alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 6 Actions 4 Activity

Compare commits

base: alexlebens:4fee5503f06e09a77f8f7d99db6d37c38179ad2b
Branches Tags
alexlebens:main alexlebens:renovate/php-8.x alexlebens:renovate/volsync-0.x alexlebens:renovate/docker.io-postgres-18.x alexlebens:renovate/actions-checkout-6.x alexlebens:renovate/stalwartlabs-stalwart-0.x alexlebens:renovate/ollama-ollama-0.x
..
compare: alexlebens:main
Branches Tags
alexlebens:renovate/php-8.x alexlebens:renovate/volsync-0.x alexlebens:renovate/docker.io-postgres-18.x alexlebens:renovate/actions-checkout-6.x alexlebens:renovate/stalwartlabs-stalwart-0.x alexlebens:renovate/ollama-ollama-0.x alexlebens:main

12 Commits
4fee5503f0 ... main

Author SHA1 Message Date
Renovate Bot
8fc608dac2 Update searxng/searxng:latest Docker digest to 6a4ca30 (#2074)
All checks were successful
lint-test-helm / helm-lint (push) Successful in 8s
Details
renovate / renovate (push) Successful in 1m37s
Details
2025-11-21 12:02:05 +00:00
Renovate Bot
da8cb78afe Update searxng/searxng:latest Docker digest to 232d7fa (#2073)
All checks were successful
lint-test-helm / helm-lint (push) Successful in 8s
Details
renovate / renovate (push) Successful in 1m9s
Details
2025-11-21 11:02:15 +00:00
Renovate Bot
164ce5db1b Update searxng/searxng:latest Docker digest to 232d7fa (#2072)
Some checks failed
lint-test-helm / helm-lint (push) Failing after 4s
Details
renovate / renovate (push) Successful in 1m18s
Details
2025-11-21 10:02:30 +00:00
Renovate Bot
a2d3ad28ce Update searxng/searxng:latest Docker digest to c0505d4 (#2071)
All checks were successful
lint-test-helm / helm-lint (push) Successful in 9s
Details
renovate / renovate (push) Successful in 1m46s
Details
2025-11-21 08:06:57 +00:00
Alex Lebens
bd8f330441 add backups and data drive
All checks were successful
lint-test-helm / helm-lint (push) Successful in 9s
Details
renovate / renovate (push) Successful in 6m10s
Details
2025-11-20 22:14:06 -06:00
Alex Lebens
7555e81472 remove probe
Some checks failed
lint-test-helm / helm-lint (push) Successful in 8s
Details
renovate / renovate (push) Failing after 12m58s
Details
2025-11-20 16:31:15 -06:00
Alex Lebens
a0fa9acc50 update url
Some checks failed
lint-test-helm / helm-lint (push) Successful in 13s
Details
renovate / renovate (push) Has been cancelled
Details
2025-11-20 16:29:47 -06:00
Renovate Bot
4b3462f801 Update searxng/searxng:latest Docker digest to 31c349e (#2069)
All checks were successful
lint-test-helm / helm-lint (push) Successful in 9s
Details
renovate / renovate (push) Successful in 1m24s
Details
2025-11-20 22:03:22 +00:00
Renovate Bot
26df1c7ac7 Update directus/directus Docker tag to v11.13.3 (#2066)
All checks were successful
lint-test-helm / helm-lint (push) Successful in 9s
Details
renovate / renovate (push) Successful in 2m23s
Details
2025-11-20 19:03:07 +00:00
Renovate Bot
e4f3ca4bc1 Update Helm release tailscale-operator to v1.90.8 (#2068)
All checks were successful
lint-test-helm / helm-lint (push) Successful in 7s
Details
renovate / renovate (push) Successful in 2m21s
Details
2025-11-20 18:03:03 +00:00
Renovate Bot
17ba6011a7 Update hashicorp/vault Docker tag to v1.21.1 (#2067)
Some checks failed
lint-test-helm / helm-lint (push) Successful in 8s
Details
renovate / renovate (push) Has been cancelled
Details
2025-11-20 18:02:51 +00:00
Renovate Bot
e3ecbc8829 Update searxng/searxng:latest Docker digest to 7df1aac (#2065)
Some checks failed
lint-test-helm / helm-lint (push) Has been cancelled
Details
renovate / renovate (push) Has been cancelled
Details
2025-11-20 18:02:40 +00:00
8 changed files with 291 additions and 46 deletions
Expand all files Collapse all files

183
clusters/cl01tl/applications/booklore/templates/external-secret.yaml
View File

@@ -45,21 +45,21 @@ spec:
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
key: /volsync/restic/digital-ocean
metadataPolicy: None
property: S3_BUCKET_ENDPOINT
property: BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
key: /volsync/restic/digital-ocean
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
@@ -68,14 +68,185 @@ spec:
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: access_key
property: AWS_ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: secret_key
property: AWS_SECRET_ACCESS_KEY
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: booklore-data-backup-secret-local
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-data-backup-secret-local
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/booklore/booklore-data"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/garage-local
metadataPolicy: None
property: BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/garage-local
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: booklore-data-backup-secret-remote
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-data-backup-secret-remote
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/booklore/booklore-data"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/garage-remote
metadataPolicy: None
property: BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/garage-remote
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: booklore-data-backup-secret-external
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-data-backup-secret-external
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/booklore/booklore-data"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/digital-ocean
metadataPolicy: None
property: BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/digital-ocean
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: AWS_ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: AWS_SECRET_ACCESS_KEY
---
apiVersion: external-secrets.io/v1

84
clusters/cl01tl/applications/booklore/templates/replication-source.yaml
View File

@@ -24,3 +24,87 @@ spec:
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot
cacheCapacity: 10Gi
---
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: booklore-data-backup-source-local
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-data-backup-source-local
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: booklore-data
trigger:
schedule: 0 2 * * *
restic:
pruneIntervalDays: 7
repository: booklore-data-backup-secret-local
retain:
hourly: 1
daily: 3
weekly: 2
monthly: 2
yearly: 4
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot
cacheCapacity: 10Gi
---
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: booklore-data-backup-source-remote
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-data-backup-source-remote
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: booklore-data
trigger:
schedule: 0 3 * * *
restic:
pruneIntervalDays: 7
repository: booklore-data-backup-secret-remote
retain:
hourly: 1
daily: 3
weekly: 2
monthly: 2
yearly: 4
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot
cacheCapacity: 10Gi
---
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: booklore-data-backup-source-external
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-data-backup-source-external
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: booklore-data
trigger:
schedule: 0 4 * * *
restic:
pruneIntervalDays: 7
repository: booklore-data-backup-secret-external
retain:
hourly: 1
daily: 3
weekly: 2
monthly: 2
yearly: 4
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot
cacheCapacity: 10Gi

14
clusters/cl01tl/applications/booklore/templates/service.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
name: garage-ps10rp
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: garage-ps10rp
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
annotations:
tailscale.com/tailnet-fqdn: garage-ps10rp.boreal-beaufort.ts.net
spec:
externalName: placeholder
type: ExternalName

10
clusters/cl01tl/applications/booklore/values.yaml
View File

@@ -50,6 +50,16 @@ booklore:
main:
- path: /app/data
readOnly: false
data:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: true
advancedMounts:
main:
main:
- path: /data
readOnly: false
books:
existingClaim: booklore-books-nfs-storage
advancedMounts:

36
clusters/cl01tl/applications/ephemera/values.yaml
View File

@@ -13,7 +13,7 @@ ephemera:
pullPolicy: IfNotPresent
env:
- name: AA_BASE_URL
value: 8080
value: https://annas-archive.org
- name: AA_API_KEY
valueFrom:
secretKeyRef:
@@ -27,24 +27,6 @@ ephemera:
value: 0
- name: PGID
value: 0
probes:
liveness:
enabled: true
custom: true
spec:
exec:
command:
- CMD
- wget
- --no-verbose
- --tries=1
- --spider
- http://127.0.0.1:8286/health
failureThreshold: 5
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
resources:
requests:
cpu: 50m
@@ -63,22 +45,6 @@ ephemera:
value: none
- name: TZ
value: America/Chicago
probes:
liveness:
enabled: true
custom: true
spec:
exec:
command:
- CMD
- curl
- -f
- http://127.0.0.1:8191/health
failureThreshold: 5
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
resources:
requests:
cpu: 10m

4
clusters/cl01tl/applications/searxng/values.yaml
View File

@@ -9,7 +9,7 @@ searxng:
main:
image:
repository: searxng/searxng
tag: latest@sha256:b1abdaa492716699b839c7b38f052a2679681f7de756c4d8d3a7f9aa46b3a18b
tag: latest@sha256:6a4ca3058a439d96805b7340ae84dacce6ade5456c24a1dde0bc6415ad76c1c6
pullPolicy: IfNotPresent
env:
- name: SEARXNG_BASE_URL
@@ -43,7 +43,7 @@ searxng:
main:
image:
repository: searxng/searxng
tag: latest@sha256:b1abdaa492716699b839c7b38f052a2679681f7de756c4d8d3a7f9aa46b3a18b
tag: latest@sha256:6a4ca3058a439d96805b7340ae84dacce6ade5456c24a1dde0bc6415ad76c1c6
pullPolicy: IfNotPresent
env:
- name: SEARXNG_BASE_URL

4
clusters/cl01tl/platform/vault/values.yaml
View File

@@ -12,7 +12,7 @@ vault:
enabled: true
image:
repository: hashicorp/vault
tag: 1.21.0
tag: 1.21.1
updateStrategyType: "RollingUpdate"
logLevel: debug
logFormat: standard
@@ -170,7 +170,7 @@ snapshot:
snapshot:
image:
repository: hashicorp/vault
tag: 1.21.0
tag: 1.21.1
pullPolicy: IfNotPresent
command:
- /bin/ash

2
clusters/cl01tl/services/tailscale-operator/Chart.yaml
View File

@@ -17,7 +17,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: tailscale-operator
version: 1.90.6
version: 1.90.8
repository: https://pkgs.tailscale.com/helmcharts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tailscale-light.png
appVersion: v1.82.5