alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity

Compare commits

base: alexlebens:83ec65a8c5ef5db8db06e78f7fa7368b2f345f4b
Branches Tags
alexlebens:main alexlebens:renovate/cilium-1.x alexlebens:manifests
...
compare: alexlebens:main
Branches Tags
alexlebens:renovate/cilium-1.x alexlebens:manifests alexlebens:main

17 Commits
83ec65a8c5 ... main

Author SHA1 Message Date
Renovate Bot
89dbf1b4ed chore(deps): update kube-prometheus-stack docker tag to v82.4.1 (#4268)
All checks were successful
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 1m4s
Details
renovate / renovate (push) Successful in 3m58s
Details
2026-02-26 20:13:32 +00:00
Renovate Bot
7246308ba8 chore(deps): update ollama/ollama docker tag to v0.17.1 (#4262)
Some checks failed
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 18s
Details
renovate / renovate (push) Has been cancelled
Details 
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| ollama/ollama | patch | `0.17.0` → `0.17.1` |

---

> ⚠️ **Warning**
>
> Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNS43IiwidXBkYXRlZEluVmVyIjoiNDMuMjUuNyIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiYXV0b21lcmdlIiwiaW1hZ2UiXX0=-->

Reviewed-on: #4262
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
 2026-02-26 20:09:56 +00:00
Renovate Bot
f467d00f3e chore(deps): update helm release argo-cd to v9.4.5 (#4259)
All checks were successful
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 27s
Details
renovate / renovate (push) Successful in 2m33s
Details
2026-02-26 20:03:33 +00:00
Renovate Bot
22e6a5a795 chore(deps): update ghcr.io/linuxserver/bazarr docker tag to v1.5.6 (#4257)
Some checks failed
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 28s
Details
renovate / renovate (push) Has been cancelled
Details
2026-02-26 20:02:40 +00:00
Renovate Bot
2c3e28de7c chore(deps): update dependency morpheus65535/bazarr to v1.5.6 (#4256)
Some checks failed
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 19s
Details
renovate / renovate (push) Has been cancelled
Details
2026-02-26 20:02:04 +00:00
Renovate Bot
797d1e6b43 chore(deps): update booklore-app/booklore to v2.0.3 (#4255)
Some checks failed
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 15s
Details
renovate / renovate (push) Has been cancelled
Details
2026-02-26 20:01:46 +00:00
Renovate Bot
64af90268a chore(deps): update dependency ollama/ollama to v0.17.1 (#4254)
All checks were successful
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 33s
Details
renovate / renovate (push) Successful in 5m0s
Details
2026-02-26 19:03:52 +00:00
Renovate Bot
2c2bf733bd chore(deps): update dependency clidey/whodb to v0.95.0 (#4252)
All checks were successful
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 1m18s
Details
renovate / renovate (push) Successful in 3m51s
Details 
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [clidey/whodb](https://github.com/clidey/whodb) | minor | `0.94.0` → `0.95.0` |

---

### Release Notes

<details>
<summary>clidey/whodb (clidey/whodb)</summary>

### [`v0.95.0`](https://github.com/clidey/whodb/releases/tag/0.95.0)

[Compare Source](https://github.com/clidey/whodb/compare/0.94.0...0.95.0)

- Logging system has been refactored to be more flexible -  we now have the option to log directly to a file using the environmental variables WHODB\_LOG\_FILE and WHODB\_ACCESS\_LOG\_FILE
  - WHODB\_LOG\_FILE is for directing the non-http logs to a file. If it is not set, then the logs go to stdout. If it is set to "default", then the logs go to /var/log/whodb/whodb.log. Otherwise a user can pass in a path like /home/ah/whodb.log.
  - WHODB\_ACCESS\_LOG\_FILE is for directing the http only access logs to a file. If it is not set, then the http access logs do NOT go to stdout (so this reduces what gets sent to stdout as usually these logs aren't super helpful for debugging). If it is set to "default", then the access logs go to /var/log/whodb/whodb.access.log. Otherwise a user can pass in a path like /home/ah/whodb.access.log.
  - Iif nothing is set, then the defaults are stdout and non-http logging
  - Please note you may have to run WhoDB as root in order to be able to write to /var/log if you specify the "default" location.
- Accessibility updates - we're trying to improve app accessibility across the board. Any issues you run into, please let us know!

#### Installation

##### Mac App Store

[Download from the Apple Store](https://apps.apple.com/app/whodb/id6754566536)

##### Microsoft Store

[Download from the Microsoft Store](https://apps.microsoft.com/detail/9pftx5bv4ds6)

##### Snap Store

```bash
sudo snap install whodb
```

[View on Snapcraft](https://snapcraft.io/whodb)

##### Docker

```bash
docker pull clidey/whodb:0.95.0
docker pull clidey/whodb:latest
```

##### Direct Downloads

See assets below for platform-specific packages (DMG, MSIX, etc.).

#### Documentation

- [Documentation](https://docs.whodb.com)
- [Report Issues](https://github.com/clidey/whodb/issues)

#### Upgrade Notes

To upgrade from a previous version:

- **Docker**: Pull the latest image and restart your container
- **Snap**: Run `sudo snap refresh whodb`
- **Desktop Apps**: Download and install the new version

***

**Full Changelog**: <https://github.com/clidey/whodb/compare/0.94.0...0.95.0>

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNS43IiwidXBkYXRlZEluVmVyIjoiNDMuMjUuNyIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=-->

Reviewed-on: #4252
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
 2026-02-26 17:34:08 +00:00
Renovate Bot
e1b62113c1 chore(deps): update searxng/searxng:latest docker digest to 2c86f95 (#4250)
All checks were successful
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 19s
Details
renovate / renovate (push) Successful in 2m36s
Details
2026-02-26 11:03:37 +00:00
Renovate Bot
4fde64a6a1 chore(deps): update harbor.alexlebens.net/images/site-documentation docker tag to v0.1.6 (#4247)
All checks were successful
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 21s
Details
renovate / renovate (push) Successful in 3m41s
Details
2026-02-26 04:14:15 +00:00
Renovate Bot
45159022c9 chore(deps): update harbor.alexlebens.net/images/site-profile docker tag to v2.16.0 (#4246)
Some checks failed
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 1m37s
Details
renovate / renovate (push) Has been cancelled
Details 
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [harbor.alexlebens.net/images/site-profile](https://gitea.alexlebens.dev/alexlebens/site-profile) | minor | `2.15.1` → `2.16.0` |

---

### Release Notes

<details>
<summary>alexlebens/site-profile (harbor.alexlebens.net/images/site-profile)</summary>

### [`v2.16.0`](https://gitea.alexlebens.dev/alexlebens/site-profile/compare/2.15.1...2.16.0)

[Compare Source](https://gitea.alexlebens.dev/alexlebens/site-profile/compare/2.15.1...2.16.0)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNS43IiwidXBkYXRlZEluVmVyIjoiNDMuMjUuNyIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=-->

Reviewed-on: #4246
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
 2026-02-26 04:12:25 +00:00
Renovate Bot
fbc8b4014f chore(deps): update kube-prometheus-stack docker tag to v82.4.0 (#4232)
All checks were successful
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 1m37s
Details
render-manifests-dispatch / render-manifests-dispatch (push) Successful in 43m25s
Details
renovate / renovate (push) Successful in 3m11s
Details 
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [kube-prometheus-stack](https://github.com/prometheus-operator/kube-prometheus) ([source](https://github.com/prometheus-community/helm-charts)) | minor | `82.3.0` → `82.4.0` |

---

### Release Notes

<details>
<summary>prometheus-community/helm-charts (kube-prometheus-stack)</summary>

### [`v82.4.0`](https://github.com/prometheus-community/helm-charts/releases/tag/kube-prometheus-stack-82.4.0)

[Compare Source](https://github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-82.3.0...kube-prometheus-stack-82.4.0)

kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator.

#### What's Changed

- \[kube-prometheus-stack] unify PodDisruptionBudget configuration by [@&#8203;mkmet](https://github.com/mkmet) in [#&#8203;6669](https://github.com/prometheus-community/helm-charts/pull/6669)

#### New Contributors

- [@&#8203;mkmet](https://github.com/mkmet) made their first contribution in [#&#8203;6669](https://github.com/prometheus-community/helm-charts/pull/6669)

**Full Changelog**: <https://github.com/prometheus-community/helm-charts/compare/prometheus-nginx-exporter-1.19.1...kube-prometheus-stack-82.4.0>

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNS43IiwidXBkYXRlZEluVmVyIjoiNDMuMjUuNyIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=-->

Reviewed-on: #4232
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
 2026-02-26 00:02:47 +00:00
Alex Lebens
7411f391e8 feat: add proxy auth
All checks were successful
lint-test-helm / lint-helm (push) Successful in 1m21s
Details
render-manifests-push / render-manifests-push (push) Successful in 4m17s
Details
renovate / renovate (push) Successful in 5m3s
Details
2026-02-25 17:42:52 -06:00
Alex Lebens
536e164b03 fix: change headers
All checks were successful
lint-test-helm / lint-helm (push) Successful in 40s
Details
render-manifests-push / render-manifests-push (push) Successful in 2m26s
Details
renovate / renovate (push) Successful in 3m3s
Details
2026-02-25 17:25:18 -06:00
Alex Lebens
ade761cc85 feat: add reference grant
All checks were successful
lint-test-helm / lint-helm (push) Successful in 47s
Details
render-manifests-push / render-manifests-push (push) Successful in 2m2s
Details
renovate / renovate (push) Successful in 3m24s
Details
2026-02-25 17:08:38 -06:00
Alex Lebens
218cb6c9de fix: apply rule for routing
All checks were successful
lint-test-helm / lint-helm (push) Successful in 40s
Details
render-manifests-push / render-manifests-push (push) Successful in 1m52s
Details
renovate / renovate (push) Successful in 3m30s
Details
2026-02-25 17:03:38 -06:00
Alex Lebens
9ba91dd00b fix: fix headers
All checks were successful
lint-test-helm / lint-helm (push) Successful in 1m18s
Details
render-manifests-push / render-manifests-push (push) Successful in 2m38s
Details
renovate / renovate (push) Successful in 3m9s
Details
2026-02-25 16:44:58 -06:00
31 changed files with 365 additions and 22 deletions
Expand all files Collapse all files

6
clusters/cl01tl/helm/argocd/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: argo-cd - name: argo-cd
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
version: 9.4.3 version: 9.4.5
digest: sha256:412638aff55e51b317017050b3858423593469e0f58c80d58c3ab3f102e577c8 digest: sha256:d2e631cd926fec6d9d63cb5b18429c05a4ea588b10f3f7b47e7e0088448cc381
generated: "2026-02-18T18:03:59.328005375Z" generated: "2026-02-26T20:02:53.041089236Z"

2
clusters/cl01tl/helm/argocd/Chart.yaml
View File

@@ -15,7 +15,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: argo-cd - name: argo-cd
version: 9.4.4 version: 9.4.5
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-cd # renovate: datasource=github-releases depName=argoproj/argo-cd

39
clusters/cl01tl/helm/authentik/templates/reference-grant.yaml Normal file
View File

@@ -0,0 +1,39 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: ReferenceGrant
metadata:
name: allow-outpost-cross-namespace-access
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: allow-outpost-cross-namespace-access
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
from:
- group: gateway.networking.k8s.io
kind: HTTPRoute
namespace: lidarr
- group: gateway.networking.k8s.io
kind: HTTPRoute
namespace: radarr
- group: gateway.networking.k8s.io
kind: HTTPRoute
namespace: radarr-4k
- group: gateway.networking.k8s.io
kind: HTTPRoute
namespace: radarr-anime
- group: gateway.networking.k8s.io
kind: HTTPRoute
namespace: radarr-standup
- group: gateway.networking.k8s.io
kind: HTTPRoute
namespace: sonarr
- group: gateway.networking.k8s.io
kind: HTTPRoute
namespace: sonarr-4k
- group: gateway.networking.k8s.io
kind: HTTPRoute
namespace: sonarr-anime
to:
- group: ""
kind: Service
name: ak-outpost-traefik-proxy-auth

2
clusters/cl01tl/helm/bazarr/Chart.yaml
View File

@@ -25,4 +25,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/bazarr.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/bazarr.png
# renovate: datasource=github-releases depName=morpheus65535/bazarr # renovate: datasource=github-releases depName=morpheus65535/bazarr
appVersion: 1.5.5 appVersion: 1.5.6

2
clusters/cl01tl/helm/bazarr/values.yaml
View File

@@ -15,7 +15,7 @@ bazarr:
main: main:
image: image:
repository: ghcr.io/linuxserver/bazarr repository: ghcr.io/linuxserver/bazarr
tag: 1.5.5@sha256:c381924dcfd79930e8f3ee75e024671185b810b0f71c984aa8712854c74c1bbb tag: 1.5.6@sha256:b0bc617664dbca25845ac3b1bb6411b145b6a44a6d173071c9d2f426524fdd9f
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ

2
clusters/cl01tl/helm/booklore/Chart.yaml
View File

@@ -30,4 +30,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/booklore.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/booklore.png
# renovate: datasource=github-releases depName=booklore-app/BookLore # renovate: datasource=github-releases depName=booklore-app/BookLore
appVersion: v2.0.2 appVersion: v2.0.3

2
clusters/cl01tl/helm/booklore/values.yaml
View File

@@ -9,7 +9,7 @@ booklore:
main: main:
image: image:
repository: ghcr.io/booklore-app/booklore repository: ghcr.io/booklore-app/booklore
tag: v2.0.2 tag: v2.0.3
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ

6
clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies: dependencies:
- name: kube-prometheus-stack - name: kube-prometheus-stack
repository: oci://ghcr.io/prometheus-community/charts repository: oci://ghcr.io/prometheus-community/charts
version: 82.3.0 version: 82.4.1
- name: app-template - name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
- name: redis-replication - name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 1.0.4 version: 1.0.4
digest: sha256:41de0559e2f4e85a33ca006520cf67c85abaf5691f3cd0aacf7b66ba0d95ce50 digest: sha256:aae9175a89736b6bc4fdb5c3c70a3904529c0329216632ed27fccfeaf9b62539
generated: "2026-02-24T20:10:32.588038295Z" generated: "2026-02-26T20:12:51.975436229Z"

2
clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
View File

@@ -20,7 +20,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: kube-prometheus-stack - name: kube-prometheus-stack
version: 82.3.0 version: 82.4.1
repository: oci://ghcr.io/prometheus-community/charts repository: oci://ghcr.io/prometheus-community/charts
- name: app-template - name: app-template
alias: ntfy-alertmanager alias: ntfy-alertmanager

26
clusters/cl01tl/helm/lidarr/templates/middleware.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: oidc-forward-auth
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: oidc-forward-auth
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
forwardAuth:
address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-entitlements
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version

16
clusters/cl01tl/helm/lidarr/values.yaml
View File

@@ -84,12 +84,28 @@ lidarr:
hostnames: hostnames:
- lidarr.alexlebens.net - lidarr.alexlebens.net
rules: rules:
- backendRefs:
- name: ak-outpost-traefik-proxy-auth
namespace: authentik
port: 9000
weight: 100
filters: []
matches:
- path:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs: - backendRefs:
- group: '' - group: ''
kind: Service kind: Service
name: lidarr name: lidarr
port: 80 port: 80
weight: 100 weight: 100
filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: oidc-forward-auth
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix

2
clusters/cl01tl/helm/ollama/Chart.yaml
View File

@@ -31,4 +31,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png
# renovate: datasource=github-releases depName=ollama/ollama # renovate: datasource=github-releases depName=ollama/ollama
appVersion: 0.17.0 appVersion: 0.17.1

6
clusters/cl01tl/helm/ollama/values.yaml
View File

@@ -22,7 +22,7 @@ ollama:
main: main:
image: image:
repository: ollama/ollama repository: ollama/ollama
tag: 0.17.0 tag: 0.17.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: OLLAMA_KEEP_ALIVE - name: OLLAMA_KEEP_ALIVE
@@ -58,7 +58,7 @@ ollama:
main: main:
image: image:
repository: ollama/ollama repository: ollama/ollama
tag: 0.17.0 tag: 0.17.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: OLLAMA_KEEP_ALIVE - name: OLLAMA_KEEP_ALIVE
@@ -94,7 +94,7 @@ ollama:
main: main:
image: image:
repository: ollama/ollama repository: ollama/ollama
tag: 0.17.0 tag: 0.17.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: OLLAMA_KEEP_ALIVE - name: OLLAMA_KEEP_ALIVE

26
clusters/cl01tl/helm/radarr-4k/templates/middleware.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: oidc-forward-auth
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: oidc-forward-auth
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
forwardAuth:
address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-entitlements
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version

16
clusters/cl01tl/helm/radarr-4k/values.yaml
View File

@@ -84,12 +84,28 @@ radarr-4k:
hostnames: hostnames:
- radarr-4k.alexlebens.net - radarr-4k.alexlebens.net
rules: rules:
- backendRefs:
- name: ak-outpost-traefik-proxy-auth
namespace: authentik
port: 9000
weight: 100
filters: []
matches:
- path:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs: - backendRefs:
- group: '' - group: ''
kind: Service kind: Service
name: radarr-4k name: radarr-4k
port: 80 port: 80
weight: 100 weight: 100
filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: oidc-forward-auth
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix

26
clusters/cl01tl/helm/radarr-anime/templates/middleware.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: oidc-forward-auth
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: oidc-forward-auth
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
forwardAuth:
address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-entitlements
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version

16
clusters/cl01tl/helm/radarr-anime/values.yaml
View File

@@ -82,12 +82,28 @@ radarr-anime:
hostnames: hostnames:
- radarr-anime.alexlebens.net - radarr-anime.alexlebens.net
rules: rules:
- backendRefs:
- name: ak-outpost-traefik-proxy-auth
namespace: authentik
port: 9000
weight: 100
filters: []
matches:
- path:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs: - backendRefs:
- group: '' - group: ''
kind: Service kind: Service
name: radarr-anime name: radarr-anime
port: 80 port: 80
weight: 100 weight: 100
filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: oidc-forward-auth
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix

26
clusters/cl01tl/helm/radarr-standup/templates/middleware.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: oidc-forward-auth
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: oidc-forward-auth
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
forwardAuth:
address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-entitlements
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version

16
clusters/cl01tl/helm/radarr-standup/values.yaml
View File

@@ -82,12 +82,28 @@ radarr-standup:
hostnames: hostnames:
- radarr-standup.alexlebens.net - radarr-standup.alexlebens.net
rules: rules:
- backendRefs:
- name: ak-outpost-traefik-proxy-auth
namespace: authentik
port: 9000
weight: 100
filters: []
matches:
- path:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs: - backendRefs:
- group: '' - group: ''
kind: Service kind: Service
name: radarr-standup name: radarr-standup
port: 80 port: 80
weight: 100 weight: 100
filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: oidc-forward-auth
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix

26
clusters/cl01tl/helm/radarr/templates/middleware.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: oidc-forward-auth
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: oidc-forward-auth
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
forwardAuth:
address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-entitlements
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version

16
clusters/cl01tl/helm/radarr/values.yaml
View File

@@ -84,12 +84,28 @@ radarr:
hostnames: hostnames:
- radarr.alexlebens.net - radarr.alexlebens.net
rules: rules:
- backendRefs:
- name: ak-outpost-traefik-proxy-auth
namespace: authentik
port: 9000
weight: 100
filters: []
matches:
- path:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs: - backendRefs:
- group: '' - group: ''
kind: Service kind: Service
name: radarr name: radarr
port: 80 port: 80
weight: 100 weight: 100
filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: oidc-forward-auth
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix

4
clusters/cl01tl/helm/searxng/values.yaml
View File

@@ -9,7 +9,7 @@ searxng:
main: main:
image: image:
repository: searxng/searxng repository: searxng/searxng
tag: latest@sha256:edf110a2816d8963949d03879c72a7e19c221b5f7bfb7952a33ae073f96ccb18 tag: latest@sha256:2c86f95c22dde03f5354a81b027ec882830748c5fe6454f03c7ec8fc384e54ea
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: SEARXNG_BASE_URL - name: SEARXNG_BASE_URL
@@ -39,7 +39,7 @@ searxng:
main: main:
image: image:
repository: searxng/searxng repository: searxng/searxng
tag: latest@sha256:edf110a2816d8963949d03879c72a7e19c221b5f7bfb7952a33ae073f96ccb18 tag: latest@sha256:2c86f95c22dde03f5354a81b027ec882830748c5fe6454f03c7ec8fc384e54ea
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: SEARXNG_BASE_URL - name: SEARXNG_BASE_URL

2
clusters/cl01tl/helm/site-documentation/values.yaml
View File

@@ -11,7 +11,7 @@ site-documentation:
main: main:
image: image:
repository: harbor.alexlebens.net/images/site-documentation repository: harbor.alexlebens.net/images/site-documentation
tag: 0.1.5 tag: 0.1.6
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
resources: resources:
requests: requests:

2
clusters/cl01tl/helm/site-profile/values.yaml
View File

@@ -11,7 +11,7 @@ site-profile:
main: main:
image: image:
repository: harbor.alexlebens.net/images/site-profile repository: harbor.alexlebens.net/images/site-profile
tag: 2.15.1 tag: 2.16.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
resources: resources:
requests: requests:

10
clusters/cl01tl/helm/sonarr-4k/values.yaml
View File

@@ -82,6 +82,16 @@ sonarr-4k:
hostnames: hostnames:
- sonarr-4k.alexlebens.net - sonarr-4k.alexlebens.net
rules: rules:
- backendRefs:
- name: ak-outpost-traefik-proxy-auth
namespace: authentik
port: 9000
weight: 100
filters: []
matches:
- path:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs: - backendRefs:
- group: '' - group: ''
kind: Service kind: Service

26
clusters/cl01tl/helm/sonarr-anime/templates/middleware.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: oidc-forward-auth
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: oidc-forward-auth
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
forwardAuth:
address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-entitlements
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version

16
clusters/cl01tl/helm/sonarr-anime/values.yaml
View File

@@ -82,12 +82,28 @@ sonarr-anime:
hostnames: hostnames:
- sonarr-anime.alexlebens.net - sonarr-anime.alexlebens.net
rules: rules:
- backendRefs:
- name: ak-outpost-traefik-proxy-auth
namespace: authentik
port: 9000
weight: 100
filters: []
matches:
- path:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs: - backendRefs:
- group: '' - group: ''
kind: Service kind: Service
name: sonarr-anime name: sonarr-anime
port: 80 port: 80
weight: 100 weight: 100
filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: oidc-forward-auth
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix

26
clusters/cl01tl/helm/sonarr/templates/middleware.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: oidc-forward-auth
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: oidc-forward-auth
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
forwardAuth:
address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-entitlements
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version

16
clusters/cl01tl/helm/sonarr/values.yaml
View File

@@ -82,12 +82,28 @@ sonarr:
hostnames: hostnames:
- sonarr.alexlebens.net - sonarr.alexlebens.net
rules: rules:
- backendRefs:
- name: ak-outpost-traefik-proxy-auth
namespace: authentik
port: 9000
weight: 100
filters: []
matches:
- path:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs: - backendRefs:
- group: '' - group: ''
kind: Service kind: Service
name: sonarr name: sonarr
port: 80 port: 80
weight: 100 weight: 100
filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: oidc-forward-auth
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix

2
clusters/cl01tl/helm/whodb/Chart.yaml
View File

@@ -20,4 +20,4 @@ dependencies:
version: 4.6.2 version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/whodb.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/whodb.png
# renovate: datasource=github-releases depName=clidey/whodb # renovate: datasource=github-releases depName=clidey/whodb
appVersion: 0.94.0 appVersion: 0.95.0

2
clusters/cl01tl/helm/whodb/values.yaml
View File

@@ -8,7 +8,7 @@ whodb:
main: main:
image: image:
repository: clidey/whodb repository: clidey/whodb
tag: 0.94.0 tag: 0.95.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: WHODB_OLLAMA_HOST - name: WHODB_OLLAMA_HOST