Compare commits
1 Commits
46dd3910bb
...
ddea27fab2
| Author | SHA1 | Date | |
|---|---|---|---|
ddea27fab2
|
1
.gitignore
vendored
1
.gitignore
vendored
@@ -1,4 +1,3 @@
|
||||
/**/archive/
|
||||
/**/charts/
|
||||
/**/manifests/
|
||||
/**/tmpcharts*/
|
||||
|
||||
@@ -4,9 +4,9 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.0
|
||||
version: 1.23.2
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:e6d01e000d1e4df73854cb739c2c3797b6b127f454809c2f99df84581749ee1f
|
||||
generated: "2025-12-17T14:16:43.148302-06:00"
|
||||
digest: sha256:bd1cbd66ccb360978a342ee218bfb01006a486fb85c5714acd593b9e1389b151
|
||||
generated: "2025-12-15T21:50:58.968382-06:00"
|
||||
|
||||
@@ -23,7 +23,7 @@ dependencies:
|
||||
- name: cloudflared
|
||||
alias: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.0
|
||||
version: 1.23.2
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.5.0
|
||||
|
||||
@@ -26,3 +26,26 @@ spec:
|
||||
key: /cl01tl/code-server/auth
|
||||
metadataPolicy: None
|
||||
property: SUDO_PASSWORD
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: code-server-cloudflared-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: code-server-cloudflared-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: cf-tunnel-token
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cloudflare/tunnels/codeserver
|
||||
metadataPolicy: None
|
||||
property: token
|
||||
|
||||
@@ -47,6 +47,8 @@ code-server:
|
||||
main:
|
||||
- path: /config
|
||||
readOnly: false
|
||||
cloudflared:
|
||||
existingSecretName: code-server-cloudflared-secret
|
||||
volsync-target-config:
|
||||
pvcTarget: code-server-config
|
||||
moverSecurityContext:
|
||||
|
||||
@@ -27,7 +27,7 @@ jellyfin:
|
||||
memory: 2Gi
|
||||
vue:
|
||||
type: deployment
|
||||
replicas: 1
|
||||
replicas: 3
|
||||
strategy: Recreate
|
||||
revisionHistoryLimit: 3
|
||||
containers:
|
||||
|
||||
@@ -8,8 +8,8 @@ kubernetes-cloudflare-ddns:
|
||||
timeZone: US/Central
|
||||
schedule: "30 4 * * *"
|
||||
startingDeadlineSeconds: 90
|
||||
successfulJobsHistory: 1
|
||||
failedJobsHistory: 1
|
||||
successfulJobsHistory: 3
|
||||
failedJobsHistory: 3
|
||||
backoffLimit: 3
|
||||
parallelism: 1
|
||||
containers:
|
||||
|
||||
@@ -8,8 +8,8 @@ libation:
|
||||
timeZone: US/Central
|
||||
schedule: 0 0 1 1 *
|
||||
startingDeadlineSeconds: 90
|
||||
successfulJobsHistory: 1
|
||||
failedJobsHistory: 1
|
||||
successfulJobsHistory: 3
|
||||
failedJobsHistory: 3
|
||||
backoffLimit: 3
|
||||
parallelism: 1
|
||||
containers:
|
||||
|
||||
@@ -343,21 +343,6 @@ volsync-target-config:
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
local:
|
||||
restic:
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-filesystem
|
||||
volumeSnapshotClassName: ceph-filesystem-snapshot
|
||||
remote:
|
||||
restic:
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-filesystem
|
||||
volumeSnapshotClassName: ceph-filesystem-snapshot
|
||||
external:
|
||||
restic:
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-filesystem
|
||||
volumeSnapshotClassName: ceph-filesystem-snapshot
|
||||
volsync-target-qbit-manage-config:
|
||||
pvcTarget: qbittorrent-qbit-manage-config-data
|
||||
volsync-target-qui-config:
|
||||
|
||||
@@ -5,8 +5,5 @@ dependencies:
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.1.3
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:9d66ccb57066b202b4bdb12ff82fe58ce6f223b8cf52f41dbe71b63e2a06e1da
|
||||
generated: "2025-12-17T13:19:56.898192-06:00"
|
||||
digest: sha256:b61b9bd12d2576cc2ce7686283c34a4ca572e1a6004edaa4333f6298a81cfa6c
|
||||
generated: "2025-12-17T16:11:55.289060592Z"
|
||||
|
||||
@@ -29,9 +29,5 @@ dependencies:
|
||||
alias: postgres-18-cluster
|
||||
version: 7.1.3
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-4k.png
|
||||
appVersion: 6.0.4
|
||||
|
||||
@@ -1,5 +1,62 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: radarr-4k-config-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: radarr-4k-config-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/radarr5-4k/radarr5-4k-config"
|
||||
data:
|
||||
- secretKey: BUCKET_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: S3_BUCKET_ENDPOINT
|
||||
- secretKey: RESTIC_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: RESTIC_PASSWORD
|
||||
- secretKey: AWS_DEFAULT_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: AWS_DEFAULT_REGION
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: access_key
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: secret_key
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: radarr-4k-postgresql-18-cluster-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
|
||||
@@ -0,0 +1,30 @@
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: radarr-4k-config-backup-source
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: radarr-4k-config-backup-source
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
sourcePVC: radarr-4k-config
|
||||
trigger:
|
||||
schedule: 0 4 * * *
|
||||
restic:
|
||||
pruneIntervalDays: 7
|
||||
repository: radarr-4k-config-backup-secret
|
||||
retain:
|
||||
hourly: 1
|
||||
daily: 3
|
||||
weekly: 2
|
||||
monthly: 2
|
||||
yearly: 4
|
||||
moverSecurityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-block
|
||||
volumeSnapshotClassName: ceph-blockpool-snapshot
|
||||
@@ -144,10 +144,3 @@ postgres-18-cluster:
|
||||
# immediate: true
|
||||
# schedule: "0 0 4 * * SAT"
|
||||
# backupName: garage-remote
|
||||
volsync-target-config:
|
||||
pvcTarget: radarr-4k-config
|
||||
moverSecurityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
|
||||
@@ -5,8 +5,5 @@ dependencies:
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.1.3
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:1a14ec1d5d6a61c3428e4578c391e38ecc87f8995c572e53982e950e35a4705f
|
||||
generated: "2025-12-17T13:19:58.852583-06:00"
|
||||
digest: sha256:faf85a053ac36925b51a326d638fcbea233a76e718a40fce46354889c1bd7afa
|
||||
generated: "2025-12-17T16:12:05.3064082Z"
|
||||
|
||||
@@ -29,9 +29,5 @@ dependencies:
|
||||
alias: postgres-18-cluster
|
||||
version: 7.1.3
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-anime.png
|
||||
appVersion: 6.0.4
|
||||
|
||||
@@ -1,5 +1,62 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: radarr-anime-config-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: radarr-anime-config-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/radarr5-anime/radarr5-anime-config"
|
||||
data:
|
||||
- secretKey: BUCKET_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: S3_BUCKET_ENDPOINT
|
||||
- secretKey: RESTIC_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: RESTIC_PASSWORD
|
||||
- secretKey: AWS_DEFAULT_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: AWS_DEFAULT_REGION
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: access_key
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: secret_key
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: radarr-anime-postgresql-18-cluster-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
|
||||
@@ -0,0 +1,30 @@
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: radarr-anime-config-backup-source
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: radarr-anime-config-backup-source
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
sourcePVC: radarr-anime-config
|
||||
trigger:
|
||||
schedule: 0 4 * * *
|
||||
restic:
|
||||
pruneIntervalDays: 7
|
||||
repository: radarr-anime-config-backup-secret
|
||||
retain:
|
||||
hourly: 1
|
||||
daily: 3
|
||||
weekly: 2
|
||||
monthly: 2
|
||||
yearly: 4
|
||||
moverSecurityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-block
|
||||
volumeSnapshotClassName: ceph-blockpool-snapshot
|
||||
@@ -142,10 +142,3 @@ postgres-18-cluster:
|
||||
# immediate: true
|
||||
# schedule: "0 0 4 * * SAT"
|
||||
# backupName: garage-remote
|
||||
volsync-target-config:
|
||||
pvcTarget: radarr-anime-config
|
||||
moverSecurityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
|
||||
@@ -5,8 +5,5 @@ dependencies:
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.1.3
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:2545d799b67e86e41f6d8295af7020da7669ce4f3bb6439e9f16c2d19fbc58c5
|
||||
generated: "2025-12-17T13:20:01.335355-06:00"
|
||||
digest: sha256:7164911e79adc854bbf86e0904cfa1a55de6a00ed06c82def1f63dd2ed8a3dac
|
||||
generated: "2025-12-17T16:12:16.593155376Z"
|
||||
|
||||
@@ -28,9 +28,5 @@ dependencies:
|
||||
alias: postgres-18-cluster
|
||||
version: 7.1.3
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png
|
||||
appVersion: 6.0.4
|
||||
|
||||
@@ -1,5 +1,62 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: radarr-standup-config-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: radarr-standup-config-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/radarr5-standup/radarr5-standup-config"
|
||||
data:
|
||||
- secretKey: BUCKET_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: S3_BUCKET_ENDPOINT
|
||||
- secretKey: RESTIC_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: RESTIC_PASSWORD
|
||||
- secretKey: AWS_DEFAULT_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: AWS_DEFAULT_REGION
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: access_key
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: secret_key
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: radarr-standup-postgresql-18-cluster-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
|
||||
@@ -0,0 +1,30 @@
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: radarr-standup-config-backup-source
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: radarr-standup-config-backup-source
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
sourcePVC: radarr-standup-config
|
||||
trigger:
|
||||
schedule: 0 4 * * *
|
||||
restic:
|
||||
pruneIntervalDays: 7
|
||||
repository: radarr-standup-config-backup-secret
|
||||
retain:
|
||||
hourly: 1
|
||||
daily: 3
|
||||
weekly: 2
|
||||
monthly: 2
|
||||
yearly: 4
|
||||
moverSecurityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-block
|
||||
volumeSnapshotClassName: ceph-blockpool-snapshot
|
||||
@@ -142,10 +142,3 @@ postgres-18-cluster:
|
||||
# immediate: true
|
||||
# schedule: "0 0 4 * * SAT"
|
||||
# backupName: garage-remote
|
||||
volsync-target-config:
|
||||
pvcTarget: radarr-standup-config
|
||||
moverSecurityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
|
||||
@@ -5,8 +5,5 @@ dependencies:
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.1.3
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:2b8911d7e83318bb6857c08ba44d7b327b736211b385215b856c54fb36804ed5
|
||||
generated: "2025-12-17T12:53:31.573079-06:00"
|
||||
digest: sha256:863b0b67060b5253741619a8361f1fcd99ecbd7960f0ea7ffeba99387f9f3550
|
||||
generated: "2025-12-17T16:12:26.786928598Z"
|
||||
|
||||
@@ -28,9 +28,5 @@ dependencies:
|
||||
alias: postgres-18-cluster
|
||||
version: 7.1.3
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png
|
||||
appVersion: 6.0.4
|
||||
|
||||
@@ -1,5 +1,62 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: radarr-config-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: radarr-config-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/radarr5/radarr5-config"
|
||||
data:
|
||||
- secretKey: BUCKET_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: S3_BUCKET_ENDPOINT
|
||||
- secretKey: RESTIC_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: RESTIC_PASSWORD
|
||||
- secretKey: AWS_DEFAULT_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: AWS_DEFAULT_REGION
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: access_key
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: secret_key
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: radarr-postgresql-18-cluster-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
|
||||
@@ -0,0 +1,30 @@
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: radarr-config-backup-source
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: radarr-config-backup-source
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
sourcePVC: radarr-config
|
||||
trigger:
|
||||
schedule: 0 4 * * *
|
||||
restic:
|
||||
pruneIntervalDays: 7
|
||||
repository: radarr-config-backup-secret
|
||||
retain:
|
||||
hourly: 1
|
||||
daily: 3
|
||||
weekly: 2
|
||||
monthly: 2
|
||||
yearly: 4
|
||||
moverSecurityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-block
|
||||
volumeSnapshotClassName: ceph-blockpool-snapshot
|
||||
@@ -144,10 +144,3 @@ postgres-18-cluster:
|
||||
# immediate: true
|
||||
# schedule: "0 0 4 * * SAT"
|
||||
# backupName: garage-remote
|
||||
volsync-target-config:
|
||||
pvcTarget: radarr-config
|
||||
moverSecurityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
|
||||
@@ -5,8 +5,5 @@ dependencies:
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.1.3
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:4c762abe68b0a21bad7c3ba9a86c6f2b4d9936136d3071711f1e5ea3f94dc321
|
||||
generated: "2025-12-17T13:20:10.972807-06:00"
|
||||
digest: sha256:a6968fb1b6cdceb6ca4da497524ed86979fffe604186b5fbdc2cd3b24ea2e197
|
||||
generated: "2025-12-17T16:12:37.159933773Z"
|
||||
|
||||
@@ -23,9 +23,5 @@ dependencies:
|
||||
alias: postgres-18-cluster
|
||||
version: 7.1.3
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-data
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/roundcube.png
|
||||
appVersion: 1.6.11
|
||||
|
||||
@@ -20,6 +20,63 @@ spec:
|
||||
metadataPolicy: None
|
||||
property: DES_KEY
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: roundcube-data-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: roundcube-data-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/roundcube/roundcube-data"
|
||||
data:
|
||||
- secretKey: BUCKET_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: S3_BUCKET_ENDPOINT
|
||||
- secretKey: RESTIC_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: RESTIC_PASSWORD
|
||||
- secretKey: AWS_DEFAULT_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: AWS_DEFAULT_REGION
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: access_key
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: secret_key
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
|
||||
@@ -0,0 +1,25 @@
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: roundcube-data-backup-source
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: roundcube-data-backup-source
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
sourcePVC: roundcube-data
|
||||
trigger:
|
||||
schedule: 0 4 * * *
|
||||
restic:
|
||||
pruneIntervalDays: 7
|
||||
repository: roundcube-data-backup-secret
|
||||
retain:
|
||||
hourly: 1
|
||||
daily: 3
|
||||
weekly: 2
|
||||
monthly: 2
|
||||
yearly: 4
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-block
|
||||
volumeSnapshotClassName: ceph-blockpool-snapshot
|
||||
@@ -77,8 +77,8 @@ roundcube:
|
||||
timeZone: US/Central
|
||||
schedule: 30 4 * * *
|
||||
startingDeadlineSeconds: 90
|
||||
successfulJobsHistory: 1
|
||||
failedJobsHistory: 1
|
||||
successfulJobsHistory: 3
|
||||
failedJobsHistory: 3
|
||||
backoffLimit: 3
|
||||
parallelism: 1
|
||||
containers:
|
||||
@@ -173,17 +173,6 @@ roundcube:
|
||||
targetPort: 80
|
||||
protocol: HTTP
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
type: configMap
|
||||
name: roundcube-config
|
||||
advancedMounts:
|
||||
main:
|
||||
nginx:
|
||||
- path: /etc/nginx/conf.d/default.conf
|
||||
readOnly: true
|
||||
mountPropagation: None
|
||||
subPath: default.conf
|
||||
data:
|
||||
forceRename: roundcube-data
|
||||
storageClass: ceph-block
|
||||
@@ -205,6 +194,17 @@ roundcube:
|
||||
main:
|
||||
- path: /tmp/roundcube-temp
|
||||
readOnly: false
|
||||
config:
|
||||
enabled: true
|
||||
type: configMap
|
||||
name: roundcube-config
|
||||
advancedMounts:
|
||||
main:
|
||||
nginx:
|
||||
- path: /etc/nginx/conf.d/default.conf
|
||||
readOnly: true
|
||||
mountPropagation: None
|
||||
subPath: default.conf
|
||||
postgres-18-cluster:
|
||||
mode: recovery
|
||||
cluster:
|
||||
@@ -259,5 +259,3 @@ postgres-18-cluster:
|
||||
# immediate: true
|
||||
# schedule: "0 0 4 * * SAT"
|
||||
# backupName: garage-remote
|
||||
volsync-target-data:
|
||||
pvcTarget: roundcube-data
|
||||
|
||||
@@ -2,8 +2,5 @@ dependencies:
|
||||
- name: app-template
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:83b7f010f0cbf4d218519d9ad521239ae687139d41c1fca105b584439cd61d24
|
||||
generated: "2025-12-17T13:20:14.572103-06:00"
|
||||
digest: sha256:668ec4b9fb6310a34fa64de817e935554fc24bce69893bf9f0821e94bb6ccf8a
|
||||
generated: "2025-12-05T17:12:23.589903216Z"
|
||||
|
||||
@@ -16,9 +16,5 @@ dependencies:
|
||||
alias: searxng
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.5.0
|
||||
- name: volsync-target
|
||||
alias: volsync-target-data
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/searxng.png
|
||||
appVersion: 1.0.0
|
||||
|
||||
@@ -79,3 +79,60 @@ spec:
|
||||
key: /cl01tl/searxng/api/config
|
||||
metadataPolicy: None
|
||||
property: limiter.toml
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: searxng-browser-data-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: searxng-browser-data-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/searxng/searxng-browser-data"
|
||||
data:
|
||||
- secretKey: BUCKET_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: S3_BUCKET_ENDPOINT
|
||||
- secretKey: RESTIC_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: RESTIC_PASSWORD
|
||||
- secretKey: AWS_DEFAULT_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: AWS_DEFAULT_REGION
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: access_key
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: secret_key
|
||||
|
||||
@@ -0,0 +1,25 @@
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: searxng-browser-data-backup-source
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: searxng-browser-data-backup-source
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
sourcePVC: searxng-browser-data
|
||||
trigger:
|
||||
schedule: 0 4 * * *
|
||||
restic:
|
||||
pruneIntervalDays: 7
|
||||
repository: searxng-browser-data-backup-secret
|
||||
retain:
|
||||
hourly: 1
|
||||
daily: 3
|
||||
weekly: 2
|
||||
monthly: 2
|
||||
yearly: 4
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-block
|
||||
volumeSnapshotClassName: ceph-blockpool-snapshot
|
||||
@@ -131,7 +131,6 @@ searxng:
|
||||
mountPropagation: None
|
||||
subPath: limiter.toml
|
||||
api-data:
|
||||
forceRename: searxng-api-data
|
||||
storageClass: ceph-block
|
||||
accessMode: ReadWriteOnce
|
||||
size: 5Gi
|
||||
@@ -141,7 +140,6 @@ searxng:
|
||||
- path: /etc/searxng
|
||||
readOnly: false
|
||||
browser-data:
|
||||
forceRename: searxng-browser-data
|
||||
storageClass: ceph-block
|
||||
accessMode: ReadWriteOnce
|
||||
size: 5Gi
|
||||
@@ -159,5 +157,3 @@ searxng:
|
||||
valkey:
|
||||
- path: /data
|
||||
readOnly: false
|
||||
volsync-target-data:
|
||||
pvcTarget: searxng-browser-data
|
||||
|
||||
@@ -2,8 +2,5 @@ dependencies:
|
||||
- name: seerr-chart
|
||||
repository: oci://ghcr.io/seerr-team/seerr
|
||||
version: 3.0.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:a2e3b8de34259b47a665f86c55b8a2d41e60e864257fee7157670cb37df4d4e7
|
||||
generated: "2025-12-17T13:20:16.402386-06:00"
|
||||
digest: sha256:6cf3525ac452922339261fa2a5ecc9d8cdf66b21bc30e032395d8d80bb79dc6c
|
||||
generated: "2025-12-08T20:48:24.567069-06:00"
|
||||
|
||||
@@ -18,9 +18,5 @@ dependencies:
|
||||
- name: seerr-chart
|
||||
repository: oci://ghcr.io/seerr-team/seerr
|
||||
version: 3.0.0
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/overseerr.png
|
||||
appVersion: develop
|
||||
|
||||
55
clusters/cl01tl/helm/seerr/templates/external-secret.yaml
Normal file
55
clusters/cl01tl/helm/seerr/templates/external-secret.yaml
Normal file
@@ -0,0 +1,55 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: seerr-config-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: seerr-config-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/seerr/seerr-config"
|
||||
data:
|
||||
- secretKey: BUCKET_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: S3_BUCKET_ENDPOINT
|
||||
- secretKey: RESTIC_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: RESTIC_PASSWORD
|
||||
- secretKey: AWS_DEFAULT_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: AWS_DEFAULT_REGION
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: access_key
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: secret_key
|
||||
26
clusters/cl01tl/helm/seerr/templates/replication-source.yaml
Normal file
26
clusters/cl01tl/helm/seerr/templates/replication-source.yaml
Normal file
@@ -0,0 +1,26 @@
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: seerr-config-backup-source
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: seerr-config-backup-source
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
sourcePVC: seerr-seerr-chart-config
|
||||
trigger:
|
||||
schedule: 0 4 * * *
|
||||
restic:
|
||||
pruneIntervalDays: 7
|
||||
repository: seerr-config-backup-secret
|
||||
retain:
|
||||
hourly: 1
|
||||
daily: 3
|
||||
weekly: 2
|
||||
monthly: 2
|
||||
yearly: 4
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-block
|
||||
volumeSnapshotClassName: ceph-blockpool-snapshot
|
||||
cacheCapacity: 10Gi
|
||||
@@ -29,5 +29,3 @@ seerr-chart:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 128Mi
|
||||
volsync-target-config:
|
||||
pvcTarget: seerr-seerr-chart-config
|
||||
|
||||
@@ -5,8 +5,5 @@ dependencies:
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.1.3
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:36a5f9bc034285ab8c73f3caedadbfddfef557ec63798b9e8e86691c97bf7a00
|
||||
generated: "2025-12-17T13:20:29.470722-06:00"
|
||||
digest: sha256:5e26665c86f0d26bcc577ab578a14a033cc984de0a08fa6f6bfb6abf98324cf3
|
||||
generated: "2025-12-17T16:12:46.874715502Z"
|
||||
|
||||
@@ -29,9 +29,5 @@ dependencies:
|
||||
alias: postgres-18-cluster
|
||||
version: 7.1.3
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png
|
||||
appVersion: 4.0.14
|
||||
|
||||
@@ -1,5 +1,62 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: sonarr-4k-config-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: sonarr-4k-config-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/sonarr4-4k/sonarr4-4k-config"
|
||||
data:
|
||||
- secretKey: BUCKET_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: S3_BUCKET_ENDPOINT
|
||||
- secretKey: RESTIC_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: RESTIC_PASSWORD
|
||||
- secretKey: AWS_DEFAULT_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: AWS_DEFAULT_REGION
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: access_key
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: secret_key
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: sonarr-4k-postgresql-18-cluster-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
|
||||
@@ -0,0 +1,30 @@
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: sonarr-4k-config-backup-source
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: sonarr-4k-config-backup-source
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
sourcePVC: sonarr-4k-config
|
||||
trigger:
|
||||
schedule: 0 4 * * *
|
||||
restic:
|
||||
pruneIntervalDays: 7
|
||||
repository: sonarr-4k-config-backup-secret
|
||||
retain:
|
||||
hourly: 1
|
||||
daily: 3
|
||||
weekly: 2
|
||||
monthly: 2
|
||||
yearly: 4
|
||||
moverSecurityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-block
|
||||
volumeSnapshotClassName: ceph-blockpool-snapshot
|
||||
@@ -142,10 +142,3 @@ postgres-18-cluster:
|
||||
# immediate: true
|
||||
# schedule: "0 0 4 * * SAT"
|
||||
# backupName: garage-remote
|
||||
volsync-target-config:
|
||||
pvcTarget: sonarr-4k-config
|
||||
moverSecurityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
|
||||
@@ -5,8 +5,5 @@ dependencies:
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.1.3
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:a0d788481260502173ead09be09869f7f5f8b563b4258aafa685a0493cc6afd9
|
||||
generated: "2025-12-17T13:20:32.181564-06:00"
|
||||
digest: sha256:8ea1513ce6a088120b1e59148088c7d9c88d8ce4c5821f5a7aa4382a790972e0
|
||||
generated: "2025-12-17T16:12:56.720822569Z"
|
||||
|
||||
@@ -28,9 +28,5 @@ dependencies:
|
||||
alias: postgres-18-cluster
|
||||
version: 7.1.3
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png
|
||||
appVersion: 4.0.14
|
||||
|
||||
@@ -1,5 +1,62 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: sonarr-anime-config-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: sonarr-anime-config-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/sonarr4-anime/sonarr4-anime-config"
|
||||
data:
|
||||
- secretKey: BUCKET_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: S3_BUCKET_ENDPOINT
|
||||
- secretKey: RESTIC_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: RESTIC_PASSWORD
|
||||
- secretKey: AWS_DEFAULT_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: AWS_DEFAULT_REGION
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: access_key
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: secret_key
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: sonarr-anime-postgresql-18-cluster-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
|
||||
@@ -0,0 +1,30 @@
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: sonarr-anime-config-backup-source
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: sonarr-anime-config-backup-source
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
sourcePVC: sonarr-anime-config
|
||||
trigger:
|
||||
schedule: 0 4 * * *
|
||||
restic:
|
||||
pruneIntervalDays: 7
|
||||
repository: sonarr-anime-config-backup-secret
|
||||
retain:
|
||||
hourly: 1
|
||||
daily: 3
|
||||
weekly: 2
|
||||
monthly: 2
|
||||
yearly: 4
|
||||
moverSecurityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-block
|
||||
volumeSnapshotClassName: ceph-blockpool-snapshot
|
||||
@@ -142,10 +142,3 @@ postgres-18-cluster:
|
||||
# immediate: true
|
||||
# schedule: "0 0 4 * * SAT"
|
||||
# backupName: garage-remote
|
||||
volsync-target-config:
|
||||
pvcTarget: sonarr-anime-config
|
||||
moverSecurityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
|
||||
@@ -5,8 +5,5 @@ dependencies:
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.1.3
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:718a6f0608eb176481373c8bb071dc582bf1cbb8ece5a700980bf606ab00687f
|
||||
generated: "2025-12-17T13:20:27.312673-06:00"
|
||||
digest: sha256:5acb57a3b6eaf3f4e15e6551eeea370cdf4a4ed7f787cadc26433fdb942c82c2
|
||||
generated: "2025-12-17T16:13:05.489126306Z"
|
||||
|
||||
@@ -28,9 +28,5 @@ dependencies:
|
||||
alias: postgres-18-cluster
|
||||
version: 7.1.3
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png
|
||||
appVersion: 4.0.16
|
||||
|
||||
@@ -1,5 +1,62 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: sonarr-config-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: sonarr-config-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/sonarr4/sonarr4-config"
|
||||
data:
|
||||
- secretKey: BUCKET_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: S3_BUCKET_ENDPOINT
|
||||
- secretKey: RESTIC_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: RESTIC_PASSWORD
|
||||
- secretKey: AWS_DEFAULT_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: AWS_DEFAULT_REGION
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: access_key
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: secret_key
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: sonarr-postgresql-18-cluster-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
|
||||
@@ -0,0 +1,30 @@
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: sonarr-config-backup-source
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: sonarr-config-backup-source
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
sourcePVC: sonarr-config
|
||||
trigger:
|
||||
schedule: 0 4 * * *
|
||||
restic:
|
||||
pruneIntervalDays: 7
|
||||
repository: sonarr-config-backup-secret
|
||||
retain:
|
||||
hourly: 1
|
||||
daily: 3
|
||||
weekly: 2
|
||||
monthly: 2
|
||||
yearly: 4
|
||||
moverSecurityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-block
|
||||
volumeSnapshotClassName: ceph-blockpool-snapshot
|
||||
@@ -142,10 +142,3 @@ postgres-18-cluster:
|
||||
# immediate: true
|
||||
# schedule: "0 0 4 * * SAT"
|
||||
# backupName: garage-remote
|
||||
volsync-target-config:
|
||||
pvcTarget: sonarr-config
|
||||
moverSecurityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
|
||||
@@ -8,8 +8,5 @@ dependencies:
|
||||
- name: redis-replication
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:964cd155f92589ca15099478733e0077f39e1e4c4c86a02726a3361dcabf0060
|
||||
generated: "2025-12-17T13:20:36.24325-06:00"
|
||||
digest: sha256:6ac63589feabc60e58add6e1619010c04627751fe767bf0cf451730630ee169c
|
||||
generated: "2025-12-17T16:13:14.641288607Z"
|
||||
|
||||
@@ -28,9 +28,5 @@ dependencies:
|
||||
- name: redis-replication
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/stalwart.png
|
||||
appVersion: v0.14.1
|
||||
|
||||
@@ -34,6 +34,65 @@ spec:
|
||||
metadataPolicy: None
|
||||
property: roles
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: stalwart-config-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: stalwart-config-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
app.kubernetes.io/component: backup
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/stalwart/stalwart-config"
|
||||
data:
|
||||
- secretKey: BUCKET_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: S3_BUCKET_ENDPOINT
|
||||
- secretKey: RESTIC_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: RESTIC_PASSWORD
|
||||
- secretKey: AWS_DEFAULT_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: AWS_DEFAULT_REGION
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: access_key
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: secret_key
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
|
||||
@@ -0,0 +1,25 @@
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: stalwart-config-backup-source
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: stalwart-config-backup-source
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
sourcePVC: stalwart-config
|
||||
trigger:
|
||||
schedule: 0 4 * * *
|
||||
restic:
|
||||
pruneIntervalDays: 7
|
||||
repository: stalwart-config-backup-secret
|
||||
retain:
|
||||
hourly: 1
|
||||
daily: 3
|
||||
weekly: 2
|
||||
monthly: 2
|
||||
yearly: 4
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-block
|
||||
volumeSnapshotClassName: ceph-blockpool-snapshot
|
||||
@@ -113,5 +113,3 @@ redis-replication:
|
||||
redisSentinel:
|
||||
enabled: true
|
||||
clusterSize: 3
|
||||
volsync-target-config:
|
||||
pvcTarget: stalwart-config
|
||||
|
||||
@@ -15,8 +15,8 @@ etcd-backup:
|
||||
timeZone: US/Central
|
||||
schedule: "0 2 * * *"
|
||||
startingDeadlineSeconds: 90
|
||||
successfulJobsHistory: 1
|
||||
failedJobsHistory: 1
|
||||
successfulJobsHistory: 3
|
||||
failedJobsHistory: 3
|
||||
backoffLimit: 3
|
||||
parallelism: 1
|
||||
containers:
|
||||
@@ -161,8 +161,8 @@ etcd-defrag:
|
||||
timeZone: US/Central
|
||||
schedule: "0 0 * * 0"
|
||||
startingDeadlineSeconds: 90
|
||||
successfulJobsHistory: 1
|
||||
failedJobsHistory: 1
|
||||
successfulJobsHistory: 3
|
||||
failedJobsHistory: 3
|
||||
backoffLimit: 3
|
||||
parallelism: 1
|
||||
containers:
|
||||
@@ -198,8 +198,8 @@ etcd-defrag:
|
||||
timeZone: US/Central
|
||||
schedule: "10 0 * * 0"
|
||||
startingDeadlineSeconds: 90
|
||||
successfulJobsHistory: 1
|
||||
failedJobsHistory: 1
|
||||
successfulJobsHistory: 3
|
||||
failedJobsHistory: 3
|
||||
backoffLimit: 3
|
||||
parallelism: 1
|
||||
containers:
|
||||
@@ -235,8 +235,8 @@ etcd-defrag:
|
||||
timeZone: US/Central
|
||||
schedule: "20 0 * * 0"
|
||||
startingDeadlineSeconds: 90
|
||||
successfulJobsHistory: 1
|
||||
failedJobsHistory: 1
|
||||
successfulJobsHistory: 3
|
||||
failedJobsHistory: 3
|
||||
backoffLimit: 3
|
||||
parallelism: 1
|
||||
containers:
|
||||
|
||||
@@ -2,8 +2,5 @@ dependencies:
|
||||
- name: app-template
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:74aa3b2ff8eea69559fc8f1c37b2dcaa4b2764231d61f1347bc9f73ae34500cf
|
||||
generated: "2025-12-17T13:20:42.696963-06:00"
|
||||
digest: sha256:c3efb27d46b3cbada7434493107657cd58a6e9a8909003a22177bb21879c08ec
|
||||
generated: "2025-12-05T17:14:10.3329271Z"
|
||||
|
||||
@@ -17,9 +17,5 @@ dependencies:
|
||||
alias: tautulli
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.5.0
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tautulli.png
|
||||
appVersion: v2.16.0
|
||||
|
||||
55
clusters/cl01tl/helm/tautulli/templates/external-secret.yaml
Normal file
55
clusters/cl01tl/helm/tautulli/templates/external-secret.yaml
Normal file
@@ -0,0 +1,55 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: tautulli-config-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: tautulli-config-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/tautulli/tautulli-config"
|
||||
data:
|
||||
- secretKey: BUCKET_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: S3_BUCKET_ENDPOINT
|
||||
- secretKey: RESTIC_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: RESTIC_PASSWORD
|
||||
- secretKey: AWS_DEFAULT_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: AWS_DEFAULT_REGION
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: access_key
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: secret_key
|
||||
@@ -0,0 +1,25 @@
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: tautulli-config-backup-source
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: tautulli-config-backup-source
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
sourcePVC: tautulli-config
|
||||
trigger:
|
||||
schedule: 0 4 * * *
|
||||
restic:
|
||||
pruneIntervalDays: 7
|
||||
repository: tautulli-config-backup-secret
|
||||
retain:
|
||||
hourly: 1
|
||||
daily: 3
|
||||
weekly: 2
|
||||
monthly: 2
|
||||
yearly: 4
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-block
|
||||
volumeSnapshotClassName: ceph-blockpool-snapshot
|
||||
@@ -124,17 +124,6 @@ tautulli:
|
||||
targetPort: 8181
|
||||
protocol: HTTP
|
||||
persistence:
|
||||
scripts:
|
||||
enabled: true
|
||||
type: configMap
|
||||
name: tautulli-scripts
|
||||
advancedMounts:
|
||||
main:
|
||||
main:
|
||||
- path: /config/scripts/select_tmdb_poster.py
|
||||
readOnly: true
|
||||
mountPropagation: None
|
||||
subPath: select_tmdb_poster.py
|
||||
config:
|
||||
forceRename: tautulli-config
|
||||
storageClass: ceph-block
|
||||
@@ -146,5 +135,14 @@ tautulli:
|
||||
main:
|
||||
- path: /config
|
||||
readOnly: false
|
||||
volsync-target-config:
|
||||
pvcTarget: tautulli-config
|
||||
scripts:
|
||||
enabled: true
|
||||
type: configMap
|
||||
name: tautulli-scripts
|
||||
advancedMounts:
|
||||
main:
|
||||
main:
|
||||
- path: /config/scripts/select_tmdb_poster.py
|
||||
readOnly: true
|
||||
mountPropagation: None
|
||||
subPath: select_tmdb_poster.py
|
||||
|
||||
@@ -5,11 +5,5 @@ dependencies:
|
||||
- name: tdarr-exporter
|
||||
repository: https://homeylab.github.io/helm-charts/
|
||||
version: 1.1.7
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:0acb9c4ffc7ed991135d7a2c9a82e2957768546a2986b502303009ddc21df31d
|
||||
generated: "2025-12-17T13:20:44.51383-06:00"
|
||||
digest: sha256:d88e543f696cc7edd4406ab0782e6c543f9007073a7ce90fa2a001705d0b5edf
|
||||
generated: "2025-12-05T17:14:20.903917615Z"
|
||||
|
||||
@@ -25,13 +25,5 @@ dependencies:
|
||||
- name: tdarr-exporter
|
||||
version: 1.1.7
|
||||
repository: https://homeylab.github.io/helm-charts/
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-server
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tdarr.png
|
||||
appVersion: 2.58.02
|
||||
|
||||
112
clusters/cl01tl/helm/tdarr/templates/external-secret.yaml
Normal file
112
clusters/cl01tl/helm/tdarr/templates/external-secret.yaml
Normal file
@@ -0,0 +1,112 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: tdarr-config-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: tdarr-config-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/tdarr/tdarr-config"
|
||||
data:
|
||||
- secretKey: BUCKET_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: S3_BUCKET_ENDPOINT
|
||||
- secretKey: RESTIC_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: RESTIC_PASSWORD
|
||||
- secretKey: AWS_DEFAULT_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: AWS_DEFAULT_REGION
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: access_key
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: secret_key
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: tdarr-server-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: tdarr-server-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/tdarr/tdarr-server"
|
||||
data:
|
||||
- secretKey: BUCKET_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: S3_BUCKET_ENDPOINT
|
||||
- secretKey: RESTIC_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: RESTIC_PASSWORD
|
||||
- secretKey: AWS_DEFAULT_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: AWS_DEFAULT_REGION
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: access_key
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: secret_key
|
||||
52
clusters/cl01tl/helm/tdarr/templates/replication-source.yaml
Normal file
52
clusters/cl01tl/helm/tdarr/templates/replication-source.yaml
Normal file
@@ -0,0 +1,52 @@
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: tdarr-config-backup-source
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: tdarr-config-backup-source
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
sourcePVC: tdarr-config
|
||||
trigger:
|
||||
schedule: 0 4 * * *
|
||||
restic:
|
||||
pruneIntervalDays: 7
|
||||
repository: tdarr-config-backup-secret
|
||||
retain:
|
||||
hourly: 1
|
||||
daily: 3
|
||||
weekly: 2
|
||||
monthly: 2
|
||||
yearly: 4
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-block
|
||||
volumeSnapshotClassName: ceph-blockpool-snapshot
|
||||
|
||||
---
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: tdarr-server-backup-source
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: tdarr-server-backup-source
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
sourcePVC: tdarr-server
|
||||
trigger:
|
||||
schedule: 0 4 * * *
|
||||
restic:
|
||||
pruneIntervalDays: 7
|
||||
repository: tdarr-server-backup-secret
|
||||
retain:
|
||||
hourly: 1
|
||||
daily: 3
|
||||
weekly: 2
|
||||
monthly: 2
|
||||
yearly: 4
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-block
|
||||
volumeSnapshotClassName: ceph-blockpool-snapshot
|
||||
@@ -95,7 +95,6 @@ tdarr:
|
||||
protocol: HTTP
|
||||
persistence:
|
||||
config:
|
||||
forceRename: tdarr-config
|
||||
storageClass: ceph-block
|
||||
accessMode: ReadWriteOnce
|
||||
size: 50Gi
|
||||
@@ -106,7 +105,6 @@ tdarr:
|
||||
- path: /app/configs
|
||||
readOnly: false
|
||||
server:
|
||||
forceRename: tdarr-server
|
||||
storageClass: ceph-block
|
||||
accessMode: ReadWriteOnce
|
||||
size: 50Gi
|
||||
@@ -156,7 +154,3 @@ tdarr-exporter:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 256Mi
|
||||
volsync-target-config:
|
||||
pvcTarget: tdarr-config
|
||||
volsync-target-server:
|
||||
pvcTarget: tdarr-server
|
||||
|
||||
@@ -162,7 +162,7 @@ snapshot:
|
||||
timeZone: US/Central
|
||||
schedule: 0 4 * * *
|
||||
startingDeadlineSeconds: 90
|
||||
successfulJobsHistory: 1
|
||||
successfulJobsHistory: 3
|
||||
failedJobsHistory: 3
|
||||
backoffLimit: 3
|
||||
parallelism: 1
|
||||
|
||||
@@ -8,8 +8,5 @@ dependencies:
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.1.3
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:278b78abd5050dc1f51a4e0d14f2f385d39c2ae657a843553c4a23f2ae109da9
|
||||
generated: "2025-12-17T13:20:59.914523-06:00"
|
||||
digest: sha256:66315a211447f8ad86d54d83b7b687186001d2aea78491c6c4e3786bff9f1e70
|
||||
generated: "2025-12-17T16:13:26.308456726Z"
|
||||
|
||||
@@ -30,9 +30,5 @@ dependencies:
|
||||
alias: postgres-18-cluster
|
||||
version: 7.1.3
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-data
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/vaultwarden.png
|
||||
appVersion: 1.34.3
|
||||
|
||||
@@ -20,6 +20,63 @@ spec:
|
||||
metadataPolicy: None
|
||||
property: token
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: vaultwarden-data-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: vaultwarden-data-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/vaultwarden/vaultwarden-data"
|
||||
data:
|
||||
- secretKey: BUCKET_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: S3_BUCKET_ENDPOINT
|
||||
- secretKey: RESTIC_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: RESTIC_PASSWORD
|
||||
- secretKey: AWS_DEFAULT_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: AWS_DEFAULT_REGION
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: access_key
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: secret_key
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
|
||||
@@ -0,0 +1,25 @@
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: vaultwarden-data-backup-source
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: vaultwarden-data-backup-source
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
sourcePVC: vaultwarden-data
|
||||
trigger:
|
||||
schedule: 0 4 * * *
|
||||
restic:
|
||||
pruneIntervalDays: 7
|
||||
repository: vaultwarden-data-backup-secret
|
||||
retain:
|
||||
hourly: 1
|
||||
daily: 3
|
||||
weekly: 2
|
||||
monthly: 2
|
||||
yearly: 4
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-block
|
||||
volumeSnapshotClassName: ceph-blockpool-snapshot
|
||||
@@ -103,11 +103,3 @@ postgres-18-cluster:
|
||||
# immediate: true
|
||||
# schedule: "0 0 4 * * SAT"
|
||||
# backupName: garage-remote
|
||||
volsync-target-data:
|
||||
pvcTarget: vaultwarden-data
|
||||
local:
|
||||
schedule: 0 0 0 * * *
|
||||
remote:
|
||||
schedule: 0 0 0 * * *
|
||||
external:
|
||||
schedule: 0 0 0 * * *
|
||||
|
||||
Reference in New Issue
Block a user