recordTTL: 180 - recordType: A - targets: - - 192.168.1.1 - # Synology - - dnsName: ps02sn.alexlebens.net - recordTTL: 180 - recordType: A - targets: - - 10.232.1.61 - # Synology Storage - - dnsName: ps02sn-bond.alexlebens.net - recordTTL: 180 - recordType: A - targets: - - 10.232.1.64 - # Raspberry Pi - - dnsName: ps08rp.alexlebens.net - recordTTL: 180 - recordType: A - targets: - - 10.232.1.51 - # Raspberry Pi - - dnsName: ps09rp.alexlebens.net - recordTTL: 180 - recordType: A - targets: - - 10.232.1.52 - ---- -apiVersion: externaldns.k8s.io/v1alpha1 -kind: DNSEndpoint -metadata: - name: cluster-service-names - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: cluster-service-names - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - endpoints: - # Treafik Proxy - - dnsName: traefik-cl01tl.alexlebens.net - recordTTL: 180 - recordType: A - targets: - - 10.232.1.21 - # Treafik Proxy - - dnsName: blocky.alexlebens.net - recordTTL: 180 - recordType: A - targets: - - 10.232.1.22 - # Treafik Proxy - - dnsName: plex.alexlebens.net - recordTTL: 180 - recordType: A - targets: - - 10.232.1.23 diff --git a/clusters/cl01tl/services/external-dns/templates/external-secret.yaml b/clusters/cl01tl/services/external-dns/templates/external-secret.yaml deleted file mode 100644 index ba835545d..000000000 --- a/clusters/cl01tl/services/external-dns/templates/external-secret.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: external-dns-unifi-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: external-dns-unifi-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: api-key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /unifi/auth/cl01tl - metadataPolicy: None - property: api-key diff --git a/clusters/cl01tl/services/external-dns/values.yaml b/clusters/cl01tl/services/external-dns/values.yaml deleted file mode 100644 index a9d450cf4..000000000 --- a/clusters/cl01tl/services/external-dns/values.yaml +++ /dev/null @@ -1,46 +0,0 @@ -external-dns-unifi: - fullnameOverride: external-dns-unifi - serviceMonitor: - enabled: true - interval: 1m - sources: - - ingress - - crd - - gateway-httproute - - gateway-tlsroute - policy: sync - registry: txt - txtOwnerId: default - txtPrefix: k8s. - domainFilters: ["alexlebens.net"] - excludeDomains: [] - provider: - name: webhook - webhook: - image: - repository: ghcr.io/kashalls/external-dns-unifi-webhook - tag: v0.7.0 - env: - - name: UNIFI_HOST - value: https://192.168.1.1 - - name: UNIFI_API_KEY - valueFrom: - secretKeyRef: - name: external-dns-unifi-secret - key: api-key - - name: LOG_LEVEL - value: debug - livenessProbe: - httpGet: - path: /healthz - port: http-webhook - initialDelaySeconds: 10 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /readyz - port: http-webhook - initialDelaySeconds: 10 - timeoutSeconds: 5 - extraArgs: - - --ignore-ingress-tls-spec diff --git a/clusters/cl01tl/services/generic-device-plugin/Chart.yaml b/clusters/cl01tl/services/generic-device-plugin/Chart.yaml deleted file mode 100644 index 0f7446a98..000000000 --- a/clusters/cl01tl/services/generic-device-plugin/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v2 -name: generic-device-plugin -version: 1.0.0 -description: Generic Device Plugin -keywords: - - generic-device-plugin - - device - - plugin -home: https://wiki.alexlebens.dev/s/ee9ba1be-119c-4e83-aea9-b087481554f2 -sources: - - https://github.com/squat/generic-device-plugin - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/generic-device-plugin -maintainers: - - name: alexlebens -dependencies: - - name: generic-device-plugin - repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm - version: 0.20.1 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png -appVersion: 1.0.0 diff --git a/clusters/cl01tl/services/generic-device-plugin/templates/namespace.yaml b/clusters/cl01tl/services/generic-device-plugin/templates/namespace.yaml deleted file mode 100644 index 294c34f86..000000000 --- a/clusters/cl01tl/services/generic-device-plugin/templates/namespace.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: generic-device-plugin - labels: - app.kubernetes.io/name: generic-device-plugin - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - pod-security.kubernetes.io/audit: privileged - pod-security.kubernetes.io/enforce: privileged - pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/services/generic-device-plugin/values.yaml b/clusters/cl01tl/services/generic-device-plugin/values.yaml deleted file mode 100644 index 4844ce543..000000000 --- a/clusters/cl01tl/services/generic-device-plugin/values.yaml +++ /dev/null @@ -1,10 +0,0 @@ -generic-device-plugin: - config: - enabled: true - data: | - devices: - - name: tun - groups: - - count: 1000 - paths: - - path: /dev/net/tun diff --git a/clusters/cl01tl/services/harbor/Chart.yaml b/clusters/cl01tl/services/harbor/Chart.yaml deleted file mode 100644 index cc81b9d98..000000000 --- a/clusters/cl01tl/services/harbor/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v2 -name: harbor -version: 1.0.0 -description: Harbor -keywords: - - harbor - - images - - cache - - kubernetes -home: https://wiki.alexlebens.dev/s/7e132c13-afee-48ec-b3dd-efd656d240c9 -sources: - - https://github.com/goharbor - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/goharbor/harbor-helm - - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: harbor - version: 1.18.0 - repository: https://helm.goharbor.io - - name: postgres-cluster - alias: postgres-17-cluster - version: 6.16.0 - repository: http://gitea-http.gitea:3000/api/packages/alexlebens/helm -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/harbor.png -appVersion: v2.13.0 diff --git a/clusters/cl01tl/services/harbor/templates/external-secret.yaml b/clusters/cl01tl/services/harbor/templates/external-secret.yaml deleted file mode 100644 index e7e91451f..000000000 --- a/clusters/cl01tl/services/harbor/templates/external-secret.yaml +++ /dev/null @@ -1,202 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: harbor-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: harbor-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: HARBOR_ADMIN_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/harbor/config - metadataPolicy: None - property: admin-password - - secretKey: secretKey - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/harbor/config - metadataPolicy: None - property: secretKey - - secretKey: CSRF_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/harbor/core - metadataPolicy: None - property: CSRF_KEY - - secretKey: secret - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/harbor/core - metadataPolicy: None - property: secret - - secretKey: tls.crt - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/harbor/core - metadataPolicy: None - property: tls.crt - - secretKey: tls.key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/harbor/core - metadataPolicy: None - property: tls.key - - secretKey: JOBSERVICE_SECRET - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/harbor/jobservice - metadataPolicy: None - property: JOBSERVICE_SECRET - - secretKey: REGISTRY_HTTP_SECRET - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/harbor/registry - metadataPolicy: None - property: REGISTRY_HTTP_SECRET - - secretKey: REGISTRY_REDIS_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/harbor/registry - metadataPolicy: None - property: REGISTRY_REDIS_PASSWORD - - secretKey: REGISTRY_HTPASSWD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/harbor/registry - metadataPolicy: None - property: REGISTRY_HTPASSWD - - secretKey: REGISTRY_CREDENTIAL_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/harbor/registry - metadataPolicy: None - property: REGISTRY_CREDENTIAL_PASSWORD - - secretKey: REGISTRY_PASSWD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/harbor/registry - metadataPolicy: None - property: REGISTRY_CREDENTIAL_PASSWORD - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: harbor-nginx-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: harbor-nginx-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ca.crt - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/harbor/nginx - metadataPolicy: None - property: ca.crt - - secretKey: tls.crt - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/harbor/nginx - metadataPolicy: None - property: tls.crt - - secretKey: tls.key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/harbor/nginx - metadataPolicy: None - property: tls.key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: harbor-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: harbor-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: harbor-postgresql-17-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: harbor-postgresql-17-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/services/harbor/templates/http-route.yaml b/clusters/cl01tl/services/harbor/templates/http-route.yaml deleted file mode 100644 index 5deb03c53..000000000 --- a/clusters/cl01tl/services/harbor/templates/http-route.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-harbor - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-harbor - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - harbor.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: /api/ - - path: - type: PathPrefix - value: /service/ - - path: - type: PathPrefix - value: /v2/ - - path: - type: PathPrefix - value: /c/ - backendRefs: - - group: '' - kind: Service - name: harbor-core - port: 80 - weight: 100 - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: harbor-portal - port: 80 - weight: 100 diff --git a/clusters/cl01tl/services/harbor/templates/redis-replication.yaml b/clusters/cl01tl/services/harbor/templates/redis-replication.yaml deleted file mode 100644 index d4d4560e3..000000000 --- a/clusters/cl01tl/services/harbor/templates/redis-replication.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: redis-replication-harbor - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-harbor - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - clusterSize: 3 - podSecurityContext: - runAsUser: 1000 - fsGroup: 1000 - kubernetesConfig: - image: quay.io/opstree/redis:v8.0.3 - imagePullPolicy: IfNotPresent - resources: - requests: - cpu: 50m - memory: 128Mi - storage: - volumeClaimTemplate: - spec: - storageClassName: ceph-block - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 1Gi - redisExporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.48.0 diff --git a/clusters/cl01tl/services/harbor/templates/service-monitor.yaml b/clusters/cl01tl/services/harbor/templates/service-monitor.yaml deleted file mode 100644 index c72063cb7..000000000 --- a/clusters/cl01tl/services/harbor/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: redis-replication-harbor - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: redis-replication-harbor - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - redis-operator: "true" - env: production -spec: - selector: - matchLabels: - redis_setup_type: replication - endpoints: - - port: redis-exporter - interval: 30s - scrapeTimeout: 10s diff --git a/clusters/cl01tl/services/harbor/values.yaml b/clusters/cl01tl/services/harbor/values.yaml deleted file mode 100644 index c10d02646..000000000 --- a/clusters/cl01tl/services/harbor/values.yaml +++ /dev/null @@ -1,152 +0,0 @@ -harbor: - expose: - type: clusterIP - tls: - auto: - commonName: harbor.alexlebens.net - externalURL: https://harbor.alexlebens.net - persistence: - enabled: true - persistentVolumeClaim: - registry: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 100Gi - existingSecretAdminPassword: harbor-secret - existingSecretAdminPasswordKey: HARBOR_ADMIN_PASSWORD - internalTLS: - enabled: false - ipFamily: - ipv6: - enabled: false - ipv4: - enabled: true - updateStrategy: - type: Recreate - existingSecretSecretKey: harbor-secret - enableMigrateHelmHook: true - metrics: - enabled: true - serviceMonitor: - enabled: true - cache: - enabled: true - nginx: - image: - repository: goharbor/nginx-photon - tag: v2.14.1 - replicas: 0 - portal: - image: - repository: goharbor/harbor-portal - tag: v2.14.1 - replicas: 2 - core: - image: - repository: goharbor/harbor-core - tag: v2.14.1 - replicas: 2 - existingSecret: harbor-secret - secretName: harbor-secret - existingXsrfSecret: harbor-secret - jobservice: - image: - repository: goharbor/harbor-jobservice - tag: v2.14.1 - replicas: 2 - jobLoggers: - - stdout - existingSecret: harbor-secret - registry: - registry: - image: - repository: goharbor/registry-photon - tag: v2.14.1 - controller: - image: - repository: goharbor/harbor-registryctl - tag: v2.14.1 - existingSecret: harbor-secret - relativeurls: true - credentials: - existingSecret: harbor-secret - upload_purging: - enabled: true - age: 72h - interval: 24h - dryrun: false - trivy: - enabled: true - database: - type: external - external: - host: harbor-postgresql-17-cluster-rw - port: "5432" - username: app - coreDatabase: app - existingSecret: harbor-postgresql-17-cluster-app - redis: - type: external - external: - addr: "redis-replication-harbor-master.harbor:6379" - exporter: - image: - repository: goharbor/harbor-exporter - tag: v2.14.1 - replicas: 2 -postgres-17-cluster: - mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: true - recovery: - method: objectStore - objectStore: - destinationPath: s3://postgres-backups/cl01tl/harbor/harbor-postgresql-17-cluster - endpointURL: http://garage-main.garage:3900 - index: 1 - endpointCredentials: harbor-postgresql-17-cluster-backup-secret-garage - backup: - objectStore: - - name: external - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/harbor/harbor-postgresql-17-cluster - index: 2 - retentionPolicy: "30d" - isWALArchiver: false - - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/harbor/harbor-postgresql-17-cluster - index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: harbor-postgresql-17-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" - isWALArchiver: true - # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/harbor/harbor-postgresql-17-cluster - # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: harbor-postgresql-17-cluster-backup-secret-garage - # retentionPolicy: "30d" - # data: - # compression: bzip2 - # jobs: 2 - scheduledBackups: - - name: daily-backup - suspend: false - schedule: "0 0 0 * * *" - backupName: external - - name: live-backup - suspend: false - immediate: true - schedule: "0 0 0 * * *" - backupName: garage-local - # - name: weekly-backup - # suspend: false - # schedule: "0 0 4 * * SAT" - # backupName: garage-remote diff --git a/clusters/cl01tl/services/intel-device-plugin/Chart.yaml b/clusters/cl01tl/services/intel-device-plugin/Chart.yaml deleted file mode 100644 index 27ec43410..000000000 --- a/clusters/cl01tl/services/intel-device-plugin/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v2 -name: intel-device-plugin -version: 1.0.0 -description: Intel Device Plugin -keywords: - - intel-device-plugin - - operator - - gpu - - kubernetes -home: https://wiki.alexlebens.dev/s/340746b2-b0ab-4b6b-95eb-323038ecdd35 -sources: - - https://github.com/intel/intel-device-plugins-for-kubernetes - - https://github.com/intel/helm-charts/tree/main/charts/device-plugin-operator - - https://github.com/intel/helm-charts/tree/main/charts/gpu-device-plugin -maintainers: - - name: alexlebens -dependencies: - - name: intel-device-plugins-operator - version: 0.34.0 - repository: https://intel.github.io/helm-charts/ - - name: intel-device-plugins-gpu - version: 0.34.0 - repository: https://intel.github.io/helm-charts/ -icon: https://avatars.githubusercontent.com/u/17888862?s=48&v=4 -appVersion: 0.34.0 diff --git a/clusters/cl01tl/services/intel-device-plugin/templates/namespace.yaml b/clusters/cl01tl/services/intel-device-plugin/templates/namespace.yaml deleted file mode 100644 index 861af10d0..000000000 --- a/clusters/cl01tl/services/intel-device-plugin/templates/namespace.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: intel-device-plugin - labels: - app.kubernetes.io/name: intel-device-plugin - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - pod-security.kubernetes.io/audit: privileged - pod-security.kubernetes.io/enforce: privileged - pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/services/intel-device-plugin/values.yaml b/clusters/cl01tl/services/intel-device-plugin/values.yaml deleted file mode 100644 index 9bc350e98..000000000 --- a/clusters/cl01tl/services/intel-device-plugin/values.yaml +++ /dev/null @@ -1,6 +0,0 @@ -intel-device-plugins-gpu: - name: gpudeviceplugin - sharedDevNum: 5 - nodeSelector: - intel.feature.node.kubernetes.io/gpu: 'true' - nodeFeatureRule: false diff --git a/clusters/cl01tl/services/kubernetes-cloudflare-ddns/Chart.yaml b/clusters/cl01tl/services/kubernetes-cloudflare-ddns/Chart.yaml deleted file mode 100644 index 84bdd93b1..000000000 --- a/clusters/cl01tl/services/kubernetes-cloudflare-ddns/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v2 -name: kubernetes-cloudflare-ddns -version: 1.0.0 -description: Kubernetes Cloudflare DDNS -keywords: - - kubernetes-cloudflare-ddns - - cloudflare - - ddns - - kubernetes -home: https://wiki.alexlebens.dev/s/49513b51-cf91-4efd-b2a5-957555bc3ad7 -sources: - - https://github.com/kubitodev/kubernetes-cloudflare-ddns - - https://hub.docker.com/r/kubitodev/kubernetes-cloudflare-ddns - - https://github.com/bjw-s/helm-charts/blob/main/charts/other/app-template/values.yaml -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: kubernetes-cloudflare-ddns - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/cloudflare.png -appVersion: v2.0.0 diff --git a/clusters/cl01tl/services/kubernetes-cloudflare-ddns/templates/external-secret.yaml b/clusters/cl01tl/services/kubernetes-cloudflare-ddns/templates/external-secret.yaml deleted file mode 100644 index 54e934487..000000000 --- a/clusters/cl01tl/services/kubernetes-cloudflare-ddns/templates/external-secret.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: kubernetes-cloudflare-ddns-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: kubernetes-cloudflare-ddns-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: AUTH_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/alexlebens.net/ddns - metadataPolicy: None - property: token - - secretKey: NAME - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/alexlebens.net/ddns - metadataPolicy: None - property: name - - secretKey: RECORD_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/alexlebens.net/ddns - metadataPolicy: None - property: record-id - - secretKey: ZONE_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/alexlebens.net/ddns - metadataPolicy: None - property: zone-id diff --git a/clusters/cl01tl/services/kubernetes-cloudflare-ddns/values.yaml b/clusters/cl01tl/services/kubernetes-cloudflare-ddns/values.yaml deleted file mode 100644 index f7a64f73d..000000000 --- a/clusters/cl01tl/services/kubernetes-cloudflare-ddns/values.yaml +++ /dev/null @@ -1,27 +0,0 @@ -kubernetes-cloudflare-ddns: - controllers: - main: - type: cronjob - cronjob: - suspend: false - concurrencyPolicy: Forbid - timeZone: US/Central - schedule: "30 4 * * *" - startingDeadlineSeconds: 90 - successfulJobsHistory: 3 - failedJobsHistory: 3 - backoffLimit: 3 - parallelism: 1 - containers: - main: - image: - repository: kubitodev/kubernetes-cloudflare-ddns - tag: 2.0.0 - pullPolicy: IfNotPresent - envFrom: - - secretRef: - name: kubernetes-cloudflare-ddns-secret - resources: - requests: - cpu: 10m - memory: 128Mi diff --git a/clusters/cl01tl/services/node-feature-discovery/Chart.yaml b/clusters/cl01tl/services/node-feature-discovery/Chart.yaml deleted file mode 100644 index e8e448a01..000000000 --- a/clusters/cl01tl/services/node-feature-discovery/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v2 -name: node-feature-discovery -version: 1.0.0 -description: Node Feature Discovery -keywords: - - node-feature-discovery - - labels - - kubernetes -home: https://wiki.alexlebens.dev/s/b6fb2588-8212-4dca-b4c6-3021020b2ae1 -sources: - - https://github.com/kubernetes-sigs/node-feature-discovery - - https://github.com/kubernetes-sigs/node-feature-discovery/tree/master/deployment/helm/node-feature-discovery -maintainers: - - name: alexlebens -dependencies: - - name: node-feature-discovery - version: 0.18.3 - repository: oci://registry.k8s.io/nfd/charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png -appVersion: 0.18.0 diff --git a/clusters/cl01tl/services/node-feature-discovery/templates/namespace.yaml b/clusters/cl01tl/services/node-feature-discovery/templates/namespace.yaml deleted file mode 100644 index a8b00379e..000000000 --- a/clusters/cl01tl/services/node-feature-discovery/templates/namespace.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: node-feature-discovery - labels: - app.kubernetes.io/name: node-feature-discovery - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - pod-security.kubernetes.io/audit: privileged - pod-security.kubernetes.io/enforce: privileged - pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/services/node-feature-discovery/values.yaml b/clusters/cl01tl/services/node-feature-discovery/values.yaml deleted file mode 100644 index 506d71af0..000000000 --- a/clusters/cl01tl/services/node-feature-discovery/values.yaml +++ /dev/null @@ -1,76 +0,0 @@ -node-feature-discovery: - featureGates: - NodeFeatureGroupAPI: true - master: - replicaCount: 2 - resources: - requests: - cpu: 20m - memory: 60Mi - tolerations: - - key: node-role.kubernetes.io/control-plane - operator: Exists - effect: NoSchedule - worker: - config: - sources: - cpu: - cpuid: - attributeWhitelist: - - "AVX512BW" - - "AVX512CD" - - "AVX512DQ" - - "AVX512F" - - "AVX512VL" - kernel: - configOpts: - - "NO_HZ" - - "X86" - - "DMI" - usb: - deviceClassWhitelist: - - "02" - - "03" - - "0e" - - "ef" - - "fe" - - "ff" - deviceLabelFields: - - "vendor" - - "device" - - "class" - pci: - deviceClassWhitelist: - - "0200" - - "01" - - "08" - - "0300" - - "0302" - deviceLabelFields: - - "vendor" - - "device" - - "class" - custom: - - # Intel integrated GPU - name: "intel-gpu" - labels: - intel.feature.node.kubernetes.io/gpu: 'true' - matchOn: - - pciId: - class: ["0300"] - vendor: ["8086"] - resources: - requests: - cpu: 20m - memory: 60Mi - tolerations: - - key: node-role.kubernetes.io/control-plane - operator: Exists - effect: NoSchedule - gc: - resources: - requests: - cpu: 20m - memory: 60Mi - prometheus: - enable: true diff --git a/clusters/cl01tl/services/reloader/Chart.yaml b/clusters/cl01tl/services/reloader/Chart.yaml deleted file mode 100644 index 819c3c630..000000000 --- a/clusters/cl01tl/services/reloader/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v2 -name: reloader -version: 1.0.0 -description: Reloader -keywords: - - reloader - - config-map - - kubernetes -home: https://wiki.alexlebens.dev/s/e3a68f74-6d9a-484c-a446-4ba32f41d4c8 -sources: - - https://github.com/stakater/Reloader - - https://github.com/stakater/Reloader/tree/master/deployments/kubernetes/chart/reloader -maintainers: - - name: alexlebens -dependencies: - - name: reloader - version: 2.2.5 - repository: https://stakater.github.io/stakater-charts -icon: https://raw.githubusercontent.com/stakater/Reloader/refs/heads/master/assets/web/reloader.jpg -appVersion: v1.4.2 diff --git a/clusters/cl01tl/services/reloader/values.yaml b/clusters/cl01tl/services/reloader/values.yaml deleted file mode 100644 index f3d21927d..000000000 --- a/clusters/cl01tl/services/reloader/values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -reloader: - reloader: - podMonitor: - enabled: true - namespace: reloader diff --git a/clusters/cl01tl/services/tailscale-operator/Chart.yaml b/clusters/cl01tl/services/tailscale-operator/Chart.yaml deleted file mode 100644 index f84b63ceb..000000000 --- a/clusters/cl01tl/services/tailscale-operator/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v2 -name: tailscale-operator -version: 1.0.0 -description: Tailscale Operator -keywords: - - tailscale-operator - - tailscale - - wireguard - - vpn - - kubernetes -home: https://wiki.alexlebens.dev/s/673177ef-e91b-43ad-9b80-d5037ec77852 -sources: - - https://github.com/tailscale/tailscale - - https://hub.docker.com/r/tailscale/k8s-operator - - https://github.com/tailscale/tailscale/tree/main/cmd/k8s-operator/deploy/chart -maintainers: - - name: alexlebens -dependencies: - - name: tailscale-operator - version: 1.90.9 - repository: https://pkgs.tailscale.com/helmcharts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tailscale-light.png -appVersion: v1.82.5 diff --git a/clusters/cl01tl/services/tailscale-operator/templates/connector.yaml b/clusters/cl01tl/services/tailscale-operator/templates/connector.yaml deleted file mode 100644 index 348f98d0c..000000000 --- a/clusters/cl01tl/services/tailscale-operator/templates/connector.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: tailscale.com/v1alpha1 -kind: Connector -metadata: - name: subnet-router-local - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: subnet-router-local - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - hostname: subnet-router-local-cl01tl - proxyClass: default - subnetRouter: - advertiseRoutes: - - 192.168.1.0/24 - - 10.230.0.0/24 - - 10.232.0.0/22 diff --git a/clusters/cl01tl/services/tailscale-operator/templates/dns-config.yaml b/clusters/cl01tl/services/tailscale-operator/templates/dns-config.yaml deleted file mode 100644 index 250ef323e..000000000 --- a/clusters/cl01tl/services/tailscale-operator/templates/dns-config.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: tailscale.com/v1alpha1 -kind: DNSConfig -metadata: - name: ts-dns - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ts-dns - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - nameserver: - image: - repo: tailscale/k8s-nameserver - tag: unstable-v1.91.88 diff --git a/clusters/cl01tl/services/tailscale-operator/templates/external-secrets.yaml b/clusters/cl01tl/services/tailscale-operator/templates/external-secrets.yaml deleted file mode 100644 index 21beff15b..000000000 --- a/clusters/cl01tl/services/tailscale-operator/templates/external-secrets.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: operator-oauth - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: operator-oauth - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: client_id - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /tailscale/k8s-operator - metadataPolicy: None - property: clientId - - secretKey: client_secret - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /tailscale/k8s-operator - metadataPolicy: None - property: clientSecret diff --git a/clusters/cl01tl/services/tailscale-operator/templates/namespace.yaml b/clusters/cl01tl/services/tailscale-operator/templates/namespace.yaml deleted file mode 100644 index f5b21a61a..000000000 --- a/clusters/cl01tl/services/tailscale-operator/templates/namespace.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: tailscale-operator - labels: - app.kubernetes.io/name: tailscale-operator - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - pod-security.kubernetes.io/audit: privileged - pod-security.kubernetes.io/enforce: privileged - pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/services/tailscale-operator/templates/proxy-class.yaml b/clusters/cl01tl/services/tailscale-operator/templates/proxy-class.yaml deleted file mode 100644 index 8cd14c059..000000000 --- a/clusters/cl01tl/services/tailscale-operator/templates/proxy-class.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: tailscale.com/v1alpha1 -kind: ProxyClass -metadata: - name: default - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: default - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - metrics: - enable: true - serviceMonitor: - enable: true - statefulSet: - pod: - tailscaleContainer: - resources: - limits: - devic.es/tun: "1" - tailscaleInitContainer: - resources: - limits: - devic.es/tun: "1" - ---- -apiVersion: tailscale.com/v1alpha1 -kind: ProxyClass -metadata: - name: no-metrics - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: no-metrics - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - metrics: - enable: false - statefulSet: - pod: - tailscaleContainer: - resources: - limits: - devic.es/tun: "1" - tailscaleInitContainer: - resources: - limits: - devic.es/tun: "1" diff --git a/clusters/cl01tl/services/tailscale-operator/values.yaml b/clusters/cl01tl/services/tailscale-operator/values.yaml deleted file mode 100644 index 38589d835..000000000 --- a/clusters/cl01tl/services/tailscale-operator/values.yaml +++ /dev/null @@ -1,21 +0,0 @@ -tailscale-operator: - oauth: {} - installCRDs: true - operatorConfig: - defaultTags: - - "tag:k8s-operator" - logging: info - hostname: tailscale-operator-cl01tl - nodeSelector: - kubernetes.io/os: linux - operatorConfig: - securityContext: - capabilities: - add: - - NET_ADMIN - proxyConfig: - defaultTags: "tag:k8s" - firewallMode: auto - defaultProxyClass: "no-metrics" - apiServerProxyConfig: - mode: "false" diff --git a/clusters/cl01tl/services/talos/Chart.yaml b/clusters/cl01tl/services/talos/Chart.yaml deleted file mode 100644 index 0b4dc22c1..000000000 --- a/clusters/cl01tl/services/talos/Chart.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v2 -name: talos -version: 1.0.0 -description: Talos -keywords: - - talos - - etcd - - kubernetes -home: https://wiki.alexlebens.dev/s/c5ead573-34b6-442b-a286-7819e6e71f78 -sources: - - https://github.com/siderolabs/talos-backup - - https://github.com/siderolabs/talos-backup/pkgs/container/talos-backup - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: etcd-backup - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 - - name: app-template - alias: etcd-defrag - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://avatars.githubusercontent.com/u/13804887?s=200&v=4 -appVersion: v0.1.0-beta.3 diff --git a/clusters/cl01tl/services/talos/templates/external-secret.yaml b/clusters/cl01tl/services/talos/templates/external-secret.yaml deleted file mode 100644 index 199dc9bc7..000000000 --- a/clusters/cl01tl/services/talos/templates/external-secret.yaml +++ /dev/null @@ -1,74 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: talos-etcd-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: talos-etcd-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - annotations: - kubernetes.io/service-account.name: talos-backup-secrets -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/etcd-backup - metadataPolicy: None - property: AWS_ACCESS_KEY_ID - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/etcd-backup - metadataPolicy: None - property: AWS_SECRET_ACCESS_KEY - - secretKey: .s3cfg - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/etcd-backup - metadataPolicy: None - property: s3cfg - - secretKey: BUCKET - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/etcd-backup - metadataPolicy: None - property: BUCKET - - secretKey: AGE_X25519_PUBLIC_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/talos/etcd-backup - metadataPolicy: None - property: AGE_X25519_PUBLIC_KEY - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: talos-etcd-defrag-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: talos-etcd-defrag-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: config - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/talos/etcd-defrag - metadataPolicy: None - property: config diff --git a/clusters/cl01tl/services/talos/templates/secret.yaml b/clusters/cl01tl/services/talos/templates/secret.yaml deleted file mode 100644 index b54ee3464..000000000 --- a/clusters/cl01tl/services/talos/templates/secret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: talos-backup-secrets - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: talos-backup-secrets - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - annotations: - kubernetes.io/service-account.name: talos-backup-secrets diff --git a/clusters/cl01tl/services/talos/templates/service-account.yaml b/clusters/cl01tl/services/talos/templates/service-account.yaml deleted file mode 100644 index 60e9a89ed..000000000 --- a/clusters/cl01tl/services/talos/templates/service-account.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: talos.dev/v1alpha1 -kind: ServiceAccount -metadata: - name: talos-backup-secrets - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: talos-backup-secrets - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - roles: - - os:etcd:backup diff --git a/clusters/cl01tl/services/talos/values.yaml b/clusters/cl01tl/services/talos/values.yaml deleted file mode 100644 index b58cb2bd0..000000000 --- a/clusters/cl01tl/services/talos/values.yaml +++ /dev/null @@ -1,293 +0,0 @@ -etcd-backup: - controllers: - main: - type: cronjob - pod: - nodeSelector: - node-role.kubernetes.io/control-plane: "" - tolerations: - - key: node-role.kubernetes.io/control-plane - operator: Exists - effect: NoSchedule - cronjob: - suspend: false - concurrencyPolicy: Forbid - timeZone: US/Central - schedule: "0 2 * * *" - startingDeadlineSeconds: 90 - successfulJobsHistory: 3 - failedJobsHistory: 3 - backoffLimit: 3 - parallelism: 1 - containers: - main: - image: - repository: ghcr.io/siderolabs/talos-backup - tag: v0.1.0-beta.3@sha256:05c86663b251a407551dc948097e32e163a345818117eb52c573b0447bd0c7a7 - pullPolicy: IfNotPresent - command: - - /talos-backup - workingDir: /tmp - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - allowPrivilegeEscalation: false - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - env: - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: talos-etcd-backup-secret - key: AWS_ACCESS_KEY_ID - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: talos-etcd-backup-secret - key: AWS_SECRET_ACCESS_KEY - - name: AWS_REGION - value: nyc3 - - name: CUSTOM_S3_ENDPOINT - value: https://nyc3.digitaloceanspaces.com - - name: BUCKET - value: talos-backups-bee8585f7b8a4d0239c9b823 - - name: S3_PREFIX - value: "cl01tl/etcd" - - name: CLUSTER_NAME - value: "cl01tl" - - name: AGE_X25519_PUBLIC_KEY - valueFrom: - secretKeyRef: - name: talos-etcd-backup-secret - key: AGE_X25519_PUBLIC_KEY - - name: USE_PATH_STYLE - value: "false" - resources: - requests: - cpu: 100m - memory: 128Mi - s3-prune: - image: - repository: d3fk/s3cmd - tag: latest@sha256:7bdbd33bb3d044884598898b9e9b383385759fbd6ebf52888700bd9b0e0fab91 - pullPolicy: IfNotPresent - command: - - /bin/sh - args: - - -ec - - | - export DATE_RANGE=$(date -d @$(( $(date +%s) - 1209600 )) +%Y-%m-%dT%H:%M:%SZ); - export FILE_MATCH="$BUCKET/cl01tl/etcd/cl01tl-$DATE_RANGE.snap.age" - echo ">> Running S3 prune for Talos backup repository" - echo ">> Backups prior to '$DATE_RANGE' will be removed" - echo ">> Backups to be removed:" - s3cmd ls ${BUCKET}/cl01tl/etcd/ | - awk -v file_match="$FILE_MATCH" '$4 < file_match {print $4}' - echo ">> Deleting ..." - s3cmd ls ${BUCKET}/cl01tl/etcd/ | - awk -v file_match="$FILE_MATCH" '$4 < file_match {print $4}' | - while read file; do - s3cmd del "$file"; - done; - echo ">> Completed S3 prune for Talos backup repository" - env: - - name: BUCKET - valueFrom: - secretKeyRef: - name: talos-etcd-backup-secret - key: BUCKET - resources: - requests: - cpu: 100m - memory: 128Mi - persistence: - tmp: - type: emptyDir - medium: Memory - advancedMounts: - main: - main: - - path: /tmp - readOnly: false - talos: - type: emptyDir - medium: Memory - advancedMounts: - main: - main: - - path: /.talos - readOnly: false - secret: - enabled: true - type: secret - name: talos-backup-secrets - advancedMounts: - main: - main: - - path: /var/run/secrets/talos.dev - readOnly: true - mountPropagation: None - s3cmd-config: - enabled: true - type: secret - name: talos-etcd-backup-secret - advancedMounts: - main: - s3-prune: - - path: /root/.s3cfg - readOnly: true - mountPropagation: None - subPath: .s3cfg -etcd-defrag: - global: - fullnameOverride: etcd-defrag - controllers: - defrag-1: - type: cronjob - pod: - nodeSelector: - node-role.kubernetes.io/control-plane: "" - tolerations: - - key: node-role.kubernetes.io/control-plane - operator: Exists - effect: NoSchedule - cronjob: - suspend: false - concurrencyPolicy: Forbid - timeZone: US/Central - schedule: "0 0 * * 0" - startingDeadlineSeconds: 90 - successfulJobsHistory: 3 - failedJobsHistory: 3 - backoffLimit: 3 - parallelism: 1 - containers: - main: - image: - repository: ghcr.io/siderolabs/talosctl - tag: v1.11.5 - pullPolicy: IfNotPresent - args: - - etcd - - defrag - - -n - - "10.232.1.11" - env: - - name: TALOSCONFIG - value: /tmp/.talos/config - resources: - requests: - cpu: 100m - memory: 128Mi - defrag-2: - type: cronjob - pod: - nodeSelector: - node-role.kubernetes.io/control-plane: "" - tolerations: - - key: node-role.kubernetes.io/control-plane - operator: Exists - effect: NoSchedule - cronjob: - suspend: false - concurrencyPolicy: Forbid - timeZone: US/Central - schedule: "10 0 * * 0" - startingDeadlineSeconds: 90 - successfulJobsHistory: 3 - failedJobsHistory: 3 - backoffLimit: 3 - parallelism: 1 - containers: - main: - image: - repository: ghcr.io/siderolabs/talosctl - tag: v1.11.5 - pullPolicy: IfNotPresent - args: - - etcd - - defrag - - -n - - "10.232.1.12" - env: - - name: TALOSCONFIG - value: /tmp/.talos/config - resources: - requests: - cpu: 100m - memory: 128Mi - defrag-3: - type: cronjob - pod: - nodeSelector: - node-role.kubernetes.io/control-plane: "" - tolerations: - - key: node-role.kubernetes.io/control-plane - operator: Exists - effect: NoSchedule - cronjob: - suspend: false - concurrencyPolicy: Forbid - timeZone: US/Central - schedule: "20 0 * * 0" - startingDeadlineSeconds: 90 - successfulJobsHistory: 3 - failedJobsHistory: 3 - backoffLimit: 3 - parallelism: 1 - containers: - main: - image: - repository: ghcr.io/siderolabs/talosctl - tag: v1.11.5 - pullPolicy: IfNotPresent - args: - - etcd - - defrag - - -n - - "10.232.1.13" - env: - - name: TALOSCONFIG - value: /tmp/.talos/config - resources: - requests: - cpu: 100m - memory: 128Mi - persistence: - talos-config-1: - enabled: true - type: secret - name: talos-etcd-defrag-secret - advancedMounts: - defrag-1: - main: - - path: /tmp/.talos/config - readOnly: true - mountPropagation: None - subPath: config - talos-config-2: - enabled: true - type: secret - name: talos-etcd-defrag-secret - advancedMounts: - defrag-2: - main: - - path: /tmp/.talos/config - readOnly: true - mountPropagation: None - subPath: config - talos-config-3: - enabled: true - type: secret - name: talos-etcd-defrag-secret - advancedMounts: - defrag-3: - main: - - path: /tmp/.talos/config - readOnly: true - mountPropagation: None - subPath: config diff --git a/clusters/cl01tl/services/traefik/Chart.yaml b/clusters/cl01tl/services/traefik/Chart.yaml deleted file mode 100644 index dfe754b7b..000000000 --- a/clusters/cl01tl/services/traefik/Chart.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v2 -name: traefik -version: 1.0.0 -description: Traefik -keywords: - - traefik - - reverse-proxy - - tls - - kubernetes -home: https://wiki.alexlebens.dev/s/541ec45c-6cf7-4be6-bb08-63cab175e7cb -sources: - - https://github.com/traefik/traefik - - https://github.com/traefik/traefik-helm-chart -maintainers: - - name: alexlebens -dependencies: - - name: traefik - version: 37.4.0 - repository: https://traefik.github.io/charts - # enable pending: - # https://github.com/traefik/traefik-helm-chart/pull/1340 - # - name: traefik-crds - # version: 1.8.0 - # repository: https://traefik.github.io/charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/webp/traefik.webp -appVersion: v3.4.0 diff --git a/clusters/cl01tl/services/traefik/templates/certificate.yaml b/clusters/cl01tl/services/traefik/templates/certificate.yaml deleted file mode 100644 index a53d23df2..000000000 --- a/clusters/cl01tl/services/traefik/templates/certificate.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# apiVersion: cert-manager.io/v1 -# kind: Certificate -# metadata: -# name: traefik-certificate -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: traefik-certificate -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretName: traefik-secret-tls -# dnsNames: -# - "alexlebens.net" -# - "*.alexlebens.net" -# issuerRef: -# name: letsencrypt-issuer -# kind: ClusterIssuer diff --git a/clusters/cl01tl/services/traefik/templates/namespace.yaml b/clusters/cl01tl/services/traefik/templates/namespace.yaml deleted file mode 100644 index 99f864e62..000000000 --- a/clusters/cl01tl/services/traefik/templates/namespace.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: traefik - labels: - app.kubernetes.io/name: traefik - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - pod-security.kubernetes.io/audit: privileged - pod-security.kubernetes.io/enforce: privileged - pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/services/traefik/values.yaml b/clusters/cl01tl/services/traefik/values.yaml deleted file mode 100644 index c144e5944..000000000 --- a/clusters/cl01tl/services/traefik/values.yaml +++ /dev/null @@ -1,148 +0,0 @@ -traefik: - crds: - enabled: true - deleteOnUninstall: false - deployment: - kind: DaemonSet - ingressClass: - enabled: false - kubernetesGateway: - enabled: true - gateway: - enabled: true - annotations: - cert-manager.io/cluster-issuer: letsencrypt-issuer - listeners: - web: - port: 8000 - hostname: "*.alexlebens.net" - protocol: HTTP - namespacePolicy: - from: All - websecure: - port: 8443 - hostname: "*.alexlebens.net" - protocol: HTTPS - namespacePolicy: - from: All - certificateRefs: - - group: '' - kind: Secret - name: websecure-gateway-cert - namespace: traefik - mode: Terminate - ssh: - port: 22 - protocol: TCP - namespacePolicy: - from: All - allowedRoutes: - kinds: - - kind: TCPRoute - ingressRoute: - dashboard: - enabled: true - matchRule: (Host(`traefik-cl01tl.alexlebens.net`) && (PathPrefix(`/api/`) || PathPrefix(`/dashboard/`))) - entryPoints: ["websecure"] - providers: - kubernetesCRD: - allowCrossNamespace: true - allowEmptyServices: true - kubernetesIngress: - enabled: false - kubernetesGateway: - enabled: true - experimentalChannel: true - statusAddress: - ip: 10.232.1.21 - metrics: - prometheus: - service: - enabled: true - disableAPICheck: - serviceMonitor: - enabled: true - prometheusRule: - enabled: false - globalArguments: [] - ports: - web: - port: 8000 - expose: - default: true - exposedPort: 80 - redirections: - entryPoint: - to: websecure - scheme: https - permanent: true - forwardedHeaders: - trustedIPs: - - 10.0.0.0/8 - - 172.16.0.0/16 - - 192.168.0.0/16 - - fc00::/7 - insecure: false - proxyProtocol: - trustedIPs: - - 10.0.0.0/8 - - 172.16.0.0/16 - - 192.168.0.0/16 - - fc00::/7 - insecure: false - websecure: - port: 8443 - expose: - default: true - exposedPort: 443 - forwardedHeaders: - trustedIPs: - - 10.0.0.0/8 - - 172.16.0.0/16 - - 192.168.0.0/16 - - fc00::/7 - insecure: false - proxyProtocol: - trustedIPs: - - 10.0.0.0/8 - - 172.16.0.0/16 - - 192.168.0.0/16 - - fc00::/7 - insecure: false - tls: - enabled: true - ssh: - port: 22 - expose: - default: true - exposedPort: 22 - forwardedHeaders: - trustedIPs: - - 10.0.0.0/8 - - 172.16.0.0/16 - - 192.168.0.0/16 - - fc00::/7 - insecure: false - proxyProtocol: - trustedIPs: - - 10.0.0.0/8 - - 172.16.0.0/16 - - 192.168.0.0/16 - - fc00::/7 - insecure: false - tls: - enabled: true - metrics: - expose: - default: false - service: - enabled: true - type: LoadBalancer - externalIPs: - - 10.232.1.21 -# traefik-crds: -# enabled: true -# traefik: true -# gatewayAPI: true -# hub: false -# deleteOnUninstall: false diff --git a/clusters/cl01tl/standalone/cilium/Chart.yaml b/clusters/cl01tl/standalone/cilium/Chart.yaml deleted file mode 100644 index f8507d3ff..000000000 --- a/clusters/cl01tl/standalone/cilium/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: cilium -version: 1.0.0 -description: Cilium -keywords: - - cilium - - cni - - network - - kubernetes -home: https://wiki.alexlebens.dev/s/9e6f5b17-e186-4af0-81cd-af647b162d3d -sources: - - https://github.com/cilium/cilium - - https://github.com/cilium/charts -maintainers: - - name: alexlebens -dependencies: - - name: cilium - version: 1.18.4 - repository: https://helm.cilium.io/ -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/cilium.png -appVersion: 1.17.3 diff --git a/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-advertisement.yaml b/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-advertisement.yaml deleted file mode 100644 index cd5373578..000000000 --- a/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-advertisement.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# apiVersion: cilium.io/v2alpha1 -# kind: CiliumBGPAdvertisement -# metadata: -# name: cilium-bgp-advertisements -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: cilium-bgp-advertisements -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# advertisements: -# - advertisementType: "Service" -# service: -# addresses: -# - ExternalIP -# - LoadBalancerIP -# selector: -# matchExpressions: -# - {key: somekey, operator: NotIn, values: ['never-used-value']} diff --git a/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-cluster-config.yaml b/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-cluster-config.yaml deleted file mode 100644 index 52671a04d..000000000 --- a/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-cluster-config.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# apiVersion: cilium.io/v2alpha1 -# kind: CiliumBGPClusterConfig -# metadata: -# name: cilium-bgp -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: cilium-bgp -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# nodeSelector: -# matchLabels: -# node-role.kubernetes.io/bgp: "65020" -# bgpInstances: -# - name: "65020" -# localASN: 65020 -# peers: -# - name: "udm-65000" -# peerASN: 65000 -# peerAddress: 192.168.1.1 -# peerConfigRef: -# name: "cilium-peer" diff --git a/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-peer-config.yaml b/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-peer-config.yaml deleted file mode 100644 index c011d57b4..000000000 --- a/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-peer-config.yaml +++ /dev/null @@ -1,23 +0,0 @@ -# apiVersion: cilium.io/v2alpha1 -# kind: CiliumBGPPeerConfig -# metadata: -# name: cilium-peer -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: cilium-peer -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# timers: -# holdTimeSeconds: 9 -# keepAliveTimeSeconds: 3 -# ebgpMultihop: 4 -# gracefulRestart: -# enabled: true -# restartTimeSeconds: 15 -# families: -# - afi: ipv4 -# safi: unicast -# advertisements: -# matchLabels: -# app.kubernetes.io/name: cilium-bgp-advertisements diff --git a/clusters/cl01tl/standalone/cilium/templates/cilium-load-balancer-ip-pool.yaml b/clusters/cl01tl/standalone/cilium/templates/cilium-load-balancer-ip-pool.yaml deleted file mode 100644 index cdab88905..000000000 --- a/clusters/cl01tl/standalone/cilium/templates/cilium-load-balancer-ip-pool.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: "cilium.io/v2alpha1" -kind: CiliumLoadBalancerIPPool -metadata: - name: default-ip-pool - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: default-ip-pool - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - blocks: - - start: "10.232.1.21" - stop: "10.232.1.23" - - start: "10.232.2.21" - stop: "10.232.2.23" - ---- -apiVersion: "cilium.io/v2alpha1" -kind: CiliumLoadBalancerIPPool -metadata: - name: bgp-ip-pool - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: bgp-ip-pool - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - blocks: - - start: "10.232.2.100" - stop: "10.232.2.200" - disabled: true diff --git a/clusters/cl01tl/standalone/cilium/templates/gateway.yaml b/clusters/cl01tl/standalone/cilium/templates/gateway.yaml deleted file mode 100644 index 8a8274e01..000000000 --- a/clusters/cl01tl/standalone/cilium/templates/gateway.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# apiVersion: gateway.networking.k8s.io/v1 -# kind: Gateway -# metadata: -# name: tls-gateway -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: tls-gateway -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/part-of: {{ .Release.Name }} -# annotations: -# cert-manager.io/cluster-issuer: letsencrypt-issuer -# spec: -# gatewayClassName: cilium -# listeners: -# - allowedRoutes: -# namespaces: -# from: All -# hostname: '*.alexlebens.net' -# name: http -# port: 80 -# protocol: HTTP -# - allowedRoutes: -# namespaces: -# from: All -# hostname: '*.alexlebens.net' -# name: https -# port: 443 -# protocol: HTTPS -# tls: -# certificateRefs: -# - group: '' -# kind: Secret -# name: https-gateway-cert -# namespace: kube-system -# mode: Terminate diff --git a/clusters/cl01tl/standalone/cilium/templates/http-route.yaml b/clusters/cl01tl/standalone/cilium/templates/http-route.yaml deleted file mode 100644 index 603a5e574..000000000 --- a/clusters/cl01tl/standalone/cilium/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-hubble - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-hubble - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - hubble.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: hubble-ui - port: 80 - weight: 100 diff --git a/clusters/cl01tl/standalone/cilium/values.yaml b/clusters/cl01tl/standalone/cilium/values.yaml deleted file mode 100644 index dc70c2a44..000000000 --- a/clusters/cl01tl/standalone/cilium/values.yaml +++ /dev/null @@ -1,103 +0,0 @@ -cilium: - k8sServiceHost: "localhost" - k8sServicePort: "7445" - k8sClientRateLimit: - qps: 50 - burst: 100 - rollOutCiliumPods: true - securityContext: - capabilities: - ciliumAgent: - - CHOWN - - KILL - - NET_ADMIN - - NET_RAW - - IPC_LOCK - - SYS_ADMIN - - SYS_RESOURCE - - DAC_OVERRIDE - - FOWNER - - SETGID - - SETUID - - PERFMON - - BPF - cleanCiliumState: - - NET_ADMIN - - SYS_ADMIN - - SYS_RESOURCE - l2announcements: - enabled: false - bgpControlPlane: - enabled: false - secretsNamespace: - name: kube-system - statusReport: - enabled: true - routerIDAllocation: - mode: "default" - devices: end0 enp6s0 - enableK8sEndpointSlice: true - ciliumEndpointSlice: - enabled: true - ingressController: - enabled: false - gatewayAPI: - enabled: true - enableAlpn: true - enableAppProtocol: true - externalIPs: - enabled: true - socketLB: - enabled: true - hostNamespaceOnly: true - hubble: - enabled: true - metrics: - serviceMonitor: - enabled: true - relay: - enabled: true - metrics: - serviceMonitor: - enabled: true - ui: - enabled: true - ingress: - enabled: false - ipam: - mode: "kubernetes" - ipv4: - enabled: true - ipv6: - enabled: false - kubeProxyReplacement: true - l7Proxy: true - prometheus: - enabled: true - serviceMonitor: - enabled: true - envoy: - enabled: true - securityContext: - capabilities: - keepCapNetBindService: true - envoy: - - NET_ADMIN - - NET_BIND_SERVICE - - PERFMON - - BPF - prometheus: - enabled: true - serviceMonitor: - enabled: true - operator: - enabled: true - rollOutPods: true - prometheus: - enabled: true - serviceMonitor: - enabled: true - cgroup: - autoMount: - enabled: false - hostRoot: /sys/fs/cgroup diff --git a/clusters/cl01tl/standalone/coredns/Chart.yaml b/clusters/cl01tl/standalone/coredns/Chart.yaml deleted file mode 100644 index 2fde8a259..000000000 --- a/clusters/cl01tl/standalone/coredns/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: coredns -version: 1.0.0 -description: CoreDNS -keywords: - - coredns - - dns - - network - - kubernetes -home: https://wiki.alexlebens.dev/s/43947ec6-a034-449f-8c76-982ac493b072 -sources: - - https://github.com/coredns/coredns - - https://github.com/coredns/helm -maintainers: - - name: alexlebens -dependencies: - - name: coredns - version: 1.45.0 - repository: https://coredns.github.io/helm -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/coredns.png -appVersion: v1.12.1 diff --git a/clusters/cl01tl/standalone/coredns/values.yaml b/clusters/cl01tl/standalone/coredns/values.yaml deleted file mode 100644 index 530d335f8..000000000 --- a/clusters/cl01tl/standalone/coredns/values.yaml +++ /dev/null @@ -1,105 +0,0 @@ -coredns: - image: - repository: registry.k8s.io/coredns/coredns - tag: v1.13.1 - replicaCount: 3 - resources: - requests: - cpu: 50m - memory: 128Mi - rollingUpdate: - maxUnavailable: 1 - maxSurge: 25% - terminationGracePeriodSeconds: 30 - serviceType: "ClusterIP" - prometheus: - service: - enabled: true - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9153" - monitor: - enabled: true - namespace: kube-system - service: - clusterIP: 10.96.0.10 - clusterIPs: - - 10.96.0.10 - name: kube-dns - serviceAccount: - create: true - name: coredns - rbac: - create: true - isClusterService: true - priorityClassName: system-cluster-critical - securityContext: - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - servers: - - zones: - - zone: . - scheme: dns:// - use_tcp: true - port: 53 - plugins: - - name: errors - - name: health - configBlock: |- - lameduck 5s - - name: ready - - name: kubernetes - parameters: cluster.local in-addr.arpa ip6.arpa - configBlock: |- - pods insecure - fallthrough in-addr.arpa ip6.arpa - ttl 30 - - name: prometheus - parameters: :9153 - - name: forward - parameters: . /etc/resolv.conf - - name: cache - parameters: 30 - - name: loop - - name: reload - - name: loadbalance - - zones: - - zone: alexlebens.net - scheme: dns:// - use_tcp: true - port: 53 - plugins: - - name: errors - - name: cache - parameters: 30 - - name: forward - parameters: . 10.111.232.172 - - zones: - - zone: ts.net - scheme: dns:// - use_tcp: true - port: 53 - plugins: - - name: errors - - name: cache - parameters: 30 - - name: forward - parameters: . 10.97.20.219 - nodeSelector: - kubernetes.io/os: linux - tolerations: - - key: node-role.kubernetes.io/control-plane - operator: Exists - effect: NoSchedule - - key: node.cloudprovider.kubernetes.io/uninitialized - operator: Exists - effect: NoSchedule - deployment: - skipConfig: false - enabled: true - name: coredns diff --git a/clusters/cl01tl/standalone/kubelet-serving-cert-approver/Chart.yaml b/clusters/cl01tl/standalone/kubelet-serving-cert-approver/Chart.yaml deleted file mode 100644 index 1d996098f..000000000 --- a/clusters/cl01tl/standalone/kubelet-serving-cert-approver/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v2 -name: kubelet-serving-cert-approver -version: 1.0.0 -description: Kubelet Serving Cert Approver -keywords: - - kubelet-serving-cert-approver - - kubernetes - - certificate -home: https://wiki.alexlebens.dev/s/3aa80722-db85-41b4-ba1e-8d4c3d8643b5 -sources: - - https://github.com/alex1989hu/kubelet-serving-cert-approver - - https://github.com/alex1989hu/kubelet-serving-cert-approver/pkgs/container/kubelet-serving-cert-approver - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: kubelet-serving-cert-approver - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png -appVersion: 0.9.1 diff --git a/clusters/cl01tl/standalone/kubelet-serving-cert-approver/templates/cluster-role-binding.yaml b/clusters/cl01tl/standalone/kubelet-serving-cert-approver/templates/cluster-role-binding.yaml deleted file mode 100644 index f2c354a5b..000000000 --- a/clusters/cl01tl/standalone/kubelet-serving-cert-approver/templates/cluster-role-binding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kubelet-serving-cert-approver - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: kubelet-serving-cert-approver - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "certificates-{{ .Release.Name }}" -subjects: - - kind: ServiceAccount - name: kubelet-serving-cert-approver - namespace: {{ .Release.Namespace }} diff --git a/clusters/cl01tl/standalone/kubelet-serving-cert-approver/templates/cluster-role.yaml b/clusters/cl01tl/standalone/kubelet-serving-cert-approver/templates/cluster-role.yaml deleted file mode 100644 index 06ee749b7..000000000 --- a/clusters/cl01tl/standalone/kubelet-serving-cert-approver/templates/cluster-role.yaml +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "certificates-{{ .Release.Name }}" - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "certificates-{{ .Release.Name }}" - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -rules: - - apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests - verbs: - - get - - list - - watch - - apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests/approval - verbs: - - update - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - apiGroups: - - certificates.k8s.io - resourceNames: - - kubernetes.io/kubelet-serving - resources: - - signers - verbs: - - approve - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "events-{{ .Release.Name }}" - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "events-{{ .Release.Name }}" - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -rules: - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch diff --git a/clusters/cl01tl/standalone/kubelet-serving-cert-approver/templates/namespace.yaml b/clusters/cl01tl/standalone/kubelet-serving-cert-approver/templates/namespace.yaml deleted file mode 100644 index 0ccd84973..000000000 --- a/clusters/cl01tl/standalone/kubelet-serving-cert-approver/templates/namespace.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: kubelet-serving-cert-approver - labels: - app.kubernetes.io/name: kubelet-serving-cert-approver - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - pod-security.kubernetes.io/audit: restricted - pod-security.kubernetes.io/enforce: restricted - pod-security.kubernetes.io/warn: restricted diff --git a/clusters/cl01tl/standalone/kubelet-serving-cert-approver/templates/role-binding.yaml b/clusters/cl01tl/standalone/kubelet-serving-cert-approver/templates/role-binding.yaml deleted file mode 100644 index cc40acbe8..000000000 --- a/clusters/cl01tl/standalone/kubelet-serving-cert-approver/templates/role-binding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: "events-{{ .Release.Name }}" - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "events-{{ .Release.Name }}" - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "events-{{ .Release.Name }}" -subjects: - - kind: ServiceAccount - name: kubelet-serving-cert-approver - namespace: {{ .Release.Name }} diff --git a/clusters/cl01tl/standalone/kubelet-serving-cert-approver/values.yaml b/clusters/cl01tl/standalone/kubelet-serving-cert-approver/values.yaml deleted file mode 100644 index 1b8772a84..000000000 --- a/clusters/cl01tl/standalone/kubelet-serving-cert-approver/values.yaml +++ /dev/null @@ -1,77 +0,0 @@ -kubelet-serving-cert-approver: - defaultPodOptions: - priorityClassName: system-cluster-critical - affinity: - nodeAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: node-role.kubernetes.io/master - operator: DoesNotExist - - key: node-role.kubernetes.io/control-plane - operator: DoesNotExist - weight: 100 - securityContext: - fsGroup: 65534 - runAsGroup: 65534 - runAsUser: 65534 - seccompProfile: - type: RuntimeDefault - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - operator: Exists - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - operator: Exists - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - serviceAccount: - name: kubelet-serving-cert-approver - pod: - automountServiceAccountToken: true - containers: - main: - image: - repository: ghcr.io/alex1989hu/kubelet-serving-cert-approver - tag: 0.10.0 - pullPolicy: Always - args: - - serve - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: - requests: - cpu: 100m - memory: 128Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: true - serviceAccount: - kubelet-serving-cert-approver: - enabled: true - staticToken: true - service: - main: - controller: main - ports: - health: - port: 8080 - targetPort: 8080 - protocol: HTTP - metrics: - port: 9090 - targetPort: 9090 - protocol: HTTP diff --git a/clusters/cl01tl/standalone/metrics-server/Chart.yaml b/clusters/cl01tl/standalone/metrics-server/Chart.yaml deleted file mode 100644 index 81ff9f156..000000000 --- a/clusters/cl01tl/standalone/metrics-server/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v2 -name: metrics-server -version: 1.0.0 -description: Metrics Server -keywords: - - metrics-server - - metrics - - kubernetes -home: https://wiki.alexlebens.dev/s/feb71856-e3d9-4655-9808-6c4bfb330872 -sources: - - https://github.com/kubernetes-sigs/metrics-server - - https://github.com/kubernetes-sigs/metrics-server/tree/master/charts/metrics-server -maintainers: - - name: alexlebens -dependencies: - - name: metrics-server - version: 3.13.0 - repository: https://kubernetes-sigs.github.io/metrics-server/ -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png -appVersion: 0.7.2 diff --git a/clusters/cl01tl/standalone/metrics-server/values.yaml b/clusters/cl01tl/standalone/metrics-server/values.yaml deleted file mode 100644 index 6d05f073f..000000000 --- a/clusters/cl01tl/standalone/metrics-server/values.yaml +++ /dev/null @@ -1,12 +0,0 @@ -metrics-server: - replicas: 3 - metrics: - enabled: true - serviceMonitor: - enabled: true - defaultArgs: - - --cert-dir=/tmp - - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname - - --kubelet-use-node-status-port - - --metric-resolution=15s - - --kubelet-insecure-tls diff --git a/clusters/cl01tl/standalone/prometheus-operator-crds/Chart.yaml b/clusters/cl01tl/standalone/prometheus-operator-crds/Chart.yaml deleted file mode 100644 index 5a56733a4..000000000 --- a/clusters/cl01tl/standalone/prometheus-operator-crds/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: prometheus-operator-crds -version: 1.0.0 -description: Prometheus Operator CRDs -keywords: - - prometheus-operator-crds - - prometheus - - crds - - kubernetes -home: https://wiki.alexlebens.dev/s/db00183d-0b1e-4e40-bf7f-b7a40b5ca443 -sources: - - https://github.com/prometheus-operator/prometheus-operator - - https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-operator-crds -maintainers: - - name: alexlebens -dependencies: - - name: prometheus-operator-crds - version: 25.0.0 - repository: oci://ghcr.io/prometheus-community/charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png -appVersion: v0.82.0 diff --git a/clusters/cl01tl/storage/backrest/Chart.yaml b/clusters/cl01tl/storage/backrest/Chart.yaml deleted file mode 100644 index 48c964514..000000000 --- a/clusters/cl01tl/storage/backrest/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: backrest -version: 1.0.0 -description: backrest -keywords: - - backrest - - backup -home: https://wiki.alexlebens.dev/ -sources: - - https://github.com/garethgeorge/backrest - - https://hub.docker.com/r/garethgeorge/backrest - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: backrest - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/backrest.png -appVersion: v1.10.1 diff --git a/clusters/cl01tl/storage/backrest/templates/http-route.yaml b/clusters/cl01tl/storage/backrest/templates/http-route.yaml deleted file mode 100644 index 767030b4f..000000000 --- a/clusters/cl01tl/storage/backrest/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-backrest - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-backrest - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - backrest.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: backrest - port: 80 - weight: 100 diff --git a/clusters/cl01tl/storage/backrest/templates/persistent-volume-claim.yaml b/clusters/cl01tl/storage/backrest/templates/persistent-volume-claim.yaml deleted file mode 100644 index 07c32ba6f..000000000 --- a/clusters/cl01tl/storage/backrest/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: backrest-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: backrest-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: backrest-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi - ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: backrest-nfs-share - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: backrest-nfs-share - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: backrest-nfs-share - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/storage/backrest/templates/persistent-volume.yaml b/clusters/cl01tl/storage/backrest/templates/persistent-volume.yaml deleted file mode 100644 index 04f49daab..000000000 --- a/clusters/cl01tl/storage/backrest/templates/persistent-volume.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: backrest-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: backrest-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac - ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: backrest-nfs-share - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: backrest-nfs-share - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Share - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl/storage/backrest/templates/service.yaml b/clusters/cl01tl/storage/backrest/templates/service.yaml deleted file mode 100644 index 4d10a9638..000000000 --- a/clusters/cl01tl/storage/backrest/templates/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: garage-ps10rp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: garage-ps10rp - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - annotations: - tailscale.com/tailnet-fqdn: garage-ps10rp.boreal-beaufort.ts.net -spec: - externalName: placeholder - type: ExternalName diff --git a/clusters/cl01tl/storage/backrest/values.yaml b/clusters/cl01tl/storage/backrest/values.yaml deleted file mode 100644 index b14c7ad6b..000000000 --- a/clusters/cl01tl/storage/backrest/values.yaml +++ /dev/null @@ -1,84 +0,0 @@ -backrest: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - containers: - main: - image: - repository: garethgeorge/backrest - tag: v1.10.1 - pullPolicy: IfNotPresent - env: - - name: TZ - value: America/Chicago - - name: BACKREST_DATA - value: /data - - name: BACKREST_CONFIG - value: /config/config.json - - name: XDG_CACHE_HOME - value: /cache - - name: TMPDIR - value: /tmp - resources: - requests: - cpu: 10m - memory: 256Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 9898 - protocol: TCP - persistence: - data: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 10Gi - retain: true - advancedMounts: - main: - main: - - path: /data - readOnly: false - config: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 1Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - cache: - type: emptyDir - advancedMounts: - main: - main: - - path: /cache - readOnly: false - tmp: - type: emptyDir - advancedMounts: - main: - main: - - path: /tmp - readOnly: false - storage: - existingClaim: backrest-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/storage - readOnly: true - share: - existingClaim: backrest-nfs-share - advancedMounts: - main: - main: - - path: /mnt/share - readOnly: true diff --git a/clusters/cl01tl/storage/cloudnative-pg/Chart.yaml b/clusters/cl01tl/storage/cloudnative-pg/Chart.yaml deleted file mode 100644 index 237905ff8..000000000 --- a/clusters/cl01tl/storage/cloudnative-pg/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v2 -name: cloudnative-pg -version: 1.0.0 -description: Cloudnative PG -keywords: - - cloudnative-pg - - operator - - postgresql - - kubernetes -home: https://wiki.alexlebens.dev/s/9fb10833-0278-4e64-a34c-d348d833839f -sources: - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/cloudnative-pg/charts/tree/main/charts/cloudnative-pg - - https://github.com/cloudnative-pg/charts/tree/main/charts/plugin-barman-cloud -maintainers: - - name: alexlebens -dependencies: - - name: cloudnative-pg - version: 0.26.1 - repository: https://cloudnative-pg.io/charts/ - - name: plugin-barman-cloud - version: 0.3.1 - repository: https://cloudnative-pg.io/charts/ -icon: https://avatars.githubusercontent.com/u/100373852?s=200&v=4 -appVersion: 1.26.0 diff --git a/clusters/cl01tl/storage/cloudnative-pg/values.yaml b/clusters/cl01tl/storage/cloudnative-pg/values.yaml deleted file mode 100644 index 9aa6a216d..000000000 --- a/clusters/cl01tl/storage/cloudnative-pg/values.yaml +++ /dev/null @@ -1,16 +0,0 @@ -cloudnative-pg: - replicaCount: 2 - monitoring: - podMonitorEnabled: true -plugin-barman-cloud: - replicaCount: 1 - image: - registry: ghcr.io - repository: cloudnative-pg/plugin-barman-cloud - tag: v0.9.0 - sidecarImage: - registry: ghcr.io - repository: cloudnative-pg/plugin-barman-cloud-sidecar - tag: v0.9.0 - crds: - create: true diff --git a/clusters/cl01tl/storage/democratic-csi-synology-iscsi/Chart.yaml b/clusters/cl01tl/storage/democratic-csi-synology-iscsi/Chart.yaml deleted file mode 100644 index 057f75cae..000000000 --- a/clusters/cl01tl/storage/democratic-csi-synology-iscsi/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v2 -name: democratic-csi-synology-iscsi -version: 1.0.0 -description: Democratic CSI -keywords: - - democratic-csi-synology-iscsi - - iscsi - - kubernetes -home: https://wiki.alexlebens.dev/s/0cc6ba65-024b-4489-952a-fc0f647fd099 -sources: - - https://github.com/democratic-csi/democratic-csi - - https://github.com/democratic-csi/charts/tree/master/stable/democratic-csi -maintainers: - - name: alexlebens -dependencies: - - name: democratic-csi - repository: https://democratic-csi.github.io/charts/ - version: 0.15.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png -appVersion: v1.9.4 diff --git a/clusters/cl01tl/storage/democratic-csi-synology-iscsi/templates/external-secret.yaml b/clusters/cl01tl/storage/democratic-csi-synology-iscsi/templates/external-secret.yaml deleted file mode 100644 index 14e689f5c..000000000 --- a/clusters/cl01tl/storage/democratic-csi-synology-iscsi/templates/external-secret.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: synology-iscsi-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: synology-iscsi-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: driver-config-file.yaml - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/democratic-csi-synology-iscsi/config - metadataPolicy: None - property: driver-config-file.yaml diff --git a/clusters/cl01tl/storage/democratic-csi-synology-iscsi/templates/namespace.yaml b/clusters/cl01tl/storage/democratic-csi-synology-iscsi/templates/namespace.yaml deleted file mode 100644 index 98cedb460..000000000 --- a/clusters/cl01tl/storage/democratic-csi-synology-iscsi/templates/namespace.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: democratic-csi-synology-iscsi - labels: - app.kubernetes.io/name: democratic-csi-synology-iscsi - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - pod-security.kubernetes.io/audit: privileged - pod-security.kubernetes.io/enforce: privileged - pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/storage/democratic-csi-synology-iscsi/values.yaml b/clusters/cl01tl/storage/democratic-csi-synology-iscsi/values.yaml deleted file mode 100644 index a23880fde..000000000 --- a/clusters/cl01tl/storage/democratic-csi-synology-iscsi/values.yaml +++ /dev/null @@ -1,37 +0,0 @@ -democratic-csi: - driver: - existingConfigSecret: synology-iscsi-config-secret - config: - driver: synology-iscsi - csiDriver: - name: "org.democratic-csi.iscsi-synology" - controller: - enabled: true - rbac: - enabled: true - replicaCount: 2 - storageClasses: - - name: synology-iscsi-delete - defaultClass: false - reclaimPolicy: Delete - volumeBindingMode: Immediate - allowVolumeExpansion: true - parameters: - fsType: ext4 - - name: synology-iscsi-retain - defaultClass: false - reclaimPolicy: Retain - volumeBindingMode: Immediate - allowVolumeExpansion: true - parameters: - fsType: ext4 - node: - hostPID: true - driver: - extraEnv: - - name: ISCSIADM_HOST_STRATEGY - value: nsenter - - name: ISCSIADM_HOST_PATH - value: /usr/local/sbin/iscsiadm - iscsiDirHostPath: /var/iscsi - iscsiDirHostPathType: "" diff --git a/clusters/cl01tl/storage/elastic-operator/Chart.yaml b/clusters/cl01tl/storage/elastic-operator/Chart.yaml deleted file mode 100644 index 23121c726..000000000 --- a/clusters/cl01tl/storage/elastic-operator/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: elastic-operator -version: 1.0.0 -description: Elastic Cloud on Kubernetes -keywords: - - elastic-operator - - operator - - elastic-search - - kubernetes -home: https://wiki.alexlebens.dev/s/ -sources: - - https://github.com/elastic/cloud-on-k8s - - https://github.com/elastic/cloud-on-k8s/tree/main/deploy/eck-operator -maintainers: - - name: alexlebens -dependencies: - - name: eck-operator - version: 3.2.0 - repository: https://helm.elastic.co -icon: https://helm.elastic.co/icons/eck.png -appVersion: 1.26.0 diff --git a/clusters/cl01tl/storage/elastic-operator/values.yaml b/clusters/cl01tl/storage/elastic-operator/values.yaml deleted file mode 100644 index c62cf6b10..000000000 --- a/clusters/cl01tl/storage/elastic-operator/values.yaml +++ /dev/null @@ -1,14 +0,0 @@ -eck-operator: - managedNamespaces: - - tubearchivist - - stalwart - installCRDs: true - replicaCount: 2 - telemetry: - disabled: true - config: - logVerbosity: "0" - metrics: - port: "9000" - podMonitor: - enabled: true diff --git a/clusters/cl01tl/storage/garage/Chart.yaml b/clusters/cl01tl/storage/garage/Chart.yaml deleted file mode 100644 index 3a8d9d025..000000000 --- a/clusters/cl01tl/storage/garage/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v2 -name: garage -version: 1.0.0 -description: Garage -keywords: - - garage - - storage - - s3 -home: https://wiki.alexlebens.dev/s/ -sources: - - https://git.deuxfleurs.fr/Deuxfleurs/garage - - https://hub.docker.com/r/dxflrs/garage - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: garage - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png -appVersion: v2.1.0 diff --git a/clusters/cl01tl/storage/garage/templates/external-secret.yaml b/clusters/cl01tl/storage/garage/templates/external-secret.yaml deleted file mode 100644 index 238fdb23b..000000000 --- a/clusters/cl01tl/storage/garage/templates/external-secret.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: garage-token-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: garage-token-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: GARAGE_RPC_SECRET - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/garage/token - metadataPolicy: None - property: rpc - - secretKey: GARAGE_ADMIN_TOKEN - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/garage/token - metadataPolicy: None - property: admin - - secretKey: GARAGE_METRICS_TOKEN - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/garage/token - metadataPolicy: None - property: metric diff --git a/clusters/cl01tl/storage/garage/templates/http-route.yaml b/clusters/cl01tl/storage/garage/templates/http-route.yaml deleted file mode 100644 index 95c662d83..000000000 --- a/clusters/cl01tl/storage/garage/templates/http-route.yaml +++ /dev/null @@ -1,58 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-garage-webui - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-garage-webui - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - garage-webui.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: garage-webui - port: 3909 - weight: 100 - ---- -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-garage-s3 - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-garage-s3 - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - garage-s3.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: garage-main - port: 3900 - weight: 100 diff --git a/clusters/cl01tl/storage/garage/templates/service-monitor.yaml b/clusters/cl01tl/storage/garage/templates/service-monitor.yaml deleted file mode 100644 index 349b251c1..000000000 --- a/clusters/cl01tl/storage/garage/templates/service-monitor.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: garage - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: admin - interval: 1m - scrapeTimeout: 30s - path: /metrics - bearerTokenSecret: - name: garage-token-secret - key: GARAGE_METRICS_TOKEN diff --git a/clusters/cl01tl/storage/garage/values.yaml b/clusters/cl01tl/storage/garage/values.yaml deleted file mode 100644 index 4457fbf96..000000000 --- a/clusters/cl01tl/storage/garage/values.yaml +++ /dev/null @@ -1,154 +0,0 @@ -garage: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: dxflrs/garage - tag: v2.1.0 - pullPolicy: IfNotPresent - envFrom: - - secretRef: - name: garage-token-secret - resources: - requests: - cpu: 10m - memory: 128Mi - webui: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: khairul169/garage-webui - tag: 1.1.0 - pullPolicy: IfNotPresent - env: - - name: API_BASE_URL - value: http://garage-main.garage:3903 - - name: S3_ENDPOINT_URL - value: http://garage-main.garage:3900 - - name: API_ADMIN_KEY - valueFrom: - secretKeyRef: - name: garage-token-secret - key: GARAGE_ADMIN_TOKEN - resources: - requests: - cpu: 10m - memory: 128Mi - configMaps: - config: - enabled: true - data: - garage.toml: | - replication_factor = 1 - - metadata_dir = "/var/lib/garage/meta" - data_dir = "/var/lib/garage/data" - metadata_snapshots_dir = "/var/lib/garage/snapshots" - - db_engine = "lmdb" - - metadata_auto_snapshot_interval = "6h" - - compression_level = 3 - - rpc_bind_addr = "[::]:3901" - rpc_public_addr = "127.0.0.1:3901" - - allow_world_readable_secrets = false - - [s3_api] - s3_region = "us-east-1" - api_bind_addr = "[::]:3900" - root_domain = ".garage-s3.alexlebens.net" - - [s3_web] - bind_addr = "[::]:3902" - root_domain = ".garage-s3.alexlebens.net" - - [admin] - api_bind_addr = "[::]:3903" - metrics_require_token = true - service: - main: - controller: main - ports: - s3: - port: 3900 - targetPort: 3900 - protocol: HTTP - rpc: - port: 3901 - targetPort: 3901 - protocol: HTTP - web: - port: 3902 - targetPort: 3902 - protocol: HTTP - admin: - port: 3903 - targetPort: 3903 - protocol: HTTP - webui: - controller: webui - ports: - webui: - port: 3909 - targetPort: 3909 - protocol: HTTP - persistence: - config: - enabled: true - type: configMap - name: garage - advancedMounts: - main: - main: - - path: /etc/garage.toml - readOnly: true - mountPropagation: None - subPath: garage.toml - webui: - main: - - path: /etc/garage.toml - readOnly: true - mountPropagation: None - subPath: garage.toml - db: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 10Gi - retain: true - advancedMounts: - main: - main: - - path: /var/lib/garage/meta - readOnly: false - data: - storageClass: synology-iscsi-delete - accessMode: ReadWriteOnce - size: 800Gi - retain: true - advancedMounts: - main: - main: - - path: /var/lib/garage/data - readOnly: false - snapshots: - storageClass: synology-iscsi-delete - accessMode: ReadWriteOnce - size: 50Gi - retain: true - advancedMounts: - main: - main: - - path: /var/lib/garage/snapshots - readOnly: false diff --git a/clusters/cl01tl/storage/local-path-provisioner/Chart.yaml b/clusters/cl01tl/storage/local-path-provisioner/Chart.yaml deleted file mode 100644 index ea04a7fbc..000000000 --- a/clusters/cl01tl/storage/local-path-provisioner/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: local-path-provisioner -version: 1.0.0 -description: Local Path Provisioner -keywords: - - local-path-provisioner - - storage - - kubernetes -home: https://wiki.alexlebens.dev/s/fa4d4152-b9dd-4fdc-a6f2-93a2c0df7f4a -sources: - - https://github.com/rancher/local-path-provisioner - - https://hub.docker.com/r/rancher/local-path-provisioner - - https://github.com/containeroo/helm-charts/tree/master/charts/local-path-provisioner -maintainers: - - name: alexlebens -dependencies: - - name: local-path-provisioner - version: 0.0.33 - repository: https://charts.containeroo.ch -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png -appVersion: v0.0.31 diff --git a/clusters/cl01tl/storage/local-path-provisioner/templates/namespace.yaml b/clusters/cl01tl/storage/local-path-provisioner/templates/namespace.yaml deleted file mode 100644 index cd4e163d4..000000000 --- a/clusters/cl01tl/storage/local-path-provisioner/templates/namespace.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: local-path-provisioner - labels: - app.kubernetes.io/name: local-path-provisioner - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - pod-security.kubernetes.io/audit: privileged - pod-security.kubernetes.io/enforce: privileged - pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/storage/local-path-provisioner/values.yaml b/clusters/cl01tl/storage/local-path-provisioner/values.yaml deleted file mode 100644 index cac41ea6c..000000000 --- a/clusters/cl01tl/storage/local-path-provisioner/values.yaml +++ /dev/null @@ -1,45 +0,0 @@ -local-path-provisioner: - image: - repository: rancher/local-path-provisioner - tag: v0.0.32 - helperImage: - repository: busybox - tag: 1.37.0 - storageClass: - create: true - defaultClass: false - defaultVolumeType: hostPath - name: local-path - reclaimPolicy: Delete - volumeBindingMode: WaitForFirstConsumer - nodePathMap: - - node: talos-2di-ktg - paths: - - /var/local-path-provisioner - - node: talos-9vs-6hh - paths: - - /var/local-path-provisioner - - node: talos-aoq-hpv - paths: - - /var/local-path-provisioner - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - talos-2di-ktg - - talos-9vs-6hh - - talos-aoq-hpv - configmap: - name: local-path-config - setup: |- - #!/bin/sh - set -eu - mkdir -m 0777 -p "$VOL_DIR" - teardown: |- - #!/bin/sh - set -eu - rm -rf "$VOL_DIR" diff --git a/clusters/cl01tl/storage/mariadb-operator/Chart.yaml b/clusters/cl01tl/storage/mariadb-operator/Chart.yaml deleted file mode 100644 index 689074a55..000000000 --- a/clusters/cl01tl/storage/mariadb-operator/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v2 -name: mariadb-operator -version: 1.0.0 -description: MariaDB Operator -keywords: - - mariadb-operator - - database - - storage - - kubernetes -home: https://wiki.alexlebens.dev/ -sources: - - https://github.com/mariadb-operator/mariadb-operator - - https://github.com/mariadb-operator/mariadb-operator/tree/main/deploy/charts/mariadb-operator -maintainers: - - name: alexlebens -dependencies: - - name: mariadb-operator - version: 25.10.2 - repository: https://helm.mariadb.com/mariadb-operator - - name: mariadb-operator-crds - version: 25.10.2 - repository: https://helm.mariadb.com/mariadb-operator -icon: https://mariadb-operator.github.io/mariadb-operator/assets/mariadb_profile.svg -appVersion: 25.10.2 diff --git a/clusters/cl01tl/storage/mariadb-operator/values.yaml b/clusters/cl01tl/storage/mariadb-operator/values.yaml deleted file mode 100644 index ccdd7949f..000000000 --- a/clusters/cl01tl/storage/mariadb-operator/values.yaml +++ /dev/null @@ -1,11 +0,0 @@ -mariadb-operator: - ha: - enabled: true - replicas: 3 - metrics: - enabled: true - serviceMonitor: - enabled: true - pdb: - enabled: true - maxUnavailable: 1 diff --git a/clusters/cl01tl/storage/nfs/Chart.yaml b/clusters/cl01tl/storage/nfs/Chart.yaml deleted file mode 100644 index 80bcdca6f..000000000 --- a/clusters/cl01tl/storage/nfs/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: nfs-subdir-external-provisioner -version: 1.0.0 -description: NFS Subdir External Provisioner -keywords: - - nfs-subdir-external-provisioner - - nfs - - storage - - kubernetes -home: https://wiki.alexlebens.dev/s/ac647404-3987-4875-a34c-9398ea75b841 -sources: - - https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner - - https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner/tree/master/charts/nfs-subdir-external-provisioner -maintainers: - - name: alexlebens -dependencies: - - name: nfs-subdir-external-provisioner - version: 4.0.18 - repository: https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/ -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png -appVersion: 4.0.18 diff --git a/clusters/cl01tl/storage/nfs/values.yaml b/clusters/cl01tl/storage/nfs/values.yaml deleted file mode 100644 index f4e2e36df..000000000 --- a/clusters/cl01tl/storage/nfs/values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -nfs-subdir-external-provisioner: - nfs: - server: 10.232.1.64 - path: /volume2/Talos - mountOptions: - - hard - - vers=4 - - minorversion=1 diff --git a/clusters/cl01tl/storage/pgadmin/Chart.yaml b/clusters/cl01tl/storage/pgadmin/Chart.yaml deleted file mode 100644 index b637d4f57..000000000 --- a/clusters/cl01tl/storage/pgadmin/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v2 -name: pgadmin4 -version: 1.0.0 -description: pgAdmin -keywords: - - pgadmin4 - - postgresql - - database -home: https://wiki.alexlebens.dev/s/afef464a-3d76-413a-80b1-b42596249a12 -sources: - - https://github.com/pgadmin-org/pgadmin4/ - - https://hub.docker.com/r/dpage/pgadmin4/ - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: pgadmin4 - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/pgadmin.png -appVersion: 9.3.0 diff --git a/clusters/cl01tl/storage/pgadmin/templates/external-secret.yaml b/clusters/cl01tl/storage/pgadmin/templates/external-secret.yaml deleted file mode 100644 index 72aae41cc..000000000 --- a/clusters/cl01tl/storage/pgadmin/templates/external-secret.yaml +++ /dev/null @@ -1,115 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: pgadmin-password-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: pgadmin-password-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: pgadmin-password - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/pgadmin/auth - metadataPolicy: None - property: pgadmin-password - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: pgadmin-env-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: pgadmin-env-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: PGADMIN_CONFIG_AUTHENTICATION_SOURCES - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/pgadmin/env - metadataPolicy: None - property: PGADMIN_CONFIG_AUTHENTICATION_SOURCES - - secretKey: PGADMIN_CONFIG_OAUTH2_AUTO_CREATE_USER - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/pgadmin/env - metadataPolicy: None - property: PGADMIN_CONFIG_OAUTH2_AUTO_CREATE_USER - - secretKey: PGADMIN_CONFIG_OAUTH2_CONFIG - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/pgadmin/env - metadataPolicy: None - property: PGADMIN_CONFIG_OAUTH2_CONFIG - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: pgadmin-data-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: pgadmin-data-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/pgadmin/pgadmin-data" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key diff --git a/clusters/cl01tl/storage/pgadmin/templates/http-route.yaml b/clusters/cl01tl/storage/pgadmin/templates/http-route.yaml deleted file mode 100644 index 37b82fba1..000000000 --- a/clusters/cl01tl/storage/pgadmin/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-pgadmin - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-pgadmin - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - pgadmin.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: pgadmin - port: 80 - weight: 100 diff --git a/clusters/cl01tl/storage/pgadmin/templates/replication-source.yaml b/clusters/cl01tl/storage/pgadmin/templates/replication-source.yaml deleted file mode 100644 index 9aafafe0e..000000000 --- a/clusters/cl01tl/storage/pgadmin/templates/replication-source.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: pgadmin-data-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: pgadmin-data-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: pgadmin-data - trigger: - schedule: 0 4 * * * - restic: - pruneIntervalDays: 7 - repository: pgadmin-data-backup-secret - retain: - hourly: 1 - daily: 3 - weekly: 2 - monthly: 2 - yearly: 4 - moverSecurityContext: - runAsUser: 5050 - runAsGroup: 5050 - copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/storage/pgadmin/values.yaml b/clusters/cl01tl/storage/pgadmin/values.yaml deleted file mode 100644 index de11312bf..000000000 --- a/clusters/cl01tl/storage/pgadmin/values.yaml +++ /dev/null @@ -1,72 +0,0 @@ -pgadmin4: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - initContainers: - init-chmod-data: - securityContext: - runAsUser: 0 - image: - repository: busybox - tag: 1.37.0 - pullPolicy: IfNotPresent - command: - - /bin/sh - - -ec - - | - /bin/chown -R 5050:5050 /var/lib/pgadmin - resources: - requests: - cpu: 10m - memory: 128Mi - containers: - main: - securityContext: - runAsUser: 5050 - runAsGroup: 5050 - image: - repository: dpage/pgadmin4 - tag: "9.10" - pullPolicy: IfNotPresent - env: - - name: PGADMIN_CONFIG_ENHANCED_COOKIE_PROTECTION - value: "False" - - name: PGADMIN_DEFAULT_EMAIL - value: alexanderlebens@gmail.com - - name: PGADMIN_DEFAULT_PASSWORD - valueFrom: - secretKeyRef: - name: pgadmin-password-secret - key: pgadmin-password - envFrom: - - secretRef: - name: pgadmin-env-secret - resources: - requests: - cpu: 10m - memory: 256Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 80 - protocol: TCP - persistence: - data: - forceRename: pgadmin4-data - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - init-chmod-data: - - path: /var/lib/pgadmin - readOnly: false - main: - - path: /var/lib/pgadmin - readOnly: false diff --git a/clusters/cl01tl/storage/redis-operator/Chart.yaml b/clusters/cl01tl/storage/redis-operator/Chart.yaml deleted file mode 100644 index 172c6dc75..000000000 --- a/clusters/cl01tl/storage/redis-operator/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: redis-operator -version: 1.0.0 -description: Redis on Kubernetes -keywords: - - redis-operator - - operator - - redis - - kubernetes -home: https://wiki.alexlebens.dev/s/ -sources: - - https://github.com/OT-CONTAINER-KIT/redis-operator - - https://github.com/OT-CONTAINER-KIT/redis-operator/tree/main/charts/redis-operator -maintainers: - - name: alexlebens -dependencies: - - name: redis-operator - version: 0.22.2 - repository: https://ot-container-kit.github.io/helm-charts/ -icon: https://github.com/OT-CONTAINER-KIT/redis-operator/raw/main/static/redis-operator-logo.svg -appVersion: v0.21.0 diff --git a/clusters/cl01tl/storage/redis-operator/values.yaml b/clusters/cl01tl/storage/redis-operator/values.yaml deleted file mode 100644 index 9a6ab8844..000000000 --- a/clusters/cl01tl/storage/redis-operator/values.yaml +++ /dev/null @@ -1,16 +0,0 @@ -redis-operator: - redisOperator: - imageName: ghcr.io/ot-container-kit/redis-operator/redis-operator - imageTag: v0.21.0 - metrics: - enabled: true - resources: - requests: - cpu: 50m - memory: 128Mi - replicas: 2 - certmanager: - enabled: false - manager: - config: - kubeClientTimeout: null diff --git a/clusters/cl01tl/storage/rook-ceph/Chart.yaml b/clusters/cl01tl/storage/rook-ceph/Chart.yaml deleted file mode 100644 index dc7217548..000000000 --- a/clusters/cl01tl/storage/rook-ceph/Chart.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v2 -name: rook-ceph -version: 1.0.0 -description: Rook Ceph -keywords: - - rook-ceph - - ceph - - storage - - kubernetes -home: https://wiki.alexlebens.dev/s/8592da1d-8168-4c6c-a3e4-106902fe878c -sources: - - https://github.com/rook/rook - - https://quay.io/repository/ceph/ceph?tab=tags - - https://github.com/rook/rook/tree/master/deploy/charts -maintainers: - - name: alexlebens -dependencies: - - name: rook-ceph - version: v1.18.7 - repository: https://charts.rook.io/release - - name: rook-ceph-cluster - version: v1.18.7 - repository: https://charts.rook.io/release - - name: cloudflared - alias: cloudflared-rgw - repository: oci://harbor.alexlebens.net/helm-charts - version: 1.23.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ceph.png -appVersion: v1.17.1 diff --git a/clusters/cl01tl/storage/rook-ceph/templates/external-secret.yaml b/clusters/cl01tl/storage/rook-ceph/templates/external-secret.yaml deleted file mode 100644 index c89aeecac..000000000 --- a/clusters/cl01tl/storage/rook-ceph/templates/external-secret.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: ceph-rgw-cloudflared-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ceph-rgw-cloudflared-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/ceph-rgw - metadataPolicy: None - property: token diff --git a/clusters/cl01tl/storage/rook-ceph/templates/http-route.yaml b/clusters/cl01tl/storage/rook-ceph/templates/http-route.yaml deleted file mode 100644 index c2a115ff7..000000000 --- a/clusters/cl01tl/storage/rook-ceph/templates/http-route.yaml +++ /dev/null @@ -1,58 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-rook-ceph - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-rook-ceph - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - ceph.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: rook-ceph-mgr-dashboard - port: 7000 - weight: 100 - ---- -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-rook-ceph-rgw - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-rook-ceph-rgw - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - objects.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: rook-ceph-rgw-ceph-objectstore - port: 80 - weight: 100 diff --git a/clusters/cl01tl/storage/rook-ceph/templates/namespace.yaml b/clusters/cl01tl/storage/rook-ceph/templates/namespace.yaml deleted file mode 100644 index 846716636..000000000 --- a/clusters/cl01tl/storage/rook-ceph/templates/namespace.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: rook-ceph - labels: - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - pod-security.kubernetes.io/audit: privileged - pod-security.kubernetes.io/enforce: privileged - pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/storage/rook-ceph/values.yaml b/clusters/cl01tl/storage/rook-ceph/values.yaml deleted file mode 100644 index 4168c3030..000000000 --- a/clusters/cl01tl/storage/rook-ceph/values.yaml +++ /dev/null @@ -1,198 +0,0 @@ -rook-ceph: - crds: - enabled: true - csi: - rookUseCsiOperator: true - cephFSKernelMountOptions: "ms_mode=secure" - enableMetadata: true - provisionerReplicas: 3 - serviceMonitor: - enabled: true - enableDiscoveryDaemon: true - monitoring: - enabled: true - -rook-ceph-cluster: - toolbox: - enabled: true - monitoring: - enabled: true - createPrometheusRules: true - prometheusRuleOverrides: - CephNodeDiskspaceWarning: - disabled: true - cephImage: - # https://quay.io/repository/ceph/ceph?tab=tags - repository: quay.io/ceph/ceph - tag: v19.2.3-20250717 - cephClusterSpec: - mgr: - count: 1 - modules: - - name: pg_autoscaler - enabled: true - - name: rook - enabled: true - dashboard: - enabled: true - ssl: false - network: - connections: - encryption: - enabled: true - compression: - enabled: true - requireMsgr2: true - placement: - all: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/rook-osd-node - operator: Exists - mon: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/rook-mon-node - operator: Exists - - key: node-role.kubernetes.io/control-plane - operator: Exists - tolerations: - - key: node-role.kubernetes.io/rook-mon-node - operator: Exists - - key: node-role.kubernetes.io/control-plane - operator: Exists - resources: - mgr: - requests: - cpu: 100m - memory: 512Mi - mon: - requests: - cpu: 200m - memory: 256Mi - osd: - requests: - cpu: 100m - memory: 2Gi - prepareosd: - requests: - cpu: 100m - memory: 128Mi - storage: - deviceFilter: sda - config: - osdsPerDevice: "1" - csi: - readAffinity: - enabled: true - cephBlockPools: - - name: ceph-blockpool - spec: - failureDomain: host - replicated: - size: 3 - enableRBDStats: false - storageClass: - enabled: true - name: ceph-block - isDefault: true - reclaimPolicy: Delete - allowVolumeExpansion: true - volumeBindingMode: "Immediate" - parameters: - imageFormat: "2" - imageFeatures: layering,exclusive-lock,object-map,fast-diff - csi.storage.k8s.io/provisioner-secret-name: rook-csi-rbd-provisioner - csi.storage.k8s.io/provisioner-secret-namespace: "{{ .Release.Namespace }}" - csi.storage.k8s.io/controller-expand-secret-name: rook-csi-rbd-provisioner - csi.storage.k8s.io/controller-expand-secret-namespace: "{{ .Release.Namespace }}" - csi.storage.k8s.io/node-stage-secret-name: rook-csi-rbd-node - csi.storage.k8s.io/node-stage-secret-namespace: "{{ .Release.Namespace }}" - csi.storage.k8s.io/fstype: ext4 - cephFileSystems: - - name: ceph-filesystem - spec: - metadataPool: - replicated: - size: 3 - dataPools: - - failureDomain: host - replicated: - size: 3 - name: data0 - metadataServer: - activeCount: 1 - activeStandby: true - resources: - requests: - cpu: "1000m" - memory: "4Gi" - priorityClassName: system-cluster-critical - storageClass: - enabled: true - isDefault: false - name: ceph-filesystem - pool: data0 - reclaimPolicy: Delete - allowVolumeExpansion: true - volumeBindingMode: "Immediate" - parameters: - csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner - csi.storage.k8s.io/provisioner-secret-namespace: "{{ .Release.Namespace }}" - csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner - csi.storage.k8s.io/controller-expand-secret-namespace: "{{ .Release.Namespace }}" - csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node - csi.storage.k8s.io/node-stage-secret-namespace: "{{ .Release.Namespace }}" - csi.storage.k8s.io/fstype: ext4 - cephFileSystemVolumeSnapshotClass: - enabled: true - name: ceph-filesystem - isDefault: false - deletionPolicy: Delete - cephBlockPoolsVolumeSnapshotClass: - enabled: true - name: ceph-blockpool-snapshot - isDefault: true - deletionPolicy: Delete - cephObjectStores: - - name: ceph-objectstore - spec: - metadataPool: - failureDomain: host - replicated: - size: 3 - dataPool: - failureDomain: host - erasureCoded: - dataChunks: 2 - codingChunks: 1 - parameters: - bulk: "true" - preservePoolsOnDelete: true - gateway: - port: 80 - resources: - requests: - cpu: "1000m" - memory: "1Gi" - instances: 1 - priorityClassName: system-cluster-critical - hosting: - dnsNames: - - objects.alexlebens.dev - - objects.alexlebens.net - storageClass: - enabled: true - name: ceph-bucket - reclaimPolicy: Delete - volumeBindingMode: "Immediate" - parameters: - region: us-east-1 - -cloudflared-rgw: - existingSecretName: ceph-rgw-cloudflared-secret - name: cloudflared-rgw diff --git a/clusters/cl01tl/storage/snapshot-controller/Chart.yaml b/clusters/cl01tl/storage/snapshot-controller/Chart.yaml deleted file mode 100644 index 6c7cff5d5..000000000 --- a/clusters/cl01tl/storage/snapshot-controller/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: snapshot-controller -version: 1.0.0 -description: Snapshot Controller -keywords: - - snapshot-controller - - snapshots - - storage - - kubernetes -home: https://wiki.alexlebens.dev/s/67c065ac-bbc7-4d35-be62-af5b65ed8330 -sources: - - https://github.com/kubernetes-csi/external-snapshotter - - https://github.com/piraeusdatastore/helm-charts/tree/main/charts/snapshot-controller -maintainers: - - name: alexlebens -dependencies: - - name: snapshot-controller - version: 4.2.0 - repository: https://piraeus.io/helm-charts/ -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png -appVersion: v8.2.1 diff --git a/clusters/cl01tl/storage/snapshot-controller/values.yaml b/clusters/cl01tl/storage/snapshot-controller/values.yaml deleted file mode 100644 index d38def948..000000000 --- a/clusters/cl01tl/storage/snapshot-controller/values.yaml +++ /dev/null @@ -1,15 +0,0 @@ -snapshot-controller: - controller: - replicaCount: 3 - args: - leaderElection: true - leaderElectionNamespace: snapshot-controller - image: - repository: registry.k8s.io/sig-storage/snapshot-controller - tag: v8.4.0 - resources: - requests: - cpu: 50m - memory: 128Mi - serviceMonitor: - create: true diff --git a/clusters/cl01tl/storage/volsync/Chart.yaml b/clusters/cl01tl/storage/volsync/Chart.yaml deleted file mode 100644 index f4cb6b727..000000000 --- a/clusters/cl01tl/storage/volsync/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v2 -name: volsync -version: 1.0.0 -description: Volsync -keywords: - - volsync - - backup - - storage - - s3 - - kubernetes -home: https://wiki.alexlebens.dev/s/6858726b-5219-46ee-b9b7-6e1f6c125f6b -sources: - - https://github.com/backube/volsync - - https://github.com/backube/volsync/tree/main/helm/volsync -maintainers: - - name: alexlebens -dependencies: - - name: volsync - version: 0.14.0 - repository: https://backube.github.io/helm-charts/ -icon: https://raw.githubusercontent.com/backube/volsync/main/docs/media/volsync.svg?sanitize=true -appVersion: 0.12.1 diff --git a/clusters/cl01tl/storage/volsync/values.yaml b/clusters/cl01tl/storage/volsync/values.yaml deleted file mode 100644 index 63e33308b..000000000 --- a/clusters/cl01tl/storage/volsync/values.yaml +++ /dev/null @@ -1,15 +0,0 @@ -volsync: - replicaCount: 3 - manageCRDs: true - metrics: - disableAuth: true - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - resources: - requests: - cpu: 10m - memory: 128Mi diff --git a/clusters/cl01tl/storage/whodb/Chart.yaml b/clusters/cl01tl/storage/whodb/Chart.yaml deleted file mode 100644 index 40f7147f9..000000000 --- a/clusters/cl01tl/storage/whodb/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v2 -name: whodb -version: 1.0.0 -description: WhoDB -keywords: - - whodb - - postgresql - - database -home: https://wiki.alexlebens.dev/s/f329e026-7ade-4a3c-a5f1-1ac1492b9786 -sources: - - https://github.com/clidey/whodb - - https://hub.docker.com/r/clidey/whodb - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: whodb - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.4.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/whodb.png -appVersion: 0.53.0 diff --git a/clusters/cl01tl/storage/whodb/templates/http-route.yaml b/clusters/cl01tl/storage/whodb/templates/http-route.yaml deleted file mode 100644 index 0e16e79d6..000000000 --- a/clusters/cl01tl/storage/whodb/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-whodb - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-whodb - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - whodb.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: whodb - port: 80 - weight: 100 diff --git a/clusters/cl01tl/storage/whodb/values.yaml b/clusters/cl01tl/storage/whodb/values.yaml deleted file mode 100644 index e077482a1..000000000 --- a/clusters/cl01tl/storage/whodb/values.yaml +++ /dev/null @@ -1,29 +0,0 @@ -whodb: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - containers: - main: - image: - repository: clidey/whodb - tag: 0.77.0 - pullPolicy: IfNotPresent - env: - - name: WHODB_OLLAMA_HOST - value: ollama-server-2.ollama - - name: WHODB_OLLAMA_PORT - value: 11434 - resources: - requests: - cpu: 10m - memory: 256Mi - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 8080 - protocol: TCP diff --git a/hosts/pd05wd/ollama/.ts-env b/hosts/pd05wd/ollama/.ts-env deleted file mode 100644 index 4c297bf5a..000000000 --- a/hosts/pd05wd/ollama/.ts-env +++ /dev/null @@ -1 +0,0 @@ -TS_AUTHKEY="" diff --git a/hosts/pd05wd/ollama/compose.yaml b/hosts/pd05wd/ollama/compose.yaml deleted file mode 100644 index a1f05b63a..000000000 --- a/hosts/pd05wd/ollama/compose.yaml +++ /dev/null @@ -1,61 +0,0 @@ ---- -services: - tailscale-ollama: - image: ghcr.io/tailscale/tailscale:latest - container_name: tailscale-ollama - cap_add: - - net_admin - - sys_module - environment: - - TS_STATE_DIR=/var/lib/tailscale - - TS_ENABLE_METRICS=true - - TS_HOSTNAME=ollama-pd05wd - env_file: - - .ts-env - labels: - - "com.centurylinklabs.watchtower.scope=ollama" - network_mode: service:ollama - restart: always - volumes: - - tailscale:/var/lib/tailscale - devices: - - /dev/net/tun:/dev/net/tun - - watchtower: - image: ghcr.io/containrrr/watchtower:latest - container_name: ollama-watchtower - command: --scope ollama - environment: - - TZ=America/Chicago - - WATCHTOWER_HTTP_API_METRICS=true - - WATCHTOWER_HTTP_API_TOKEN=token - - WATCHTOWER_CLEANUP=true - - WATCHTOWER_POLL_INTERVAL=3600 - labels: - - "com.centurylinklabs.watchtower.scope=ollama" - network_mode: service:ollama - restart: always - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - ollama: - image: ollama/ollama:latest - container_name: ollama - environment: - - OLLAMA_KEEP_ALIVE=24h - labels: - - "com.centurylinklabs.watchtower.scope=ollama" - restart: always - deploy: - resources: - reservations: - devices: - - driver: nvidia - capabilities: ["gpu"] - count: all - volumes: - - ollama:/root/.ollama - -volumes: - tailscale: - ollama: diff --git a/hosts/pd05wd/stable-diffusion/.ts-env b/hosts/pd05wd/stable-diffusion/.ts-env deleted file mode 100644 index 4c297bf5a..000000000 --- a/hosts/pd05wd/stable-diffusion/.ts-env +++ /dev/null @@ -1 +0,0 @@ -TS_AUTHKEY="" diff --git a/hosts/pd05wd/stable-diffusion/compose.yaml b/hosts/pd05wd/stable-diffusion/compose.yaml deleted file mode 100644 index dd3739224..000000000 --- a/hosts/pd05wd/stable-diffusion/compose.yaml +++ /dev/null @@ -1,68 +0,0 @@ ---- -services: - tailscale-stable-diffusion: - image: ghcr.io/tailscale/tailscale:latest - container_name: tailscale-stable-diffusion - cap_add: - - net_admin - - sys_module - environment: - - TS_STATE_DIR=/var/lib/tailscale - - TS_ENABLE_METRICS=true - - TS_HOSTNAME=stable-diffusion-pd05wd - - TS_SERVE_CONFIG=/config/serve.json - env_file: - - .ts-env - labels: - - "com.centurylinklabs.watchtower.scope=stable-diffusion" - network_mode: service:stable-diffusion - restart: always - volumes: - - tailscale:/var/lib/tailscale - - ./serve.json:/config/serve.json - devices: - - /dev/net/tun:/dev/net/tun - - watchtower: - image: ghcr.io/containrrr/watchtower:latest - container_name: stable-diffusion-watchtower - command: --scope stable-diffusion - environment: - - TZ=America/Chicago - - WATCHTOWER_HTTP_API_METRICS=true - - WATCHTOWER_HTTP_API_TOKEN=token - - WATCHTOWER_CLEANUP=true - - WATCHTOWER_POLL_INTERVAL=3600 - labels: - - "com.centurylinklabs.watchtower.scope=stable-diffusion" - network_mode: service:stable-diffusion - restart: always - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - stable-diffusion: - image: ghcr.io/ai-dock/stable-diffusion-webui:latest-cuda - container_name: stable-diffusion - environment: - - WEBUI_ARGS="--api --listen" - - CF_QUICK_TUNNELS=false - - WEB_ENABLE_AUTH=false - - PORT="17860" - - SUPERVISOR_NO_AUTOSTART=jupyter,syncthing - labels: - - "com.centurylinklabs.watchtower.scope=stable-diffusion" - restart: always - deploy: - resources: - reservations: - devices: - - driver: nvidia - capabilities: ["gpu"] - count: all - volumes: - - workspace:/workspace:rshared - - ./models:/opt/stable-diffusion-webui/models/Stable-diffusion - -volumes: - tailscale: - workspace: diff --git a/hosts/pd05wd/stable-diffusion/serve.json b/hosts/pd05wd/stable-diffusion/serve.json deleted file mode 100644 index b8868fefa..000000000 --- a/hosts/pd05wd/stable-diffusion/serve.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "TCP": { - "443": { - "HTTPS": true - } - }, - "Web": { - "${TS_CERT_DOMAIN}:443": { - "Handlers": { - "/": { - "Proxy": "http://127.0.0.1:17860" - } - } - } - } -} diff --git a/hosts/ps08rp/blocky/compose.yaml b/hosts/ps08rp/blocky/compose.yaml deleted file mode 100644 index 7bc8bc7ed..000000000 --- a/hosts/ps08rp/blocky/compose.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -services: - tailscale-blocky: - image: ghcr.io/tailscale/tailscale:v1.90.8 - container_name: tailscale-blocky - cap_add: - - net_admin - - sys_module - environment: - - TS_STATE_DIR=/var/lib/tailscale - - TS_ENABLE_METRICS=true - - TS_HOSTNAME=blocky-ps08rp - network_mode: service:blocky - restart: always - volumes: - - tailscale:/var/lib/tailscale - devices: - - /dev/net/tun:/dev/net/tun - - blocky: - image: ghcr.io/0xerr0r/blocky:v0.28.2 - container_name: blocky - environment: - - TZ=America/Chicago - ports: - - 0.0.0.0:53:53/tcp - - 0.0.0.0:53:53/udp - restart: always - volumes: - - ./config.yml:/app/config.yml - -volumes: - tailscale: diff --git a/hosts/ps08rp/blocky/config.yml b/hosts/ps08rp/blocky/config.yml deleted file mode 100644 index 874492a5b..000000000 --- a/hosts/ps08rp/blocky/config.yml +++ /dev/null @@ -1,240 +0,0 @@ -upstreams: - init: - strategy: fast - groups: - default: - - tcp-tls:1.1.1.1:853 - - tcp-tls:1.0.0.1:853 - strategy: parallel_best - timeout: 2s - -connectIPVersion: v4 - -customDNS: - filterUnmappedTypes: false - zone: | - $ORIGIN alexlebens.net. - $TTL 86400 - - ;; Name Server - IN NS patryk.ns.cloudflare.com. - IN NS veda.ns.cloudflare.com. - IN NS dns1. - IN NS dns2. - IN NS dns3. - - dns1 IN A 10.232.1.22 - dns2 IN A 10.232.1.51 - dns3 IN A 10.232.1.52 - - - ;; Computer Names - nw01un IN A 192.168.1.1 ; Unifi Gateway - - ps08rp IN A 10.232.1.51 ; DNS - ps09rp IN A 10.232.1.52 ; DNS - ps02sn IN A 10.232.1.61 ; Synology Web - ps02sn-bond IN A 10.232.1.64 ; Synology Bond for Storage - - pd05wd IN A 10.230.0.115 ; Desktop - pl02mc IN A 10.230.0.105 ; Laptop - - dv01hr IN A 10.232.1.72 ; HD Homerun - dv02kv IN A 10.232.1.71 ; Pi KVM - - it01ag IN A 10.232.1.83 ; Airgradient - it02ph IN A 10.232.1.85 ; Phillips Hue - it03tb IN A 10.232.1.81 ; TubesZB ZigBee - it04tb IN A 10.232.1.82 ; TubesZB Z-Wave - it05sp IN A 10.230.0.100 ; Shelly Plug - - - ;; Common Names - synology IN CNAME ps02sn - synologybond IN CNAME ps02sn-bond - unifi IN CNAME nw01un - airgradient IN CNAME it01ag - hdhr IN CNAME dv01hr - pikvm IN CNAME dv02kv - - - ;; Service Names - cl01tl IN A 10.232.1.11 - cl01tl IN A 10.232.1.12 - cl01tl IN A 10.232.1.13 - - cl01tl-api IN A 10.232.1.11 - cl01tl-api IN A 10.232.1.12 - cl01tl-api IN A 10.232.1.13 - - cl01tl-endpoint IN A 10.232.1.21 - cl01tl-endpoint IN A 10.232.1.22 - cl01tl-endpoint IN A 10.232.1.23 - - cl01tl-gateway IN A 10.232.1.200 - - traefik-cl01tl IN A 10.232.1.21 - blocky IN A 10.232.1.22 - plex-lb IN A 10.232.1.23 - - - ;; Application Names - actual IN CNAME traefik-cl01tl - alertmanager IN CNAME traefik-cl01tl - argo-workflows IN CNAME traefik-cl01tl - argocd IN CNAME traefik-cl01tl - audiobookshelf IN CNAME traefik-cl01tl - authentik IN CNAME traefik-cl01tl - backrest IN CNAME traefik-cl01tl - bazarr IN CNAME traefik-cl01tl - booklore IN CNAME traefik-cl01tl - ceph IN CNAME traefik-cl01tl - code-server IN CNAME traefik-cl01tl - ephemera IN CNAME traefik-cl01tl - garage-s3 IN CNAME traefik-cl01tl - garage-webui IN CNAME traefik-cl01tl - gatus IN CNAME traefik-cl01tl - gitea IN CNAME traefik-cl01tl - grafana IN CNAME traefik-cl01tl - harbor IN CNAME traefik-cl01tl - headlamp IN CNAME traefik-cl01tl - home IN CNAME traefik-cl01tl - home-assistant IN CNAME traefik-cl01tl - home-assistant-code-server IN CNAME traefik-cl01tl - hubble IN CNAME cl01tl-gateway - huntarr IN CNAME traefik-cl01tl - immich IN CNAME traefik-cl01tl - jellyfin IN CNAME traefik-cl01tl - jellystat IN CNAME traefik-cl01tl - kiwix IN CNAME traefik-cl01tl - komodo IN CNAME traefik-cl01tl - kronic IN CNAME traefik-cl01tl - lidarr IN CNAME traefik-cl01tl - lidatube IN CNAME traefik-cl01tl - listenarr IN CNAME traefik-cl01tl - mail IN CNAME traefik-cl01tl - n8n IN CNAME traefik-cl01tl - ntfy IN CNAME traefik-cl01tl - objects IN CNAME traefik-cl01tl - ollama IN CNAME traefik-cl01tl - omni-tools IN CNAME traefik-cl01tl - overseerr IN CNAME traefik-cl01tl - pgadmin IN CNAME traefik-cl01tl - photoview IN CNAME traefik-cl01tl - plex IN CNAME traefik-cl01tl - postiz IN CNAME traefik-cl01tl - prometheus IN CNAME traefik-cl01tl - prowlarr IN CNAME traefik-cl01tl - qbittorrent IN CNAME traefik-cl01tl - qui IN CNAME traefik-cl01tl - radarr IN CNAME traefik-cl01tl - radarr-4k IN CNAME traefik-cl01tl - radarr-anime IN CNAME traefik-cl01tl - radarr-standup IN CNAME traefik-cl01tl - searxng IN CNAME traefik-cl01tl - slskd IN CNAME traefik-cl01tl - sonarr IN CNAME traefik-cl01tl - sonarr-4k IN CNAME traefik-cl01tl - sonarr-anime IN CNAME traefik-cl01tl - stalwart IN CNAME traefik-cl01tl - tautulli IN CNAME traefik-cl01tl - tdarr IN CNAME traefik-cl01tl - tubearchivist IN CNAME traefik-cl01tl - vault IN CNAME traefik-cl01tl - whodb IN CNAME traefik-cl01tl - yamtrack IN CNAME traefik-cl01tl - -blocking: - denylists: - sus: - - https://v.firebog.net/hosts/static/w3kbl.txt - ads: - - https://v.firebog.net/hosts/AdguardDNS.txt - - https://v.firebog.net/hosts/Admiral.txt - - https://v.firebog.net/hosts/Easylist.txt - - https://adaway.org/hosts.txt - priv: - - https://v.firebog.net/hosts/Easyprivacy.txt - - https://v.firebog.net/hosts/Prigent-Ads.txt - mal: - - https://v.firebog.net/hosts/Prigent-Crypto.txt - - https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt - pro: - - https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/pro.plus.txt - allowlists: - sus: - - | - *.alexlebens.net - *.alexlebens.dev - *.boreal-beaufort.ts.net - ads: - - | - *.alexlebens.net - *.alexlebens.dev - *.boreal-beaufort.ts.net - priv: - - | - *.alexlebens.net - *.alexlebens.dev - *.boreal-beaufort.ts.net - mal: - - | - *.alexlebens.net - *.alexlebens.dev - *.boreal-beaufort.ts.net - pro: - - | - *.alexlebens.net - *.alexlebens.dev - *.boreal-beaufort.ts.net - clientGroupsBlock: - default: - - sus - - ads - - priv - - mal - - pro - blockType: zeroIp - blockTTL: 1m - loading: - refreshPeriod: 24h - downloads: - timeout: 60s - attempts: 5 - cooldown: 10s - concurrency: 16 - strategy: fast - maxErrorsPerSource: 5 - -caching: - minTime: 5m - maxTime: 30m - maxItemsCount: 0 - prefetching: true - prefetchExpires: 2h - prefetchThreshold: 5 - prefetchMaxItemsCount: 0 - cacheTimeNegative: 30m - -prometheus: - enable: true - path: /metrics - -queryLog: - type: console - logRetentionDays: 7 - creationAttempts: 1 - creationCooldown: 2s - flushInterval: 30s - -minTlsServeVersion: 1.3 - -ports: - dns: 53 - http: 4000 - -log: - level: info - format: text - timestamp: true - privacy: false diff --git a/hosts/ps08rp/node-exporter/compose.yaml b/hosts/ps08rp/node-exporter/compose.yaml deleted file mode 100644 index 63a16dbeb..000000000 --- a/hosts/ps08rp/node-exporter/compose.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -services: - node-exporter: - image: quay.io/prometheus/node-exporter:v1.10.2 - container_name: node-exporter - command: - - '--path.rootfs=/rootfs' - ports: - - 0.0.0.0:9100:9100 - pid: host - restart: always - volumes: - - /:/rootfs:ro diff --git a/hosts/ps08rp/traefik/compose.yaml b/hosts/ps08rp/traefik/compose.yaml deleted file mode 100644 index ac6ee8ae8..000000000 --- a/hosts/ps08rp/traefik/compose.yaml +++ /dev/null @@ -1,72 +0,0 @@ ---- -services: - traefik: - image: ghcr.io/traefik/traefik:v3.6.2 - container_name: traefik - command: - - "--global.checkNewVersion=false" - - "--global.sendAnonymousUsage=false" - - "--api.insecure=false" - - "--api.dashboard=true" - - "--log.level=INFO" - - "--providers.docker=true" - - "--providers.docker.exposedbydefault=false" - - "--entryPoints.web.address=:80" - - "--entrypoints.web.http.redirections.entryPoint.to=web-secure" - - "--entrypoints.web.http.redirections.entryPoint.scheme=https" - - "--entryPoints.web-secure.address=:443" - - "--entryPoints.web-secure.http.tls.options=default" - - "--entryPoints.web-secure.http.tls.certResolver=cloudflare" - - "--entryPoints.web-secure.http.tls.domains[0].main=*.alexlebens.net" - - "--entryPoints.web-secure.http.tls.domains[0].sans[0]=alexlebens.net" - - "--certificatesresolvers.cloudflare.acme.dnschallenge=true" - - "--certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare" - - "--certificatesresolvers.cloudflare.acme.dnschallenge.delaybeforecheck=10" - - "--certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=1.1.1.1:53" - - "--certificatesresolvers.cloudflare.acme.email=alexanderlebens@gmail.com" - - "--certificatesresolvers.cloudflare.acme.storage=acme.json" - - "--metrics.prometheus=true" - - "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0" - - "--metrics.prometheus.addEntryPointsLabels=true" - - "--metrics.prometheus.addRoutersLabels=true" - - "--metrics.prometheus.addServicesLabels=true" - - "--metrics.prometheus.entryPoint=web-secure" - - "--metrics.prometheus.manualRouting=true" - env_file: - - .env - environment: - - PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - labels: - traefik.enable: true - traefik.docker.network: internal - traefik.http.routers.dashboard.entrypoints: web-secure - traefik.http.routers.dashboard.rule: (Host(`traefik-ps08rp.alexlebens.net`) && (PathPrefix(`/api/`) || PathPrefix(`/dashboard/`))) - traefik.http.routers.dashboard.service: api@internal - traefik.http.routers.dashboard.tls: true - traefik.http.routers.dashboard.tls.certresolver: cloudflare - traefik.http.routers.metrics.entrypoints: web-secure - traefik.http.routers.metrics.rule: (Host(`traefik-ps08rp.alexlebens.net`) && Path(`/metrics`)) - traefik.http.routers.metrics.service: prometheus@internal - traefik.http.routers.metrics.tls: true - traefik.http.routers.metrics.tls.certresolver: cloudflare - networks: - internal: null - ports: - - 0.0.0.0:80:80 - - 0.0.0.0:443:443 - privileged: true - restart: always - volumes: - - letsencrypt:/letsencrypt - - /var/run/docker.sock:/var/run/docker.sock:ro - -networks: - internal: - name: internal - driver: bridge - ipam: - config: - - subnet: 172.20.0.0/16 - -volumes: - letsencrypt: diff --git a/hosts/ps09rp/blocky/compose.yaml b/hosts/ps09rp/blocky/compose.yaml deleted file mode 100644 index 564b2ec6f..000000000 --- a/hosts/ps09rp/blocky/compose.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -services: - tailscale-blocky: - image: ghcr.io/tailscale/tailscale:v1.90.8 - container_name: tailscale-blocky - cap_add: - - net_admin - - sys_module - environment: - - TS_STATE_DIR=/var/lib/tailscale - - TS_ENABLE_METRICS=true - - TS_HOSTNAME=blocky-ps09rp - network_mode: service:blocky - restart: always - volumes: - - tailscale:/var/lib/tailscale - devices: - - /dev/net/tun:/dev/net/tun - - blocky: - image: ghcr.io/0xerr0r/blocky:v0.28.2 - container_name: blocky - environment: - - TZ=America/Chicago - ports: - - 0.0.0.0:53:53/tcp - - 0.0.0.0:53:53/udp - restart: always - volumes: - - ./config.yml:/app/config.yml - -volumes: - tailscale: diff --git a/hosts/ps09rp/blocky/config.yml b/hosts/ps09rp/blocky/config.yml deleted file mode 100644 index 874492a5b..000000000 --- a/hosts/ps09rp/blocky/config.yml +++ /dev/null @@ -1,240 +0,0 @@ -upstreams: - init: - strategy: fast - groups: - default: - - tcp-tls:1.1.1.1:853 - - tcp-tls:1.0.0.1:853 - strategy: parallel_best - timeout: 2s - -connectIPVersion: v4 - -customDNS: - filterUnmappedTypes: false - zone: | - $ORIGIN alexlebens.net. - $TTL 86400 - - ;; Name Server - IN NS patryk.ns.cloudflare.com. - IN NS veda.ns.cloudflare.com. - IN NS dns1. - IN NS dns2. - IN NS dns3. - - dns1 IN A 10.232.1.22 - dns2 IN A 10.232.1.51 - dns3 IN A 10.232.1.52 - - - ;; Computer Names - nw01un IN A 192.168.1.1 ; Unifi Gateway - - ps08rp IN A 10.232.1.51 ; DNS - ps09rp IN A 10.232.1.52 ; DNS - ps02sn IN A 10.232.1.61 ; Synology Web - ps02sn-bond IN A 10.232.1.64 ; Synology Bond for Storage - - pd05wd IN A 10.230.0.115 ; Desktop - pl02mc IN A 10.230.0.105 ; Laptop - - dv01hr IN A 10.232.1.72 ; HD Homerun - dv02kv IN A 10.232.1.71 ; Pi KVM - - it01ag IN A 10.232.1.83 ; Airgradient - it02ph IN A 10.232.1.85 ; Phillips Hue - it03tb IN A 10.232.1.81 ; TubesZB ZigBee - it04tb IN A 10.232.1.82 ; TubesZB Z-Wave - it05sp IN A 10.230.0.100 ; Shelly Plug - - - ;; Common Names - synology IN CNAME ps02sn - synologybond IN CNAME ps02sn-bond - unifi IN CNAME nw01un - airgradient IN CNAME it01ag - hdhr IN CNAME dv01hr - pikvm IN CNAME dv02kv - - - ;; Service Names - cl01tl IN A 10.232.1.11 - cl01tl IN A 10.232.1.12 - cl01tl IN A 10.232.1.13 - - cl01tl-api IN A 10.232.1.11 - cl01tl-api IN A 10.232.1.12 - cl01tl-api IN A 10.232.1.13 - - cl01tl-endpoint IN A 10.232.1.21 - cl01tl-endpoint IN A 10.232.1.22 - cl01tl-endpoint IN A 10.232.1.23 - - cl01tl-gateway IN A 10.232.1.200 - - traefik-cl01tl IN A 10.232.1.21 - blocky IN A 10.232.1.22 - plex-lb IN A 10.232.1.23 - - - ;; Application Names - actual IN CNAME traefik-cl01tl - alertmanager IN CNAME traefik-cl01tl - argo-workflows IN CNAME traefik-cl01tl - argocd IN CNAME traefik-cl01tl - audiobookshelf IN CNAME traefik-cl01tl - authentik IN CNAME traefik-cl01tl - backrest IN CNAME traefik-cl01tl - bazarr IN CNAME traefik-cl01tl - booklore IN CNAME traefik-cl01tl - ceph IN CNAME traefik-cl01tl - code-server IN CNAME traefik-cl01tl - ephemera IN CNAME traefik-cl01tl - garage-s3 IN CNAME traefik-cl01tl - garage-webui IN CNAME traefik-cl01tl - gatus IN CNAME traefik-cl01tl - gitea IN CNAME traefik-cl01tl - grafana IN CNAME traefik-cl01tl - harbor IN CNAME traefik-cl01tl - headlamp IN CNAME traefik-cl01tl - home IN CNAME traefik-cl01tl - home-assistant IN CNAME traefik-cl01tl - home-assistant-code-server IN CNAME traefik-cl01tl - hubble IN CNAME cl01tl-gateway - huntarr IN CNAME traefik-cl01tl - immich IN CNAME traefik-cl01tl - jellyfin IN CNAME traefik-cl01tl - jellystat IN CNAME traefik-cl01tl - kiwix IN CNAME traefik-cl01tl - komodo IN CNAME traefik-cl01tl - kronic IN CNAME traefik-cl01tl - lidarr IN CNAME traefik-cl01tl - lidatube IN CNAME traefik-cl01tl - listenarr IN CNAME traefik-cl01tl - mail IN CNAME traefik-cl01tl - n8n IN CNAME traefik-cl01tl - ntfy IN CNAME traefik-cl01tl - objects IN CNAME traefik-cl01tl - ollama IN CNAME traefik-cl01tl - omni-tools IN CNAME traefik-cl01tl - overseerr IN CNAME traefik-cl01tl - pgadmin IN CNAME traefik-cl01tl - photoview IN CNAME traefik-cl01tl - plex IN CNAME traefik-cl01tl - postiz IN CNAME traefik-cl01tl - prometheus IN CNAME traefik-cl01tl - prowlarr IN CNAME traefik-cl01tl - qbittorrent IN CNAME traefik-cl01tl - qui IN CNAME traefik-cl01tl - radarr IN CNAME traefik-cl01tl - radarr-4k IN CNAME traefik-cl01tl - radarr-anime IN CNAME traefik-cl01tl - radarr-standup IN CNAME traefik-cl01tl - searxng IN CNAME traefik-cl01tl - slskd IN CNAME traefik-cl01tl - sonarr IN CNAME traefik-cl01tl - sonarr-4k IN CNAME traefik-cl01tl - sonarr-anime IN CNAME traefik-cl01tl - stalwart IN CNAME traefik-cl01tl - tautulli IN CNAME traefik-cl01tl - tdarr IN CNAME traefik-cl01tl - tubearchivist IN CNAME traefik-cl01tl - vault IN CNAME traefik-cl01tl - whodb IN CNAME traefik-cl01tl - yamtrack IN CNAME traefik-cl01tl - -blocking: - denylists: - sus: - - https://v.firebog.net/hosts/static/w3kbl.txt - ads: - - https://v.firebog.net/hosts/AdguardDNS.txt - - https://v.firebog.net/hosts/Admiral.txt - - https://v.firebog.net/hosts/Easylist.txt - - https://adaway.org/hosts.txt - priv: - - https://v.firebog.net/hosts/Easyprivacy.txt - - https://v.firebog.net/hosts/Prigent-Ads.txt - mal: - - https://v.firebog.net/hosts/Prigent-Crypto.txt - - https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt - pro: - - https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/pro.plus.txt - allowlists: - sus: - - | - *.alexlebens.net - *.alexlebens.dev - *.boreal-beaufort.ts.net - ads: - - | - *.alexlebens.net - *.alexlebens.dev - *.boreal-beaufort.ts.net - priv: - - | - *.alexlebens.net - *.alexlebens.dev - *.boreal-beaufort.ts.net - mal: - - | - *.alexlebens.net - *.alexlebens.dev - *.boreal-beaufort.ts.net - pro: - - | - *.alexlebens.net - *.alexlebens.dev - *.boreal-beaufort.ts.net - clientGroupsBlock: - default: - - sus - - ads - - priv - - mal - - pro - blockType: zeroIp - blockTTL: 1m - loading: - refreshPeriod: 24h - downloads: - timeout: 60s - attempts: 5 - cooldown: 10s - concurrency: 16 - strategy: fast - maxErrorsPerSource: 5 - -caching: - minTime: 5m - maxTime: 30m - maxItemsCount: 0 - prefetching: true - prefetchExpires: 2h - prefetchThreshold: 5 - prefetchMaxItemsCount: 0 - cacheTimeNegative: 30m - -prometheus: - enable: true - path: /metrics - -queryLog: - type: console - logRetentionDays: 7 - creationAttempts: 1 - creationCooldown: 2s - flushInterval: 30s - -minTlsServeVersion: 1.3 - -ports: - dns: 53 - http: 4000 - -log: - level: info - format: text - timestamp: true - privacy: false diff --git a/hosts/ps09rp/node-exporter/compose.yaml b/hosts/ps09rp/node-exporter/compose.yaml deleted file mode 100644 index 63a16dbeb..000000000 --- a/hosts/ps09rp/node-exporter/compose.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -services: - node-exporter: - image: quay.io/prometheus/node-exporter:v1.10.2 - container_name: node-exporter - command: - - '--path.rootfs=/rootfs' - ports: - - 0.0.0.0:9100:9100 - pid: host - restart: always - volumes: - - /:/rootfs:ro diff --git a/hosts/ps09rp/traefik/compose.yaml b/hosts/ps09rp/traefik/compose.yaml deleted file mode 100644 index da860c024..000000000 --- a/hosts/ps09rp/traefik/compose.yaml +++ /dev/null @@ -1,72 +0,0 @@ ---- -services: - traefik: - image: ghcr.io/traefik/traefik:v3.6.2 - container_name: traefik - command: - - "--global.checkNewVersion=false" - - "--global.sendAnonymousUsage=false" - - "--api.insecure=false" - - "--api.dashboard=true" - - "--log.level=INFO" - - "--providers.docker=true" - - "--providers.docker.exposedbydefault=false" - - "--entryPoints.web.address=:80" - - "--entrypoints.web.http.redirections.entryPoint.to=web-secure" - - "--entrypoints.web.http.redirections.entryPoint.scheme=https" - - "--entryPoints.web-secure.address=:443" - - "--entryPoints.web-secure.http.tls.options=default" - - "--entryPoints.web-secure.http.tls.certResolver=cloudflare" - - "--entryPoints.web-secure.http.tls.domains[0].main=*.alexlebens.net" - - "--entryPoints.web-secure.http.tls.domains[0].sans[0]=alexlebens.net" - - "--certificatesresolvers.cloudflare.acme.dnschallenge=true" - - "--certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare" - - "--certificatesresolvers.cloudflare.acme.dnschallenge.delaybeforecheck=10" - - "--certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=1.1.1.1:53" - - "--certificatesresolvers.cloudflare.acme.email=alexanderlebens@gmail.com" - - "--certificatesresolvers.cloudflare.acme.storage=acme.json" - - "--metrics.prometheus=true" - - "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0" - - "--metrics.prometheus.addEntryPointsLabels=true" - - "--metrics.prometheus.addRoutersLabels=true" - - "--metrics.prometheus.addServicesLabels=true" - - "--metrics.prometheus.entryPoint=web-secure" - - "--metrics.prometheus.manualRouting=true" - env_file: - - .env - environment: - - PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - labels: - traefik.enable: true - traefik.docker.network: internal - traefik.http.routers.dashboard.entrypoints: web-secure - traefik.http.routers.dashboard.rule: (Host(`traefik-ps09rp.alexlebens.net`) && (PathPrefix(`/api/`) || PathPrefix(`/dashboard/`))) - traefik.http.routers.dashboard.service: api@internal - traefik.http.routers.dashboard.tls: true - traefik.http.routers.dashboard.tls.certresolver: cloudflare - traefik.http.routers.metrics.entrypoints: web-secure - traefik.http.routers.metrics.rule: (Host(`traefik-ps09rp.alexlebens.net`) && Path(`/metrics`)) - traefik.http.routers.metrics.service: prometheus@internal - traefik.http.routers.metrics.tls: true - traefik.http.routers.metrics.tls.certresolver: cloudflare - networks: - internal: null - ports: - - 0.0.0.0:80:80 - - 0.0.0.0:443:443 - privileged: true - restart: always - volumes: - - letsencrypt:/letsencrypt - - /var/run/docker.sock:/var/run/docker.sock:ro - -networks: - internal: - name: internal - driver: bridge - ipam: - config: - - subnet: 172.18.0.0/16 - -volumes: - letsencrypt: diff --git a/hosts/ps10rp/blocky/compose.yaml b/hosts/ps10rp/blocky/compose.yaml deleted file mode 100644 index c4d159744..000000000 --- a/hosts/ps10rp/blocky/compose.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -services: - tailscale-blocky: - image: ghcr.io/tailscale/tailscale:v1.90.8 - container_name: tailscale-blocky - cap_add: - - net_admin - - sys_module - environment: - - TS_STATE_DIR=/var/lib/tailscale - - TS_ENABLE_METRICS=true - - TS_HOSTNAME=blocky-ps10rp - network_mode: service:blocky - restart: always - volumes: - - tailscale:/var/lib/tailscale - devices: - - /dev/net/tun:/dev/net/tun - - blocky: - image: ghcr.io/0xerr0r/blocky:v0.28.2 - container_name: blocky - environment: - - TZ=America/Chicago - ports: - - 0.0.0.0:53:53/tcp - - 0.0.0.0:53:53/udp - restart: always - volumes: - - ./config.yml:/app/config.yml - -volumes: - tailscale: diff --git a/hosts/ps10rp/blocky/config.yml b/hosts/ps10rp/blocky/config.yml deleted file mode 100644 index 7df0eee27..000000000 --- a/hosts/ps10rp/blocky/config.yml +++ /dev/null @@ -1,174 +0,0 @@ -upstreams: - init: - strategy: fast - groups: - default: - - tcp-tls:1.1.1.1:853 - - tcp-tls:1.0.0.1:853 - strategy: parallel_best - timeout: 2s - -connectIPVersion: v4 - -customDNS: - filterUnmappedTypes: false - zone: | - $ORIGIN lebens-home.net. - $TTL 86400 - - ;; Name Server - IN NS patryk.ns.cloudflare.com. - IN NS veda.ns.cloudflare.com. - IN NS dns1. - - dns1 IN A 192.168.5.41 - - - ;; Computer Names - nw02un IN A 192.168.5.1 - - ps10rp IN A 192.168.5.41 ; PiBox - - pd05wd IN A 192.168.5.64 ; Desktop - pl02mc IN A 192.168.5.249 ; Laptop - - dv03pr IN A 192.168.5.27 ; 3D Printer - - - ;; Common Names - unifi IN CNAME nw02un - cockpit-ps10rp IN CNAME ps10rp - printer IN CNAME dv03pr - - - ;; Application Names - traefik-ps10rp IN CNAME ps10rp - garage-ui IN CNAME ps10rp - gitea IN CNAME ps10rp - www IN CNAME ps10rp - homepage IN CNAME ps10rp - -blocking: - denylists: - sus: - - https://v.firebog.net/hosts/static/w3kbl.txt - ads: - - https://v.firebog.net/hosts/AdguardDNS.txt - - https://v.firebog.net/hosts/Admiral.txt - - https://v.firebog.net/hosts/Easylist.txt - - https://adaway.org/hosts.txt - priv: - - https://v.firebog.net/hosts/Easyprivacy.txt - - https://v.firebog.net/hosts/Prigent-Ads.txt - mal: - - https://v.firebog.net/hosts/Prigent-Crypto.txt - - https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt - pro: - - https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/pro.txt - allowlists: - sus: - - | - hulu.com - *.hulu.com - *.hulustream.com - ads-[a-z]+-darwin.hulustream.com - assetshuluimcom-a.akamaihd.net - cws.conviva.com - hulu.hb-api.omtrdc.net - assets.huluim.com - hulu.com.akadns.net. - ads: - - | - hulu.com - *.hulu.com - *.hulustream.com - ads-[a-z]+-darwin.hulustream.com - assetshuluimcom-a.akamaihd.net - cws.conviva.com - hulu.hb-api.omtrdc.net - assets.huluim.com - hulu.com.akadns.net. - priv: - - | - hulu.com - *.hulu.com - *.hulustream.com - ads-[a-z]+-darwin.hulustream.com - assetshuluimcom-a.akamaihd.net - cws.conviva.com - hulu.hb-api.omtrdc.net - assets.huluim.com - hulu.com.akadns.net. - mal: - - | - hulu.com - *.hulu.com - *.hulustream.com - ads-[a-z]+-darwin.hulustream.com - assetshuluimcom-a.akamaihd.net - cws.conviva.com - hulu.hb-api.omtrdc.net - assets.huluim.com - hulu.com.akadns.net. - pro: - - | - hulu.com - *.hulu.com - *.hulustream.com - ads-[a-z]+-darwin.hulustream.com - assetshuluimcom-a.akamaihd.net - cws.conviva.com - hulu.hb-api.omtrdc.net - assets.huluim.com - hulu.com.akadns.net. - clientGroupsBlock: - default: - - sus - - ads - - priv - - mal - - pro - blockType: zeroIp - blockTTL: 1m - loading: - refreshPeriod: 24h - downloads: - timeout: 60s - attempts: 5 - cooldown: 10s - concurrency: 16 - strategy: fast - maxErrorsPerSource: 5 - -caching: - minTime: 5m - maxTime: 30m - maxItemsCount: 0 - prefetching: true - prefetchExpires: 2h - prefetchThreshold: 5 - prefetchMaxItemsCount: 0 - cacheTimeNegative: 30m - -prometheus: - enable: true - path: /metrics - -queryLog: - type: console - logRetentionDays: 7 - creationAttempts: 1 - creationCooldown: 2s - flushInterval: 30s - -minTlsServeVersion: 1.3 - -ports: - dns: 53 - http: 4000 - -log: - level: info - format: text - timestamp: true - privacy: true diff --git a/hosts/ps10rp/cloudflare-ddns/compose.yaml b/hosts/ps10rp/cloudflare-ddns/compose.yaml deleted file mode 100644 index 144c5308e..000000000 --- a/hosts/ps10rp/cloudflare-ddns/compose.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -services: - cloudflare-ddns: - image: favonia/cloudflare-ddns:1.15.1 - container_name: cloudflare-ddns - cap_drop: - - all - read_only: true - security_opt: - - no-new-privileges:true - env_file: - - .env - environment: - - DOMAINS=lebens-home.net - - PROXIED=true - restart: always diff --git a/hosts/ps10rp/garage/compose.yaml b/hosts/ps10rp/garage/compose.yaml deleted file mode 100644 index f7be8fc24..000000000 --- a/hosts/ps10rp/garage/compose.yaml +++ /dev/null @@ -1,86 +0,0 @@ -services: - tailscale-garage: - image: ghcr.io/tailscale/tailscale:v1.90.8 - container_name: tailscale-garage - cap_add: - - net_admin - - sys_module - environment: - - TS_STATE_DIR=/var/lib/tailscale - - TS_ENABLE_METRICS=true - - TS_HOSTNAME=garage-ps10rp - - TS_SERVE_CONFIG=/config/serve.json - restart: always - networks: - internal: null - volumes: - - tailscale:/var/lib/tailscale - - ${PWD}/serve.json:/config/serve.json:ro - devices: - - /dev/net/tun:/dev/net/tun - - tailscale-garage-ui: - image: ghcr.io/tailscale/tailscale:v1.90.8 - container_name: tailscale-garage-ui - cap_add: - - net_admin - - sys_module - environment: - - TS_STATE_DIR=/var/lib/tailscale - - TS_ENABLE_METRICS=true - - TS_HOSTNAME=garage-ui-ps10rp - - TS_SERVE_CONFIG=/config/serve.json - restart: always - network_mode: service:garage-ui - volumes: - - tailscale-ui:/var/lib/tailscale - - ${PWD}/serve-ui.json:/config/serve.json:ro - devices: - - /dev/net/tun:/dev/net/tun - - garage: - image: dxflrs/garage:v2.1.0 - container_name: garage - env_file: - - .env - environment: - RUST_LOG: trace - restart: always - networks: - internal: null - volumes: - - ${PWD}/garage.toml:/etc/garage.toml:ro - - meta:/var/lib/garage/meta - - data:/var/lib/garage/data - - garage-ui: - image: khairul169/garage-webui:1.1.0 - container_name: garage-ui - env_file: - - .env - environment: - API_BASE_URL: "http://garage:3903" - S3_ENDPOINT_URL: "http://garage:3900" - labels: - traefik.enable: true - traefik.docker.network: internal - traefik.http.routers.garage-webui.entrypoints: web-secure - traefik.http.routers.garage-webui.rule: Host(`garage-ui.lebens-home.net`) - traefik.http.routers.garage-webui.service: garage-webui - traefik.http.services.garage-webui.loadbalancer.server.port: 3009 - restart: always - networks: - internal: null - volumes: - - ${PWD}/garage.toml:/etc/garage.toml:ro - -networks: - internal: - name: internal - external: true - -volumes: - tailscale: - tailscale-ui: - meta: - data: diff --git a/hosts/ps10rp/garage/garage.toml b/hosts/ps10rp/garage/garage.toml deleted file mode 100644 index 55e092eff..000000000 --- a/hosts/ps10rp/garage/garage.toml +++ /dev/null @@ -1,25 +0,0 @@ -replication_factor = 1 - -metadata_dir = "/var/lib/garage/meta" -data_dir = "/var/lib/garage/data" - -db_engine = "sqlite" - -compression_level = 3 - -rpc_bind_addr = "[::]:3901" -rpc_public_addr = "127.0.0.1:3901" - -allow_world_readable_secrets = false - -[s3_api] -s3_region = "us-east-1" -api_bind_addr = "[::]:3900" -root_domain = ".garage-ps10rp.boreal-beaufort.ts.net" - -[s3_web] -bind_addr = "[::]:3902" -root_domain = ".garage-ps10rp.boreal-beaufort.ts.net" - -[admin] -api_bind_addr = "[::]:3903" diff --git a/hosts/ps10rp/garage/serve-ui.json b/hosts/ps10rp/garage/serve-ui.json deleted file mode 100644 index dd88d23ae..000000000 --- a/hosts/ps10rp/garage/serve-ui.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "TCP": { - "443": { - "HTTPS": true - } - }, - "Web": { - "${TS_CERT_DOMAIN}:443": { - "Handlers": { - "/": { - "Proxy": "http://127.0.0.1:3909" - } - } - } - } -} diff --git a/hosts/ps10rp/garage/serve.json b/hosts/ps10rp/garage/serve.json deleted file mode 100644 index ab13674f1..000000000 --- a/hosts/ps10rp/garage/serve.json +++ /dev/null @@ -1,46 +0,0 @@ -{ - "TCP": { - "3900": { - "HTTPS": true - }, - "3901": { - "HTTPS": true - }, - "3902": { - "HTTPS": true - }, - "3903": { - "HTTPS": true - } - }, - "Web": { - "${TS_CERT_DOMAIN}:3900": { - "Handlers": { - "/": { - "Proxy": "http://garage:3900" - } - } - }, - "${TS_CERT_DOMAIN}:3901": { - "Handlers": { - "/": { - "Proxy": "http://garage:3901" - } - } - }, - "${TS_CERT_DOMAIN}:3902": { - "Handlers": { - "/": { - "Proxy": "http://garage:3902" - } - } - }, - "${TS_CERT_DOMAIN}:3903": { - "Handlers": { - "/": { - "Proxy": "http://garage:3903" - } - } - } - } -} diff --git a/hosts/ps10rp/gitea/compose.yaml b/hosts/ps10rp/gitea/compose.yaml deleted file mode 100644 index d31cd3fa8..000000000 --- a/hosts/ps10rp/gitea/compose.yaml +++ /dev/null @@ -1,68 +0,0 @@ -services: - tailscale-gitea: - image: ghcr.io/tailscale/tailscale:v1.90.8 - container_name: tailscale-gitea - cap_add: - - net_admin - - sys_module - environment: - - TS_STATE_DIR=/var/lib/tailscale - - TS_ENABLE_METRICS=true - - TS_HOSTNAME=gitea-ps10rp - - TS_SERVE_CONFIG=/config/serve.json - network_mode: service:gitea - restart: always - volumes: - - tailscale:/var/lib/tailscale - - ${PWD}/serve.json:/config/serve.json - devices: - - /dev/net/tun:/dev/net/tun - - postgresql: - image: docker.io/postgres:17.7-alpine3.21 - container_name: gitea-postgres - env_file: - - .env - environment: - - POSTGRES_USER=gitea - - POSTGRES_DB=gitea - networks: - internal: null - restart: always - volumes: - - postgresql:/var/lib/postgresql/data - - gitea: - image: gitea/gitea:1.25.2 - container_name: gitea - depends_on: - - postgresql - environment: - - GITEA__database__DB_TYPE=postgres - - GITEA__database__HOST=gitea-postgres:5432 - - GITEA__database__NAME=gitea - - GITEA__database__USER=gitea - labels: - traefik.enable: true - traefik.docker.network: internal - traefik.http.routers.gitea.entrypoints: web-secure - traefik.http.routers.gitea.rule: Host(`gitea.lebens-home.net`) - traefik.http.routers.gitea.service: gitea - traefik.http.services.gitea.loadbalancer.server.port: 3000 - networks: - internal: null - restart: always - volumes: - - gitea:/data - - /etc/timezone:/etc/timezone:ro - - /etc/localtime:/etc/localtime:ro - -networks: - internal: - name: internal - external: true - -volumes: - tailscale: - postgresql: - gitea: diff --git a/hosts/ps10rp/gitea/serve.json b/hosts/ps10rp/gitea/serve.json deleted file mode 100644 index f713acce2..000000000 --- a/hosts/ps10rp/gitea/serve.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "TCP": { - "443": { - "HTTPS": true - } - }, - "Web": { - "${TS_CERT_DOMAIN}:443": { - "Handlers": { - "/": { - "Proxy": "http://127.0.0.1:3000" - } - } - } - } -} diff --git a/hosts/ps10rp/homepage/compose.yaml b/hosts/ps10rp/homepage/compose.yaml deleted file mode 100644 index a081c44de..000000000 --- a/hosts/ps10rp/homepage/compose.yaml +++ /dev/null @@ -1,58 +0,0 @@ ---- -services: - tailscale-homepage: - image: ghcr.io/tailscale/tailscale:v1.90.8 - container_name: tailscale-homepage - cap_add: - - net_admin - - sys_module - environment: - - TS_STATE_DIR=/var/lib/tailscale - - TS_ENABLE_METRICS=true - - TS_HOSTNAME=home-ps10rp - - TS_SERVE_CONFIG=/config/serve.json - network_mode: service:homepage - restart: always - volumes: - - tailscale:/var/lib/tailscale - - ${PWD}/serve.json:/config/serve.json - devices: - - /dev/net/tun:/dev/net/tun - - dockerproxy: - image: ghcr.io/tecnativa/docker-socket-proxy:v0.4.1 - container_name: homepage-dockerproxy - environment: - - CONTAINERS=1 - - POST=0 - network_mode: service:homepage - privileged: true - restart: always - volumes: - - /var/run/docker.sock:/var/run/docker.sock:ro - - homepage: - image: ghcr.io/gethomepage/homepage:v1.7.0 - container_name: homepage - labels: - traefik.enable: true - traefik.docker.network: internal - traefik.http.routers.homepage.entrypoints: web-secure - traefik.http.routers.homepage.rule: Host(`www.lebens-home.net`) - traefik.http.routers.homepage.service: homepage - traefik.http.services.homepage.loadbalancer.server.port: 3000 - environment: - - HOMEPAGE_ALLOWED_HOSTS=www.lebens-home.net - networks: - internal: null - restart: always - volumes: - - ${PWD}/homepage_config:/app/config - -networks: - internal: - name: internal - external: true - -volumes: - tailscale: diff --git a/hosts/ps10rp/homepage/homepage_config/bookmarks.yaml b/hosts/ps10rp/homepage/homepage_config/bookmarks.yaml deleted file mode 100644 index 032e3bf1e..000000000 --- a/hosts/ps10rp/homepage/homepage_config/bookmarks.yaml +++ /dev/null @@ -1,4 +0,0 @@ -- Bookmarks: - - Midco: - - abbr: MC - href: https://www.midco.com/ diff --git a/hosts/ps10rp/homepage/homepage_config/docker.yaml b/hosts/ps10rp/homepage/homepage_config/docker.yaml deleted file mode 100644 index 6678ada15..000000000 --- a/hosts/ps10rp/homepage/homepage_config/docker.yaml +++ /dev/null @@ -1,3 +0,0 @@ -ps10rp-docker: - host: localhost - port: 2375 diff --git a/hosts/ps10rp/homepage/homepage_config/services.yaml b/hosts/ps10rp/homepage/homepage_config/services.yaml deleted file mode 100644 index 9541b8bc9..000000000 --- a/hosts/ps10rp/homepage/homepage_config/services.yaml +++ /dev/null @@ -1,46 +0,0 @@ -- Applications: - - Plex: - icon: sh-plex.svg - href: https://app.plex.tv - description: Media server - - Code Repository: - icon: sh-gitea.svg - description: Gitea - href: https://gitea.lebens-home.net - siteMonitor: https://gitea.lebens-home.net - statusStyle: dot - server: ps10rp-docker - container: gitea - - 3D Printer: - icon: sh-mainsail.svg - description: K1C Mainsail - href: http://printer.lebens-home.net - siteMonitor: http://printer.lebens-home.net - statusStyle: dot -- Services: - - Auth (OIDC): - icon: sh-authentik.svg - description: Authentik - href: https://auth.alexlebens.dev - siteMonitor: https://auth.alexlebens.dev - statusStyle: dot - - Reverse Proxy: - icon: sh-traefik.svg - description: Traefik - href: https://traefik-ps10rp.lebens-home.net/dashboard/#/ - siteMonitor: https://traefik-ps10rp.lebens-home.net/dashboard/#/ - statusStyle: dot - server: ps10rp-docker - container: traefik - - Host Management: - icon: sh-cockpit-light.svg - description: Cockpit - href: https://cockpit-ps10rp.lebens-home.net:9090 - siteMonitor: https://cockpit-ps10rp.lebens-home.net:9090 - statusStyle: dot - - Network Management: - icon: sh-ubiquiti-unifi.svg - description: Unifi - href: https://unifi.lebens-home.net - siteMonitor: https://unifi.lebens-home.net - statusStyle: dot diff --git a/hosts/ps10rp/homepage/homepage_config/settings.yaml b/hosts/ps10rp/homepage/homepage_config/settings.yaml deleted file mode 100644 index b176470ad..000000000 --- a/hosts/ps10rp/homepage/homepage_config/settings.yaml +++ /dev/null @@ -1,9 +0,0 @@ -favicon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/icon_white.png -headerStyle: clean -hideVersion: true -color: zinc -background: - image: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/background.jpg - brightness: 50 -theme: dark -disableCollapse: true diff --git a/hosts/ps10rp/homepage/homepage_config/widgets.yaml b/hosts/ps10rp/homepage/homepage_config/widgets.yaml deleted file mode 100644 index f62fcf786..000000000 --- a/hosts/ps10rp/homepage/homepage_config/widgets.yaml +++ /dev/null @@ -1,14 +0,0 @@ -- logo: - icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/icon_white.png -- datetime: - text_size: xl - format: - dateStyle: long - timeStyle: short - hour12: true -- openmeteo: - label: Stacy - latitude: 45.398 - longitude: -92.9874 - units: imperial - cache: 5 diff --git a/hosts/ps10rp/homepage/serve.json b/hosts/ps10rp/homepage/serve.json deleted file mode 100644 index f713acce2..000000000 --- a/hosts/ps10rp/homepage/serve.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "TCP": { - "443": { - "HTTPS": true - } - }, - "Web": { - "${TS_CERT_DOMAIN}:443": { - "Handlers": { - "/": { - "Proxy": "http://127.0.0.1:3000" - } - } - } - } -} diff --git a/hosts/ps10rp/isponsorblocktv/compose.yaml b/hosts/ps10rp/isponsorblocktv/compose.yaml deleted file mode 100644 index 1d4ee8116..000000000 --- a/hosts/ps10rp/isponsorblocktv/compose.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -services: - isponsorblocktv: - image: ghcr.io/dmunozv04/isponsorblocktv:v2.6 - container_name: isponsorblocktv - environment: - - TZ=America/Chicago - restart: always - volumes: - - ./config.json:/app/data/config.json diff --git a/hosts/ps10rp/isponsorblocktv/config.json b/hosts/ps10rp/isponsorblocktv/config.json deleted file mode 100644 index 6a5bb7cbb..000000000 --- a/hosts/ps10rp/isponsorblocktv/config.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "devices": [ - { - "screen_id": "", - "name": "Samsung TV", - "offset": 0 - } - ], - "apikey": "", - "skip_categories": ["sponsor"], - "channel_whitelist": [], - "skip_count_tracking": false, - "mute_ads": true, - "skip_ads": true, - "minimum_skip_length": 1, - "auto_play": true, - "join_name": "iSponsorBlockTV", - "use_proxy": false -} diff --git a/hosts/ps10rp/komodo-periphery/.komodo-env b/hosts/ps10rp/komodo-periphery/.komodo-env deleted file mode 100644 index e8adddce9..000000000 --- a/hosts/ps10rp/komodo-periphery/.komodo-env +++ /dev/null @@ -1 +0,0 @@ -PERIPHERY_PASSKEYS="" diff --git a/hosts/ps10rp/komodo-periphery/.ts-env b/hosts/ps10rp/komodo-periphery/.ts-env deleted file mode 100644 index 4c297bf5a..000000000 --- a/hosts/ps10rp/komodo-periphery/.ts-env +++ /dev/null @@ -1 +0,0 @@ -TS_AUTHKEY="" diff --git a/hosts/ps10rp/komodo-periphery/compose.yaml b/hosts/ps10rp/komodo-periphery/compose.yaml deleted file mode 100644 index b51357a1c..000000000 --- a/hosts/ps10rp/komodo-periphery/compose.yaml +++ /dev/null @@ -1,58 +0,0 @@ ---- -services: - tailscale-komodo-periphery: - image: ghcr.io/tailscale/tailscale:latest - container_name: tailscale-komodo-periphery - cap_add: - - net_admin - - sys_module - environment: - - TS_STATE_DIR=/var/lib/tailscale - - TS_ENABLE_METRICS=true - - TS_HOSTNAME=komodo-periphery-ps10rp - env_file: - - .ts-env - labels: - - "com.centurylinklabs.watchtower.scope=komodo" - network_mode: service:komodo-periphery - restart: always - volumes: - - tailscale:/var/lib/tailscale - devices: - - /dev/net/tun:/dev/net/tun - - watchtower: - image: ghcr.io/containrrr/watchtower:latest - container_name: komodo-periphery-watchtower - command: --scope komodo - environment: - - TZ=America/Chicago - - WATCHTOWER_HTTP_API_METRICS=true - - WATCHTOWER_HTTP_API_TOKEN=token - - WATCHTOWER_CLEANUP=true - - WATCHTOWER_POLL_INTERVAL=3600 - labels: - - "com.centurylinklabs.watchtower.scope=komodo" - network_mode: service:komodo-periphery - restart: always - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - komodo-periphery: - image: ghcr.io/moghtech/komodo-periphery:latest - container_name: komodo-periphery - env_file: - - .env - environment: - - TZ=America/Chicago - labels: - - "com.centurylinklabs.watchtower.scope=komodo" - restart: always - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - /proc:/proc - - /mnt/data/komodo/repos:/etc/komodo/repos - - /mnt/data/komodo/stacks:/etc/komodo/stacks - -volumes: - tailscale: diff --git a/hosts/ps10rp/node-exporter/compose.yaml b/hosts/ps10rp/node-exporter/compose.yaml deleted file mode 100644 index e7e9bac2e..000000000 --- a/hosts/ps10rp/node-exporter/compose.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -services: - tailscale-node-exporter: - image: ghcr.io/tailscale/tailscale:v1.90.8 - container_name: tailscale-node-exporter - cap_add: - - net_admin - - sys_module - environment: - - TS_STATE_DIR=/var/lib/tailscale - - TS_ENABLE_METRICS=true - - TS_HOSTNAME=node-exporter-ps10rp - - TS_SERVE_CONFIG=/config/serve.json - network_mode: service:node-exporter - restart: always - volumes: - - tailscale:/var/lib/tailscale - - ${PWD}/serve.json:/config/serve.json - devices: - - /dev/net/tun:/dev/net/tun - - node-exporter: - image: quay.io/prometheus/node-exporter:v1.10.2 - container_name: node-exporter - command: - - '--path.rootfs=/rootfs' - pid: host - restart: always - volumes: - - /:/rootfs:ro - -volumes: - tailscale: diff --git a/hosts/ps10rp/node-exporter/serve.json b/hosts/ps10rp/node-exporter/serve.json deleted file mode 100644 index 67bbdd884..000000000 --- a/hosts/ps10rp/node-exporter/serve.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "TCP": { - "443": { - "HTTPS": true - } - }, - "Web": { - "${TS_CERT_DOMAIN}:443": { - "Handlers": { - "/": { - "Proxy": "http://127.0.0.1:9100" - } - } - } - } -} diff --git a/hosts/ps10rp/tailscale-subnet/compose.yaml b/hosts/ps10rp/tailscale-subnet/compose.yaml deleted file mode 100644 index fd9724084..000000000 --- a/hosts/ps10rp/tailscale-subnet/compose.yaml +++ /dev/null @@ -1,24 +0,0 @@ ---- -services: - tailscale: - image: ghcr.io/tailscale/tailscale:v1.90.8 - container_name: tailscale-subnet - cap_add: - - net_admin - - sys_module - environment: - - TS_STATE_DIR=/var/lib/tailscale - - TS_ENABLE_METRICS=true - - TS_HOSTNAME=subnet-router-local-ps10rp - - TS_ROUTES=192.168.5.0/24 - - TS_EXTRA_ARGS=--stateful-filtering=false --snat-subnet-routes=false - network_mode: host - privileged: true - restart: always - volumes: - - tailscale:/var/lib/tailscale - devices: - - /dev/net/tun:/dev/net/tun - -volumes: - tailscale: diff --git a/hosts/ps10rp/traefik/compose.yaml b/hosts/ps10rp/traefik/compose.yaml deleted file mode 100644 index 0689bf31a..000000000 --- a/hosts/ps10rp/traefik/compose.yaml +++ /dev/null @@ -1,88 +0,0 @@ ---- -services: - tailscale-traefik: - image: ghcr.io/tailscale/tailscale:v1.90.8 - container_name: tailscale-traefik - cap_add: - - net_admin - - sys_module - environment: - - TS_STATE_DIR=/var/lib/tailscale - - TS_ENABLE_METRICS=true - - TS_HOSTNAME=traefik-ps10rp - # - TS_SERVE_CONFIG=/config/serve.json - network_mode: service:traefik - restart: always - volumes: - - tailscale:/var/lib/tailscale - - ${PWD}/serve.json:/config/serve.json - devices: - - /dev/net/tun:/dev/net/tun - - traefik: - image: ghcr.io/traefik/traefik:v3.6.2 - container_name: traefik - command: - - "--global.checkNewVersion=false" - - "--global.sendAnonymousUsage=false" - - "--api=true" - - "--api.insecure=false" - - "--api.dashboard=true" - - "--log.level=INFO" - - "--providers.docker=true" - - "--providers.docker.exposedbydefault=false" - - "--entryPoints.web.address=:80" - - "--entrypoints.web.http.redirections.entryPoint.to=web-secure" - - "--entrypoints.web.http.redirections.entryPoint.scheme=https" - - "--entryPoints.web-secure.address=:443" - - "--entryPoints.web-secure.http.tls.options=default" - - "--entryPoints.web-secure.http.tls.certResolver=cloudflare" - - "--entryPoints.web-secure.http.tls.domains[0].main=*.lebens-home.net" - - "--entryPoints.web-secure.http.tls.domains[0].sans[0]=lebens-home.net" - - "--entryPoints.traefik.address=:8080" - - "--entryPoints.metrics.address=:9100" - - "--certificatesresolvers.cloudflare.acme.dnschallenge=true" - - "--certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare" - - "--certificatesresolvers.cloudflare.acme.dnschallenge.delaybeforecheck=10" - - "--certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=1.1.1.1:53" - - "--certificatesresolvers.cloudflare.acme.email=alexanderlebens@gmail.com" - - "--certificatesresolvers.cloudflare.acme.storage=acme.json" - - "--metrics.prometheus=true" - - "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0" - - "--metrics.prometheus.addEntryPointsLabels=true" - - "--metrics.prometheus.addRoutersLabels=true" - - "--metrics.prometheus.addServicesLabels=true" - - "--metrics.prometheus.entryPoint=metrics" - - "--metrics.prometheus.manualRouting=true" - env_file: - - .env - environment: - - PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - labels: - traefik.enable: true - traefik.docker.network: internal - traefik.http.routers.dashboard.entrypoints: web-secure - traefik.http.routers.dashboard.rule: (Host(`traefik-ps10rp.lebens-home.net`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard/`))) - traefik.http.routers.dashboard.service: api@internal - networks: - internal: null - ports: - - 0.0.0.0:80:80 - - 0.0.0.0:443:443 - privileged: true - restart: always - volumes: - - letsencrypt:/letsencrypt - - /var/run/docker.sock:/var/run/docker.sock:ro - -networks: - internal: - name: internal - driver: bridge - ipam: - config: - - subnet: 172.24.0.0/16 - -volumes: - tailscale: - letsencrypt: diff --git a/hosts/ps10rp/traefik/serve.json b/hosts/ps10rp/traefik/serve.json deleted file mode 100644 index dabcdd9cb..000000000 --- a/hosts/ps10rp/traefik/serve.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "TCP": { - "443": { - "HTTPS": true - } - }, - "Web": { - "${TS_CERT_DOMAIN}:443": { - "Handlers": { - "/dashboard/": { - "Proxy": "http://127.0.0.1:8080" - }, - "/metrics": { - "Proxy": "http://127.0.0.1:9100" - } - } - } - } -} diff --git a/renovate.json b/renovate.json deleted file mode 100644 index e6d5b8f61..000000000 --- a/renovate.json +++ /dev/null @@ -1,99 +0,0 @@ -{ - "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "extends": [ - "config:recommended", - "mergeConfidence:all-badges", - ":rebaseStalePrs" - ], - "timezone": "US/Central", - "labels": [], - "prHourlyLimit": 0, - "prConcurrentLimit": 0, - "packageRules": [ - { - "description": "Label charts", - "matchDatasources": [ - "helm" - ], - "addLabels": [ - "chart" - ], - "automerge": false, - "minimumReleaseAge": "1 days" - }, - { - "description": "Automerge chart patches", - "matchUpdateTypes": [ - "patch" - ], - "matchDatasources": [ - "helm" - ], - "addLabels": [ - "chart", - "automerge" - ], - "automerge": true, - "minimumReleaseAge": "1 days" - }, - { - "description": "Label images", - "matchDatasources": [ - "docker" - ], - "addLabels": [ - "image" - ], - "automerge": false, - "minimumReleaseAge": "1 days" - }, - { - "description": "Automerge image patches", - "matchUpdateTypes": [ - "patch", - "digest" - ], - "matchDatasources": [ - "docker" - ], - "addLabels": [ - "image", - "automerge" - ], - "automerge": true, - "minimumReleaseAge": "1 days" - }, - { - "description": "Automerge image updates for certain applications", - "matchUpdateTypes": [ - "minor" - ], - "matchDatasources": [ - "docker" - ], - "matchPackageNames": [ - "clidey/whodb", - "eigenfocus/eigenfocus", - "ghcr.io/advplyr/audiobookshelf", - "ghcr.io/gethomepage/homepage", - "ghcr.io/gitroomhq/postiz-app", - "ghcr.io/linuxserver/bazarr", - "ghcr.io/linuxserver/code-server", - "ghcr.io/linuxserver/lidarr", - "ghcr.io/linuxserver/plex", - "ghcr.io/linuxserver/prowlarr", - "ghcr.io/linuxserver/radarr", - "ghcr.io/linuxserver/sonarr", - "ghcr.io/n8n-io/n8n", - "ghcr.io/prometheus-community/charts/kube-prometheus-stack", - "vectorim/element-web" - ], - "addLabels": [ - "image", - "automerge" - ], - "automerge": true, - "minimumReleaseAge": "2 days" - } - ] -}