alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 4 Actions Activity

Compare commits

base: alexlebens:da1dd5631b40b9c9eac6ceafa321cccb072deb7a
Branches Tags
alexlebens:main alexlebens:renovate/major-unified-elasticsearch alexlebens:renovate/unified-valkey alexlebens:renovate/unified-postgres-cluster alexlebens:renovate/unified-cilium alexlebens:manifests
...
compare: alexlebens:renovate/unified-valkey
Branches Tags
alexlebens:renovate/major-unified-elasticsearch alexlebens:renovate/unified-valkey alexlebens:renovate/unified-postgres-cluster alexlebens:renovate/unified-cilium alexlebens:manifests alexlebens:main

53 Commits
da1dd5631b ... renovate/u

Author SHA1 Message Date
Renovate Bot
026762436a Update valkey
All checks were successful
renovate/stability-days Updates have met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 50s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 1m14s
Details
2026-04-07 07:11:38 +00:00
Renovate Bot
4203b2e7bc Merge pull request 'chore(deps): update searxng/searxng:latest docker digest to 4726ed1' (#5646) from renovate/unified-searxng into main
Some checks are pending
lint-test-helm / lint-helm (push) Successful in 46s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Has started running
Details
2026-04-07 07:03:39 +00:00
Renovate Bot
698a82b6ef chore(deps): update searxng/searxng:latest docker digest to 4726ed1
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 53s
Details
lint-test-helm / validate-kubeconform (pull_request) Has been skipped
Details
render-manifests / render-manifests (pull_request) Successful in 1m51s
Details
2026-04-07 07:03:22 +00:00
Renovate Bot
0ea3e66cfd Merge pull request 'chore(deps): update d3fk/s3cmd:latest docker digest to d66cc56' (#5644) from renovate/unified-s3cmd into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 25s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 3m40s
Details
2026-04-07 02:36:39 +00:00
Renovate Bot
292ab26ea2 chore(deps): update d3fk/s3cmd:latest docker digest to d66cc56
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 25s
Details
lint-test-helm / validate-kubeconform (pull_request) Has been skipped
Details
render-manifests / render-manifests (pull_request) Successful in 1m13s
Details
2026-04-07 02:36:05 +00:00
Alex Lebens
f455d14143 Merge pull request 'feat: refactor apps' (#5642) from tmp/refactor-39 into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 37s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details 
Reviewed-on: #5642
 2026-04-07 02:33:14 +00:00
Alex Lebens
eeb03922fb feat: change context
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 34s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 46s
Details
render-manifests / render-manifests (pull_request) Successful in 40s
Details
2026-04-06 21:30:51 -05:00
Alex Lebens
a3ce90b4d4 feat: refactor apps
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 26s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 24s
Details
2026-04-06 21:27:00 -05:00
Renovate Bot
48822728de Merge pull request 'chore(deps): update elasticsearch docker tag to v8.19.13' (#5639) from renovate/unified-elasticsearch into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 21s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 2m17s
Details
2026-04-07 01:31:10 +00:00
Renovate Bot
7db42b0c91 chore(deps): update elasticsearch docker tag to v8.19.13
All checks were successful
renovate/stability-days Updates have met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 26s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 22s
Details
render-manifests / render-manifests (pull_request) Successful in 1m20s
Details
2026-04-07 01:30:54 +00:00
Alex Lebens
646fcbec9d Merge pull request 'feat: refactor apps' (#5637) from tmp/refactor-38 into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 32s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details 
Reviewed-on: #5637
 2026-04-07 01:28:53 +00:00
Alex Lebens
9f4e7436fd feat: refactor apps 2026-04-07 01:28:53 +00:00
Alex Lebens
7322fd874b Merge pull request 'chore(deps): update ghcr.io/jeffvli/feishin docker tag to v1.11.0' (#5636) from renovate/unified-feishin into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 24s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details 
Reviewed-on: #5636
 2026-04-07 01:26:24 +00:00
Renovate Bot
7741818eac chore(deps): update ghcr.io/jeffvli/feishin docker tag to v1.11.0
Some checks failed
lint-test-helm / lint-helm (pull_request) Successful in 35s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 32s
Details
render-manifests / render-manifests (pull_request) Failing after 5s
Details
2026-04-07 01:07:52 +00:00
Alex Lebens
a1ef468c2d Merge pull request 'chore(deps): update harbor.alexlebens.net/images/site-documentation docker tag to v0.21.0' (#5635) from renovate/unified-site-documentation into main
Some checks failed
lint-test-helm / lint-helm (push) Failing after 7s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 4m13s
Details 
Reviewed-on: #5635
 2026-04-07 01:05:20 +00:00
Renovate Bot
e9e3d7a70b chore(deps): update harbor.alexlebens.net/images/site-documentation docker tag to v0.21.0
Some checks failed
lint-test-helm / lint-helm (pull_request) Successful in 31s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 20s
Details
render-manifests / render-manifests (pull_request) Failing after 6s
Details
2026-04-07 00:33:42 +00:00
Alex Lebens
4f05f6e667 Merge pull request 'fix: wrong repo' (#5633) from tmp/snap into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 22s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 2m25s
Details 
Reviewed-on: #5633
 2026-04-07 00:30:15 +00:00
Alex Lebens
e2d317a0db fix: wrong repo
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 30s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 28s
Details
render-manifests / render-manifests (pull_request) Successful in 38s
Details
2026-04-06 19:25:03 -05:00
Alex Lebens
663ac4fa6a Merge pull request 'feat: refactor apps' (#5631) from tmp/refactor-37 into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 35s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 6m15s
Details 
Reviewed-on: #5631
 2026-04-07 00:17:18 +00:00
Alex Lebens
729d13a05b feat: refactor apps
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 31s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 28s
Details
render-manifests / render-manifests (pull_request) Successful in 1m49s
Details
2026-04-06 19:14:10 -05:00
Alex Lebens
8f206fae36 Merge pull request 'feat: refactor apps' (#5629) from tmp/refactor-36 into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 22s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 6m48s
Details 
Reviewed-on: #5629
 2026-04-06 23:58:30 +00:00
Alex Lebens
a4f9450f8e fix: remove old reference
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 25s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 25s
Details
render-manifests / render-manifests (pull_request) Successful in 1m12s
Details
2026-04-06 18:51:24 -05:00
Alex Lebens
2c8135175e feat: refactor apps
Some checks failed
lint-test-helm / lint-helm (pull_request) Successful in 33s
Details
lint-test-helm / validate-kubeconform (pull_request) Failing after 44s
Details
2026-04-06 18:48:08 -05:00
Alex Lebens
6a0a1db573 Merge pull request 'feat: refactor apps' (#5627) from tmp/refactor-35 into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 29s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 4m11s
Details 
Reviewed-on: #5627
 2026-04-06 23:39:42 +00:00
Alex Lebens
d2ca582ed7 feat: refactor apps
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 24s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 22s
Details
render-manifests / render-manifests (pull_request) Successful in 35s
Details
2026-04-06 18:36:04 -05:00
Alex Lebens
e839dd4cd9 Merge pull request 'tmp/refactor-34' (#5625) from tmp/refactor-34 into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 27s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 4m12s
Details 
Reviewed-on: #5625
 2026-04-06 23:23:07 +00:00
Alex Lebens
285581c4d4 feat: improve probe
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 59s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 32s
Details
render-manifests / render-manifests (pull_request) Successful in 1m11s
Details
2026-04-06 18:16:55 -05:00
Alex Lebens
f02f535c2c feat: refactor apps 2026-04-06 18:15:08 -05:00
Alex Lebens
adada9877f Merge pull request 'feat: refactor apps' (#5623) from tmp/refactor-33 into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 21s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 2m29s
Details 
Reviewed-on: #5623
 2026-04-06 22:50:41 +00:00
Alex Lebens
f58edfc9f9 feat: refactor apps
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 46s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 26s
Details
render-manifests / render-manifests (pull_request) Successful in 1m28s
Details
2026-04-06 17:48:10 -05:00
Alex Lebens
f1ce1b9f63 Merge pull request 'tmp/rook-3' (#5621) from tmp/rook-3 into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 28s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 6m23s
Details 
Reviewed-on: #5621
 2026-04-06 22:13:51 +00:00
Alex Lebens
2eb730c87c feat: change resource limits
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 39s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 26s
Details
render-manifests / render-manifests (pull_request) Successful in 1m25s
Details
2026-04-06 17:11:53 -05:00
Alex Lebens
39d3300833 feat: change resource limits 2026-04-06 17:10:57 -05:00
Alex Lebens
a9adc685f2 Merge pull request 'fix: string' (#5620) from tmp/rook-2 into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 25s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 5m46s
Details 
Reviewed-on: #5620
 2026-04-06 22:04:22 +00:00
Alex Lebens
2f1a17bbb7 fix: string
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 32s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 33s
Details
render-manifests / render-manifests (pull_request) Successful in 58s
Details
2026-04-06 17:02:37 -05:00
Alex Lebens
fe67ad3a80 Merge pull request 'feat: update ceph image' (#5618) from tmp/rook into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 38s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details 
Reviewed-on: #5618
 2026-04-06 21:59:45 +00:00
Alex Lebens
2426f4042a feat: change image
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 35s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 35s
Details
render-manifests / render-manifests (pull_request) Successful in 1m27s
Details
2026-04-06 16:58:12 -05:00
Alex Lebens
4ff051594e fix: add value
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 29s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 22s
Details
2026-04-06 16:49:02 -05:00
Alex Lebens
7803e801ef feat: update ceph image
Some checks failed
lint-test-helm / lint-helm (pull_request) Successful in 26s
Details
lint-test-helm / validate-kubeconform (pull_request) Failing after 24s
Details
2026-04-06 16:45:52 -05:00
Alex Lebens
7adb38fe05 Merge pull request 'feat: refactor apps' (#5616) from tmp/refactor-32 into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 39s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 5m29s
Details 
Reviewed-on: #5616
 2026-04-06 21:24:11 +00:00
Alex Lebens
e84cd5039d feat: refactor apps
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 46s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 24s
Details
render-manifests / render-manifests (pull_request) Successful in 1m19s
Details
2026-04-06 16:21:25 -05:00
Alex Lebens
83c8c21ae3 Merge pull request 'Update kube-prometheus-stack Docker tag to v83' (#5612) from renovate/major-unified-kube-prometheus-stack into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 32s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 5m46s
Details 
Reviewed-on: #5612
 2026-04-06 21:06:22 +00:00
Renovate Bot
a9254f2553 Update kube-prometheus-stack Docker tag to v83 2026-04-06 21:06:22 +00:00
Alex Lebens
8a26f6d280 Merge pull request 'feat: update env' (#5613) from tmp/dep-track-5 into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 39s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details 
Reviewed-on: #5613
 2026-04-06 21:03:39 +00:00
Alex Lebens
06d620e9a3 feat: update env
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 33s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 37s
Details
render-manifests / render-manifests (pull_request) Successful in 1m22s
Details
2026-04-06 16:01:40 -05:00
Alex Lebens
7a0477819b Merge pull request 'tmp/refactor-31' (#5611) from tmp/refactor-31 into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 40s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 3m6s
Details 
Reviewed-on: #5611
 2026-04-06 20:49:05 +00:00
Alex Lebens
9a401329cd feat: update lock 2026-04-06 20:49:05 +00:00
Alex Lebens
267e4ac990 feat: refactor apps 2026-04-06 20:49:05 +00:00
Alex Lebens
3266c4739a feat: change env 2026-04-06 20:49:05 +00:00
Alex Lebens
665199fdf6 Merge pull request 'Update external-dns to v0.21.0' (#5599) from renovate/unified-external-dns into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 19s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 6m28s
Details 
Reviewed-on: #5599
 2026-04-06 20:26:11 +00:00
Renovate Bot
bfdbbb0c88 Update external-dns to v0.21.0
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 22s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 23s
Details
render-manifests / render-manifests (pull_request) Successful in 36s
Details
2026-04-06 20:14:20 +00:00
Alex Lebens
6271c1d739 Merge pull request 'Update gotenberg/gotenberg Docker tag to v8.30.1' (#5598) from renovate/unified-gotenberg into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 21s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 5m10s
Details 
Reviewed-on: #5598
 2026-04-06 20:12:18 +00:00
Renovate Bot
518bc23164 Update gotenberg/gotenberg Docker tag to v8.30.1
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 35s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 22s
Details
render-manifests / render-manifests (pull_request) Successful in 44s
Details
2026-04-06 19:54:41 +00:00
96 changed files with 524 additions and 1157 deletions
Expand all files Collapse all files

1
clusters/cl01tl/helm/dependency-track/Chart.yaml
View File

@@ -11,6 +11,7 @@ sources:
- https://hub.docker.com/r/dependencytrack/apiserver
- https://hub.docker.com/r/dependencytrack/frontend
- https://github.com/DependencyTrack/helm-charts/tree/main/charts/dependency-track
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:

6
clusters/cl01tl/helm/dependency-track/values.yaml
View File

@@ -55,7 +55,7 @@ dependency-track:
- name: ALPINE_OIDC_TEAM_SYNCHRONIZATION
value: "true"
- name: ALPINE_CORS_ENABLED
value: "true"
value: "false"
- name: ALPINE_CORS_ALLOW_ORIGIN
value: dependency-track.alexlebens.net dependency-track.dependency-track
serviceMonitor:
@@ -74,6 +74,8 @@ dependency-track:
extraEnv:
- name: OIDC_ISSUER
value: https://authentik.alexlebens.net/application/o/dependency-track/
- name: OIDC_FLOW
value: explicit
- name: OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
@@ -81,7 +83,7 @@ dependency-track:
key: client
- name: OIDC_LOGIN_BUTTON_TEXT
value: Authentik
apiBaseUrl: dependency-track.alexlebens.net
apiBaseUrl: dependency-track-api-server.dependency-track
httpRoute:
enabled: true
hostnames:

2
clusters/cl01tl/helm/external-dns/Chart.yaml
View File

@@ -20,4 +20,4 @@ dependencies:
repository: https://kubernetes-sigs.github.io/external-dns/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
# renovate: datasource=github-releases depName=kubernetes-sigs/external-dns
appVersion: v0.20.0
appVersion: v0.21.0

2
clusters/cl01tl/helm/external-dns/values.yaml
View File

@@ -1,7 +1,7 @@
external-dns-unifi:
image:
repository: registry.k8s.io/external-dns/external-dns
tag: v0.20.0@sha256:ddc7f4212ed09a21024deb1f470a05240837712e74e4b9f6d1f2632ff10672e7
tag: v0.21.0@sha256:f53faaf71cb270d1ca9dce6ea0c94bfebf1a18696263487f0fbc74b9bf2bd7ff
fullnameOverride: external-dns-unifi
resources:
requests:

2
clusters/cl01tl/helm/karakeep/Chart.yaml
View File

@@ -32,6 +32,6 @@ dependencies:
alias: volsync-target-data
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/webp/karakeep.webp
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/karakeep.png
# renovate: datasource=github-releases depName=karakeep-app/karakeep
appVersion: 0.31.0

6
clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock
View File

@@ -1,7 +1,7 @@
dependencies:
- name: kube-prometheus-stack
repository: oci://ghcr.io/prometheus-community/charts
version: 82.18.0
version: 83.0.0
- name: prometheus-operator-crds
repository: oci://ghcr.io/prometheus-community/charts
version: 28.0.1
@@ -11,5 +11,5 @@ dependencies:
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:e4632c1c2f0b9d0b37edc7ecf1a008cdf3683737133f2d0b119eab9f968ebf88
generated: "2026-04-05T19:45:07.805154-05:00"
digest: sha256:73bade97f20d9611f03cb3bb16173efb491993a69a1fb8e22eed2c19d535ca2b
generated: "2026-04-06T21:02:50.314276855Z"

2
clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
View File

@@ -19,7 +19,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: kube-prometheus-stack
version: 82.18.0
version: 83.0.0
repository: oci://ghcr.io/prometheus-community/charts
- name: prometheus-operator-crds
version: 28.0.1

1
clusters/cl01tl/helm/kubernetes-cloudflare-ddns/Chart.yaml
View File

@@ -5,6 +5,7 @@ description: Kubernetes Cloudflare DDNS
keywords:
- kubernetes-cloudflare-ddns
- ddns
- job
home: https://docs.alexlebens.dev/applications/kubelet-serving-cert-approver/
sources:
- https://github.com/kubitodev/kubernetes-cloudflare-ddns

2
clusters/cl01tl/helm/languagetool/Chart.yaml
View File

@@ -23,6 +23,6 @@ dependencies:
alias: volsync-target-data
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/languagetool.webp
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/languagetool.png
# renovate: datasource=github-releases depName=Erikvl87/docker-languagetool
appVersion: "6.7"

1
clusters/cl01tl/helm/libation/Chart.yaml
View File

@@ -5,6 +5,7 @@ description: Libation
keywords:
- libation
- audible
- job
home: https://docs.alexlebens.dev/applications/languagetool/
sources:
- https://github.com/rmcrackan/Libation

3
clusters/cl01tl/helm/matrix-synapse/values.yaml
View File

@@ -463,6 +463,9 @@ volsync-target-discord:
schedule: 40 10 * * *
volsync-target-whatsapp:
pvcTarget: mautrix-whatsapp
moverSecurityContext:
runAsUser: 1337
runAsGroup: 1337
local:
enabled: true
schedule: 42 8 * * *

2
clusters/cl01tl/helm/navidrome/values.yaml
View File

@@ -43,7 +43,7 @@ navidrome:
main:
image:
repository: ghcr.io/jeffvli/feishin
tag: 1.9.0@sha256:5e6959afd27dabadd8f68fed8b0485d851593c61ca558194295bf8950262cc07
tag: 1.11.0@sha256:1eed97d6272d29d0a7de4c3c1357d4bc9c08cf8e304aa1014089f9111d22619c
env:
- name: SERVER_NAME
value: talos

2
clusters/cl01tl/helm/paperless-ngx/values.yaml
View File

@@ -86,7 +86,7 @@ paperless-ngx:
gotenberg:
image:
repository: gotenberg/gotenberg
tag: 8.29.1@sha256:36c925776fa0db0fd1030408d131fde7ac3453027a559883555155b72adb16a7
tag: 8.30.1@sha256:206a6c708fc6d05257367d9ac902d6c56c50d2e3284d0596ea000814ef97f22c
service:
main:
controller: main

2
clusters/cl01tl/helm/postiz/values.yaml
View File

@@ -238,7 +238,7 @@ temporal:
cpu: 10m
memory: 50Mi
postgres-18-cluster:
mode: standalone
mode: recovery
cluster:
enableSuperuserAccess: true
recovery:

2
clusters/cl01tl/helm/qbittorrent/values.yaml
View File

@@ -6,8 +6,6 @@ qbittorrent:
strategy: Recreate
pod:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
affinity:

6
clusters/cl01tl/helm/radarr-4k/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0
version: 7.11.2
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:d76563fe1a7a9f8ceaf6937831bd0c5511eb7369abb8eb54110dfb69e6dce224
generated: "2026-03-15T20:08:21.236792423Z"
digest: sha256:f644b5d539a1aa786eae75f7e397ca12383320bcb52618eaf611c45c08e6f205
generated: "2026-04-06T15:33:33.355903-05:00"

14
clusters/cl01tl/helm/radarr-4k/Chart.yaml
View File

@@ -4,20 +4,18 @@ version: 1.0.0
description: Radarr 4K
keywords:
- radarr
- servarr
- movies
- 4k
- metrics
home: https://wiki.alexlebens.dev/s/b5687ceb-11db-49b3-9c77-bf27bc322c99
- servarr
home: https://docs.alexlebens.dev/applications/radarr/
sources:
- https://github.com/Radarr/Radarr
- https://github.com/linuxserver/docker-radarr
- https://github.com/onedr0p/exportarr
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/linuxserver/docker-radarr/pkgs/container/radarr
- https://github.com/onedr0p/exportarr/pkgs/container/exportarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -27,12 +25,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.10.0
version: 7.11.2
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-4k.png
# renovate: datasource=github-releases depName=Radarr/Radarr
appVersion: 6.0.4
# renovate: datasource=github-releases depName=linuxserver/docker-radarr
appVersion: 6.1.1.10360-ls298

48
clusters/cl01tl/helm/radarr-4k/values.yaml
View File

@@ -4,7 +4,6 @@ radarr-4k:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
runAsUser: 1000
@@ -15,24 +14,22 @@ radarr-4k:
main:
image:
repository: ghcr.io/linuxserver/radarr
tag: 6.0.4@sha256:ca43905eaf2dd11425efdcfe184892e43806b1ae0a830440c825cecbc2629cfb
pullPolicy: IfNotPresent
tag: 6.1.1.10360-ls298@sha256:cd70546fc97169788530386b42cf47ba1b16d091b4dc2264cd54099dd13c6f7f
env:
- name: TZ
value: US/Central
value: America/Chicago
- name: PUID
value: 1000
- name: PGID
value: 1000
resources:
requests:
cpu: 100m
memory: 256Mi
cpu: 10m
memory: 220Mi
metrics:
image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.3.0
pullPolicy: IfNotPresent
tag: v2.3.0@sha256:af535d94061cf97a52e1661945ffba78c03f9443eae7c0da1a80a5a4be56b520
args: ["radarr"]
env:
- name: URL
@@ -45,10 +42,6 @@ radarr-4k:
value: false
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: false
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -56,11 +49,9 @@ radarr-4k:
http:
port: 80
targetPort: 7878
protocol: HTTP
metrics:
port: 9793
targetPort: 9793
protocol: TCP
serviceMonitor:
main:
selector:
@@ -95,11 +86,8 @@ radarr-4k:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs:
- group: ''
kind: Service
name: radarr-4k
- name: radarr-4k
port: 80
weight: 100
filters:
- type: ExtensionRef
extensionRef:
@@ -116,7 +104,6 @@ radarr-4k:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 20Gi
retain: true
advancedMounts:
main:
main:
@@ -150,35 +137,12 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 30 15 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-config:
pvcTarget: radarr-4k-config
moverSecurityContext:

6
clusters/cl01tl/helm/radarr-anime/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0
version: 7.11.2
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:21bde3a8778fb94e40f2177383ca418123e69f3f3f463b31d35e9f9bf83dfa9d
generated: "2026-03-15T20:08:35.497440433Z"
digest: sha256:ff7a0dc34eba6f1958b56a90fd4b47d5baac88eb5c40349b5b9aa8223fa6ffd6
generated: "2026-04-06T15:33:41.628584-05:00"

14
clusters/cl01tl/helm/radarr-anime/Chart.yaml
View File

@@ -4,20 +4,18 @@ version: 1.0.0
description: Radarr Anime
keywords:
- radarr
- servarr
- movies
- anime
- metrics
home: https://wiki.alexlebens.dev/s/b5687ceb-11db-49b3-9c77-bf27bc322c99
- servarr
home: https://docs.alexlebens.dev/applications/radarr/
sources:
- https://github.com/Radarr/Radarr
- https://github.com/linuxserver/docker-radarr
- https://github.com/onedr0p/exportarr
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/linuxserver/docker-radarr/pkgs/container/radarr
- https://github.com/onedr0p/exportarr/pkgs/container/exportarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -27,12 +25,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.10.0
version: 7.11.2
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-anime.png
# renovate: datasource=github-releases depName=Radarr/Radarr
appVersion: 6.0.4
# renovate: datasource=github-releases depName=linuxserver/docker-radarr
appVersion: 6.1.1.10360-ls298

48
clusters/cl01tl/helm/radarr-anime/values.yaml
View File

@@ -4,20 +4,20 @@ radarr-anime:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers:
main:
image:
repository: ghcr.io/linuxserver/radarr
tag: 6.0.4@sha256:ca43905eaf2dd11425efdcfe184892e43806b1ae0a830440c825cecbc2629cfb
pullPolicy: IfNotPresent
tag: 6.1.1.10360-ls298@sha256:cd70546fc97169788530386b42cf47ba1b16d091b4dc2264cd54099dd13c6f7f
env:
- name: TZ
value: US/Central
value: America/Chicago
- name: PUID
value: 1000
- name: PGID
@@ -25,12 +25,11 @@ radarr-anime:
resources:
requests:
cpu: 10m
memory: 256Mi
memory: 220Mi
metrics:
image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.3.0
pullPolicy: IfNotPresent
tag: v2.3.0@sha256:af535d94061cf97a52e1661945ffba78c03f9443eae7c0da1a80a5a4be56b520
args: ["radarr"]
env:
- name: URL
@@ -43,10 +42,6 @@ radarr-anime:
value: false
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: false
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -54,11 +49,9 @@ radarr-anime:
http:
port: 80
targetPort: 7878
protocol: HTTP
metrics:
port: 9793
targetPort: 9793
protocol: TCP
serviceMonitor:
main:
selector:
@@ -93,11 +86,8 @@ radarr-anime:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs:
- group: ''
kind: Service
name: radarr-anime
- name: radarr-anime
port: 80
weight: 100
filters:
- type: ExtensionRef
extensionRef:
@@ -114,7 +104,6 @@ radarr-anime:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 20Gi
retain: true
advancedMounts:
main:
main:
@@ -148,35 +137,12 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 30 15 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-config:
pvcTarget: radarr-anime-config
moverSecurityContext:

6
clusters/cl01tl/helm/radarr-standup/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0
version: 7.11.2
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:ebd25d2a12ca1924b66c62d6dd2c69476ae4526825020796198b65c2ebd2c6eb
generated: "2026-03-15T20:08:49.811429784Z"
digest: sha256:c032454ad1ce0729f69b7d79571880d4d27af6dc6f638b3a32e0a1633c1ee996
generated: "2026-04-06T15:33:54.620306-05:00"

13
clusters/cl01tl/helm/radarr-standup/Chart.yaml
View File

@@ -4,19 +4,18 @@ version: 1.0.0
description: Radarr Stand Up
keywords:
- radarr
- movies
- servarr
- standup
- metrics
home: https://wiki.alexlebens.dev/s/b5687ceb-11db-49b3-9c77-bf27bc322c99
home: https://docs.alexlebens.dev/applications/radarr/
sources:
- https://github.com/Radarr/Radarr
- https://github.com/linuxserver/docker-radarr
- https://github.com/onedr0p/exportarr
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/linuxserver/docker-radarr/pkgs/container/radarr
- https://github.com/onedr0p/exportarr/pkgs/container/exportarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -26,12 +25,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.10.0
version: 7.11.2
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png
# renovate: datasource=github-releases depName=Radarr/Radarr
appVersion: 6.0.4
# renovate: datasource=github-releases depName=linuxserver/docker-radarr
appVersion: 6.1.1.10360-ls298

48
clusters/cl01tl/helm/radarr-standup/values.yaml
View File

@@ -4,20 +4,20 @@ radarr-standup:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers:
main:
image:
repository: ghcr.io/linuxserver/radarr
tag: 6.0.4@sha256:ca43905eaf2dd11425efdcfe184892e43806b1ae0a830440c825cecbc2629cfb
pullPolicy: IfNotPresent
tag: 6.1.1.10360-ls298@sha256:cd70546fc97169788530386b42cf47ba1b16d091b4dc2264cd54099dd13c6f7f
env:
- name: TZ
value: US/Central
value: America/Chicago
- name: PUID
value: 1000
- name: PGID
@@ -25,12 +25,11 @@ radarr-standup:
resources:
requests:
cpu: 10m
memory: 256Mi
memory: 220Mi
metrics:
image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.3.0
pullPolicy: IfNotPresent
tag: v2.3.0@sha256:af535d94061cf97a52e1661945ffba78c03f9443eae7c0da1a80a5a4be56b520
args: ["radarr"]
env:
- name: URL
@@ -43,10 +42,6 @@ radarr-standup:
value: false
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: false
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -54,11 +49,9 @@ radarr-standup:
http:
port: 80
targetPort: 7878
protocol: HTTP
metrics:
port: 9793
targetPort: 9793
protocol: TCP
serviceMonitor:
main:
selector:
@@ -93,11 +86,8 @@ radarr-standup:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs:
- group: ''
kind: Service
name: radarr-standup
- name: radarr-standup
port: 80
weight: 100
filters:
- type: ExtensionRef
extensionRef:
@@ -114,7 +104,6 @@ radarr-standup:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 20Gi
retain: true
advancedMounts:
main:
main:
@@ -148,35 +137,12 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 35 15 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-config:
pvcTarget: radarr-standup-config
moverSecurityContext:

6
clusters/cl01tl/helm/radarr/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0
version: 7.11.2
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:05ce0d746d9c42a00338df5e6673fde8baeefa6f598ef8c85a32e6bc393b94ca
generated: "2026-03-15T20:09:03.538226001Z"
digest: sha256:26dca3bc43e9b3613d3fe817bf6254ffe8ca31152596fa6a141458734aab6950
generated: "2026-04-06T15:33:25.009896-05:00"

13
clusters/cl01tl/helm/radarr/Chart.yaml
View File

@@ -4,19 +4,18 @@ version: 1.0.0
description: Radarr
keywords:
- radarr
- servarr
- movies
- metrics
home: https://wiki.alexlebens.dev/s/b5687ceb-11db-49b3-9c77-bf27bc322c99
- servarr
home: https://docs.alexlebens.dev/applications/radarr/
sources:
- https://github.com/Radarr/Radarr
- https://github.com/linuxserver/docker-radarr
- https://github.com/onedr0p/exportarr
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/linuxserver/docker-radarr/pkgs/container/radarr
- https://github.com/onedr0p/exportarr/pkgs/container/exportarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -26,12 +25,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.10.0
version: 7.11.2
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png
# renovate: datasource=github-releases depName=Radarr/Radarr
appVersion: 6.0.4
# renovate: datasource=github-releases depName=linuxserver/docker-radarr
appVersion: 6.1.1.10360-ls298

46
clusters/cl01tl/helm/radarr/values.yaml
View File

@@ -4,7 +4,6 @@ radarr:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
runAsUser: 1000
@@ -15,11 +14,10 @@ radarr:
main:
image:
repository: ghcr.io/linuxserver/radarr
tag: 6.0.4@sha256:ca43905eaf2dd11425efdcfe184892e43806b1ae0a830440c825cecbc2629cfb
pullPolicy: IfNotPresent
tag: 6.1.1.10360-ls298@sha256:cd70546fc97169788530386b42cf47ba1b16d091b4dc2264cd54099dd13c6f7f
env:
- name: TZ
value: US/Central
value: America/Chicago
- name: PUID
value: 1000
- name: PGID
@@ -27,12 +25,11 @@ radarr:
resources:
requests:
cpu: 100m
memory: 256Mi
memory: 600Mi
metrics:
image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.3.0
pullPolicy: IfNotPresent
tag: v2.3.0@sha256:af535d94061cf97a52e1661945ffba78c03f9443eae7c0da1a80a5a4be56b520
args: ["radarr"]
env:
- name: URL
@@ -45,10 +42,6 @@ radarr:
value: false
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: false
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -56,11 +49,9 @@ radarr:
http:
port: 80
targetPort: 7878
protocol: HTTP
metrics:
port: 9793
targetPort: 9793
protocol: TCP
serviceMonitor:
main:
selector:
@@ -95,11 +86,8 @@ radarr:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs:
- group: ''
kind: Service
name: radarr
- name: radarr
port: 80
weight: 100
filters:
- type: ExtensionRef
extensionRef:
@@ -116,7 +104,6 @@ radarr:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 20Gi
retain: true
advancedMounts:
main:
main:
@@ -150,35 +137,12 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 25 15 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-config:
pvcTarget: radarr-config
moverSecurityContext:

6
clusters/cl01tl/helm/rclone/Chart.yaml
View File

@@ -4,9 +4,9 @@ version: 1.0.0
description: Rclone
keywords:
- rclone
- s3-sync
- job
- kubernetes
home: https://wiki.alexlebens.dev/s/
home: https://docs.alexlebens.dev/applications/rclone/
sources:
- https://github.com/rclone/rclone
- https://hub.docker.com/r/rclone/rclone
@@ -18,6 +18,6 @@ dependencies:
alias: rclone
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/rclone.webp
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/rclone.png
# renovate: datasource=github-releases depName=rclone/rclone
appVersion: v1.73.3

72
clusters/cl01tl/helm/rclone/values.yaml
View File

@@ -4,20 +4,15 @@ rclone:
type: cronjob
cronjob:
suspend: false
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "0 0 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
timeZone: America/Chicago
schedule: 0 0 * * *
backoffLimit: 3
parallelism: 1
containers:
sync:
image:
repository: rclone/rclone
tag: 1.73.3
pullPolicy: IfNotPresent
tag: 1.73.3@sha256:66af24d7c8809af336dc16068149257cf447c80f8c60aa9f5679153f42017b85
args:
- sync
- src:directus-assets
@@ -87,20 +82,15 @@ rclone:
type: cronjob
cronjob:
suspend: false
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "10 0 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
timeZone: America/Chicago
schedule: 10 0 * * *
backoffLimit: 3
parallelism: 1
containers:
sync:
image:
repository: rclone/rclone
tag: 1.73.3
pullPolicy: IfNotPresent
tag: 1.73.3@sha256:66af24d7c8809af336dc16068149257cf447c80f8c60aa9f5679153f42017b85
args:
- sync
- src:karakeep-assets
@@ -170,20 +160,15 @@ rclone:
type: cronjob
cronjob:
suspend: false
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "20 0 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
timeZone: America/Chicago
schedule: 20 0 * * *
backoffLimit: 3
parallelism: 1
containers:
sync:
image:
repository: rclone/rclone
tag: 1.73.3
pullPolicy: IfNotPresent
tag: 1.73.3@sha256:66af24d7c8809af336dc16068149257cf447c80f8c60aa9f5679153f42017b85
args:
- sync
- src:talos-backups
@@ -254,8 +239,7 @@ rclone:
prune:
image:
repository: rclone/rclone
tag: 1.73.3
pullPolicy: IfNotPresent
tag: 1.73.3@sha256:66af24d7c8809af336dc16068149257cf447c80f8c60aa9f5679153f42017b85
args:
- delete
- dest:talos-backups
@@ -295,20 +279,15 @@ rclone:
type: cronjob
cronjob:
suspend: false
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "30 0 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
timeZone: America/Chicago
schedule: 30 0 * * *
backoffLimit: 3
parallelism: 1
containers:
sync:
image:
repository: rclone/rclone
tag: 1.73.3
pullPolicy: IfNotPresent
tag: 1.73.3@sha256:66af24d7c8809af336dc16068149257cf447c80f8c60aa9f5679153f42017b85
args:
- sync
- src:web-assets
@@ -378,20 +357,15 @@ rclone:
type: cronjob
cronjob:
suspend: false
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "40 0 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
timeZone: America/Chicago
schedule: 40 0 * * *
backoffLimit: 3
parallelism: 1
containers:
sync:
image:
repository: rclone/rclone
tag: 1.73.3
pullPolicy: IfNotPresent
tag: 1.73.3@sha256:66af24d7c8809af336dc16068149257cf447c80f8c60aa9f5679153f42017b85
args:
- sync
- src:postgres-backups
@@ -466,8 +440,7 @@ rclone:
prune:
image:
repository: rclone/rclone
tag: 1.73.3
pullPolicy: IfNotPresent
tag: 1.73.3@sha256:66af24d7c8809af336dc16068149257cf447c80f8c60aa9f5679153f42017b85
args:
- delete
- dest:postgres-backups
@@ -507,20 +480,15 @@ rclone:
type: cronjob
cronjob:
suspend: false
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "10 0 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
timeZone: America/Chicago
schedule: 50 0 * * *
backoffLimit: 3
parallelism: 1
containers:
sync:
image:
repository: rclone/rclone
tag: 1.73.3
pullPolicy: IfNotPresent
tag: 1.73.3@sha256:66af24d7c8809af336dc16068149257cf447c80f8c60aa9f5679153f42017b85
args:
- sync
- src:ntfy-attachments

3
clusters/cl01tl/helm/reloader/Chart.yaml
View File

@@ -5,8 +5,7 @@ description: Reloader
keywords:
- reloader
- config-map
- kubernetes
home: https://wiki.alexlebens.dev/s/e3a68f74-6d9a-484c-a446-4ba32f41d4c8
home: https://docs.alexlebens.dev/applications/rclone/
sources:
- https://github.com/stakater/Reloader
- https://github.com/stakater/Reloader/tree/master/deployments/kubernetes/chart/reloader

7
clusters/cl01tl/helm/rook-ceph/Chart.yaml
View File

@@ -4,14 +4,13 @@ version: 1.0.0
description: Rook Ceph
keywords:
- rook-ceph
- ceph
- storage
- kubernetes
home: https://wiki.alexlebens.dev/s/8592da1d-8168-4c6c-a3e4-106902fe878c
home: https://docs.alexlebens.dev/applications/rook-ceph/
sources:
- https://github.com/rook/rook
- https://quay.io/repository/ceph/ceph?tab=tags
- https://github.com/rook/rook/tree/master/deploy/charts
- https://github.com/rook/rook/tree/master/deploy/charts/rook-ceph
- https://github.com/rook/rook/tree/master/deploy/charts/rook-ceph-cluster
maintainers:
- name: alexlebens
dependencies:

78
clusters/cl01tl/helm/rook-ceph/values.yaml
View File

@@ -1,20 +1,30 @@
rook-ceph:
crds:
enabled: true
resources:
limits:
memory: 1Gi
requests:
cpu: 100m
memory: 100Mi
csi:
rookUseCsiOperator: true
cephFSKernelMountOptions: "ms_mode=secure"
enableMetadata: true
provisionerReplicas: 3
serviceMonitor:
enabled: true
enableDiscoveryDaemon: true
monitoring:
enabled: true
rook-ceph-cluster:
toolbox:
enabled: true
image: quay.io/ceph/ceph:v20.2.1@sha256:0bae386bc859cd9a05b804d1ca16cca8853a64f90809044e2bf43095419dc337
resources:
limits:
memory: 1Gi
requests:
cpu: 1m
memory: 10Mi
monitoring:
enabled: true
createPrometheusRules: true
@@ -22,17 +32,17 @@ rook-ceph-cluster:
CephNodeDiskspaceWarning:
disabled: true
cephImage:
# https://quay.io/repository/ceph/ceph?tab=tags
repository: quay.io/ceph/ceph
tag: v19.2.3-20250717
imagePullPolicy: IfNotPresent
tag: v20.2.1@sha256:0bae386bc859cd9a05b804d1ca16cca8853a64f90809044e2bf43095419dc337
cephClusterSpec:
cephConfig:
osd:
bluestore_slow_ops_warn_lifetime: "60"
bluestore_slow_ops_warn_threshold: "10"
csi:
readAffinity:
enabled: true
mgr:
count: 2
modules:
- name: pg_autoscaler
enabled: true
@@ -41,7 +51,6 @@ rook-ceph-cluster:
- name: volumes
enabled: true
dashboard:
enabled: true
ssl: false
network:
connections:
@@ -74,29 +83,62 @@ rook-ceph-cluster:
operator: Exists
resources:
mgr:
limits:
memory: 2Gi
requests:
cpu: 100m
memory: 512Mi
memory: 500Mi
mon:
limits:
memory: 4Gi
requests:
cpu: 200m
memory: 256Mi
cpu: 100m
memory: 750Mi
osd:
limits:
memory: 8Gi
requests:
cpu: 100m
memory: 2Gi
prepareosd:
requests:
cpu: 100m
memory: 128Mi
memory: 200Mi
mgr-sidecar:
limits:
memory: 2Gi
requests:
cpu: 100m
memory: 40Mi
crashcollector:
limits:
memory: 2Gi
requests:
cpu: 10m
memory: 20Mi
logcollector:
limits:
memory: 2Gi
requests:
cpu: 10m
memory: 100Mi
cleanup:
limits:
memory: 2Gi
requests:
cpu: 10m
memory: 100Mi
exporter:
limits:
memory: 2Gi
requests:
cpu: 10m
memory: 20Mi
storage:
useAllDevices: false
devicePathFilter: "/dev/disk/by-partlabel/r-csi-disk"
config:
osdsPerDevice: "1"
csi:
readAffinity:
enabled: true
route:
dashboard:
host:
@@ -147,9 +189,11 @@ rook-ceph-cluster:
activeCount: 1
activeStandby: true
resources:
limits:
memory: 4Gi
requests:
cpu: "1000m"
memory: "4Gi"
cpu: 100m
memory: 400Mi
priorityClassName: system-cluster-critical
storageClass:
enabled: true

6
clusters/cl01tl/helm/roundcube/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0
version: 7.11.2
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:755aa4db5c7142d46af4a80c9fce49c3c558cc81042c9a00a0bdcd607276e856
generated: "2026-03-15T20:09:18.053504671Z"
digest: sha256:3385cf67283187e62972293322a24c0bd3cf979cd870a3f157728e50b601e4f6
generated: "2026-04-06T17:40:21.003745-05:00"

8
clusters/cl01tl/helm/roundcube/Chart.yaml
View File

@@ -4,12 +4,12 @@ version: 1.0.0
description: Roundcube
keywords:
- roundcube
- email
home: https://wiki.alexlebens.dev/s/68896660-74d8-4166-82bd-f7c282cdb08e
- email-client
home: https://docs.alexlebens.dev/applications/rclone/
sources:
- https://github.com/roundcube/roundcubemail
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/roundcube/roundcubemail
- https://hub.docker.com/_/nginx
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
maintainers:
@@ -21,7 +21,7 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.10.0
version: 7.11.2
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data

3
clusters/cl01tl/helm/roundcube/templates/external-secret.yaml
View File

@@ -14,8 +14,5 @@ spec:
data:
- secretKey: DES_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/roundcube/key
metadataPolicy: None
property: DES_KEY

63
clusters/cl01tl/helm/roundcube/values.yaml
View File

@@ -4,13 +4,11 @@ roundcube:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: roundcube/roundcubemail
tag: 1.6.15-fpm-alpine
pullPolicy: IfNotPresent
tag: 1.6.15-fpm-alpine@sha256:0e07c1c66d5a1392f0c47cc79e85e0c60095108f715037d7d0aa3fd8cbe2e780
env:
- name: ROUNDCUBEMAIL_DB_TYPE
value: pgsql
@@ -53,40 +51,32 @@ roundcube:
value: archive,zipdownload,newmail_notifier
resources:
requests:
cpu: 10m
memory: 256Mi
cpu: 1m
memory: 40Mi
nginx:
image:
repository: nginx
tag: 1.29.7-alpine-slim
pullPolicy: IfNotPresent
tag: 1.29.7-alpine-slim@sha256:0848ca84c476868cbeb6a5c2c009a98821b8540f96c44b1ba06820db50262e35
env:
- name: NGINX_HOST
value: mail.alexlebens.net
- name: NGINX_PHP_CGI
value: roundcube.roundcube:9000
resources:
requests:
cpu: 10m
memory: 128Mi
cleandb:
type: cronjob
cronjob:
suspend: false
concurrencyPolicy: Forbid
timeZone: US/Central
timeZone: America/Chicago
schedule: 30 4 * * *
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
backup:
image:
repository: roundcube/roundcubemail
tag: 1.6.15-fpm-alpine
pullPolicy: IfNotPresent
tag: 1.6.15-fpm-alpine@sha256:0e07c1c66d5a1392f0c47cc79e85e0c60095108f715037d7d0aa3fd8cbe2e780
args:
- bin/cleandb.sh
env:
- name: ROUNDCUBEMAIL_DB_TYPE
value: pgsql
@@ -123,12 +113,6 @@ roundcube:
value: elastic
- name: ROUNDCUBEMAIL_PLUGINS
value: archive,zipdownload,newmail_notifier
args:
- bin/cleandb.sh
resources:
requests:
cpu: 100m
memory: 128Mi
configMaps:
config:
enabled: true
@@ -167,11 +151,9 @@ roundcube:
mail:
port: 9000
targetPort: 9000
protocol: HTTP
web:
port: 80
targetPort: 80
protocol: HTTP
route:
main:
kind: HTTPRoute
@@ -184,11 +166,8 @@ roundcube:
- mail.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: roundcube
- name: roundcube
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -210,7 +189,6 @@ roundcube:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
main:
main:
@@ -239,35 +217,12 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 40 15 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-data:
pvcTarget: roundcube-data
local:

6
clusters/cl01tl/helm/rybbit/Chart.lock
View File

@@ -7,9 +7,9 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0
version: 7.11.2
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:9342eb966ec3e8020aa6b1d6d2ac72d2c4a46c4ed70c5cf52c16ff25d2f2b0fa
generated: "2026-03-15T20:09:33.800790437Z"
digest: sha256:95bab760e3dc94ba3affe42d2f91bc274ed520865a461cdaac61ba47eab6f39f
generated: "2026-04-06T17:43:01.938961-05:00"

8
clusters/cl01tl/helm/rybbit/Chart.yaml
View File

@@ -5,12 +5,16 @@ description: Rybbit
keywords:
- rybbit
- analytics
home: https://wiki.alexlebens.dev/s/
home: https://docs.alexlebens.dev/applications/rybbit/
sources:
- https://github.com/rybbit-io/rybbit
- https://github.com/rybbit-io/rybbit/pkgs/container/rybbit-backend
- https://github.com/rybbit-io/rybbit/pkgs/container/rybbit-client
- https://hub.docker.com/r/clickhouse/clickhouse-server/
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -23,7 +27,7 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.10.0
version: 7.11.2
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-clickhouse-data

12
clusters/cl01tl/helm/rybbit/templates/external-secret.yaml
View File

@@ -14,29 +14,17 @@ spec:
data:
- secretKey: clickhouse-user
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/rybbit/clickhouse
metadataPolicy: None
property: user
- secretKey: clickhouse-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/rybbit/clickhouse
metadataPolicy: None
property: password
- secretKey: better-auth-secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/rybbit/auth
metadataPolicy: None
property: better-auth-secret
- secretKey: mapbox-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/rybbit/auth
metadataPolicy: None
property: mapbox-token

75
clusters/cl01tl/helm/rybbit/values.yaml
View File

@@ -4,13 +4,11 @@ rybbit:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/rybbit-io/rybbit-backend
tag: v2.5.0
pullPolicy: IfNotPresent
tag: v2.5.0@sha256:fd00f61abe592f872a0e4ac13f8c7b190ab2810e72f898faea4809d7ced46eef
env:
- name: NODE_ENV
value: production
@@ -71,17 +69,12 @@ rybbit:
key: mapbox-token
probes:
liveness:
enabled: false
enabled: true
custom: true
spec:
exec:
command:
- CMD
- wget
- --no-verbose
- --tries=1
- --spider
- http://127.0.0.1:3001/api/health
httpGet:
path: /api/health
port: 3001
failureThreshold: 5
initialDelaySeconds: 10
periodSeconds: 30
@@ -90,18 +83,16 @@ rybbit:
resources:
requests:
cpu: 10m
memory: 256Mi
memory: 200Mi
client:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: harbor.alexlebens.net/images/rybbit-client
tag: v2.4.0
pullPolicy: IfNotPresent
repository: ghcr.io/rybbit-io/rybbit-client
tag: v2.5.0@sha256:741908be311a23ee4e58c5f82c6740bf75bbe4f7430ff2aec420f6189b1378b8
env:
- name: NODE_ENV
value: production
@@ -112,18 +103,16 @@ rybbit:
resources:
requests:
cpu: 10m
memory: 256Mi
memory: 100Mi
clickhouse:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: clickhouse/clickhouse-server
tag: 26.3.3
pullPolicy: IfNotPresent
tag: 26.3.3@sha256:5cfbc0598ee3bd850ac1b2ab150e6c9ec7b9207f1a97617e015325fb5df053d0
env:
- name: CLICKHOUSE_DB
value: analytics
@@ -139,17 +128,12 @@ rybbit:
key: clickhouse-password
probes:
liveness:
enabled: false
enabled: true
custom: true
spec:
exec:
command:
- CMD
- wget
- --no-verbose
- --tries=1
- --spider
- http://localhost:8123/ping
httpGet:
path: /ping
port: 8123
failureThreshold: 5
initialDelaySeconds: 10
periodSeconds: 30
@@ -157,8 +141,8 @@ rybbit:
timeoutSeconds: 5
resources:
requests:
cpu: 10m
memory: 256Mi
cpu: 40m
memory: 300Mi
configMaps:
config:
enabled: true
@@ -208,28 +192,24 @@ rybbit:
http:
port: 3001
targetPort: 3001
protocol: HTTP
client:
controller: client
ports:
http:
port: 3002
targetPort: 3002
protocol: TCP
clickhouse:
controller: clickhouse
ports:
http:
port: 8123
targetPort: 8123
protocol: TCP
persistence:
clickhouse:
forceRename: clickhouse-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: true
advancedMounts:
clickhouse:
main:
@@ -271,35 +251,12 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 45 15 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-clickhouse-data:
pvcTarget: clickhouse-data
moverSecurityContext:

5
clusters/cl01tl/helm/s3-exporter/Chart.yaml
View File

@@ -5,9 +5,7 @@ description: S3 Exporter
keywords:
- s3-exporter
- storage
- monitoring
- metrics
home: https://wiki.alexlebens.dev/s/
home: https://docs.alexlebens.dev/applications/s3-exporter/
sources:
- https://github.com/molu8bits/s3bucket_exporter
- https://hub.docker.com/r/molu8bits/s3bucket_exporter
@@ -19,5 +17,6 @@ dependencies:
alias: s3-exporter
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/amazon-s3.png
# renovate: datasource=github-releases depName=molu8bits/s3bucket_exporter
appVersion: 1.0.2

15
clusters/cl01tl/helm/s3-exporter/templates/external-secret.yaml
View File

@@ -14,24 +14,15 @@ spec:
data:
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/all-access
metadataPolicy: None
property: AWS_ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/all-access
metadataPolicy: None
property: AWS_SECRET_ACCESS_KEY
- secretKey: AWS_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/prometheus-exporter
metadataPolicy: None
property: AWS_REGION
---
@@ -51,15 +42,9 @@ spec:
data:
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/s3-exporter
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/s3-exporter
metadataPolicy: None
property: ACCESS_SECRET_KEY

27
clusters/cl01tl/helm/s3-exporter/values.yaml
View File

@@ -4,13 +4,11 @@ s3-exporter:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: molu8bits/s3bucket_exporter
tag: 1.0.2
pullPolicy: IfNotPresent
tag: 1.0.2@sha256:75fc839c5f12cdbf20babab534959c96356b4483743e730409132bbda6944505
env:
- name: S3_NAME
value: digital-ocean
@@ -37,19 +35,17 @@ s3-exporter:
value: false
resources:
requests:
cpu: 10m
memory: 64Mi
cpu: 1m
memory: 40Mi
garage-local:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: molu8bits/s3bucket_exporter
tag: 1.0.2
pullPolicy: IfNotPresent
tag: 1.0.2@sha256:75fc839c5f12cdbf20babab534959c96356b4483743e730409132bbda6944505
env:
- name: S3_NAME
value: garage-local
@@ -73,19 +69,17 @@ s3-exporter:
value: true
resources:
requests:
cpu: 10m
memory: 64Mi
cpu: 1m
memory: 40Mi
garage-remote:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: molu8bits/s3bucket_exporter
tag: 1.0.2
pullPolicy: IfNotPresent
tag: 1.0.2@sha256:75fc839c5f12cdbf20babab534959c96356b4483743e730409132bbda6944505
env:
- name: S3_NAME
value: garage-remote
@@ -109,8 +103,8 @@ s3-exporter:
value: true
resources:
requests:
cpu: 10m
memory: 64Mi
cpu: 1m
memory: 40Mi
service:
digital-ocean:
controller: digital-ocean
@@ -118,21 +112,18 @@ s3-exporter:
metrics:
port: 9655
targetPort: 9655
protocol: TCP
garage-local:
controller: garage-local
ports:
metrics:
port: 9655
targetPort: 9655
protocol: TCP
garage-remote:
controller: garage-remote
ports:
metrics:
port: 9655
targetPort: 9655
protocol: TCP
serviceMonitor:
digital-ocean:
selector:

5
clusters/cl01tl/helm/searxng/Chart.yaml
View File

@@ -5,10 +5,13 @@ description: Searxng
keywords:
- searxng
- search
home: https://wiki.alexlebens.dev/s/6c6da68a-8725-4439-93c8-990ce824be54
home: https://docs.alexlebens.dev/applications/searxng/
sources:
- https://github.com/searxng/searxng
- https://hub.docker.com/r/searxng/searxng
- https://hub.docker.com/r/valkey/valkey
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:

12
clusters/cl01tl/helm/searxng/templates/external-secret.yaml
View File

@@ -14,17 +14,11 @@ spec:
data:
- secretKey: metrics-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: cl01tl/searxng/browser
metadataPolicy: None
property: metrics-password
- secretKey: metrics-username
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: cl01tl/searxng/browser
metadataPolicy: None
property: metrics-username
---
@@ -44,15 +38,9 @@ spec:
data:
- secretKey: settings.yml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/searxng/api/config
metadataPolicy: None
property: settings.yml
- secretKey: limiter.toml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/searxng/api/config
metadataPolicy: None
property: limiter.toml

11
clusters/cl01tl/helm/searxng/templates/namespace.yaml
View File

@@ -1,11 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: searxng
labels:
app.kubernetes.io/name: searxng
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

30
clusters/cl01tl/helm/searxng/values.yaml
View File

@@ -4,13 +4,11 @@ searxng:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: searxng/searxng
tag: latest@sha256:7b924c76c2cd9e960cc6b522eed5faf57ea3e6796020878455d86fcc3e7c26a3
pullPolicy: IfNotPresent
tag: latest@sha256:4726ed1c4fe132d87abb2707070b761ddb08e769ef2d9408633c599ae28821e7
env:
- name: SEARXNG_BASE_URL
value: http://searxng-api.searxng:8080
@@ -28,19 +26,17 @@ searxng:
value: 10
resources:
requests:
cpu: 10m
memory: 256Mi
cpu: 1m
memory: 120Mi
browser:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: searxng/searxng
tag: latest@sha256:7b924c76c2cd9e960cc6b522eed5faf57ea3e6796020878455d86fcc3e7c26a3
pullPolicy: IfNotPresent
tag: latest@sha256:4726ed1c4fe132d87abb2707070b761ddb08e769ef2d9408633c599ae28821e7
env:
- name: SEARXNG_BASE_URL
value: https://searxng.alexlebens.net/
@@ -49,7 +45,7 @@ searxng:
- name: SEARXNG_HOSTNAME
value: searxng.alexlebens.net
- name: SEARXNG_VALKEY_URL
value: valkey://127.0.0.1:6379/0
value: valkey://localhost:6379/0
- name: GRANIAN_HOST
value: 0.0.0.0
- name: GRANIAN_PORT
@@ -57,16 +53,11 @@ searxng:
resources:
requests:
cpu: 10m
memory: 256Mi
memory: 250Mi
valkey:
image:
repository: valkey/valkey
tag: 9.0.0-alpine3.22
pullPolicy: IfNotPresent
resources:
requests:
cpu: 10m
memory: 128Mi
tag: 9.0.3-alpine@sha256:e1095c6c76ee982cb2d1e07edbb7fb2a53606630a1d810d5a47c9f646b708bf5
service:
api:
controller: api
@@ -74,14 +65,12 @@ searxng:
mail:
port: 8080
targetPort: 8080
protocol: HTTP
browser:
controller: browser
ports:
mail:
port: 80
targetPort: 8080
protocol: HTTP
serviceMonitor:
main:
selector:
@@ -113,11 +102,8 @@ searxng:
- searxng.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: searxng-browser
- name: searxng-browser
port: 80
weight: 100
matches:
- path:
type: PathPrefix

8
clusters/cl01tl/helm/seerr/Chart.yaml
View File

@@ -4,14 +4,14 @@ version: 1.0.0
description: Seerr
keywords:
- seerr
- media
- movies
- tv shows
home: https://wiki.alexlebens.dev/
- media-request
- servarr
home: https://docs.alexlebens.dev/applications/seerr/
sources:
- https://github.com/seerr-team/seerr
- https://github.com/seerr-team/seerr/pkgs/container/seerr
- https://github.com/seerr-team/seerr/tree/develop/charts/seerr-chart
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:

24
clusters/cl01tl/helm/seerr/values.yaml
View File

@@ -3,32 +3,16 @@ seerr-chart:
registry: ghcr.io
repository: seerr-team/seerr
tag: v3.1.0
probes:
livenessProbe:
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
readinessProbe:
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
sha: b35ba0461c4a1033d117ac1e5968fd4cbe777899e4cbfbdeaf3d10a42a0eb7e9
config:
persistence:
size: 5Gi
accessModes:
- ReadWriteOnce
storageClass: ceph-block
ingress:
enabled: false
route:
main:
enabled: true
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
@@ -36,14 +20,10 @@ seerr-chart:
namespace: traefik
hostnames:
- seerr.alexlebens.net
matches:
- path:
type: PathPrefix
value: /
resources:
requests:
cpu: 10m
memory: 128Mi
memory: 500Mi
volsync-target-config:
pvcTarget: seerr-seerr-chart-config
local:

5
clusters/cl01tl/helm/shelfmark/Chart.yaml
View File

@@ -5,11 +5,12 @@ description: Shelfmark
keywords:
- shelfmark
- books
home: https://wiki.alexlebens.dev/s/
home: https://docs.alexlebens.dev/applications/shelfmark/
sources:
- https://github.com/calibrain/shelfmark
- https://github.com/calibrain/shelfmark/pkgs/container/shelfmark
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -21,6 +22,6 @@ dependencies:
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/shelfmark.webp
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/shelfmark.png
# renovate: datasource=github-releases depName=calibrain/shelfmark
appVersion: v1.2.1

9
clusters/cl01tl/helm/shelfmark/templates/external-secret.yaml
View File

@@ -14,22 +14,13 @@ spec:
data:
- secretKey: grimmory-user
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/shelfmark/booklore
metadataPolicy: None
property: user
- secretKey: grimmory-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/shelfmark/booklore
metadataPolicy: None
property: password
- secretKey: prowlarr-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/prowlarr/key
metadataPolicy: None
property: key

29
clusters/cl01tl/helm/shelfmark/values.yaml
View File

@@ -4,13 +4,15 @@ shelfmark:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers:
main:
image:
repository: ghcr.io/calibrain/shelfmark
tag: v1.2.1
pullPolicy: IfNotPresent
tag: v1.2.1@sha256:5e00d47cccaa3b67234855d950d016c50691b78197a68adf15a624f6c08acee2
env:
- name: FLASK_PORT
value: 8084
@@ -88,27 +90,24 @@ shelfmark:
enabled: true
custom: true
spec:
exec:
command:
- /bin/sh
- -c
- "curl -sf http://localhost:8084/api/health"
httpGet:
path: /api/health
port: 8084
failureThreshold: 5
initialDelaySeconds: 60
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 30
timeoutSeconds: 5
resources:
requests:
cpu: 10m
memory: 256Mi
memory: 140Mi
service:
main:
ports:
http:
port: 80
targetPort: 8084
protocol: HTTP
route:
main:
kind: HTTPRoute
@@ -121,11 +120,8 @@ shelfmark:
- shelfmark.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: shelfmark
- name: shelfmark
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -136,7 +132,6 @@ shelfmark:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
main:

4
clusters/cl01tl/helm/shelly-plug/Chart.yaml
View File

@@ -5,9 +5,10 @@ description: Shelly Plug
keywords:
- shelly-plug
- metrics
home: https://wiki.alexlebens.dev/s/18b5575c-3a57-4515-89a0-b23d6df8dec4
home: https://docs.alexlebens.dev/applications/shelly-plug/
sources:
- https://github.com/geerlingguy/shelly-plug-prometheus
- https://hub.docker.com/r/alpine/git
- https://hub.docker.com/_/php
- https://github.com/bjw-s/helm-charts/blob/main/charts/other/app-template/values.yaml
maintainers:
@@ -17,4 +18,5 @@ dependencies:
alias: shelly-plug
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/shelly.png
appVersion: 1.0.0

6
clusters/cl01tl/helm/shelly-plug/templates/external-secret.yaml
View File

@@ -14,15 +14,9 @@ spec:
data:
- secretKey: SHELLY_HTTP_USERNAME
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /shelly-plug/auth/it05sp
metadataPolicy: None
property: SHELLY_HTTP_USERNAME
- secretKey: SHELLY_HTTP_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /shelly-plug/auth/it05sp
metadataPolicy: None
property: SHELLY_HTTP_PASSWORD

17
clusters/cl01tl/helm/shelly-plug/values.yaml
View File

@@ -4,15 +4,13 @@ shelly-plug:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
initContainers:
init-fetch-repo:
securityContext:
runAsUser: 0
image:
repository: alpine/git
tag: latest
pullPolicy: IfNotPresent
tag: 2.52.0@sha256:d453f54c83320412aa89c391b076930bd8569bc1012285e8c68ce2d4435826a3
command:
- /bin/sh
- -ec
@@ -28,16 +26,11 @@ shelly-plug:
git fetch origin
git checkout origin/master -ft
fi
resources:
requests:
cpu: 10m
memory: 128Mi
containers:
main:
image:
repository: php
tag: 8.5.4-apache-bookworm
pullPolicy: IfNotPresent
tag: 8.5.4-apache@sha256:e55a9f8e4caa09c6a31ec752b307675d847bb8546d975f379128cb2a99842b96
env:
- name: SHELLY_HOSTNAME
value: it05sp.alexlebens.net
@@ -48,8 +41,8 @@ shelly-plug:
name: shelly-plug-config-secret
resources:
requests:
cpu: 10m
memory: 64Mi
cpu: 1m
memory: 20Mi
service:
main:
controller: main
@@ -57,7 +50,6 @@ shelly-plug:
metrics:
port: 80
targetPort: 80
protocol: TCP
serviceMonitor:
main:
selector:
@@ -75,7 +67,6 @@ shelly-plug:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
init-fetch-repo:

12
clusters/cl01tl/helm/site-documentation/Chart.yaml
View File

@@ -5,12 +5,11 @@ description: Site Documentation
keywords:
- site-documentation
- astro
home: https://wiki.alexlebens.dev/s/1c39adb6-e0c6-4b01-b71f-278631adf584
home: https://docs.alexlebens.dev/applications/site-documentation/
sources:
- https://github.com/alexlebens/site-documentation
- https://gitea.alexlebens.dev/alexlebens/site-documentation
- https://github.com/withastro/astro
- https://github.com/cloudflare/cloudflared
- https://github.com/alexlebens/site-documentation/pkgs/container/site-documentation
- https://harbor.alexlebens.net/harbor/projects/11/repositories/site-documentation
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
maintainers:
@@ -23,5 +22,6 @@ dependencies:
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
icon: https://d21zlbwtcn424f.cloudfront.net/logo-new-round.png
appVersion: 0.0.5
icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.svg
# renovate: datasource=gitea-releases registryUrl=https://gitea.alexlebens.dev depName=alexlebens/site-documentation
appVersion: 0.20.0

7
clusters/cl01tl/helm/site-documentation/values.yaml
View File

@@ -6,17 +6,15 @@ site-documentation:
type: deployment
replicas: 3
strategy: RollingUpdate
revisionHistoryLimit: 3
containers:
main:
image:
repository: harbor.alexlebens.net/images/site-documentation
tag: 0.20.0
pullPolicy: IfNotPresent
tag: 0.21.0@sha256:556d92724306b0949c38185ffbaa7e3f05b9ba0d9b8dcfee0fc7a21985d10199
resources:
requests:
cpu: 10m
memory: 128Mi
memory: 40Mi
service:
main:
controller: main
@@ -24,4 +22,3 @@ site-documentation:
http:
port: 80
targetPort: 4321
protocol: HTTP

12
clusters/cl01tl/helm/site-profile/Chart.yaml
View File

@@ -5,12 +5,11 @@ description: Site Profile
keywords:
- site-profile
- astro
home: https://wiki.alexlebens.dev/s/1c39adb6-e0c6-4b01-b71f-278631adf584
home: https://docs.alexlebens.dev/applications/site-profile/
sources:
- https://github.com/alexlebens/site-profile
- https://gitea.alexlebens.dev/alexlebens/site-profile
- https://github.com/withastro/astro
- https://github.com/cloudflare/cloudflared
- https://github.com/alexlebens/site-profile/pkgs/container/site-profile
- https://harbor.alexlebens.net/harbor/projects/11/repositories/site-profile
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
maintainers:
@@ -23,5 +22,6 @@ dependencies:
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
icon: https://d21zlbwtcn424f.cloudfront.net/logo-new-round.png
appVersion: 2.3.2
icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.svg
# renovate: datasource=gitea-releases registryUrl=https://gitea.alexlebens.dev depName=alexlebens/site-profile
appVersion: 3.16.1

7
clusters/cl01tl/helm/site-profile/values.yaml
View File

@@ -6,17 +6,15 @@ site-profile:
type: deployment
replicas: 3
strategy: RollingUpdate
revisionHistoryLimit: 3
containers:
main:
image:
repository: harbor.alexlebens.net/images/site-profile
tag: 3.16.1
pullPolicy: IfNotPresent
tag: 3.16.1@sha256:656182fade379a0e8f1e6780c36bb64fe1374afbc8f06894126043105f66d29a
resources:
requests:
cpu: 10m
memory: 128Mi
memory: 60Mi
service:
main:
controller: main
@@ -24,4 +22,3 @@ site-profile:
http:
port: 80
targetPort: 4321
protocol: HTTP

13
clusters/cl01tl/helm/slskd/Chart.yaml
View File

@@ -4,15 +4,14 @@ version: 1.0.0
description: slskd
keywords:
- slskd
- soularr
- lidarr
- music
home: https://wiki.alexlebens.dev/s/ea931f86-1e70-480c-8002-64380b267cd7
- soulseek
home: https://docs.alexlebens.dev/applications/slskd/
sources:
- https://github.com/slskd/slskd
- https://github.com/mrusse/soularr
- https://hub.docker.com/r/slskd/slskd
- https://hub.docker.com/r/mrusse08/soularr
- https://github.com/qdm12/gluetun
- https://github.com/slskd/slskd/pkgs/container/slskd
- https://github.com/qdm12/gluetun/pkgs/container/gluetun
- https://hub.docker.com/_/busybox
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens

39
clusters/cl01tl/helm/slskd/templates/external-secret.yaml
View File

@@ -14,34 +14,9 @@ spec:
data:
- secretKey: slskd.yml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/slskd/config
metadataPolicy: None
property: slskd.yml
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: soularr-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: soularr-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: config.ini
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/slskd/soularr
metadataPolicy: None
property: config.ini
property: slskd.yml
---
apiVersion: external-secrets.io/v1
@@ -60,29 +35,17 @@ spec:
data:
- secretKey: private-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: preshared-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: preshared-key
- secretKey: addresses
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports

70
clusters/cl01tl/helm/slskd/values.yaml
View File

@@ -4,8 +4,10 @@ slskd:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
@@ -20,14 +22,9 @@ slskd:
init-sysctl:
image:
repository: busybox
tag: 1.37.0
pullPolicy: IfNotPresent
tag: 1.37.0@sha256:1487d0af5f52b4ba31c7e465126ee2123fe3f2305d638e7827681e7cf6c83d5e
securityContext:
privileged: True
resources:
requests:
cpu: 10m
memory: 128Mi
command:
- /bin/sh
args:
@@ -39,11 +36,10 @@ slskd:
main:
image:
repository: slskd/slskd
tag: 0.24.5
pullPolicy: IfNotPresent
tag: 0.24.5@sha256:17ef977563be206f3b5932080b1e23883b2cb39dc9010640f6f39b4eaec887e3
env:
- name: TZ
value: US/Central
value: America/Chicago
- name: PUID
value: 1000
- name: PGID
@@ -53,12 +49,11 @@ slskd:
resources:
requests:
cpu: 100m
memory: 512Mi
memory: 330Mi
gluetun:
image:
repository: ghcr.io/qdm12/gluetun
tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
pullPolicy: IfNotPresent
lifecycle:
postStart:
exec:
@@ -125,36 +120,6 @@ slskd:
devic.es/tun: "1"
requests:
devic.es/tun: "1"
cpu: 10m
memory: 128Mi
soularr:
type: deployment
replicas: 0
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers:
main:
image:
repository: mrusse08/soularr
tag: latest@sha256:69bc29f2072d6256c30f94fb1a0bfe8034c197791a2103d87f15ef1761347ce9
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
- name: PUID
value: 1000
- name: PGID
value: 1000
- name: SCRIPT_INTERVAL
value: 300
resources:
requests:
cpu: 10m
memory: 256Mi
service:
main:
controller: main
@@ -162,7 +127,6 @@ slskd:
http:
port: 5030
targetPort: 5030
protocol: HTTP
serviceMonitor:
main:
selector:
@@ -187,11 +151,8 @@ slskd:
- slskd.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: slskd
- name: slskd
port: 5030
weight: 100
matches:
- path:
type: PathPrefix
@@ -208,17 +169,6 @@ slskd:
readOnly: true
mountPropagation: None
subPath: slskd.yml
soularr-config:
enabled: true
type: secret
name: soularr-config-secret
advancedMounts:
soularr:
main:
- path: /data/config.ini
readOnly: true
mountPropagation: None
subPath: config.ini
data:
existingClaim: slskd-nfs-storage
advancedMounts:
@@ -226,7 +176,3 @@ slskd:
main:
- path: /mnt/store
readOnly: false
soularr:
main:
- path: /mnt/store
readOnly: false

4
clusters/cl01tl/helm/snapshot-controller/Chart.yaml
View File

@@ -4,10 +4,8 @@ version: 1.0.0
description: Snapshot Controller
keywords:
- snapshot-controller
- snapshots
- storage
- kubernetes
home: https://wiki.alexlebens.dev/s/67c065ac-bbc7-4d35-be62-af5b65ed8330
home: https://docs.alexlebens.dev/applications/snapshot-controller/
sources:
- https://github.com/kubernetes-csi/external-snapshotter
- https://github.com/piraeusdatastore/helm-charts/tree/main/charts/snapshot-controller

12
clusters/cl01tl/helm/snapshot-controller/values.yaml
View File

@@ -1,15 +1,21 @@
snapshot-controller:
installCRDs: true
controller:
replicaCount: 3
revisionHistoryLimit: 3
args:
leaderElection: true
leaderElectionNamespace: snapshot-controller
image:
repository: registry.k8s.io/sig-storage/snapshot-controller
tag: v8.5.0
tag: v8.5.0@sha256:74ca61ab13e978f03cf0f336a607281d15f04cda0a38a881306365473b28a3d8
resources:
requests:
cpu: 50m
memory: 128Mi
cpu: 10m
memory: 40Mi
serviceMonitor:
create: true
webhook:
image:
repository: registry.k8s.io/sig-storage/snapshot-conversion-webhook
tag: v8.5.0@sha256:1299486676accf16661d8a040c8715ce03fc5df0351a076f14247a873bfbfc0d

6
clusters/cl01tl/helm/sonarr-4k/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0
version: 7.11.2
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:27cc019786592c0e7fce9509543792c9f281a4e676c463ce5d6ba2a6df05e3b2
generated: "2026-03-15T20:09:49.767646568Z"
digest: sha256:83fca5b0c0428efe33183648047cb649ee6ee7931e1441c360bcf63aad3ced20
generated: "2026-04-06T19:13:18.268013-05:00"

14
clusters/cl01tl/helm/sonarr-4k/Chart.yaml
View File

@@ -4,20 +4,18 @@ version: 1.0.0
description: Sonarr 4K
keywords:
- sonarr
- servarr
- tv shows
- 4k
- metrics
home: https://wiki.alexlebens.dev/s/3f8f5392-2e05-4bff-a798-7faf1bb24991
- servarr
home: https://docs.alexlebens.dev/applications/sonarr/
sources:
- https://github.com/Sonarr/Sonarr
- https://github.com/linuxserver/docker-sonarr
- https://github.com/onedr0p/exportarr
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/linuxserver/docker-sonarr/pkgs/container/sonarr
- https://github.com/onedr0p/exportarr/pkgs/container/exportarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -27,12 +25,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.10.0
version: 7.11.2
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png
# renovate: datasource=github-releases depName=Sonarr/Sonarr
appVersion: 4.0.14
# renovate: datasource=github-releases depName=linuxserver/docker-sonarr
appVersion: 4.0.17.2952-ls306

45
clusters/cl01tl/helm/sonarr-4k/values.yaml
View File

@@ -13,11 +13,10 @@ sonarr-4k:
main:
image:
repository: ghcr.io/linuxserver/sonarr
tag: 4.0.17@sha256:76414c033f290d3c9f1f9dfad71150abe71d92592369a3377a5903d579e6e2b2
pullPolicy: IfNotPresent
tag: 4.0.17.2952-ls306@sha256:b5670a3adb0f8a8b0f277feeaa69a5fbe3869ba4bb9fa7c0f0764c3b3f0e698f
env:
- name: TZ
value: US/Central
value: America/Chicago
- name: PUID
value: 1000
- name: PGID
@@ -25,12 +24,11 @@ sonarr-4k:
resources:
requests:
cpu: 10m
memory: 256Mi
memory: 200Mi
metrics:
image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.3.0
pullPolicy: IfNotPresent
tag: v2.3.0@sha256:af535d94061cf97a52e1661945ffba78c03f9443eae7c0da1a80a5a4be56b520
args: ["sonarr"]
env:
- name: URL
@@ -43,10 +41,6 @@ sonarr-4k:
value: false
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: false
resources:
requests:
cpu: 10m
memory: 256Mi
service:
main:
controller: main
@@ -54,11 +48,9 @@ sonarr-4k:
http:
port: 80
targetPort: 8989
protocol: HTTP
metrics:
port: 9794
targetPort: 9794
protocol: TCP
serviceMonitor:
main:
selector:
@@ -93,11 +85,8 @@ sonarr-4k:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs:
- group: ''
kind: Service
name: sonarr-4k
- name: sonarr-4k
port: 80
weight: 100
filters:
- type: ExtensionRef
extensionRef:
@@ -114,7 +103,6 @@ sonarr-4k:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 20Gi
retain: true
advancedMounts:
main:
main:
@@ -148,35 +136,12 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 55 15 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-config:
pvcTarget: sonarr-4k-config
moverSecurityContext:

6
clusters/cl01tl/helm/sonarr-anime/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0
version: 7.11.2
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:0f8016577e9fedaf8e5bd36688da2bf19b51185bc8100b817b64ce48ec87433b
generated: "2026-03-15T20:10:04.000906771Z"
digest: sha256:d5bb985d028ae1d477dc2b7796e82515ee173232334c3441269cbd0b2a359ab5
generated: "2026-04-06T19:13:52.394776-05:00"

13
clusters/cl01tl/helm/sonarr-anime/Chart.yaml
View File

@@ -4,19 +4,18 @@ version: 1.0.0
description: Sonarr Anime
keywords:
- sonarr
- tv shows
- servarr
- anime
- metrics
home: https://wiki.alexlebens.dev/s/3f8f5392-2e05-4bff-a798-7faf1bb24991
home: https://docs.alexlebens.dev/applications/sonarr/
sources:
- https://github.com/Sonarr/Sonarr
- https://github.com/linuxserver/docker-sonarr
- https://github.com/onedr0p/exportarr
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/linuxserver/docker-sonarr/pkgs/container/sonarr
- https://github.com/onedr0p/exportarr/pkgs/container/exportarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -26,12 +25,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.10.0
version: 7.11.2
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png
# renovate: datasource=github-releases depName=Sonarr/Sonarr
appVersion: 4.0.14
# renovate: datasource=github-releases depName=linuxserver/docker-sonarr
appVersion: 4.0.17.2952-ls306

45
clusters/cl01tl/helm/sonarr-anime/values.yaml
View File

@@ -13,11 +13,10 @@ sonarr-anime:
main:
image:
repository: ghcr.io/linuxserver/sonarr
tag: 4.0.17@sha256:76414c033f290d3c9f1f9dfad71150abe71d92592369a3377a5903d579e6e2b2
pullPolicy: IfNotPresent
tag: 4.0.17.2952-ls306@sha256:b5670a3adb0f8a8b0f277feeaa69a5fbe3869ba4bb9fa7c0f0764c3b3f0e698f
env:
- name: TZ
value: US/Central
value: America/Chicago
- name: PUID
value: 1000
- name: PGID
@@ -25,12 +24,11 @@ sonarr-anime:
resources:
requests:
cpu: 10m
memory: 256Mi
memory: 200Mi
metrics:
image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.3.0
pullPolicy: IfNotPresent
tag: v2.3.0@sha256:af535d94061cf97a52e1661945ffba78c03f9443eae7c0da1a80a5a4be56b520
args: ["sonarr"]
env:
- name: URL
@@ -43,10 +41,6 @@ sonarr-anime:
value: false
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: false
resources:
requests:
cpu: 10m
memory: 256Mi
service:
main:
controller: main
@@ -54,11 +48,9 @@ sonarr-anime:
http:
port: 80
targetPort: 8989
protocol: HTTP
metrics:
port: 9794
targetPort: 9794
protocol: TCP
serviceMonitor:
main:
selector:
@@ -93,11 +85,8 @@ sonarr-anime:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs:
- group: ''
kind: Service
name: sonarr-anime
- name: sonarr-anime
port: 80
weight: 100
filters:
- type: ExtensionRef
extensionRef:
@@ -114,7 +103,6 @@ sonarr-anime:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 20Gi
retain: true
advancedMounts:
main:
main:
@@ -148,35 +136,12 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 0 16 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-config:
pvcTarget: sonarr-anime-config
moverSecurityContext:

6
clusters/cl01tl/helm/sonarr/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0
version: 7.11.2
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:a20b4dd7e2f0c8777ed2be1bd2c702bc4d7cfeb51e4a29d781c041c555821aa1
generated: "2026-03-15T20:10:17.242764683Z"
digest: sha256:56992d382fb09e68be6f3b20736b323868fe8a0eb694b76c8b5e98635576be7e
generated: "2026-04-06T19:13:09.43392-05:00"

13
clusters/cl01tl/helm/sonarr/Chart.yaml
View File

@@ -4,19 +4,18 @@ version: 1.0.0
description: Sonarr
keywords:
- sonarr
- servarr
- tv shows
- metrics
home: https://wiki.alexlebens.dev/s/3f8f5392-2e05-4bff-a798-7faf1bb24991
- servarr
home: https://docs.alexlebens.dev/applications/sonarr/
sources:
- https://github.com/Sonarr/Sonarr
- https://github.com/linuxserver/docker-sonarr
- https://github.com/onedr0p/exportarr
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/linuxserver/docker-sonarr/pkgs/container/sonarr
- https://github.com/onedr0p/exportarr/pkgs/container/exportarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -26,12 +25,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.10.0
version: 7.11.2
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png
# renovate: datasource=github-releases depName=Sonarr/Sonarr
appVersion: 4.0.16
# renovate: datasource=github-releases depName=linuxserver/docker-sonarr
appVersion: 4.0.17.2952-ls306

46
clusters/cl01tl/helm/sonarr/values.yaml
View File

@@ -4,7 +4,6 @@ sonarr:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
fsGroup: 1000
@@ -13,11 +12,10 @@ sonarr:
main:
image:
repository: ghcr.io/linuxserver/sonarr
tag: 4.0.17@sha256:76414c033f290d3c9f1f9dfad71150abe71d92592369a3377a5903d579e6e2b2
pullPolicy: IfNotPresent
tag: 4.0.17.2952-ls306@sha256:b5670a3adb0f8a8b0f277feeaa69a5fbe3869ba4bb9fa7c0f0764c3b3f0e698f
env:
- name: TZ
value: US/Central
value: America/Chicago
- name: PUID
value: 1000
- name: PGID
@@ -25,12 +23,11 @@ sonarr:
resources:
requests:
cpu: 100m
memory: 256Mi
memory: 250Mi
metrics:
image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.3.0
pullPolicy: IfNotPresent
tag: v2.3.0@sha256:af535d94061cf97a52e1661945ffba78c03f9443eae7c0da1a80a5a4be56b520
args: ["sonarr"]
env:
- name: URL
@@ -43,10 +40,6 @@ sonarr:
value: false
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: false
resources:
requests:
cpu: 10m
memory: 256Mi
service:
main:
controller: main
@@ -54,11 +47,9 @@ sonarr:
http:
port: 80
targetPort: 8989
protocol: HTTP
metrics:
port: 9794
targetPort: 9794
protocol: TCP
serviceMonitor:
main:
selector:
@@ -93,11 +84,8 @@ sonarr:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs:
- group: ''
kind: Service
name: sonarr
- name: sonarr
port: 80
weight: 100
filters:
- type: ExtensionRef
extensionRef:
@@ -114,7 +102,6 @@ sonarr:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 20Gi
retain: true
advancedMounts:
main:
main:
@@ -148,35 +135,12 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 50 15 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-config:
pvcTarget: sonarr-config
moverSecurityContext:

6
clusters/cl01tl/helm/speedtest-exporter/Chart.yaml
View File

@@ -4,11 +4,11 @@ version: 1.0.0
description: Speedtest Exporter
keywords:
- speedtest-exporter
- internet
- metrics
home: https://wiki.alexlebens.dev/s/843d4622-ea44-40bc-8fd1-1a6b71ba9a57
- internet-speed
home: https://docs.alexlebens.dev/applications/speedtest-exporter/
sources:
- https://github.com/MiguelNdeCarvalho/speedtest-exporter
- https://github.com/miguelndecarvalho/speedtest-exporter/pkgs/container/speedtest-exporter
- https://gitlab.com/alexander-chernov/helm/speedtest-exporter
maintainers:
- name: alexlebens

11
clusters/cl01tl/helm/speedtest-exporter/values.yaml
View File

@@ -1,7 +1,7 @@
speedtest-exporter:
image:
repository: ghcr.io/miguelndecarvalho/speedtest-exporter
tag: v3.5.4
tag: v3.5.4@sha256:f1064d49124c7fc45faabb87c6c876a2fd04e92b3dc14d4b871301217ba30fed
securityContext:
capabilities:
drop:
@@ -9,8 +9,9 @@ speedtest-exporter:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
resources:
limits:
cpu: 1m
memory: 30Mi
serviceMonitor:
enabled: true
namespace: speedtest-exporter
interval: "180m"
scrapeTimeout: "2m"
interval: 180m

6
clusters/cl01tl/helm/stack/Chart.yaml
View File

@@ -3,11 +3,9 @@ name: stack
version: 1.0.0
description: Stack
keywords:
- argocd
- application
- stack
- deployment
home: https://wiki.alexlebens.dev/s/0c2d1896-710d-4972-9bc8-08d71987428a
- argocd
home: https://docs.alexlebens.dev/applications/stack/
sources:
- https://github.com/argoproj/argo-cd
- https://gitea.alexlebens.dev/alexlebens/infrastructure

8
clusters/cl01tl/helm/stalwart/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0
version: 7.11.2
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
version: 0.5.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:6ffe4bd6af377f2ba5134389027e86085928d5e1108bb5ecf0d4b1e4cc908b67
generated: "2026-03-15T20:10:31.966910173Z"
digest: sha256:c4a92f0283952a59f2e4add1a1b9522d2f9eb0a37dce32aa6104e3087c0b5503
generated: "2026-04-06T20:21:29.186267-05:00"

13
clusters/cl01tl/helm/stalwart/Chart.yaml
View File

@@ -5,15 +5,14 @@ description: Stalwart
keywords:
- stalwart
- email
- smtp
home: https://wiki.alexlebens.dev/s/e10d3a19-9329-4443-a023-6ab70ffaff6e
home: https://docs.alexlebens.dev/applications/stalwart/
sources:
- https://github.com/stalwartlabs/mail-server
- https://github.com/elastic/elasticsearch
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/stalwartlabs/mail-server
- https://github.com/stalwartlabs/stalwart/pkgs/container/stalwart
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -23,11 +22,11 @@ dependencies:
repository: https://bjw-s-labs.github.io/helm-charts/
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.10.0
version: 7.11.2
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey
version: 0.4.0
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-config

2
clusters/cl01tl/helm/stalwart/templates/elasticsearch.yaml
View File

@@ -9,7 +9,7 @@ metadata:
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
# renovate: datasource=docker depName=elasticsearch
version: 8.19.8
version: 8.19.13
auth:
fileRealm:
- secretName: stalwart-elasticsearch-secret

9
clusters/cl01tl/helm/stalwart/templates/external-secret.yaml
View File

@@ -14,22 +14,13 @@ spec:
data:
- secretKey: username
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/stalwart/elasticsearch
metadataPolicy: None
property: username
- secretKey: password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/stalwart/elasticsearch
metadataPolicy: None
property: password
- secretKey: roles
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/stalwart/elasticsearch
metadataPolicy: None
property: roles

42
clusters/cl01tl/helm/stalwart/values.yaml
View File

@@ -4,17 +4,15 @@ stalwart:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: stalwartlabs/stalwart
tag: v0.15.5
pullPolicy: IfNotPresent
repository: ghcr.io/stalwartlabs/stalwart
tag: v0.15.5@sha256:dcf575db2d53d9ef86d6ced8abe4ba491984659a0f8862cc6079ee7b41c3c568
resources:
requests:
cpu: 10m
memory: 128Mi
memory: 100Mi
service:
main:
controller: main
@@ -22,23 +20,18 @@ stalwart:
http:
port: 80
targetPort: 8080
protocol: HTTP
smtp:
port: 25
targetPort: 25
protocol: TCP
smtps:
port: 465
targetPort: 465
protocol: TCP
imap:
port: 143
targetPort: 143
protocol: TCP
imaps:
port: 993
targetPort: 993
protocol: TCP
route:
main:
kind: HTTPRoute
@@ -51,11 +44,8 @@ stalwart:
- stalwart.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: stalwart
- name: stalwart
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -66,7 +56,6 @@ stalwart:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: true
advancedMounts:
main:
main:
@@ -85,35 +74,12 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 5 16 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-config:
pvcTarget: stalwart-config
local:

12
clusters/cl01tl/helm/tailscale-operator/Chart.yaml
View File

@@ -4,14 +4,14 @@ version: 1.0.0
description: Tailscale Operator
keywords:
- tailscale-operator
- tailscale
- wireguard
- vpn
- kubernetes
home: https://wiki.alexlebens.dev/s/673177ef-e91b-43ad-9b80-d5037ec77852
- operator
home: https://docs.alexlebens.dev/applications/tailscale-operator/
sources:
- https://github.com/tailscale/tailscale
- https://hub.docker.com/r/tailscale/tailscale
- https://hub.docker.com/r/tailscale/k8s-operator
- https://hub.docker.com/r/tailscale/k8s-nameserver
- https://github.com/tailscale/tailscale/tree/main/cmd/k8s-operator/deploy/chart
maintainers:
- name: alexlebens
@@ -20,5 +20,5 @@ dependencies:
version: 1.94.2
repository: https://pkgs.tailscale.com/helmcharts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tailscale-light.png
# renovate: datasource=github-releases depName=tailscale/tailscale
appVersion: v1.96.4
# renovate: datasource=docker depName=tailscale/tailscale
appVersion: v1.94.2

6
clusters/cl01tl/helm/tailscale-operator/templates/external-secrets.yaml
View File

@@ -14,15 +14,9 @@ spec:
data:
- secretKey: client_id
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /tailscale/k8s-operator
metadataPolicy: None
property: clientId
- secretKey: client_secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /tailscale/k8s-operator
metadataPolicy: None
property: clientSecret

25
clusters/cl01tl/helm/tailscale-operator/values.yaml
View File

@@ -1,21 +1,18 @@
tailscale-operator:
oauth: {}
installCRDs: true
operatorConfig:
defaultTags:
- "tag:k8s-operator"
logging: info
image:
repository: tailscale/k8s-operator
tag: v1.94.2
digest: sha256:7956bd50dca9dc804b98720df94d112b54af85449ed0bf8cc7fad0346b225067
hostname: tailscale-operator-cl01tl
nodeSelector:
kubernetes.io/os: linux
operatorConfig:
securityContext:
capabilities:
add:
- NET_ADMIN
ingressClass:
name: tailscale
proxyConfig:
defaultTags: "tag:k8s"
firewallMode: auto
defaultProxyClass: "no-metrics"
apiServerProxyConfig:
mode: "false"
image:
repository: tailscale/tailscale
tag: v1.94.2
digest: sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
defaultProxyClass: no-metrics

14
clusters/cl01tl/helm/talos/Chart.yaml
View File

@@ -4,12 +4,16 @@ version: 1.0.0
description: Talos
keywords:
- talos
- etcd
- kubernetes
home: https://wiki.alexlebens.dev/s/c5ead573-34b6-442b-a286-7819e6e71f78
- operating-system
- job
home: https://docs.alexlebens.dev/applications/talos/
sources:
- https://github.com/siderolabs/talos
- https://github.com/siderolabs/talos-backup
- https://github.com/Angatar/s3cmd
- https://github.com/siderolabs/talos/pkgs/container/talosctl
- https://github.com/siderolabs/talos-backup/pkgs/container/talos-backup
- https://hub.docker.com/r/d3fk/s3cmd
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
@@ -22,6 +26,6 @@ dependencies:
alias: etcd-defrag
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
icon: https://avatars.githubusercontent.com/u/13804887?s=200&v=4
icon: https://raw.githubusercontent.com/siderolabs/docs/3989ed11f0622252d7cee03b3ba3a3052be242d7/public/images/talos.svg
# renovate: datasource=github-releases depName=siderolabs/talos-backup
appVersion: v0.1.0-beta.3
appVersion: v0.1.0-beta.3-7-ge8e193c

137
clusters/cl01tl/helm/talos/templates/config.yaml
View File

@@ -12,91 +12,138 @@ data:
DATE_RANGE=$(date -d @$(( $(date +%s) - $DATE_RANGE_SECONDS )) +%Y-%m-%dT%H:%M:%SZ);
FILE_MATCH="${BUCKET}/cl01tl/etcd/cl01tl-${DATE_RANGE}.snap.age";
ERROR=false;
MESSAGE="";
echo " ";
echo "";
echo ">> Running S3 prune for Talos backup repository ${TARGET} ...";
echo " ";
echo "";
echo ">> Configured Date Range is $(date -u -d @${DATE_RANGE_SECONDS} +"%j days, %H hours, %M minutes")";
echo ">> Backups prior to '$DATE_RANGE' will be removed";
echo "";
FILES=$(s3cmd ls --no-check-certificate ${BUCKET}/cl01tl/etcd/ |
awk -v file_match="$FILE_MATCH" '$4 < file_match {print $4}');
if [ $? -ne 0 ]; then
ERROR=true;
echo " ";
echo "";
echo ">> Detected error, will send message to ntfy";
ERROR=true;
MESSAGE="Error collecting files to delete from '${TARGET}'";
elif [ -n "${FILES}" ]; then
echo " ";
echo "";
echo ">> Backups to be removed:";
echo "$FILES"
echo " ";
echo "";
echo "$FILES";
echo "";
echo ">> Deleting ...";
$FILES | while read file; do
s3cmd del --no-check-certificate -v "$file";
for file in $FILES; do
s3cmd del --no-check-certificate -v "${file}";
if [ $? -ne 0 ]; then
ERROR=true;
echo ">> Detected error, will send message to ntfy";
ERROR=true;
MESSAGE="Error deleting file from '${TARGET}'";
fi;
done;
else
echo " ";
echo "";
echo ">> No backups to remove";
exit 0;
fi;
if [ "$ERROR" = "true" ]; then
MAX_RETRIES=5;
SUCCESS=false;
MAX_RETRIES=5;
SUCCESS=false;
echo "";
echo ">> Sending message to ntfy using curl ...";
echo " ";
echo ">> Sending message to ntfy using curl ...";
echo "";
echo ">> Verifying required commands ...";
echo " ";
echo ">> Verifying required commands ...";
for i in $(seq 1 "$MAX_RETRIES"); do
if apk update >/dev/null 2>&1; then
echo ">> Attempt $i: Repositories are reachable";
for i in $(seq 1 "$MAX_RETRIES"); do
if apk update 2>&1 >/dev/null; then
echo ">> Attempt $i: Repositories are reachable";
SUCCESS=true;
break;
else
echo ">> Attempt $i: Connection failed, retrying in 5 seconds ...";
sleep 5;
fi;
done;
SUCCESS=true;
if [ "$SUCCESS" = false ]; then
echo ">> ERROR: Could not connect to apk repositories after $MAX_RETRIES attempts, exiting ...";
exit 1;
fi
break;
else
echo ">> Attempt $i: Connection failed, retrying in 5 seconds ...";
sleep 5;
if ! command -v curl 2>&1 >/dev/null; then
echo ">> Command curl could not be found, installing";
apk add --no-cache -q curl;
if [ $? -eq 0 ]; then
echo ">> Installation successful";
else
echo ">> Installation failed with exit code $?";
exit 1;
fi;
fi;
done;
echo " ";
echo ">> Sending to NTFY ...";
if [ "$SUCCESS" = false ]; then
echo ">> ERROR: Could not connect to apk repositories after $MAX_RETRIES attempts, exiting ...";
exit 1;
fi
if ! command -v curl >/dev/null 2>&1; then
echo ">> Command curl could not be found, installing";
apk add --no-cache -q curl;
if [ $? -eq 0 ]; then
echo ">> Installation successful";
else
echo ">> Installation failed with exit code $?";
exit 1;
fi;
fi;
echo "";
echo ">> Sending to NTFY ...";
if [ "$ERROR" = "true" ]; then
HTTP_STATUS=$(curl \
--silent \
--write-out '%{http_code}' \
-H "Authorization: Bearer ${NTFY_TOKEN}" \
-H "X-Priority: 5" \
-H "X-Tags: warning" \
-H "X-Title: Talos Backup Failed for ${TARGET}" \
-H "X-Title: Talos Backup Prune Failed for ${TARGET}" \
-d "$MESSAGE" \
${NTFY_ENDPOINT}/${NTFY_TOPIC}
);
echo ">> HTTP Status Code: $HTTP_STATUS";
exit 1;
else
MESSAGE="Pruned $(echo "$FILES" | wc -l) files"
HTTP_STATUS=$(curl \
--silent \
--write-out '%{http_code}' \
-H "Authorization: Bearer ${NTFY_TOKEN}" \
-H "X-Priority: 5" \
-H "X-Tags: warning" \
-H "X-Title: Talos Backup Prune Success for ${TARGET}" \
-d "$MESSAGE" \
${NTFY_ENDPOINT}/${NTFY_TOPIC}
);
echo ">> HTTP Status Code: $HTTP_STATUS";
fi;
echo " ";
echo "";
echo ">> Completed S3 prune for Talos backup repository ${TARGET}";

57
clusters/cl01tl/helm/talos/templates/external-secret.yaml
View File

@@ -14,38 +14,23 @@ spec:
data:
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/talos-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/talos-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY
- secretKey: .s3cfg
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/talos-backups
metadataPolicy: None
property: s3cfg-local
- secretKey: BUCKET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/talos-backups
metadataPolicy: None
property: BUCKET
- secretKey: AGE_X25519_PUBLIC_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/talos/etcd-backup
metadataPolicy: None
property: AGE_X25519_PUBLIC_KEY
---
@@ -65,38 +50,23 @@ spec:
data:
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/talos-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/talos-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY
- secretKey: .s3cfg
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/talos-backups
metadataPolicy: None
property: s3cfg-remote
- secretKey: BUCKET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/talos-backups
metadataPolicy: None
property: BUCKET
- secretKey: AGE_X25519_PUBLIC_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/talos/etcd-backup
metadataPolicy: None
property: AGE_X25519_PUBLIC_KEY
---
@@ -116,38 +86,23 @@ spec:
data:
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/etcd-backup
metadataPolicy: None
property: AWS_ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/etcd-backup
metadataPolicy: None
property: AWS_SECRET_ACCESS_KEY
- secretKey: .s3cfg
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/etcd-backup
metadataPolicy: None
property: s3cfg
- secretKey: BUCKET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/etcd-backup
metadataPolicy: None
property: BUCKET
- secretKey: AGE_X25519_PUBLIC_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/talos/etcd-backup
metadataPolicy: None
property: AGE_X25519_PUBLIC_KEY
---
@@ -167,24 +122,15 @@ spec:
data:
- secretKey: NTFY_TOKEN
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /ntfy/user/cl01tl
metadataPolicy: None
property: token
- secretKey: NTFY_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /ntfy/user/cl01tl
metadataPolicy: None
property: endpoint
- secretKey: NTFY_TOPIC
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/talos/etcd-backup
metadataPolicy: None
property: NTFY_TOPIC
---
@@ -204,8 +150,5 @@ spec:
data:
- secretKey: config
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/talos/etcd-defrag
metadataPolicy: None
property: config

71
clusters/cl01tl/helm/talos/values.yaml
View File

@@ -11,20 +11,15 @@ etcd-backup:
effect: NoSchedule
cronjob:
suspend: false
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "0 2 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
timeZone: America/Chicago
schedule: 0 2 * * *
backoffLimit: 3
parallelism: 1
containers:
backup:
image:
repository: ghcr.io/siderolabs/talos-backup
tag: v0.1.0-beta.3@sha256:05c86663b251a407551dc948097e32e163a345818117eb52c573b0447bd0c7a7
pullPolicy: IfNotPresent
tag: v0.1.0-beta.3-7-ge8e193c@sha256:d6f98bf2817bb0bd46be49e41251e24d713945a6af6e893529cc17d524187953
command:
- /talos-backup
workingDir: /tmp
@@ -69,8 +64,7 @@ etcd-backup:
s3-prune:
image:
repository: d3fk/s3cmd
tag: latest@sha256:e3965f8205dfb96fb00e66cee54a0d171f1829a3cc6a1bbb980ab076730e54be
pullPolicy: IfNotPresent
tag: latest@sha256:d66cc5677b30b31a7981f9fde0af064a9072e8b8a57d5e9b4cc02f44f02acbf2
command:
- /bin/sh
args:
@@ -96,21 +90,16 @@ etcd-backup:
operator: Exists
effect: NoSchedule
cronjob:
suspend: true
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "0 3 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
suspend: false
timeZone: America/Chicago
schedule: 0 3 * * *
backoffLimit: 3
parallelism: 1
containers:
backup:
image:
repository: ghcr.io/siderolabs/talos-backup
tag: v0.1.0-beta.3@sha256:05c86663b251a407551dc948097e32e163a345818117eb52c573b0447bd0c7a7
pullPolicy: IfNotPresent
tag: v0.1.0-beta.3-7-ge8e193c@sha256:d6f98bf2817bb0bd46be49e41251e24d713945a6af6e893529cc17d524187953
command:
- /talos-backup
workingDir: /tmp
@@ -155,8 +144,7 @@ etcd-backup:
s3-prune:
image:
repository: d3fk/s3cmd
tag: latest@sha256:e3965f8205dfb96fb00e66cee54a0d171f1829a3cc6a1bbb980ab076730e54be
pullPolicy: IfNotPresent
tag: latest@sha256:d66cc5677b30b31a7981f9fde0af064a9072e8b8a57d5e9b4cc02f44f02acbf2
command:
- /bin/sh
args:
@@ -183,20 +171,15 @@ etcd-backup:
effect: NoSchedule
cronjob:
suspend: false
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "0 4 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
timeZone: America/Chicago
schedule: 0 4 * * *
backoffLimit: 3
parallelism: 1
containers:
backup:
image:
repository: ghcr.io/siderolabs/talos-backup
tag: v0.1.0-beta.3-5-g07d09ec@sha256:96054af026b6255ec14d198f2f10ad6c813b335a2e21a76804365c053dd4ba7b
pullPolicy: IfNotPresent
tag: v0.1.0-beta.3-7-ge8e193c@sha256:d6f98bf2817bb0bd46be49e41251e24d713945a6af6e893529cc17d524187953
command:
- /talos-backup
workingDir: /tmp
@@ -241,8 +224,7 @@ etcd-backup:
s3-prune:
image:
repository: d3fk/s3cmd
tag: latest@sha256:e3965f8205dfb96fb00e66cee54a0d171f1829a3cc6a1bbb980ab076730e54be
pullPolicy: IfNotPresent
tag: latest@sha256:d66cc5677b30b31a7981f9fde0af064a9072e8b8a57d5e9b4cc02f44f02acbf2
command:
- /bin/sh
args:
@@ -393,20 +375,15 @@ etcd-defrag:
effect: NoSchedule
cronjob:
suspend: false
concurrencyPolicy: Forbid
timeZone: US/Central
timeZone: America/Chicago
schedule: "0 0 * * 0"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
main:
image:
repository: ghcr.io/siderolabs/talosctl
tag: v1.12.6
pullPolicy: IfNotPresent
tag: v1.12.6@sha256:a027cf02cf74a75eee83ccffa201f3a9455d77e795d092b87cae5e637f143e54
args:
- etcd
- defrag
@@ -426,20 +403,15 @@ etcd-defrag:
effect: NoSchedule
cronjob:
suspend: false
concurrencyPolicy: Forbid
timeZone: US/Central
timeZone: America/Chicago
schedule: "10 0 * * 0"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
main:
image:
repository: ghcr.io/siderolabs/talosctl
tag: v1.12.6
pullPolicy: IfNotPresent
tag: v1.12.6@sha256:a027cf02cf74a75eee83ccffa201f3a9455d77e795d092b87cae5e637f143e54
args:
- etcd
- defrag
@@ -459,20 +431,15 @@ etcd-defrag:
effect: NoSchedule
cronjob:
suspend: false
concurrencyPolicy: Forbid
timeZone: US/Central
timeZone: America/Chicago
schedule: "20 0 * * 0"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
main:
image:
repository: ghcr.io/siderolabs/talosctl
tag: v1.12.6
pullPolicy: IfNotPresent
tag: v1.12.6@sha256:a027cf02cf74a75eee83ccffa201f3a9455d77e795d092b87cae5e637f143e54
args:
- etcd
- defrag

2
clusters/cl01tl/helm/traefik/Chart.yaml
View File

@@ -20,6 +20,6 @@ dependencies:
- name: traefik-crds
version: 1.16.0
repository: https://traefik.github.io/charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/webp/traefik.webp
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/traefik.png
# renovate: datasource=github-releases depName=traefik/traefik
appVersion: v3.6.12

6
clusters/cl01tl/helm/tubearchivist/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 4.6.2
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
digest: sha256:39a57c1505ed39180cffe9153ce69233c2376ba62c9287bc411071cf986f44de
generated: "2026-03-09T23:08:53.501770729Z"
version: 0.5.0
digest: sha256:bbceeb6ebc7a358798e706280aa2eaba8b47b018ea0fb736b30ece5419979c4e
generated: "2026-04-07T07:11:10.610672939Z"

2
clusters/cl01tl/helm/tubearchivist/Chart.yaml
View File

@@ -22,7 +22,7 @@ dependencies:
version: 4.6.2
- name: valkey
alias: valkey
version: 0.4.0
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tube-archivist.png
# renovate: datasource=github-releases depName=tubearchivist/tubearchivist

2
clusters/cl01tl/helm/tubearchivist/templates/elasticsearch.yaml
View File

@@ -9,7 +9,7 @@ metadata:
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
# renovate: datasource=docker depName=elasticsearch
version: 8.19.8
version: 8.19.13
auth:
fileRealm:
- secretName: tubearchivist-elasticsearch-secret

9
clusters/cl01tl/helm/vault/values.yaml
View File

@@ -187,8 +187,7 @@ snapshot:
s3-backup-local:
image:
repository: d3fk/s3cmd
tag: latest@sha256:e3965f8205dfb96fb00e66cee54a0d171f1829a3cc6a1bbb980ab076730e54be
pullPolicy: IfNotPresent
tag: latest@sha256:d66cc5677b30b31a7981f9fde0af064a9072e8b8a57d5e9b4cc02f44f02acbf2
command:
- /bin/sh
args:
@@ -208,8 +207,7 @@ snapshot:
s3-backup-remote:
image:
repository: d3fk/s3cmd
tag: latest@sha256:e3965f8205dfb96fb00e66cee54a0d171f1829a3cc6a1bbb980ab076730e54be
pullPolicy: IfNotPresent
tag: latest@sha256:d66cc5677b30b31a7981f9fde0af064a9072e8b8a57d5e9b4cc02f44f02acbf2
command:
- /bin/sh
args:
@@ -229,8 +227,7 @@ snapshot:
s3-backup-external:
image:
repository: d3fk/s3cmd
tag: latest@sha256:e3965f8205dfb96fb00e66cee54a0d171f1829a3cc6a1bbb980ab076730e54be
pullPolicy: IfNotPresent
tag: latest@sha256:d66cc5677b30b31a7981f9fde0af064a9072e8b8a57d5e9b4cc02f44f02acbf2
command:
- /bin/sh
args:

6
clusters/cl01tl/helm/yamtrack/Chart.lock
View File

@@ -7,6 +7,6 @@ dependencies:
version: 7.10.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
digest: sha256:71da007e1cef75e45b1678caa51b0d2317cb8f4dfdf7df675d534194f03650aa
generated: "2026-03-15T20:11:03.591727143Z"
version: 0.5.0
digest: sha256:3ca767f6530d29c36ae1dc5456e0ac5f889481c4b98955eb9b2d1b6c8fbf702a
generated: "2026-04-07T07:11:28.802759266Z"

2
clusters/cl01tl/helm/yamtrack/Chart.yaml
View File

@@ -26,7 +26,7 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey
version: 0.4.0
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/yamtrack.png
# renovate: datasource=github-releases depName=FuzzyGrim/Yamtrack

5
renovate.json
View File

@@ -33,7 +33,7 @@
"/(^|/)templates/.*\\.yaml$/"
],
"matchStrings": [
"#\\s*renovate:\\s*datasource=(?<datasource>\\S+)\\s+depName=(?<depName>\\S+)(?:\\s+versioning=(?<versioning>\\S+))?\\s+tag:\\s*[\"']?(?<currentValue>[^@\\s\"']+)(?:@(?<currentDigest>sha256:[a-f0-9]+))?[\"']?"
"#\\s*renovate:\\s*datasource=(?<datasource>\\S+)\\s+depName=(?<depName>\\S+)(?:\\s+versioning=(?<versioning>\\S+))?\\s+(?:tag|version):\\s*[\"']?(?<currentValue>[^@\\s\"']+)(?:@(?<currentDigest>sha256:[a-f0-9]+))?[\"']?"
],
"versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}docker{{/if}}"
},
@@ -123,7 +123,8 @@
],
"matchPackageNames": [
"excalidraw/excalidraw",
"searxng/searxng"
"searxng/searxng",
"d3fk/s3cmd"
],
"addLabels": [
"automerge"