alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 8 Actions 1 Activity

Compare commits

base: alexlebens:62227a6b95c042b54be6012c05fe023e5b4a09b6
Branches Tags
alexlebens:main alexlebens:tmp/secrets-5 alexlebens:renovate/major-unified-grimmory alexlebens:renovate/unified-ui alexlebens:renovate/major-unified-vault alexlebens:renovate/unified-stalwartlabs alexlebens:renovate/unified-gitea alexlebens:renovate/unified-ntfy alexlebens:renovate/unified-cilium alexlebens:manifests
...
compare: alexlebens:tmp/secrets-5
Branches Tags
alexlebens:tmp/secrets-5 alexlebens:renovate/major-unified-grimmory alexlebens:renovate/unified-ui alexlebens:renovate/major-unified-vault alexlebens:renovate/unified-stalwartlabs alexlebens:renovate/unified-gitea alexlebens:renovate/unified-ntfy alexlebens:renovate/unified-cilium alexlebens:main alexlebens:manifests

92 Commits
62227a6b95 ... tmp/secret

Author SHA1 Message Date
Alex Lebens
8282c9a8fb feat: add more
Some checks are pending
lint-test-helm / lint-helm (pull_request) Waiting to run
Details
lint-test-helm / validate-kubeconform (pull_request) Blocked by required conditions
Details
lint-test-docker / lint-docker-compose (pull_request) Successful in 32s
Details
2026-04-22 17:44:05 -05:00
Alex Lebens
6e5435df6d feat: add matrix synapse
All checks were successful
lint-test-docker / lint-docker-compose (pull_request) Successful in 18s
Details
lint-test-helm / lint-helm (pull_request) Successful in 11m19s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 11m1s
Details
2026-04-22 17:19:58 -05:00
Alex Lebens
152f505392 feat: add more
All checks were successful
lint-test-docker / lint-docker-compose (pull_request) Successful in 1m29s
Details
lint-test-helm / lint-helm (pull_request) Successful in 14m5s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 15m47s
Details
2026-04-22 16:30:51 -05:00
Alex Lebens
ea88f7bedc feat: add kubelet-cerT
All checks were successful
lint-test-docker / lint-docker-compose (pull_request) Successful in 1m50s
Details
lint-test-helm / lint-helm (pull_request) Successful in 15m8s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 17m33s
Details
2026-04-22 15:55:48 -05:00
Alex Lebens
f99d2e89a1 feat: add prom
All checks were successful
lint-test-docker / lint-docker-compose (pull_request) Successful in 1m25s
Details
lint-test-helm / lint-helm (pull_request) Successful in 8m17s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 9m55s
Details
2026-04-22 15:50:30 -05:00
Alex Lebens
6b02b1d331 feat: remove 2026-04-22 15:50:30 -05:00
Alex Lebens
7116db2e89 fix: wrong indent 2026-04-22 15:50:30 -05:00
Alex Lebens
77e0319ec8 feat: Add ispon 2026-04-22 15:50:30 -05:00
Renovate Bot
b41ef0a840 chore(deps): update searxng/searxng:latest docker digest to 37c616a 2026-04-22 15:50:30 -05:00
Renovate Bot
f1137e7a58 chore(deps): update ghcr.io/linuxserver/lidarr:3.1.2-nightly docker digest to d17f32d 2026-04-22 15:50:30 -05:00
Alex Lebens
f2280ff40a feat: add more
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 12m40s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 14m29s
Details
2026-04-21 21:13:37 -05:00
Alex Lebens
e104eae55e feat: convert many
Some checks failed
lint-test-helm / lint-helm (pull_request) Successful in 9m13s
Details
lint-test-helm / validate-kubeconform (pull_request) Failing after 10m43s
Details
2026-04-21 20:47:16 -05:00
Alex Lebens
9918eb6363 Merge pull request 'chore(deps): update ghcr.io/open-webui/open-webui docker tag to v0.9.1' (#6130) from renovate/unified-open-webui into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 35s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 4m14s
Details 
Reviewed-on: #6130
 2026-04-22 00:52:00 +00:00
Renovate Bot
bc6372cfa4 chore(deps): update ghcr.io/open-webui/open-webui docker tag to v0.9.1
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 1m15s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 56s
Details
render-manifests / render-manifests (pull_request) Successful in 1m8s
Details
2026-04-21 17:13:28 +00:00
Renovate Bot
74e321b733 Merge pull request 'chore(deps): update kube-prometheus-stack docker tag to v83.7.0' (#6136) from renovate/unified-kube-prometheus-stack into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 50s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 13m40s
Details
2026-04-21 17:08:55 +00:00
Renovate Bot
f5471d4db8 chore(deps): update kube-prometheus-stack docker tag to v83.7.0
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 39s
Details
lint-test-helm / validate-kubeconform (pull_request) Has been skipped
Details
render-manifests / render-manifests (pull_request) Successful in 2m39s
Details
2026-04-21 17:08:29 +00:00
Renovate Bot
4bbd945378 Merge pull request 'chore(deps): update ghcr.io/renovatebot/renovate docker tag to v43.138.2' (#6134) from renovate/unified-renovate into main
Some checks failed
renovate / renovate (push) Has been cancelled
Details
2026-04-21 17:02:41 +00:00
Renovate Bot
9ff9d64727 chore(deps): update ghcr.io/renovatebot/renovate docker tag to v43.138.2
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
2026-04-21 17:01:53 +00:00
Alex Lebens
b4bcf34d84 Merge pull request 'feat: update sha' (#6132) from tmp/openbao-7 into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 1m4s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 4m31s
Details 
Reviewed-on: #6132
 2026-04-21 16:49:45 +00:00
Alex Lebens
0e1fcde5db feat: update sha 2026-04-21 16:49:45 +00:00
Alex Lebens
9e33ce41bf Merge pull request 'chore(deps): update grafana/grafana docker tag to v13' (#6128) from renovate/major-unified-grafana into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 22s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
render-manifests / render-manifests (push) Successful in 11m5s
Details
renovate / renovate (push) Successful in 7m51s
Details 
Reviewed-on: #6128
 2026-04-21 02:02:43 +00:00
Renovate Bot
9b97ae30ba chore(deps): update grafana/grafana docker tag to v13
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 31s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 31s
Details
render-manifests / render-manifests (pull_request) Successful in 1m5s
Details
2026-04-21 01:52:54 +00:00
Renovate Bot
771ef141d9 Merge pull request 'chore(deps): update grafana/grafana docker tag to v12.4.3' (#6126) from renovate/unified-grafana into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 28s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 1m52s
Details
2026-04-21 01:48:42 +00:00
Renovate Bot
96a823a2b4 chore(deps): update grafana/grafana docker tag to v12.4.3
All checks were successful
renovate/stability-days Updates have met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 31s
Details
lint-test-helm / validate-kubeconform (pull_request) Has been skipped
Details
render-manifests / render-manifests (pull_request) Successful in 2m25s
Details
2026-04-21 01:48:06 +00:00
Alex Lebens
59b3a2c669 ci: reconfigure
Some checks failed
renovate / renovate (push) Has been cancelled
Details
2026-04-20 20:45:59 -05:00
Alex Lebens
22c18b86ce Merge pull request 'chore(deps): update temporalio/ui docker tag to v2.48.4' (#6118) from renovate/unified-ui into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 51s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 2m59s
Details 
Reviewed-on: #6118
 2026-04-20 22:04:15 +00:00
Renovate Bot
c6c749a6fe chore(deps): update temporalio/ui docker tag to v2.48.4 2026-04-20 22:04:15 +00:00
Alex Lebens
db1139bb1f Merge pull request 'chore(deps): update openbao to v2.5.3' (#6115) from renovate/unified-openbao into main
Some checks failed
lint-test-helm / validate-kubeconform (push) Has been cancelled
Details
lint-test-helm / lint-helm (push) Has started running
Details
renovate / renovate (push) Has been cancelled
Details 
Reviewed-on: #6115
 2026-04-20 22:03:58 +00:00
Renovate Bot
9bfa8b229c chore(deps): update openbao to v2.5.3 2026-04-20 22:03:58 +00:00
Alex Lebens
83557ce445 Merge pull request 'fix: wrong path' (#6122) from tmp/secrets-4 into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 36s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 8m54s
Details 
Reviewed-on: #6122
 2026-04-20 21:26:34 +00:00
Alex Lebens
640b5b66fc fix: remove hyphen
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 29s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 35s
Details
render-manifests / render-manifests (pull_request) Successful in 2m4s
Details
2026-04-20 16:24:33 -05:00
Alex Lebens
55dc6c0dbe fix: wrong path
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 23s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 19s
Details
2026-04-20 16:21:05 -05:00
Renovate Bot
178cfe4f8f Merge pull request 'chore(deps): update ghcr.io/renovatebot/renovate docker tag to v43.136.0' (#6119) from renovate/unified-renovate into main
All checks were successful
renovate / renovate (push) Successful in 4m42s
Details
2026-04-20 21:18:41 +00:00
Renovate Bot
7d961227d5 chore(deps): update ghcr.io/renovatebot/renovate docker tag to v43.136.0 2026-04-20 21:18:41 +00:00
Renovate Bot
af0173b331 Merge pull request 'chore(deps): update plex to v1.43.1.10611-1e34174b1-ls302' (#6116) from renovate/unified-plex into main
Some checks failed
renovate / renovate (push) Has been cancelled
Details
lint-test-helm / lint-helm (push) Successful in 51s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
2026-04-20 21:17:27 +00:00
Renovate Bot
c030c64c9d chore(deps): update plex to v1.43.1.10611-1e34174b1-ls302 2026-04-20 21:17:27 +00:00
Renovate Bot
af84f2d215 Merge pull request 'chore(deps): update medialyze to v0.8.2' (#6114) from renovate/unified-medialyze into main
Some checks failed
lint-test-helm / lint-helm (push) Has been cancelled
Details
lint-test-helm / validate-kubeconform (push) Has been cancelled
Details
renovate / renovate (push) Has been cancelled
Details
2026-04-20 21:16:56 +00:00
Renovate Bot
6282b01ec1 chore(deps): update medialyze to v0.8.2 2026-04-20 21:16:56 +00:00
Renovate Bot
7075f33794 Merge pull request 'chore(deps): update dependency slskd/slskd to v0.25.1' (#6113) from renovate/unified-slskd into main
Some checks failed
lint-test-helm / validate-kubeconform (push) Has been cancelled
Details
lint-test-helm / lint-helm (push) Has been cancelled
Details
renovate / renovate (push) Has been cancelled
Details
2026-04-20 21:16:36 +00:00
Renovate Bot
101c6b6ed8 chore(deps): update dependency slskd/slskd to v0.25.1
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 30s
Details
render-manifests / render-manifests (pull_request) Successful in 58s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 2m33s
Details
2026-04-20 21:16:12 +00:00
Renovate Bot
293ae401b7 Merge pull request 'chore(deps): update excalidraw/excalidraw:latest docker digest to 20ffa04' (#6111) from renovate/unified-excalidraw into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 20s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 5m42s
Details
2026-04-20 21:03:28 +00:00
Renovate Bot
0fc3191aaf chore(deps): update excalidraw/excalidraw:latest docker digest to 20ffa04
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 22s
Details
lint-test-helm / validate-kubeconform (pull_request) Has been skipped
Details
render-manifests / render-manifests (pull_request) Successful in 59s
Details
2026-04-20 21:03:10 +00:00
Alex Lebens
43df70c792 ci: reconfigure
All checks were successful
renovate / renovate (push) Successful in 3m7s
Details
2026-04-20 15:18:49 -05:00
Alex Lebens
dbdde03825 Merge pull request 'feat: use helper' (#6104) from tmp/secrets-3 into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 52s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details 
Reviewed-on: #6104
 2026-04-20 20:16:25 +00:00
Alex Lebens
a2aa2f465d ci: reconfigure 2026-04-20 20:16:25 +00:00
Alex Lebens
a8a63a82d7 feat: use common 'custom' namespace for helper' 2026-04-20 20:16:25 +00:00
Alex Lebens
3fef47cdf0 fix: wrong mapping 2026-04-20 20:16:25 +00:00
Alex Lebens
e10689c5e5 feat: remove commented files 2026-04-20 20:16:25 +00:00
Alex Lebens
78a15b266c feat: use helper 2026-04-20 20:16:25 +00:00
Alex Lebens
4f297c932f Merge pull request 'chore(deps): update tdarr to v2.70.01' (#6106) from renovate/unified-tdarr into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 23s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 4m15s
Details 
Reviewed-on: #6106
 2026-04-20 20:10:24 +00:00
Renovate Bot
f808bd9676 chore(deps): update tdarr to v2.70.01
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 33s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 40s
Details
render-manifests / render-manifests (pull_request) Successful in 2m14s
Details
2026-04-20 08:03:48 +00:00
Alex Lebens
3e6cd3df24 Merge pull request 'chore(deps): update medialyze to v0.8.0' (#6105) from renovate/unified-medialyze into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 24s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
render-manifests / render-manifests (push) Successful in 12m26s
Details
renovate / renovate (push) Successful in 2m1s
Details 
Reviewed-on: #6105
 2026-04-20 02:09:42 +00:00
Renovate Bot
70f1dac7c6 chore(deps): update medialyze to v0.8.0
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 37s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 43s
Details
render-manifests / render-manifests (pull_request) Successful in 1m26s
Details
2026-04-20 02:04:52 +00:00
Renovate Bot
00d5109152 Merge pull request 'chore(deps): update radarr to v6.1.1.10360-ls300' (#6102) from renovate/unified-radarr into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 1m11s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 4m35s
Details
2026-04-20 01:22:26 +00:00
Renovate Bot
9a68f8cf6a chore(deps): update radarr to v6.1.1.10360-ls300
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 50s
Details
lint-test-helm / validate-kubeconform (pull_request) Has been skipped
Details
render-manifests / render-manifests (pull_request) Successful in 1m14s
Details
2026-04-20 01:21:37 +00:00
Renovate Bot
753b67533d Merge pull request 'chore(deps): update harbor.alexlebens.net/images/site-profile docker tag to v3.18.5' (#6100) from renovate/unified-site-profile into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 56s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details
2026-04-20 01:17:39 +00:00
Renovate Bot
a7771493a9 chore(deps): update harbor.alexlebens.net/images/site-profile docker tag to v3.18.5 2026-04-20 01:17:39 +00:00
Renovate Bot
eb4cf892f4 Merge pull request 'chore(deps): update ghcr.io/renovatebot/renovate docker tag to v43.132.1' (#6099) from renovate/unified-renovate into main
Some checks failed
renovate / renovate (push) Has been cancelled
Details
2026-04-20 01:17:20 +00:00
Renovate Bot
fa47afea3a chore(deps): update ghcr.io/renovatebot/renovate docker tag to v43.132.1
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
2026-04-20 01:16:58 +00:00
Renovate Bot
b5429bebea Merge pull request 'chore(deps): update audiobookshelf to v2.33.2' (#6097) from renovate/unified-audiobookshelf into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 34s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details
2026-04-20 01:14:23 +00:00
Renovate Bot
345a234be9 chore(deps): update audiobookshelf to v2.33.2
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 21s
Details
render-manifests / render-manifests (pull_request) Successful in 1m0s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 54s
Details
2026-04-20 01:13:53 +00:00
Alex Lebens
70917add01 Merge pull request 'feat: migrate to openbao' (#6095) from tmp/secrets-2 into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 56s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details 
Reviewed-on: #6095
 2026-04-20 01:09:28 +00:00
Alex Lebens
d40151ca3e feat: migrate to openbao 2026-04-20 01:09:28 +00:00
Alex Lebens
10917de337 Merge pull request 'chore(deps): update harbor.alexlebens.net/images/site-documentation docker tag to v0.27.0' (#6094) from renovate/unified-site-documentation into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 21s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details 
Reviewed-on: #6094
 2026-04-20 01:06:41 +00:00
Renovate Bot
7dcf32875a chore(deps): update harbor.alexlebens.net/images/site-documentation docker tag to v0.27.0
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 32s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 47s
Details
render-manifests / render-manifests (pull_request) Successful in 45s
Details
2026-04-20 00:03:45 +00:00
Alex Lebens
775f408383 Merge pull request 'feat: change mount path' (#6092) from tmp/slskd-10 into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 45s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 4m32s
Details 
Reviewed-on: #6092
 2026-04-19 22:33:41 +00:00
Alex Lebens
01090eda72 feat: change mount path
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 53s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 48s
Details
render-manifests / render-manifests (pull_request) Successful in 3m10s
Details
2026-04-19 17:32:23 -05:00
Alex Lebens
b1db8003fa Merge pull request 'feat: change parameter' (#6090) from tmp/slskd-9 into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 35s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 3m45s
Details 
Reviewed-on: #6090
 2026-04-19 22:25:44 +00:00
Alex Lebens
aaf26450c1 feat: change parameter
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 52s
Details
lint-test-helm / validate-kubeconform (pull_request) Has been skipped
Details
render-manifests / render-manifests (pull_request) Successful in 1m11s
Details
2026-04-19 17:23:06 -05:00
Alex Lebens
6f0f7027be Merge pull request 'fix: wrong path' (#6088) from tmp/slskd-8 into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 39s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 3m55s
Details 
Reviewed-on: #6088
 2026-04-19 22:08:50 +00:00
Alex Lebens
baa65fa99c fix: wrong path
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 49s
Details
render-manifests / render-manifests (pull_request) Successful in 51s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 42s
Details
2026-04-19 17:07:28 -05:00
Alex Lebens
5c0b667aad Merge pull request 'fix: extend path to engine name' (#6086) from tmp/slskd-6 into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 1m37s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 2m29s
Details 
Reviewed-on: #6086
 2026-04-19 21:54:01 +00:00
Alex Lebens
e85cc055bb fix: extend path to engine name
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 44s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 46s
Details
render-manifests / render-manifests (pull_request) Successful in 1m25s
Details
2026-04-19 16:50:08 -05:00
Alex Lebens
ad27b57adb Merge pull request 'feat: use openbao provider' (#6084) from tmp/slskd-5 into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 1m21s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 2m35s
Details 
Reviewed-on: #6084
 2026-04-19 21:44:56 +00:00
Alex Lebens
7237534b19 feat: use openbao provider
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 45s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 27s
Details
render-manifests / render-manifests (pull_request) Successful in 53s
Details
2026-04-19 16:42:55 -05:00
Alex Lebens
ffc42fc585 Merge pull request 'feat: fix parameter' (#6082) from tmp/slskd-4 into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 1m59s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 2m59s
Details 
Reviewed-on: #6082
 2026-04-19 21:36:19 +00:00
Alex Lebens
774b272db9 feat: merge
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 40s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 50s
Details
render-manifests / render-manifests (pull_request) Successful in 2m1s
Details
2026-04-19 16:35:47 -05:00
Alex Lebens
e35a110ef9 Merge pull request 'feat: add address' (#6080) from tmp/slskd-3 into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 1m8s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 3m59s
Details 
Reviewed-on: #6080
 2026-04-19 21:30:43 +00:00
Alex Lebens
0848f39c44 feat: add address
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 30s
Details
lint-test-helm / validate-kubeconform (pull_request) Has been skipped
Details
render-manifests / render-manifests (pull_request) Successful in 51s
Details
2026-04-19 16:29:32 -05:00
Alex Lebens
a6c52589b8 Merge pull request 'feat: use service account' (#6078) from tmp/slskd-2 into main
All checks were successful
renovate / renovate (push) Successful in 11m6s
Details
lint-test-helm / lint-helm (push) Successful in 19m25s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details 
Reviewed-on: #6078
 2026-04-19 21:09:00 +00:00
Alex Lebens
e43cc404b0 feat: use service account
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 25s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 22s
Details
render-manifests / render-manifests (pull_request) Successful in 1m32s
Details
2026-04-19 16:05:01 -05:00
Alex Lebens
d682091fde Merge pull request 'tmp/slskd' (#6076) from tmp/slskd into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 3m7s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 2m29s
Details 
Reviewed-on: #6076
 2026-04-19 20:50:34 +00:00
Alex Lebens
f587bd1e88 feat: use protonvpn
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 27s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 36s
Details
render-manifests / render-manifests (pull_request) Successful in 1m26s
Details
2026-04-19 15:42:44 -05:00
Alex Lebens
9c210bdd05 feat: use csi secret 2026-04-19 15:32:32 -05:00
Alex Lebens
5d9036d2fe Merge pull request 'tmp/fix-3' (#6073) from tmp/fix-3 into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 5m54s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 2m50s
Details 
Reviewed-on: #6073
 2026-04-19 17:06:30 +00:00
Alex Lebens
a0bef9dc57 feat: remove surge values
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 8m40s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 1m5s
Details
render-manifests / render-manifests (pull_request) Successful in 10m50s
Details
2026-04-19 11:50:29 -05:00
Alex Lebens
7866dfd9db feat: rollback to 1.25.5 2026-04-19 11:50:09 -05:00
Renovate Bot
9107424678 Merge pull request 'chore(deps): update g33kphr33k/musicgrabber docker tag to v2.6.5' (#6071) from renovate/unified-musicgrabber into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 2m15s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 9m14s
Details
2026-04-19 16:04:53 +00:00
Renovate Bot
d7f85c780b chore(deps): update g33kphr33k/musicgrabber docker tag to v2.6.5 2026-04-19 16:04:53 +00:00
Alex Lebens
f0872ba801 Merge pull request 'chore(deps): update gitea to v1.26.0' (#6044) from renovate/unified-gitea into main
Some checks failed
lint-test-docker / lint-docker-compose (push) Successful in 1m15s
Details
lint-test-helm / validate-kubeconform (push) Has been cancelled
Details
lint-test-helm / lint-helm (push) Has been cancelled
Details
renovate / renovate (push) Has been cancelled
Details 
Reviewed-on: #6044
 2026-04-19 16:03:10 +00:00
Renovate Bot
c0a53e8e13 chore(deps): update gitea to v1.26.0 2026-04-19 16:03:10 +00:00
Alex Lebens
3fa8ca84f3 Merge pull request 'chore(deps): update dependency slskd/slskd to v0.25.0' (#6062) from renovate/unified-slskd into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 1m57s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 4m45s
Details 
Reviewed-on: #6062
 2026-04-19 15:57:53 +00:00
376 changed files with 3046 additions and 1918 deletions
Expand all files Collapse all files

36
.gitea/workflows/lint-test-helm.yaml
View File

@@ -482,6 +482,7 @@ jobs:
# echo ">> Render templates for ${APP_NAME} ..." # echo ">> Render templates for ${APP_NAME} ..."
# CHART_PATH="clusters/${CLUSTER}/helm/${APP_NAME}" # CHART_PATH="clusters/${CLUSTER}/helm/${APP_NAME}"
# OUTPUT_FOLDER="clusters/${CLUSTER}/manifests/${APP_NAME}/" # OUTPUT_FOLDER="clusters/${CLUSTER}/manifests/${APP_NAME}/"
# mkdir -p "${OUTPUT_FOLDER}"
# helm dependency build "${CHART_PATH}" --skip-refresh # helm dependency build "${CHART_PATH}" --skip-refresh
@@ -499,7 +500,7 @@ jobs:
# echo ">> Standard Rendering ..." # echo ">> Standard Rendering ..."
# esac # esac
# TEMPLATE=$(helm template "${APP_NAME}" "${CHART_PATH}" --include-crds --namespace "${NAMESPACE}" --include-crds --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor") # TEMPLATE=$(helm template "${APP_NAME}" "${CHART_PATH}" --include-crds --namespace "${NAMESPACE}" --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor")
# # Format and split rendered template # # Format and split rendered template
# echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"' # echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
@@ -526,29 +527,38 @@ jobs:
# run: | # run: |
# FAILED_CHARTS="" # FAILED_CHARTS=""
# DIFF_FOUND="false" # DIFF_FOUND="false"
# EXIT_CODE=0
# for APP_NAME in ${CHANGED_CHARTS}; do # for APP_NAME in ${CHANGED_CHARTS}; do
# echo ">> Running argocd app diff for ${APP_NAME} ..." # echo ">> Running argocd app diff for ${APP_NAME} ..."
# argocd app diff "${APP_NAME}" \ # if ! argocd app diff "${APP_NAME}" \
# --server "${ARGOCD_SERVER}" \ # --server "${ARGOCD_SERVER}" \
# --revision ${{ gitea.sha }} \ # --auth-token "${ARGOCD_AUTH_TOKEN}" \
# --diff-exit-code 0 \ # --revision ${{ github.sha }} \
# --local "clusters/${CLUSTER}/manifests/${APP_NAME}" \ # --local "clusters/${CLUSTER}/manifests/${APP_NAME}" \
# --local-repo-root "." \ # --local-repo-root "." \
# --grpc-web > "diff_output_${APP_NAME}.txt" # --grpc-web > "diff_output_${APP_NAME}.txt" 2>&1; then
# # ArgoCD diff returns non-zero on diff or error.
# # Let's capture if it actually generated a diff output to post.
# DIFF_FOUND="true"
# # Check if the output contains validation/connection errors
# if grep -iE 'error|failed|connection refused|timeout' "diff_output_${APP_NAME}.txt"; then
# echo ">> ArgoCD encountered an error validating ${APP_NAME}!"
# EXIT_CODE=1
# FAILED_CHARTS="${FAILED_CHARTS} ${APP_NAME}"
# fi
# fi
# if [ -s "diff_output_${APP_NAME}.txt" ]; then # if [ -s "diff_output_${APP_NAME}.txt" ]; then
# echo ">> Argo diff:" # echo ">> Argo diff or errors:"
# echo "" # echo ""
# cat diff_output_${APP_NAME}.txt # cat diff_output_${APP_NAME}.txt
# echo "" # echo ""
# DIFF_FOUND="true"
# else # else
# echo ">> No Argo diff found for ${APP_NAME}" # echo ">> No Argo diff found for ${APP_NAME}"
# rm "diff_output_${APP_NAME}.txt" # rm "diff_output_${APP_NAME}.txt"
# fi # fi
# done # done
@@ -556,13 +566,13 @@ jobs:
# echo "diff-detected=${DIFF_FOUND}" >> "$GITHUB_OUTPUT" # echo "diff-detected=${DIFF_FOUND}" >> "$GITHUB_OUTPUT"
# echo "failed-charts=${FAILED_CHARTS}" >> "$GITHUB_OUTPUT" # echo "failed-charts=${FAILED_CHARTS}" >> "$GITHUB_OUTPUT"
# exit $OVERALL_EXIT_CODE # exit $EXIT_CODE
# - name: Post Diff # - name: Post Diff
# if: | # if: |
# always() && # always() &&
# steps.diff.outputs.diff-detected == 'true' && # steps.diff.outputs.diff-detected == 'true' &&
# gitea.event.pull_request.number != null # github.event.pull_request.number != null
# env: # env:
# GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} # GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
# run: | # run: |
@@ -588,7 +598,7 @@ jobs:
# done # done
# curl -X 'POST' \ # curl -X 'POST' \
# "${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/issues/${{ gitea.event.pull_request.number }}/comments" \ # "${{ github.server_url }}/api/v1/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments" \
# -H "Authorization: token ${GITEA_TOKEN}" \ # -H "Authorization: token ${GITEA_TOKEN}" \
# -H "Content-Type: application/json" \ # -H "Content-Type: application/json" \
# -d "$(jq -n --arg body "$COMMENT_BODY" '{body: $body}')" # -d "$(jq -n --arg body "$COMMENT_BODY" '{body: $body}')"

2
.gitea/workflows/renovate.yaml
View File

@@ -13,7 +13,7 @@ on:
jobs: jobs:
renovate: renovate:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: ghcr.io/renovatebot/renovate:43.132.0@sha256:fc54bbc724d1924fa72c331729eefb5acd1385a9ce30617b0264a7fb4b8878da container: ghcr.io/renovatebot/renovate:43.138.2@sha256:79765b2442117d5c87e17456aa79ae54b4e0e2a4d9212a10508e233706375556
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

14
clusters/cl01tl/helm/actual/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,14 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

6
clusters/cl01tl/helm/argocd/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: argo-cd - name: argo-cd
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
version: 9.5.1 version: 9.5.2
digest: sha256:52a9bcfdc287dac30b8833cd34654b7e62c864aa3d23bda7644a8acf5f75eb78 digest: sha256:5d9e6405ee944bf94df6af247164ebb9b8899144853b9a7eafabe8606affe84e
generated: "2026-04-16T15:57:15.168206017Z" generated: "2026-04-19T19:53:40.43789-05:00"

14
clusters/cl01tl/helm/argocd/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,14 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

52
clusters/cl01tl/helm/argocd/templates/external-secret.yaml
View File

@@ -1,70 +1,40 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: argocd-oidc-secret name: argocd-oidc-authentik
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: argocd-oidc-secret app.kubernetes.io/name: argocd-oidc-authentik
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
key: /authentik/oidc/argocd key: /cl01tl/authentik/oidc/argocd
property: secret property: secret
- secretKey: client - secretKey: client
remoteRef: remoteRef:
key: /authentik/oidc/argocd key: /cl01tl/authentik/oidc/argocd
property: client property: client
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: argocd-notifications-secret name: argocd-notifications-ntfy
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: argocd-notifications-secret app.kubernetes.io/name: argocd-notifications-ntfy
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: ntfy-token - secretKey: ntfy-token
remoteRef: remoteRef:
key: /ntfy/user/cl01tl key: /cl01tl/ntfy/users/cl01tl
property: token property: token
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: argocd-gitea-repo-infrastructure-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: argocd-gitea-repo-infrastructure-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: type
remoteRef:
key: /cl01tl/argocd/credentials/repo/infrastructure
property: type
- secretKey: url
remoteRef:
key: /cl01tl/argocd/credentials/repo/infrastructure
property: url
- secretKey: sshPrivateKey
remoteRef:
key: /cl01tl/argocd/credentials/repo/infrastructure
property: sshPrivateKey

6
clusters/cl01tl/helm/argocd/values.yaml
View File

@@ -13,8 +13,8 @@ argo-cd:
connectors: connectors:
- config: - config:
issuer: https://authentik.alexlebens.net/application/o/argocd/ issuer: https://authentik.alexlebens.net/application/o/argocd/
clientID: $argocd-oidc-secret:client clientID: $argocd-oidc-authentik:client
clientSecret: $argocd-oidc-secret:secret clientSecret: $argocd-oidc-authentik:secret
insecureEnableGroups: true insecureEnableGroups: true
scopes: scopes:
- openid - openid
@@ -205,7 +205,7 @@ argo-cd:
argocdUrl: https://argocd.alexlebens.net argocdUrl: https://argocd.alexlebens.net
secret: secret:
create: false create: false
name: argocd-notifications-secret name: argocd-notifications-ntfy
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:

2
clusters/cl01tl/helm/audiobookshelf/Chart.yaml
View File

@@ -32,4 +32,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png
# renovate: datasource=github-releases depName=advplyr/audiobookshelf # renovate: datasource=github-releases depName=advplyr/audiobookshelf
appVersion: 2.33.1 appVersion: 2.33.2

27
clusters/cl01tl/helm/audiobookshelf/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,27 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "custom.booksNfsName" -}}
audiobookshelf-books-nfs-storage
{{- end -}}
{{- define "custom.audiobooksNfsName" -}}
audiobookshelf-audiobooks-nfs-storage
{{- end -}}
{{- define "custom.podcastsNfsName" -}}
audiobookshelf-podcasts-nfs-storage
{{- end -}}

21
clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml
View File

@@ -1,18 +1,23 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: audiobookshelf-apprise-config name: audiobookshelf-config-apprise
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: audiobookshelf-apprise-config app.kubernetes.io/name: audiobookshelf-config-apprise
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
target:
template:
mergePolicy: Merge
engineVersion: v2
data: data:
- secretKey: ntfy-url ntfy-url: "{{ `{{ .endpoint }}` }}/audiobookshelf"
data:
- secretKey: endpoint
remoteRef: remoteRef:
key: /cl01tl/audiobookshelf/apprise key: /cl01tl/ntfy/users/cl01tl
property: ntfy-url property: internal-endpoint-credential

27
clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume-claim.yaml
View File

@@ -1,14 +1,13 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: audiobookshelf-books-nfs-storage name: {{ include "custom.booksNfsName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: audiobookshelf-books-nfs-storage app.kubernetes.io/name: {{ include "custom.booksNfsName" . }}
app.kubernetes.io/instance: {{ .Release.Name }} {{ include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: audiobookshelf-books-nfs-storage volumeName: {{ include "custom.booksNfsName" . }}
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany
@@ -20,14 +19,13 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: audiobookshelf-audiobooks-nfs-storage name: {{ include "custom.audiobooksNfsName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage app.kubernetes.io/name: {{ include "custom.audiobooksNfsName" . }}
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: audiobookshelf-audiobooks-nfs-storage volumeName: {{ include "custom.audiobooksNfsName" . }}
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany
@@ -39,14 +37,13 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: audiobookshelf-podcasts-nfs-storage name: {{ include "custom.podcastsNfsName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage app.kubernetes.io/name: {{ include "custom.podcastsNfsName" . }}
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: audiobookshelf-podcasts-nfs-storage volumeName: {{ include "custom.podcastsNfsName" . }}
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany

21
clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume.yaml
View File

@@ -1,12 +1,11 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: audiobookshelf-books-nfs-storage name: {{ include "custom.booksNfsName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: audiobookshelf-books-nfs-storage app.kubernetes.io/name: {{ include "custom.booksNfsName" . }}
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client storageClassName: nfs-client
@@ -26,12 +25,11 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: audiobookshelf-audiobooks-nfs-storage name: {{ include "custom.audiobooksNfsName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage app.kubernetes.io/name: {{ include "custom.audiobooksNfsName" . }}
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client storageClassName: nfs-client
@@ -51,12 +49,11 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: audiobookshelf-podcasts-nfs-storage name: {{ include "custom.podcastsNfsName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage app.kubernetes.io/name: {{ include "custom.podcastsNfsName" . }}
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client storageClassName: nfs-client

4
clusters/cl01tl/helm/audiobookshelf/values.yaml
View File

@@ -12,7 +12,7 @@ audiobookshelf:
main: main:
image: image:
repository: ghcr.io/advplyr/audiobookshelf repository: ghcr.io/advplyr/audiobookshelf
tag: 2.33.1@sha256:a4a5841bba093d81e5f4ad1eaedb4da3fda6dbb2528c552349da50ad1f7ae708 tag: 2.33.2@sha256:a44ed89b3e845faa1f7d353f2cc89b2fcd8011737dd14075fa963cf9468da3a5
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago
@@ -40,7 +40,7 @@ audiobookshelf:
- name: APPRISE_STATELESS_URLS - name: APPRISE_STATELESS_URLS
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: audiobookshelf-apprise-config name: audiobookshelf-config-apprise
key: ntfy-url key: ntfy-url
service: service:
main: main:

14
clusters/cl01tl/helm/authentik/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,14 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

9
clusters/cl01tl/helm/authentik/templates/external-secret.yaml
View File

@@ -1,16 +1,15 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: authentik-key-secret name: authentik-key
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: authentik-key-secret app.kubernetes.io/name: authentik-key
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: key - secretKey: key
remoteRef: remoteRef:

9
clusters/cl01tl/helm/authentik/templates/ingress.yaml
View File

@@ -1,12 +1,11 @@
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
metadata: metadata:
name: authentik-tailscale name: {{ .Release.Name }}-tailscale
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: authentik-tailscale app.kubernetes.io/name: {{ .Release.Name }}-tailscale
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
tailscale.com/proxy-class: no-metrics tailscale.com/proxy-class: no-metrics
annotations: annotations:
tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true" tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
@@ -26,4 +25,4 @@ spec:
service: service:
name: authentik-server name: authentik-server
port: port:
number: 80 name: http

3
clusters/cl01tl/helm/authentik/templates/reference-grant.yaml
View File

@@ -5,8 +5,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: allow-outpost-cross-namespace-access app.kubernetes.io/name: allow-outpost-cross-namespace-access
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
from: from:
- group: gateway.networking.k8s.io - group: gateway.networking.k8s.io

2
clusters/cl01tl/helm/authentik/values.yaml
View File

@@ -4,7 +4,7 @@ authentik:
- name: AUTHENTIK_SECRET_KEY - name: AUTHENTIK_SECRET_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: authentik-key-secret name: authentik-key
key: key key: key
- name: AUTHENTIK_POSTGRESQL__HOST - name: AUTHENTIK_POSTGRESQL__HOST
valueFrom: valueFrom:

24
clusters/cl01tl/helm/backrest/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,24 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "custom.storageNfsName" -}}
backrest-nfs-storage
{{- end -}}
{{- define "custom.shareNfsName" -}}
backrest-nfs-share
{{- end -}}

18
clusters/cl01tl/helm/backrest/templates/persistent-volume-claim.yaml
View File

@@ -1,14 +1,13 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: backrest-nfs-storage name: {{ include "custom.storageNfsName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: backrest-nfs-storage app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: backrest-nfs-storage volumeName: {{ include "custom.storageNfsName" . }}
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany
@@ -20,14 +19,13 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: backrest-nfs-share name: {{ include "custom.shareNfsName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: backrest-nfs-share app.kubernetes.io/name: {{ include "custom.shareNfsName" . }}
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: backrest-nfs-share volumeName: {{ include "custom.shareNfsName" . }}
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany

14
clusters/cl01tl/helm/backrest/templates/persistent-volume.yaml
View File

@@ -1,12 +1,11 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: backrest-nfs-storage name: {{ include "custom.storageNfsName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: backrest-nfs-storage app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client storageClassName: nfs-client
@@ -26,12 +25,11 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: backrest-nfs-share name: {{ include "custom.shareNfsName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: backrest-nfs-share app.kubernetes.io/name: {{ include "custom.shareNfsName" . }}
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client storageClassName: nfs-client

21
clusters/cl01tl/helm/bazarr/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,21 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "custom.storageNfsName" -}}
bazarr-nfs-storage
{{- end -}}

9
clusters/cl01tl/helm/bazarr/templates/external-secret.yaml
View File

@@ -1,16 +1,15 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: bazarr-key-secret name: bazarr-key
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: bazarr-key-secret app.kubernetes.io/name: bazarr-key
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: key - secretKey: key
remoteRef: remoteRef:

9
clusters/cl01tl/helm/bazarr/templates/persistent-volume-claim.yaml
View File

@@ -1,14 +1,13 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: bazarr-nfs-storage name: {{ include "custom.storageNfsName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: bazarr-nfs-storage app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: bazarr-nfs-storage volumeName: {{ include "custom.storageNfsName" . }}
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany

7
clusters/cl01tl/helm/bazarr/templates/persistent-volume.yaml
View File

@@ -1,12 +1,11 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: bazarr-nfs-storage name: {{ include "custom.storageNfsName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: bazarr-nfs-storage app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client storageClassName: nfs-client

2
clusters/cl01tl/helm/bazarr/values.yaml
View File

@@ -39,7 +39,7 @@ bazarr:
- name: APIKEY - name: APIKEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: bazarr-key-secret name: bazarr-key
key: key key: key
- name: ENABLE_ADDITIONAL_METRICS - name: ENABLE_ADDITIONAL_METRICS
value: false value: false

14
clusters/cl01tl/helm/blocky/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,14 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

24
clusters/cl01tl/helm/cert-manager/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,24 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "custom.cloudflareSecretName" -}}
cert-manager-cloudflare-api-token
{{- end -}}
{{- define "custom.cloudflareSecretKey" -}}
api-token
{{- end -}}

7
clusters/cl01tl/helm/cert-manager/templates/cluster-issuer.yaml
View File

@@ -5,8 +5,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: letsencrypt-issuer app.kubernetes.io/name: letsencrypt-issuer
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
acme: acme:
email: alexanderlebens@gmail.com email: alexanderlebens@gmail.com
@@ -22,5 +21,5 @@ spec:
cloudflare: cloudflare:
email: alexanderlebens@gmail.com email: alexanderlebens@gmail.com
apiTokenSecretRef: apiTokenSecretRef:
name: cloudflare-api-token name: {{ include "custom.cloudflareSecretName" . }}
key: api-token key: {{ include "custom.cloudflareSecretKey" . }}

13
clusters/cl01tl/helm/cert-manager/templates/external-secret.yaml
View File

@@ -1,18 +1,17 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: cloudflare-api-token name: {{ include "custom.cloudflareSecretName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: cloudflare-api-token app.kubernetes.io/name: {{ include "custom.cloudflareSecretName" . }}
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: api-token - secretKey: {{ include "custom.cloudflareSecretKey" . }}
remoteRef: remoteRef:
key: /cloudflare/alexlebens.net/clusterissuer key: /cloudflare/alexlebens.net/cl01tl-issuer-certificate
property: token property: token

14
clusters/cl01tl/helm/cilium/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,14 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

19
clusters/cl01tl/helm/cilium/templates/cilium-bgp-advertisement.yaml
View File

@@ -1,19 +0,0 @@
# apiVersion: cilium.io/v2
# kind: CiliumBGPAdvertisement
# metadata:
# name: cilium-bgp-advertisements
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: cilium-bgp-advertisements
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# advertisements:
# - advertisementType: "Service"
# service:
# addresses:
# - ExternalIP
# - LoadBalancerIP
# selector:
# matchExpressions:
# - {key: somekey, operator: NotIn, values: ['never-used-value']}

22
clusters/cl01tl/helm/cilium/templates/cilium-bgp-cluster-config.yaml
View File

@@ -1,22 +0,0 @@
# apiVersion: cilium.io/v2
# kind: CiliumBGPClusterConfig
# metadata:
# name: cilium-bgp
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: cilium-bgp
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# nodeSelector:
# matchLabels:
# node-role.kubernetes.io/bgp: "65020"
# bgpInstances:
# - name: "65020"
# localASN: 65020
# peers:
# - name: "udm-65000"
# peerASN: 65000
# peerAddress: 192.168.1.1
# peerConfigRef:
# name: "cilium-peer"

23
clusters/cl01tl/helm/cilium/templates/cilium-bgp-peer-config.yaml
View File

@@ -1,23 +0,0 @@
# apiVersion: cilium.io/v2
# kind: CiliumBGPPeerConfig
# metadata:
# name: cilium-peer
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: cilium-peer
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# timers:
# holdTimeSeconds: 9
# keepAliveTimeSeconds: 3
# ebgpMultihop: 4
# gracefulRestart:
# enabled: true
# restartTimeSeconds: 15
# families:
# - afi: ipv4
# safi: unicast
# advertisements:
# matchLabels:
# app.kubernetes.io/name: cilium-bgp-advertisements

6
clusters/cl01tl/helm/cilium/templates/cilium-load-balancer-ip-pool.yaml
View File

@@ -5,8 +5,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: default-ip-pool app.kubernetes.io/name: default-ip-pool
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
blocks: blocks:
- start: "10.232.1.21" - start: "10.232.1.21"
@@ -20,8 +19,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: bgp-ip-pool app.kubernetes.io/name: bgp-ip-pool
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
blocks: blocks:
- start: "10.232.2.100" - start: "10.232.2.100"

45
clusters/cl01tl/helm/cilium/templates/gateway.yaml
View File

@@ -1,45 +0,0 @@
# apiVersion: gateway.networking.k8s.io/v1
# kind: Gateway
# metadata:
# name: cilium-tls-gateway
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: cilium-tls-gateway
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }}
# annotations:
# cert-manager.io/cluster-issuer: letsencrypt-issuer
# spec:
# addresses:
# - type: IPAddress
# value: 10.232.1.23
# gatewayClassName: cilium
# listeners:
# - allowedRoutes:
# namespaces:
# from: All
# hostname: '*.alexlebens.net'
# name: https
# port: 443
# protocol: HTTPS
# tls:
# certificateRefs:
# - group: ''
# kind: Secret
# name: https-gateway-cert
# namespace: kube-system
# mode: Terminate
# - allowedRoutes:
# namespaces:
# from: All
# hostname: 'alexlebens.net'
# name: https-domain
# port: 443
# protocol: HTTPS
# tls:
# certificateRefs:
# - group: ''
# kind: Secret
# name: https-gateway-cert
# namespace: kube-system
# mode: Terminate

7
clusters/cl01tl/helm/cilium/templates/http-route.yaml
View File

@@ -5,8 +5,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: hubble app.kubernetes.io/name: hubble
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
parentRefs: parentRefs:
- group: gateway.networking.k8s.io - group: gateway.networking.k8s.io
@@ -21,8 +20,6 @@ spec:
type: PathPrefix type: PathPrefix
value: / value: /
backendRefs: backendRefs:
- group: '' - kind: Service
kind: Service
name: hubble-ui name: hubble-ui
port: 80 port: 80
weight: 100

14
clusters/cl01tl/helm/cloudnative-pg/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,14 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

14
clusters/cl01tl/helm/coredns/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,14 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

14
clusters/cl01tl/helm/dawarich/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,14 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

22
clusters/cl01tl/helm/dawarich/templates/external-secret.yaml
View File

@@ -1,16 +1,15 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: dawarich-key-secret name: dawarich-key
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: dawarich-key-secret app.kubernetes.io/name: dawarich-key
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: key - secretKey: key
remoteRef: remoteRef:
@@ -21,22 +20,21 @@ spec:
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: dawarich-oidc-secret name: dawarich-oidc-authentik
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: dawarich-oidc-secret app.kubernetes.io/name: dawarich-oidc-authentik
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: client - secretKey: client
remoteRef: remoteRef:
key: /authentik/oidc/dawarich key: /cl01tl/authentik/oidc/dawarich
property: client property: client
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
key: /authentik/oidc/dawarich key: /cl01tl/authentik/oidc/dawarich
property: secret property: secret

6
clusters/cl01tl/helm/dawarich/values.yaml
View File

@@ -61,12 +61,12 @@ dawarich:
- name: OIDC_CLIENT_ID - name: OIDC_CLIENT_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: dawarich-oidc-secret name: dawarich-oidc-authentik
key: client key: client
- name: OIDC_CLIENT_SECRET - name: OIDC_CLIENT_SECRET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: dawarich-oidc-secret name: dawarich-oidc-authentik
key: secret key: secret
- name: OIDC_PROVIDER_NAME - name: OIDC_PROVIDER_NAME
value: Authentik value: Authentik
@@ -81,7 +81,7 @@ dawarich:
- name: SECRET_KEY_BASE - name: SECRET_KEY_BASE
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: dawarich-key-secret name: dawarich-key
key: key key: key
- name: RAILS_LOG_TO_STDOUT - name: RAILS_LOG_TO_STDOUT
value: true value: true

14
clusters/cl01tl/helm/democratic-csi-synology-iscsi/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,14 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

9
clusters/cl01tl/helm/democratic-csi-synology-iscsi/templates/external-secret.yaml
View File

@@ -1,16 +1,15 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: synology-iscsi-config-secret name: synology-iscsi-config
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: synology-iscsi-config-secret app.kubernetes.io/name: synology-iscsi-config
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: driver-config-file.yaml - secretKey: driver-config-file.yaml
remoteRef: remoteRef:

7
clusters/cl01tl/helm/democratic-csi-synology-iscsi/templates/namespace.yaml
View File

@@ -1,11 +1,10 @@
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: democratic-csi-synology-iscsi name: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: democratic-csi-synology-iscsi app.kubernetes.io/name: {{ .Release.Namespace }}
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged pod-security.kubernetes.io/warn: privileged

2
clusters/cl01tl/helm/democratic-csi-synology-iscsi/values.yaml
View File

@@ -3,7 +3,7 @@ democratic-csi:
image: image:
registry: ghcr.io/democratic-csi/democratic-csi registry: ghcr.io/democratic-csi/democratic-csi
tag: v1.9.5@@sha256:fc3b7d7ed3a616714139525075312758e23a5d425ffb539ad12c9bd20fb6001f tag: v1.9.5@@sha256:fc3b7d7ed3a616714139525075312758e23a5d425ffb539ad12c9bd20fb6001f
existingConfigSecret: synology-iscsi-config-secret existingConfigSecret: synology-iscsi-config
config: config:
driver: synology-iscsi driver: synology-iscsi
resources: resources:

14
clusters/cl01tl/helm/descheduler/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,14 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

2
clusters/cl01tl/helm/directus/Chart.yaml
View File

@@ -5,7 +5,7 @@ description: Directus
keywords: keywords:
- directus - directus
- content-management-system - content-management-system
home: https://docs.alexlebens.dev/applications/descheduler/ home: https://docs.alexlebens.dev/applications/directus/
sources: sources:
- https://github.com/directus/directus - https://github.com/directus/directus
- https://github.com/directus/directus/pkgs/container/directus - https://github.com/directus/directus/pkgs/container/directus

14
clusters/cl01tl/helm/directus/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,14 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

133
clusters/cl01tl/helm/directus/templates/external-secret.yaml
View File

@@ -5,13 +5,20 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: directus-config app.kubernetes.io/name: directus-config
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: key
remoteRef:
key: /cl01tl/directus/key
property: key
- secretKey: secret
remoteRef:
key: /cl01tl/directus/key
property: secret
- secretKey: admin-email - secretKey: admin-email
remoteRef: remoteRef:
key: /cl01tl/directus/config key: /cl01tl/directus/config
@@ -20,38 +27,6 @@ spec:
remoteRef: remoteRef:
key: /cl01tl/directus/config key: /cl01tl/directus/config
property: admin-password property: admin-password
- secretKey: secret
remoteRef:
key: /cl01tl/directus/config
property: secret
- secretKey: key
remoteRef:
key: /cl01tl/directus/config
property: key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: OIDC_CLIENT_ID
remoteRef:
key: /authentik/oidc/directus
property: client
- secretKey: OIDC_CLIENT_SECRET
remoteRef:
key: /authentik/oidc/directus
property: secret
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
@@ -61,18 +36,67 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: directus-metric-token app.kubernetes.io/name: directus-metric-token
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: metric-token - secretKey: metric-token
remoteRef: remoteRef:
key: /cl01tl/directus/metrics key: /cl01tl/directus/metrics
property: metric-token property: metric-token
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-valkey-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-valkey-config
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: user
remoteRef:
key: /cl01tl/directus/valkey
property: user
- secretKey: password
remoteRef:
key: /cl01tl/directus/valkey
property: password
- secretKey: default
remoteRef:
key: /cl01tl/directus/valkey
property: password
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-oidc-authentik
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-oidc-authentik
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: OIDC_CLIENT_ID
remoteRef:
key: /cl01tl/authentik/oidc/directus
property: client
- secretKey: OIDC_CLIENT_SECRET
remoteRef:
key: /cl01tl/authentik/oidc/directus
property: secret
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
@@ -81,12 +105,11 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: directus-bucket-garage app.kubernetes.io/name: directus-bucket-garage
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: ACCESS_KEY_ID - secretKey: ACCESS_KEY_ID
remoteRef: remoteRef:
@@ -100,31 +123,3 @@ spec:
remoteRef: remoteRef:
key: /garage/home-infra/directus-assets key: /garage/home-infra/directus-assets
property: ACCESS_REGION property: ACCESS_REGION
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-valkey-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-valkey-config
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: default
remoteRef:
key: /cl01tl/directus/valkey
property: password
- secretKey: user
remoteRef:
key: /cl01tl/directus/valkey
property: user
- secretKey: password
remoteRef:
key: /cl01tl/directus/valkey
property: password

4
clusters/cl01tl/helm/directus/values.yaml
View File

@@ -113,12 +113,12 @@ directus:
- name: AUTH_AUTHENTIK_CLIENT_ID - name: AUTH_AUTHENTIK_CLIENT_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: directus-oidc-secret name: directus-oidc-authentik
key: OIDC_CLIENT_ID key: OIDC_CLIENT_ID
- name: AUTH_AUTHENTIK_CLIENT_SECRET - name: AUTH_AUTHENTIK_CLIENT_SECRET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: directus-oidc-secret name: directus-oidc-authentik
key: OIDC_CLIENT_SECRET key: OIDC_CLIENT_SECRET
- name: AUTH_AUTHENTIK_SCOPE - name: AUTH_AUTHENTIK_SCOPE
value: openid profile email value: openid profile email

14
clusters/cl01tl/helm/elastic-operator/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,14 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

14
clusters/cl01tl/helm/element-web/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,14 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

14
clusters/cl01tl/helm/eraser/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,14 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

2
clusters/cl01tl/helm/excalidraw/Chart.yaml
View File

@@ -5,7 +5,7 @@ description: Excalidraw
keywords: keywords:
- excalidraw - excalidraw
- drawing - drawing
home: https://docs.alexlebens.dev/applications/eraser/ home: https://docs.alexlebens.dev/applications/excalidraw/
sources: sources:
- https://github.com/excalidraw/excalidraw - https://github.com/excalidraw/excalidraw
- https://hub.docker.com/r/excalidraw/excalidraw - https://hub.docker.com/r/excalidraw/excalidraw

14
clusters/cl01tl/helm/excalidraw/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,14 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

2
clusters/cl01tl/helm/excalidraw/values.yaml
View File

@@ -8,7 +8,7 @@ excalidraw:
main: main:
image: image:
repository: excalidraw/excalidraw repository: excalidraw/excalidraw
tag: latest@sha256:3c2513e830bb6e195147c05b34ecf8393d0ba2b1cc86e93b407a5777d6135c6c tag: latest@sha256:20ffa04668e19616bb0c1b3632849e5cd96e0bc7a1336b73d9d072667f2c2854
env: env:
- name: NODE_ENV - name: NODE_ENV
value: production value: production

2
clusters/cl01tl/helm/external-dns/Chart.yaml
View File

@@ -5,7 +5,7 @@ description: External DNS
keywords: keywords:
- external-dns - external-dns
- dns - dns
home: https://docs.alexlebens.dev/applications/eraser/ home: https://docs.alexlebens.dev/applications/external-dns/
sources: sources:
- https://github.com/kubernetes-sigs/external-dns - https://github.com/kubernetes-sigs/external-dns
- https://explore.ggcr.dev/?repo=registry.k8s.io%2Fexternal-dns%2Fexternal-dns - https://explore.ggcr.dev/?repo=registry.k8s.io%2Fexternal-dns%2Fexternal-dns

14
clusters/cl01tl/helm/external-dns/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,14 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

36
clusters/cl01tl/helm/external-dns/templates/dns-endpoint.yaml
View File

@@ -5,8 +5,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: external-device-names app.kubernetes.io/name: external-device-names
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
endpoints: endpoints:
# Unifi UDM # Unifi UDM
@@ -48,8 +47,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: iot-device-names app.kubernetes.io/name: iot-device-names
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
endpoints: endpoints:
# Airgradient # Airgradient
@@ -82,6 +80,18 @@ spec:
recordType: A recordType: A
targets: targets:
- 10.230.0.100 - 10.230.0.100
# HD Homerun
- dnsName: dv01hr.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 10.232.1.72
# Pi KVM
- dnsName: dv02kv.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 10.232.1.71
--- ---
apiVersion: externaldns.k8s.io/v1alpha1 apiVersion: externaldns.k8s.io/v1alpha1
@@ -91,8 +101,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: server-host-names app.kubernetes.io/name: server-host-names
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
endpoints: endpoints:
# Unifi Gateway # Unifi Gateway
@@ -125,6 +134,18 @@ spec:
recordType: A recordType: A
targets: targets:
- 10.232.1.52 - 10.232.1.52
# Desktop
- dnsName: pd05wd.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 10.230.0.115
# Laptop
- dnsName: pl02mc.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 10.230.0.105
--- ---
apiVersion: externaldns.k8s.io/v1alpha1 apiVersion: externaldns.k8s.io/v1alpha1
@@ -134,8 +155,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: cluster-service-names app.kubernetes.io/name: cluster-service-names
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
endpoints: endpoints:
# Treafik Proxy # Treafik Proxy

5
clusters/cl01tl/helm/external-dns/templates/external-secret.yaml
View File

@@ -5,12 +5,11 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: external-dns-unifi-secret app.kubernetes.io/name: external-dns-unifi-secret
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: api-key - secretKey: api-key
remoteRef: remoteRef:

14
clusters/cl01tl/helm/external-secrets/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,14 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

5
clusters/cl01tl/helm/external-secrets/templates/cluster-role-binding.yaml
View File

@@ -5,13 +5,12 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: external-secrets app.kubernetes.io/name: external-secrets
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
name: system:auth-delegator name: system:auth-delegator
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: external-secrets name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}

10
clusters/cl01tl/helm/external-secrets/templates/cluster-secret-store.yaml
View File

@@ -5,8 +5,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: vault app.kubernetes.io/name: vault
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
provider: provider:
vault: vault:
@@ -26,8 +25,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: openbao app.kubernetes.io/name: openbao
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
provider: provider:
vault: vault:
@@ -39,7 +37,7 @@ spec:
mountPath: kubernetes mountPath: kubernetes
role: external-secrets role: external-secrets
serviceAccountRef: serviceAccountRef:
name: external-secrets name: {{ .Release.Name }}
namespace: {{ .Release.Name }} namespace: {{ .Release.Namespace }}
audiences: audiences:
- openbao - openbao

21
clusters/cl01tl/helm/foldergram/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,21 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "custom.storageNfsName" -}}
foldergram-pictures-collections-nfs-storage
{{- end -}}

9
clusters/cl01tl/helm/foldergram/templates/persistent-volume-claim.yaml
View File

@@ -1,14 +1,13 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: foldergram-pictures-collections-nfs-storage name: {{ include "custom.storageNfsName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: foldergram-pictures-collections-nfs-storage app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: foldergram-pictures-collections-nfs-storage volumeName: {{ include "custom.storageNfsName" . }}
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany

7
clusters/cl01tl/helm/foldergram/templates/persistent-volume.yaml
View File

@@ -1,12 +1,11 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: foldergram-pictures-collections-nfs-storage name: {{ include "custom.storageNfsName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: foldergram-pictures-collections-nfs-storage app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client storageClassName: nfs-client

14
clusters/cl01tl/helm/freshrss/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,14 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

32
clusters/cl01tl/helm/freshrss/templates/external-secret.yaml
View File

@@ -1,54 +1,52 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: freshrss-install-secret name: freshrss-install-config
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: freshrss-install-secret app.kubernetes.io/name: freshrss-install-config
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: ADMIN_EMAIL - secretKey: ADMIN_EMAIL
remoteRef: remoteRef:
key: /cl01tl/freshrss/config key: /cl01tl/freshrss/config
property: ADMIN_EMAIL property: admin-email
- secretKey: ADMIN_PASSWORD - secretKey: ADMIN_PASSWORD
remoteRef: remoteRef:
key: /cl01tl/freshrss/config key: /cl01tl/freshrss/config
property: ADMIN_PASSWORD property: admin-password
- secretKey: ADMIN_API_PASSWORD - secretKey: ADMIN_API_PASSWORD
remoteRef: remoteRef:
key: /cl01tl/freshrss/config key: /cl01tl/freshrss/config
property: ADMIN_API_PASSWORD property: admin-api-password
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: freshrss-oidc-secret name: freshrss-oidc-authentik
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: freshrss-oidc-secret app.kubernetes.io/name: freshrss-oidc-authentik
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: OIDC_CLIENT_ID - secretKey: OIDC_CLIENT_ID
remoteRef: remoteRef:
key: /authentik/oidc/freshrss key: /cl01tl/authentik/oidc/freshrss
property: client property: client
- secretKey: OIDC_CLIENT_SECRET - secretKey: OIDC_CLIENT_SECRET
remoteRef: remoteRef:
key: /authentik/oidc/freshrss key: /cl01tl/authentik/oidc/freshrss
property: secret property: secret
- secretKey: OIDC_CLIENT_CRYPTO_KEY - secretKey: OIDC_CLIENT_CRYPTO_KEY
remoteRef: remoteRef:
key: /authentik/oidc/freshrss key: /cl01tl/freshrss/key
property: crypto-key property: oidc-client-crypto-key

4
clusters/cl01tl/helm/freshrss/values.yaml
View File

@@ -73,9 +73,9 @@ freshrss:
value: preferred_username value: preferred_username
envFrom: envFrom:
- secretRef: - secretRef:
name: freshrss-oidc-secret name: freshrss-oidc-authentik
- secretRef: - secretRef:
name: freshrss-install-secret name: freshrss-install-config
resources: resources:
requests: requests:
cpu: 1m cpu: 1m

14
clusters/cl01tl/helm/garage/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,14 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

21
clusters/cl01tl/helm/garage/templates/external-secret.yaml
View File

@@ -1,26 +1,25 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: garage-token-secret name: garage-token
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: garage-token-secret app.kubernetes.io/name: garage-token
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: GARAGE_RPC_SECRET - secretKey: GARAGE_RPC_SECRET
remoteRef: remoteRef:
key: /cl01tl/garage/token key: /cl01tl/garage/config
property: rpc property: rpc-secret
- secretKey: GARAGE_ADMIN_TOKEN - secretKey: GARAGE_ADMIN_TOKEN
remoteRef: remoteRef:
key: /cl01tl/garage/token key: /cl01tl/garage/config
property: admin property: admin-token
- secretKey: GARAGE_METRICS_TOKEN - secretKey: GARAGE_METRICS_TOKEN
remoteRef: remoteRef:
key: /cl01tl/garage/token key: /cl01tl/garage/config
property: metric property: metrics-token

5
clusters/cl01tl/helm/garage/templates/service.yaml
View File

@@ -6,8 +6,7 @@ metadata:
labels: labels:
app.kubernetes.io/name: garage-main app.kubernetes.io/name: garage-main
app.kubernetes.io/service: garage-main app.kubernetes.io/service: garage-main
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
ports: ports:
- name: admin - name: admin
@@ -27,6 +26,6 @@ spec:
protocol: TCP protocol: TCP
targetPort: 3902 targetPort: 3902
selector: selector:
app.kubernetes.io/instance: garage
app.kubernetes.io/name: garage app.kubernetes.io/name: garage
app.kubernetes.io/instance: garage
garage-type: server garage-type: server

10
clusters/cl01tl/helm/garage/values.yaml
View File

@@ -24,7 +24,7 @@ garage:
tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690 tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690
envFrom: envFrom:
- secretRef: - secretRef:
name: garage-token-secret name: garage-token
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
@@ -53,7 +53,7 @@ garage:
tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690 tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690
envFrom: envFrom:
- secretRef: - secretRef:
name: garage-token-secret name: garage-token
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
@@ -82,7 +82,7 @@ garage:
tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690 tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690
envFrom: envFrom:
- secretRef: - secretRef:
name: garage-token-secret name: garage-token
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
@@ -104,7 +104,7 @@ garage:
- name: API_ADMIN_KEY - name: API_ADMIN_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: garage-token-secret name: garage-token
key: GARAGE_ADMIN_TOKEN key: GARAGE_ADMIN_TOKEN
resources: resources:
requests: requests:
@@ -273,7 +273,7 @@ garage:
scrapeTimeout: 2m scrapeTimeout: 2m
path: /metrics path: /metrics
bearerTokenSecret: bearerTokenSecret:
name: garage-token-secret name: garage-token
key: GARAGE_METRICS_TOKEN key: GARAGE_METRICS_TOKEN
route: route:
webui: webui:

14
clusters/cl01tl/helm/gatus/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,14 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

22
clusters/cl01tl/helm/gatus/templates/external-secret.yaml
View File

@@ -1,42 +1,40 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: gatus-config-secret name: gatus-config
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: gatus-config-secret app.kubernetes.io/name: gatus-config-secret
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: NTFY_TOKEN - secretKey: NTFY_TOKEN
remoteRef: remoteRef:
key: /ntfy/user/cl01tl key: /cl01tl/ntfy/users/cl01tl
property: token property: token
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: gatus-oidc-secret name: gatus-oidc-authentik
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: gatus-oidc-secret app.kubernetes.io/name: gatus-oidc-authentik
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: OIDC_CLIENT_ID - secretKey: OIDC_CLIENT_ID
remoteRef: remoteRef:
key: /authentik/oidc/gatus key: /cl01tl/authentik/oidc/gatus
property: client property: client
- secretKey: OIDC_CLIENT_SECRET - secretKey: OIDC_CLIENT_SECRET
remoteRef: remoteRef:
key: /authentik/oidc/gatus key: /cl01tl/authentik/oidc/gatus
property: secret property: secret

6
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -20,17 +20,17 @@ gatus:
NTFY_TOKEN: NTFY_TOKEN:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: gatus-config-secret name: gatus-config
key: NTFY_TOKEN key: NTFY_TOKEN
OIDC_CLIENT_ID: OIDC_CLIENT_ID:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: gatus-oidc-secret name: gatus-oidc-authentik
key: OIDC_CLIENT_ID key: OIDC_CLIENT_ID
OIDC_CLIENT_SECRET: OIDC_CLIENT_SECRET:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: gatus-oidc-secret name: gatus-oidc-authentik
key: OIDC_CLIENT_SECRET key: OIDC_CLIENT_SECRET
POSTGRES_USER: POSTGRES_USER:
valueFrom: valueFrom:

14
clusters/cl01tl/helm/generic-device-plugin/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,14 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

7
clusters/cl01tl/helm/generic-device-plugin/templates/namespace.yaml
View File

@@ -1,11 +1,10 @@
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: generic-device-plugin name: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: generic-device-plugin app.kubernetes.io/name: {{ .Release.Namespace }}
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged pod-security.kubernetes.io/warn: privileged

2
clusters/cl01tl/helm/gitea/Chart.yaml
View File

@@ -56,4 +56,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/gitea.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/gitea.png
# renovate: datasource=github-releases depName=go-gitea/gitea # renovate: datasource=github-releases depName=go-gitea/gitea
appVersion: 1.25.5 appVersion: 1.26.0

14
clusters/cl01tl/helm/gitea/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,14 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

3
clusters/cl01tl/helm/gitea/templates/config-map.yaml
View File

@@ -5,8 +5,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: gitea-custom-templates app.kubernetes.io/name: gitea-custom-templates
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
data: data:
header.tmpl: | header.tmpl: |
<script defer src="https://rybbit.alexlebens.dev/api/script.js" data-site-id="b515c34a6dcc"></script> <script defer src="https://rybbit.alexlebens.dev/api/script.js" data-site-id="b515c34a6dcc"></script>

151
clusters/cl01tl/helm/gitea/templates/external-secret.yaml
View File

@@ -1,64 +1,15 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata:
name: gitea-admin-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: gitea-admin-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: username
remoteRef:
key: /cl01tl/gitea/auth/admin
property: username
- secretKey: password
remoteRef:
key: /cl01tl/gitea/auth/admin
property: password
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: gitea-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: gitea-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: secret
remoteRef:
key: /authentik/oidc/gitea
property: secret
- secretKey: key
remoteRef:
key: /authentik/oidc/gitea
property: client
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata: metadata:
name: gitea-runner-secret name: gitea-runner-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: gitea-runner-secret app.kubernetes.io/name: gitea-runner-secret
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: token - secretKey: token
remoteRef: remoteRef:
@@ -69,80 +20,15 @@ spec:
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: gitea-renovate-secret name: gitea-meilisearch-key
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: gitea-renovate-secret app.kubernetes.io/name: gitea-meilisearch-key
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data:
- secretKey: RENOVATE_ENDPOINT
remoteRef:
key: /cl01tl/gitea/renovate
property: RENOVATE_ENDPOINT
- secretKey: RENOVATE_GIT_AUTHOR
remoteRef:
key: /cl01tl/gitea/renovate
property: RENOVATE_GIT_AUTHOR
- secretKey: RENOVATE_TOKEN
remoteRef:
key: /cl01tl/gitea/renovate
property: RENOVATE_TOKEN
- secretKey: RENOVATE_GIT_PRIVATE_KEY
remoteRef:
key: /cl01tl/gitea/renovate
property: id_rsa
- secretKey: RENOVATE_GITHUB_COM_TOKEN
remoteRef:
key: /github/gitea-cl01tl
property: token
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: gitea-renovate-ssh-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: gitea-renovate-ssh-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: config
remoteRef:
key: /cl01tl/gitea/renovate
property: ssh_config
- secretKey: id_rsa
remoteRef:
key: /cl01tl/gitea/renovate
property: id_rsa
- secretKey: id_rsa.pub
remoteRef:
key: /cl01tl/gitea/renovate
property: id_rsa.pub
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: gitea-meilisearch-master-key-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: gitea-meilisearch-master-key-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target: target:
template: template:
mergePolicy: Merge mergePolicy: Merge
@@ -153,4 +39,27 @@ spec:
- secretKey: MEILI_MASTER_KEY - secretKey: MEILI_MASTER_KEY
remoteRef: remoteRef:
key: /cl01tl/gitea/meilisearch key: /cl01tl/gitea/meilisearch
property: MEILI_MASTER_KEY property: master-key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: gitea-oidc-authentik
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: gitea-oidc-authentik
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: secret
remoteRef:
key: /cl01tl/authentik/oidc/gitea
property: secret
- secretKey: key
remoteRef:
key: /cl01tl/authentik/oidc/gitea
property: client

7
clusters/cl01tl/helm/gitea/templates/http-route.yaml
View File

@@ -5,8 +5,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: gitea app.kubernetes.io/name: gitea
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
parentRefs: parentRefs:
- group: gateway.networking.k8s.io - group: gateway.networking.k8s.io
@@ -21,8 +20,6 @@ spec:
type: PathPrefix type: PathPrefix
value: / value: /
backendRefs: backendRefs:
- group: '' - kind: Service
kind: Service
name: gitea-http name: gitea-http
port: 3000 port: 3000
weight: 100

9
clusters/cl01tl/helm/gitea/templates/ingress.yaml
View File

@@ -1,12 +1,11 @@
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
metadata: metadata:
name: gitea-tailscale name: {{ .Release.Name }}-tailscale
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: gitea-tailscale app.kubernetes.io/name: {{ .Release.Name }}-tailscale
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
tailscale.com/proxy-class: no-metrics tailscale.com/proxy-class: no-metrics
annotations: annotations:
tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true" tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
@@ -21,7 +20,7 @@ spec:
http: http:
paths: paths:
- path: / - path: /
pathType: ImplementationSpecific pathType: Prefix
backend: backend:
service: service:
name: gitea-http name: gitea-http

7
clusters/cl01tl/helm/gitea/templates/namespace.yaml
View File

@@ -1,11 +1,10 @@
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: gitea name: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: gitea app.kubernetes.io/name: {{ .Release.Namespace }}
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged pod-security.kubernetes.io/warn: privileged

3
clusters/cl01tl/helm/gitea/templates/persistent-volume-claim.yaml
View File

@@ -5,8 +5,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: gitea-themes-storage app.kubernetes.io/name: gitea-themes-storage
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeMode: Filesystem volumeMode: Filesystem
storageClassName: ceph-filesystem storageClassName: ceph-filesystem

3
clusters/cl01tl/helm/gitea/templates/service-monitor.yaml
View File

@@ -5,8 +5,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: gitea app.kubernetes.io/name: gitea
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
selector: selector:
matchLabels: matchLabels:

7
clusters/cl01tl/helm/gitea/templates/tcp-route.yaml
View File

@@ -5,8 +5,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: gitea-ssh app.kubernetes.io/name: gitea-ssh
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
parentRefs: parentRefs:
- group: gateway.networking.k8s.io - group: gateway.networking.k8s.io
@@ -16,8 +15,6 @@ spec:
sectionName: ssh sectionName: ssh
rules: rules:
- backendRefs: - backendRefs:
- group: '' - kind: Service
kind: Service
name: gitea-ssh name: gitea-ssh
port: 22 port: 22
weight: 100

6
clusters/cl01tl/helm/gitea/values.yaml
View File

@@ -59,7 +59,7 @@ gitea:
oauth: oauth:
- name: Authentik - name: Authentik
provider: openidConnect provider: openidConnect
existingSecret: gitea-oidc-secret existingSecret: gitea-oidc-authentik
autoDiscoverUrl: https://auth.alexlebens.dev/application/o/gitea/.well-known/openid-configuration autoDiscoverUrl: https://auth.alexlebens.dev/application/o/gitea/.well-known/openid-configuration
iconUrl: https://goauthentik.io/img/icon.png iconUrl: https://goauthentik.io/img/icon.png
scopes: "email profile" scopes: "email profile"
@@ -137,7 +137,7 @@ gitea:
- name: GITEA__INDEXER__ISSUE_INDEXER_CONN_STR - name: GITEA__INDEXER__ISSUE_INDEXER_CONN_STR
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: gitea-meilisearch-master-key-secret name: gitea-meilisearch-key
key: ISSUE_INDEXER_CONN_STR key: ISSUE_INDEXER_CONN_STR
valkey-cluster: valkey-cluster:
enabled: false enabled: false
@@ -235,7 +235,7 @@ meilisearch:
MEILI_ENV: production MEILI_ENV: production
MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true
auth: auth:
existingMasterKeySecret: gitea-meilisearch-master-key-secret existingMasterKeySecret: gitea-meilisearch-key
persistence: persistence:
enabled: true enabled: true
storageClass: ceph-block storageClass: ceph-block

14
clusters/cl01tl/helm/grafana-operator/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,14 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

78
clusters/cl01tl/helm/grafana-operator/templates/external-secret.yaml
View File

@@ -1,98 +1,44 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: grafana-auth-secret name: grafana-config
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-auth-secret app.kubernetes.io/name: grafana-config
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: admin-user - secretKey: admin-user
remoteRef: remoteRef:
key: /cl01tl/grafana/auth key: /cl01tl/grafana/config
property: admin-user property: admin-user
- secretKey: admin-password - secretKey: admin-password
remoteRef: remoteRef:
key: /cl01tl/grafana/auth key: /cl01tl/grafana/config
property: admin-password property: admin-password
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: grafana-oauth-secret name: grafana-oidc-authentik
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-oauth-secret app.kubernetes.io/name: grafana-oidc-authentik
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: AUTH_CLIENT_ID - secretKey: AUTH_CLIENT_ID
remoteRef: remoteRef:
key: /authentik/oidc/grafana key: /cl01tl/authentik/oidc/grafana
property: client property: client
- secretKey: AUTH_CLIENT_SECRET - secretKey: AUTH_CLIENT_SECRET
remoteRef: remoteRef:
key: /authentik/oidc/grafana key: /cl01tl/authentik/oidc/grafana
property: secret property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: grafana-operator-postgresql-18-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-operator-postgresql-18-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
key: /digital-ocean/home-infra/postgres-backups
property: access
- secretKey: ACCESS_SECRET_KEY
remoteRef:
key: /digital-ocean/home-infra/postgres-backups
property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: grafana-operator-postgresql-18-cluster-backup-secret-garage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-operator-postgresql-18-cluster-backup-secret-garage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
key: /garage/home-infra/postgres-backups
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
key: /garage/home-infra/postgres-backups
property: ACCESS_SECRET_KEY
- secretKey: ACCESS_REGION
remoteRef:
key: /garage/home-infra/postgres-backups
property: ACCESS_REGION

126
clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml
View File

@@ -5,8 +5,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-ceph app.kubernetes.io/name: grafana-dashboard-ceph
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -24,8 +23,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-coredns app.kubernetes.io/name: grafana-dashboard-coredns
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -43,8 +41,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-etcd app.kubernetes.io/name: grafana-dashboard-etcd
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -62,8 +59,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-garage app.kubernetes.io/name: grafana-dashboard-garage
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -81,8 +77,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-loki app.kubernetes.io/name: grafana-dashboard-loki
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -100,8 +95,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-node-full app.kubernetes.io/name: grafana-dashboard-node-full
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -119,8 +113,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-node-short app.kubernetes.io/name: grafana-dashboard-node-short
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -138,8 +131,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-pods app.kubernetes.io/name: grafana-dashboard-pods
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -157,8 +149,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-argocd app.kubernetes.io/name: grafana-dashboard-argocd
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -176,8 +167,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-blocky app.kubernetes.io/name: grafana-dashboard-blocky
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -195,8 +185,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-cert-manager app.kubernetes.io/name: grafana-dashboard-cert-manager
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -214,8 +203,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-cloudnative-pg app.kubernetes.io/name: grafana-dashboard-cloudnative-pg
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -233,8 +221,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-descheduler app.kubernetes.io/name: grafana-dashboard-descheduler
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -252,8 +239,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-external-dns app.kubernetes.io/name: grafana-dashboard-external-dns
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -271,8 +257,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-external-secrets app.kubernetes.io/name: grafana-dashboard-external-secrets
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -290,8 +275,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-gatus app.kubernetes.io/name: grafana-dashboard-gatus
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -309,8 +293,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-operator app.kubernetes.io/name: grafana-dashboard-operator
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -328,8 +311,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-harbor app.kubernetes.io/name: grafana-dashboard-harbor
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -347,8 +329,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-speedtest-exporter app.kubernetes.io/name: grafana-dashboard-speedtest-exporter
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -366,8 +347,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-spegel app.kubernetes.io/name: grafana-dashboard-spegel
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -385,8 +365,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-traefik app.kubernetes.io/name: grafana-dashboard-traefik
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -404,8 +383,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-tdarr app.kubernetes.io/name: grafana-dashboard-tdarr
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -423,8 +401,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-unpoller app.kubernetes.io/name: grafana-dashboard-unpoller
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -442,8 +419,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-version-checker-internal app.kubernetes.io/name: grafana-dashboard-version-checker-internal
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -461,8 +437,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-version-checker app.kubernetes.io/name: grafana-dashboard-version-checker
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -480,8 +455,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-volsync app.kubernetes.io/name: grafana-dashboard-volsync
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -499,8 +473,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-s3 app.kubernetes.io/name: grafana-dashboard-s3
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -518,8 +491,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-authentik app.kubernetes.io/name: grafana-dashboard-authentik
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -537,8 +509,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-gitea app.kubernetes.io/name: grafana-dashboard-gitea
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -556,8 +527,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-ntfy app.kubernetes.io/name: grafana-dashboard-ntfy
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -575,8 +545,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-openbao app.kubernetes.io/name: grafana-dashboard-openbao
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -594,8 +563,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-qbittorrent app.kubernetes.io/name: grafana-dashboard-qbittorrent
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -613,8 +581,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-vault app.kubernetes.io/name: grafana-dashboard-vault
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -632,8 +599,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-unpackerr app.kubernetes.io/name: grafana-dashboard-unpackerr
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -651,8 +617,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-airgradient app.kubernetes.io/name: grafana-dashboard-airgradient
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -670,8 +635,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-server-power-consumption app.kubernetes.io/name: grafana-dashboard-server-power-consumption
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -689,8 +653,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-immich app.kubernetes.io/name: grafana-dashboard-immich
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -708,8 +671,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-jellyfin app.kubernetes.io/name: grafana-dashboard-jellyfin
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -727,8 +689,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-navidrome app.kubernetes.io/name: grafana-dashboard-navidrome
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -746,8 +707,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-radarr app.kubernetes.io/name: grafana-dashboard-radarr
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -765,8 +725,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-servarr app.kubernetes.io/name: grafana-dashboard-servarr
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -784,8 +743,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-sonarr app.kubernetes.io/name: grafana-dashboard-sonarr
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:

6
clusters/cl01tl/helm/grafana-operator/templates/grafana-datasource.yaml
View File

@@ -5,8 +5,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-datasource-prometheus app.kubernetes.io/name: grafana-datasource-prometheus
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
datasource: datasource:
name: Prometheus name: Prometheus
@@ -33,8 +32,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-datasource-loki app.kubernetes.io/name: grafana-datasource-loki
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
datasource: datasource:
name: Loki name: Loki

15
clusters/cl01tl/helm/grafana-operator/templates/grafana-folder.yaml
View File

@@ -5,8 +5,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-folder-application app.kubernetes.io/name: grafana-folder-application
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -40,8 +39,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-folder-iot app.kubernetes.io/name: grafana-folder-iot
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -75,8 +73,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-folder-platform app.kubernetes.io/name: grafana-folder-platform
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -110,8 +107,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-folder-service app.kubernetes.io/name: grafana-folder-service
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -145,8 +141,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-folder-system app.kubernetes.io/name: grafana-folder-system
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:

13
clusters/cl01tl/helm/grafana-operator/templates/grafana.yaml
View File

@@ -5,8 +5,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-main app.kubernetes.io/name: grafana-main
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
app: grafana-main app: grafana-main
spec: spec:
config: config:
@@ -57,7 +56,7 @@ spec:
containers: containers:
- name: grafana - name: grafana
# renovate: datasource=docker depName=grafana/grafana # renovate: datasource=docker depName=grafana/grafana
image: grafana/grafana:12.4.2@sha256:83749231c3835e390a3144e5e940203e42b9589761f20ef3169c716e734ad505 image: grafana/grafana:13.0.1@sha256:0f86bada30d65ef9d0183b90c1e2682ac92d53d95da8bed322b984ea78a4a73a
resources: resources:
requests: requests:
cpu: 20m cpu: 20m
@@ -66,22 +65,22 @@ spec:
- name: AUTH_CLIENT_ID - name: AUTH_CLIENT_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: grafana-oauth-secret name: grafana-oidc-authentik
key: AUTH_CLIENT_ID key: AUTH_CLIENT_ID
- name: AUTH_CLIENT_SECRET - name: AUTH_CLIENT_SECRET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: grafana-oauth-secret name: grafana-oidc-authentik
key: AUTH_CLIENT_SECRET key: AUTH_CLIENT_SECRET
- name: ADMIN_USER - name: ADMIN_USER
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: grafana-auth-secret name: grafana-config
key: admin-user key: admin-user
- name: ADMIN_PASSWORD - name: ADMIN_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: grafana-auth-secret name: grafana-config
key: admin-password key: admin-password
- name: DB_HOST - name: DB_HOST
valueFrom: valueFrom:

24
clusters/cl01tl/helm/grimmory/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,24 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "custom.booksNfsName" -}}
grimmory-books-nfs-storage
{{- end -}}
{{- define "custom.booksImportNfsName" -}}
grimmory-books-import-nfs-storage
{{- end -}}

43
clusters/cl01tl/helm/grimmory/templates/external-secret.yaml
View File

@@ -1,42 +1,21 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: grimmory-database-secret name: grimmory-database-config
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grimmory-database-secret app.kubernetes.io/name: grimmory-database-config
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: password - secretKey: password
remoteRef: remoteRef:
key: /cl01tl/grimmory/database key: /cl01tl/grimmory/database
property: password property: password
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: grimmory-data-replication-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grimmory-data-replication-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: psk.txt
remoteRef:
key: /cl01tl/grimmory/replication
property: psk.txt
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
@@ -45,12 +24,11 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grimmory-mariadb-cluster-backup-secret-external app.kubernetes.io/name: grimmory-mariadb-cluster-backup-secret-external
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: access - secretKey: access
remoteRef: remoteRef:
@@ -69,18 +47,17 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grimmory-mariadb-cluster-backup-secret-garage app.kubernetes.io/name: grimmory-mariadb-cluster-backup-secret-garage
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: access - secretKey: access
remoteRef: remoteRef:
key: /garage/home-infra/mariadb-backups key: /garage/home-infra/mariadb-backups
property: access property: ACCESS_KEY_ID
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
key: /garage/home-infra/mariadb-backups key: /garage/home-infra/mariadb-backups
property: secret property: ACCESS_SECRET_KEY

12
clusters/cl01tl/helm/grimmory/templates/namespace.yaml
View File

@@ -1,13 +1,7 @@
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: grimmory name: {{ .Release.Namespace }}
annotations:
volsync.backube/privileged-movers: "true"
labels: labels:
app.kubernetes.io/name: grimmory app.kubernetes.io/name: {{ .Release.Namespace }}
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

18
clusters/cl01tl/helm/grimmory/templates/persistent-volume-claim.yaml
View File

@@ -1,14 +1,13 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: grimmory-books-nfs-storage name: {{ include "custom.booksNfsName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grimmory-books-nfs-storage app.kubernetes.io/name: {{ include "custom.booksNfsName" . }}
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: grimmory-books-nfs-storage volumeName: {{ include "custom.booksNfsName" . }}
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany
@@ -20,14 +19,13 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: grimmory-books-import-nfs-storage name: {{ include "custom.booksImportNfsName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grimmory-books-import-nfs-storage app.kubernetes.io/name: {{ include "custom.booksImportNfsName" . }}
app.kubernetes.io/instance: {{ .Release.Name }} {{- include "custom.labels" . | nindent 4 }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: grimmory-books-import-nfs-storage volumeName: {{ include "custom.booksImportNfsName" . }}
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany

Some files were not shown because too many files have changed in this diff Show More