alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests Actions Activity

Compare commits

base: alexlebens:9c23ed950e4b93a262afcbfec180cdc84bd31e37
Branches Tags
alexlebens:main alexlebens:manifests
..
compare: alexlebens:dfabb4994858b027b2a82dd7ed0bc2827077fa29
Branches Tags
alexlebens:manifests alexlebens:main

1 Commits
9c23ed950e ... dfabb49948

Author SHA1 Message Date
Renovate Bot
dfabb49948 Update php Docker tag to v8.5.0
All checks were successful
renovate/stability-days Updates have met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 14s
Details
2025-12-08 03:03:35 +00:00
30 changed files with 78 additions and 292 deletions
Expand all files Collapse all files

5
.gitea/workflows/render-manifests-automerge.yaml
View File

@@ -193,11 +193,6 @@ jobs:
echo ">> Formating rendered template ..."
echo "$TEMPLATE" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
# Strip comments again to ensure formatting correctness
for file in "$OUTPUT_FOLDER"/*; do
yq -i '... comments=""' $file
done
echo ""
echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
ls $OUTPUT_FOLDER

5
.gitea/workflows/render-manifests-dispatch.yaml
View File

@@ -178,11 +178,6 @@ jobs:
echo ">> Formating rendered template ..."
echo "$TEMPLATE" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
# Strip comments again to ensure formatting correctness
for file in "$OUTPUT_FOLDER"/*; do
yq -i '... comments=""' $file
done
echo ""
echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
ls $OUTPUT_FOLDER

5
.gitea/workflows/render-manifests-merge.yaml
View File

@@ -198,11 +198,6 @@ jobs:
echo ">> Formating rendered template ..."
echo "$TEMPLATE" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
# Strip comments again to ensure formatting correctness
for file in "$OUTPUT_FOLDER"/*; do
yq -i '... comments=""' $file
done
echo ""
echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
ls $OUTPUT_FOLDER

5
.gitea/workflows/render-manifests-push.yaml
View File

@@ -196,11 +196,6 @@ jobs:
echo ">> Formating rendered template ..."
echo "$TEMPLATE" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
# Strip comments again to ensure formatting correctness
for file in "$OUTPUT_FOLDER"/*; do
yq -i '... comments=""' $file
done
echo ""
echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
ls $OUTPUT_FOLDER

6
clusters/cl01tl/helm/argocd/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: argo-cd
repository: https://argoproj.github.io/argo-helm
version: 9.1.7
digest: sha256:ed1ae26f3e642750f6dd970c1adc4fa14a627fad13daf74169213199f74425b3
generated: "2025-12-09T23:01:55.027301875Z"
version: 9.1.6
digest: sha256:488b8e826e7cc7179f154c1b7555e2cec78b69becb9f8cdbe4937b3546d87e5d
generated: "2025-12-05T04:02:40.060511766Z"

2
clusters/cl01tl/helm/argocd/Chart.yaml
View File

@@ -15,7 +15,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: argo-cd
version: 9.1.7
version: 9.1.6
repository: https://argoproj.github.io/argo-helm
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
appVersion: 3.0.0

2
clusters/cl01tl/helm/bazarr/values.yaml
View File

@@ -15,7 +15,7 @@ bazarr:
main:
image:
repository: ghcr.io/linuxserver/bazarr
tag: 1.5.3@sha256:4aa1e82d1e96ae712095d881b7e3840e6db6ca862c335be5b00001f31156650b
tag: 1.5.3@sha256:ec11e988e8e13411c994a4d9f43ed9b97409aa92c1da54d9f23926c3da7c2032
pullPolicy: IfNotPresent
env:
- name: TZ

1
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -156,7 +156,6 @@ blocky:
radarr-anime IN CNAME traefik-cl01tl
radarr-standup IN CNAME traefik-cl01tl
searxng IN CNAME traefik-cl01tl
seerr IN CNAME traefik-cl01tl
slskd IN CNAME traefik-cl01tl
sonarr IN CNAME traefik-cl01tl
sonarr-4k IN CNAME traefik-cl01tl

6
clusters/cl01tl/helm/cert-manager/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: cert-manager
repository: https://charts.jetstack.io
version: v1.19.2
digest: sha256:b02bda9b9f2fc886af11d017a27a5761513defee603f9e3aa1d7add2749b925c
generated: "2025-12-10T15:01:57.196895547Z"
version: v1.19.1
digest: sha256:0b1238a5552bc6d457d4b1a2a1f387a3e7f2c19f820ecb64e14d20481a1ed1ce
generated: "2025-12-01T20:25:17.762628-06:00"

2
clusters/cl01tl/helm/cert-manager/Chart.yaml
View File

@@ -14,7 +14,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: cert-manager
version: v1.19.2
version: v1.19.1
repository: https://charts.jetstack.io
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/cert-manager.png
appVersion: v1.17.2

3
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -125,9 +125,6 @@ gatus:
- name: overseerr
url: https://overseerr.alexlebens.net
<<: *defaults
- name: seerr
url: https://seerr.alexlebens.net
<<: *defaults
- name: yamtrack
url: https://yamtrack.alexlebens.net
<<: *defaults

7
clusters/cl01tl/helm/gitea/values.yaml
View File

@@ -194,9 +194,6 @@ backup:
name: gitea-backup
pod:
automountServiceAccountToken: true
labels:
app.kubernetes.io/instance: gitea-backup
app.kubernetes.io/name: gitea-backup
initContainers:
backup:
image:
@@ -218,7 +215,7 @@ backup:
s3-backup:
image:
repository: d3fk/s3cmd
tag: latest@sha256:a4ef406e37628ee56e608b1567aeb0345e51142f56741b715322111be3b6ebcc
tag: latest@sha256:590c42746db1252be8aad33e287c7910698c32b58b4fc34f67592a5bd0841551
pullPolicy: IfNotPresent
command:
- /bin/sh
@@ -242,7 +239,7 @@ backup:
s3-prune:
image:
repository: d3fk/s3cmd
tag: latest@sha256:a4ef406e37628ee56e608b1567aeb0345e51142f56741b715322111be3b6ebcc
tag: latest@sha256:590c42746db1252be8aad33e287c7910698c32b58b4fc34f67592a5bd0841551
pullPolicy: IfNotPresent
command:
- /bin/sh

2
clusters/cl01tl/helm/harbor/Chart.yaml
View File

@@ -17,7 +17,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: harbor
version: 1.18.1
version: 1.18.0
repository: https://helm.goharbor.io
- name: postgres-cluster
alias: postgres-17-cluster

8
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -143,16 +143,10 @@ homepage:
statusStyle: dot
- Media Requests:
icon: sh-overseerr.webp
description: Overseerr
description: Overseer
href: https://overseerr.alexlebens.net
siteMonitor: http://overseerr.overseerr:80
statusStyle: dot
- Media Requests (New):
icon: sh-overseerr.webp
description: Seerr
href: https://seerr.alexlebens.net
siteMonitor: http://seerr-seerr-chart.seerr:80
statusStyle: dot
- Media Tracking:
icon: sh-yamtrack.webp
description: Yamtrack

2
clusters/cl01tl/helm/lidatube/values.yaml
View File

@@ -13,7 +13,7 @@ lidatube:
main:
image:
repository: thewicklowwolf/lidatube
tag: 0.2.42
tag: 0.2.41
pullPolicy: IfNotPresent
env:
- name: PUID

6
clusters/cl01tl/helm/ollama/values.yaml
View File

@@ -22,7 +22,7 @@ ollama:
main:
image:
repository: ollama/ollama
tag: 0.13.2
tag: 0.13.1
pullPolicy: IfNotPresent
env:
- name: OLLAMA_KEEP_ALIVE
@@ -58,7 +58,7 @@ ollama:
main:
image:
repository: ollama/ollama
tag: 0.13.2
tag: 0.13.1
pullPolicy: IfNotPresent
env:
- name: OLLAMA_KEEP_ALIVE
@@ -94,7 +94,7 @@ ollama:
main:
image:
repository: ollama/ollama
tag: 0.13.2
tag: 0.13.1
pullPolicy: IfNotPresent
env:
- name: OLLAMA_KEEP_ALIVE

30
clusters/cl01tl/helm/searxng/templates/external-secret.yaml
View File

@@ -20,36 +20,6 @@ spec:
metadataPolicy: None
property: private-key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: searxng-browser-metrics-auth
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: searxng-browser-metrics-auth
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: metrics-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: cl01tl/searxng/browser
metadataPolicy: None
property: metrics-password
- secretKey: metrics-username
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: cl01tl/searxng/browser
metadataPolicy: None
property: metrics-username
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret

32
clusters/cl01tl/helm/searxng/templates/redis-replication.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: redis-replication-searxng
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: redis-replication-searxng
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
clusterSize: 3
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
kubernetesConfig:
image: quay.io/opstree/redis:v8.0.3
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 128Mi
storage:
volumeClaimTemplate:
spec:
storageClassName: ceph-block
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
redisExporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.48.0

21
clusters/cl01tl/helm/searxng/templates/service-monitor.yaml
View File

@@ -1,26 +1,19 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: searxng-browser
name: redis-replication-searxng
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: searxng-browser
app.kubernetes.io/name: redis-replication-searxng
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
redis-operator: "true"
env: production
spec:
selector:
matchLabels:
app.kubernetes.io/name: searxng-browser
app.kubernetes.io/instance: {{ .Release.Name }}
redis_setup_type: replication
endpoints:
- port: mail
- port: redis-exporter
interval: 30s
scrapeTimeout: 15s
path: /metrics
basicAuth:
password:
name: searxng-browser-metrics-auth
key: metrics-password
username:
name: searxng-browser-metrics-auth
key: metrics-username
scrapeTimeout: 10s

46
clusters/cl01tl/helm/searxng/values.yaml
View File

@@ -9,7 +9,7 @@ searxng:
main:
image:
repository: searxng/searxng
tag: latest@sha256:95e59f5ba7d48b4c7ee92f2705907e52c5b98715b0d8c4802863322a502a8c4a
tag: latest@sha256:8354c2e3fdc4e400379c0fa906e42961dfc55a570d9769c70ab07e410dfb1468
pullPolicy: IfNotPresent
env:
- name: SEARXNG_BASE_URL
@@ -18,6 +18,10 @@ searxng:
value: http://searxng-api.searxng:8080/search?q=<query>
- name: SEARXNG_HOSTNAME
value: searxng-api.searxng
- name: UWSGI_WORKERS
value: 4
- name: UWSGI_THREADS
value: 4
- name: ENABLE_RAG_WEB_SEARCH
value: true
- name: RAG_WEB_SEARCH_ENGINE
@@ -39,7 +43,7 @@ searxng:
main:
image:
repository: searxng/searxng
tag: latest@sha256:95e59f5ba7d48b4c7ee92f2705907e52c5b98715b0d8c4802863322a502a8c4a
tag: latest@sha256:8354c2e3fdc4e400379c0fa906e42961dfc55a570d9769c70ab07e410dfb1468
pullPolicy: IfNotPresent
env:
- name: SEARXNG_BASE_URL
@@ -48,25 +52,16 @@ searxng:
value: https://searxng.alexlebens.net/search?q=<query>
- name: SEARXNG_HOSTNAME
value: searxng.alexlebens.net
- name: SEARXNG_VALKEY_URL
value: valkey://127.0.0.1:6379/0
- name: GRANIAN_HOST
value: 0.0.0.0
- name: GRANIAN_PORT
value: 8080
- name: SEARXNG_REDIS_URL
value: redis://redis-replication-searxng-master.searxng:6379/0
- name: UWSGI_WORKERS
value: 4
- name: UWSGI_THREADS
value: 4
resources:
requests:
cpu: 10m
memory: 256Mi
valkey:
image:
repository: valkey/valkey
tag: 9.0.0-alpine3.22
pullPolicy: IfNotPresent
resources:
requests:
cpu: 10m
memory: 128Mi
gluetun:
image:
repository: ghcr.io/qdm12/gluetun
@@ -82,10 +77,18 @@ searxng:
secretKeyRef:
name: searxng-wireguard-conf
key: private-key
- name: VPN_PORT_FORWARDING
value: "on"
- name: VPN_PORT_FORWARDING_UP_COMMAND
value: '/bin/sh -c "/gluetun/update.sh {{ printf "{{PORTS}}" }}"'
- name: PORT_FORWARD_ONLY
value: "on"
- name: FIREWALL_OUTBOUND_SUBNETS
value: 192.168.1.0/24,10.244.0.0/16
- name: FIREWALL_INPUT_PORTS
value: 8080
- name: DOT
value: "off"
securityContext:
privileged: True
capabilities:
@@ -148,12 +151,3 @@ searxng:
main:
- path: /etc/searxng
readOnly: false
valkey-data:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
advancedMounts:
browser:
valkey:
- path: /data
readOnly: false

6
clusters/cl01tl/helm/seerr/Chart.lock
View File

@@ -1,6 +0,0 @@
dependencies:
- name: seerr-chart
repository: oci://ghcr.io/seerr-team/seerr
version: 3.0.0
digest: sha256:6cf3525ac452922339261fa2a5ecc9d8cdf66b21bc30e032395d8d80bb79dc6c
generated: "2025-12-08T20:48:24.567069-06:00"

22
clusters/cl01tl/helm/seerr/Chart.yaml
View File

@@ -1,22 +0,0 @@
apiVersion: v2
name: seerr
version: 1.0.0
description: Seerr
keywords:
- seerr
- media
- movies
- tv shows
home: https://wiki.alexlebens.dev/
sources:
- https://github.com/seerr-team/seerr
- https://github.com/seerr-team/seerr/pkgs/container/seerr
- https://github.com/seerr-team/seerr/tree/develop/charts/seerr-chart
maintainers:
- name: alexlebens
dependencies:
- name: seerr-chart
repository: oci://ghcr.io/seerr-team/seerr
version: 3.0.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/overseerr.png
appVersion: develop

55
clusters/cl01tl/helm/seerr/templates/external-secret.yaml
View File

@@ -1,55 +0,0 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: seerr-config-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: seerr-config-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/seerr/seerr-config"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: S3_BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: access_key
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: secret_key

28
clusters/cl01tl/helm/seerr/templates/http-route.yaml
View File

@@ -1,28 +0,0 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-seerr
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-seerr
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- seerr.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: seerr-seerr-chart
port: 80
weight: 100

26
clusters/cl01tl/helm/seerr/templates/replication-source.yaml
View File

@@ -1,26 +0,0 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: seerr-config-backup-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: seerr-config-backup-source
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: seerr-config
trigger:
schedule: 0 4 * * *
restic:
pruneIntervalDays: 7
repository: seerr-config-backup-secret
retain:
hourly: 1
daily: 3
weekly: 2
monthly: 2
yearly: 4
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot
cacheCapacity: 10Gi

31
clusters/cl01tl/helm/seerr/values.yaml
View File

@@ -1,31 +0,0 @@
seerr-chart:
image:
tag: develop
sha: f96deeef25cfb7bb0ecaa90f324bf6dfb66a844e8ed38501764f4d982a152280
probes:
livenessProbe:
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
readinessProbe:
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
service:
port: 80
config:
persistence:
size: 5Gi
accessModes:
- ReadWriteOnce
storageClass: ceph-block
ingress:
enabled: false
resources:
requests:
cpu: 10m
memory: 128Mi

2
clusters/cl01tl/helm/talos/values.yaml
View File

@@ -73,7 +73,7 @@ etcd-backup:
s3-prune:
image:
repository: d3fk/s3cmd
tag: latest@sha256:a4ef406e37628ee56e608b1567aeb0345e51142f56741b715322111be3b6ebcc
tag: latest@sha256:590c42746db1252be8aad33e287c7910698c32b58b4fc34f67592a5bd0841551
pullPolicy: IfNotPresent
command:
- /bin/sh

2
clusters/cl01tl/helm/vault/values.yaml
View File

@@ -198,7 +198,7 @@ snapshot:
s3-backup:
image:
repository: d3fk/s3cmd
tag: latest@sha256:a4ef406e37628ee56e608b1567aeb0345e51142f56741b715322111be3b6ebcc
tag: latest@sha256:590c42746db1252be8aad33e287c7910698c32b58b4fc34f67592a5bd0841551
pullPolicy: IfNotPresent
command:
- /bin/sh

1
hosts/ps08rp/blocky/config.yml
View File

@@ -132,7 +132,6 @@ customDNS:
radarr-anime IN CNAME traefik-cl01tl
radarr-standup IN CNAME traefik-cl01tl
searxng IN CNAME traefik-cl01tl
seerr IN CNAME traefik-cl01tl
slskd IN CNAME traefik-cl01tl
sonarr IN CNAME traefik-cl01tl
sonarr-4k IN CNAME traefik-cl01tl

1
hosts/ps09rp/blocky/config.yml
View File

@@ -132,7 +132,6 @@ customDNS:
radarr-anime IN CNAME traefik-cl01tl
radarr-standup IN CNAME traefik-cl01tl
searxng IN CNAME traefik-cl01tl
seerr IN CNAME traefik-cl01tl
slskd IN CNAME traefik-cl01tl
sonarr IN CNAME traefik-cl01tl
sonarr-4k IN CNAME traefik-cl01tl