alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity

Compare commits

base: alexlebens:0a8c8e84f35be8f9326bea9d4dfdc887d9fd9377
Branches Tags
alexlebens:main alexlebens:renovate/unified-cilium alexlebens:manifests
..
compare: alexlebens:main
Branches Tags
alexlebens:renovate/unified-cilium alexlebens:manifests alexlebens:main

84 Commits
0a8c8e84f3 ... main

Author SHA1 Message Date
Alex Lebens
3e35d49de8 ci: reconfigure
All checks were successful
renovate / renovate (push) Successful in 1m50s
Details
2026-04-08 20:50:04 -05:00
Alex Lebens
e942156c0a ci: reconfigure
All checks were successful
lint-test-helm / lint-helm (push) Successful in 32s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 3m0s
Details
2026-04-08 20:43:50 -05:00
Alex Lebens
46e92a4ad8 ci: reconfigure
All checks were successful
renovate / renovate (push) Successful in 2m11s
Details
2026-04-08 20:30:33 -05:00
Alex Lebens
183ebad9d8 ci: reconfigure
All checks were successful
renovate / renovate (push) Successful in 2m36s
Details
2026-04-08 20:21:24 -05:00
Alex Lebens
3de0bb2b98 ci: reconfigure
Some checks failed
renovate / renovate (push) Has been cancelled
Details
2026-04-08 20:19:47 -05:00
Alex Lebens
6698294425 Merge pull request 'feat: add kyoo' (#5752) from tmp/kyoo into main
Some checks failed
lint-test-docker / lint-docker-compose (push) Failing after 6s
Details
lint-test-helm / lint-helm (push) Failing after 6s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 3m10s
Details 
Reviewed-on: #5752
 2026-04-09 01:02:24 +00:00
Alex Lebens
488d90fd35 feat: add kyoo
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 40s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 45s
Details
lint-test-docker / lint-docker-compose (pull_request) Successful in 1m33s
Details
render-manifests / render-manifests (pull_request) Successful in 1m7s
Details
2026-04-08 19:54:19 -05:00
Alex Lebens
8c7e258f6b Merge pull request 'feat: remove dep-track' (#5750) from tmp/remove-dep into main
Some checks failed
lint-test-docker / lint-docker-compose (push) Failing after 8s
Details
lint-test-helm / lint-helm (push) Successful in 22s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 4m57s
Details 
Reviewed-on: #5750
 2026-04-08 23:46:26 +00:00
Alex Lebens
83c65561b4 feat: remove dep-track 2026-04-08 23:46:26 +00:00
Alex Lebens
9bb8ab477b Merge pull request 'chore(deps): update ghcr.io/linuxserver/code-server docker tag to v4.115.0-ls331' (#5749) from renovate/unified-code-server into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 1m5s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 1m48s
Details 
Reviewed-on: #5749
 2026-04-08 23:27:52 +00:00
Renovate Bot
883e405c83 chore(deps): update ghcr.io/linuxserver/code-server docker tag to v4.115.0-ls331
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 37s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 17s
Details
render-manifests / render-manifests (pull_request) Successful in 1m1s
Details
2026-04-08 23:02:41 +00:00
Alex Lebens
37617c753b Merge pull request 'chore(deps): update helm release argo-cd to v9.5.0' (#5747) from renovate/unified-argo-cd into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 33s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 2m28s
Details 
Reviewed-on: #5747
 2026-04-08 22:10:30 +00:00
Renovate Bot
5db199efa0 chore(deps): update helm release argo-cd to v9.5.0
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 31s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 25s
Details
render-manifests / render-manifests (pull_request) Successful in 2m33s
Details
2026-04-08 22:05:53 +00:00
Renovate Bot
bf12e74989 Merge pull request 'chore(deps): update elasticsearch docker tag to v9.3.3' (#5746) from renovate/unified-elasticsearch into main
All checks were successful
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 3m15s
Details
lint-test-helm / lint-helm (push) Successful in 17s
Details
2026-04-08 22:02:55 +00:00
Renovate Bot
8ce151be79 chore(deps): update elasticsearch docker tag to v9.3.3
Some checks failed
renovate/stability-days Updates have not met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 25s
Details
render-manifests / render-manifests (pull_request) Failing after 6s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 35s
Details
2026-04-08 22:02:29 +00:00
Renovate Bot
55835216d2 Merge pull request 'chore(deps): update ghcr.io/renovatebot/renovate docker tag to v43.110.4' (#5744) from renovate/unified-renovate into main
All checks were successful
renovate / renovate (push) Successful in 2m46s
Details
2026-04-08 21:03:06 +00:00
Renovate Bot
c870f974fb chore(deps): update ghcr.io/renovatebot/renovate docker tag to v43.110.4 2026-04-08 21:03:06 +00:00
Renovate Bot
305731cbf3 Merge pull request 'chore(deps): update ghcr.io/autobrr/qui docker tag to v1.16.1' (#5743) from renovate/unified-qui into main
Some checks failed
renovate / renovate (push) Has been cancelled
Details
lint-test-helm / lint-helm (push) Successful in 58s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
2026-04-08 21:02:45 +00:00
Renovate Bot
5382dfb4c0 chore(deps): update ghcr.io/autobrr/qui docker tag to v1.16.1
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 35s
Details
render-manifests / render-manifests (pull_request) Successful in 1m19s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 55s
Details
2026-04-08 21:02:23 +00:00
Alex Lebens
4c84a9fcd6 Merge pull request 'chore(deps): update elasticsearch docker tag to v9' (#5641) from renovate/major-unified-elasticsearch into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 23s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 2m44s
Details 
Reviewed-on: #5641
 2026-04-08 19:34:12 +00:00
Renovate Bot
e5c8a5d3e2 chore(deps): update elasticsearch docker tag to v9
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 22s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 29s
Details
render-manifests / render-manifests (pull_request) Successful in 45s
Details
2026-04-08 19:07:11 +00:00
Renovate Bot
db21a7b6c5 Merge pull request 'chore(deps): update kube-prometheus-stack docker tag to v83.2.0' (#5738) from renovate/unified-kube-prometheus-stack into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 25s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 2m35s
Details
2026-04-08 19:04:25 +00:00
Renovate Bot
33c34c77f8 chore(deps): update kube-prometheus-stack docker tag to v83.2.0 2026-04-08 19:04:25 +00:00
Renovate Bot
4afb944cf2 Merge pull request 'chore(deps): update helm release temporal to v1.0.0' (#5736) from renovate/unified-temporal into main
Some checks failed
lint-test-helm / validate-kubeconform (push) Has been cancelled
Details
lint-test-helm / lint-helm (push) Has been cancelled
Details
renovate / renovate (push) Has been cancelled
Details
2026-04-08 19:03:48 +00:00
Renovate Bot
88d44afed6 chore(deps): update helm release temporal to v1.0.0 2026-04-08 19:03:48 +00:00
Renovate Bot
0cbce3e010 Merge pull request 'chore(deps): update helm release matrix-synapse to v3.12.25' (#5735) from renovate/unified-matrix-synapse into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 24s
Details
lint-test-helm / validate-kubeconform (push) Has been cancelled
Details
renovate / renovate (push) Has been cancelled
Details
2026-04-08 19:03:20 +00:00
Renovate Bot
dd6c2592f0 chore(deps): update helm release matrix-synapse to v3.12.25 2026-04-08 19:03:20 +00:00
Renovate Bot
76e5f9808c Merge pull request 'chore(deps): update dependency ollama/ollama to v0.20.4' (#5734) from renovate/unified-ollama into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 21s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details
2026-04-08 19:02:34 +00:00
Renovate Bot
1e020b6182 chore(deps): update dependency ollama/ollama to v0.20.4
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
render-manifests / render-manifests (pull_request) Successful in 30s
Details
lint-test-helm / lint-helm (pull_request) Successful in 43s
Details
lint-test-helm / validate-kubeconform (pull_request) Has been skipped
Details
2026-04-08 19:02:18 +00:00
Alex Lebens
c045e62538 Merge pull request 'chore(deps): update plex to v1.43.1.10576-06378bdcd-ls300' (#5731) from renovate/unified-plex into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 20s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 3m58s
Details 
Reviewed-on: #5731
 2026-04-08 18:40:47 +00:00
Renovate Bot
7ace8403e4 chore(deps): update plex to v1.43.1.10576-06378bdcd-ls300
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 20s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 31s
Details
render-manifests / render-manifests (pull_request) Successful in 43s
Details
2026-04-08 18:00:22 +00:00
Renovate Bot
6164882d83 Merge pull request 'chore(deps): update element-web' (#5730) from renovate/unified-element-web into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 25s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 3m15s
Details
2026-04-08 17:57:47 +00:00
Renovate Bot
2a106cba50 chore(deps): update element-web
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 36s
Details
lint-test-helm / validate-kubeconform (pull_request) Has been skipped
Details
render-manifests / render-manifests (pull_request) Successful in 52s
Details
2026-04-08 17:57:32 +00:00
Alex Lebens
f055864eaa Merge pull request 'chore(deps): update postgres-cluster docker tag to v7.11.2' (#5284) from renovate/unified-postgres-cluster into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 21s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details 
Reviewed-on: #5284
 2026-04-08 17:51:02 +00:00
Renovate Bot
0bbd60d4ee chore(deps): update postgres-cluster docker tag to v7.11.2 2026-04-08 17:51:02 +00:00
Renovate Bot
699e29fefc Merge pull request 'chore(deps): update kube-prometheus-stack docker tag to v83.1.0' (#5727) from renovate/unified-kube-prometheus-stack into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 36s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 2m56s
Details
2026-04-08 17:26:42 +00:00
Renovate Bot
434f823d9e chore(deps): update kube-prometheus-stack docker tag to v83.1.0 2026-04-08 17:26:42 +00:00
Renovate Bot
cb27412d6f Merge pull request 'chore(deps): update ghcr.io/renovatebot/renovate docker tag to v43.110.3' (#5725) from renovate/unified-renovate into main
Some checks failed
renovate / renovate (push) Has been cancelled
Details
2026-04-08 17:26:08 +00:00
Renovate Bot
d8534c6c1d chore(deps): update ghcr.io/renovatebot/renovate docker tag to v43.110.3 2026-04-08 17:26:08 +00:00
Renovate Bot
f6a3505fd4 Merge pull request 'chore(deps): update seerr-chart docker tag to v3.4.1' (#5723) from renovate/unified-seerr-chart into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 23s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details
2026-04-08 17:25:15 +00:00
Renovate Bot
c5e41a6f74 chore(deps): update seerr-chart docker tag to v3.4.1 2026-04-08 17:25:15 +00:00
Renovate Bot
0529d6d419 Merge pull request 'chore(deps): update rclone to v1.73.4' (#5722) from renovate/unified-rclone into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 24s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details
2026-04-08 17:24:43 +00:00
Renovate Bot
0c1fd59b75 chore(deps): update rclone to v1.73.4
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 32s
Details
lint-test-helm / validate-kubeconform (pull_request) Has been skipped
Details
render-manifests / render-manifests (pull_request) Successful in 56s
Details
2026-04-08 17:24:17 +00:00
Alex Lebens
fb35354219 Merge pull request 'chore(deps): update ghcr.io/element-hq/synapse docker tag to v1.151.0' (#5720) from renovate/unified-synapse into main
Some checks failed
renovate / renovate (push) Failing after 5s
Details
lint-test-helm / lint-helm (push) Successful in 23s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details 
Reviewed-on: #5720
 2026-04-08 17:17:58 +00:00
Renovate Bot
5576a0b382 chore(deps): update ghcr.io/element-hq/synapse docker tag to v1.151.0 2026-04-08 17:17:58 +00:00
Alex Lebens
a28fc988b3 Merge pull request 'chore(deps): update tdarr to v2.68.01' (#5719) from renovate/unified-tdarr into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 22s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details 
Reviewed-on: #5719
 2026-04-08 17:16:05 +00:00
Renovate Bot
6fb72f493c chore(deps): update tdarr to v2.68.01 2026-04-08 17:16:05 +00:00
Alex Lebens
80bc455d75 Merge pull request 'chore(deps): update ghcr.io/tailscale/tailscale docker tag to v1.96.5' (#5718) from renovate/unified-tailscale into main
Some checks failed
lint-test-docker / lint-docker-compose (push) Successful in 42s
Details
renovate / renovate (push) Has been cancelled
Details 
Reviewed-on: #5718
 2026-04-08 17:14:55 +00:00
Renovate Bot
6b1d2a35a8 chore(deps): update ghcr.io/tailscale/tailscale docker tag to v1.96.5 2026-04-08 17:14:55 +00:00
Alex Lebens
cc7cd9a57e Merge pull request 'chore(deps): update harbor.alexlebens.net/images/site-documentation docker tag to v0.22.0' (#5715) from renovate/unified-site-documentation into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 36s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details 
Reviewed-on: #5715
 2026-04-08 17:13:51 +00:00
Renovate Bot
e0d450e79f chore(deps): update harbor.alexlebens.net/images/site-documentation docker tag to v0.22.0
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 30s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 33s
Details
render-manifests / render-manifests (pull_request) Successful in 1m0s
Details
2026-04-08 05:04:47 +00:00
Renovate Bot
4ad6904837 Merge pull request 'chore(deps): update ghcr.io/linuxserver/lidarr:3.1.2-nightly docker digest to 2b60273' (#5716) from renovate/unified-lidarr into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 23s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
render-manifests / render-manifests (push) Successful in 10m30s
Details
renovate / renovate (push) Successful in 2m17s
Details
2026-04-08 05:02:47 +00:00
Renovate Bot
988e6b21c1 chore(deps): update ghcr.io/linuxserver/lidarr:3.1.2-nightly docker digest to 2b60273
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 26s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 29s
Details
render-manifests / render-manifests (pull_request) Successful in 2m5s
Details
2026-04-08 05:02:30 +00:00
Renovate Bot
7b34b8901e Merge pull request 'chore(deps): update traefik to v3.6.13' (#5713) from renovate/unified-traefik into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 28s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
lint-test-docker / lint-docker-compose (push) Successful in 2m1s
Details
renovate / renovate (push) Successful in 2m17s
Details
2026-04-08 02:28:17 +00:00
Renovate Bot
32870a7213 chore(deps): update traefik to v3.6.13
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 24s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 23s
Details
render-manifests / render-manifests (pull_request) Successful in 53s
Details
lint-test-docker / lint-docker-compose (pull_request) Successful in 1m54s
Details
2026-04-08 02:27:41 +00:00
Alex Lebens
5b894cd50e Merge pull request 'feat: remove pdb' (#5711) from tmp/fix-2 into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 25s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details 
Reviewed-on: #5711
 2026-04-08 02:25:52 +00:00
Alex Lebens
3168925715 feat: remove pdb 2026-04-08 02:25:52 +00:00
Renovate Bot
050576d5a6 Merge pull request 'chore(deps): update helm release authentik to v2026.2.2' (#5710) from renovate/unified-authentik into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 23s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details
2026-04-08 02:23:45 +00:00
Renovate Bot
2de4d79c58 chore(deps): update helm release authentik to v2026.2.2
Some checks failed
renovate/stability-days Updates have not met minimum release age requirement
Details
render-manifests / render-manifests (pull_request) Failing after 5s
Details
lint-test-helm / lint-helm (pull_request) Successful in 22s
Details
lint-test-helm / validate-kubeconform (pull_request) Has been skipped
Details
2026-04-08 02:23:29 +00:00
Alex Lebens
0c6edbae28 Merge pull request 'tmp/fix-1' (#5708) from tmp/fix-1 into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 23s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details 
Reviewed-on: #5708
 2026-04-08 02:21:22 +00:00
Alex Lebens
f6b11e17e4 fix: add log env
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 23s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 19s
Details
render-manifests / render-manifests (pull_request) Successful in 38s
Details
2026-04-07 21:19:02 -05:00
Alex Lebens
7d36ea9c90 feat: change pod dis budget 2026-04-07 21:19:02 -05:00
Alex Lebens
0a7bbf21bd Merge pull request 'chore(deps): update valkey/valkey docker tag to v9.0.3' (#5285) from renovate/unified-valkey into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 24s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 2m21s
Details 
Reviewed-on: #5285
 2026-04-08 02:14:23 +00:00
Renovate Bot
5456428592 chore(deps): update valkey/valkey docker tag to v9.0.3
All checks were successful
renovate/stability-days Updates have met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 31s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 30s
Details
render-manifests / render-manifests (pull_request) Successful in 54s
Details
2026-04-08 02:11:03 +00:00
Alex Lebens
88ab17c2f3 Merge pull request 'feat: refactor apps' (#5705) from tmp/refactor-43 into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 44s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 5m9s
Details 
Reviewed-on: #5705
 2026-04-08 02:06:35 +00:00
Alex Lebens
cd0eefdbec feat: refactor apps
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 1m23s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 49s
Details
render-manifests / render-manifests (pull_request) Successful in 1m13s
Details
2026-04-07 21:03:04 -05:00
Alex Lebens
66cdec3eee Merge pull request 'feat: refactor apps' (#5703) from tmp/refactor-42 into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 36s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 8m53s
Details 
Reviewed-on: #5703
 2026-04-08 01:39:02 +00:00
Alex Lebens
2f8a695f04 fix: wrong sha 2026-04-08 01:39:02 +00:00
Alex Lebens
b024675f2e feat: refactor apps 2026-04-08 01:39:02 +00:00
Alex Lebens
1ce8f18df7 feat: refactor apps 2026-04-08 01:39:02 +00:00
Renovate Bot
6825615229 Merge pull request 'chore(deps): update ghcr.io/renovatebot/renovate docker tag to v43.109.1' (#5702) from renovate/unified-renovate into main
All checks were successful
renovate / renovate (push) Successful in 5m9s
Details
2026-04-08 01:04:00 +00:00
Renovate Bot
495cac7e10 chore(deps): update ghcr.io/renovatebot/renovate docker tag to v43.109.1
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
2026-04-08 01:03:28 +00:00
Alex Lebens
01dfc0cc67 Merge pull request 'feat: refactor apps' (#5700) from tmp/refactor-41 into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 44s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 5m17s
Details 
Reviewed-on: #5700
 2026-04-08 00:55:05 +00:00
Alex Lebens
e4f8996477 feat: refactor apps
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 2m52s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 6m32s
Details
render-manifests / render-manifests (pull_request) Successful in 4m3s
Details
2026-04-07 19:43:43 -05:00
Alex Lebens
309d087b66 Merge pull request 'chore(deps): update nginx docker tag to v1.29.8' (#5697) from renovate/unified-nginx into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 19s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 3m8s
Details 
Reviewed-on: #5697
 2026-04-07 23:54:20 +00:00
Renovate Bot
4b7fafbe88 chore(deps): update nginx docker tag to v1.29.8 2026-04-07 23:54:20 +00:00
Alex Lebens
aaef7d9783 Merge pull request 'chore(deps): update tailscale/tailscale docker tag to v1.96.5' (#5690) from renovate/unified-tailscale into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 33s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 2m44s
Details 
Reviewed-on: #5690
 2026-04-07 23:04:29 +00:00
Renovate Bot
10fa4e597f chore(deps): update tailscale/tailscale docker tag to v1.96.5
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 27s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 32s
Details
render-manifests / render-manifests (pull_request) Successful in 49s
Details
2026-04-07 23:02:34 +00:00
Alex Lebens
a6c035e52d Merge pull request 'chore(deps): update tailscale/k8s-operator docker tag to v1.96.5' (#5689) from renovate/unified-k8s-operator into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 21s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 3m23s
Details 
Reviewed-on: #5689
 2026-04-07 23:00:07 +00:00
Renovate Bot
bc58ca657d chore(deps): update tailscale/k8s-operator docker tag to v1.96.5
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 23s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 24s
Details
render-manifests / render-manifests (pull_request) Successful in 48s
Details
2026-04-07 22:55:21 +00:00
Alex Lebens
60b6ffe846 Merge pull request 'chore(deps): update tailscale/k8s-nameserver docker tag to v1.96.5' (#5688) from renovate/unified-k8s-nameserver into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 20s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 3m42s
Details 
Reviewed-on: #5688
 2026-04-07 22:52:18 +00:00
Renovate Bot
ffb4141e96 chore(deps): update tailscale/k8s-nameserver docker tag to v1.96.5 2026-04-07 22:52:18 +00:00
Alex Lebens
5fe26178b5 Merge pull request 'chore(deps): update helm release tailscale-operator to v1.96.5' (#5686) from renovate/unified-tailscale-operator into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 33s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details 
Reviewed-on: #5686
 2026-04-07 22:50:19 +00:00
Renovate Bot
72aaeb5a4d chore(deps): update helm release tailscale-operator to v1.96.5
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 23s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 20s
Details
render-manifests / render-manifests (pull_request) Successful in 47s
Details
2026-04-07 22:47:31 +00:00
107 changed files with 968 additions and 828 deletions
Expand all files Collapse all files

4
.gitea/workflows/render-manifests.yaml
View File

@@ -283,7 +283,7 @@ jobs:
echo ">> Formating rendered template ..." echo ">> Formating rendered template ..."
local TEMPLATE local TEMPLATE
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute") TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1,monitoring.coreos.com/v1")
# Format and split rendered template # Format and split rendered template
echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"' echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
@@ -314,7 +314,7 @@ jobs:
for DIR in ${RENDER_DIR}; do for DIR in ${RENDER_DIR}; do
echo "${DIR}" echo "${DIR}"
done | xargs -P 4 -I {} bash -c 'OUT=$(render_chart "$@" 2>&1); printf "%s\n" "$OUT"' _ {} done | xargs -P 5 -I {} bash -c 'OUT=$(render_chart "$@" 2>&1); printf "%s\n" "$OUT"' _ {}
echo "" echo ""
echo "----" echo "----"

2
.gitea/workflows/renovate.yaml
View File

@@ -13,7 +13,7 @@ on:
jobs: jobs:
renovate: renovate:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: ghcr.io/renovatebot/renovate:43.109.0@sha256:262d3c2d7e61da7a7eef61fdbdcf26d80cb0d13f65baaa99ace4163a4d56c0fa container: ghcr.io/renovatebot/renovate:43.110.4@sha256:7ad99abc53b30d3f6e34df88b3e2b2b75436bba9b290e90d367356526034496f
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

6
clusters/cl01tl/helm/argocd/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: argo-cd - name: argo-cd
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
version: 9.4.17 version: 9.5.0
digest: sha256:17752dbf03861cf70ee31c9a17373a5175656a2edd00ba5fcd3988a195147da8 digest: sha256:69daada0822f796cd49eeda2d9e39dd5c0c42bb61b6898af68123c8c49f25fa1
generated: "2026-03-28T01:51:34.832601868Z" generated: "2026-04-08T22:05:49.003208408Z"

2
clusters/cl01tl/helm/argocd/Chart.yaml
View File

@@ -13,7 +13,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: argo-cd - name: argo-cd
version: 9.4.17 version: 9.5.0
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-cd # renovate: datasource=github-releases depName=argoproj/argo-cd

50
clusters/cl01tl/helm/argocd/values.yaml
View File

@@ -48,31 +48,31 @@ argo-cd:
enabled: true enabled: true
rules: rules:
enabled: true enabled: true
spec: spec:
- alert: ArgoAppMissing - alert: ArgoAppMissing
expr: | expr: |
absent(argocd_app_info) == 1 absent(argocd_app_info) == 1
for: 15m for: 15m
labels: labels:
severity: critical severity: critical
annotations: annotations:
summary: "[Argo CD] No reported applications" summary: "[Argo CD] No reported applications"
description: > description: >
Argo CD has not reported any applications data for the past 15 minutes which Argo CD has not reported any applications data for the past 15 minutes which
means that it must be down or not functioning properly. This needs to be means that it must be down or not functioning properly. This needs to be
resolved for this cloud to continue to maintain state. resolved for this cloud to continue to maintain state.
- alert: ArgoAppNotSynced - alert: ArgoAppNotSynced
expr: | expr: |
argocd_app_info{sync_status!="Synced"} == 1 argocd_app_info{sync_status!="Synced"} == 1
for: 12h for: 12h
labels: labels:
severity: warning severity: warning
annotations: annotations:
summary: "[{{`{{$labels.name}}`}}] Application not synchronized" summary: "[{{`{{$labels.name}}`}}] Application not synchronized"
description: > description: >
The application [{{`{{$labels.name}}`}} has not been synchronized for over The application [{{`{{$labels.name}}`}} has not been synchronized for over
12 hours which means that the state of this cloud has drifted away from the 12 hours which means that the state of this cloud has drifted away from the
state inside Git. state inside Git.
dex: dex:
enabled: true enabled: true
resources: resources:

6
clusters/cl01tl/helm/authentik/Chart.lock
View File

@@ -1,7 +1,7 @@
dependencies: dependencies:
- name: authentik - name: authentik
repository: https://charts.goauthentik.io/ repository: https://charts.goauthentik.io/
version: 2026.2.1 version: 2026.2.2
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.4.0
@@ -11,5 +11,5 @@ dependencies:
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0 version: 0.5.0
digest: sha256:7302a85008aee7950aa345aa7d64563c1b0da8f07e348ec9709f9438503a41ff digest: sha256:86950b83ac8a4da2a89bb826616857fd5eca017c813d8def0eb905025a6e7687
generated: "2026-04-04T21:00:59.689114-05:00" generated: "2026-04-08T02:23:25.175388081Z"

2
clusters/cl01tl/helm/authentik/Chart.yaml
View File

@@ -18,7 +18,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: authentik - name: authentik
version: 2026.2.1 version: 2026.2.2
repository: https://charts.goauthentik.io/ repository: https://charts.goauthentik.io/
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts

2
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -109,7 +109,6 @@ blocky:
bazarr IN CNAME traefik-cl01tl bazarr IN CNAME traefik-cl01tl
ceph IN CNAME traefik-cl01tl ceph IN CNAME traefik-cl01tl
dawarich IN CNAME traefik-cl01tl dawarich IN CNAME traefik-cl01tl
dependency-track IN CNAME traefik-cl01tl
directus IN CNAME traefik-cl01tl directus IN CNAME traefik-cl01tl
excalidraw IN CNAME traefik-cl01tl excalidraw IN CNAME traefik-cl01tl
feishin IN CNAME traefik-cl01tl feishin IN CNAME traefik-cl01tl
@@ -132,6 +131,7 @@ blocky:
jellystat IN CNAME traefik-cl01tl jellystat IN CNAME traefik-cl01tl
kiwix IN CNAME traefik-cl01tl kiwix IN CNAME traefik-cl01tl
komodo IN CNAME traefik-cl01tl komodo IN CNAME traefik-cl01tl
kyoo IN CNAME traefik-cl01tl
languagetool IN CNAME traefik-cl01tl languagetool IN CNAME traefik-cl01tl
lidarr IN CNAME traefik-cl01tl lidarr IN CNAME traefik-cl01tl
mail IN CNAME traefik-cl01tl mail IN CNAME traefik-cl01tl

9
clusters/cl01tl/helm/dependency-track/Chart.lock
View File

@@ -1,9 +0,0 @@
dependencies:
- name: dependency-track
repository: https://dependencytrack.github.io/helm-charts
version: 0.44.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
digest: sha256:6ea7e8066cce675a02ce76393ee2b0e23300d2f5c72ae64946ae667fc12fde1f
generated: "2026-04-05T17:32:11.221935-05:00"

27
clusters/cl01tl/helm/dependency-track/Chart.yaml
View File

@@ -1,27 +0,0 @@
apiVersion: v2
name: dependency-track
version: 1.0.0
description: Dependency Track
keywords:
- dependency-track
- vulnerability-scanner
home: https://docs.alexlebens.dev/applications/dependency-track/
sources:
- https://github.com/DependencyTrack/dependency-track
- https://hub.docker.com/r/dependencytrack/apiserver
- https://hub.docker.com/r/dependencytrack/frontend
- https://github.com/DependencyTrack/helm-charts/tree/main/charts/dependency-track
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:
- name: dependency-track
version: 0.44.0
repository: https://dependencytrack.github.io/helm-charts
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://avatars.githubusercontent.com/u/40258585
# renovate: datasource=github-releases depName=DependencyTrack/dependency-track
appVersion: 4.14.1

114
clusters/cl01tl/helm/dependency-track/values.yaml
View File

@@ -1,114 +0,0 @@
dependency-track:
common:
secretKey:
createSecret: false
existingSecretName: dependency-track-key-secret
apiServer:
image:
repository: dependencytrack/apiserver
tag: 4.14.1@sha256:2d8813e1ba4ada4aa23087d908c1b5a3ffce39261ead5555c397a1d67c7cbe9d
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
memory: null
persistentVolume:
enabled: true
className: ceph-block
size: 5Gi
extraEnv:
- name: ALPINE_DATABASE_MODE
value: external
- name: ALPINE_DATABASE_DRIVER
value: org.postgresql.Driver
- name: ALPINE_DATABASE_URL
valueFrom:
secretKeyRef:
name: dependency-track-postgresql-18-cluster-app
key: jdbc-uri
- name: ALPINE_DATABASE_USERNAME
valueFrom:
secretKeyRef:
name: dependency-track-postgresql-18-cluster-app
key: user
- name: ALPINE_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: dependency-track-postgresql-18-cluster-app
key: password
- name: ALPINE_OIDC_ENABLED
value: "true"
- name: ALPINE_OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: dependency-track-oidc-secret
key: client
- name: ALPINE_OIDC_ISSUER
value: https://authentik.alexlebens.net/application/o/dependency-track/
- name: ALPINE_OIDC_USERNAME_CLAIM
value: preferred_username
- name: ALPINE_OIDC_TEAMS_CLAIM
value: groups
- name: ALPINE_OIDC_USER_PROVISIONING
value: "true"
- name: ALPINE_OIDC_TEAM_SYNCHRONIZATION
value: "true"
- name: ALPINE_CORS_ENABLED
value: "false"
- name: ALPINE_CORS_ALLOW_ORIGIN
value: dependency-track.alexlebens.net dependency-track.dependency-track
serviceMonitor:
enabled: true
namespace: dependency-track
frontend:
image:
repository: dependencytrack/frontend
tag: 4.14.1@sha256:8217737050b26ea69a6ddd6fe2cb419531a0bae0b903a87a04077a2415fc9f35
resources:
requests:
cpu: 10m
memory: 60Mi
limits:
memory: null
extraEnv:
- name: OIDC_ISSUER
value: https://authentik.alexlebens.net/application/o/dependency-track/
- name: OIDC_FLOW
value: explicit
- name: OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: dependency-track-oidc-secret
key: client
- name: OIDC_LOGIN_BUTTON_TEXT
value: Authentik
apiBaseUrl: dependency-track-api-server.dependency-track
httpRoute:
enabled: true
hostnames:
- dependency-track.alexlebens.net
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
postgres-18-cluster:
mode: standalone
recovery:
method: objectStore
objectStore:
index: 1
backup:
objectStore:
- name: garage-local
index: 1
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 10 14 * * *"
backupName: garage-local

6
clusters/cl01tl/helm/element-web/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies: dependencies:
- name: element-web - name: element-web
repository: https://ananace.gitlab.io/charts repository: https://ananace.gitlab.io/charts
version: 1.4.33 version: 1.4.34
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.4.0
digest: sha256:63b0e582d42fb42bcf4d96ba4b299e42c434c42f284208596808288543192fe0 digest: sha256:376f1201085c5c93972d2286755dd8b530a4a88ad9fdaf4bfb50ec1f11c64df0
generated: "2026-03-24T16:11:50.424321433Z" generated: "2026-04-08T17:57:31.040649797Z"

4
clusters/cl01tl/helm/element-web/Chart.yaml
View File

@@ -15,11 +15,11 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: element-web - name: element-web
version: 1.4.33 version: 1.4.34
repository: https://ananace.gitlab.io/charts repository: https://ananace.gitlab.io/charts
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.4.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png
# renovate: datasource=github-releases depName=element-hq/element-web # renovate: datasource=github-releases depName=element-hq/element-web
appVersion: v1.12.14 appVersion: v1.12.15

2
clusters/cl01tl/helm/element-web/values.yaml
View File

@@ -2,7 +2,7 @@ element-web:
replicaCount: 1 replicaCount: 1
image: image:
repository: ghcr.io/element-hq/element-web repository: ghcr.io/element-hq/element-web
tag: v1.12.14@sha256:13052614150733892ff06189f0f9baf098bc16092bffc0e0e18ccf2f257abe34 tag: v1.12.15@sha256:c7fa40b5ba3891f8af3ce63da0818f457c1802a9ee4d2f5e46a9df36a2388eed
defaultServer: defaultServer:
url: https://matrix.alexlebens.dev url: https://matrix.alexlebens.dev
name: alexlebens.dev name: alexlebens.dev

6
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -116,6 +116,9 @@ gatus:
- name: jellyfin - name: jellyfin
url: https://jellyfin.alexlebens.net url: https://jellyfin.alexlebens.net
<<: *defaults <<: *defaults
- name: kyoo
url: https://kyoo.alexlebens.net
<<: *defaults
- name: tubearchivist - name: tubearchivist
url: https://tubearchivist.alexlebens.net url: https://tubearchivist.alexlebens.net
<<: *defaults <<: *defaults
@@ -185,9 +188,6 @@ gatus:
- name: komodo - name: komodo
url: https://komodo.alexlebens.net url: https://komodo.alexlebens.net
<<: *defaults <<: *defaults
- name: dependency-track
url: https://dependency-track.alexlebens.net
<<: *defaults
- name: omni-tools - name: omni-tools
url: https://omni-tools.alexlebens.net url: https://omni-tools.alexlebens.net
<<: *defaults <<: *defaults

6
clusters/cl01tl/helm/harbor/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 1.18.3 version: 1.18.3
- name: postgres-cluster - name: postgres-cluster
repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
version: 7.11.1 version: 7.11.2
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0 version: 0.5.0
digest: sha256:fb17e2bad9c3a303da2b9d65ee5bd082a58ca6a5cee17d337e2536747982aa2c digest: sha256:2ef60d6315a21e0d92970570630cc74720643e7e51e0574107249684ddc2fab5
generated: "2026-03-31T18:38:15.510833-05:00" generated: "2026-04-07T20:36:47.509644-05:00"

2
clusters/cl01tl/helm/harbor/Chart.yaml
View File

@@ -20,7 +20,7 @@ dependencies:
repository: https://helm.goharbor.io repository: https://helm.goharbor.io
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.11.1 version: 7.11.2
repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
- name: valkey - name: valkey
alias: valkey alias: valkey

2
clusters/cl01tl/helm/home-assistant/values.yaml
View File

@@ -23,7 +23,7 @@ home-assistant:
code-server: code-server:
image: image:
repository: ghcr.io/linuxserver/code-server repository: ghcr.io/linuxserver/code-server
tag: 4.114.1-ls330@sha256:4dabed7dc766d3034778aa648ff6b89f0b04755a069fc1071ac0f22484b7c587 tag: 4.115.0-ls331@sha256:308f49acac8734542560f797d79b15e4c872c4d3f97d1b22862633fcce2af62a
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago

12
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -151,6 +151,12 @@ homepage:
href: https://jellyfin.alexlebens.net href: https://jellyfin.alexlebens.net
siteMonitor: http://jellyfin.jellyfin:80 siteMonitor: http://jellyfin.jellyfin:80
statusStyle: dot statusStyle: dot
- Movies and TV:
icon: sh-kyoo.webp
description: Kyoo
href: https://kyoo.alexlebens.net
siteMonitor: http://front.kyoo:8901
statusStyle: dot
- Youtube Archive: - Youtube Archive:
icon: sh-tube-archivist-light.webp icon: sh-tube-archivist-light.webp
description: TubeArchivist description: TubeArchivist
@@ -387,12 +393,6 @@ homepage:
secret: {{ "{{HOMEPAGE_VAR_KOMODO_API_SECRET}}" }} secret: {{ "{{HOMEPAGE_VAR_KOMODO_API_SECRET}}" }}
showStacks: true showStacks: true
fields: ["running", "down", "unhealthy", "unknown"] fields: ["running", "down", "unhealthy", "unknown"]
- Vulnerability Scanning:
icon: https://raw.githubusercontent.com/DependencyTrack/branding/f77a4ad3b469ff656856ea225f26b1610b89a584/dt-logo-symbol.svg
description: Dependency Track
href: https://dependency-track.alexlebens.net
siteMonitor: http://dependency-track-frontend.dependency-track:8080
statusStyle: dot
- Uptime: - Uptime:
icon: sh-gatus.webp icon: sh-gatus.webp
description: Gatus description: Gatus

6
clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock
View File

@@ -1,7 +1,7 @@
dependencies: dependencies:
- name: kube-prometheus-stack - name: kube-prometheus-stack
repository: oci://ghcr.io/prometheus-community/charts repository: oci://ghcr.io/prometheus-community/charts
version: 83.0.2 version: 83.2.0
- name: prometheus-operator-crds - name: prometheus-operator-crds
repository: oci://ghcr.io/prometheus-community/charts repository: oci://ghcr.io/prometheus-community/charts
version: 28.0.1 version: 28.0.1
@@ -11,5 +11,5 @@ dependencies:
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0 version: 0.5.0
digest: sha256:0675ee4a9de34b23c744f521be309f7ad6860af74f8e7faeaa44bf26fda72d08 digest: sha256:d0942cff6346335abc91f9ceb919c5a819543b9b8baed11f83de89486f4e874d
generated: "2026-04-07T22:42:15.723825441Z" generated: "2026-04-08T19:03:59.676069331Z"

3
clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
View File

@@ -5,6 +5,7 @@ description: Kube Prometheus Stack
keywords: keywords:
- kube-prometheus-stack - kube-prometheus-stack
- prometheus - prometheus
- metrics
home: https://docs.alexlebens.dev/applications/kube-prometheus-stack/ home: https://docs.alexlebens.dev/applications/kube-prometheus-stack/
sources: sources:
- https://github.com/prometheus/prometheus - https://github.com/prometheus/prometheus
@@ -19,7 +20,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: kube-prometheus-stack - name: kube-prometheus-stack
version: 83.0.2 version: 83.2.0
repository: oci://ghcr.io/prometheus-community/charts repository: oci://ghcr.io/prometheus-community/charts
- name: prometheus-operator-crds - name: prometheus-operator-crds
version: 28.0.1 version: 28.0.1

9
clusters/cl01tl/helm/kyoo/Chart.lock Normal file
View File

@@ -0,0 +1,9 @@
dependencies:
- name: kyoo
repository: oci://ghcr.io/zoriya/helm-charts
version: 5.0.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
digest: sha256:ecb2f86b40fa42951928b84b8e4774ff83710bc8c5b1953b4f9de1c25b6e9679
generated: "2026-04-08T19:41:34.55285-05:00"

35
clusters/cl01tl/helm/kyoo/Chart.yaml Normal file
View File

@@ -0,0 +1,35 @@
apiVersion: v2
name: kyoo
version: 1.0.0
description: Kyoo
keywords:
- kyoo
- media
home: https://docs.alexlebens.dev/applications/kyoo/
sources:
- https://github.com/zoriya/Kyoo
- https://github.com/zoriya/Kyoo/pkgs/container/kyoo_api
- https://github.com/zoriya/Kyoo/pkgs/container/kyoo_auth
- https://github.com/zoriya/Kyoo/pkgs/container/kyoo_front
- https://github.com/zoriya/Kyoo/pkgs/container/kyoo_scanner
- https://github.com/zoriya/Kyoo/pkgs/container/kyoo_transcoder
- https://github.com/zoriya/Kyoo/tree/master/chart
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
- name: kyoo
repository: oci://ghcr.io/zoriya/helm-charts
version: 5.0.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
repository: oci://harbor.alexlebens.net/helm-charts
# - name: volsync-target
# alias: volsync-target-config
# version: 0.8.0
# repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kyoo.png
# renovate: datasource=github-releases depName=zoriya/Kyoo
appVersion: v5.0.0

34
clusters/cl01tl/helm/dependency-track/templates/external-secret.yaml → clusters/cl01tl/helm/kyoo/templates/external-secret.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: dependency-track-key-secret name: kyoo-key-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: dependency-track-key-secret app.kubernetes.io/name: kyoo-key-secret
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -12,19 +12,31 @@ spec:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: vault
data: data:
- secretKey: secret.key - secretKey: rsa-private
remoteRef: remoteRef:
key: /cl01tl/dependency-track/key key: /cl01tl/kyoo/key
property: key property: rsa-private
- secretKey: scanner-apikey
remoteRef:
key: /cl01tl/kyoo/key
property: scanner
- secretKey: tmdb-apikey
remoteRef:
key: /tmdb/alexlebens
property: api-key
- secretKey: tvdb-apikey
remoteRef:
key: /tvdb/alexlebens
property: api-key
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: dependency-track-oidc-secret name: kyoo-oidc-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: dependency-track-oidc-secret app.kubernetes.io/name: kyoo-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -32,11 +44,11 @@ spec:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: vault
data: data:
- secretKey: client - secretKey: rsa-private
remoteRef: remoteRef:
key: /authentik/oidc/dependency-track key: /authentik/oidc/kyoo
property: client property: client
- secretKey: secret - secretKey: scanner-apikey
remoteRef: remoteRef:
key: /authentik/oidc/dependency-track key: /authentik/oidc/kyoo
property: secret property: secret

88
clusters/cl01tl/helm/kyoo/templates/http-route.yaml Normal file
View File

@@ -0,0 +1,88 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: kyoo
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- kyoo.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: front
port: 8901
weight: 100
- matches:
- path:
type: PathPrefix
value: /video
backendRefs:
- group: ''
kind: Service
name: transcoder
port: 7666
weight: 100
- matches:
- path:
type: PathPrefix
value: /auth/
backendRefs:
- group: ''
kind: Service
name: auth
port: 4568
weight: 100
- matches:
- path:
type: PathPrefix
value: /.well-known/
backendRefs:
- group: ''
kind: Service
name: auth
port: 4568
weight: 100
- matches:
- path:
type: PathPrefix
value: /api/
backendRefs:
- group: ''
kind: Service
name: api
port: 3567
weight: 100
- matches:
- path:
type: PathPrefix
value: /swagger
backendRefs:
- group: ''
kind: Service
name: api
port: 3567
weight: 100
- matches:
- path:
type: PathPrefix
value: /scanner/
backendRefs:
- group: ''
kind: Service
name: scanner
port: 4389
weight: 100

131
clusters/cl01tl/helm/kyoo/templates/persistent-volume-claim.yaml Normal file
View File

@@ -0,0 +1,131 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kyoo-media-anime-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-anime-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: kyoo-media-anime-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kyoo-media-anime-movies-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-anime-movies-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: kyoo-media-anime-movies-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kyoo-media-movies-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-movies-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: kyoo-media-movies-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kyoo-media-movies-4k-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-movies-4k-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: kyoo-media-movies-4k-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kyoo-media-standup-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-standup-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: kyoo-media-standup-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kyoo-media-tvshows-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-tvshows-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: kyoo-media-tvshows-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kyoo-media-tvshows-4k-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-tvshows-4k-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: kyoo-media-tvshows-4k-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

173
clusters/cl01tl/helm/kyoo/templates/persistent-volume.yaml Normal file
View File

@@ -0,0 +1,173 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: kyoo-media-anime-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-anime-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Anime
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: kyoo-media-anime-movies-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-anime-movies-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Anime Movies
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: kyoo-media-movies-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-movies-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Movies
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: kyoo-media-movies-4k-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-movies-4k-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Movies 4K
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: kyoo-media-standup-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-standup-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Stand Up
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: kyoo-media-tvshows-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-tvshows-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/TV Shows
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: kyoo-media-tvshows-4k-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-tvshows-4k-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/TV Shows
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

217
clusters/cl01tl/helm/kyoo/values.yaml Normal file
View File

@@ -0,0 +1,217 @@
kyoo:
global:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
postgres:
shared:
host: kyoo-postgresql-18-cluster-rw
port: 5432
existingSecret: kyoo-postgresql-18-cluster-app
userKey: user
passwordKey: password
kyoo_api:
database: kyoo_api
sslmode: disable
kyoo_auth:
database: kyoo_auth
sslmode: disable
kyoo_scanner:
database: kyoo_scanner
sslmode: disable
kyoo_transcoder:
database: kyoo_transcoder
sslmode: disable
kyoo:
address: https://kyoo.alexlebens.net
auth:
privatekey:
existingSecret: kyoo-key-secret
privatekeyKey: rsa-private
apikeys:
scanner:
existingSecret: kyoo-key-secret
apikeyKey: scanner-apikey
transcoderAcceleration: qsv
transcoderPreset: fast
oidc_providers:
- name: Authentik
existingSecret: kyoo-oidc-secret
clientIdKey: client
clientSecretKey: secret
logo: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/authentik.webp
authorizationAddress: https://authentik.alexlebens.net/application/o/authorize/
tokenAddress: https://authentik.alexlebens.net/application/o/token/
profileAddress: https://authentik.alexlebens.net/application/o/userinfo/
scope: "email openid profile"
authMethod: ClientSecretBasic
media:
volumes:
- name: kyoo-media-anime-nfs-storage
persistentVolumeClaim:
claimName: kyoo-media-anime-nfs-storage
- name: kyoo-media-anime-movies-nfs-storage
persistentVolumeClaim:
claimName: kyoo-media-anime-movies-nfs-storage
- name: kyoo-media-movies-nfs-storage
persistentVolumeClaim:
claimName: kyoo-media-movies-nfs-storage
- name: kyoo-media-movies-4k-nfs-storage
persistentVolumeClaim:
claimName: kyoo-media-movies-4k-nfs-storage
- name: kyoo-media-standup-nfs-storage
persistentVolumeClaim:
claimName: kyoo-media-standup-nfs-storage
- name: kyoo-media-tvshows-nfs-storage
persistentVolumeClaim:
claimName: kyoo-media-tvshows-nfs-storage
- name: kyoo-media-tvshows-4k-nfs-storage
persistentVolumeClaim:
claimName: kyoo-media-tvshows-4k-nfs-storage
volumeMounts:
- mountPath: /media/anime
name: kyoo-media-anime-nfs-storage
readOnly: true
- mountPath: /media/anime-movies
name: kyoo-media-anime-movies-nfs-storage
readOnly: true
- mountPath: /media/movies
name: kyoo-media-movies-nfs-storage
readOnly: true
- mountPath: /media/movies-4k
name: kyoo-media-movies-4k-nfs-storage
readOnly: true
- mountPath: /media/standup
name: kyoo-media-standup-nfs-storage
readOnly: true
- mountPath: /media/tvshows
name: kyoo-media-tvshows-nfs-storage
readOnly: true
- mountPath: /media/tvshows-4k
name: kyoo-media-tvshows-4k-nfs-storage
readOnly: true
baseMountPath: /media
contentdatabase:
tmdb:
apikeyKey: tmdb-apikey
existingSecret: kyoo-key-secret
tvdb:
apikeyKey: tvdb-apikey
pinKey: tvdb-apikey
existingSecret: kyoo-key-secret
api:
kyoo_api:
resources:
requests:
cpu: 10m
memory: 100Mi
image:
repository: ghcr.io/zoriya/kyoo_api
tag: 5.0.0@sha256:dc0210f235e23ae616b0f5952af7867dcbc52e0354c2683ec3c4190fdcd17744
persistence:
enabled: true
size: 1Gi
storageClass: ceph-block
accessModes:
- ReadWriteOnce
auth:
kyoo_auth:
resources:
requests:
cpu: 10m
memory: 100Mi
image:
repository: ghcr.io/zoriya/kyoo_auth
tag: 5.0.0
persistence:
enabled: true
size: 500Mi
storageClass: ceph-block
accessModes:
- ReadWriteOnce
front:
kyoo_front:
resources:
requests:
cpu: 10m
memory: 100Mi
image:
repository: ghcr.io/zoriya/kyoo_front
tag: 5.0.0@sha256:985f892470b304f13ef1950fb5f7e9ef33ee39b71705c627cb045773e6dfb7b4
scanner:
kyoo_scanner:
resources:
requests:
cpu: 10m
memory: 100Mi
image:
repository: ghcr.io/zoriya/kyoo_scanner
tag: 5.0.0@sha256:fa972f3f1e534264f4de153e30fe9481839754a3e724cc2663524a2b30e82b46
transcoder:
kyoo_transcoder:
resources:
limits:
gpu.intel.com/i915: 1
requests:
gpu.intel.com/i915: 1
cpu: 1
memory: 1Gi
image:
repository: ghcr.io/zoriya/kyoo_transcoder
tag: 5.0.0@sha256:59974794f8a638175408fa20f023ba9598108b54ad8ed9a22ec87a1a211dfc43
replicaCount: 1
persistence:
enabled: true
size: 1Gi
storageClass: ceph-block
accessModes:
- ReadWriteOnce
ingress:
enabled: false
traefikproxy:
enabled: false
postgres:
enabled: false
postgres-18-cluster:
mode: standalone
recovery:
method: objectStore
objectStore:
index: 1
backup:
objectStore:
- name: garage-local
index: 1
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 5 14 * * *"
backupName: garage-local
databases:
- name: kyoo_api
ensure: present
owner: app
- name: kyoo_auth
ensure: present
owner: app
- name: kyoo_scanner
ensure: present
owner: app
- name: kyoo_transcoder
ensure: present
owner: app
volsync-target-config:
pvcTarget: kyoo-config
local:
enabled: true
schedule: 26 8 * * *
remote:
enabled: true
schedule: 26 9 * * *
external:
enabled: true
schedule: 26 10 * * *

2
clusters/cl01tl/helm/lidarr/values.yaml
View File

@@ -14,7 +14,7 @@ lidarr:
main: main:
image: image:
repository: ghcr.io/linuxserver/lidarr repository: ghcr.io/linuxserver/lidarr
tag: 3.1.2-nightly@sha256:0fc8d169a0740a77e03ec0e5eaee1ce2db0d882fc0bb8d0a26fd77a8beaad8e9 tag: 3.1.2-nightly@sha256:2b602738585d64c62e119073c631e50872f07595d2d90936a9186f2989cb2eda
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago

6
clusters/cl01tl/helm/matrix-synapse/Chart.lock
View File

@@ -1,7 +1,7 @@
dependencies: dependencies:
- name: matrix-synapse - name: matrix-synapse
repository: https://ananace.gitlab.io/charts repository: https://ananace.gitlab.io/charts
version: 3.12.24 version: 3.12.25
- name: app-template - name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
@@ -38,5 +38,5 @@ dependencies:
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:0e8b1b79a98952ed49c87c6da83dcc2eed2aabbd755d9ebf1bdd3090f3ccc44c digest: sha256:937fe4fd8cd564a5f55a0f251a9b412eeeebe797f52d6769b18f6f6a28f6dd64
generated: "2026-04-04T21:03:48.737144-05:00" generated: "2026-04-08T19:02:45.651984056Z"

2
clusters/cl01tl/helm/matrix-synapse/Chart.yaml
View File

@@ -26,7 +26,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: matrix-synapse - name: matrix-synapse
version: 3.12.24 version: 3.12.25
repository: https://ananace.gitlab.io/charts repository: https://ananace.gitlab.io/charts
- name: app-template - name: app-template
alias: matrix-hookshot alias: matrix-hookshot

2
clusters/cl01tl/helm/matrix-synapse/values.yaml
View File

@@ -1,7 +1,7 @@
matrix-synapse: matrix-synapse:
image: image:
repository: ghcr.io/element-hq/synapse repository: ghcr.io/element-hq/synapse
tag: v1.150.0@sha256:cba0969087ca70a3ec72ebcd1491a6c8391a7da2c0b92738231dd9c7ad55df4d tag: v1.151.0@sha256:184dc8757daef019b511e7f96fc6e5edfb880fd074d8cf702c7e3aa899d188c8
serverName: alexlebens.dev serverName: alexlebens.dev
publicServerName: matrix.alexlebens.dev publicServerName: matrix.alexlebens.dev
argoCD: true argoCD: true

2
clusters/cl01tl/helm/ollama/Chart.yaml
View File

@@ -31,4 +31,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png
# renovate: datasource=github-releases depName=ollama/ollama # renovate: datasource=github-releases depName=ollama/ollama
appVersion: 0.20.3 appVersion: 0.20.4

6
clusters/cl01tl/helm/paperless-ngx/Chart.lock
View File

@@ -4,7 +4,7 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.0 version: 7.11.2
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0 version: 0.5.0
@@ -20,5 +20,5 @@ dependencies:
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:08acc0818deaede4bb7515be7cbb1253f30036b70af6038caa69e4bd3cc02412 digest: sha256:ae3aa7bd167e216d79bfbb60770c9bc209a8a689685f6dff6be41d8952ac0f25
generated: "2026-03-30T20:25:47.995874-05:00" generated: "2026-04-08T17:24:02.420482074Z"

2
clusters/cl01tl/helm/paperless-ngx/Chart.yaml
View File

@@ -24,7 +24,7 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.11.0 version: 7.11.2
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey alias: valkey

2
clusters/cl01tl/helm/plex/Chart.yaml
View File

@@ -20,4 +20,4 @@ dependencies:
version: 4.6.2 version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/plex.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/plex.png
# renovate: datasource=github-releases depName=linuxserver/docker-plex # renovate: datasource=github-releases depName=linuxserver/docker-plex
appVersion: 1.43.0.10492-121068a07-ls299 appVersion: 1.43.1.10576-06378bdcd-ls300

2
clusters/cl01tl/helm/plex/values.yaml
View File

@@ -22,7 +22,7 @@ plex:
main: main:
image: image:
repository: ghcr.io/linuxserver/plex repository: ghcr.io/linuxserver/plex
tag: 1.43.0.10492-121068a07-ls299@sha256:a21302c5297943e204e9b262f8c2eca3e0c7ddb52490bfb3f1db47f6103721ab tag: 1.43.1.10576-06378bdcd-ls300@sha256:09fe33e5efd991681ea3cbd3e3cb262cd1ae26d4a0145a4141ead284d8f21de6
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago

6
clusters/cl01tl/helm/postiz/Chart.lock
View File

@@ -4,7 +4,7 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: temporal - name: temporal
repository: https://go.temporal.io/helm-charts repository: https://go.temporal.io/helm-charts
version: 1.0.0-rc.3 version: 1.0.0
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.4.0
@@ -20,5 +20,5 @@ dependencies:
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:a5d285d997702cefaac9808ac6556a566d7974773c7fb2c7a0defb8f64226443 digest: sha256:dbb86231dcf341e73570b57a10aad6278989e0c50c6f5959a43439a8a9146bb9
generated: "2026-04-05T20:33:43.946895-05:00" generated: "2026-04-08T19:03:28.347782848Z"

2
clusters/cl01tl/helm/postiz/Chart.yaml
View File

@@ -29,7 +29,7 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: temporal - name: temporal
repository: https://go.temporal.io/helm-charts repository: https://go.temporal.io/helm-charts
version: 1.0.0-rc.3 version: 1.0.0
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.4.0

2
clusters/cl01tl/helm/qbittorrent/values.yaml
View File

@@ -208,7 +208,7 @@ qbittorrent:
qui: qui:
image: image:
repository: ghcr.io/autobrr/qui repository: ghcr.io/autobrr/qui
tag: v1.16.0@sha256:fcdced7cb8395ce039f2c5f920d890d4ad8bd849faec4c4df31701a8f13423cb tag: v1.16.1@sha256:07b6ea9572e52e8b5f70f8fb15a7c688d8d754a7616242d3ad0b21dbd5c05836
env: env:
- name: QUI__METRICS_ENABLED - name: QUI__METRICS_ENABLED
value: true value: true

2
clusters/cl01tl/helm/rclone/Chart.yaml
View File

@@ -20,4 +20,4 @@ dependencies:
version: 4.6.2 version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/rclone.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/rclone.png
# renovate: datasource=github-releases depName=rclone/rclone # renovate: datasource=github-releases depName=rclone/rclone
appVersion: v1.73.3 appVersion: v1.73.4

16
clusters/cl01tl/helm/rclone/values.yaml
View File

@@ -12,7 +12,7 @@ rclone:
sync: sync:
image: image:
repository: rclone/rclone repository: rclone/rclone
tag: 1.73.3@sha256:66af24d7c8809af336dc16068149257cf447c80f8c60aa9f5679153f42017b85 tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
args: args:
- sync - sync
- src:directus-assets - src:directus-assets
@@ -90,7 +90,7 @@ rclone:
sync: sync:
image: image:
repository: rclone/rclone repository: rclone/rclone
tag: 1.73.3@sha256:66af24d7c8809af336dc16068149257cf447c80f8c60aa9f5679153f42017b85 tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
args: args:
- sync - sync
- src:karakeep-assets - src:karakeep-assets
@@ -168,7 +168,7 @@ rclone:
sync: sync:
image: image:
repository: rclone/rclone repository: rclone/rclone
tag: 1.73.3@sha256:66af24d7c8809af336dc16068149257cf447c80f8c60aa9f5679153f42017b85 tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
args: args:
- sync - sync
- src:talos-backups - src:talos-backups
@@ -239,7 +239,7 @@ rclone:
prune: prune:
image: image:
repository: rclone/rclone repository: rclone/rclone
tag: 1.73.3@sha256:66af24d7c8809af336dc16068149257cf447c80f8c60aa9f5679153f42017b85 tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
args: args:
- delete - delete
- dest:talos-backups - dest:talos-backups
@@ -287,7 +287,7 @@ rclone:
sync: sync:
image: image:
repository: rclone/rclone repository: rclone/rclone
tag: 1.73.3@sha256:66af24d7c8809af336dc16068149257cf447c80f8c60aa9f5679153f42017b85 tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
args: args:
- sync - sync
- src:web-assets - src:web-assets
@@ -365,7 +365,7 @@ rclone:
sync: sync:
image: image:
repository: rclone/rclone repository: rclone/rclone
tag: 1.73.3@sha256:66af24d7c8809af336dc16068149257cf447c80f8c60aa9f5679153f42017b85 tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
args: args:
- sync - sync
- src:postgres-backups - src:postgres-backups
@@ -440,7 +440,7 @@ rclone:
prune: prune:
image: image:
repository: rclone/rclone repository: rclone/rclone
tag: 1.73.3@sha256:66af24d7c8809af336dc16068149257cf447c80f8c60aa9f5679153f42017b85 tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
args: args:
- delete - delete
- dest:postgres-backups - dest:postgres-backups
@@ -488,7 +488,7 @@ rclone:
sync: sync:
image: image:
repository: rclone/rclone repository: rclone/rclone
tag: 1.73.3@sha256:66af24d7c8809af336dc16068149257cf447c80f8c60aa9f5679153f42017b85 tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
args: args:
- sync - sync
- src:ntfy-attachments - src:ntfy-attachments

2
clusters/cl01tl/helm/roundcube/values.yaml
View File

@@ -56,7 +56,7 @@ roundcube:
nginx: nginx:
image: image:
repository: nginx repository: nginx
tag: 1.29.7-alpine-slim@sha256:0848ca84c476868cbeb6a5c2c009a98821b8540f96c44b1ba06820db50262e35 tag: 1.29.8-alpine-slim@sha256:34311a2592ef8b857ca342b0d458d2978e4d05ae620ba2da5030f3d7c9b4774c
env: env:
- name: NGINX_HOST - name: NGINX_HOST
value: mail.alexlebens.net value: mail.alexlebens.net

1
clusters/cl01tl/helm/s3-exporter/Chart.yaml
View File

@@ -5,6 +5,7 @@ description: S3 Exporter
keywords: keywords:
- s3-exporter - s3-exporter
- storage - storage
- metrics
home: https://docs.alexlebens.dev/applications/s3-exporter/ home: https://docs.alexlebens.dev/applications/s3-exporter/
sources: sources:
- https://github.com/molu8bits/s3bucket_exporter - https://github.com/molu8bits/s3bucket_exporter

2
clusters/cl01tl/helm/searxng/values.yaml
View File

@@ -57,7 +57,7 @@ searxng:
valkey: valkey:
image: image:
repository: valkey/valkey repository: valkey/valkey
tag: 9.0.0-alpine@sha256:bef37d06d4856710973ee31dd1eac1482e4c8e6e7b847f999ad25433e646587b tag: 9.0.3-alpine@sha256:e1095c6c76ee982cb2d1e07edbb7fb2a53606630a1d810d5a47c9f646b708bf5
service: service:
api: api:
controller: api controller: api

6
clusters/cl01tl/helm/seerr/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies: dependencies:
- name: seerr-chart - name: seerr-chart
repository: oci://ghcr.io/seerr-team/seerr repository: oci://ghcr.io/seerr-team/seerr
version: 3.4.0 version: 3.4.1
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:0ae90021bff10a9790f29f40f57607c9212e4e793078d62c9aeab833066b2d4e digest: sha256:821fc73d7411c89f0eba2c35a7a455523dadaa4f9d5149b17b2c96cf594f5e1a
generated: "2026-04-07T22:03:12.12671791Z" generated: "2026-04-08T17:24:50.724009386Z"

2
clusters/cl01tl/helm/seerr/Chart.yaml
View File

@@ -17,7 +17,7 @@ maintainers:
dependencies: dependencies:
- name: seerr-chart - name: seerr-chart
repository: oci://ghcr.io/seerr-team/seerr repository: oci://ghcr.io/seerr-team/seerr
version: 3.4.0 version: 3.4.1
- name: volsync-target - name: volsync-target
alias: volsync-target-config alias: volsync-target-config
version: 0.8.0 version: 0.8.0

2
clusters/cl01tl/helm/site-documentation/values.yaml
View File

@@ -10,7 +10,7 @@ site-documentation:
main: main:
image: image:
repository: harbor.alexlebens.net/images/site-documentation repository: harbor.alexlebens.net/images/site-documentation
tag: 0.21.0@sha256:556d92724306b0949c38185ffbaa7e3f05b9ba0d9b8dcfee0fc7a21985d10199 tag: 0.22.0@sha256:3310620f9bad0184d6ba6c786a3826ce53038c03cca345660a7e422276dbd478
resources: resources:
requests: requests:
cpu: 10m cpu: 10m

1
clusters/cl01tl/helm/speedtest-exporter/Chart.yaml
View File

@@ -5,6 +5,7 @@ description: Speedtest Exporter
keywords: keywords:
- speedtest-exporter - speedtest-exporter
- internet-speed - internet-speed
- metrics
home: https://docs.alexlebens.dev/applications/speedtest-exporter/ home: https://docs.alexlebens.dev/applications/speedtest-exporter/
sources: sources:
- https://github.com/MiguelNdeCarvalho/speedtest-exporter - https://github.com/MiguelNdeCarvalho/speedtest-exporter

2
clusters/cl01tl/helm/stalwart/templates/elasticsearch.yaml
View File

@@ -9,7 +9,7 @@ metadata:
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
# renovate: datasource=docker depName=elasticsearch # renovate: datasource=docker depName=elasticsearch
version: 8.19.13 version: 9.3.3
auth: auth:
fileRealm: fileRealm:
- secretName: stalwart-elasticsearch-secret - secretName: stalwart-elasticsearch-secret

6
clusters/cl01tl/helm/tailscale-operator/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: tailscale-operator - name: tailscale-operator
repository: https://pkgs.tailscale.com/helmcharts repository: https://pkgs.tailscale.com/helmcharts
version: 1.94.2 version: 1.96.5
digest: sha256:cf509332b17c0dc32d3a89f0661e500d7dc5c29814dc982c9f5607e424669002 digest: sha256:d7352b6781e248f6fc6bbb06e994c76eed77f06b3beaac6a5707e77df72ccc7d
generated: "2026-02-14T00:21:25.854980371Z" generated: "2026-04-07T22:47:27.933877961Z"

4
clusters/cl01tl/helm/tailscale-operator/Chart.yaml
View File

@@ -17,8 +17,8 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: tailscale-operator - name: tailscale-operator
version: 1.94.2 version: 1.96.5
repository: https://pkgs.tailscale.com/helmcharts repository: https://pkgs.tailscale.com/helmcharts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tailscale-light.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tailscale-light.png
# renovate: datasource=docker depName=tailscale/tailscale # renovate: datasource=docker depName=tailscale/tailscale
appVersion: v1.94.2 appVersion: v1.96.5

4
clusters/cl01tl/helm/tailscale-operator/values.yaml
View File

@@ -5,7 +5,7 @@ tailscale-operator:
- "tag:k8s-operator" - "tag:k8s-operator"
image: image:
repository: tailscale/k8s-operator repository: tailscale/k8s-operator
tag: v1.94.2 tag: v1.96.5
digest: sha256:7956bd50dca9dc804b98720df94d112b54af85449ed0bf8cc7fad0346b225067 digest: sha256:7956bd50dca9dc804b98720df94d112b54af85449ed0bf8cc7fad0346b225067
hostname: tailscale-operator-cl01tl hostname: tailscale-operator-cl01tl
ingressClass: ingressClass:
@@ -13,6 +13,6 @@ tailscale-operator:
proxyConfig: proxyConfig:
image: image:
repository: tailscale/tailscale repository: tailscale/tailscale
tag: v1.94.2 tag: v1.96.5
digest: sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1 digest: sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
defaultProxyClass: no-metrics defaultProxyClass: no-metrics

6
clusters/cl01tl/helm/talos/values.yaml
View File

@@ -376,7 +376,7 @@ etcd-defrag:
cronjob: cronjob:
suspend: false suspend: false
timeZone: America/Chicago timeZone: America/Chicago
schedule: "0 0 * * 0" schedule: 0 0 * * 0
backoffLimit: 3 backoffLimit: 3
parallelism: 1 parallelism: 1
containers: containers:
@@ -404,7 +404,7 @@ etcd-defrag:
cronjob: cronjob:
suspend: false suspend: false
timeZone: America/Chicago timeZone: America/Chicago
schedule: "10 0 * * 0" schedule: 10 0 * * 0
backoffLimit: 3 backoffLimit: 3
parallelism: 1 parallelism: 1
containers: containers:
@@ -432,7 +432,7 @@ etcd-defrag:
cronjob: cronjob:
suspend: false suspend: false
timeZone: America/Chicago timeZone: America/Chicago
schedule: "20 0 * * 0" schedule: 20 0 * * 0
backoffLimit: 3 backoffLimit: 3
parallelism: 1 parallelism: 1
containers: containers:

8
clusters/cl01tl/helm/tdarr/Chart.yaml
View File

@@ -5,16 +5,16 @@ description: Tdarr
keywords: keywords:
- tdarr - tdarr
- video - video
- transcode home: https://docs.alexlebens.dev/applications/tdarr/
- healthchecks
home: https://wiki.alexlebens.dev/s/0a8c0a10-7847-4081-8a4b-5e6ac4cb1d62
sources: sources:
- https://github.com/HaveAGitGat/Tdarr - https://github.com/HaveAGitGat/Tdarr
- https://github.com/homeylab/tdarr-exporter - https://github.com/homeylab/tdarr-exporter
- https://github.com/haveagitgat/Tdarr/pkgs/container/tdarr - https://github.com/haveagitgat/Tdarr/pkgs/container/tdarr
- https://github.com/users/haveagitgat/packages/container/package/tdarr_node
- https://hub.docker.com/r/homeylab/tdarr-exporter - https://hub.docker.com/r/homeylab/tdarr-exporter
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://github.com/homeylab/helm-charts/tree/main/charts/tdarr-exporter - https://github.com/homeylab/helm-charts/tree/main/charts/tdarr-exporter
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -34,5 +34,5 @@ dependencies:
version: 0.8.0 version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tdarr.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tdarr.png
# renovate: datasource=github-releases depName=HaveAGitGat/Tdarr # renovate: datasource=docker depName=ghcr.io/haveagitgat/tdarr
appVersion: 2.58.02 appVersion: 2.58.02

38
clusters/cl01tl/helm/tdarr/values.yaml
View File

@@ -4,16 +4,18 @@ tdarr:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3 pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers: containers:
main: main:
image: image:
repository: ghcr.io/haveagitgat/tdarr repository: ghcr.io/haveagitgat/tdarr
tag: 2.67.01 tag: 2.68.01@sha256:db9520315f83974cb5b8f2a8ed89a8a2be3d97d29575f54cbe4b5cc5e6daf5a5
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: US/Central value: America/Chicago
- name: PUID - name: PUID
value: "1001" value: "1001"
- name: PGID - name: PGID
@@ -36,12 +38,11 @@ tdarr:
value: "8265" value: "8265"
resources: resources:
requests: requests:
cpu: 200m cpu: 500m
memory: 1Gi memory: 2Gi
node: node:
type: statefulset type: statefulset
replicas: 3 replicas: 3
revisionHistoryLimit: 3
statefulset: statefulset:
volumeClaimTemplates: volumeClaimTemplates:
- name: transcode-cache - name: transcode-cache
@@ -67,11 +68,10 @@ tdarr:
main: main:
image: image:
repository: ghcr.io/haveagitgat/tdarr_node repository: ghcr.io/haveagitgat/tdarr_node
tag: 2.67.01 tag: 2.68.01@sha256:6359991d297ec23e2a5fe3a6b5b19c65d9eabdc63172d2cbe6aa576bbe5356c2
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: US/Central value: America/Chicago
- name: PUID - name: PUID
value: "1001" value: "1001"
- name: PGID - name: PGID
@@ -96,7 +96,7 @@ tdarr:
requests: requests:
gpu.intel.com/i915: 1 gpu.intel.com/i915: 1
cpu: 10m cpu: 10m
memory: 512Mi memory: 100Mi
service: service:
api: api:
controller: server controller: server
@@ -104,14 +104,12 @@ tdarr:
http: http:
port: 8266 port: 8266
targetPort: 8266 targetPort: 8266
protocol: HTTP
web: web:
controller: server controller: server
ports: ports:
http: http:
port: 8265 port: 8265
targetPort: 8265 targetPort: 8265
protocol: HTTP
route: route:
main: main:
kind: HTTPRoute kind: HTTPRoute
@@ -124,11 +122,8 @@ tdarr:
- tdarr.alexlebens.net - tdarr.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- group: '' - name: tdarr-web
kind: Service
name: tdarr-web
port: 8265 port: 8265
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -139,7 +134,6 @@ tdarr:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 50Gi size: 50Gi
retain: true
advancedMounts: advancedMounts:
server: server:
main: main:
@@ -150,7 +144,6 @@ tdarr:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 50Gi size: 50Gi
retain: true
advancedMounts: advancedMounts:
server: server:
main: main:
@@ -177,8 +170,7 @@ tdarr:
tdarr-exporter: tdarr-exporter:
image: image:
name: homeylab/tdarr-exporter name: homeylab/tdarr-exporter
# renovate: datasource=docker depName=homeylab/tdarr-exporter tag: 1.4.3@sha256:88254cb505bfff20e86e04fa23a71789a411e7939e3bcbccbd5ef397ff91d052
tag: 1.4.3
metrics: metrics:
serviceMonitor: serviceMonitor:
enabled: true enabled: true
@@ -188,8 +180,8 @@ tdarr-exporter:
verify_ssl: false verify_ssl: false
resources: resources:
requests: requests:
cpu: 10m cpu: 1m
memory: 256Mi memory: 10Mi
volsync-target-config: volsync-target-config:
pvcTarget: tdarr-config pvcTarget: tdarr-config
local: local:

7
clusters/cl01tl/helm/traefik/Chart.yaml
View File

@@ -5,12 +5,11 @@ description: Traefik
keywords: keywords:
- traefik - traefik
- reverse-proxy - reverse-proxy
- tls home: https://docs.alexlebens.dev/applications/traefik/
- kubernetes
home: https://wiki.alexlebens.dev/s/541ec45c-6cf7-4be6-bb08-63cab175e7cb
sources: sources:
- https://github.com/traefik/traefik - https://github.com/traefik/traefik
- https://github.com/traefik/traefik-helm-chart - https://github.com/traefik/traefik-helm-chart/tree/master/traefik
- https://github.com/traefik/traefik-helm-chart/tree/master/traefik-crds
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:

38
clusters/cl01tl/helm/traefik/values.yaml
View File

@@ -1,4 +1,8 @@
traefik: traefik:
image:
registry: docker.io
repository: traefik
tag: v3.6.13@sha256:abb4f51887319c9b9d9cfe1d3cdf9379a771138003bf683f10e97697e148f95f
deployment: deployment:
kind: DaemonSet kind: DaemonSet
ingressClass: ingressClass:
@@ -39,6 +43,11 @@ traefik:
enabled: true enabled: true
matchRule: (Host(`traefik-cl01tl.alexlebens.net`) && (PathPrefix(`/api/`) || PathPrefix(`/dashboard/`))) matchRule: (Host(`traefik-cl01tl.alexlebens.net`) && (PathPrefix(`/api/`) || PathPrefix(`/dashboard/`)))
entryPoints: ["websecure"] entryPoints: ["websecure"]
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
providers: providers:
kubernetesCRD: kubernetesCRD:
allowCrossNamespace: true allowCrossNamespace: true
@@ -58,8 +67,23 @@ traefik:
serviceMonitor: serviceMonitor:
enabled: true enabled: true
prometheusRule: prometheusRule:
enabled: false enabled: true
rules:
- alert: TraefikDown
expr: up{job="traefik"} == 0
for: 5m
labels:
context: traefik
severity: warning
annotations:
summary: "Traefik Down"
description: "{{ $labels.pod }} on {{ $labels.nodename }} is down"
global:
checkNewVersion: false
ports: ports:
traefik:
expose:
default: false
web: web:
port: 8000 port: 8000
expose: expose:
@@ -77,14 +101,12 @@ traefik:
- 172.16.0.0/16 - 172.16.0.0/16
- 192.168.0.0/16 - 192.168.0.0/16
- fc00::/7 - fc00::/7
insecure: false
proxyProtocol: proxyProtocol:
trustedIPs: trustedIPs:
- 10.0.0.0/8 - 10.0.0.0/8
- 172.16.0.0/16 - 172.16.0.0/16
- 192.168.0.0/16 - 192.168.0.0/16
- fc00::/7 - fc00::/7
insecure: false
websecure: websecure:
port: 8443 port: 8443
expose: expose:
@@ -102,22 +124,18 @@ traefik:
allowEncodedPercent: true allowEncodedPercent: true
allowEncodedQuestionMark: true allowEncodedQuestionMark: true
allowEncodedHash: true allowEncodedHash: true
tls:
enabled: true
forwardedHeaders: forwardedHeaders:
trustedIPs: trustedIPs:
- 10.0.0.0/8 - 10.0.0.0/8
- 172.16.0.0/16 - 172.16.0.0/16
- 192.168.0.0/16 - 192.168.0.0/16
- fc00::/7 - fc00::/7
insecure: false
proxyProtocol: proxyProtocol:
trustedIPs: trustedIPs:
- 10.0.0.0/8 - 10.0.0.0/8
- 172.16.0.0/16 - 172.16.0.0/16
- 192.168.0.0/16 - 192.168.0.0/16
- fc00::/7 - fc00::/7
insecure: false
ssh: ssh:
port: 22 port: 22
expose: expose:
@@ -129,14 +147,12 @@ traefik:
- 172.16.0.0/16 - 172.16.0.0/16
- 192.168.0.0/16 - 192.168.0.0/16
- fc00::/7 - fc00::/7
insecure: false
proxyProtocol: proxyProtocol:
trustedIPs: trustedIPs:
- 10.0.0.0/8 - 10.0.0.0/8
- 172.16.0.0/16 - 172.16.0.0/16
- 192.168.0.0/16 - 192.168.0.0/16
- fc00::/7 - fc00::/7
insecure: false
metrics: metrics:
expose: expose:
default: false default: false
@@ -145,6 +161,10 @@ traefik:
type: LoadBalancer type: LoadBalancer
externalIPs: externalIPs:
- 10.232.1.21 - 10.232.1.21
resources:
requests:
cpu: 10m
memory: 100Mi
traefik-crds: traefik-crds:
enabled: true enabled: true
traefik: true traefik: true

6
clusters/cl01tl/helm/tubearchivist/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0 version: 0.5.0
digest: sha256:39a57c1505ed39180cffe9153ce69233c2376ba62c9287bc411071cf986f44de digest: sha256:bbceeb6ebc7a358798e706280aa2eaba8b47b018ea0fb736b30ece5419979c4e
generated: "2026-03-09T23:08:53.501770729Z" generated: "2026-04-07T19:36:53.116343-05:00"

12
clusters/cl01tl/helm/tubearchivist/Chart.yaml
View File

@@ -4,15 +4,17 @@ version: 1.0.0
description: Tube Archivist description: Tube Archivist
keywords: keywords:
- tubearchivist - tubearchivist
- download
- video - video
- youtube home: https://docs.alexlebens.dev/applications/tubearchivist/
home: https://wiki.alexlebens.dev/s/9a5f89bb-3cae-43ab-b651-d39f69a05e93
sources: sources:
- https://github.com/tubearchivist/tubearchivist - https://github.com/tubearchivist/tubearchivist
- https://github.com/elastic/elasticsearch - https://github.com/Brainicism/bgutil-ytdlp-pot-provider
- https://github.com/qdm12/gluetun
- https://hub.docker.com/r/bbilly1/tubearchivist - https://hub.docker.com/r/bbilly1/tubearchivist
- https://hub.docker.com/r/brainicism/bgutil-ytdlp-pot-provider
- https://github.com/qdm12/gluetun/pkgs/container/gluetun
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -22,7 +24,7 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: valkey - name: valkey
alias: valkey alias: valkey
version: 0.4.0 version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tube-archivist.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tube-archivist.png
# renovate: datasource=github-releases depName=tubearchivist/tubearchivist # renovate: datasource=github-releases depName=tubearchivist/tubearchivist

2
clusters/cl01tl/helm/tubearchivist/templates/elasticsearch.yaml
View File

@@ -9,7 +9,7 @@ metadata:
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
# renovate: datasource=docker depName=elasticsearch # renovate: datasource=docker depName=elasticsearch
version: 8.19.13 version: 9.3.3
auth: auth:
fileRealm: fileRealm:
- secretName: tubearchivist-elasticsearch-secret - secretName: tubearchivist-elasticsearch-secret

27
clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml
View File

@@ -14,17 +14,11 @@ spec:
data: data:
- secretKey: ELASTIC_PASSWORD - secretKey: ELASTIC_PASSWORD
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/tubearchivist/env key: /cl01tl/tubearchivist/env
metadataPolicy: None
property: ELASTIC_PASSWORD property: ELASTIC_PASSWORD
- secretKey: TA_PASSWORD - secretKey: TA_PASSWORD
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/tubearchivist/env key: /cl01tl/tubearchivist/env
metadataPolicy: None
property: TA_PASSWORD property: TA_PASSWORD
--- ---
@@ -44,24 +38,15 @@ spec:
data: data:
- secretKey: username - secretKey: username
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/tubearchivist/elasticsearch key: /cl01tl/tubearchivist/elasticsearch
metadataPolicy: None
property: username property: username
- secretKey: password - secretKey: password
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/tubearchivist/elasticsearch key: /cl01tl/tubearchivist/elasticsearch
metadataPolicy: None
property: password property: password
- secretKey: roles - secretKey: roles
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/tubearchivist/elasticsearch key: /cl01tl/tubearchivist/elasticsearch
metadataPolicy: None
property: roles property: roles
--- ---
@@ -81,29 +66,17 @@ spec:
data: data:
- secretKey: private-key - secretKey: private-key
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl key: /airvpn/conf/cl01tl
metadataPolicy: None
property: private-key property: private-key
- secretKey: preshared-key - secretKey: preshared-key
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl key: /airvpn/conf/cl01tl
metadataPolicy: None
property: preshared-key property: preshared-key
- secretKey: addresses - secretKey: addresses
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl key: /airvpn/conf/cl01tl
metadataPolicy: None
property: addresses property: addresses
- secretKey: input-ports - secretKey: input-ports
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports property: input-ports

25
clusters/cl01tl/helm/tubearchivist/values.yaml
View File

@@ -4,13 +4,15 @@ tubearchivist:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3 pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers: containers:
main: main:
image: image:
repository: bbilly1/tubearchivist repository: bbilly1/tubearchivist
tag: v0.5.10 tag: v0.5.10@sha256:dfe723cf008520e1758ecc3e59e6ea8761dd10d5bb099cd87289e80f5bd66567
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago
@@ -40,13 +42,11 @@ tubearchivist:
bgutil: bgutil:
image: image:
repository: brainicism/bgutil-ytdlp-pot-provider repository: brainicism/bgutil-ytdlp-pot-provider
tag: 1.3.1 tag: 1.3.1@sha256:1aaa43a0ca72dfca6a6d2129a0fb4a23465c25adb1b043f8aff829a20825646b
pullPolicy: IfNotPresent
gluetun: gluetun:
image: image:
repository: ghcr.io/qdm12/gluetun repository: ghcr.io/qdm12/gluetun
tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
pullPolicy: IfNotPresent
lifecycle: lifecycle:
postStart: postStart:
exec: exec:
@@ -106,8 +106,6 @@ tubearchivist:
devic.es/tun: "1" devic.es/tun: "1"
requests: requests:
devic.es/tun: "1" devic.es/tun: "1"
cpu: 10m
memory: 128Mi
service: service:
main: main:
controller: main controller: main
@@ -115,7 +113,6 @@ tubearchivist:
http: http:
port: 80 port: 80
targetPort: 24000 targetPort: 24000
protocol: HTTP
route: route:
main: main:
kind: HTTPRoute kind: HTTPRoute
@@ -128,11 +125,8 @@ tubearchivist:
- tubearchivist.alexlebens.net - tubearchivist.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- group: '' - name: tubearchivist
kind: Service
name: tubearchivist
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -142,7 +136,6 @@ tubearchivist:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 40Gi size: 40Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -157,10 +150,6 @@ tubearchivist:
readOnly: false readOnly: false
valkey: valkey:
valkey: valkey:
resources:
requests:
cpu: 100m
memory: 1Gi
dataStorage: dataStorage:
requestedSize: 10Gi requestedSize: 10Gi
replica: replica:

2
clusters/cl01tl/helm/unpackerr/Chart.yaml
View File

@@ -6,7 +6,7 @@ keywords:
- unpackerr - unpackerr
- archive - archive
- servarr - servarr
home: https://wiki.alexlebens.dev/s/7d3193ee-4ca3-4477-bdb0-44f2258bc088 home: https://docs.alexlebens.dev/applications/unpackerr/
sources: sources:
- https://github.com/Unpackerr/unpackerr - https://github.com/Unpackerr/unpackerr
- https://hub.docker.com/r/golift/unpackerr - https://hub.docker.com/r/golift/unpackerr

24
clusters/cl01tl/helm/unpackerr/templates/external-secret.yaml
View File

@@ -14,57 +14,33 @@ spec:
data: data:
- secretKey: UN_SONARR_0_API_KEY - secretKey: UN_SONARR_0_API_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/sonarr4/key key: /cl01tl/sonarr4/key
metadataPolicy: None
property: key property: key
- secretKey: UN_SONARR_1_API_KEY - secretKey: UN_SONARR_1_API_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/sonarr4-4k/key key: /cl01tl/sonarr4-4k/key
metadataPolicy: None
property: key property: key
- secretKey: UN_SONARR_2_API_KEY - secretKey: UN_SONARR_2_API_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/sonarr4-anime/key key: /cl01tl/sonarr4-anime/key
metadataPolicy: None
property: key property: key
- secretKey: UN_RADARR_0_API_KEY - secretKey: UN_RADARR_0_API_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/radarr5/key key: /cl01tl/radarr5/key
metadataPolicy: None
property: key property: key
- secretKey: UN_RADARR_1_API_KEY - secretKey: UN_RADARR_1_API_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/radarr5-4k/key key: /cl01tl/radarr5-4k/key
metadataPolicy: None
property: key property: key
- secretKey: UN_RADARR_2_API_KEY - secretKey: UN_RADARR_2_API_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/radarr5-anime/key key: /cl01tl/radarr5-anime/key
metadataPolicy: None
property: key property: key
- secretKey: UN_RADARR_3_API_KEY - secretKey: UN_RADARR_3_API_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/radarr5-standup/key key: /cl01tl/radarr5-standup/key
metadataPolicy: None
property: key property: key
- secretKey: UN_LIDARR_0_API_KEY - secretKey: UN_LIDARR_0_API_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/lidarr2/key key: /cl01tl/lidarr2/key
metadataPolicy: None
property: key property: key

12
clusters/cl01tl/helm/unpackerr/values.yaml
View File

@@ -4,16 +4,18 @@ unpackerr:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3 pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers: containers:
main: main:
image: image:
repository: golift/unpackerr repository: golift/unpackerr
tag: 0.15.2 tag: 0.15.2@sha256:057e34740d26c34d81ec8e2faf8ec11f8dbfc77489b7a42826f52b37e5ee1b6c
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: US/Central value: America/Chicago
- name: UN_WEBSERVER_METRICS - name: UN_WEBSERVER_METRICS
value: true value: true
- name: UN_SONARR_0_URL - name: UN_SONARR_0_URL
@@ -54,7 +56,7 @@ unpackerr:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 128Mi memory: 10Mi
persistence: persistence:
storage: storage:
existingClaim: unpackerr-nfs-storage existingClaim: unpackerr-nfs-storage

5
clusters/cl01tl/helm/unpoller/Chart.yaml
View File

@@ -5,9 +5,8 @@ description: Unpoller
keywords: keywords:
- unpoller - unpoller
- ubiquiti - ubiquiti
- unifi
- metrics - metrics
home: https://wiki.alexlebens.dev/s/cac4e7b1-3d8e-4a32-993c-c6b3f1d2c344 home: https://docs.alexlebens.dev/applications/unpoller/
sources: sources:
- https://github.com/unpoller/unpoller - https://github.com/unpoller/unpoller
- https://github.com/unpoller/unpoller/pkgs/container/unpoller - https://github.com/unpoller/unpoller/pkgs/container/unpoller
@@ -19,6 +18,6 @@ dependencies:
alias: unpoller alias: unpoller
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
icon: https://camo.githubusercontent.com/c5d07a5b3acfeac8e1c25bf56f440ffe032b86e4e7f15de82357f022a43fc927/68747470733a2f2f756e706f6c6c65722e636f6d2f696d672f6c6f676f2e706e67 icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/ubiquiti-unifi.png
# renovate: datasource=github-releases depName=unpoller/unpoller # renovate: datasource=github-releases depName=unpoller/unpoller
appVersion: v2.39.0 appVersion: v2.39.0

6
clusters/cl01tl/helm/unpoller/templates/external-secret.yaml
View File

@@ -14,15 +14,9 @@ spec:
data: data:
- secretKey: UP_UNIFI_CONTROLLER_0_USER - secretKey: UP_UNIFI_CONTROLLER_0_USER
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /unifi/auth/cl01tl key: /unifi/auth/cl01tl
metadataPolicy: None
property: user property: user
- secretKey: UP_UNIFI_CONTROLLER_0_PASS - secretKey: UP_UNIFI_CONTROLLER_0_PASS
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /unifi/auth/cl01tl key: /unifi/auth/cl01tl
metadataPolicy: None
property: password property: password

11
clusters/cl01tl/helm/unpoller/values.yaml
View File

@@ -4,16 +4,14 @@ unpoller:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: ghcr.io/unpoller/unpoller repository: ghcr.io/unpoller/unpoller
tag: v2.39.0 tag: v2.39.0@sha256:1cf63ad43121acc6995da1bd636063de9023b4bfc16599a4297951a6fb6b7fd2
pullPolicy: IfNotPresent
env: env:
- name: UP_UNIFI_CONTROLLER_0_SAVE_ALARMS - name: UP_UNIFI_CONTROLLER_0_SAVE_ALARMS
value: 'false' value: 'true'
- name: UP_UNIFI_CONTROLLER_0_SAVE_ANOMALIES - name: UP_UNIFI_CONTROLLER_0_SAVE_ANOMALIES
value: 'false' value: 'false'
- name: UP_UNIFI_CONTROLLER_0_SAVE_DPI - name: UP_UNIFI_CONTROLLER_0_SAVE_DPI
@@ -21,7 +19,7 @@ unpoller:
- name: UP_UNIFI_CONTROLLER_0_SAVE_EVENTS - name: UP_UNIFI_CONTROLLER_0_SAVE_EVENTS
value: 'false' value: 'false'
- name: UP_UNIFI_CONTROLLER_0_SAVE_IDS - name: UP_UNIFI_CONTROLLER_0_SAVE_IDS
value: 'false' value: 'true'
- name: UP_UNIFI_CONTROLLER_0_SAVE_SITES - name: UP_UNIFI_CONTROLLER_0_SAVE_SITES
value: 'true' value: 'true'
- name: UP_UNIFI_CONTROLLER_0_URL - name: UP_UNIFI_CONTROLLER_0_URL
@@ -44,7 +42,7 @@ unpoller:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 64Mi memory: 20Mi
service: service:
main: main:
controller: main controller: main
@@ -52,7 +50,6 @@ unpoller:
metrics: metrics:
port: 9130 port: 9130
targetPort: 9130 targetPort: 9130
protocol: TCP
serviceMonitor: serviceMonitor:
main: main:
selector: selector:

4
clusters/cl01tl/helm/vault/Chart.yaml
View File

@@ -5,7 +5,7 @@ description: Vault
keywords: keywords:
- vault - vault
- secrets - secrets
home: https://wiki.alexlebens.dev/s/5e40fae1-53a5-4bd0-9953-6fcbe88f1987 home: https://docs.alexlebens.dev/applications/vault/
sources: sources:
- https://github.com/hashicorp/vault - https://github.com/hashicorp/vault
- https://github.com/Angatar/s3cmd - https://github.com/Angatar/s3cmd
@@ -29,6 +29,6 @@ dependencies:
alias: unseal alias: unseal
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/vault.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/hashicorp-vault.png
# renovate: datasource=github-releases depName=hashicorp/vault # renovate: datasource=github-releases depName=hashicorp/vault
appVersion: 1.21.4 appVersion: 1.21.4

132
clusters/cl01tl/helm/vault/templates/external-secret.yaml
View File

@@ -14,17 +14,11 @@ spec:
data: data:
- secretKey: VAULT_APPROLE_ROLE_ID - secretKey: VAULT_APPROLE_ROLE_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/snapshot key: /cl01tl/vault/snapshot
metadataPolicy: None
property: VAULT_APPROLE_ROLE_ID property: VAULT_APPROLE_ROLE_ID
- secretKey: VAULT_APPROLE_SECRET_ID - secretKey: VAULT_APPROLE_SECRET_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/snapshot key: /cl01tl/vault/snapshot
metadataPolicy: None
property: VAULT_APPROLE_SECRET_ID property: VAULT_APPROLE_SECRET_ID
--- ---
@@ -44,17 +38,11 @@ spec:
data: data:
- secretKey: .s3cfg - secretKey: .s3cfg
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/vault-backups key: /garage/home-infra/vault-backups
metadataPolicy: None
property: s3cfg-local property: s3cfg-local
- secretKey: BUCKET - secretKey: BUCKET
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/vault-backups key: /garage/home-infra/vault-backups
metadataPolicy: None
property: BUCKET property: BUCKET
--- ---
@@ -74,17 +62,11 @@ spec:
data: data:
- secretKey: .s3cfg - secretKey: .s3cfg
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/vault-backups key: /garage/home-infra/vault-backups
metadataPolicy: None
property: s3cfg-remote property: s3cfg-remote
- secretKey: BUCKET - secretKey: BUCKET
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/vault-backups key: /garage/home-infra/vault-backups
metadataPolicy: None
property: BUCKET property: BUCKET
--- ---
@@ -104,17 +86,11 @@ spec:
data: data:
- secretKey: .s3cfg - secretKey: .s3cfg
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/vault-backup key: /digital-ocean/home-infra/vault-backup
metadataPolicy: None
property: s3cfg property: s3cfg
- secretKey: BUCKET - secretKey: BUCKET
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/vault-backup key: /digital-ocean/home-infra/vault-backup
metadataPolicy: None
property: BUCKET property: BUCKET
--- ---
@@ -134,24 +110,15 @@ spec:
data: data:
- secretKey: NTFY_TOKEN - secretKey: NTFY_TOKEN
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /ntfy/user/cl01tl key: /ntfy/user/cl01tl
metadataPolicy: None
property: token property: token
- secretKey: NTFY_ENDPOINT - secretKey: NTFY_ENDPOINT
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /ntfy/user/cl01tl key: /ntfy/user/cl01tl
metadataPolicy: None
property: endpoint property: endpoint
- secretKey: NTFY_TOPIC - secretKey: NTFY_TOPIC
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/snapshot key: /cl01tl/vault/snapshot
metadataPolicy: None
property: NTFY_TOPIC property: NTFY_TOPIC
--- ---
@@ -171,66 +138,39 @@ spec:
data: data:
- secretKey: ENVIRONMENT - secretKey: ENVIRONMENT
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: ENVIRONMENT property: ENVIRONMENT
- secretKey: CHECK_INTERVAL - secretKey: CHECK_INTERVAL
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: CHECK_INTERVAL property: CHECK_INTERVAL
- secretKey: MAX_CHECK_INTERVAL - secretKey: MAX_CHECK_INTERVAL
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: MAX_CHECK_INTERVAL property: MAX_CHECK_INTERVAL
- secretKey: NODES - secretKey: NODES
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: NODES property: NODES
- secretKey: TLS_SKIP_VERIFY - secretKey: TLS_SKIP_VERIFY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: TLS_SKIP_VERIFY property: TLS_SKIP_VERIFY
- secretKey: TOKENS - secretKey: TOKENS
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: TOKENS property: TOKENS
- secretKey: EMAIL_ENABLED - secretKey: EMAIL_ENABLED
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: EMAIL_ENABLED property: EMAIL_ENABLED
- secretKey: NOTIFY_MAX_ELAPSED - secretKey: NOTIFY_MAX_ELAPSED
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: NOTIFY_MAX_ELAPSED property: NOTIFY_MAX_ELAPSED
- secretKey: NOTIFY_QUEUE_DELAY - secretKey: NOTIFY_QUEUE_DELAY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: NOTIFY_QUEUE_DELAY property: NOTIFY_QUEUE_DELAY
--- ---
@@ -250,66 +190,39 @@ spec:
data: data:
- secretKey: ENVIRONMENT - secretKey: ENVIRONMENT
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: ENVIRONMENT property: ENVIRONMENT
- secretKey: CHECK_INTERVAL - secretKey: CHECK_INTERVAL
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: CHECK_INTERVAL property: CHECK_INTERVAL
- secretKey: MAX_CHECK_INTERVAL - secretKey: MAX_CHECK_INTERVAL
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: MAX_CHECK_INTERVAL property: MAX_CHECK_INTERVAL
- secretKey: NODES - secretKey: NODES
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: NODES property: NODES
- secretKey: TLS_SKIP_VERIFY - secretKey: TLS_SKIP_VERIFY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: TLS_SKIP_VERIFY property: TLS_SKIP_VERIFY
- secretKey: TOKENS - secretKey: TOKENS
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: TOKENS property: TOKENS
- secretKey: EMAIL_ENABLED - secretKey: EMAIL_ENABLED
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: EMAIL_ENABLED property: EMAIL_ENABLED
- secretKey: NOTIFY_MAX_ELAPSED - secretKey: NOTIFY_MAX_ELAPSED
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: NOTIFY_MAX_ELAPSED property: NOTIFY_MAX_ELAPSED
- secretKey: NOTIFY_QUEUE_DELAY - secretKey: NOTIFY_QUEUE_DELAY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: NOTIFY_QUEUE_DELAY property: NOTIFY_QUEUE_DELAY
--- ---
@@ -329,66 +242,39 @@ spec:
data: data:
- secretKey: ENVIRONMENT - secretKey: ENVIRONMENT
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: ENVIRONMENT property: ENVIRONMENT
- secretKey: CHECK_INTERVAL - secretKey: CHECK_INTERVAL
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: CHECK_INTERVAL property: CHECK_INTERVAL
- secretKey: MAX_CHECK_INTERVAL - secretKey: MAX_CHECK_INTERVAL
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: MAX_CHECK_INTERVAL property: MAX_CHECK_INTERVAL
- secretKey: NODES - secretKey: NODES
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: NODES property: NODES
- secretKey: TLS_SKIP_VERIFY - secretKey: TLS_SKIP_VERIFY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: TLS_SKIP_VERIFY property: TLS_SKIP_VERIFY
- secretKey: TOKENS - secretKey: TOKENS
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: TOKENS property: TOKENS
- secretKey: EMAIL_ENABLED - secretKey: EMAIL_ENABLED
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: EMAIL_ENABLED property: EMAIL_ENABLED
- secretKey: NOTIFY_MAX_ELAPSED - secretKey: NOTIFY_MAX_ELAPSED
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: NOTIFY_MAX_ELAPSED property: NOTIFY_MAX_ELAPSED
- secretKey: NOTIFY_QUEUE_DELAY - secretKey: NOTIFY_QUEUE_DELAY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: NOTIFY_QUEUE_DELAY property: NOTIFY_QUEUE_DELAY
--- ---
@@ -408,43 +294,25 @@ spec:
data: data:
- secretKey: token - secretKey: token
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/token key: /cl01tl/vault/token
metadataPolicy: None
property: token property: token
- secretKey: unseal_key_1 - secretKey: unseal_key_1
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/token key: /cl01tl/vault/token
metadataPolicy: None
property: unseal_key_1 property: unseal_key_1
- secretKey: unseal_key_2 - secretKey: unseal_key_2
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/token key: /cl01tl/vault/token
metadataPolicy: None
property: unseal_key_2 property: unseal_key_2
- secretKey: unseal_key_3 - secretKey: unseal_key_3
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/token key: /cl01tl/vault/token
metadataPolicy: None
property: unseal_key_3 property: unseal_key_3
- secretKey: unseal_key_4 - secretKey: unseal_key_4
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/token key: /cl01tl/vault/token
metadataPolicy: None
property: unseal_key_4 property: unseal_key_4
- secretKey: unseal_key_5 - secretKey: unseal_key_5
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/token key: /cl01tl/vault/token
metadataPolicy: None
property: unseal_key_5 property: unseal_key_5

1
clusters/cl01tl/helm/vault/templates/http-route.yaml
View File

@@ -25,4 +25,3 @@ spec:
kind: Service kind: Service
name: vault-active name: vault-active
port: 8200 port: 8200
weight: 100

98
clusters/cl01tl/helm/vault/values.yaml
View File

@@ -1,9 +1,5 @@
vault: vault:
global: global:
enabled: true
tlsDisable: true
psp:
enable: false
serverTelemetry: serverTelemetry:
prometheusOperator: true prometheusOperator: true
injector: injector:
@@ -12,23 +8,16 @@ vault:
enabled: true enabled: true
image: image:
repository: hashicorp/vault repository: hashicorp/vault
tag: 1.21.4 tag: 1.21.4@sha256:4e33b126a59c0c333b76fb4e894722462659a6bec7c48c9ee8cea56fccfd2569
updateStrategyType: "RollingUpdate" updateStrategyType: RollingUpdate
logLevel: debug logLevel: debug
logFormat: standard logFormat: standard
resources: resources:
requests: requests:
cpu: 50m cpu: 50m
memory: 512Mi memory: 512Mi
ingress:
enabled: false
route:
enabled: false
authDelegator: authDelegator:
enabled: false enabled: false
readinessProbe:
enabled: true
port: 8200
livenessProbe: livenessProbe:
enabled: false enabled: false
volumes: volumes:
@@ -39,43 +28,17 @@ vault:
- mountPath: /opt/backups/ - mountPath: /opt/backups/
name: vault-storage-backup name: vault-storage-backup
readOnly: false readOnly: false
affinity: |
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/name: {{ template "vault.name" . }}
app.kubernetes.io/instance: "{{ .Release.Name }}"
component: server
topologyKey: kubernetes.io/hostname
networkPolicy:
enabled: false
service:
enabled: true
active:
enabled: true
standby:
enabled: false
type: ClusterIP
port: 8200
targetPort: 8200
dataStorage: dataStorage:
enabled: true
size: 1Gi size: 1Gi
mountPath: "/vault/data" storageClass: ceph-block
accessMode: ReadWriteOnce
auditStorage: auditStorage:
enabled: false enabled: false
size: 5Gi size: 5Gi
mountPath: "/vault/audit" storageClass: ceph-block
accessMode: ReadWriteOnce
dev:
enabled: false
standalone: standalone:
enabled: false enabled: false
ha: ha:
enabled: true enabled: true
replicas: 3
raft: raft:
enabled: true enabled: true
config: | config: |
@@ -109,30 +72,12 @@ vault:
prometheus_retention_time = "30s" prometheus_retention_time = "30s"
disable_hostname = true disable_hostname = true
} }
disruptionBudget: disruptionBudget:
enabled: true enabled: true
maxUnavailable: null maxUnavailable: 1
serviceAccount:
create: true
serviceDiscovery:
enabled: true
hostNetwork: false
ui:
enabled: true
publishNotReadyAddresses: true
activeVaultPodOnly: false
serviceType: "ClusterIP"
serviceNodePort: null
externalPort: 8200
targetPort: 8200
csi:
enabled: false
serverTelemetry: serverTelemetry:
serviceMonitor: serviceMonitor:
enabled: true enabled: true
interval: 30s
scrapeTimeout: 10s
prometheusRules: prometheusRules:
enabled: true enabled: true
rules: rules:
@@ -158,20 +103,15 @@ snapshot:
type: cronjob type: cronjob
cronjob: cronjob:
suspend: false suspend: false
concurrencyPolicy: Forbid timeZone: America/Chicago
timeZone: US/Central
schedule: 0 4 * * * schedule: 0 4 * * *
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 3
backoffLimit: 3 backoffLimit: 3
parallelism: 1 parallelism: 1
initContainers: initContainers:
snapshot: snapshot:
image: image:
repository: hashicorp/vault repository: hashicorp/vault
tag: 1.21.4 tag: 1.21.4@sha256:4e33b126a59c0c333b76fb4e894722462659a6bec7c48c9ee8cea56fccfd2569
pullPolicy: IfNotPresent
command: command:
- /bin/ash - /bin/ash
args: args:
@@ -328,53 +268,47 @@ unseal:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: ghcr.io/lrstanley/vault-unseal repository: ghcr.io/lrstanley/vault-unseal
tag: 0.7.2 tag: 0.7.2@sha256:b25d0c2f6a73d1b9a3907befa473f08fe9fac828d248d7e9702517c5b967733c
pullPolicy: IfNotPresent
envFrom: envFrom:
- secretRef: - secretRef:
name: vault-unseal-config-1 name: vault-unseal-config-1
resources: resources:
requests: requests:
cpu: 10m cpu: 1m
memory: 24Mi memory: 10Mi
unseal-2: unseal-2:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: ghcr.io/lrstanley/vault-unseal repository: ghcr.io/lrstanley/vault-unseal
tag: 0.7.2 tag: 0.7.2@sha256:b25d0c2f6a73d1b9a3907befa473f08fe9fac828d248d7e9702517c5b967733c
pullPolicy: IfNotPresent
envFrom: envFrom:
- secretRef: - secretRef:
name: vault-unseal-config-2 name: vault-unseal-config-2
resources: resources:
requests: requests:
cpu: 10m cpu: 1m
memory: 24Mi memory: 10Mi
unseal-3: unseal-3:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: ghcr.io/lrstanley/vault-unseal repository: ghcr.io/lrstanley/vault-unseal
tag: 0.7.2 tag: 0.7.2@sha256:b25d0c2f6a73d1b9a3907befa473f08fe9fac828d248d7e9702517c5b967733c
pullPolicy: IfNotPresent
envFrom: envFrom:
- secretRef: - secretRef:
name: vault-unseal-config-3 name: vault-unseal-config-3
resources: resources:
requests: requests:
cpu: 10m cpu: 1m
memory: 24Mi memory: 10Mi

6
clusters/cl01tl/helm/vaultwarden/Chart.lock
View File

@@ -7,9 +7,9 @@ dependencies:
version: 2.4.0 version: 2.4.0
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0 version: 7.11.2
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:6f78b41937412c1db5e0f612287d29ea81c1d9169b8a0efd98a0dd4be3e532d1 digest: sha256:1b1949361ed77479733f8634a2ac6d74d4d8ba3144339446f5508643a0b57a31
generated: "2026-03-15T20:10:47.852109985Z" generated: "2026-04-07T20:19:48.079671-05:00"

12
clusters/cl01tl/helm/vaultwarden/Chart.yaml
View File

@@ -4,17 +4,15 @@ version: 1.0.0
description: Vaultwarden description: Vaultwarden
keywords: keywords:
- vaultwarden - vaultwarden
- bitwarden - password-manager
- password home: https://docs.alexlebens.dev/applications/vault/
home: https://wiki.alexlebens.dev/s/fecd00f9-ebce-43eb-b066-3721b15432e3
sources: sources:
- https://github.com/dani-garcia/vaultwarden - https://github.com/dani-garcia/vaultwarden
- https://github.com/cloudflare/cloudflared - https://github.com/dani-garcia/vaultwarden/pkgs/container/vaultwarden
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/vaultwarden/server
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -27,7 +25,7 @@ dependencies:
version: 2.4.0 version: 2.4.0
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.10.0 version: 7.11.2
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target - name: volsync-target
alias: volsync-target-data alias: volsync-target-data

6
clusters/cl01tl/helm/vaultwarden/templates/external-secret.yaml
View File

@@ -14,15 +14,9 @@ spec:
data: data:
- secretKey: client - secretKey: client
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/vaultwarden key: /authentik/oidc/vaultwarden
metadataPolicy: None
property: client property: client
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/vaultwarden key: /authentik/oidc/vaultwarden
metadataPolicy: None
property: secret property: secret

33
clusters/cl01tl/helm/vaultwarden/values.yaml
View File

@@ -4,13 +4,11 @@ vaultwarden:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: vaultwarden/server repository: ghcr.io/dani-garcia/vaultwarden
tag: 1.35.4 tag: 1.35.4@sha256:43498a94b22f9563f2a94b53760ab3e710eefc0d0cac2efda4b12b9eb8690664
pullPolicy: IfNotPresent
env: env:
- name: DOMAIN - name: DOMAIN
value: https://passwords.alexlebens.dev value: https://passwords.alexlebens.dev
@@ -44,7 +42,7 @@ vaultwarden:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 128Mi memory: 30Mi
service: service:
main: main:
controller: main controller: main
@@ -52,14 +50,12 @@ vaultwarden:
http: http:
port: 80 port: 80
targetPort: 80 targetPort: 80
protocol: HTTP
persistence: persistence:
config: config:
forceRename: vaultwarden-data forceRename: vaultwarden-data
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 5Gi size: 5Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -78,35 +74,12 @@ postgres-18-cluster:
destinationBucket: postgres-backups destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 0 0 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-data: volsync-target-data:
pvcTarget: vaultwarden-data pvcTarget: vaultwarden-data
local: local:

1
clusters/cl01tl/helm/version-checker/Chart.yaml
View File

@@ -5,6 +5,7 @@ description: Version Checker
keywords: keywords:
- version-checker - version-checker
- update-tracker - update-tracker
- metrics
home: https://docs.alexlebens.dev/applications/version-checker/ home: https://docs.alexlebens.dev/applications/version-checker/
sources: sources:
- https://github.com/jetstack/version-checker - https://github.com/jetstack/version-checker

16
clusters/cl01tl/helm/version-checker/templates/service-monitor.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: version-checker
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: version-checker
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
selector:
matchLabels:
app: version-checker
endpoints:
- port: web
path: /metrics

3
clusters/cl01tl/helm/version-checker/values.yaml
View File

@@ -10,8 +10,7 @@ version-checker:
resources: resources:
requests: requests:
cpu: 1m cpu: 1m
memory: 40Mi memory: 400Mi
prometheus: prometheus:
enabled: true enabled: true
replicas: 1
serviceAccountName: version-checker-prometheus serviceAccountName: version-checker-prometheus

6
clusters/cl01tl/helm/volsync/Chart.yaml
View File

@@ -5,12 +5,10 @@ description: Volsync
keywords: keywords:
- volsync - volsync
- backup - backup
- storage home: https://docs.alexlebens.dev/applications/volsync/
- s3
- kubernetes
home: https://wiki.alexlebens.dev/s/6858726b-5219-46ee-b9b7-6e1f6c125f6b
sources: sources:
- https://github.com/backube/volsync - https://github.com/backube/volsync
- https://quay.io/repository/backube/volsync?tab=tags
- https://github.com/backube/volsync/tree/main/helm/volsync - https://github.com/backube/volsync/tree/main/helm/volsync
maintainers: maintainers:
- name: alexlebens - name: alexlebens

16
clusters/cl01tl/helm/volsync/values.yaml
View File

@@ -1,15 +1,15 @@
volsync: volsync:
replicaCount: 2 replicaCount: 2
image:
repository: quay.io/backube/volsync
tag: 0.15.0@sha256:4fedd41b3101dde090542009c4177f703d241bf4760d1767bd9df08fd8fd93a4
manageCRDs: true manageCRDs: true
metrics: metrics:
disableAuth: true disableAuth: true
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
resources: resources:
limits:
cpu: null
memory: null
requests: requests:
cpu: 10m cpu: 1m
memory: 128Mi memory: 80Mi

5
clusters/cl01tl/helm/whodb/Chart.yaml
View File

@@ -4,9 +4,8 @@ version: 1.0.0
description: WhoDB description: WhoDB
keywords: keywords:
- whodb - whodb
- postgresql - database-dashboard
- database home: https://docs.alexlebens.dev/applications/whodb/
home: https://wiki.alexlebens.dev/s/f329e026-7ade-4a3c-a5f1-1ac1492b9786
sources: sources:
- https://github.com/clidey/whodb - https://github.com/clidey/whodb
- https://hub.docker.com/r/clidey/whodb - https://hub.docker.com/r/clidey/whodb

14
clusters/cl01tl/helm/whodb/values.yaml
View File

@@ -3,13 +3,11 @@ whodb:
main: main:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate
containers: containers:
main: main:
image: image:
repository: clidey/whodb repository: clidey/whodb
tag: 0.104.0 tag: 0.104.0@sha256:ab485c021b862aac50bb88658f3342ca01d3eba33e933353692bc9989b2912c4
pullPolicy: IfNotPresent
env: env:
- name: WHODB_OLLAMA_HOST - name: WHODB_OLLAMA_HOST
value: ollama-server-2.ollama value: ollama-server-2.ollama
@@ -17,8 +15,8 @@ whodb:
value: 11434 value: 11434
resources: resources:
requests: requests:
cpu: 10m cpu: 1m
memory: 256Mi memory: 20Mi
service: service:
main: main:
controller: main controller: main
@@ -26,7 +24,6 @@ whodb:
http: http:
port: 80 port: 80
targetPort: 8080 targetPort: 8080
protocol: TCP
route: route:
main: main:
kind: HTTPRoute kind: HTTPRoute
@@ -39,11 +36,8 @@ whodb:
- whodb.alexlebens.net - whodb.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- group: '' - name: whodb
kind: Service
name: whodb
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix

8
clusters/cl01tl/helm/yamtrack/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0 version: 7.11.2
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0 version: 0.5.0
digest: sha256:71da007e1cef75e45b1678caa51b0d2317cb8f4dfdf7df675d534194f03650aa digest: sha256:473de03f0404ca8c53e85ea2a22797a8ba040102c6dca977face60f81f3130e4
generated: "2026-03-15T20:11:03.591727143Z" generated: "2026-04-07T20:57:56.63402-05:00"

11
clusters/cl01tl/helm/yamtrack/Chart.yaml
View File

@@ -4,15 +4,14 @@ version: 1.0.0
description: Yamtrack description: Yamtrack
keywords: keywords:
- yamtrack - yamtrack
- media - media-tracking
- jellyfin home: https://docs.alexlebens.dev/applications/yamtrack/
home: https://wiki.alexlebens.dev/s/74f31779-734e-42d0-852e-efd57ebdc797
sources: sources:
- https://github.com/FuzzyGrim/Yamtrack - https://github.com/FuzzyGrim/Yamtrack
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/FuzzyGrim/Yamtrack/pkgs/container/yamtrack - https://github.com/FuzzyGrim/Yamtrack/pkgs/container/yamtrack
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -22,11 +21,11 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.10.0 version: 7.11.2
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey alias: valkey
version: 0.4.0 version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/yamtrack.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/yamtrack.png
# renovate: datasource=github-releases depName=FuzzyGrim/Yamtrack # renovate: datasource=github-releases depName=FuzzyGrim/Yamtrack

6
clusters/cl01tl/helm/yamtrack/templates/external-secret.yaml
View File

@@ -14,10 +14,7 @@ spec:
data: data:
- secretKey: SECRET - secretKey: SECRET
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/yamtrack/config key: /cl01tl/yamtrack/config
metadataPolicy: None
property: SECRET property: SECRET
--- ---
@@ -37,8 +34,5 @@ spec:
data: data:
- secretKey: SOCIALACCOUNT_PROVIDERS - secretKey: SOCIALACCOUNT_PROVIDERS
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/yamtrack key: /authentik/oidc/yamtrack
metadataPolicy: None
property: SOCIALACCOUNT_PROVIDERS property: SOCIALACCOUNT_PROVIDERS

37
clusters/cl01tl/helm/yamtrack/values.yaml
View File

@@ -4,16 +4,14 @@ yamtrack:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: ghcr.io/fuzzygrim/yamtrack repository: ghcr.io/fuzzygrim/yamtrack
tag: 0.25.0 tag: 0.25.0@sha256:df76008258452a6cda73d971dc4ffbcbca96c5220154a02c9b70bf0bb0e24931
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: US/Central value: America/Chicago
- name: URLS - name: URLS
value: https://yamtrack.alexlebens.net value: https://yamtrack.alexlebens.net
- name: REGISTRATION - name: REGISTRATION
@@ -60,7 +58,7 @@ yamtrack:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 256Mi memory: 380Mi
service: service:
main: main:
controller: main controller: main
@@ -68,7 +66,6 @@ yamtrack:
http: http:
port: 80 port: 80
targetPort: 8000 targetPort: 8000
protocol: HTTP
route: route:
main: main:
kind: HTTPRoute kind: HTTPRoute
@@ -81,11 +78,8 @@ yamtrack:
- yamtrack.alexlebens.net - yamtrack.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- group: '' - name: yamtrack
kind: Service
name: yamtrack
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -103,32 +97,9 @@ postgres-18-cluster:
destinationBucket: postgres-backups destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 10 16 * * *" schedule: "0 10 16 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external

5
clusters/cl01tl/helm/yubal/Chart.yaml
View File

@@ -5,11 +5,11 @@ description: yubal
keywords: keywords:
- yubal - yubal
- music - music
- youtube home: https://docs.alexlebens.dev/applications/yamtrack/
home: https://wiki.alexlebens.dev/s/
sources: sources:
- https://github.com/guillevc/yubal - https://github.com/guillevc/yubal
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -21,5 +21,6 @@ dependencies:
alias: volsync-target-config alias: volsync-target-config
version: 0.8.0 version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/yubal.png
# renovate: datasource=github-releases depName=guillevc/yubal # renovate: datasource=github-releases depName=guillevc/yubal
appVersion: v0.7.2 appVersion: v0.7.2

42
clusters/cl01tl/helm/yubal/templates/external-secret.yaml
View File

@@ -1,42 +0,0 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: yubal-wireguard-conf
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: yubal-wireguard-conf
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: private-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: preshared-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: preshared-key
- secretKey: addresses
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports

11
clusters/cl01tl/helm/yubal/templates/namespace.yaml
View File

@@ -1,11 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: yubal
labels:
app.kubernetes.io/name: yubal
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

12
clusters/cl01tl/helm/yubal/values.yaml
View File

@@ -4,18 +4,17 @@ yubal:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
pod: pod:
securityContext: securityContext:
runAsUser: 1000 runAsUser: 1000
runAsGroup: 1000 runAsGroup: 1000
fsGroup: 1000 fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers: containers:
main: main:
image: image:
repository: ghcr.io/guillevc/yubal repository: ghcr.io/guillevc/yubal
tag: 0.7.2@sha256:906b7c90b738e77ad140178f6a5145f98c12af36e8321d427148c092836c37be tag: 0.7.2@sha256:906b7c90b738e77ad140178f6a5145f98c12af36e8321d427148c092836c37be
pullPolicy: IfNotPresent
env: env:
- name: YUBAL_TZ - name: YUBAL_TZ
value: America/Chicago value: America/Chicago
@@ -28,7 +27,7 @@ yubal:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 128Mi memory: 200Mi
service: service:
main: main:
controller: main controller: main
@@ -36,7 +35,6 @@ yubal:
http: http:
port: 80 port: 80
targetPort: 8000 targetPort: 8000
protocol: HTTP
route: route:
main: main:
kind: HTTPRoute kind: HTTPRoute
@@ -49,11 +47,8 @@ yubal:
- yubal.alexlebens.net - yubal.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- group: '' - name: yubal
kind: Service
name: yubal
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -64,7 +59,6 @@ yubal:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 1Gi size: 1Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:

2
hosts/ps08rp/blocky/compose.yaml
View File

@@ -1,7 +1,7 @@
--- ---
services: services:
tailscale-blocky: tailscale-blocky:
image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1 image: ghcr.io/tailscale/tailscale:v1.96.5@sha256:dbeff02d2337344b351afac203427218c4d0a06c43fc10a865184063498472a6
container_name: tailscale-blocky container_name: tailscale-blocky
cap_add: cap_add:
- net_admin - net_admin

2
hosts/ps08rp/blocky/config.yml
View File

@@ -86,7 +86,6 @@ customDNS:
bazarr IN CNAME traefik-cl01tl bazarr IN CNAME traefik-cl01tl
ceph IN CNAME traefik-cl01tl ceph IN CNAME traefik-cl01tl
dawarich IN CNAME traefik-cl01tl dawarich IN CNAME traefik-cl01tl
dependency-track IN CNAME traefik-cl01tl
directus IN CNAME traefik-cl01tl directus IN CNAME traefik-cl01tl
excalidraw IN CNAME traefik-cl01tl excalidraw IN CNAME traefik-cl01tl
feishin IN CNAME traefik-cl01tl feishin IN CNAME traefik-cl01tl
@@ -109,6 +108,7 @@ customDNS:
jellystat IN CNAME traefik-cl01tl jellystat IN CNAME traefik-cl01tl
kiwix IN CNAME traefik-cl01tl kiwix IN CNAME traefik-cl01tl
komodo IN CNAME traefik-cl01tl komodo IN CNAME traefik-cl01tl
kyoo IN CNAME traefik-cl01tl
languagetool IN CNAME traefik-cl01tl languagetool IN CNAME traefik-cl01tl
lidarr IN CNAME traefik-cl01tl lidarr IN CNAME traefik-cl01tl
mail IN CNAME traefik-cl01tl mail IN CNAME traefik-cl01tl

2
hosts/ps08rp/traefik/compose.yaml
View File

@@ -1,7 +1,7 @@
--- ---
services: services:
traefik: traefik:
image: ghcr.io/traefik/traefik:v3.6.12@sha256:171c9c3565b29f6c133f1c1b43c5d4e5853415198e9e1078c001f8702ff66aec image: ghcr.io/traefik/traefik:v3.6.13@sha256:abb4f51887319c9b9d9cfe1d3cdf9379a771138003bf683f10e97697e148f95f
container_name: traefik container_name: traefik
command: command:
- "--global.checkNewVersion=false" - "--global.checkNewVersion=false"

2
hosts/ps09rp/blocky/compose.yaml
View File

@@ -1,7 +1,7 @@
--- ---
services: services:
tailscale-blocky: tailscale-blocky:
image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1 image: ghcr.io/tailscale/tailscale:v1.96.5@sha256:dbeff02d2337344b351afac203427218c4d0a06c43fc10a865184063498472a6
container_name: tailscale-blocky container_name: tailscale-blocky
cap_add: cap_add:
- net_admin - net_admin

2
hosts/ps09rp/blocky/config.yml
View File

@@ -107,7 +107,6 @@ customDNS:
bazarr IN CNAME traefik-cl01tl bazarr IN CNAME traefik-cl01tl
ceph IN CNAME traefik-cl01tl ceph IN CNAME traefik-cl01tl
dawarich IN CNAME traefik-cl01tl dawarich IN CNAME traefik-cl01tl
dependency-track IN CNAME traefik-cl01tl
directus IN CNAME traefik-cl01tl directus IN CNAME traefik-cl01tl
excalidraw IN CNAME traefik-cl01tl excalidraw IN CNAME traefik-cl01tl
feishin IN CNAME traefik-cl01tl feishin IN CNAME traefik-cl01tl
@@ -130,6 +129,7 @@ customDNS:
jellystat IN CNAME traefik-cl01tl jellystat IN CNAME traefik-cl01tl
kiwix IN CNAME traefik-cl01tl kiwix IN CNAME traefik-cl01tl
komodo IN CNAME traefik-cl01tl komodo IN CNAME traefik-cl01tl
kyoo IN CNAME traefik-cl01tl
languagetool IN CNAME traefik-cl01tl languagetool IN CNAME traefik-cl01tl
lidarr IN CNAME traefik-cl01tl lidarr IN CNAME traefik-cl01tl
mail IN CNAME traefik-cl01tl mail IN CNAME traefik-cl01tl

2
hosts/ps09rp/traefik/compose.yaml
View File

@@ -1,7 +1,7 @@
--- ---
services: services:
traefik: traefik:
image: ghcr.io/traefik/traefik:v3.6.12@sha256:171c9c3565b29f6c133f1c1b43c5d4e5853415198e9e1078c001f8702ff66aec image: ghcr.io/traefik/traefik:v3.6.13@sha256:abb4f51887319c9b9d9cfe1d3cdf9379a771138003bf683f10e97697e148f95f
container_name: traefik container_name: traefik
command: command:
- "--global.checkNewVersion=false" - "--global.checkNewVersion=false"

2
hosts/ps10rp/blocky/compose.yaml
View File

@@ -1,7 +1,7 @@
--- ---
services: services:
tailscale-blocky: tailscale-blocky:
image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1 image: ghcr.io/tailscale/tailscale:v1.96.5@sha256:dbeff02d2337344b351afac203427218c4d0a06c43fc10a865184063498472a6
container_name: tailscale-blocky container_name: tailscale-blocky
cap_add: cap_add:
- net_admin - net_admin

4
hosts/ps10rp/garage/compose.yaml
View File

@@ -1,6 +1,6 @@
services: services:
tailscale-garage: tailscale-garage:
image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1 image: ghcr.io/tailscale/tailscale:v1.96.5@sha256:dbeff02d2337344b351afac203427218c4d0a06c43fc10a865184063498472a6
container_name: tailscale-garage container_name: tailscale-garage
cap_add: cap_add:
- net_admin - net_admin
@@ -20,7 +20,7 @@ services:
- /dev/net/tun:/dev/net/tun - /dev/net/tun:/dev/net/tun
tailscale-garage-ui: tailscale-garage-ui:
image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1 image: ghcr.io/tailscale/tailscale:v1.96.5@sha256:dbeff02d2337344b351afac203427218c4d0a06c43fc10a865184063498472a6
container_name: tailscale-garage-ui container_name: tailscale-garage-ui
cap_add: cap_add:
- net_admin - net_admin

Some files were not shown because too many files have changed in this diff Show More