Compare commits
47 Commits
405346929e
...
renovate/u
| Author | SHA1 | Date | |
|---|---|---|---|
84b6a137c8
|
|||
| 6bab92174e | |||
| 783c2a9486 | |||
| 59ff3217c5 | |||
| e4ea40178f | |||
| 31d227f3d0 | |||
| 70832243d6 | |||
| 371047eb41 | |||
| bf108a2beb | |||
| 3a94d04e63 | |||
| 9d33556a2a | |||
| ffe49f09e6 | |||
| 2630883ef3 | |||
|
e72a956979
|
|||
| 8b04708d51 | |||
| f97cec1f0b | |||
| 9d70cb5fdb | |||
| 2e91ab7d1f | |||
| 21b4dff452 | |||
| cb1ca6b47d | |||
| e5eed80b03 | |||
| 6de2a0a7f7 | |||
| 478ce5b99c | |||
|
d03f79d036
|
|||
| ee27e911dc | |||
|
c75b2d4e0a
|
|||
| b683648e66 | |||
| e56d0d33a7 | |||
| c78dec2a13 | |||
|
25f618e63d
|
|||
| 9a0ca0078a | |||
| 42111cb1a7 | |||
| a34ffbea77 | |||
| 268dd6f09a | |||
| d8ed6d645e | |||
| 40453a2745 | |||
|
0f309949da
|
|||
| 9fa567534c | |||
|
a5af32e377
|
|||
| 05aabd2e9c | |||
| 7ad3e6fccf | |||
| 044879919e | |||
| e62b9f082e | |||
| e4ab193709 | |||
| d0bc1ff840 | |||
| e8d25256f3 | |||
| 89109fba68 |
@@ -13,7 +13,7 @@ on:
|
||||
jobs:
|
||||
renovate:
|
||||
runs-on: ubuntu-latest
|
||||
container: ghcr.io/renovatebot/renovate:43.141.5@sha256:8fb9e3cfdadc0994fb87f57be624d1c1940c41c1c53c074465caff85a2b6d3a4
|
||||
container: ghcr.io/renovatebot/renovate:43.141.6@sha256:077a2aada1c508923e4e36b68f7efe3ec013a797da8aed352afd98fb0e1b4c60
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
||||
|
||||
@@ -23,7 +23,7 @@ audiobookshelf:
|
||||
apprise-api:
|
||||
image:
|
||||
repository: ghcr.io/caronc/apprise
|
||||
tag: v1.3.3@sha256:4bfeac268ba87b8e08e308c9aa0182fe99e9501ec464027afc333d1634e65977
|
||||
tag: v1.4.0@sha256:9d97a6b9b42cf6afdf3b5466dbed2a59cd42a4bb777ec6aa57b5f2ee623569eb
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -8,5 +8,8 @@ dependencies:
|
||||
- name: valkey
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.1
|
||||
digest: sha256:e3d9d7bc069b79ec37769f77d691cda3b8bd92e37a9d1dd2ef8279dc6d2b6cde
|
||||
generated: "2026-04-24T21:50:43.755575922Z"
|
||||
- name: rclone-bucket
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.2.0
|
||||
digest: sha256:b95c228173eb2e4914c37d5c8b3753ad644a90dc9f7f4357dbc1cbf15004961b
|
||||
generated: "2026-04-25T20:59:03.456994-05:00"
|
||||
|
||||
@@ -12,6 +12,7 @@ sources:
|
||||
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
|
||||
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
|
||||
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
|
||||
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/rclone-bucket
|
||||
maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
@@ -27,6 +28,10 @@ dependencies:
|
||||
alias: valkey
|
||||
version: 0.6.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: rclone-bucket
|
||||
alias: rclone-directus-assets-remote
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.2.0
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
|
||||
# renovate: datasource=github-releases depName=directus/directus
|
||||
appVersion: 11.17.3
|
||||
|
||||
@@ -214,3 +214,24 @@ valkey:
|
||||
# https://github.com/valkey-io/valkey-helm/issues/135
|
||||
metrics:
|
||||
enabled: false
|
||||
rclone-directus-assets-remote:
|
||||
cronJob:
|
||||
suspend: false
|
||||
schedule: 0 0 * * *
|
||||
rclone:
|
||||
source:
|
||||
bucketName: directus-assets
|
||||
destination:
|
||||
bucketName: directus-assets
|
||||
secret:
|
||||
externalSecret:
|
||||
source:
|
||||
credentials:
|
||||
path: /garage/home-infra/directus-assets
|
||||
config:
|
||||
path: /garage/config
|
||||
destination:
|
||||
credentials:
|
||||
path: /garage/home-infra/directus-assets
|
||||
config:
|
||||
path: /garage/config
|
||||
|
||||
@@ -1,25 +1,5 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ClusterSecretStore
|
||||
metadata:
|
||||
name: vault
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: vault
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
provider:
|
||||
vault:
|
||||
server: http://vault-internal.vault:8200
|
||||
path: secret
|
||||
auth:
|
||||
tokenSecretRef:
|
||||
namespace: vault
|
||||
name: vault-token
|
||||
key: token
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ClusterSecretStore
|
||||
metadata:
|
||||
name: openbao
|
||||
namespace: {{ .Release.Namespace }}
|
||||
|
||||
@@ -16,6 +16,6 @@ app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{/*
|
||||
NFS names
|
||||
*/}}
|
||||
{{- define "custom.storageNfsName" -}}
|
||||
foldergram-pictures-collections-nfs-storage
|
||||
{{- define "custom.storageMiaNfsName" -}}
|
||||
foldergram-pictures-collection-mia-nfs-storage
|
||||
{{- end -}}
|
||||
|
||||
@@ -1,13 +1,13 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: {{ include "custom.storageNfsName" . }}
|
||||
name: {{ include "custom.storageMiaNfsName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
|
||||
app.kubernetes.io/name: {{ include "custom.storageMiaNfsName" . }}
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
volumeName: {{ include "custom.storageNfsName" . }}
|
||||
volumeName: {{ include "custom.storageMiaNfsName" . }}
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: {{ include "custom.storageNfsName" . }}
|
||||
name: {{ include "custom.storageMiaNfsName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
|
||||
app.kubernetes.io/name: {{ include "custom.storageMiaNfsName" . }}
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
@@ -14,7 +14,7 @@ spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
nfs:
|
||||
path: /volume2/Storage/Pictures/Collections
|
||||
path: '/volume2/Storage/Pictures/Collections/Minneapolis Institute of Art'
|
||||
server: synologybond.alexlebens.net
|
||||
mountOptions:
|
||||
- vers=4
|
||||
|
||||
@@ -17,7 +17,7 @@ foldergram:
|
||||
- name: IMAGE_DETAIL_SOURCE
|
||||
value: original
|
||||
- name: DERIVATIVE_MODE
|
||||
value: eager
|
||||
value: lazy
|
||||
- name: DATA_ROOT
|
||||
value: ./data
|
||||
- name: GALLERY_ROOT
|
||||
@@ -76,12 +76,12 @@ foldergram:
|
||||
main:
|
||||
- path: /app/data
|
||||
readOnly: false
|
||||
pictures:
|
||||
existingClaim: foldergram-pictures-collections-nfs-storage
|
||||
pictures-mia:
|
||||
existingClaim: foldergram-pictures-collection-mia-nfs-storage
|
||||
advancedMounts:
|
||||
main:
|
||||
main:
|
||||
- path: /gallery
|
||||
- path: '/gallery/Minneapolis Institute of Art'
|
||||
readOnly: true
|
||||
volsync-target-db:
|
||||
pvcTarget: foldergram-db
|
||||
|
||||
@@ -9,7 +9,7 @@ gitea:
|
||||
maxUnavailable: 1
|
||||
image:
|
||||
repository: gitea/gitea
|
||||
tag: 1.25.5
|
||||
tag: 1.26.1
|
||||
service:
|
||||
http:
|
||||
type: ClusterIP
|
||||
|
||||
@@ -28,4 +28,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/grimmory.png
|
||||
# renovate: datasource=github-releases depName=grimmory-tools/grimmory
|
||||
appVersion: v3.0.0
|
||||
appVersion: v3.0.2
|
||||
|
||||
@@ -12,7 +12,7 @@ grimmory:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/grimmory-tools/grimmory
|
||||
tag: v3.0.0@sha256:0130c338d4c1186f2f6b6acdc4a7ee56388dfdab9cb0b9a23ac0fc91b79e7d75
|
||||
tag: v3.0.2@sha256:4557a78321add7d70bef7c0b89c2617c8c023246ae39698bc2cbe636f8c97f9b
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
dependencies:
|
||||
- name: kube-prometheus-stack
|
||||
repository: oci://ghcr.io/prometheus-community/charts
|
||||
version: 84.0.1
|
||||
version: 84.1.0
|
||||
- name: prometheus-operator-crds
|
||||
repository: oci://ghcr.io/prometheus-community/charts
|
||||
version: 28.0.1
|
||||
@@ -11,5 +11,5 @@ dependencies:
|
||||
- name: valkey
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.1
|
||||
digest: sha256:2714de1082a27491925ba1b7adfba884a5ca9e674df22df96e8f6ccf56a54a6e
|
||||
generated: "2026-04-24T17:03:37.423427661Z"
|
||||
digest: sha256:f7340793bc2c04e561d048b110cc7258fac0d5dc3d3b4ecdc6c2d8898445c5ab
|
||||
generated: "2026-04-26T00:12:54.803217038Z"
|
||||
|
||||
@@ -20,7 +20,7 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: kube-prometheus-stack
|
||||
version: 84.0.1
|
||||
version: 84.1.0
|
||||
repository: oci://ghcr.io/prometheus-community/charts
|
||||
- name: prometheus-operator-crds
|
||||
version: 28.0.1
|
||||
|
||||
@@ -24,4 +24,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://raw.githubusercontent.com/frederikemmer/MediaLyze/d8f69c0628bac7c047b90f91a66341648029c273/frontend/public/favicon.svg
|
||||
# renovate: datasource=github-releases depName=frederikemmer/MediaLyze
|
||||
appVersion: 0.8.3
|
||||
appVersion: 0.9.0
|
||||
|
||||
@@ -12,7 +12,7 @@ medialyze:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/frederikemmer/medialyze
|
||||
tag: 0.8.3@sha256:ef21e989f3d04c99f0fee4c992a92308156c746e26fb98672a3fa714fc630367
|
||||
tag: 0.9.0@sha256:3d88b4f4a3e6cf2489a5236e5174d58d6274e99008ce2ddd4159d1389744473f
|
||||
env:
|
||||
- name: HOST_PORT
|
||||
value: 8080
|
||||
|
||||
@@ -24,4 +24,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/music-grabber.png
|
||||
# renovate: datasource=docker depName=g33kphr33k/musicgrabber
|
||||
appVersion: 2.6.5
|
||||
appVersion: 2.6.6
|
||||
|
||||
@@ -12,7 +12,7 @@ music-grabber:
|
||||
main:
|
||||
image:
|
||||
repository: g33kphr33k/musicgrabber
|
||||
tag: 2.6.5@sha256:5d276415a764a56955207ae41fe2df3341a152812fdf8a87e7c0b7e4e1fb681d
|
||||
tag: 2.6.6@sha256:dad8dec4e32671ef7326d31f58ea626fa4622571e65c6bb34459bc2648f1fead
|
||||
env:
|
||||
- name: MUSIC_DIR
|
||||
value: /mnt/store/Music Grabber/
|
||||
@@ -25,24 +25,24 @@ music-grabber:
|
||||
- name: NAVIDROME_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: music-grabber-config-secret
|
||||
name: music-grabber-config
|
||||
key: navidrome-user
|
||||
- name: NAVIDROME_PASS
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: music-grabber-config-secret
|
||||
name: music-grabber-config
|
||||
key: navidrome-password
|
||||
- name: SLSKD_URL
|
||||
value: http://slskd.slskd:5030
|
||||
- name: SLSKD_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: music-grabber-config-secret
|
||||
name: music-grabber-config
|
||||
key: slskd-user
|
||||
- name: SLSKD_PASS
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: music-grabber-config-secret
|
||||
name: music-grabber-config
|
||||
key: slskd-password
|
||||
- name: SLSKD_DOWNLOADS_PATH
|
||||
value: /mnt/store/slskd/Downloads
|
||||
|
||||
@@ -38,4 +38,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/outline.png
|
||||
# renovate: datasource=github-releases depName=outline/outline
|
||||
appVersion: 1.6.1
|
||||
appVersion: 1.7.0
|
||||
|
||||
@@ -11,7 +11,7 @@ outline:
|
||||
main:
|
||||
image:
|
||||
repository: outlinewiki/outline
|
||||
tag: 1.6.1@sha256:a750f764080ce28d4a7393176011c8e2e4170b41689a8f6d91327dadf4904eb6
|
||||
tag: 1.7.0@sha256:b13ccd15653513a79eb66283bfa91287f5e3d0944d8cb056d5288b8565992de5
|
||||
env:
|
||||
- name: NODE_ENV
|
||||
value: production
|
||||
|
||||
@@ -168,7 +168,7 @@ qbittorrent:
|
||||
apprise-api:
|
||||
image:
|
||||
repository: ghcr.io/caronc/apprise
|
||||
tag: v1.3.3@sha256:4bfeac268ba87b8e08e308c9aa0182fe99e9501ec464027afc333d1634e65977
|
||||
tag: v1.4.0@sha256:9d97a6b9b42cf6afdf3b5466dbed2a59cd42a4bb777ec6aa57b5f2ee623569eb
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -1,40 +1,5 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: garage-directus-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: garage-directus-secret
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
data:
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
key: /garage/home-infra/directus-assets
|
||||
property: ACCESS_KEY_ID
|
||||
- secretKey: ACCESS_REGION
|
||||
remoteRef:
|
||||
key: /garage/home-infra/directus-assets
|
||||
property: ACCESS_REGION
|
||||
- secretKey: ACCESS_SECRET_KEY
|
||||
remoteRef:
|
||||
key: /garage/home-infra/directus-assets
|
||||
property: ACCESS_SECRET_KEY
|
||||
- secretKey: SRC_ENDPOINT
|
||||
remoteRef:
|
||||
key: /garage/config
|
||||
property: ENDPOINT_LOCAL
|
||||
- secretKey: DEST_ENDPOINT
|
||||
remoteRef:
|
||||
key: /garage/config
|
||||
property: ENDPOINT_REMOTE
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: garage-karakeep-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
|
||||
@@ -1,83 +1,5 @@
|
||||
rclone:
|
||||
controllers:
|
||||
directus-assets:
|
||||
type: cronjob
|
||||
cronjob:
|
||||
suspend: false
|
||||
timeZone: America/Chicago
|
||||
schedule: 0 0 * * *
|
||||
backoffLimit: 3
|
||||
parallelism: 1
|
||||
containers:
|
||||
sync:
|
||||
image:
|
||||
repository: rclone/rclone
|
||||
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
|
||||
args:
|
||||
- sync
|
||||
- src:directus-assets
|
||||
- dest:directus-assets
|
||||
- --s3-no-check-bucket
|
||||
- --verbose
|
||||
env:
|
||||
- name: RCLONE_S3_PROVIDER
|
||||
value: Other
|
||||
- name: RCLONE_CONFIG_SRC_TYPE
|
||||
value: s3
|
||||
- name: RCLONE_CONFIG_SRC_PROVIDER
|
||||
value: Other
|
||||
- name: RCLONE_CONFIG_SRC_ENV_AUTH
|
||||
value: false
|
||||
- name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: garage-directus-secret
|
||||
key: ACCESS_KEY_ID
|
||||
- name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: garage-directus-secret
|
||||
key: ACCESS_SECRET_KEY
|
||||
- name: RCLONE_CONFIG_SRC_REGION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: garage-directus-secret
|
||||
key: ACCESS_REGION
|
||||
- name: RCLONE_CONFIG_SRC_ENDPOINT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: garage-directus-secret
|
||||
key: SRC_ENDPOINT
|
||||
- name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
|
||||
value: true
|
||||
- name: RCLONE_CONFIG_DEST_TYPE
|
||||
value: s3
|
||||
- name: RCLONE_CONFIG_DEST_PROVIDER
|
||||
value: Other
|
||||
- name: RCLONE_CONFIG_DEST_ENV_AUTH
|
||||
value: false
|
||||
- name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: garage-directus-secret
|
||||
key: ACCESS_KEY_ID
|
||||
- name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: garage-directus-secret
|
||||
key: ACCESS_SECRET_KEY
|
||||
- name: RCLONE_CONFIG_DEST_REGION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: garage-directus-secret
|
||||
key: ACCESS_REGION
|
||||
- name: RCLONE_CONFIG_DEST_ENDPOINT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: garage-directus-secret
|
||||
key: DEST_ENDPOINT
|
||||
- name: RCLONE_CONFIG_DEST_S3_FORCE_PATH_STYLE
|
||||
value: true
|
||||
karakeep-assets:
|
||||
type: cronjob
|
||||
cronjob:
|
||||
|
||||
@@ -10,7 +10,7 @@ site-documentation:
|
||||
main:
|
||||
image:
|
||||
repository: harbor.alexlebens.net/images/site-documentation
|
||||
tag: 0.27.0@sha256:dafa3c8aa9401009c299bb274d140acc10d8531dd40c8253783b1f8ed8519d76
|
||||
tag: 0.27.1@sha256:a9e8659827375e7ee65ea8bc8550f4c0604316b48f39da7fa255fa9f3b5a17d6
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
|
||||
@@ -10,7 +10,7 @@ site-profile:
|
||||
main:
|
||||
image:
|
||||
repository: harbor.alexlebens.net/images/site-profile
|
||||
tag: 3.18.5@sha256:2ad5cbbdbf1011f74c5fa804584236ffea266c37f046f837625af79a97bc0b56
|
||||
tag: 3.18.6@sha256:6aacdb7270d21b02d85cd593999014c91614e70c8f6f84774e532f9141237a6c
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
|
||||
@@ -10,7 +10,7 @@ site-saralebens:
|
||||
main:
|
||||
image:
|
||||
repository: harbor.alexlebens.net/images/site-saralebens
|
||||
tag: 1.1.1@sha256:b1a92f492127dd0e6b1756dd6798e72fbc991c7b334c0bec87ba39cb9bb14ee3
|
||||
tag: 1.1.2@sha256:53389e7b38dd543eb453ddbfa3a25cb77aada734cb403a29c3e9f5ab77f57996
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
|
||||
@@ -33,4 +33,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png
|
||||
# renovate: datasource=github-releases depName=linuxserver/docker-sonarr
|
||||
appVersion: 4.0.17.2952-ls308
|
||||
appVersion: 4.0.17.2952-ls309
|
||||
|
||||
@@ -13,7 +13,7 @@ sonarr-4k:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/sonarr
|
||||
tag: 4.0.17.2952-ls308@sha256:e6c9a091735fede0c2a205c69e7d4c2f0188eaf2bec7e42d8a26c017e5f2a910
|
||||
tag: 4.0.17.2952-ls309@sha256:3580aec3802c915f0f819a88d5099abce61734b925732b8393d176b5dc561020
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -33,4 +33,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png
|
||||
# renovate: datasource=github-releases depName=linuxserver/docker-sonarr
|
||||
appVersion: 4.0.17.2952-ls308
|
||||
appVersion: 4.0.17.2952-ls309
|
||||
|
||||
@@ -13,7 +13,7 @@ sonarr-anime:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/sonarr
|
||||
tag: 4.0.17.2952-ls308@sha256:e6c9a091735fede0c2a205c69e7d4c2f0188eaf2bec7e42d8a26c017e5f2a910
|
||||
tag: 4.0.17.2952-ls309@sha256:3580aec3802c915f0f819a88d5099abce61734b925732b8393d176b5dc561020
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -33,4 +33,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png
|
||||
# renovate: datasource=github-releases depName=linuxserver/docker-sonarr
|
||||
appVersion: 4.0.17.2952-ls308
|
||||
appVersion: 4.0.17.2952-ls309
|
||||
|
||||
@@ -12,7 +12,7 @@ sonarr:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/sonarr
|
||||
tag: 4.0.17.2952-ls308@sha256:e6c9a091735fede0c2a205c69e7d4c2f0188eaf2bec7e42d8a26c017e5f2a910
|
||||
tag: 4.0.17.2952-ls309@sha256:3580aec3802c915f0f819a88d5099abce61734b925732b8393d176b5dc561020
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -12,13 +12,3 @@ Selector labels
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
ServiceAccount names
|
||||
*/}}
|
||||
{{- define "custom.serviceAccountName" -}}
|
||||
talos-backup
|
||||
{{- end -}}
|
||||
{{- define "custom.serviceAccountSecretsName" -}}
|
||||
talos-backup-secrets
|
||||
{{- end -}}
|
||||
|
||||
@@ -19,6 +19,14 @@ spec:
|
||||
remoteRef:
|
||||
key: /garage/home-infra/talos-backups
|
||||
property: ACCESS_SECRET_KEY
|
||||
- secretKey: AWS_REGION
|
||||
remoteRef:
|
||||
key: /garage/home-infra/talos-backups
|
||||
property: ACCESS_REGION
|
||||
- secretKey: BUCKET_NAME
|
||||
remoteRef:
|
||||
key: /garage/home-infra/talos-backups
|
||||
property: BUCKET
|
||||
- secretKey: BUCKET
|
||||
remoteRef:
|
||||
key: /garage/home-infra/talos-backups
|
||||
@@ -50,6 +58,14 @@ spec:
|
||||
remoteRef:
|
||||
key: /garage/home-infra/talos-backups
|
||||
property: ACCESS_SECRET_KEY
|
||||
- secretKey: AWS_REGION
|
||||
remoteRef:
|
||||
key: /garage/home-infra/talos-backups
|
||||
property: ACCESS_REGION
|
||||
- secretKey: BUCKET_NAME
|
||||
remoteRef:
|
||||
key: /garage/home-infra/talos-backups
|
||||
property: BUCKET
|
||||
- secretKey: BUCKET
|
||||
remoteRef:
|
||||
key: /garage/home-infra/talos-backups
|
||||
@@ -81,6 +97,14 @@ spec:
|
||||
remoteRef:
|
||||
key: /digital-ocean/home-infra/talos-backups
|
||||
property: AWS_SECRET_ACCESS_KEY
|
||||
- secretKey: AWS_REGION
|
||||
remoteRef:
|
||||
key: /digital-ocean/home-infra/talos-backups
|
||||
property: AWS_REGION
|
||||
- secretKey: BUCKET_NAME
|
||||
remoteRef:
|
||||
key: /digital-ocean/home-infra/talos-backups
|
||||
property: BUCKET
|
||||
- secretKey: BUCKET
|
||||
remoteRef:
|
||||
key: /digital-ocean/home-infra/talos-backups
|
||||
|
||||
@@ -10,7 +10,7 @@ spec:
|
||||
provider: openbao
|
||||
parameters:
|
||||
baoAddress: "http://openbao-internal.openbao:8200"
|
||||
roleName: {{ include "custom.serviceAccountName" . }}
|
||||
roleName: talos-backup
|
||||
objects: |
|
||||
- objectName: .s3cfg
|
||||
fileName: .s3cfg
|
||||
@@ -30,7 +30,7 @@ spec:
|
||||
provider: openbao
|
||||
parameters:
|
||||
baoAddress: "http://openbao-internal.openbao:8200"
|
||||
roleName: {{ include "custom.serviceAccountName" . }}
|
||||
roleName: talos-backup
|
||||
objects: |
|
||||
- objectName: .s3cfg
|
||||
fileName: .s3cfg
|
||||
@@ -50,7 +50,7 @@ spec:
|
||||
provider: openbao
|
||||
parameters:
|
||||
baoAddress: "http://openbao-internal.openbao:8200"
|
||||
roleName: {{ include "custom.serviceAccountName" . }}
|
||||
roleName: talos-backup
|
||||
objects: |
|
||||
- objectName: .s3cfg
|
||||
fileName: .s3cfg
|
||||
@@ -70,7 +70,7 @@ spec:
|
||||
provider: openbao
|
||||
parameters:
|
||||
baoAddress: "http://openbao-internal.openbao:8200"
|
||||
roleName: {{ include "custom.serviceAccountName" . }}
|
||||
roleName: talos-defrag
|
||||
objects: |
|
||||
- objectName: config
|
||||
fileName: config
|
||||
|
||||
@@ -1,20 +1,10 @@
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ include "custom.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "custom.serviceAccountName" . }}
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
|
||||
---
|
||||
apiVersion: talos.dev/v1alpha1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ include "custom.serviceAccountSecretsName" . }}
|
||||
name: talos-backup-secrets
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "custom.serviceAccountSecretsName" . }}
|
||||
app.kubernetes.io/name: talos-backup-secrets
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
roles:
|
||||
|
||||
@@ -47,11 +47,17 @@ etcd-backup:
|
||||
name: talos-etcd-backup-local-config
|
||||
key: AWS_SECRET_ACCESS_KEY
|
||||
- name: AWS_REGION
|
||||
value: us-east-1
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: talos-etcd-backup-local-config
|
||||
key: AWS_REGION
|
||||
- name: CUSTOM_S3_ENDPOINT
|
||||
value: http://garage-main.garage:3900
|
||||
- name: BUCKET
|
||||
value: talos-backups
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: talos-etcd-backup-local-config
|
||||
key: BUCKET_NAME
|
||||
- name: S3_PREFIX
|
||||
value: "cl01tl/etcd"
|
||||
- name: CLUSTER_NAME
|
||||
@@ -129,11 +135,17 @@ etcd-backup:
|
||||
name: talos-etcd-backup-remote-config
|
||||
key: AWS_SECRET_ACCESS_KEY
|
||||
- name: AWS_REGION
|
||||
value: us-east-1
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: talos-etcd-backup-remote-config
|
||||
key: AWS_REGION
|
||||
- name: CUSTOM_S3_ENDPOINT
|
||||
value: https://garage-ps10rp.boreal-beaufort.ts.net:3900
|
||||
- name: BUCKET
|
||||
value: talos-backups
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: talos-etcd-backup-remote-config
|
||||
key: BUCKET_NAME
|
||||
- name: S3_PREFIX
|
||||
value: "cl01tl/etcd"
|
||||
- name: CLUSTER_NAME
|
||||
@@ -211,11 +223,17 @@ etcd-backup:
|
||||
name: talos-etcd-backup-external-config
|
||||
key: AWS_SECRET_ACCESS_KEY
|
||||
- name: AWS_REGION
|
||||
value: nyc3
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: talos-etcd-backup-external-config
|
||||
key: AWS_REGION
|
||||
- name: CUSTOM_S3_ENDPOINT
|
||||
value: https://nyc3.digitaloceanspaces.com
|
||||
- name: BUCKET
|
||||
value: talos-backups-bee8585f7b8a4d0239c9b823
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: talos-etcd-backup-external-config
|
||||
key: BUCKET_NAME
|
||||
- name: S3_PREFIX
|
||||
value: "cl01tl/etcd"
|
||||
- name: CLUSTER_NAME
|
||||
@@ -246,6 +264,9 @@ etcd-backup:
|
||||
value: External
|
||||
- name: DATE_RANGE_SECONDS
|
||||
value: "1209600"
|
||||
serviceAccount:
|
||||
talos-backup:
|
||||
enabled: true
|
||||
persistence:
|
||||
secret:
|
||||
enabled: true
|
||||
@@ -381,6 +402,8 @@ etcd-defrag:
|
||||
schedule: 0 0 * * 0
|
||||
backoffLimit: 3
|
||||
parallelism: 1
|
||||
serviceAccount:
|
||||
name: talos-defrag
|
||||
containers:
|
||||
main:
|
||||
image:
|
||||
@@ -409,6 +432,8 @@ etcd-defrag:
|
||||
schedule: 10 0 * * 0
|
||||
backoffLimit: 3
|
||||
parallelism: 1
|
||||
serviceAccount:
|
||||
name: talos-defrag
|
||||
containers:
|
||||
main:
|
||||
image:
|
||||
@@ -437,6 +462,8 @@ etcd-defrag:
|
||||
schedule: 20 0 * * 0
|
||||
backoffLimit: 3
|
||||
parallelism: 1
|
||||
serviceAccount:
|
||||
name: talos-defrag
|
||||
containers:
|
||||
main:
|
||||
image:
|
||||
@@ -450,6 +477,9 @@ etcd-defrag:
|
||||
env:
|
||||
- name: TALOSCONFIG
|
||||
value: /tmp/.talos/config
|
||||
serviceAccount:
|
||||
talos-defrag:
|
||||
enabled: true
|
||||
persistence:
|
||||
config:
|
||||
type: custom
|
||||
|
||||
@@ -31,4 +31,4 @@ dependencies:
|
||||
version: 4.6.2
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/hashicorp-vault.png
|
||||
# renovate: datasource=github-releases depName=hashicorp/vault
|
||||
appVersion: 1.21.4
|
||||
appVersion: 2.0.0
|
||||
|
||||
@@ -9,59 +9,29 @@ metadata:
|
||||
data:
|
||||
snapshot.sh: |
|
||||
DATE=$(date +"%Y%m%d-%H-%M")
|
||||
MAX_RETRIES=5
|
||||
SUCCESS=false
|
||||
|
||||
echo " "
|
||||
echo ">> Running Vault Snapshot Script ..."
|
||||
|
||||
echo " "
|
||||
echo ">> Verifying required commands ..."
|
||||
echo " "
|
||||
echo ">> Fetching Vault token ..."
|
||||
export VAULT_TOKEN=$(vault write -field=token auth/approle/login role_id=$VAULT_APPROLE_ROLE_ID secret_id=$VAULT_APPROLE_SECRET_ID)
|
||||
|
||||
for i in $(seq 1 "$MAX_RETRIES"); do
|
||||
if apk update 2>&1 >/dev/null; then
|
||||
echo ">> Attempt $i: Repositories are reachable";
|
||||
SUCCESS=true;
|
||||
break;
|
||||
else
|
||||
echo ">> Attempt $i: Connection failed, retrying in 5 seconds ...";
|
||||
sleep 5;
|
||||
fi;
|
||||
done;
|
||||
|
||||
if [ "$SUCCESS" = false ]; then
|
||||
echo ">> ERROR: Could not connect to apk repositories after $MAX_RETRIES attempts, exiting ...";
|
||||
exit 1;
|
||||
if [ -z "$VAULT_TOKEN" ]; then
|
||||
echo ">> ERROR: Failed to fetch Vault token! Exiting..."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo " "
|
||||
|
||||
if ! command -v jq 2>&1 >/dev/null; then
|
||||
echo ">> Command jq could not be found, installing";
|
||||
apk add --no-cache -q jq;
|
||||
if [ $? -eq 0 ]; then
|
||||
echo ">> Installation successful";
|
||||
else
|
||||
echo ">> Installation failed with exit code $?";
|
||||
exit 1;
|
||||
fi;
|
||||
fi;
|
||||
|
||||
echo " ";
|
||||
echo ">> Fetching Vault token ...";
|
||||
export VAULT_TOKEN=$(vault write auth/approle/login role_id=$VAULT_APPROLE_ROLE_ID secret_id=$VAULT_APPROLE_SECRET_ID -format=json | jq -r .auth.client_token);
|
||||
|
||||
echo " ";
|
||||
echo ">> Taking Vault snapsot ...";
|
||||
echo ">> Taking Vault snapshot ..."
|
||||
vault operator raft snapshot save /opt/backup/vault-snapshot-$DATE.snap
|
||||
|
||||
echo " ";
|
||||
echo ">> Setting ownership of Vault snapsot ...";
|
||||
echo " "
|
||||
echo ">> Setting ownership of Vault snapshot ..."
|
||||
chown 100:1000 /opt/backup/vault-snapshot-$DATE.snap
|
||||
|
||||
echo " ";
|
||||
echo ">> Completed Vault snapshot";
|
||||
echo " "
|
||||
echo ">> Completed Vault snapshot"
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
@@ -77,75 +47,3 @@ data:
|
||||
echo " ";
|
||||
echo ">> Running S3 backup for Vault snapshot";
|
||||
OUTPUT=$(s3cmd sync --no-check-certificate -v /opt/backup/* "${BUCKET}/cl01tl/cl01tl-vault-snapshots/" 2>&1)
|
||||
STATUS=$?
|
||||
|
||||
if [ $STATUS -ne 0 ]; then
|
||||
if echo "$OUTPUT" | grep -q "403 Forbidden"; then
|
||||
MESSAGE="403 Authentication Error: Your keys are wrong or you don't have permission"
|
||||
elif echo "$OUTPUT" | grep -q "404 Not Found"; then
|
||||
MESSAGE="404 Error: The bucket or folder does not exist"
|
||||
elif echo "$OUTPUT" | grep -q "Connection refused"; then
|
||||
MESSAGE="Network Error: Cannot reach the S3 endpoint"
|
||||
else
|
||||
MESSAGE="Unknown Error"
|
||||
echo " ";
|
||||
echo ">> Unknown Error, output:"
|
||||
echo " "
|
||||
echo "$OUTPUT"
|
||||
fi
|
||||
|
||||
MAX_RETRIES=5
|
||||
SUCCESS=false
|
||||
|
||||
echo " "
|
||||
echo ">> Sending message to ntfy using curl ..."
|
||||
|
||||
echo " "
|
||||
echo ">> Verifying required commands ..."
|
||||
|
||||
for i in $(seq 1 "$MAX_RETRIES"); do
|
||||
if apk update 2>&1 >/dev/null; then
|
||||
echo ">> Attempt $i: Repositories are reachable";
|
||||
SUCCESS=true;
|
||||
break;
|
||||
else
|
||||
echo ">> Attempt $i: Connection failed, retrying in 5 seconds ...";
|
||||
sleep 5;
|
||||
fi;
|
||||
done;
|
||||
|
||||
if [ "$SUCCESS" = false ]; then
|
||||
echo ">> ERROR: Could not connect to apk repositories after $MAX_RETRIES attempts, exiting ...";
|
||||
exit 1;
|
||||
fi
|
||||
|
||||
if ! command -v curl 2>&1 >/dev/null; then
|
||||
echo ">> Command curl could not be found, installing";
|
||||
apk add --no-cache -q curl;
|
||||
if [ $? -eq 0 ]; then
|
||||
echo ">> Installation successful";
|
||||
else
|
||||
echo ">> Installation failed with exit code $?";
|
||||
exit 1;
|
||||
fi;
|
||||
fi;
|
||||
|
||||
echo " "
|
||||
echo ">> Sending to NTFY ..."
|
||||
echo ">> Message: $MESSAGE"
|
||||
HTTP_STATUS=$(curl \
|
||||
--silent \
|
||||
--write-out '%{http_code}' \
|
||||
-H "Authorization: Bearer ${NTFY_TOKEN}" \
|
||||
-H "X-Priority: 5" \
|
||||
-H "X-Tags: warning" \
|
||||
-H "X-Title: Vault Backup Failed for ${TARGET}" \
|
||||
-d "$MESSAGE" \
|
||||
${NTFY_ENDPOINT}/${NTFY_TOPIC}
|
||||
)
|
||||
echo ">> HTTP Status Code: $HTTP_STATUS"
|
||||
|
||||
else
|
||||
echo " ";
|
||||
echo ">> S3 Sync succeeded"
|
||||
fi
|
||||
|
||||
@@ -8,7 +8,7 @@ vault:
|
||||
enabled: true
|
||||
image:
|
||||
repository: hashicorp/vault
|
||||
tag: 1.21.4@sha256:4e33b126a59c0c333b76fb4e894722462659a6bec7c48c9ee8cea56fccfd2569
|
||||
tag: 2.0.0@sha256:e40c741ed95bb271425e3e6ca6c222d620cf8682f6f7a1b1e7c9d49d0aba484b
|
||||
updateStrategyType: RollingUpdate
|
||||
logLevel: debug
|
||||
logFormat: standard
|
||||
@@ -113,7 +113,7 @@ snapshot:
|
||||
snapshot:
|
||||
image:
|
||||
repository: hashicorp/vault
|
||||
tag: 1.21.4@sha256:4e33b126a59c0c333b76fb4e894722462659a6bec7c48c9ee8cea56fccfd2569
|
||||
tag: 2.0.0@sha256:e40c741ed95bb271425e3e6ca6c222d620cf8682f6f7a1b1e7c9d49d0aba484b
|
||||
command:
|
||||
- /bin/ash
|
||||
args:
|
||||
|
||||
@@ -33,4 +33,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/vaultwarden.png
|
||||
# renovate: datasource=github-releases depName=dani-garcia/vaultwarden
|
||||
appVersion: 1.35.7
|
||||
appVersion: 1.35.8
|
||||
|
||||
@@ -8,7 +8,7 @@ vaultwarden:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/dani-garcia/vaultwarden
|
||||
tag: 1.35.7@sha256:9a8eec71f4a52411cc43edc7a50f33e9b6f62b5baca0dd95f0c6e7fd60f1a341
|
||||
tag: 1.35.8@sha256:c4f6056fe0c288a052a223cecd263a90d1dda1a0177bb5b054a363a6c7b211d9
|
||||
env:
|
||||
- name: DOMAIN
|
||||
value: https://passwords.alexlebens.dev
|
||||
|
||||
Reference in New Issue
Block a user