alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 4 Actions 3 Activity

Compare commits

base: alexlebens:405346929ecaff9e8a376dfb9ab24986b0dc2caf
Branches Tags
alexlebens:main alexlebens:renovate/major-unified-loki alexlebens:renovate/unified-stalwartlabs alexlebens:renovate/unified-gitea alexlebens:renovate/unified-cilium alexlebens:manifests
...
compare: alexlebens:main
Branches Tags
alexlebens:renovate/major-unified-loki alexlebens:renovate/unified-stalwartlabs alexlebens:renovate/unified-gitea alexlebens:renovate/unified-cilium alexlebens:manifests alexlebens:main

65 Commits
405346929e ... main

Author SHA1 Message Date
Renovate Bot
065e413d72 Merge pull request 'chore(deps): update rclone-bucket docker tag to v0.4.3' (#6289) from renovate/unified-rclone-bucket into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 23s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 3m15s
Details
2026-04-26 21:09:21 +00:00
Renovate Bot
f58df886db chore(deps): update rclone-bucket docker tag to v0.4.3 2026-04-26 21:09:21 +00:00
Renovate Bot
a281016c38 Merge pull request 'chore(deps): update kube-prometheus-stack docker tag to v84.1.1' (#6287) from renovate/unified-kube-prometheus-stack into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 38s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details
2026-04-26 21:06:07 +00:00
Renovate Bot
cc3358d14f chore(deps): update kube-prometheus-stack docker tag to v84.1.1
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 38s
Details
lint-test-helm / validate-kubeconform (pull_request) Has been skipped
Details
render-manifests / render-manifests (pull_request) Successful in 1m37s
Details
2026-04-26 21:05:39 +00:00
Alex Lebens
42e1aa7ee1 feat: disable job
All checks were successful
lint-test-helm / lint-helm (push) Successful in 20s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 9m51s
Details
2026-04-26 15:42:55 -05:00
Alex Lebens
decbaecd7c Merge pull request 'feat: update chart' (#6284) from tmp/rclone-6 into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 3m4s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details 
Reviewed-on: #6284
 2026-04-26 20:38:40 +00:00
Alex Lebens
81c500abe1 feat: update chart
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 26s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 35s
Details
render-manifests / render-manifests (pull_request) Successful in 1m12s
Details
2026-04-26 15:36:46 -05:00
Alex Lebens
b7dadffe78 Merge pull request 'feat: update lock' (#6282) from tmp/lock into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 34s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 3m20s
Details 
Reviewed-on: #6282
 2026-04-26 20:25:41 +00:00
Alex Lebens
00ec082b58 feat: update chart
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 32s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 48s
Details
render-manifests / render-manifests (pull_request) Successful in 1m16s
Details
2026-04-26 15:23:38 -05:00
Alex Lebens
41baa54591 feat: update lock
Some checks failed
lint-test-helm / lint-helm (pull_request) Successful in 2m7s
Details
lint-test-helm / validate-kubeconform (pull_request) Failing after 2m28s
Details
2026-04-26 15:04:05 -05:00
Alex Lebens
8a81b5e330 Merge pull request 'feat: add names' (#6280) from tmp/rclone-5 into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 22s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 4m49s
Details 
Reviewed-on: #6280
 2026-04-26 19:47:26 +00:00
Alex Lebens
25d7d7add0 feat: add names
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 22s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 20s
Details
render-manifests / render-manifests (pull_request) Successful in 52s
Details
2026-04-26 14:44:28 -05:00
Alex Lebens
7b4cadea2e Merge pull request 'feat: migrate to new chart' (#6279) from tmp/rclone-4 into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 25s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 3m10s
Details 
Reviewed-on: #6279
 2026-04-26 19:27:00 +00:00
Alex Lebens
f0416ad5f2 feat: migrate to new chart
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 56s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 20s
Details
render-manifests / render-manifests (pull_request) Successful in 1m3s
Details
2026-04-26 14:21:37 -05:00
Alex Lebens
d018c3c750 Merge pull request 'feat: move rclone to chart and namespace' (#6277) from tmp/karakeep-1 into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 41s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 3m15s
Details 
Reviewed-on: #6277
 2026-04-26 19:06:52 +00:00
Alex Lebens
9ed1598406 feat: move rclone to chart and namespace
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 3m40s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 4m18s
Details
render-manifests / render-manifests (pull_request) Successful in 1m41s
Details
2026-04-26 13:55:14 -05:00
Alex Lebens
8ff42e33b3 feat: move rclone to chart and namespace
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 33s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 24s
Details
2026-04-26 13:48:24 -05:00
Alex Lebens
2e908dac22 Merge pull request 'feat: move service account to template' (#6275) from tmp/talos-4 into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 3m16s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 2m45s
Details 
Reviewed-on: #6275
 2026-04-26 18:40:56 +00:00
Alex Lebens
3e6dfa72ec feat: move service account to template
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 44s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 57s
Details
render-manifests / render-manifests (pull_request) Successful in 51s
Details
2026-04-26 13:02:13 -05:00
Alex Lebens
6bab92174e Merge pull request 'chore(deps): update ghcr.io/caronc/apprise docker tag to v1.4.0' (#6259) from renovate/unified-apprise into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 32s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 2m38s
Details 
Reviewed-on: #6259
 2026-04-26 17:44:02 +00:00
Renovate Bot
783c2a9486 chore(deps): update ghcr.io/caronc/apprise docker tag to v1.4.0 2026-04-26 17:44:02 +00:00
Alex Lebens
59ff3217c5 Merge pull request 'fix: wrong name' (#6274) from tmp/music-grab-1 into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 27s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details 
Reviewed-on: #6274
 2026-04-26 17:43:01 +00:00
Alex Lebens
e4ea40178f fix: wrong name 2026-04-26 17:43:01 +00:00
Alex Lebens
31d227f3d0 Merge pull request 'feat: simplify script' (#6273) from tmp/vault-1 into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 25s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details 
Reviewed-on: #6273
 2026-04-26 17:40:14 +00:00
Alex Lebens
70832243d6 feat: simplify script
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 58s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 27s
Details
render-manifests / render-manifests (pull_request) Successful in 1m37s
Details
2026-04-26 17:38:04 +00:00
Alex Lebens
371047eb41 Merge pull request 'feat: add service account' (#6272) from tmp/talos-3 into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 33s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details 
Reviewed-on: #6272
 2026-04-26 17:37:11 +00:00
Alex Lebens
bf108a2beb feat: add service account
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 30s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 32s
Details
render-manifests / render-manifests (pull_request) Successful in 57s
Details
2026-04-26 12:15:08 -05:00
Alex Lebens
3a94d04e63 Merge pull request 'feat: move to chart and namespace' (#6258) from tmp/rclone-3 into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 24s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 3m18s
Details 
Reviewed-on: #6258
 2026-04-26 17:09:07 +00:00
Alex Lebens
9d33556a2a feat: remove commented files 2026-04-26 17:09:07 +00:00
Alex Lebens
ffe49f09e6 feat: move to chart and namespace 2026-04-26 17:09:07 +00:00
Renovate Bot
2630883ef3 Merge pull request 'chore(deps): update g33kphr33k/musicgrabber docker tag to v2.6.6' (#6269) from renovate/unified-musicgrabber into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 29s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 4m42s
Details
2026-04-26 17:02:59 +00:00
Renovate Bot
e72a956979 chore(deps): update g33kphr33k/musicgrabber docker tag to v2.6.6
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 28s
Details
lint-test-helm / validate-kubeconform (pull_request) Has been skipped
Details
render-manifests / render-manifests (pull_request) Successful in 5m25s
Details
2026-04-26 17:02:39 +00:00
Alex Lebens
8b04708d51 Merge pull request 'chore(deps): update harbor.alexlebens.net/images/site-profile docker tag to v3.18.6' (#6263) from renovate/unified-site-profile into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 1m42s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 2m41s
Details 
Reviewed-on: #6263
 2026-04-26 16:41:26 +00:00
Renovate Bot
f97cec1f0b chore(deps): update harbor.alexlebens.net/images/site-profile docker tag to v3.18.6 2026-04-26 16:41:26 +00:00
Renovate Bot
9d70cb5fdb Merge pull request 'chore(deps): update harbor.alexlebens.net/images/site-saralebens docker tag to v1.1.2' (#6264) from renovate/unified-site-saralebens into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 1m38s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 5m36s
Details
2026-04-26 16:06:09 +00:00
Renovate Bot
2e91ab7d1f chore(deps): update harbor.alexlebens.net/images/site-saralebens docker tag to v1.1.2 2026-04-26 16:06:09 +00:00
Renovate Bot
21b4dff452 Merge pull request 'chore(deps): update harbor.alexlebens.net/images/site-documentation docker tag to v0.27.1' (#6262) from renovate/unified-site-documentation into main
Some checks failed
lint-test-helm / validate-kubeconform (push) Has been cancelled
Details
lint-test-helm / lint-helm (push) Has been cancelled
Details
renovate / renovate (push) Has been cancelled
Details
2026-04-26 16:05:18 +00:00
Renovate Bot
cb1ca6b47d chore(deps): update harbor.alexlebens.net/images/site-documentation docker tag to v0.27.1 2026-04-26 16:05:18 +00:00
Renovate Bot
e5eed80b03 Merge pull request 'chore(deps): update grimmory to v3.0.2' (#6261) from renovate/unified-grimmory into main
Some checks failed
lint-test-helm / validate-kubeconform (push) Has been cancelled
Details
lint-test-helm / lint-helm (push) Has been cancelled
Details
renovate / renovate (push) Has been cancelled
Details
2026-04-26 16:04:44 +00:00
Renovate Bot
6de2a0a7f7 chore(deps): update grimmory to v3.0.2 2026-04-26 16:04:44 +00:00
Renovate Bot
478ce5b99c Merge pull request 'chore(deps): update ghcr.io/renovatebot/renovate docker tag to v43.141.6' (#6260) from renovate/unified-renovate into main
Some checks failed
renovate / renovate (push) Has been cancelled
Details
2026-04-26 16:04:10 +00:00
Renovate Bot
d03f79d036 chore(deps): update ghcr.io/renovatebot/renovate docker tag to v43.141.6
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
2026-04-26 16:03:38 +00:00
Renovate Bot
ee27e911dc Merge pull request 'chore(deps): update grimmory to v3.0.1' (#6256) from renovate/unified-grimmory into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 28s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
render-manifests / render-manifests (push) Successful in 9m7s
Details
renovate / renovate (push) Successful in 6m17s
Details
2026-04-26 01:02:49 +00:00
Renovate Bot
c75b2d4e0a chore(deps): update grimmory to v3.0.1
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 33s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 29s
Details
render-manifests / render-manifests (pull_request) Successful in 1m26s
Details
2026-04-26 01:02:17 +00:00
Renovate Bot
b683648e66 Merge pull request 'chore(deps): update kube-prometheus-stack docker tag to v84.1.0' (#6253) from renovate/unified-kube-prometheus-stack into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 37s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 2m33s
Details
2026-04-26 00:13:22 +00:00
Renovate Bot
e56d0d33a7 chore(deps): update kube-prometheus-stack docker tag to v84.1.0 2026-04-26 00:13:22 +00:00
Renovate Bot
c78dec2a13 Merge pull request 'chore(deps): update vaultwarden to v1.35.8' (#6252) from renovate/unified-vaultwarden into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 21s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details
2026-04-26 00:12:20 +00:00
Renovate Bot
25f618e63d chore(deps): update vaultwarden to v1.35.8
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
render-manifests / render-manifests (pull_request) Successful in 55s
Details
lint-test-helm / lint-helm (pull_request) Successful in 2m26s
Details
lint-test-helm / validate-kubeconform (pull_request) Has been skipped
Details
2026-04-26 00:11:48 +00:00
Alex Lebens
9a0ca0078a Merge pull request 'feat: change mount' (#6250) from tmp/foldergram-13 into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 1m40s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 13m33s
Details 
Reviewed-on: #6250
 2026-04-25 16:37:25 +00:00
Alex Lebens
42111cb1a7 fix: wrong variable name
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 30s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 32s
Details
render-manifests / render-manifests (pull_request) Successful in 1m17s
Details
2026-04-25 11:31:25 -05:00
Alex Lebens
a34ffbea77 feat: change mount
Some checks failed
lint-test-helm / lint-helm (pull_request) Failing after 40s
Details
lint-test-helm / validate-kubeconform (pull_request) Has been skipped
Details
2026-04-25 11:28:40 -05:00
Alex Lebens
268dd6f09a Merge pull request 'feat: use only MIA' (#6246) from tmp/foldergram-12 into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 44s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
render-manifests / render-manifests (push) Successful in 16m21s
Details
renovate / renovate (push) Successful in 2m51s
Details 
Reviewed-on: #6246
 2026-04-25 03:04:40 +00:00
Alex Lebens
d8ed6d645e feat: use only MIA 2026-04-25 03:04:40 +00:00
Renovate Bot
40453a2745 Merge pull request 'chore(deps): update sonarr to v4.0.17.2952-ls309' (#6248) from renovate/unified-sonarr into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 31s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details
2026-04-25 03:02:55 +00:00
Renovate Bot
0f309949da chore(deps): update sonarr to v4.0.17.2952-ls309
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 1m14s
Details
lint-test-helm / validate-kubeconform (pull_request) Has been skipped
Details
render-manifests / render-manifests (pull_request) Successful in 1m21s
Details
2026-04-25 03:02:17 +00:00
Alex Lebens
9fa567534c Merge pull request 'chore(deps): update vault to v2 (major)' (#5933) from renovate/major-unified-vault into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 34s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 5m13s
Details 
Reviewed-on: #5933
 2026-04-25 02:57:27 +00:00
Renovate Bot
a5af32e377 chore(deps): update vault to v2
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 1m4s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 54s
Details
render-manifests / render-manifests (pull_request) Successful in 2m57s
Details
2026-04-25 02:45:26 +00:00
Alex Lebens
05aabd2e9c Merge pull request 'chore(deps): update outline to v1.7.0' (#6234) from renovate/unified-outline into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 1m33s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 4m25s
Details 
Reviewed-on: #6234
 2026-04-25 02:40:55 +00:00
Renovate Bot
7ad3e6fccf chore(deps): update outline to v1.7.0 2026-04-25 02:40:55 +00:00
Alex Lebens
044879919e Merge pull request 'chore(deps): update medialyze to v0.9.0' (#6241) from renovate/unified-medialyze into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 29s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details 
Reviewed-on: #6241
 2026-04-25 02:38:41 +00:00
Renovate Bot
e62b9f082e chore(deps): update medialyze to v0.9.0 2026-04-25 02:38:41 +00:00
Alex Lebens
e4ab193709 Merge pull request 'feat: remove vault' (#6244) from tmp/external-secrets-3 into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 23s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details 
Reviewed-on: #6244
 2026-04-25 02:35:05 +00:00
Alex Lebens
d0bc1ff840 feat: remove vault
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 40s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 39s
Details
render-manifests / render-manifests (pull_request) Successful in 1m13s
Details
2026-04-24 21:32:32 -05:00
Alex Lebens
e8d25256f3 Merge pull request 'feat: add to secret' (#6242) from tmp/talos-2 into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 1m0s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details 
Reviewed-on: #6242
 2026-04-25 02:30:49 +00:00
Alex Lebens
89109fba68 feat: add to secret 2026-04-25 02:30:49 +00:00
59 changed files with 420 additions and 1170 deletions
Expand all files Collapse all files

2
.gitea/workflows/renovate.yaml
View File

@@ -13,7 +13,7 @@ on:
jobs: jobs:
renovate: renovate:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: ghcr.io/renovatebot/renovate:43.141.5@sha256:8fb9e3cfdadc0994fb87f57be624d1c1940c41c1c53c074465caff85a2b6d3a4 container: ghcr.io/renovatebot/renovate:43.141.6@sha256:077a2aada1c508923e4e36b68f7efe3ec013a797da8aed352afd98fb0e1b4c60
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

7
clusters/cl01tl/helm/actual/Chart.lock
View File

@@ -2,5 +2,8 @@ dependencies:
- name: app-template - name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
digest: sha256:1c04c187e6cf768117f7f91f3a3b082937ad5854c1cf6a681ad7c02687cd543d - name: volsync-target
generated: "2026-04-18T20:15:22.778699-05:00" repository: oci://harbor.alexlebens.net/helm-charts
version: 1.0.0
digest: sha256:ee1ff98af82f76ddf0b672abf9f4973ae41faff3cd61d81849f496c089cfdbd3
generated: "2026-04-26T14:57:34.863614-05:00"

8
clusters/cl01tl/helm/audiobookshelf/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 1.0.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 1.0.0
digest: sha256:7ee4cfdf7f908401c39b3cda0cf8783b25dcb9cf93e7c911609bab9e303ec5bf digest: sha256:c6af4b1dd96410281d53ff8f63235bc79bd9a1d493d6da097d9e4ff088e09538
generated: "2026-03-06T01:05:03.534042627Z" generated: "2026-04-26T14:57:40.219612-05:00"

2
clusters/cl01tl/helm/audiobookshelf/values.yaml
View File

@@ -23,7 +23,7 @@ audiobookshelf:
apprise-api: apprise-api:
image: image:
repository: ghcr.io/caronc/apprise repository: ghcr.io/caronc/apprise
tag: v1.3.3@sha256:4bfeac268ba87b8e08e308c9aa0182fe99e9501ec464027afc333d1634e65977 tag: v1.4.0@sha256:9d97a6b9b42cf6afdf3b5466dbed2a59cd42a4bb777ec6aa57b5f2ee623569eb
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago

10
clusters/cl01tl/helm/cloudnative-pg/Chart.lock
View File

@@ -5,5 +5,11 @@ dependencies:
- name: plugin-barman-cloud - name: plugin-barman-cloud
repository: https://cloudnative-pg.io/charts/ repository: https://cloudnative-pg.io/charts/
version: 0.6.0 version: 0.6.0
digest: sha256:48241acb753e635a01b306b90cfbce13ed3c0105a33ec7d36f159e3a7fe607f3 - name: rclone-bucket
generated: "2026-04-14T09:03:10.332065288Z" repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.3
- name: rclone-bucket
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.3
digest: sha256:75d7078b7009082521a1bb8b49141e20b442343dabe7f76f5e7a16a352cfe205
generated: "2026-04-26T15:36:31.678086-05:00"

9
clusters/cl01tl/helm/cloudnative-pg/Chart.yaml
View File

@@ -13,6 +13,7 @@ sources:
- https://github.com/cloudnative-pg/postgres-containers/pkgs/container/postgresql - https://github.com/cloudnative-pg/postgres-containers/pkgs/container/postgresql
- https://github.com/cloudnative-pg/charts/tree/main/charts/cloudnative-pg - https://github.com/cloudnative-pg/charts/tree/main/charts/cloudnative-pg
- https://github.com/cloudnative-pg/charts/tree/main/charts/plugin-barman-cloud - https://github.com/cloudnative-pg/charts/tree/main/charts/plugin-barman-cloud
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/rclone-bucket
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -22,6 +23,14 @@ dependencies:
- name: plugin-barman-cloud - name: plugin-barman-cloud
version: 0.6.0 version: 0.6.0
repository: https://cloudnative-pg.io/charts/ repository: https://cloudnative-pg.io/charts/
- name: rclone-bucket
alias: rclone-postgres-backups-remote
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.3
- name: rclone-bucket
alias: rclone-postgres-backups-external
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.3
icon: https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg.github.io/refs/heads/main/assets/images/hero_image.png icon: https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg.github.io/refs/heads/main/assets/images/hero_image.png
# renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg # renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg
appVersion: 1.29.0 appVersion: 1.29.0

59
clusters/cl01tl/helm/cloudnative-pg/values.yaml
View File

@@ -14,3 +14,62 @@ plugin-barman-cloud:
requests: requests:
cpu: 1m cpu: 1m
memory: 20Mi memory: 20Mi
rclone-postgres-backups-remote:
nameOverride: postgres-backups-remote-rclone
cronJob:
suspend: false
schedule: 0 1 * * *
rclone:
source:
bucketName: postgres-backups
destination:
bucketName: postgres-backups
prune:
enabled: true
ageToPrune: 45d
include: "/cl01tl/*/*/*/base/**"
exclude: "**/walls/**"
secret:
externalSecret:
source:
credentials:
path: /garage/home-infra/postgres-backups
config:
path: /garage/config
destination:
credentials:
path: /garage/home-infra/postgres-backups
config:
path: /garage/config
rclone-postgres-backups-external:
nameOverride: postgres-backups-external-rclone
cronJob:
suspend: true
schedule: 20 1 * * *
rclone:
source:
bucketName: openbao-backups
destination:
bucketName: postgres-backups-ecc1010276b61716
providerType: DigitalOcean
prune:
enabled: true
ageToPrune: 45d
include: "/cl01tl/*/*/*/base/**"
exclude: "**/walls/**"
secret:
externalSecret:
source:
credentials:
path: /garage/home-infra/postgres-backups
config:
path: /garage/config
destination:
credentials:
path: /digital-ocean/home-infra/postgres-backups
keyIdProperty: AWS_ACCESS_KEY_ID
secretKeyProperty: AWS_SECRET_ACCESS_KEY
regionProperty: AWS_REGION
config:
path: /digital-ocean/config
endpointProperty: ENDPOINT

7
clusters/cl01tl/helm/directus/Chart.lock
View File

@@ -8,5 +8,8 @@ dependencies:
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1 version: 0.6.1
digest: sha256:e3d9d7bc069b79ec37769f77d691cda3b8bd92e37a9d1dd2ef8279dc6d2b6cde - name: rclone-bucket
generated: "2026-04-24T21:50:43.755575922Z" repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.3
digest: sha256:df3b79c6b8868d749d98d232741fef4a26b73894bce3bf4588581340c15fc3da
generated: "2026-04-26T21:06:27.85398357Z"

5
clusters/cl01tl/helm/directus/Chart.yaml
View File

@@ -12,6 +12,7 @@ sources:
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/rclone-bucket
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -27,6 +28,10 @@ dependencies:
alias: valkey alias: valkey
version: 0.6.1 version: 0.6.1
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: rclone-bucket
alias: rclone-directus-assets-remote
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.3
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
# renovate: datasource=github-releases depName=directus/directus # renovate: datasource=github-releases depName=directus/directus
appVersion: 11.17.3 appVersion: 11.17.3

21
clusters/cl01tl/helm/directus/values.yaml
View File

@@ -214,3 +214,24 @@ valkey:
# https://github.com/valkey-io/valkey-helm/issues/135 # https://github.com/valkey-io/valkey-helm/issues/135
metrics: metrics:
enabled: false enabled: false
rclone-directus-assets-remote:
cronJob:
suspend: false
schedule: 0 0 * * *
rclone:
source:
bucketName: directus-assets
destination:
bucketName: directus-assets
secret:
externalSecret:
source:
credentials:
path: /garage/home-infra/directus-assets
config:
path: /garage/config
destination:
credentials:
path: /garage/home-infra/directus-assets
config:
path: /garage/config

20
clusters/cl01tl/helm/external-secrets/templates/cluster-secret-store.yaml
View File

@@ -1,25 +1,5 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ClusterSecretStore kind: ClusterSecretStore
metadata:
name: vault
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault
{{- include "custom.labels" . | nindent 4 }}
spec:
provider:
vault:
server: http://vault-internal.vault:8200
path: secret
auth:
tokenSecretRef:
namespace: vault
name: vault-token
key: token
---
apiVersion: external-secrets.io/v1
kind: ClusterSecretStore
metadata: metadata:
name: openbao name: openbao
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}

4
clusters/cl01tl/helm/foldergram/templates/_helpers.tpl
View File

@@ -16,6 +16,6 @@ app.kubernetes.io/part-of: {{ .Release.Name }}
{{/* {{/*
NFS names NFS names
*/}} */}}
{{- define "custom.storageNfsName" -}} {{- define "custom.storageMiaNfsName" -}}
foldergram-pictures-collections-nfs-storage foldergram-pictures-collection-mia-nfs-storage
{{- end -}} {{- end -}}

6
clusters/cl01tl/helm/foldergram/templates/persistent-volume-claim.yaml
View File

@@ -1,13 +1,13 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: {{ include "custom.storageNfsName" . }} name: {{ include "custom.storageMiaNfsName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} app.kubernetes.io/name: {{ include "custom.storageMiaNfsName" . }}
{{- include "custom.labels" . | nindent 4 }} {{- include "custom.labels" . | nindent 4 }}
spec: spec:
volumeName: {{ include "custom.storageNfsName" . }} volumeName: {{ include "custom.storageMiaNfsName" . }}
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany

6
clusters/cl01tl/helm/foldergram/templates/persistent-volume.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: {{ include "custom.storageNfsName" . }} name: {{ include "custom.storageMiaNfsName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} app.kubernetes.io/name: {{ include "custom.storageMiaNfsName" . }}
{{- include "custom.labels" . | nindent 4 }} {{- include "custom.labels" . | nindent 4 }}
spec: spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
@@ -14,7 +14,7 @@ spec:
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany
nfs: nfs:
path: /volume2/Storage/Pictures/Collections path: '/volume2/Storage/Pictures/Collections/Minneapolis Institute of Art'
server: synologybond.alexlebens.net server: synologybond.alexlebens.net
mountOptions: mountOptions:
- vers=4 - vers=4

8
clusters/cl01tl/helm/foldergram/values.yaml
View File

@@ -17,7 +17,7 @@ foldergram:
- name: IMAGE_DETAIL_SOURCE - name: IMAGE_DETAIL_SOURCE
value: original value: original
- name: DERIVATIVE_MODE - name: DERIVATIVE_MODE
value: eager value: lazy
- name: DATA_ROOT - name: DATA_ROOT
value: ./data value: ./data
- name: GALLERY_ROOT - name: GALLERY_ROOT
@@ -76,12 +76,12 @@ foldergram:
main: main:
- path: /app/data - path: /app/data
readOnly: false readOnly: false
pictures: pictures-mia:
existingClaim: foldergram-pictures-collections-nfs-storage existingClaim: foldergram-pictures-collection-mia-nfs-storage
advancedMounts: advancedMounts:
main: main:
main: main:
- path: /gallery - path: '/gallery/Minneapolis Institute of Art'
readOnly: true readOnly: true
volsync-target-db: volsync-target-db:
pvcTarget: foldergram-db pvcTarget: foldergram-db

2
clusters/cl01tl/helm/grimmory/Chart.yaml
View File

@@ -28,4 +28,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/grimmory.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/grimmory.png
# renovate: datasource=github-releases depName=grimmory-tools/grimmory # renovate: datasource=github-releases depName=grimmory-tools/grimmory
appVersion: v3.0.0 appVersion: v3.0.2

2
clusters/cl01tl/helm/grimmory/values.yaml
View File

@@ -12,7 +12,7 @@ grimmory:
main: main:
image: image:
repository: ghcr.io/grimmory-tools/grimmory repository: ghcr.io/grimmory-tools/grimmory
tag: v3.0.0@sha256:0130c338d4c1186f2f6b6acdc4a7ee56388dfdab9cb0b9a23ac0fc91b79e7d75 tag: v3.0.2@sha256:4557a78321add7d70bef7c0b89c2617c8c023246ae39698bc2cbe636f8c97f9b
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago

6
clusters/cl01tl/helm/isponsorblocktv/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
digest: sha256:65da71c32b4576a11e590f059d97dae22137448cb71049258d018cf5b7bb4a92
generated: "2026-04-26T14:59:16.326539-05:00"

7
clusters/cl01tl/helm/karakeep/Chart.lock
View File

@@ -11,5 +11,8 @@ dependencies:
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 1.0.0 version: 1.0.0
digest: sha256:7e04fb96a89630d96605e1a6dec951191709af377560357f002af33365618c06 - name: rclone-bucket
generated: "2026-04-24T22:52:57.309438139Z" repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.3
digest: sha256:376ee64d93cc959afc02c5cf5b308bbf12a0b5dfb339a6a853b3243e6033604c
generated: "2026-04-26T21:07:05.718924873Z"

5
clusters/cl01tl/helm/karakeep/Chart.yaml
View File

@@ -15,6 +15,7 @@ sources:
- https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch - https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/rclone-bucket
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -32,6 +33,10 @@ dependencies:
alias: volsync-target-data alias: volsync-target-data
version: 1.0.0 version: 1.0.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: rclone-bucket
alias: rclone-karakeep-assets-remote
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.3
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/karakeep.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/karakeep.png
# renovate: datasource=github-releases depName=karakeep-app/karakeep # renovate: datasource=github-releases depName=karakeep-app/karakeep
appVersion: 0.31.0 appVersion: 0.31.0

21
clusters/cl01tl/helm/karakeep/values.yaml
View File

@@ -172,3 +172,24 @@ volsync-target-data:
external: external:
enabled: true enabled: true
schedule: 30 10 * * * schedule: 30 10 * * *
rclone-karakeep-assets-remote:
cronJob:
suspend: false
schedule: 10 0 * * *
rclone:
source:
bucketName: karakeep-assets
destination:
bucketName: karakeep-assets
secret:
externalSecret:
source:
credentials:
path: /garage/home-infra/karakeep-assets
config:
path: /garage/config
destination:
credentials:
path: /garage/home-infra/karakeep-assets
config:
path: /garage/config

6
clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock
View File

@@ -1,7 +1,7 @@
dependencies: dependencies:
- name: kube-prometheus-stack - name: kube-prometheus-stack
repository: oci://ghcr.io/prometheus-community/charts repository: oci://ghcr.io/prometheus-community/charts
version: 84.0.1 version: 84.1.1
- name: prometheus-operator-crds - name: prometheus-operator-crds
repository: oci://ghcr.io/prometheus-community/charts repository: oci://ghcr.io/prometheus-community/charts
version: 28.0.1 version: 28.0.1
@@ -11,5 +11,5 @@ dependencies:
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1 version: 0.6.1
digest: sha256:2714de1082a27491925ba1b7adfba884a5ca9e674df22df96e8f6ccf56a54a6e digest: sha256:0fe4f0abcce69b28f1cb8ba2add3e66d696c8841136e177d99777685e3d0c058
generated: "2026-04-24T17:03:37.423427661Z" generated: "2026-04-26T21:05:21.686448397Z"

2
clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
View File

@@ -20,7 +20,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: kube-prometheus-stack - name: kube-prometheus-stack
version: 84.0.1 version: 84.1.1
repository: oci://ghcr.io/prometheus-community/charts repository: oci://ghcr.io/prometheus-community/charts
- name: prometheus-operator-crds - name: prometheus-operator-crds
version: 28.0.1 version: 28.0.1

2
clusters/cl01tl/helm/medialyze/Chart.yaml
View File

@@ -24,4 +24,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://raw.githubusercontent.com/frederikemmer/MediaLyze/d8f69c0628bac7c047b90f91a66341648029c273/frontend/public/favicon.svg icon: https://raw.githubusercontent.com/frederikemmer/MediaLyze/d8f69c0628bac7c047b90f91a66341648029c273/frontend/public/favicon.svg
# renovate: datasource=github-releases depName=frederikemmer/MediaLyze # renovate: datasource=github-releases depName=frederikemmer/MediaLyze
appVersion: 0.8.3 appVersion: 0.9.0

2
clusters/cl01tl/helm/medialyze/values.yaml
View File

@@ -12,7 +12,7 @@ medialyze:
main: main:
image: image:
repository: ghcr.io/frederikemmer/medialyze repository: ghcr.io/frederikemmer/medialyze
tag: 0.8.3@sha256:ef21e989f3d04c99f0fee4c992a92308156c746e26fb98672a3fa714fc630367 tag: 0.9.0@sha256:3d88b4f4a3e6cf2489a5236e5174d58d6274e99008ce2ddd4159d1389744473f
env: env:
- name: HOST_PORT - name: HOST_PORT
value: 8080 value: 8080

2
clusters/cl01tl/helm/music-grabber/Chart.yaml
View File

@@ -24,4 +24,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/music-grabber.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/music-grabber.png
# renovate: datasource=docker depName=g33kphr33k/musicgrabber # renovate: datasource=docker depName=g33kphr33k/musicgrabber
appVersion: 2.6.5 appVersion: 2.6.6

10
clusters/cl01tl/helm/music-grabber/values.yaml
View File

@@ -12,7 +12,7 @@ music-grabber:
main: main:
image: image:
repository: g33kphr33k/musicgrabber repository: g33kphr33k/musicgrabber
tag: 2.6.5@sha256:5d276415a764a56955207ae41fe2df3341a152812fdf8a87e7c0b7e4e1fb681d tag: 2.6.6@sha256:dad8dec4e32671ef7326d31f58ea626fa4622571e65c6bb34459bc2648f1fead
env: env:
- name: MUSIC_DIR - name: MUSIC_DIR
value: /mnt/store/Music Grabber/ value: /mnt/store/Music Grabber/
@@ -25,24 +25,24 @@ music-grabber:
- name: NAVIDROME_USER - name: NAVIDROME_USER
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: music-grabber-config-secret name: music-grabber-config
key: navidrome-user key: navidrome-user
- name: NAVIDROME_PASS - name: NAVIDROME_PASS
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: music-grabber-config-secret name: music-grabber-config
key: navidrome-password key: navidrome-password
- name: SLSKD_URL - name: SLSKD_URL
value: http://slskd.slskd:5030 value: http://slskd.slskd:5030
- name: SLSKD_USER - name: SLSKD_USER
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: music-grabber-config-secret name: music-grabber-config
key: slskd-user key: slskd-user
- name: SLSKD_PASS - name: SLSKD_PASS
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: music-grabber-config-secret name: music-grabber-config
key: slskd-password key: slskd-password
- name: SLSKD_DOWNLOADS_PATH - name: SLSKD_DOWNLOADS_PATH
value: /mnt/store/slskd/Downloads value: /mnt/store/slskd/Downloads

7
clusters/cl01tl/helm/ntfy/Chart.lock
View File

@@ -5,5 +5,8 @@ dependencies:
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.12.1 version: 7.12.1
digest: sha256:1f4cf54fc4c52a2ef6fff3aae0f8af39b059d46a6e257add049310766ebc0a22 - name: rclone-bucket
generated: "2026-04-24T21:55:36.889797295Z" repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.3
digest: sha256:97ce7f765707305cb7ccf7020c3a0945a19cda7d7d54cb75ff341acdbf000a23
generated: "2026-04-26T21:07:46.221034664Z"

5
clusters/cl01tl/helm/ntfy/Chart.yaml
View File

@@ -10,6 +10,7 @@ sources:
- https://github.com/binwiederhier/ntfy - https://github.com/binwiederhier/ntfy
- https://hub.docker.com/r/binwiederhier/ntfy - https://hub.docker.com/r/binwiederhier/ntfy
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/rclone-bucket
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -21,6 +22,10 @@ dependencies:
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.12.1 version: 7.12.1
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: rclone-bucket
alias: rclone-ntfy-attachments-remote
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.3
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ntfy.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ntfy.png
# renovate: datasource=github-releases depName=binwiederhier/ntfy # renovate: datasource=github-releases depName=binwiederhier/ntfy
appVersion: 2.22.0 appVersion: 2.22.0

21
clusters/cl01tl/helm/ntfy/values.yaml
View File

@@ -124,3 +124,24 @@ postgres-18-cluster:
immediate: true immediate: true
schedule: "0 15 14 * * *" schedule: "0 15 14 * * *"
backupName: garage-local backupName: garage-local
rclone-ntfy-attachments-remote:
cronJob:
suspend: false
schedule: 50 0 * * *
rclone:
source:
bucketName: ntfy-attachments
destination:
bucketName: ntfy-attachments
secret:
externalSecret:
source:
credentials:
path: /garage/home-infra/ntfy-attachments
config:
path: /garage/config
destination:
credentials:
path: /garage/home-infra/ntfy-attachments
config:
path: /garage/config

12
clusters/cl01tl/helm/openbao/Chart.lock
View File

@@ -1,9 +1,15 @@
dependencies: dependencies:
- name: openbao - name: openbao
repository: https://openbao.github.io/openbao-helm repository: https://openbao.github.io/openbao-helm
version: 0.27.1 version: 0.27.2
- name: app-template - name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
digest: sha256:2a48dda8dad91d967fceeec4c50d3358f58b0255ba823e04bea726bf187f8f40 - name: rclone-bucket
generated: "2026-04-15T19:55:47.720376-05:00" repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.3
- name: rclone-bucket
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.3
digest: sha256:cbb61cd27ce6f613cd0fb07a3b9d380008732ed9e933eed45eda2d7e379fe279
generated: "2026-04-26T21:08:16.543052937Z"

9
clusters/cl01tl/helm/openbao/Chart.yaml
View File

@@ -15,6 +15,7 @@ sources:
- https://github.com/lrstanley/vault-unseal/pkgs/container/vault-unseal - https://github.com/lrstanley/vault-unseal/pkgs/container/vault-unseal
- https://github.com/openbao/openbao-helm/tree/main/charts/openbao - https://github.com/openbao/openbao-helm/tree/main/charts/openbao
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/rclone-bucket
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -25,6 +26,14 @@ dependencies:
alias: unseal alias: unseal
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
- name: rclone-bucket
alias: rclone-openbao-backups-remote
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.3
- name: rclone-bucket
alias: rclone-openbao-backups-external
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.3
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/openbao.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/openbao.png
# renovate: datasource=github-releases depName=openbao/openbao # renovate: datasource=github-releases depName=openbao/openbao
appVersion: v2.5.3 appVersion: v2.5.3

52
clusters/cl01tl/helm/openbao/values.yaml
View File

@@ -207,3 +207,55 @@ unseal:
requests: requests:
cpu: 1m cpu: 1m
memory: 10Mi memory: 10Mi
rclone-openbao-backups-remote:
nameOverride: openbao-backups-remote-rclone
cronJob:
suspend: false
schedule: 0 1 * * *
rclone:
source:
bucketName: openbao-backups
destination:
bucketName: openbao-backups
prune:
enabled: true
ageToPrune: 90d
secret:
externalSecret:
source:
credentials:
path: /garage/home-infra/openbao-backups
config:
path: /garage/config
destination:
credentials:
path: /garage/home-infra/openbao-backups
config:
path: /garage/config
rclone-openbao-backups-external:
nameOverride: openbao-backups-external-rclone
cronJob:
suspend: false
schedule: 10 1 * * *
rclone:
source:
bucketName: openbao-backups
destination:
bucketName: openbao-backups-6e088aad5fad110b
providerType: DigitalOcean
prune:
enabled: true
ageToPrune: 90d
secret:
externalSecret:
source:
credentials:
path: /garage/home-infra/openbao-backups
config:
path: /garage/config
destination:
credentials:
path: /digital-ocean/home-infra/openbao-backups
config:
path: /digital-ocean/config
endpointProperty: ENDPOINT

2
clusters/cl01tl/helm/outline/Chart.yaml
View File

@@ -38,4 +38,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/outline.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/outline.png
# renovate: datasource=github-releases depName=outline/outline # renovate: datasource=github-releases depName=outline/outline
appVersion: 1.6.1 appVersion: 1.7.0

2
clusters/cl01tl/helm/outline/values.yaml
View File

@@ -11,7 +11,7 @@ outline:
main: main:
image: image:
repository: outlinewiki/outline repository: outlinewiki/outline
tag: 1.6.1@sha256:a750f764080ce28d4a7393176011c8e2e4170b41689a8f6d91327dadf4904eb6 tag: 1.7.0@sha256:b13ccd15653513a79eb66283bfa91287f5e3d0944d8cb056d5288b8565992de5
env: env:
- name: NODE_ENV - name: NODE_ENV
value: production value: production

2
clusters/cl01tl/helm/qbittorrent/values.yaml
View File

@@ -168,7 +168,7 @@ qbittorrent:
apprise-api: apprise-api:
image: image:
repository: ghcr.io/caronc/apprise repository: ghcr.io/caronc/apprise
tag: v1.3.3@sha256:4bfeac268ba87b8e08e308c9aa0182fe99e9501ec464027afc333d1634e65977 tag: v1.4.0@sha256:9d97a6b9b42cf6afdf3b5466dbed2a59cd42a4bb777ec6aa57b5f2ee623569eb
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago

10
clusters/cl01tl/helm/rclone/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: app-template - name: rclone-bucket
repository: https://bjw-s-labs.github.io/helm-charts/ repository: oci://harbor.alexlebens.net/helm-charts
version: 4.6.2 version: 0.4.3
digest: sha256:8ed5a7025cbfee661770c4f525b6e1376f412114a7ab88cea1ab1de538eea500 digest: sha256:7203c46d1617837cfaad5fc500277ff1ed8d5e310b3af65500f3fbbd3166abd6
generated: "2026-03-11T18:19:57.681245-05:00" generated: "2026-04-26T21:08:47.555855644Z"

11
clusters/cl01tl/helm/rclone/Chart.yaml
View File

@@ -9,15 +9,14 @@ keywords:
home: https://docs.alexlebens.dev/applications/rclone/ home: https://docs.alexlebens.dev/applications/rclone/
sources: sources:
- https://github.com/rclone/rclone - https://github.com/rclone/rclone
- https://hub.docker.com/r/rclone/rclone - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/rclone-bucket
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: app-template - name: rclone-bucket
alias: rclone alias: rclone-web-assets-remote
repository: https://bjw-s-labs.github.io/helm-charts/ repository: oci://harbor.alexlebens.net/helm-charts
version: 4.6.2 version: 0.4.3
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/rclone.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/rclone.png
# renovate: datasource=github-releases depName=rclone/rclone # renovate: datasource=github-releases depName=rclone/rclone
appVersion: v1.73.5 appVersion: v1.73.5

270
clusters/cl01tl/helm/rclone/templates/external-secret.yaml
View File

@@ -1,270 +0,0 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: garage-directus-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: garage-directus-secret
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
key: /garage/home-infra/directus-assets
property: ACCESS_KEY_ID
- secretKey: ACCESS_REGION
remoteRef:
key: /garage/home-infra/directus-assets
property: ACCESS_REGION
- secretKey: ACCESS_SECRET_KEY
remoteRef:
key: /garage/home-infra/directus-assets
property: ACCESS_SECRET_KEY
- secretKey: SRC_ENDPOINT
remoteRef:
key: /garage/config
property: ENDPOINT_LOCAL
- secretKey: DEST_ENDPOINT
remoteRef:
key: /garage/config
property: ENDPOINT_REMOTE
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: garage-karakeep-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: garage-karakeep-secret
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
key: /garage/home-infra/karakeep-assets
property: ACCESS_KEY_ID
- secretKey: ACCESS_REGION
remoteRef:
key: /garage/home-infra/karakeep-assets
property: ACCESS_REGION
- secretKey: ACCESS_SECRET_KEY
remoteRef:
key: /garage/home-infra/karakeep-assets
property: ACCESS_SECRET_KEY
- secretKey: SRC_ENDPOINT
remoteRef:
key: /garage/config
property: ENDPOINT_LOCAL
- secretKey: DEST_ENDPOINT
remoteRef:
key: /garage/config
property: ENDPOINT_REMOTE
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: garage-talos-backups-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: garage-talos-backups-secret
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
key: /garage/home-infra/talos-backups
property: ACCESS_KEY_ID
- secretKey: ACCESS_REGION
remoteRef:
key: /garage/home-infra/talos-backups
property: ACCESS_REGION
- secretKey: ACCESS_SECRET_KEY
remoteRef:
key: /garage/home-infra/talos-backups
property: ACCESS_SECRET_KEY
- secretKey: SRC_ENDPOINT
remoteRef:
key: /garage/config
property: ENDPOINT_LOCAL
- secretKey: DEST_ENDPOINT
remoteRef:
key: /garage/config
property: ENDPOINT_REMOTE
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: garage-web-assets-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: garage-web-assets-secret
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
key: /garage/home-infra/web-assets
property: ACCESS_KEY_ID
- secretKey: ACCESS_REGION
remoteRef:
key: /garage/home-infra/web-assets
property: ACCESS_REGION
- secretKey: ACCESS_SECRET_KEY
remoteRef:
key: /garage/home-infra/web-assets
property: ACCESS_SECRET_KEY
- secretKey: SRC_ENDPOINT
remoteRef:
key: /garage/config
property: ENDPOINT_LOCAL
- secretKey: DEST_ENDPOINT
remoteRef:
key: /garage/config
property: ENDPOINT_REMOTE
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: garage-postgres-backups-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: garage-postgres-backups-secret
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
key: /garage/home-infra/postgres-backups
property: ACCESS_KEY_ID
- secretKey: ACCESS_REGION
remoteRef:
key: /garage/home-infra/postgres-backups
property: ACCESS_REGION
- secretKey: ACCESS_SECRET_KEY
remoteRef:
key: /garage/home-infra/postgres-backups
property: ACCESS_SECRET_KEY
- secretKey: SRC_ENDPOINT
remoteRef:
key: /garage/config
property: ENDPOINT_LOCAL
- secretKey: DEST_ENDPOINT
remoteRef:
key: /garage/config
property: ENDPOINT_REMOTE
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: garage-ntfy-attachments-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: garage-ntfy-attachments-secret
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
key: /garage/home-infra/ntfy-attachments
property: ACCESS_KEY_ID
- secretKey: ACCESS_REGION
remoteRef:
key: /garage/home-infra/ntfy-attachments
property: ACCESS_REGION
- secretKey: ACCESS_SECRET_KEY
remoteRef:
key: /garage/home-infra/ntfy-attachments
property: ACCESS_SECRET_KEY
- secretKey: SRC_ENDPOINT
remoteRef:
key: /garage/config
property: ENDPOINT_LOCAL
- secretKey: DEST_ENDPOINT
remoteRef:
key: /garage/config
property: ENDPOINT_REMOTE
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: garage-openbao-backups-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: garage-openbao-backups-secret
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
key: /garage/home-infra/openbao-backups
property: ACCESS_KEY_ID
- secretKey: ACCESS_REGION
remoteRef:
key: /garage/home-infra/openbao-backups
property: ACCESS_REGION
- secretKey: ACCESS_SECRET_KEY
remoteRef:
key: /garage/home-infra/openbao-backups
property: ACCESS_SECRET_KEY
- secretKey: ENDPOINT_LOCAL
remoteRef:
key: /garage/config
property: ENDPOINT_LOCAL
- secretKey: ENDPOINT_REMOTE
remoteRef:
key: /garage/config
property: ENDPOINT_REMOTE
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: external-openbao-backups-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: external-openbao-backups-secret
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
key: /digital-ocean/home-infra/openbao-backups
property: ACCESS_KEY_ID
- secretKey: ACCESS_REGION
remoteRef:
key: /digital-ocean/home-infra/openbao-backups
property: ACCESS_REGION
- secretKey: ACCESS_SECRET_KEY
remoteRef:
key: /digital-ocean/home-infra/openbao-backups
property: ACCESS_SECRET_KEY

682
clusters/cl01tl/helm/rclone/values.yaml
View File

@@ -1,358 +1,5 @@
rclone: rclone:
controllers: controllers:
directus-assets:
type: cronjob
cronjob:
suspend: false
timeZone: America/Chicago
schedule: 0 0 * * *
backoffLimit: 3
parallelism: 1
containers:
sync:
image:
repository: rclone/rclone
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
args:
- sync
- src:directus-assets
- dest:directus-assets
- --s3-no-check-bucket
- --verbose
env:
- name: RCLONE_S3_PROVIDER
value: Other
- name: RCLONE_CONFIG_SRC_TYPE
value: s3
- name: RCLONE_CONFIG_SRC_PROVIDER
value: Other
- name: RCLONE_CONFIG_SRC_ENV_AUTH
value: false
- name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: garage-directus-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: garage-directus-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_SRC_REGION
valueFrom:
secretKeyRef:
name: garage-directus-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_SRC_ENDPOINT
valueFrom:
secretKeyRef:
name: garage-directus-secret
key: SRC_ENDPOINT
- name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
value: true
- name: RCLONE_CONFIG_DEST_TYPE
value: s3
- name: RCLONE_CONFIG_DEST_PROVIDER
value: Other
- name: RCLONE_CONFIG_DEST_ENV_AUTH
value: false
- name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: garage-directus-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: garage-directus-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_DEST_REGION
valueFrom:
secretKeyRef:
name: garage-directus-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_DEST_ENDPOINT
valueFrom:
secretKeyRef:
name: garage-directus-secret
key: DEST_ENDPOINT
- name: RCLONE_CONFIG_DEST_S3_FORCE_PATH_STYLE
value: true
karakeep-assets:
type: cronjob
cronjob:
suspend: false
timeZone: America/Chicago
schedule: 10 0 * * *
backoffLimit: 3
parallelism: 1
containers:
sync:
image:
repository: rclone/rclone
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
args:
- sync
- src:karakeep-assets
- dest:karakeep-assets
- --s3-no-check-bucket
- --verbose
env:
- name: RCLONE_S3_PROVIDER
value: Other
- name: RCLONE_CONFIG_SRC_TYPE
value: s3
- name: RCLONE_CONFIG_SRC_PROVIDER
value: Other
- name: RCLONE_CONFIG_SRC_ENV_AUTH
value: false
- name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: garage-karakeep-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: garage-karakeep-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_SRC_REGION
valueFrom:
secretKeyRef:
name: garage-karakeep-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_SRC_ENDPOINT
valueFrom:
secretKeyRef:
name: garage-karakeep-secret
key: SRC_ENDPOINT
- name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
value: true
- name: RCLONE_CONFIG_DEST_TYPE
value: s3
- name: RCLONE_CONFIG_DEST_PROVIDER
value: Other
- name: RCLONE_CONFIG_DEST_ENV_AUTH
value: false
- name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: garage-karakeep-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: garage-karakeep-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_DEST_REGION
valueFrom:
secretKeyRef:
name: garage-karakeep-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_DEST_ENDPOINT
valueFrom:
secretKeyRef:
name: garage-karakeep-secret
key: DEST_ENDPOINT
- name: RCLONE_CONFIG_SRC_DEST_FORCE_PATH_STYLE
value: true
talos-backups:
type: cronjob
cronjob:
suspend: false
timeZone: America/Chicago
schedule: 20 0 * * *
backoffLimit: 3
parallelism: 1
containers:
sync:
image:
repository: rclone/rclone
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
args:
- sync
- src:talos-backups
- dest:talos-backups
- --s3-no-check-bucket
- --max-age
- 90d
- --verbose
env:
- name: RCLONE_S3_PROVIDER
value: Other
- name: RCLONE_CONFIG_SRC_TYPE
value: s3
- name: RCLONE_CONFIG_SRC_PROVIDER
value: Other
- name: RCLONE_CONFIG_SRC_ENV_AUTH
value: false
- name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: garage-talos-backups-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: garage-talos-backups-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_SRC_REGION
valueFrom:
secretKeyRef:
name: garage-talos-backups-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_SRC_ENDPOINT
valueFrom:
secretKeyRef:
name: garage-talos-backups-secret
key: SRC_ENDPOINT
- name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
value: true
- name: RCLONE_CONFIG_DEST_TYPE
value: s3
- name: RCLONE_CONFIG_DEST_PROVIDER
value: Other
- name: RCLONE_CONFIG_DEST_ENV_AUTH
value: false
- name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: garage-talos-backups-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: garage-talos-backups-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_DEST_REGION
valueFrom:
secretKeyRef:
name: garage-talos-backups-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_DEST_ENDPOINT
valueFrom:
secretKeyRef:
name: garage-talos-backups-secret
key: DEST_ENDPOINT
- name: RCLONE_CONFIG_SRC_DEST_FORCE_PATH_STYLE
value: true
prune:
image:
repository: rclone/rclone
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
args:
- delete
- dest:talos-backups
- --min-age
- 90d
- --verbose
env:
- name: RCLONE_CONFIG_DEST_TYPE
value: s3
- name: RCLONE_CONFIG_DEST_PROVIDER
value: Other
- name: RCLONE_CONFIG_DEST_ENV_AUTH
value: false
- name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: garage-talos-backups-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: garage-talos-backups-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_DEST_REGION
valueFrom:
secretKeyRef:
name: garage-talos-backups-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_DEST_ENDPOINT
valueFrom:
secretKeyRef:
name: garage-talos-backups-secret
key: DEST_ENDPOINT
- name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
value: true
web-assets:
type: cronjob
cronjob:
suspend: false
timeZone: America/Chicago
schedule: 30 0 * * *
backoffLimit: 3
parallelism: 1
containers:
sync:
image:
repository: rclone/rclone
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
args:
- sync
- src:web-assets
- dest:web-assets
- --s3-no-check-bucket
- --verbose
env:
- name: RCLONE_S3_PROVIDER
value: Other
- name: RCLONE_CONFIG_SRC_TYPE
value: s3
- name: RCLONE_CONFIG_SRC_PROVIDER
value: Other
- name: RCLONE_CONFIG_SRC_ENV_AUTH
value: false
- name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: garage-web-assets-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: garage-web-assets-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_SRC_REGION
valueFrom:
secretKeyRef:
name: garage-web-assets-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_SRC_ENDPOINT
valueFrom:
secretKeyRef:
name: garage-web-assets-secret
key: SRC_ENDPOINT
- name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
value: true
- name: RCLONE_CONFIG_DEST_TYPE
value: s3
- name: RCLONE_CONFIG_DEST_PROVIDER
value: Other
- name: RCLONE_CONFIG_DEST_ENV_AUTH
value: false
- name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: garage-web-assets-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: garage-web-assets-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_DEST_REGION
valueFrom:
secretKeyRef:
name: garage-web-assets-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_DEST_ENDPOINT
valueFrom:
secretKeyRef:
name: garage-web-assets-secret
key: DEST_ENDPOINT
- name: RCLONE_CONFIG_DEST_S3_FORCE_PATH_STYLE
value: true
postgres-backups: postgres-backups:
type: cronjob type: cronjob
cronjob: cronjob:
@@ -476,313 +123,24 @@ rclone:
key: DEST_ENDPOINT key: DEST_ENDPOINT
- name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
value: true value: true
ntfy-attachments: rclone-web-assets-remote:
type: cronjob cronJob:
cronjob:
suspend: false suspend: false
timeZone: America/Chicago schedule: 30 0 * * *
schedule: 50 0 * * * rclone:
backoffLimit: 3 source:
parallelism: 1 bucketName: web-assets
containers: destination:
sync: bucketName: web-assets
image: secret:
repository: rclone/rclone externalSecret:
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96 source:
args: credentials:
- sync path: /garage/home-infra/web-assets
- src:ntfy-attachments config:
- dest:ntfy-attachments path: /garage/config
- --s3-no-check-bucket destination:
- --verbose credentials:
env: path: /garage/home-infra/web-assets
- name: RCLONE_S3_PROVIDER config:
value: Other path: /garage/config
- name: RCLONE_CONFIG_SRC_TYPE
value: s3
- name: RCLONE_CONFIG_SRC_PROVIDER
value: Other
- name: RCLONE_CONFIG_SRC_ENV_AUTH
value: false
- name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: garage-ntfy-attachments-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: garage-ntfy-attachments-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_SRC_REGION
valueFrom:
secretKeyRef:
name: garage-ntfy-attachments-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_SRC_ENDPOINT
valueFrom:
secretKeyRef:
name: garage-ntfy-attachments-secret
key: SRC_ENDPOINT
- name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
value: true
- name: RCLONE_CONFIG_DEST_TYPE
value: s3
- name: RCLONE_CONFIG_DEST_PROVIDER
value: Other
- name: RCLONE_CONFIG_DEST_ENV_AUTH
value: false
- name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: garage-ntfy-attachments-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: garage-ntfy-attachments-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_DEST_REGION
valueFrom:
secretKeyRef:
name: garage-ntfy-attachments-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_DEST_ENDPOINT
valueFrom:
secretKeyRef:
name: garage-ntfy-attachments-secret
key: DEST_ENDPOINT
- name: RCLONE_CONFIG_SRC_DEST_FORCE_PATH_STYLE
value: true
openbao-backups-remote:
type: cronjob
cronjob:
suspend: false
timeZone: America/Chicago
schedule: 0 1 * * *
backoffLimit: 3
parallelism: 1
containers:
sync:
image:
repository: rclone/rclone
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
args:
- sync
- src:openbao-backups
- dest:openbao-backups
- --s3-no-check-bucket
- --max-age
- 90d
- --verbose
env:
- name: RCLONE_S3_PROVIDER
value: Other
- name: RCLONE_CONFIG_SRC_TYPE
value: s3
- name: RCLONE_CONFIG_SRC_PROVIDER
value: Other
- name: RCLONE_CONFIG_SRC_ENV_AUTH
value: false
- name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: garage-openbao-backups-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: garage-openbao-backups-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_SRC_REGION
valueFrom:
secretKeyRef:
name: garage-openbao-backups-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_SRC_ENDPOINT
valueFrom:
secretKeyRef:
name: garage-openbao-backups-secret
key: ENDPOINT_LOCAL
- name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
value: true
- name: RCLONE_CONFIG_DEST_TYPE
value: s3
- name: RCLONE_CONFIG_DEST_PROVIDER
value: Other
- name: RCLONE_CONFIG_DEST_ENV_AUTH
value: false
- name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: garage-openbao-backups-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: garage-openbao-backups-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_DEST_REGION
valueFrom:
secretKeyRef:
name: garage-openbao-backups-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_DEST_ENDPOINT
valueFrom:
secretKeyRef:
name: garage-openbao-backups-secret
key: ENDPOINT_REMOTE
- name: RCLONE_CONFIG_SRC_DEST_FORCE_PATH_STYLE
value: true
prune:
image:
repository: rclone/rclone
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
args:
- delete
- dest:openbao-backups
- --min-age
- 90d
- --verbose
env:
- name: RCLONE_CONFIG_DEST_TYPE
value: s3
- name: RCLONE_CONFIG_DEST_PROVIDER
value: Other
- name: RCLONE_CONFIG_DEST_ENV_AUTH
value: false
- name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: garage-openbao-backups-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: garage-openbao-backups-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_DEST_REGION
valueFrom:
secretKeyRef:
name: garage-openbao-backups-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_DEST_ENDPOINT
valueFrom:
secretKeyRef:
name: garage-openbao-backups-secret
key: ENDPOINT_REMOTE
- name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
value: true
openbao-backups-external:
type: cronjob
cronjob:
suspend: false
timeZone: America/Chicago
schedule: 10 1 * * *
backoffLimit: 3
parallelism: 1
containers:
sync:
image:
repository: rclone/rclone
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
args:
- sync
- src:openbao-backups
- dest:openbao-backups-6e088aad5fad110b
- --s3-no-check-bucket
- --max-age
- 90d
- --verbose
env:
- name: RCLONE_S3_PROVIDER
value: Other
- name: RCLONE_CONFIG_SRC_TYPE
value: s3
- name: RCLONE_CONFIG_SRC_PROVIDER
value: Other
- name: RCLONE_CONFIG_SRC_ENV_AUTH
value: false
- name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: garage-openbao-backups-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: garage-openbao-backups-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_SRC_REGION
valueFrom:
secretKeyRef:
name: garage-openbao-backups-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_SRC_ENDPOINT
valueFrom:
secretKeyRef:
name: garage-openbao-backups-secret
key: ENDPOINT_LOCAL
- name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
value: true
- name: RCLONE_CONFIG_DEST_TYPE
value: s3
- name: RCLONE_CONFIG_DEST_PROVIDER
value: DigitalOcean
- name: RCLONE_CONFIG_DEST_ENV_AUTH
value: false
- name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: external-openbao-backups-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: external-openbao-backups-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_DEST_REGION
valueFrom:
secretKeyRef:
name: external-openbao-backups-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_DEST_ENDPOINT
value: https://nyc3.digitaloceanspaces.com
- name: RCLONE_CONFIG_DEST_S3_FORCE_PATH_STYLE
value: true
prune:
image:
repository: rclone/rclone
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
args:
- delete
- dest:openbao-backups-6e088aad5fad110b
- --min-age
- 90d
- --verbose
env:
- name: RCLONE_CONFIG_DEST_TYPE
value: s3
- name: RCLONE_CONFIG_DEST_PROVIDER
value: DigitalOcean
- name: RCLONE_CONFIG_DEST_ENV_AUTH
value: false
- name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: external-openbao-backups-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: external-openbao-backups-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_DEST_REGION
valueFrom:
secretKeyRef:
name: external-openbao-backups-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_DEST_ENDPOINT
value: https://nyc3.digitaloceanspaces.com
- name: RCLONE_CONFIG_DEST_S3_FORCE_PATH_STYLE
value: true

2
clusters/cl01tl/helm/site-documentation/values.yaml
View File

@@ -10,7 +10,7 @@ site-documentation:
main: main:
image: image:
repository: harbor.alexlebens.net/images/site-documentation repository: harbor.alexlebens.net/images/site-documentation
tag: 0.27.0@sha256:dafa3c8aa9401009c299bb274d140acc10d8531dd40c8253783b1f8ed8519d76 tag: 0.27.1@sha256:a9e8659827375e7ee65ea8bc8550f4c0604316b48f39da7fa255fa9f3b5a17d6
resources: resources:
requests: requests:
cpu: 10m cpu: 10m

2
clusters/cl01tl/helm/site-profile/values.yaml
View File

@@ -10,7 +10,7 @@ site-profile:
main: main:
image: image:
repository: harbor.alexlebens.net/images/site-profile repository: harbor.alexlebens.net/images/site-profile
tag: 3.18.5@sha256:2ad5cbbdbf1011f74c5fa804584236ffea266c37f046f837625af79a97bc0b56 tag: 3.18.6@sha256:6aacdb7270d21b02d85cd593999014c91614e70c8f6f84774e532f9141237a6c
resources: resources:
requests: requests:
cpu: 10m cpu: 10m

2
clusters/cl01tl/helm/site-saralebens/values.yaml
View File

@@ -10,7 +10,7 @@ site-saralebens:
main: main:
image: image:
repository: harbor.alexlebens.net/images/site-saralebens repository: harbor.alexlebens.net/images/site-saralebens
tag: 1.1.1@sha256:b1a92f492127dd0e6b1756dd6798e72fbc991c7b334c0bec87ba39cb9bb14ee3 tag: 1.1.2@sha256:53389e7b38dd543eb453ddbfa3a25cb77aada734cb403a29c3e9f5ab77f57996
resources: resources:
requests: requests:
cpu: 10m cpu: 10m

2
clusters/cl01tl/helm/sonarr-4k/Chart.yaml
View File

@@ -33,4 +33,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png
# renovate: datasource=github-releases depName=linuxserver/docker-sonarr # renovate: datasource=github-releases depName=linuxserver/docker-sonarr
appVersion: 4.0.17.2952-ls308 appVersion: 4.0.17.2952-ls309

2
clusters/cl01tl/helm/sonarr-4k/values.yaml
View File

@@ -13,7 +13,7 @@ sonarr-4k:
main: main:
image: image:
repository: ghcr.io/linuxserver/sonarr repository: ghcr.io/linuxserver/sonarr
tag: 4.0.17.2952-ls308@sha256:e6c9a091735fede0c2a205c69e7d4c2f0188eaf2bec7e42d8a26c017e5f2a910 tag: 4.0.17.2952-ls309@sha256:3580aec3802c915f0f819a88d5099abce61734b925732b8393d176b5dc561020
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago

2
clusters/cl01tl/helm/sonarr-anime/Chart.yaml
View File

@@ -33,4 +33,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png
# renovate: datasource=github-releases depName=linuxserver/docker-sonarr # renovate: datasource=github-releases depName=linuxserver/docker-sonarr
appVersion: 4.0.17.2952-ls308 appVersion: 4.0.17.2952-ls309

2
clusters/cl01tl/helm/sonarr-anime/values.yaml
View File

@@ -13,7 +13,7 @@ sonarr-anime:
main: main:
image: image:
repository: ghcr.io/linuxserver/sonarr repository: ghcr.io/linuxserver/sonarr
tag: 4.0.17.2952-ls308@sha256:e6c9a091735fede0c2a205c69e7d4c2f0188eaf2bec7e42d8a26c017e5f2a910 tag: 4.0.17.2952-ls309@sha256:3580aec3802c915f0f819a88d5099abce61734b925732b8393d176b5dc561020
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago

2
clusters/cl01tl/helm/sonarr/Chart.yaml
View File

@@ -33,4 +33,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png
# renovate: datasource=github-releases depName=linuxserver/docker-sonarr # renovate: datasource=github-releases depName=linuxserver/docker-sonarr
appVersion: 4.0.17.2952-ls308 appVersion: 4.0.17.2952-ls309

2
clusters/cl01tl/helm/sonarr/values.yaml
View File

@@ -12,7 +12,7 @@ sonarr:
main: main:
image: image:
repository: ghcr.io/linuxserver/sonarr repository: ghcr.io/linuxserver/sonarr
tag: 4.0.17.2952-ls308@sha256:e6c9a091735fede0c2a205c69e7d4c2f0188eaf2bec7e42d8a26c017e5f2a910 tag: 4.0.17.2952-ls309@sha256:3580aec3802c915f0f819a88d5099abce61734b925732b8393d176b5dc561020
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago

10
clusters/cl01tl/helm/talos/templates/_helpers.tpl
View File

@@ -12,13 +12,3 @@ Selector labels
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }} {{- end }}
{{/*
ServiceAccount names
*/}}
{{- define "custom.serviceAccountName" -}}
talos-backup
{{- end -}}
{{- define "custom.serviceAccountSecretsName" -}}
talos-backup-secrets
{{- end -}}

24
clusters/cl01tl/helm/talos/templates/external-secret.yaml
View File

@@ -19,6 +19,14 @@ spec:
remoteRef: remoteRef:
key: /garage/home-infra/talos-backups key: /garage/home-infra/talos-backups
property: ACCESS_SECRET_KEY property: ACCESS_SECRET_KEY
- secretKey: AWS_REGION
remoteRef:
key: /garage/home-infra/talos-backups
property: ACCESS_REGION
- secretKey: BUCKET_NAME
remoteRef:
key: /garage/home-infra/talos-backups
property: BUCKET
- secretKey: BUCKET - secretKey: BUCKET
remoteRef: remoteRef:
key: /garage/home-infra/talos-backups key: /garage/home-infra/talos-backups
@@ -50,6 +58,14 @@ spec:
remoteRef: remoteRef:
key: /garage/home-infra/talos-backups key: /garage/home-infra/talos-backups
property: ACCESS_SECRET_KEY property: ACCESS_SECRET_KEY
- secretKey: AWS_REGION
remoteRef:
key: /garage/home-infra/talos-backups
property: ACCESS_REGION
- secretKey: BUCKET_NAME
remoteRef:
key: /garage/home-infra/talos-backups
property: BUCKET
- secretKey: BUCKET - secretKey: BUCKET
remoteRef: remoteRef:
key: /garage/home-infra/talos-backups key: /garage/home-infra/talos-backups
@@ -81,6 +97,14 @@ spec:
remoteRef: remoteRef:
key: /digital-ocean/home-infra/talos-backups key: /digital-ocean/home-infra/talos-backups
property: AWS_SECRET_ACCESS_KEY property: AWS_SECRET_ACCESS_KEY
- secretKey: AWS_REGION
remoteRef:
key: /digital-ocean/home-infra/talos-backups
property: AWS_REGION
- secretKey: BUCKET_NAME
remoteRef:
key: /digital-ocean/home-infra/talos-backups
property: BUCKET
- secretKey: BUCKET - secretKey: BUCKET
remoteRef: remoteRef:
key: /digital-ocean/home-infra/talos-backups key: /digital-ocean/home-infra/talos-backups

8
clusters/cl01tl/helm/talos/templates/secret-provider-class.yaml
View File

@@ -10,7 +10,7 @@ spec:
provider: openbao provider: openbao
parameters: parameters:
baoAddress: "http://openbao-internal.openbao:8200" baoAddress: "http://openbao-internal.openbao:8200"
roleName: {{ include "custom.serviceAccountName" . }} roleName: talos-backup
objects: | objects: |
- objectName: .s3cfg - objectName: .s3cfg
fileName: .s3cfg fileName: .s3cfg
@@ -30,7 +30,7 @@ spec:
provider: openbao provider: openbao
parameters: parameters:
baoAddress: "http://openbao-internal.openbao:8200" baoAddress: "http://openbao-internal.openbao:8200"
roleName: {{ include "custom.serviceAccountName" . }} roleName: talos-backup
objects: | objects: |
- objectName: .s3cfg - objectName: .s3cfg
fileName: .s3cfg fileName: .s3cfg
@@ -50,7 +50,7 @@ spec:
provider: openbao provider: openbao
parameters: parameters:
baoAddress: "http://openbao-internal.openbao:8200" baoAddress: "http://openbao-internal.openbao:8200"
roleName: {{ include "custom.serviceAccountName" . }} roleName: talos-backup
objects: | objects: |
- objectName: .s3cfg - objectName: .s3cfg
fileName: .s3cfg fileName: .s3cfg
@@ -70,7 +70,7 @@ spec:
provider: openbao provider: openbao
parameters: parameters:
baoAddress: "http://openbao-internal.openbao:8200" baoAddress: "http://openbao-internal.openbao:8200"
roleName: {{ include "custom.serviceAccountName" . }} roleName: talos-defrag
objects: | objects: |
- objectName: config - objectName: config
fileName: config fileName: config

34
clusters/cl01tl/helm/talos/templates/service-account.yaml
View File

@@ -1,21 +1,31 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "custom.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ include "custom.serviceAccountName" . }}
{{- include "custom.labels" . | nindent 4 }}
---
apiVersion: talos.dev/v1alpha1 apiVersion: talos.dev/v1alpha1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: {{ include "custom.serviceAccountSecretsName" . }} name: talos-backup-secrets
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "custom.serviceAccountSecretsName" . }} app.kubernetes.io/name: talos-backup-secrets
{{- include "custom.labels" . | nindent 4 }} {{- include "custom.labels" . | nindent 4 }}
spec: spec:
roles: roles:
- os:etcd:backup - os:etcd:backup
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: talos-backup
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: talos-backup
{{- include "custom.labels" . | nindent 4 }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: talos-defrag
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: talos-defrag
{{- include "custom.labels" . | nindent 4 }}

36
clusters/cl01tl/helm/talos/values.yaml
View File

@@ -47,11 +47,17 @@ etcd-backup:
name: talos-etcd-backup-local-config name: talos-etcd-backup-local-config
key: AWS_SECRET_ACCESS_KEY key: AWS_SECRET_ACCESS_KEY
- name: AWS_REGION - name: AWS_REGION
value: us-east-1 valueFrom:
secretKeyRef:
name: talos-etcd-backup-local-config
key: AWS_REGION
- name: CUSTOM_S3_ENDPOINT - name: CUSTOM_S3_ENDPOINT
value: http://garage-main.garage:3900 value: http://garage-main.garage:3900
- name: BUCKET - name: BUCKET
value: talos-backups valueFrom:
secretKeyRef:
name: talos-etcd-backup-local-config
key: BUCKET_NAME
- name: S3_PREFIX - name: S3_PREFIX
value: "cl01tl/etcd" value: "cl01tl/etcd"
- name: CLUSTER_NAME - name: CLUSTER_NAME
@@ -129,11 +135,17 @@ etcd-backup:
name: talos-etcd-backup-remote-config name: talos-etcd-backup-remote-config
key: AWS_SECRET_ACCESS_KEY key: AWS_SECRET_ACCESS_KEY
- name: AWS_REGION - name: AWS_REGION
value: us-east-1 valueFrom:
secretKeyRef:
name: talos-etcd-backup-remote-config
key: AWS_REGION
- name: CUSTOM_S3_ENDPOINT - name: CUSTOM_S3_ENDPOINT
value: https://garage-ps10rp.boreal-beaufort.ts.net:3900 value: https://garage-ps10rp.boreal-beaufort.ts.net:3900
- name: BUCKET - name: BUCKET
value: talos-backups valueFrom:
secretKeyRef:
name: talos-etcd-backup-remote-config
key: BUCKET_NAME
- name: S3_PREFIX - name: S3_PREFIX
value: "cl01tl/etcd" value: "cl01tl/etcd"
- name: CLUSTER_NAME - name: CLUSTER_NAME
@@ -211,11 +223,17 @@ etcd-backup:
name: talos-etcd-backup-external-config name: talos-etcd-backup-external-config
key: AWS_SECRET_ACCESS_KEY key: AWS_SECRET_ACCESS_KEY
- name: AWS_REGION - name: AWS_REGION
value: nyc3 valueFrom:
secretKeyRef:
name: talos-etcd-backup-external-config
key: AWS_REGION
- name: CUSTOM_S3_ENDPOINT - name: CUSTOM_S3_ENDPOINT
value: https://nyc3.digitaloceanspaces.com value: https://nyc3.digitaloceanspaces.com
- name: BUCKET - name: BUCKET
value: talos-backups-bee8585f7b8a4d0239c9b823 valueFrom:
secretKeyRef:
name: talos-etcd-backup-external-config
key: BUCKET_NAME
- name: S3_PREFIX - name: S3_PREFIX
value: "cl01tl/etcd" value: "cl01tl/etcd"
- name: CLUSTER_NAME - name: CLUSTER_NAME
@@ -381,6 +399,8 @@ etcd-defrag:
schedule: 0 0 * * 0 schedule: 0 0 * * 0
backoffLimit: 3 backoffLimit: 3
parallelism: 1 parallelism: 1
serviceAccount:
name: talos-defrag
containers: containers:
main: main:
image: image:
@@ -409,6 +429,8 @@ etcd-defrag:
schedule: 10 0 * * 0 schedule: 10 0 * * 0
backoffLimit: 3 backoffLimit: 3
parallelism: 1 parallelism: 1
serviceAccount:
name: talos-defrag
containers: containers:
main: main:
image: image:
@@ -437,6 +459,8 @@ etcd-defrag:
schedule: 20 0 * * 0 schedule: 20 0 * * 0
backoffLimit: 3 backoffLimit: 3
parallelism: 1 parallelism: 1
serviceAccount:
name: talos-defrag
containers: containers:
main: main:
image: image:

2
clusters/cl01tl/helm/vault/Chart.yaml
View File

@@ -31,4 +31,4 @@ dependencies:
version: 4.6.2 version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/hashicorp-vault.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/hashicorp-vault.png
# renovate: datasource=github-releases depName=hashicorp/vault # renovate: datasource=github-releases depName=hashicorp/vault
appVersion: 1.21.4 appVersion: 2.0.0

122
clusters/cl01tl/helm/vault/templates/config-map.yaml
View File

@@ -9,59 +9,29 @@ metadata:
data: data:
snapshot.sh: | snapshot.sh: |
DATE=$(date +"%Y%m%d-%H-%M") DATE=$(date +"%Y%m%d-%H-%M")
MAX_RETRIES=5
SUCCESS=false
echo " " echo " "
echo ">> Running Vault Snapshot Script ..." echo ">> Running Vault Snapshot Script ..."
echo " " echo " "
echo ">> Verifying required commands ..." echo ">> Fetching Vault token ..."
echo " " export VAULT_TOKEN=$(vault write -field=token auth/approle/login role_id=$VAULT_APPROLE_ROLE_ID secret_id=$VAULT_APPROLE_SECRET_ID)
for i in $(seq 1 "$MAX_RETRIES"); do if [ -z "$VAULT_TOKEN" ]; then
if apk update 2>&1 >/dev/null; then echo ">> ERROR: Failed to fetch Vault token! Exiting..."
echo ">> Attempt $i: Repositories are reachable"; exit 1
SUCCESS=true;
break;
else
echo ">> Attempt $i: Connection failed, retrying in 5 seconds ...";
sleep 5;
fi;
done;
if [ "$SUCCESS" = false ]; then
echo ">> ERROR: Could not connect to apk repositories after $MAX_RETRIES attempts, exiting ...";
exit 1;
fi fi
echo " " echo " "
echo ">> Taking Vault snapshot ..."
if ! command -v jq 2>&1 >/dev/null; then
echo ">> Command jq could not be found, installing";
apk add --no-cache -q jq;
if [ $? -eq 0 ]; then
echo ">> Installation successful";
else
echo ">> Installation failed with exit code $?";
exit 1;
fi;
fi;
echo " ";
echo ">> Fetching Vault token ...";
export VAULT_TOKEN=$(vault write auth/approle/login role_id=$VAULT_APPROLE_ROLE_ID secret_id=$VAULT_APPROLE_SECRET_ID -format=json | jq -r .auth.client_token);
echo " ";
echo ">> Taking Vault snapsot ...";
vault operator raft snapshot save /opt/backup/vault-snapshot-$DATE.snap vault operator raft snapshot save /opt/backup/vault-snapshot-$DATE.snap
echo " "; echo " "
echo ">> Setting ownership of Vault snapsot ..."; echo ">> Setting ownership of Vault snapshot ..."
chown 100:1000 /opt/backup/vault-snapshot-$DATE.snap chown 100:1000 /opt/backup/vault-snapshot-$DATE.snap
echo " "; echo " "
echo ">> Completed Vault snapshot"; echo ">> Completed Vault snapshot"
--- ---
apiVersion: v1 apiVersion: v1
@@ -77,75 +47,3 @@ data:
echo " "; echo " ";
echo ">> Running S3 backup for Vault snapshot"; echo ">> Running S3 backup for Vault snapshot";
OUTPUT=$(s3cmd sync --no-check-certificate -v /opt/backup/* "${BUCKET}/cl01tl/cl01tl-vault-snapshots/" 2>&1) OUTPUT=$(s3cmd sync --no-check-certificate -v /opt/backup/* "${BUCKET}/cl01tl/cl01tl-vault-snapshots/" 2>&1)
STATUS=$?
if [ $STATUS -ne 0 ]; then
if echo "$OUTPUT" | grep -q "403 Forbidden"; then
MESSAGE="403 Authentication Error: Your keys are wrong or you don't have permission"
elif echo "$OUTPUT" | grep -q "404 Not Found"; then
MESSAGE="404 Error: The bucket or folder does not exist"
elif echo "$OUTPUT" | grep -q "Connection refused"; then
MESSAGE="Network Error: Cannot reach the S3 endpoint"
else
MESSAGE="Unknown Error"
echo " ";
echo ">> Unknown Error, output:"
echo " "
echo "$OUTPUT"
fi
MAX_RETRIES=5
SUCCESS=false
echo " "
echo ">> Sending message to ntfy using curl ..."
echo " "
echo ">> Verifying required commands ..."
for i in $(seq 1 "$MAX_RETRIES"); do
if apk update 2>&1 >/dev/null; then
echo ">> Attempt $i: Repositories are reachable";
SUCCESS=true;
break;
else
echo ">> Attempt $i: Connection failed, retrying in 5 seconds ...";
sleep 5;
fi;
done;
if [ "$SUCCESS" = false ]; then
echo ">> ERROR: Could not connect to apk repositories after $MAX_RETRIES attempts, exiting ...";
exit 1;
fi
if ! command -v curl 2>&1 >/dev/null; then
echo ">> Command curl could not be found, installing";
apk add --no-cache -q curl;
if [ $? -eq 0 ]; then
echo ">> Installation successful";
else
echo ">> Installation failed with exit code $?";
exit 1;
fi;
fi;
echo " "
echo ">> Sending to NTFY ..."
echo ">> Message: $MESSAGE"
HTTP_STATUS=$(curl \
--silent \
--write-out '%{http_code}' \
-H "Authorization: Bearer ${NTFY_TOKEN}" \
-H "X-Priority: 5" \
-H "X-Tags: warning" \
-H "X-Title: Vault Backup Failed for ${TARGET}" \
-d "$MESSAGE" \
${NTFY_ENDPOINT}/${NTFY_TOPIC}
)
echo ">> HTTP Status Code: $HTTP_STATUS"
else
echo " ";
echo ">> S3 Sync succeeded"
fi

4
clusters/cl01tl/helm/vault/values.yaml
View File

@@ -8,7 +8,7 @@ vault:
enabled: true enabled: true
image: image:
repository: hashicorp/vault repository: hashicorp/vault
tag: 1.21.4@sha256:4e33b126a59c0c333b76fb4e894722462659a6bec7c48c9ee8cea56fccfd2569 tag: 2.0.0@sha256:e40c741ed95bb271425e3e6ca6c222d620cf8682f6f7a1b1e7c9d49d0aba484b
updateStrategyType: RollingUpdate updateStrategyType: RollingUpdate
logLevel: debug logLevel: debug
logFormat: standard logFormat: standard
@@ -113,7 +113,7 @@ snapshot:
snapshot: snapshot:
image: image:
repository: hashicorp/vault repository: hashicorp/vault
tag: 1.21.4@sha256:4e33b126a59c0c333b76fb4e894722462659a6bec7c48c9ee8cea56fccfd2569 tag: 2.0.0@sha256:e40c741ed95bb271425e3e6ca6c222d620cf8682f6f7a1b1e7c9d49d0aba484b
command: command:
- /bin/ash - /bin/ash
args: args:

2
clusters/cl01tl/helm/vaultwarden/Chart.yaml
View File

@@ -33,4 +33,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/vaultwarden.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/vaultwarden.png
# renovate: datasource=github-releases depName=dani-garcia/vaultwarden # renovate: datasource=github-releases depName=dani-garcia/vaultwarden
appVersion: 1.35.7 appVersion: 1.35.8

2
clusters/cl01tl/helm/vaultwarden/values.yaml
View File

@@ -8,7 +8,7 @@ vaultwarden:
main: main:
image: image:
repository: ghcr.io/dani-garcia/vaultwarden repository: ghcr.io/dani-garcia/vaultwarden
tag: 1.35.7@sha256:9a8eec71f4a52411cc43edc7a50f33e9b6f62b5baca0dd95f0c6e7fd60f1a341 tag: 1.35.8@sha256:c4f6056fe0c288a052a223cecd263a90d1dda1a0177bb5b054a363a6c7b211d9
env: env:
- name: DOMAIN - name: DOMAIN
value: https://passwords.alexlebens.dev value: https://passwords.alexlebens.dev