Compare commits
52 Commits
0ba4d968eb
...
tmp/secret
| Author | SHA1 | Date | |
|---|---|---|---|
| 7585a4657f | |||
| 60213a92d3 | |||
| 00d5109152 | |||
9a68f8cf6a
|
|||
| 753b67533d | |||
| a7771493a9 | |||
| eb4cf892f4 | |||
|
fa47afea3a
|
|||
| b5429bebea | |||
|
345a234be9
|
|||
| 70917add01 | |||
| d40151ca3e | |||
| 10917de337 | |||
|
7dcf32875a
|
|||
| 775f408383 | |||
| 01090eda72 | |||
| b1db8003fa | |||
| aaf26450c1 | |||
| 6f0f7027be | |||
| baa65fa99c | |||
| 5c0b667aad | |||
| e85cc055bb | |||
| ad27b57adb | |||
| 7237534b19 | |||
| ffc42fc585 | |||
| 774b272db9 | |||
| e35a110ef9 | |||
| 0848f39c44 | |||
| a6c52589b8 | |||
| e43cc404b0 | |||
| d682091fde | |||
| f587bd1e88 | |||
| 9c210bdd05 | |||
| 5d9036d2fe | |||
| a0bef9dc57 | |||
| 7866dfd9db | |||
| 9107424678 | |||
| d7f85c780b | |||
| f0872ba801 | |||
| c0a53e8e13 | |||
| 3fa8ca84f3 | |||
|
62227a6b95
|
|||
| 769610ae79 | |||
| 5b94cf4819 | |||
| d791230974 | |||
|
7de652ad78
|
|||
| abfd4361c7 | |||
|
bc5b905465
|
|||
| bdfb5fe0e8 | |||
|
c63b1295e1
|
|||
| a340ef9eac | |||
|
4ea4299328
|
@@ -13,7 +13,7 @@ on:
|
||||
jobs:
|
||||
renovate:
|
||||
runs-on: ubuntu-latest
|
||||
container: ghcr.io/renovatebot/renovate:43.129.0@sha256:e4abd88d1d6326fe8a702b38c5ee76487d94b455ba4f305bd904521aba9f5a08
|
||||
container: ghcr.io/renovatebot/renovate:43.132.1@sha256:2ccc5b1f0340593c40e1598547aa98feee4e521a0906a423fe0be0431a733dfa
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: argo-cd
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
version: 9.5.1
|
||||
digest: sha256:52a9bcfdc287dac30b8833cd34654b7e62c864aa3d23bda7644a8acf5f75eb78
|
||||
generated: "2026-04-16T15:57:15.168206017Z"
|
||||
version: 9.5.2
|
||||
digest: sha256:5d9e6405ee944bf94df6af247164ebb9b8899144853b9a7eafabe8606affe84e
|
||||
generated: "2026-04-19T19:53:40.43789-05:00"
|
||||
|
||||
14
clusters/cl01tl/helm/argocd/templates/_helpers.tpl
Normal file
14
clusters/cl01tl/helm/argocd/templates/_helpers.tpl
Normal file
@@ -0,0 +1,14 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "argocd.labels" -}}
|
||||
{{ include "argocd.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "argocd.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,70 +1,40 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: argocd-oidc-secret
|
||||
name: argocd-oidc-authentik
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: argocd-oidc-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
app.kubernetes.io/name: argocd-oidc-authentik
|
||||
{{- include "argocd.labels" . | nindent 4 }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
name: openbao
|
||||
data:
|
||||
- secretKey: secret
|
||||
remoteRef:
|
||||
key: /authentik/oidc/argocd
|
||||
key: /cl01tl/authentik/oidc/argocd
|
||||
property: secret
|
||||
- secretKey: client
|
||||
remoteRef:
|
||||
key: /authentik/oidc/argocd
|
||||
key: /cl01tk/authentik/oidc/argocd
|
||||
property: client
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: argocd-notifications-secret
|
||||
name: argocd-notifications-ntfy
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: argocd-notifications-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
app.kubernetes.io/name: argocd-notifications-ntfy
|
||||
{{- include "argocd.labels" . | nindent 4 }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
name: openbao
|
||||
data:
|
||||
- secretKey: ntfy-token
|
||||
remoteRef:
|
||||
key: /ntfy/user/cl01tl
|
||||
key: /cl01tl/ntfy/users/cl01tl
|
||||
property: token
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: argocd-gitea-repo-infrastructure-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: argocd-gitea-repo-infrastructure-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: type
|
||||
remoteRef:
|
||||
key: /cl01tl/argocd/credentials/repo/infrastructure
|
||||
property: type
|
||||
- secretKey: url
|
||||
remoteRef:
|
||||
key: /cl01tl/argocd/credentials/repo/infrastructure
|
||||
property: url
|
||||
- secretKey: sshPrivateKey
|
||||
remoteRef:
|
||||
key: /cl01tl/argocd/credentials/repo/infrastructure
|
||||
property: sshPrivateKey
|
||||
|
||||
@@ -13,8 +13,8 @@ argo-cd:
|
||||
connectors:
|
||||
- config:
|
||||
issuer: https://authentik.alexlebens.net/application/o/argocd/
|
||||
clientID: $argocd-oidc-secret:client
|
||||
clientSecret: $argocd-oidc-secret:secret
|
||||
clientID: $argocd-oidc-authentik:client
|
||||
clientSecret: $argocd-oidc-authentik:secret
|
||||
insecureEnableGroups: true
|
||||
scopes:
|
||||
- openid
|
||||
@@ -205,7 +205,7 @@ argo-cd:
|
||||
argocdUrl: https://argocd.alexlebens.net
|
||||
secret:
|
||||
create: false
|
||||
name: argocd-notifications-secret
|
||||
name: argocd-notifications-ntfy
|
||||
metrics:
|
||||
enabled: true
|
||||
serviceMonitor:
|
||||
|
||||
@@ -32,4 +32,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png
|
||||
# renovate: datasource=github-releases depName=advplyr/audiobookshelf
|
||||
appVersion: 2.33.1
|
||||
appVersion: 2.33.2
|
||||
|
||||
27
clusters/cl01tl/helm/audiobookshelf/templates/_helpers.tpl
Normal file
27
clusters/cl01tl/helm/audiobookshelf/templates/_helpers.tpl
Normal file
@@ -0,0 +1,27 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "audiobookshelf.labels" -}}
|
||||
{{ include "audiobookshelf.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "audiobookshelf.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
NFS names
|
||||
*/}}
|
||||
{{- define "audiobookshelf.booksNfsName" -}}
|
||||
audiobookshelf-books-nfs-storage
|
||||
{{- end -}}
|
||||
{{- define "audiobookshelf.audiobooksNfsName" -}}
|
||||
audiobookshelf-audiobooks-nfs-storage
|
||||
{{- end -}}
|
||||
{{- define "audiobookshelf.podcastsNfsName" -}}
|
||||
audiobookshelf-podcasts-nfs-storage
|
||||
{{- end -}}
|
||||
@@ -1,18 +1,23 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: audiobookshelf-apprise-config
|
||||
name: audiobookshelf-config-apprise
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: audiobookshelf-apprise-config
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
app.kubernetes.io/name: audiobookshelf-config-apprise
|
||||
{{- include "audiobookshelf.labels" . | nindent 4 }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
name: openbao
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
ntfy-url: "{{ `{{ .internal-endpoint-credential }}` }}/audiobookshelf"
|
||||
data:
|
||||
- secretKey: ntfy-url
|
||||
- secretKey: internal-endpoint-credential
|
||||
remoteRef:
|
||||
key: /cl01tl/audiobookshelf/apprise
|
||||
property: ntfy-url
|
||||
key: /cl01tl/ntfy/users/cl01tl
|
||||
property: internal-endpoint-credential
|
||||
|
||||
@@ -1,14 +1,13 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: audiobookshelf-books-nfs-storage
|
||||
name: {{- include "audiobookshelf.booksNfsName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: audiobookshelf-books-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
app.kubernetes.io/name: {{- include "audiobookshelf.booksNfsName" . }}
|
||||
{{- include "audiobookshelf.labels" . | nindent 4 }}
|
||||
spec:
|
||||
volumeName: audiobookshelf-books-nfs-storage
|
||||
volumeName: {{- include "audiobookshelf.booksNfsName" . }}
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
@@ -20,14 +19,13 @@ spec:
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: audiobookshelf-audiobooks-nfs-storage
|
||||
name: {{- include "audiobookshelf.audiobooksNfsName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
app.kubernetes.io/name: {{- include "audiobookshelf.audiobooksNfsName" . }}
|
||||
{{- include "audiobookshelf.labels" . | nindent 4 }}
|
||||
spec:
|
||||
volumeName: audiobookshelf-audiobooks-nfs-storage
|
||||
volumeName: {{- include "audiobookshelf.audiobooksNfsName" . }}
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
@@ -39,14 +37,13 @@ spec:
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: audiobookshelf-podcasts-nfs-storage
|
||||
name: {{- include "audiobookshelf.podcastsNfsName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
app.kubernetes.io/name: {{- include "audiobookshelf.podcastsNfsName" . }}
|
||||
{{- include "audiobookshelf.labels" . | nindent 4 }}
|
||||
spec:
|
||||
volumeName: audiobookshelf-podcasts-nfs-storage
|
||||
volumeName: {{- include "audiobookshelf.podcastsNfsName" . }}
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
|
||||
@@ -1,12 +1,11 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: audiobookshelf-books-nfs-storage
|
||||
name: {{- include "audiobookshelf.booksNfsName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: audiobookshelf-books-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
app.kubernetes.io/name: {{- include "audiobookshelf.booksNfsName" . }}
|
||||
{{- include "audiobookshelf.labels" . | nindent 4 }}
|
||||
spec:
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: nfs-client
|
||||
@@ -26,12 +25,11 @@ spec:
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: audiobookshelf-audiobooks-nfs-storage
|
||||
name: {{- include "audiobookshelf.audiobooksNfsName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
app.kubernetes.io/name: {{- include "audiobookshelf.audiobooksNfsName" . }}
|
||||
{{- include "audiobookshelf.labels" . | nindent 4 }}
|
||||
spec:
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: nfs-client
|
||||
@@ -51,12 +49,11 @@ spec:
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: audiobookshelf-podcasts-nfs-storage
|
||||
name: {{- include "audiobookshelf.podcastsNfsName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
app.kubernetes.io/name: {{- include "audiobookshelf.podcastsNfsName" . }}
|
||||
{{- include "audiobookshelf.labels" . | nindent 4 }}
|
||||
spec:
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: nfs-client
|
||||
|
||||
@@ -12,7 +12,7 @@ audiobookshelf:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/advplyr/audiobookshelf
|
||||
tag: 2.33.1@sha256:a4a5841bba093d81e5f4ad1eaedb4da3fda6dbb2528c552349da50ad1f7ae708
|
||||
tag: 2.33.2@sha256:a44ed89b3e845faa1f7d353f2cc89b2fcd8011737dd14075fa963cf9468da3a5
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
@@ -40,7 +40,7 @@ audiobookshelf:
|
||||
- name: APPRISE_STATELESS_URLS
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: audiobookshelf-apprise-config
|
||||
name: audiobookshelf-config-apprise
|
||||
key: ntfy-url
|
||||
service:
|
||||
main:
|
||||
|
||||
14
clusters/cl01tl/helm/authentik/templates/_helpers.tpl
Normal file
14
clusters/cl01tl/helm/authentik/templates/_helpers.tpl
Normal file
@@ -0,0 +1,14 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "authentik.labels" -}}
|
||||
{{ include "authentik.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "authentik.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,16 +1,15 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: authentik-key-secret
|
||||
name: authentik-key
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: authentik-key-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
app.kubernetes.io/name: authentik-key
|
||||
{{- include "authentik.labels" . | nindent 4 }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
name: openbao
|
||||
data:
|
||||
- secretKey: key
|
||||
remoteRef:
|
||||
|
||||
@@ -1,13 +1,12 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: authentik-tailscale
|
||||
name: {{ .Release.Name }}-tailscale
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: authentik-tailscale
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
app.kubernetes.io/name: {{ .Release.Name }}-tailscale
|
||||
tailscale.com/proxy-class: no-metrics
|
||||
{{- include "authentik.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
|
||||
spec:
|
||||
|
||||
@@ -5,8 +5,7 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: allow-outpost-cross-namespace-access
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- include "authentik.labels" . | nindent 4 }}
|
||||
spec:
|
||||
from:
|
||||
- group: gateway.networking.k8s.io
|
||||
|
||||
@@ -4,7 +4,7 @@ authentik:
|
||||
- name: AUTHENTIK_SECRET_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: authentik-key-secret
|
||||
name: authentik-key
|
||||
key: key
|
||||
- name: AUTHENTIK_POSTGRESQL__HOST
|
||||
valueFrom:
|
||||
|
||||
24
clusters/cl01tl/helm/backrest/templates/_helpers.tpl
Normal file
24
clusters/cl01tl/helm/backrest/templates/_helpers.tpl
Normal file
@@ -0,0 +1,24 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "backrest.labels" -}}
|
||||
{{ include "backrest.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "backrest.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
NFS names
|
||||
*/}}
|
||||
{{- define "backrest.storageNfsName" -}}
|
||||
backrest-nfs-storage
|
||||
{{- end -}}
|
||||
{{- define "backrest.shareNfsName" -}}
|
||||
backrest-nfs-share
|
||||
{{- end -}}
|
||||
@@ -1,14 +1,13 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: backrest-nfs-storage
|
||||
name: {{- include "backrest.storageNfsName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: backrest-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
app.kubernetes.io/name: {{- include "backrest.storageNfsName" . }}
|
||||
{{- include "backrest.labels" . | nindent 4 }}
|
||||
spec:
|
||||
volumeName: backrest-nfs-storage
|
||||
volumeName: {{- include "backrest.storageNfsName" . }}
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
@@ -20,14 +19,13 @@ spec:
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: backrest-nfs-share
|
||||
name: {{- include "backrest.shareNfsName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: backrest-nfs-share
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
app.kubernetes.io/name: {{- include "backrest.shareNfsName" . }}
|
||||
{{- include "backrest.labels" . | nindent 4 }}
|
||||
spec:
|
||||
volumeName: backrest-nfs-share
|
||||
volumeName: {{- include "backrest.shareNfsName" . }}
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
|
||||
@@ -1,12 +1,11 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: backrest-nfs-storage
|
||||
name: {{- include "backrest.storageNfsName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: backrest-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
app.kubernetes.io/name: {{- include "backrest.storageNfsName" . }}
|
||||
{{- include "backrest.labels" . | nindent 4 }}
|
||||
spec:
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: nfs-client
|
||||
@@ -26,12 +25,11 @@ spec:
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: backrest-nfs-share
|
||||
name: {{- include "backrest.shareNfsName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: backrest-nfs-share
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
app.kubernetes.io/name: {{- include "backrest.shareNfsName" . }}
|
||||
{{- include "backrest.labels" . | nindent 4 }}
|
||||
spec:
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: nfs-client
|
||||
|
||||
21
clusters/cl01tl/helm/bazarr/templates/_helpers.tpl
Normal file
21
clusters/cl01tl/helm/bazarr/templates/_helpers.tpl
Normal file
@@ -0,0 +1,21 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "bazarr.labels" -}}
|
||||
{{ include "bazarr.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "bazarr.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
NFS names
|
||||
*/}}
|
||||
{{- define "bazarr.storageNfsName" -}}
|
||||
bazarr-nfs-storage
|
||||
{{- end -}}
|
||||
@@ -1,16 +1,15 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: bazarr-key-secret
|
||||
name: bazarr-key
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: bazarr-key-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
app.kubernetes.io/name: bazarr-key
|
||||
{{- include "bazarr.labels" . | nindent 4 }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
name: openbao
|
||||
data:
|
||||
- secretKey: key
|
||||
remoteRef:
|
||||
|
||||
@@ -1,14 +1,13 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: bazarr-nfs-storage
|
||||
name: {{- include "bazarr.storageNfsName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: bazarr-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
app.kubernetes.io/name: {{- include "bazarr.storageNfsName" . }}
|
||||
{{- include "bazarr.labels" . | nindent 4 }}
|
||||
spec:
|
||||
volumeName: bazarr-nfs-storage
|
||||
volumeName: {{ .Template.Name }}
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
|
||||
@@ -1,12 +1,11 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: bazarr-nfs-storage
|
||||
name: {{- include "bazarr.storageNfsName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: bazarr-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
app.kubernetes.io/name: {{- include "bazarr.storageNfsName" . }}
|
||||
{{- include "bazarr.labels" . | nindent 4 }}
|
||||
spec:
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: nfs-client
|
||||
|
||||
@@ -39,7 +39,7 @@ bazarr:
|
||||
- name: APIKEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: bazarr-key-secret
|
||||
name: bazarr-key
|
||||
key: key
|
||||
- name: ENABLE_ADDITIONAL_METRICS
|
||||
value: false
|
||||
|
||||
24
clusters/cl01tl/helm/cert-manager/templates/_helpers.tpl
Normal file
24
clusters/cl01tl/helm/cert-manager/templates/_helpers.tpl
Normal file
@@ -0,0 +1,24 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "cert-manager.labels" -}}
|
||||
{{ include "cert-manager.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "cert-manager.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
NFS names
|
||||
*/}}
|
||||
{{- define "cert-manager.cloudflareSecretName" -}}
|
||||
cert-manager-cloudflare-api-token
|
||||
{{- end -}}
|
||||
{{- define "cert-manager.cloudflareSecretKey" -}}
|
||||
api-token
|
||||
{{- end -}}
|
||||
@@ -5,8 +5,7 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: letsencrypt-issuer
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- include "cert-manager.labels" . | nindent 4 }}
|
||||
spec:
|
||||
acme:
|
||||
email: alexanderlebens@gmail.com
|
||||
@@ -22,5 +21,5 @@ spec:
|
||||
cloudflare:
|
||||
email: alexanderlebens@gmail.com
|
||||
apiTokenSecretRef:
|
||||
name: cloudflare-api-token
|
||||
key: api-token
|
||||
name: {{- include "cert-manager.cloudflareSecretName" . }}
|
||||
key: {{- include "cert-manager.cloudflareSecretKey" . }}
|
||||
|
||||
@@ -1,18 +1,17 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: cloudflare-api-token
|
||||
name: {{- include "cert-manager.cloudflareSecretName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: cloudflare-api-token
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
app.kubernetes.io/name: {{- include "cert-manager.cloudflareSecretName" . }}
|
||||
{{- include "cert-manager.labels" . | nindent 4 }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
name: openbao
|
||||
data:
|
||||
- secretKey: api-token
|
||||
- secretKey: {{- include "cert-manager.cloudflareSecretKey" . }}
|
||||
remoteRef:
|
||||
key: /cloudflare/alexlebens.net/clusterissuer
|
||||
key: /cloudflare/alexlebens.net/cl01tl-issuer-certificate
|
||||
property: token
|
||||
|
||||
14
clusters/cl01tl/helm/cilium/templates/_helpers.tpl
Normal file
14
clusters/cl01tl/helm/cilium/templates/_helpers.tpl
Normal file
@@ -0,0 +1,14 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "cilium.labels" -}}
|
||||
{{ include "cilium.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "cilium.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,19 +0,0 @@
|
||||
# apiVersion: cilium.io/v2
|
||||
# kind: CiliumBGPAdvertisement
|
||||
# metadata:
|
||||
# name: cilium-bgp-advertisements
|
||||
# namespace: {{ .Release.Namespace }}
|
||||
# labels:
|
||||
# app.kubernetes.io/name: cilium-bgp-advertisements
|
||||
# app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
# app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
# spec:
|
||||
# advertisements:
|
||||
# - advertisementType: "Service"
|
||||
# service:
|
||||
# addresses:
|
||||
# - ExternalIP
|
||||
# - LoadBalancerIP
|
||||
# selector:
|
||||
# matchExpressions:
|
||||
# - {key: somekey, operator: NotIn, values: ['never-used-value']}
|
||||
@@ -1,22 +0,0 @@
|
||||
# apiVersion: cilium.io/v2
|
||||
# kind: CiliumBGPClusterConfig
|
||||
# metadata:
|
||||
# name: cilium-bgp
|
||||
# namespace: {{ .Release.Namespace }}
|
||||
# labels:
|
||||
# app.kubernetes.io/name: cilium-bgp
|
||||
# app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
# app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
# spec:
|
||||
# nodeSelector:
|
||||
# matchLabels:
|
||||
# node-role.kubernetes.io/bgp: "65020"
|
||||
# bgpInstances:
|
||||
# - name: "65020"
|
||||
# localASN: 65020
|
||||
# peers:
|
||||
# - name: "udm-65000"
|
||||
# peerASN: 65000
|
||||
# peerAddress: 192.168.1.1
|
||||
# peerConfigRef:
|
||||
# name: "cilium-peer"
|
||||
@@ -1,23 +0,0 @@
|
||||
# apiVersion: cilium.io/v2
|
||||
# kind: CiliumBGPPeerConfig
|
||||
# metadata:
|
||||
# name: cilium-peer
|
||||
# namespace: {{ .Release.Namespace }}
|
||||
# labels:
|
||||
# app.kubernetes.io/name: cilium-peer
|
||||
# app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
# app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
# spec:
|
||||
# timers:
|
||||
# holdTimeSeconds: 9
|
||||
# keepAliveTimeSeconds: 3
|
||||
# ebgpMultihop: 4
|
||||
# gracefulRestart:
|
||||
# enabled: true
|
||||
# restartTimeSeconds: 15
|
||||
# families:
|
||||
# - afi: ipv4
|
||||
# safi: unicast
|
||||
# advertisements:
|
||||
# matchLabels:
|
||||
# app.kubernetes.io/name: cilium-bgp-advertisements
|
||||
@@ -5,8 +5,7 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: default-ip-pool
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- include "cilium.labels" . | nindent 4 }}
|
||||
spec:
|
||||
blocks:
|
||||
- start: "10.232.1.21"
|
||||
@@ -20,8 +19,7 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: bgp-ip-pool
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- include "cilium.labels" . | nindent 4 }}
|
||||
spec:
|
||||
blocks:
|
||||
- start: "10.232.2.100"
|
||||
|
||||
@@ -1,45 +0,0 @@
|
||||
# apiVersion: gateway.networking.k8s.io/v1
|
||||
# kind: Gateway
|
||||
# metadata:
|
||||
# name: cilium-tls-gateway
|
||||
# namespace: {{ .Release.Namespace }}
|
||||
# labels:
|
||||
# app.kubernetes.io/name: cilium-tls-gateway
|
||||
# app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
# app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
# annotations:
|
||||
# cert-manager.io/cluster-issuer: letsencrypt-issuer
|
||||
# spec:
|
||||
# addresses:
|
||||
# - type: IPAddress
|
||||
# value: 10.232.1.23
|
||||
# gatewayClassName: cilium
|
||||
# listeners:
|
||||
# - allowedRoutes:
|
||||
# namespaces:
|
||||
# from: All
|
||||
# hostname: '*.alexlebens.net'
|
||||
# name: https
|
||||
# port: 443
|
||||
# protocol: HTTPS
|
||||
# tls:
|
||||
# certificateRefs:
|
||||
# - group: ''
|
||||
# kind: Secret
|
||||
# name: https-gateway-cert
|
||||
# namespace: kube-system
|
||||
# mode: Terminate
|
||||
# - allowedRoutes:
|
||||
# namespaces:
|
||||
# from: All
|
||||
# hostname: 'alexlebens.net'
|
||||
# name: https-domain
|
||||
# port: 443
|
||||
# protocol: HTTPS
|
||||
# tls:
|
||||
# certificateRefs:
|
||||
# - group: ''
|
||||
# kind: Secret
|
||||
# name: https-gateway-cert
|
||||
# namespace: kube-system
|
||||
# mode: Terminate
|
||||
@@ -5,8 +5,7 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: hubble
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- include "cilium.labels" . | nindent 4 }}
|
||||
spec:
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
|
||||
14
clusters/cl01tl/helm/dawarich/templates/_helpers.tpl
Normal file
14
clusters/cl01tl/helm/dawarich/templates/_helpers.tpl
Normal file
@@ -0,0 +1,14 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "dawarich.labels" -}}
|
||||
{{ include "dawarich.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "dawarich.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,16 +1,15 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: dawarich-key-secret
|
||||
name: dawarich-key
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: dawarich-key-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
app.kubernetes.io/name: dawarich-key
|
||||
{{- include "dawarich.labels" . | nindent 4 }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
name: openbao
|
||||
data:
|
||||
- secretKey: key
|
||||
remoteRef:
|
||||
@@ -21,22 +20,21 @@ spec:
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: dawarich-oidc-secret
|
||||
name: dawarich-oidc-authentik
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: dawarich-oidc-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
app.kubernetes.io/name: dawarich-oidc-authentik
|
||||
{{- include "dawarich.labels" . | nindent 4 }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
name: openbao
|
||||
data:
|
||||
- secretKey: client
|
||||
remoteRef:
|
||||
key: /authentik/oidc/dawarich
|
||||
key: /cl01tl/authentik/oidc/dawarich
|
||||
property: client
|
||||
- secretKey: secret
|
||||
remoteRef:
|
||||
key: /authentik/oidc/dawarich
|
||||
key: /cl01tl/authentik/oidc/dawarich
|
||||
property: secret
|
||||
|
||||
@@ -61,12 +61,12 @@ dawarich:
|
||||
- name: OIDC_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-oidc-secret
|
||||
name: dawarich-oidc-authentik
|
||||
key: client
|
||||
- name: OIDC_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-oidc-secret
|
||||
name: dawarich-oidc-authentik
|
||||
key: secret
|
||||
- name: OIDC_PROVIDER_NAME
|
||||
value: Authentik
|
||||
@@ -81,7 +81,7 @@ dawarich:
|
||||
- name: SECRET_KEY_BASE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-key-secret
|
||||
name: dawarich-key
|
||||
key: key
|
||||
- name: RAILS_LOG_TO_STDOUT
|
||||
value: true
|
||||
|
||||
@@ -56,4 +56,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/gitea.png
|
||||
# renovate: datasource=github-releases depName=go-gitea/gitea
|
||||
appVersion: 1.25.5
|
||||
appVersion: 1.26.0
|
||||
|
||||
@@ -194,7 +194,7 @@ gitea-actions:
|
||||
registry: docker.io
|
||||
repository: gitea/act_runner
|
||||
# renovate: datasource=docker depName=gitea/act_runner
|
||||
tag: 0.4.0@sha256:e7364b8252e74d5eb047abe64c98a856da37d9dad848af51e011b249206b36ba
|
||||
tag: 0.4.1@sha256:696a59b51ad3d149521e3beb0229d5fb88f87295e1616f940199793274415b56
|
||||
extraVolumeMounts:
|
||||
- name: workspace-vol
|
||||
mountPath: /workspace
|
||||
|
||||
@@ -25,4 +25,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/houndarr.png
|
||||
# renovate: datasource=github-releases depName=av1155/houndarr
|
||||
appVersion: v1.8.0
|
||||
appVersion: v1.9.0
|
||||
|
||||
@@ -8,7 +8,7 @@ houndarr:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/av1155/houndarr
|
||||
tag: v1.8.0@sha256:6d213dadb625e0cebdd6e28358e2815f9ceccf133bb5469b6bc837cf1a70c9e2
|
||||
tag: v1.9.0@sha256:2a9c9e0de43412f683f00cce6f5d0f3e059b27e50350434ae4029ade720e85a0
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -24,4 +24,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/music-grabber.png
|
||||
# renovate: datasource=docker depName=g33kphr33k/musicgrabber
|
||||
appVersion: 2.6.4
|
||||
appVersion: 2.6.5
|
||||
|
||||
@@ -12,7 +12,7 @@ music-grabber:
|
||||
main:
|
||||
image:
|
||||
repository: g33kphr33k/musicgrabber
|
||||
tag: 2.6.4@sha256:e54d4b7abb395cd95ed4d9c9c8ca230ea789620484da148cc128b3981577c066
|
||||
tag: 2.6.5@sha256:5d276415a764a56955207ae41fe2df3341a152812fdf8a87e7c0b7e4e1fb681d
|
||||
env:
|
||||
- name: MUSIC_DIR
|
||||
value: /mnt/store/Music Grabber/
|
||||
|
||||
@@ -33,4 +33,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-4k.png
|
||||
# renovate: datasource=github-releases depName=linuxserver/docker-radarr
|
||||
appVersion: 6.1.1.10360-ls299
|
||||
appVersion: 6.1.1.10360-ls300
|
||||
|
||||
@@ -14,7 +14,7 @@ radarr-4k:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/radarr
|
||||
tag: 6.1.1.10360-ls299@sha256:6f1dda18354ea7f28cead8f6d099fc8222498c3ae165f567d504ed04d70980d7
|
||||
tag: 6.1.1.10360-ls300@sha256:b01097ad2d948c9f5eca39eb60bb529e2e55b0738c4bf7db09383bef0abab59d
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -33,4 +33,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-anime.png
|
||||
# renovate: datasource=github-releases depName=linuxserver/docker-radarr
|
||||
appVersion: 6.1.1.10360-ls299
|
||||
appVersion: 6.1.1.10360-ls300
|
||||
|
||||
@@ -14,7 +14,7 @@ radarr-anime:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/radarr
|
||||
tag: 6.1.1.10360-ls299@sha256:6f1dda18354ea7f28cead8f6d099fc8222498c3ae165f567d504ed04d70980d7
|
||||
tag: 6.1.1.10360-ls300@sha256:b01097ad2d948c9f5eca39eb60bb529e2e55b0738c4bf7db09383bef0abab59d
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -33,4 +33,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png
|
||||
# renovate: datasource=github-releases depName=linuxserver/docker-radarr
|
||||
appVersion: 6.1.1.10360-ls299
|
||||
appVersion: 6.1.1.10360-ls300
|
||||
|
||||
@@ -14,7 +14,7 @@ radarr-standup:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/radarr
|
||||
tag: 6.1.1.10360-ls299@sha256:6f1dda18354ea7f28cead8f6d099fc8222498c3ae165f567d504ed04d70980d7
|
||||
tag: 6.1.1.10360-ls300@sha256:b01097ad2d948c9f5eca39eb60bb529e2e55b0738c4bf7db09383bef0abab59d
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -33,4 +33,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png
|
||||
# renovate: datasource=github-releases depName=linuxserver/docker-radarr
|
||||
appVersion: 6.1.1.10360-ls299
|
||||
appVersion: 6.1.1.10360-ls300
|
||||
|
||||
@@ -14,7 +14,7 @@ radarr:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/radarr
|
||||
tag: 6.1.1.10360-ls299@sha256:6f1dda18354ea7f28cead8f6d099fc8222498c3ae165f567d504ed04d70980d7
|
||||
tag: 6.1.1.10360-ls300@sha256:b01097ad2d948c9f5eca39eb60bb529e2e55b0738c4bf7db09383bef0abab59d
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -20,4 +20,4 @@ dependencies:
|
||||
version: 4.6.2
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/rclone.png
|
||||
# renovate: datasource=github-releases depName=rclone/rclone
|
||||
appVersion: v1.73.4
|
||||
appVersion: v1.73.5
|
||||
|
||||
@@ -12,7 +12,7 @@ rclone:
|
||||
sync:
|
||||
image:
|
||||
repository: rclone/rclone
|
||||
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
|
||||
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
|
||||
args:
|
||||
- sync
|
||||
- src:directus-assets
|
||||
@@ -90,7 +90,7 @@ rclone:
|
||||
sync:
|
||||
image:
|
||||
repository: rclone/rclone
|
||||
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
|
||||
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
|
||||
args:
|
||||
- sync
|
||||
- src:karakeep-assets
|
||||
@@ -168,7 +168,7 @@ rclone:
|
||||
sync:
|
||||
image:
|
||||
repository: rclone/rclone
|
||||
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
|
||||
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
|
||||
args:
|
||||
- sync
|
||||
- src:talos-backups
|
||||
@@ -239,7 +239,7 @@ rclone:
|
||||
prune:
|
||||
image:
|
||||
repository: rclone/rclone
|
||||
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
|
||||
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
|
||||
args:
|
||||
- delete
|
||||
- dest:talos-backups
|
||||
@@ -287,7 +287,7 @@ rclone:
|
||||
sync:
|
||||
image:
|
||||
repository: rclone/rclone
|
||||
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
|
||||
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
|
||||
args:
|
||||
- sync
|
||||
- src:web-assets
|
||||
@@ -365,7 +365,7 @@ rclone:
|
||||
sync:
|
||||
image:
|
||||
repository: rclone/rclone
|
||||
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
|
||||
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
|
||||
args:
|
||||
- sync
|
||||
- src:postgres-backups
|
||||
@@ -440,7 +440,7 @@ rclone:
|
||||
prune:
|
||||
image:
|
||||
repository: rclone/rclone
|
||||
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
|
||||
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
|
||||
args:
|
||||
- delete
|
||||
- dest:postgres-backups
|
||||
@@ -488,7 +488,7 @@ rclone:
|
||||
sync:
|
||||
image:
|
||||
repository: rclone/rclone
|
||||
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
|
||||
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
|
||||
args:
|
||||
- sync
|
||||
- src:ntfy-attachments
|
||||
@@ -566,7 +566,7 @@ rclone:
|
||||
sync:
|
||||
image:
|
||||
repository: rclone/rclone
|
||||
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
|
||||
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
|
||||
args:
|
||||
- sync
|
||||
- src:openbao-backups
|
||||
@@ -637,7 +637,7 @@ rclone:
|
||||
prune:
|
||||
image:
|
||||
repository: rclone/rclone
|
||||
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
|
||||
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
|
||||
args:
|
||||
- delete
|
||||
- dest:openbao-backups
|
||||
@@ -685,7 +685,7 @@ rclone:
|
||||
sync:
|
||||
image:
|
||||
repository: rclone/rclone
|
||||
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
|
||||
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
|
||||
args:
|
||||
- sync
|
||||
- src:openbao-backups
|
||||
@@ -756,7 +756,7 @@ rclone:
|
||||
prune:
|
||||
image:
|
||||
repository: rclone/rclone
|
||||
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
|
||||
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
|
||||
args:
|
||||
- delete
|
||||
- dest:openbao-backups-6e088aad5fad110b
|
||||
|
||||
@@ -10,7 +10,7 @@ site-documentation:
|
||||
main:
|
||||
image:
|
||||
repository: harbor.alexlebens.net/images/site-documentation
|
||||
tag: 0.26.0@sha256:fbd3167788a75a637aef0be6ef32bef685ce4af59f45e955cc6eb57ed8b1fd87
|
||||
tag: 0.27.0@sha256:dafa3c8aa9401009c299bb274d140acc10d8531dd40c8253783b1f8ed8519d76
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
|
||||
@@ -10,7 +10,7 @@ site-profile:
|
||||
main:
|
||||
image:
|
||||
repository: harbor.alexlebens.net/images/site-profile
|
||||
tag: 3.18.2@sha256:8deb9624b2564fabd1f5cc6822306fd198b245858317be2d9ab4ca044ae3ded5
|
||||
tag: 3.18.5@sha256:2ad5cbbdbf1011f74c5fa804584236ffea266c37f046f837625af79a97bc0b56
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
|
||||
@@ -22,4 +22,4 @@ dependencies:
|
||||
version: 4.6.2
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/slskd.png
|
||||
# renovate: datasource=github-releases depName=slskd/slskd
|
||||
appVersion: 0.24.5
|
||||
appVersion: 0.25.0
|
||||
|
||||
@@ -1,51 +1,66 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: slskd-config-secret
|
||||
name: airvpn-wireguard-conf
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: slskd-config-secret
|
||||
app.kubernetes.io/name: airvpn-wireguard-conf
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
name: openbao
|
||||
data:
|
||||
- secretKey: slskd.yml
|
||||
- secretKey: conf
|
||||
remoteRef:
|
||||
key: /cl01tl/slskd/config
|
||||
|
||||
property: slskd.yml
|
||||
key: /airvpn/config
|
||||
property: conf
|
||||
- secretKey: private-key
|
||||
remoteRef:
|
||||
key: /airvpn/config
|
||||
property: private-key
|
||||
- secretKey: preshared-key
|
||||
remoteRef:
|
||||
key: /airvpn/config
|
||||
property: preshared-key
|
||||
- secretKey: addresses
|
||||
remoteRef:
|
||||
key: /airvpn/config
|
||||
property: addresses
|
||||
- secretKey: input-ports
|
||||
remoteRef:
|
||||
key: /airvpn/config
|
||||
property: input-ports
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: slskd-wireguard-conf
|
||||
name: protonvpn-wireguard-conf
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: slskd-wireguard-conf
|
||||
app.kubernetes.io/name: protonvpn-wireguard-conf
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
name: openbao
|
||||
data:
|
||||
- secretKey: conf
|
||||
remoteRef:
|
||||
key: /protonvpn/config
|
||||
property: conf
|
||||
- secretKey: email
|
||||
remoteRef:
|
||||
key: /protonvpn/config
|
||||
property: email
|
||||
- secretKey: password
|
||||
remoteRef:
|
||||
key: /protonvpn/config
|
||||
property: password
|
||||
- secretKey: private-key
|
||||
remoteRef:
|
||||
key: /airvpn/conf/cl01tl
|
||||
key: /protonvpn/config
|
||||
property: private-key
|
||||
- secretKey: preshared-key
|
||||
remoteRef:
|
||||
key: /airvpn/conf/cl01tl
|
||||
property: preshared-key
|
||||
- secretKey: addresses
|
||||
remoteRef:
|
||||
key: /airvpn/conf/cl01tl
|
||||
property: addresses
|
||||
- secretKey: input-ports
|
||||
remoteRef:
|
||||
key: /airvpn/conf/cl01tl
|
||||
property: input-ports
|
||||
|
||||
@@ -0,0 +1,19 @@
|
||||
apiVersion: secrets-store.csi.x-k8s.io/v1
|
||||
kind: SecretProviderClass
|
||||
metadata:
|
||||
name: slskd-config-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: slskd-config-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
provider: openbao
|
||||
parameters:
|
||||
baoAddress: "http://openbao-internal.openbao:8200"
|
||||
roleName: slskd
|
||||
objects: |
|
||||
- objectName: slskd.yml
|
||||
fileName: slskd.yml
|
||||
secretPath: secret/data/cl01tl/slskd/config
|
||||
secretKey: slskd.yml
|
||||
@@ -4,6 +4,8 @@ slskd:
|
||||
type: deployment
|
||||
replicas: 1
|
||||
strategy: Recreate
|
||||
serviceAccount:
|
||||
name: slskd
|
||||
pod:
|
||||
securityContext:
|
||||
fsGroup: 1000
|
||||
@@ -36,7 +38,7 @@ slskd:
|
||||
main:
|
||||
image:
|
||||
repository: slskd/slskd
|
||||
tag: 0.24.5@sha256:17ef977563be206f3b5932080b1e23883b2cb39dc9010640f6f39b4eaec887e3
|
||||
tag: 0.25.0@sha256:6a91991c05b7cbbe4e3dcc1f5e10f88d00a68f7ad2ef8a820b79496441b9b78c
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
@@ -46,6 +48,8 @@ slskd:
|
||||
value: 1000
|
||||
- name: SLSKD_UMASK
|
||||
value: 000
|
||||
- name: SLSKD_CONFIG
|
||||
value: /config/slskd.yml
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
@@ -60,29 +64,14 @@ slskd:
|
||||
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
|
||||
env:
|
||||
- name: VPN_SERVICE_PROVIDER
|
||||
value: airvpn
|
||||
value: protonvpn
|
||||
- name: VPN_TYPE
|
||||
value: wireguard
|
||||
- name: WIREGUARD_PRIVATE_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: slskd-wireguard-conf
|
||||
name: protonvpn-wireguard-conf
|
||||
key: private-key
|
||||
- name: WIREGUARD_PRESHARED_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: slskd-wireguard-conf
|
||||
key: preshared-key
|
||||
- name: WIREGUARD_ADDRESSES
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: slskd-wireguard-conf
|
||||
key: addresses
|
||||
- name: FIREWALL_VPN_INPUT_PORTS
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: slskd-wireguard-conf
|
||||
key: input-ports
|
||||
- name: FIREWALL_OUTBOUND_SUBNETS
|
||||
value: 192.168.1.0/24,10.244.0.0/16
|
||||
- name: FIREWALL_INPUT_PORTS
|
||||
@@ -159,13 +148,17 @@ slskd:
|
||||
value: /
|
||||
persistence:
|
||||
slskd-config:
|
||||
enabled: true
|
||||
type: secret
|
||||
name: slskd-config-secret
|
||||
type: custom
|
||||
volumeSpec:
|
||||
csi:
|
||||
driver: secrets-store.csi.k8s.io
|
||||
readOnly: true
|
||||
volumeAttributes:
|
||||
secretProviderClass: slskd-config-secret
|
||||
advancedMounts:
|
||||
main:
|
||||
main:
|
||||
- path: /app/slskd.yml
|
||||
- path: /config/slskd.yml
|
||||
readOnly: true
|
||||
mountPropagation: None
|
||||
subPath: slskd.yml
|
||||
|
||||
@@ -45,9 +45,6 @@ traefik:
|
||||
entryPoints: ["websecure"]
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
rollingUpdate:
|
||||
maxUnavailable: 1
|
||||
maxSurge: 1
|
||||
providers:
|
||||
kubernetesCRD:
|
||||
allowCrossNamespace: true
|
||||
|
||||
@@ -33,7 +33,7 @@ services:
|
||||
- postgresql18:/var/lib/postgresql
|
||||
|
||||
gitea:
|
||||
image: gitea/gitea:1.25.5@sha256:f846d26a4fc389c5806a580a765e00bfdd1fd181e6f2060da98ea2669d914472
|
||||
image: gitea/gitea:1.26.0@sha256:af07b88edbb2173d20932f9c75ebcf4e61d7d5c2d6a7ab5cc6b97cba28aea352
|
||||
container_name: gitea
|
||||
depends_on:
|
||||
- postgresql
|
||||
|
||||
Reference in New Issue
Block a user