alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 4 Actions 1 Activity

Compare commits

base: alexlebens:db241971ccdc44b6a1664bf57bd81f1c5ef9d354
Branches Tags
alexlebens:main alexlebens:renovate/unified-medialyze alexlebens:renovate/unified-gitea alexlebens:renovate/unified-talosctl alexlebens:renovate/unified-cilium alexlebens:manifests
..
compare: alexlebens:main
Branches Tags
alexlebens:renovate/unified-medialyze alexlebens:renovate/unified-gitea alexlebens:renovate/unified-talosctl alexlebens:renovate/unified-cilium alexlebens:main alexlebens:manifests

35 Commits
db241971cc ... main

Author SHA1 Message Date
Alex Lebens
d5cdabdcfc ci: reconfigure
All checks were successful
renovate / renovate (push) Successful in 3m19s
Details
2026-05-03 20:40:45 -05:00
Renovate Bot
59115a4aa5 Merge pull request 'chore(deps): update dependency linuxserver/docker-radarr to v6.1.1.10360-ls301' (#6488) from renovate/unified-radarr into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 33s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 3m31s
Details
2026-05-04 01:37:22 +00:00
Renovate Bot
bf40889e02 chore(deps): update dependency linuxserver/docker-radarr to v6.1.1.10360-ls301 2026-05-04 01:37:22 +00:00
Renovate Bot
e6ac975d82 Merge pull request 'chore(deps): update dawarich to v1.7.5' (#6487) from renovate/unified-dawarich into main
Some checks failed
lint-test-helm / validate-kubeconform (push) Has been cancelled
Details
lint-test-helm / lint-helm (push) Has started running
Details
renovate / renovate (push) Has been cancelled
Details
2026-05-04 01:37:05 +00:00
Renovate Bot
0d13bb50b8 chore(deps): update dawarich to v1.7.5
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 22s
Details
lint-test-helm / validate-kubeconform (pull_request) Has been skipped
Details
render-manifests / render-manifests (pull_request) Successful in 1m28s
Details
2026-05-04 01:36:45 +00:00
Renovate Bot
f8ee5cc4d6 Merge pull request 'chore(deps): update tdarr to v2.71.01' (#6478) from renovate/unified-tdarr into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 25s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 2m41s
Details
2026-05-04 01:19:03 +00:00
Renovate Bot
84ee4309ed chore(deps): update tdarr to v2.71.01
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 52s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 33s
Details
render-manifests / render-manifests (pull_request) Successful in 55s
Details
2026-05-04 01:14:37 +00:00
Renovate Bot
a73522e947 Merge pull request 'chore(deps): update dependency ollama/ollama to v0.23.0' (#6479) from renovate/unified-ollama into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 37s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 3m49s
Details
2026-05-04 01:11:17 +00:00
Renovate Bot
e420223b58 chore(deps): update dependency ollama/ollama to v0.23.0
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 26s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 1m13s
Details
render-manifests / render-manifests (pull_request) Successful in 37s
Details
2026-05-04 01:06:31 +00:00
Renovate Bot
5ae70f2e28 Merge pull request 'chore(deps): update actual to v26.5.0' (#6476) from renovate/unified-actual into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 25s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 2m59s
Details
2026-05-04 01:04:09 +00:00
Renovate Bot
b3fbc30ba1 chore(deps): update actual to v26.5.0
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 26s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 30s
Details
render-manifests / render-manifests (pull_request) Successful in 1m33s
Details
2026-05-04 01:00:34 +00:00
Renovate Bot
51a2cb38fd Merge pull request 'chore(deps): update ghcr.io/linuxserver/radarr docker tag to v6.1.1.10360-ls301' (#6483) from renovate/unified-radarr into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 56s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 3m54s
Details
2026-05-04 00:58:11 +00:00
Renovate Bot
9941c499db chore(deps): update ghcr.io/linuxserver/radarr docker tag to v6.1.1.10360-ls301
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 46s
Details
lint-test-helm / validate-kubeconform (pull_request) Has been skipped
Details
render-manifests / render-manifests (pull_request) Successful in 1m5s
Details
2026-05-04 00:57:30 +00:00
Alex Lebens
3d8207b039 ci: reconfigure
Some checks failed
renovate / renovate (push) Has been cancelled
Details
2026-05-03 19:54:12 -05:00
Alex Lebens
cf5a30f9cd Merge pull request 'feat: change tag' (#6481) from tmp/corends-4 into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 31s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 55s
Details 
Reviewed-on: #6481
 2026-05-04 00:51:31 +00:00
Alex Lebens
ee5e00f320 feat: change tag
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 40s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 20s
Details
render-manifests / render-manifests (pull_request) Successful in 1m6s
Details
2026-05-03 19:49:23 -05:00
Alex Lebens
48224be958 ci: reconfigure
All checks were successful
renovate / renovate (push) Successful in 53s
Details
2026-05-03 19:41:36 -05:00
Alex Lebens
9108025b24 Merge pull request 'chore(deps): update ollama/ollama docker tag to v0.23.0' (#6473) from renovate/unified-ollama into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 1m49s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 4m1s
Details 
Reviewed-on: #6473
 2026-05-03 15:24:42 +00:00
Renovate Bot
cf732b7a4f chore(deps): update ollama/ollama docker tag to v0.23.0
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 1m15s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 1m8s
Details
render-manifests / render-manifests (pull_request) Successful in 3m9s
Details
2026-05-03 15:20:18 +00:00
Alex Lebens
b7d7821085 Merge pull request 'chore(deps): update vaultwarden to v1.36.0' (#6474) from renovate/unified-vaultwarden into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 46s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 3m58s
Details 
Reviewed-on: #6474
 2026-05-03 15:16:30 +00:00
Renovate Bot
6b41cc143c chore(deps): update vaultwarden to v1.36.0
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 24s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 19s
Details
render-manifests / render-manifests (pull_request) Successful in 1m51s
Details
2026-05-03 13:02:53 +00:00
Alex Lebens
41707f944a Merge pull request 'feat: switch to docker hub' (#6471) from tmp/corends-3 into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 25s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 5m14s
Details
render-manifests / render-manifests (push) Successful in 9m10s
Details 
Reviewed-on: #6471
 2026-05-03 02:58:15 +00:00
Alex Lebens
d90ed46751 feat: switch to docker hub
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 22s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 21s
Details
render-manifests / render-manifests (pull_request) Successful in 44s
Details
2026-05-02 21:56:52 -05:00
Alex Lebens
733d9e1186 Merge pull request 'chore(deps): update registry.k8s.io/coredns/coredns docker tag to v1.14.3' (#6469) from renovate/unified-coredns into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 20s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 2m41s
Details 
Reviewed-on: #6469
 2026-05-03 02:31:09 +00:00
Renovate Bot
eeb03cc2d6 chore(deps): update registry.k8s.io/coredns/coredns docker tag to v1.14.3
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 25s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 20s
Details
render-manifests / render-manifests (pull_request) Successful in 42s
Details
2026-05-03 02:26:38 +00:00
Renovate Bot
c800b7d688 Merge pull request 'chore(deps): update haproxy docker tag to v3.3.8' (#6467) from renovate/unified-haproxy into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 57s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 5m49s
Details
2026-05-03 02:16:08 +00:00
Renovate Bot
80de6c3eb2 chore(deps): update haproxy docker tag to v3.3.8
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 1m53s
Details
lint-test-helm / validate-kubeconform (pull_request) Has been skipped
Details
render-manifests / render-manifests (pull_request) Successful in 2m35s
Details
2026-05-03 02:15:30 +00:00
Alex Lebens
b27eded234 Merge pull request 'feat: remove stalwart and roundcube' (#6464) from tmp/stalwart into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 42s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
lint-test-docker / lint-docker-compose (push) Successful in 1m19s
Details
renovate / renovate (push) Successful in 5m10s
Details 
Reviewed-on: #6464
 2026-05-03 01:37:22 +00:00
Alex Lebens
1af493509b feat: remove stalwart and roundcube 2026-05-03 01:37:22 +00:00
Alex Lebens
e4c0a3b627 Merge pull request 'chore(deps): update ghcr.io/caronc/apprise docker tag to v1.4.1' (#6461) from renovate/unified-apprise into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 35s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details 
Reviewed-on: #6461
 2026-05-03 01:35:42 +00:00
Renovate Bot
8bc839dd2a chore(deps): update ghcr.io/caronc/apprise docker tag to v1.4.1 2026-05-03 01:35:42 +00:00
Alex Lebens
13e0045800 Merge pull request 'chore(deps): update ghcr.io/renovatebot/renovate docker tag to v43.160.6' (#6463) from renovate/unified-renovate into main
Some checks failed
renovate / renovate (push) Has been cancelled
Details 
Reviewed-on: #6463
 2026-05-03 01:34:48 +00:00
Renovate Bot
658998d967 chore(deps): update ghcr.io/renovatebot/renovate docker tag to v43.160.6
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
2026-05-03 01:28:34 +00:00
Renovate Bot
5e161d3722 Merge pull request 'chore(deps): update elasticsearch docker tag to v9.3.4' (#6460) from renovate/unified-elasticsearch into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 1m6s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 6m15s
Details
2026-05-03 01:24:07 +00:00
Renovate Bot
9f79c1a85a chore(deps): update elasticsearch docker tag to v9.3.4
Some checks failed
renovate/stability-days Updates have not met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 1m9s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 1m11s
Details
render-manifests / render-manifests (pull_request) Failing after 1m43s
Details
2026-05-03 01:23:48 +00:00
41 changed files with 54 additions and 811 deletions
Expand all files Collapse all files

2
.gitea/workflows/renovate.yaml
View File

@@ -13,7 +13,7 @@ on:
jobs: jobs:
renovate: renovate:
runs-on: ubuntu-js runs-on: ubuntu-js
container: ghcr.io/renovatebot/renovate:43.160.4@sha256:00185c0d63462acec8331cc9a94dcd74a763f2765fca0edcc3ff568af1dc8104 container: ghcr.io/renovatebot/renovate:43.160.6@sha256:ef4afabbfdbddce68c26c843d73f98f65e19e8aabd6c22bee7aa7af5f914a43c
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

2
clusters/cl01tl/helm/actual/Chart.yaml
View File

@@ -24,4 +24,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png
# renovate: datasource=github-releases depName=actualbudget/actual # renovate: datasource=github-releases depName=actualbudget/actual
appVersion: 26.4.0 appVersion: 26.5.0

2
clusters/cl01tl/helm/actual/values.yaml
View File

@@ -8,7 +8,7 @@ actual:
main: main:
image: image:
repository: ghcr.io/actualbudget/actual repository: ghcr.io/actualbudget/actual
tag: 26.4.0@sha256:b0e732e2c41b3dc468a71548e88ef76d3f0c157fc43d15fa05d14ec1c5747e1e tag: 26.5.0@sha256:b733ae30c70a66dc4d03577526e53575a0c04eab4f3ab6ace30934776251058c
env: env:
- name: ACTUAL_PORT - name: ACTUAL_PORT
value: 5006 value: 5006

2
clusters/cl01tl/helm/argocd/values.yaml
View File

@@ -103,7 +103,7 @@ argo-cd:
enabled: true enabled: true
image: image:
repository: haproxy repository: haproxy
tag: 3.3.7-alpine@sha256:2afa53c856e4e9fcc7dfb35b807fcb189896d7e62b38d363f9bedea92bce7f9a tag: 3.3.8-alpine@sha256:10690acb357180d5214c6fce59e2cefded6cc72b0f7e3febb323fea95b27e349
resources: resources:
requests: requests:
cpu: 5m cpu: 5m

3
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -134,7 +134,7 @@ blocky:
komodo IN CNAME traefik-cl01tl komodo IN CNAME traefik-cl01tl
languagetool IN CNAME traefik-cl01tl languagetool IN CNAME traefik-cl01tl
lidarr IN CNAME traefik-cl01tl lidarr IN CNAME traefik-cl01tl
mail IN CNAME traefik-cl01tl loki IN CNAME traefik-cl01tl
medialyze IN CNAME traefik-cl01tl medialyze IN CNAME traefik-cl01tl
music-grabber IN CNAME traefik-cl01tl music-grabber IN CNAME traefik-cl01tl
navidrome IN CNAME traefik-cl01tl navidrome IN CNAME traefik-cl01tl
@@ -162,7 +162,6 @@ blocky:
sonarr-4k IN CNAME traefik-cl01tl sonarr-4k IN CNAME traefik-cl01tl
sonarr-anime IN CNAME traefik-cl01tl sonarr-anime IN CNAME traefik-cl01tl
sparkyfitness IN CNAME traefik-cl01tl sparkyfitness IN CNAME traefik-cl01tl
stalwart IN CNAME traefik-cl01tl
tdarr IN CNAME traefik-cl01tl tdarr IN CNAME traefik-cl01tl
tubearchivist IN CNAME traefik-cl01tl tubearchivist IN CNAME traefik-cl01tl
vault IN CNAME traefik-cl01tl vault IN CNAME traefik-cl01tl

4
clusters/cl01tl/helm/coredns/values.yaml
View File

@@ -1,7 +1,7 @@
coredns: coredns:
image: image:
repository: registry.k8s.io/coredns/coredns repository: coredns/coredns
tag: v1.14.2@sha256:e7e6440cfd1e919280958f5b5a6ab2b184d385bba774c12ad2a9e1e4183f90d9 tag: 1.14.3@sha256:b21d26b915e10acb5bc78715c1e8b6047ab2675389b2bcc18b3a6499d90e74c0
replicaCount: 3 replicaCount: 3
resources: resources:
limits: limits:

2
clusters/cl01tl/helm/dawarich/Chart.yaml
View File

@@ -42,4 +42,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png
# renovate: datasource=github-releases depName=Freika/dawarich # renovate: datasource=github-releases depName=Freika/dawarich
appVersion: 1.7.3 appVersion: 1.7.5

4
clusters/cl01tl/helm/dawarich/values.yaml
View File

@@ -8,7 +8,7 @@ dawarich:
main: main:
image: image:
repository: freikin/dawarich repository: freikin/dawarich
tag: 1.7.3@sha256:519ea4152381a3f58ae42859f530f5a433073e3f48f196fac3533432642b72b2 tag: 1.7.5@sha256:dceef4bf7bd5e6a842d61cdd2a82440a0db34f70dc766e02b0b3b212e13b4ba6
command: command:
- "web-entrypoint.sh" - "web-entrypoint.sh"
args: args:
@@ -126,7 +126,7 @@ dawarich:
sidekiq: sidekiq:
image: image:
repository: freikin/dawarich repository: freikin/dawarich
tag: 1.7.3@sha256:519ea4152381a3f58ae42859f530f5a433073e3f48f196fac3533432642b72b2 tag: 1.7.5@sha256:dceef4bf7bd5e6a842d61cdd2a82440a0db34f70dc766e02b0b3b212e13b4ba6
command: command:
- "sidekiq-entrypoint.sh" - "sidekiq-entrypoint.sh"
args: args:

1
clusters/cl01tl/helm/elastic-operator/values.yaml
View File

@@ -1,6 +1,5 @@
eck-operator: eck-operator:
managedNamespaces: managedNamespaces:
- stalwart
- tubearchivist - tubearchivist
installCRDs: true installCRDs: true
replicaCount: 2 replicaCount: 2

6
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -212,12 +212,6 @@ gatus:
- name: authentik - name: authentik
url: https://authentik.alexlebens.net url: https://authentik.alexlebens.net
<<: *defaults <<: *defaults
- name: roundcube
url: https://mail.alexlebens.net
<<: *defaults
- name: stalwart
url: https://stalwart.alexlebens.net
<<: *defaults
- name: ntfy - name: ntfy
url: https://ntfy.alexlebens.net url: https://ntfy.alexlebens.net
<<: *defaults <<: *defaults

18
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -487,24 +487,6 @@ homepage:
href: https://authentik.alexlebens.net href: https://authentik.alexlebens.net
siteMonitor: http://authentik-server.authentik:80 siteMonitor: http://authentik-server.authentik:80
statusStyle: dot statusStyle: dot
- Email Client:
icon: sh-roundcube.webp
description: Roundcube
href: https://mail.alexlebens.net
siteMonitor: http://roundcube.roundcube:80
statusStyle: dot
- Email Server:
icon: sh-stalwart.webp
description: Stalwart
href: https://stalwart.alexlebens.net
siteMonitor: http://stalwart.stalwart:80
statusStyle: dot
namespace: stalwart
app: stalwart
podSelector: >-
app.kubernetes.io/instance in (
stalwart
)
- Notifications: - Notifications:
icon: sh-ntfy.webp icon: sh-ntfy.webp
description: ntfy description: ntfy

2
clusters/cl01tl/helm/ollama/Chart.yaml
View File

@@ -31,4 +31,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png
# renovate: datasource=github-releases depName=ollama/ollama # renovate: datasource=github-releases depName=ollama/ollama
appVersion: 0.22.1 appVersion: 0.23.0

6
clusters/cl01tl/helm/ollama/values.yaml
View File

@@ -21,7 +21,7 @@ ollama:
main: main:
image: image:
repository: ollama/ollama repository: ollama/ollama
tag: 0.22.1@sha256:3ca37ec2b9cb6341b62554074205c616778fe98abcf9e4fc50361b79a07407ae tag: 0.23.0@sha256:5600a652d1081050f398152127c584222546354491f27fe47ccbc6351bc870bd
env: env:
- name: OLLAMA_KEEP_ALIVE - name: OLLAMA_KEEP_ALIVE
value: 24h value: 24h
@@ -55,7 +55,7 @@ ollama:
main: main:
image: image:
repository: ollama/ollama repository: ollama/ollama
tag: 0.22.1@sha256:3ca37ec2b9cb6341b62554074205c616778fe98abcf9e4fc50361b79a07407ae tag: 0.23.0@sha256:5600a652d1081050f398152127c584222546354491f27fe47ccbc6351bc870bd
env: env:
- name: OLLAMA_KEEP_ALIVE - name: OLLAMA_KEEP_ALIVE
value: 24h value: 24h
@@ -89,7 +89,7 @@ ollama:
main: main:
image: image:
repository: ollama/ollama repository: ollama/ollama
tag: 0.22.1@sha256:3ca37ec2b9cb6341b62554074205c616778fe98abcf9e4fc50361b79a07407ae tag: 0.23.0@sha256:5600a652d1081050f398152127c584222546354491f27fe47ccbc6351bc870bd
env: env:
- name: OLLAMA_KEEP_ALIVE - name: OLLAMA_KEEP_ALIVE
value: 24h value: 24h

2
clusters/cl01tl/helm/radarr-4k/Chart.yaml
View File

@@ -33,4 +33,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-4k.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-4k.png
# renovate: datasource=github-releases depName=linuxserver/docker-radarr # renovate: datasource=github-releases depName=linuxserver/docker-radarr
appVersion: 6.1.1.10360-ls300 appVersion: 6.1.1.10360-ls301

2
clusters/cl01tl/helm/radarr-4k/values.yaml
View File

@@ -14,7 +14,7 @@ radarr-4k:
main: main:
image: image:
repository: ghcr.io/linuxserver/radarr repository: ghcr.io/linuxserver/radarr
tag: 6.1.1.10360-ls300@sha256:b01097ad2d948c9f5eca39eb60bb529e2e55b0738c4bf7db09383bef0abab59d tag: 6.1.1.10360-ls301@sha256:659e5f20500948b1491f31dd85c6f99a43508ce3e46595793e1e15aa955bf6d7
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago

2
clusters/cl01tl/helm/radarr-anime/Chart.yaml
View File

@@ -33,4 +33,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-anime.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-anime.png
# renovate: datasource=github-releases depName=linuxserver/docker-radarr # renovate: datasource=github-releases depName=linuxserver/docker-radarr
appVersion: 6.1.1.10360-ls300 appVersion: 6.1.1.10360-ls301

2
clusters/cl01tl/helm/radarr-anime/values.yaml
View File

@@ -14,7 +14,7 @@ radarr-anime:
main: main:
image: image:
repository: ghcr.io/linuxserver/radarr repository: ghcr.io/linuxserver/radarr
tag: 6.1.1.10360-ls300@sha256:b01097ad2d948c9f5eca39eb60bb529e2e55b0738c4bf7db09383bef0abab59d tag: 6.1.1.10360-ls301@sha256:659e5f20500948b1491f31dd85c6f99a43508ce3e46595793e1e15aa955bf6d7
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago

2
clusters/cl01tl/helm/radarr-standup/Chart.yaml
View File

@@ -33,4 +33,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png
# renovate: datasource=github-releases depName=linuxserver/docker-radarr # renovate: datasource=github-releases depName=linuxserver/docker-radarr
appVersion: 6.1.1.10360-ls300 appVersion: 6.1.1.10360-ls301

2
clusters/cl01tl/helm/radarr-standup/values.yaml
View File

@@ -14,7 +14,7 @@ radarr-standup:
main: main:
image: image:
repository: ghcr.io/linuxserver/radarr repository: ghcr.io/linuxserver/radarr
tag: 6.1.1.10360-ls300@sha256:b01097ad2d948c9f5eca39eb60bb529e2e55b0738c4bf7db09383bef0abab59d tag: 6.1.1.10360-ls301@sha256:659e5f20500948b1491f31dd85c6f99a43508ce3e46595793e1e15aa955bf6d7
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago

2
clusters/cl01tl/helm/radarr/Chart.yaml
View File

@@ -33,4 +33,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png
# renovate: datasource=github-releases depName=linuxserver/docker-radarr # renovate: datasource=github-releases depName=linuxserver/docker-radarr
appVersion: 6.1.1.10360-ls300 appVersion: 6.1.1.10360-ls301

2
clusters/cl01tl/helm/radarr/values.yaml
View File

@@ -14,7 +14,7 @@ radarr:
main: main:
image: image:
repository: ghcr.io/linuxserver/radarr repository: ghcr.io/linuxserver/radarr
tag: 6.1.1.10360-ls300@sha256:b01097ad2d948c9f5eca39eb60bb529e2e55b0738c4bf7db09383bef0abab59d tag: 6.1.1.10360-ls301@sha256:659e5f20500948b1491f31dd85c6f99a43508ce3e46595793e1e15aa955bf6d7
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago

12
clusters/cl01tl/helm/roundcube/Chart.lock
View File

@@ -1,12 +0,0 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.12.1
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 1.1.1
digest: sha256:6ea0ffea8d47e3c62657f35ce0dda5d5f67aa13c99107dee396787a6e0c3633c
generated: "2026-04-28T23:36:57.236521514Z"

32
clusters/cl01tl/helm/roundcube/Chart.yaml
View File

@@ -1,32 +0,0 @@
apiVersion: v2
name: roundcube
version: 1.0.0
description: Roundcube
keywords:
- roundcube
- email-client
home: https://docs.alexlebens.dev/applications/rclone/
sources:
- https://github.com/roundcube/roundcubemail
- https://hub.docker.com/r/roundcube/roundcubemail
- https://hub.docker.com/_/nginx
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: roundcube
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.12.1
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data
version: 1.1.1
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/roundcube.png
# renovate: datasource=github-releases depName=roundcube/roundcubemail
appVersion: 1.6.15

14
clusters/cl01tl/helm/roundcube/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

17
clusters/cl01tl/helm/roundcube/templates/external-secret.yaml
View File

@@ -1,17 +0,0 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: roundcube-key
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: roundcube-key
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: DES_KEY
remoteRef:
key: /cl01tl/roundcube/key
property: des-key

236
clusters/cl01tl/helm/roundcube/values.yaml
View File

@@ -1,236 +0,0 @@
roundcube:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
containers:
main:
image:
repository: roundcube/roundcubemail
tag: 1.6.15-fpm-alpine@sha256:0e07c1c66d5a1392f0c47cc79e85e0c60095108f715037d7d0aa3fd8cbe2e780
env:
- name: ROUNDCUBEMAIL_DB_TYPE
value: pgsql
- name: ROUNDCUBEMAIL_DB_HOST
valueFrom:
secretKeyRef:
name: roundcube-postgresql-18-cluster-app
key: host
- name: ROUNDCUBEMAIL_DB_NAME
valueFrom:
secretKeyRef:
name: roundcube-postgresql-18-cluster-app
key: dbname
- name: ROUNDCUBEMAIL_DB_USER
valueFrom:
secretKeyRef:
name: roundcube-postgresql-18-cluster-app
key: user
- name: ROUNDCUBEMAIL_DB_PASSWORD
valueFrom:
secretKeyRef:
name: roundcube-postgresql-18-cluster-app
key: password
- name: ROUNDCUBEMAIL_DES_KEY
valueFrom:
secretKeyRef:
name: roundcube-key
key: DES_KEY
- name: ROUNDCUBEMAIL_DEFAULT_HOST
value: stalwart.stalwart
- name: ROUNDCUBEMAIL_DEFAULT_PORT
value: 143
- name: ROUNDCUBEMAIL_SMTP_SERVER
value: stalwart.stalwart
- name: ROUNDCUBEMAIL_SMTP_PORT
value: 25
- name: ROUNDCUBEMAIL_SKIN
value: elastic
- name: ROUNDCUBEMAIL_PLUGINS
value: archive,zipdownload,newmail_notifier
resources:
requests:
cpu: 1m
memory: 40Mi
nginx:
image:
repository: nginx
tag: 1.30.0-alpine-slim@sha256:830b40ff1beb5e018e56aef2ed1f9fe87a7797e35a555b75fea5c9568e316b04
env:
- name: NGINX_HOST
value: mail.alexlebens.net
- name: NGINX_PHP_CGI
value: roundcube.roundcube:9000
cleandb:
type: cronjob
cronjob:
suspend: false
timeZone: America/Chicago
schedule: 30 4 * * *
backoffLimit: 3
parallelism: 1
containers:
backup:
image:
repository: roundcube/roundcubemail
tag: 1.6.15-fpm-alpine@sha256:0e07c1c66d5a1392f0c47cc79e85e0c60095108f715037d7d0aa3fd8cbe2e780
args:
- bin/cleandb.sh
env:
- name: ROUNDCUBEMAIL_DB_TYPE
value: pgsql
- name: ROUNDCUBEMAIL_DB_HOST
valueFrom:
secretKeyRef:
name: roundcube-postgresql-18-cluster-app
key: host
- name: ROUNDCUBEMAIL_DB_NAME
valueFrom:
secretKeyRef:
name: roundcube-postgresql-18-cluster-app
key: dbname
- name: ROUNDCUBEMAIL_DB_USER
valueFrom:
secretKeyRef:
name: roundcube-postgresql-18-cluster-app
key: user
- name: ROUNDCUBEMAIL_DB_PASSWORD
valueFrom:
secretKeyRef:
name: roundcube-postgresql-18-cluster-app
key: password
- name: ROUNDCUBEMAIL_DES_KEY
valueFrom:
secretKeyRef:
name: roundcube-key
key: DES_KEY
- name: ROUNDCUBEMAIL_DEFAULT_HOST
value: tls://stalwart.stalwart
- name: ROUNDCUBEMAIL_SMTP_SERVER
value: tls://stalwart.stalwart
- name: ROUNDCUBEMAIL_SKIN
value: elastic
- name: ROUNDCUBEMAIL_PLUGINS
value: archive,zipdownload,newmail_notifier
configMaps:
config:
enabled: true
data:
default.conf: |
server {
listen 80 default_server;
server_name _;
root /var/www/html;
location / {
try_files $uri /index.php$is_args$args;
}
location ~ \.php(/|$) {
try_files $uri =404;
fastcgi_pass roundcube:9000;
fastcgi_read_timeout 300;
proxy_read_timeout 300;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
internal;
}
client_max_body_size 6m;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
}
service:
main:
controller: main
ports:
mail:
port: 9000
targetPort: 9000
web:
port: 80
targetPort: 80
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- mail.alexlebens.net
rules:
- backendRefs:
- name: roundcube
port: 80
matches:
- path:
type: PathPrefix
value: /
persistence:
config:
enabled: true
type: configMap
name: roundcube-config
advancedMounts:
main:
nginx:
- path: /etc/nginx/conf.d/default.conf
readOnly: true
mountPropagation: None
subPath: default.conf
data:
forceRename: roundcube-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
advancedMounts:
main:
main:
- path: /var/www/html
readOnly: false
nginx:
- path: /var/www/html
readOnly: false
temp:
type: emptyDir
advancedMounts:
main:
main:
- path: /tmp/roundcube-temp
readOnly: false
postgres-18-cluster:
mode: recovery
recovery:
method: objectStore
objectStore:
index: 1
backup:
objectStore:
- name: garage-local
index: 1
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 40 15 * * *"
backupName: garage-local
volsync-target-data:
pvcTarget: roundcube-data
local:
enabled: true
schedule: 12 11 * * *
remote:
enabled: true
schedule: 12 12 * * *
external:
enabled: true
schedule: 12 13 * * *

15
clusters/cl01tl/helm/stalwart/Chart.lock
View File

@@ -1,15 +0,0 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.12.1
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.7.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 1.1.1
digest: sha256:dd614761622fa310ad50f400727fa6a6574071c2ac057294364409fdfe0ff545
generated: "2026-05-02T01:49:21.562586412Z"

37
clusters/cl01tl/helm/stalwart/Chart.yaml
View File

@@ -1,37 +0,0 @@
apiVersion: v2
name: stalwart
version: 1.0.0
description: Stalwart
keywords:
- stalwart
- email
home: https://docs.alexlebens.dev/applications/stalwart/
sources:
- https://github.com/stalwartlabs/mail-server
- https://github.com/stalwartlabs/stalwart/pkgs/container/stalwart
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: stalwart
version: 4.6.2
repository: https://bjw-s-labs.github.io/helm-charts/
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.12.1
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey
version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-config
version: 1.1.1
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/stalwart.png
# renovate: datasource=github-releases depName=stalwartlabs/mail-server
appVersion: v0.15.5

14
clusters/cl01tl/helm/stalwart/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

29
clusters/cl01tl/helm/stalwart/templates/elasticsearch.yaml
View File

@@ -1,29 +0,0 @@
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: elasticsearch-stalwart
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: elasticsearch-stalwart
{{- include "custom.labels" . | nindent 4 }}
spec:
# renovate: datasource=docker depName=elasticsearch
version: 9.3.3
auth:
fileRealm:
- secretName: stalwart-elasticsearch-config
nodeSets:
- name: default
count: 2
config:
node.store.allow_mmap: false
volumeClaimTemplates:
- metadata:
name: elasticsearch-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: ceph-block

25
clusters/cl01tl/helm/stalwart/templates/external-secret.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: stalwart-elasticsearch-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: stalwart-elasticsearch-config
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: username
remoteRef:
key: /cl01tl/stalwart/elasticsearch
property: username
- secretKey: password
remoteRef:
key: /cl01tl/stalwart/elasticsearch
property: password
- secretKey: roles
remoteRef:
key: /cl01tl/stalwart/elasticsearch
property: roles

10
clusters/cl01tl/helm/stalwart/templates/namespace.yaml
View File

@@ -1,10 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ .Release.Namespace }}
{{- include "custom.labels" . | nindent 4 }}
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

169
clusters/cl01tl/helm/stalwart/templates/prometheus-rule.yaml
View File

@@ -1,169 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: elasticsearch
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: elasticsearch
{{- include "custom.labels" . | nindent 4 }}
spec:
groups:
- name: ElasticsearchExporter
rules:
- alert: ElasticsearchHeapUsageTooHigh
expr: (elasticsearch_jvm_memory_used_bytes{area="heap"} / elasticsearch_jvm_memory_max_bytes{area="heap"}) * 100 > 90 and elasticsearch_jvm_memory_max_bytes{area="heap"} > 0
for: 2m
labels:
severity: critical
annotations:
summary: Elasticsearch Heap Usage Too High (instance {{ `{{ $labels.instance }}` }})
description: "The heap usage is over 90%\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchHeapUsageWarning
expr: (elasticsearch_jvm_memory_used_bytes{area="heap"} / elasticsearch_jvm_memory_max_bytes{area="heap"}) * 100 > 80 and elasticsearch_jvm_memory_max_bytes{area="heap"} > 0
for: 2m
labels:
severity: warning
annotations:
summary: Elasticsearch Heap Usage warning (instance {{ `{{ $labels.instance }}` }})
description: "The heap usage is over 80%\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchDiskOutOfSpace
expr: elasticsearch_filesystem_data_available_bytes / elasticsearch_filesystem_data_size_bytes * 100 < 10 and elasticsearch_filesystem_data_size_bytes > 0
for: 0m
labels:
severity: critical
annotations:
summary: Elasticsearch disk out of space (instance {{ `{{ $labels.instance }}` }})
description: "The disk usage is over 90%\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchDiskSpaceLow
expr: elasticsearch_filesystem_data_available_bytes / elasticsearch_filesystem_data_size_bytes * 100 < 20 and elasticsearch_filesystem_data_size_bytes > 0
for: 2m
labels:
severity: warning
annotations:
summary: Elasticsearch disk space low (instance {{ `{{ $labels.instance }}` }})
description: "The disk usage is over 80%\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchClusterRed
expr: elasticsearch_cluster_health_status{color="red"} == 1
for: 0m
labels:
severity: critical
annotations:
summary: Elasticsearch Cluster Red (instance {{ `{{ $labels.instance }}` }})
description: "Elastic Cluster Red status\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchClusterYellow
expr: elasticsearch_cluster_health_status{color="yellow"} == 1
for: 0m
labels:
severity: warning
annotations:
summary: Elasticsearch Cluster Yellow (instance {{ `{{ $labels.instance }}` }})
description: "Elastic Cluster Yellow status\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
# 1m delay allows a restart without triggering an alert.
- alert: ElasticsearchHealthyNodes
expr: elasticsearch_cluster_health_number_of_nodes < 3
for: 1m
labels:
severity: critical
annotations:
summary: Elasticsearch Healthy Nodes (instance {{ `{{ $labels.instance }}` }})
description: "Missing node in Elasticsearch cluster\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
# 1m delay allows a restart without triggering an alert.
- alert: ElasticsearchHealthyDataNodes
expr: elasticsearch_cluster_health_number_of_data_nodes < 3
for: 1m
labels:
severity: critical
annotations:
summary: Elasticsearch Healthy Data Nodes (instance {{ `{{ $labels.instance }}` }})
description: "Missing data node in Elasticsearch cluster\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchRelocatingShards
expr: elasticsearch_cluster_health_relocating_shards > 0
for: 0m
labels:
severity: info
annotations:
summary: Elasticsearch relocating shards (instance {{ `{{ $labels.instance }}` }})
description: "Elasticsearch is relocating shards\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchRelocatingShardsTooLong
expr: elasticsearch_cluster_health_relocating_shards > 0
for: 15m
labels:
severity: warning
annotations:
summary: Elasticsearch relocating shards too long (instance {{ `{{ $labels.instance }}` }})
description: "Elasticsearch has been relocating shards for 15min\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchInitializingShards
expr: elasticsearch_cluster_health_initializing_shards > 0
for: 0m
labels:
severity: info
annotations:
summary: Elasticsearch initializing shards (instance {{ `{{ $labels.instance }}` }})
description: "Elasticsearch is initializing shards\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchInitializingShardsTooLong
expr: elasticsearch_cluster_health_initializing_shards > 0
for: 15m
labels:
severity: warning
annotations:
summary: Elasticsearch initializing shards too long (instance {{ `{{ $labels.instance }}` }})
description: "Elasticsearch has been initializing shards for 15 min\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchUnassignedShards
expr: elasticsearch_cluster_health_unassigned_shards > 0
for: 2m
labels:
severity: critical
annotations:
summary: Elasticsearch unassigned shards (instance {{ `{{ $labels.instance }}` }})
description: "Elasticsearch has unassigned shards\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchPendingTasks
expr: elasticsearch_cluster_health_number_of_pending_tasks > 0
for: 15m
labels:
severity: warning
annotations:
summary: Elasticsearch pending tasks (instance {{ `{{ $labels.instance }}` }})
description: "Elasticsearch has pending tasks. Cluster works slowly.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchNoNewDocuments
expr: increase(elasticsearch_indices_indexing_index_total{es_data_node="true"}[10m]) < 1
for: 0m
labels:
severity: warning
annotations:
summary: Elasticsearch no new documents (instance {{ `{{ $labels.instance }}` }})
description: "No new documents for 10 min!\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
# Threshold of 10ms (0.01s) per indexing operation is a rough default. Adjust based on your document size and cluster performance.
- alert: ElasticsearchHighIndexingLatency
expr: rate(elasticsearch_indices_indexing_index_time_seconds_total[5m]) / rate(elasticsearch_indices_indexing_index_total[5m]) > 0.01 and rate(elasticsearch_indices_indexing_index_total[5m]) > 0
for: 10m
labels:
severity: warning
annotations:
summary: Elasticsearch High Indexing Latency (instance {{ `{{ $labels.instance }}` }})
description: "The indexing latency on Elasticsearch cluster is higher than the threshold (current value: {{ `{{ $value }}` }}s).\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
# Threshold of 10000 ops/s is a rough default. Adjust based on your cluster capacity and expected workload.
- alert: ElasticsearchHighIndexingRate
expr: sum(rate(elasticsearch_indices_indexing_index_total[1m]))> 10000
for: 5m
labels:
severity: warning
annotations:
summary: Elasticsearch High Indexing Rate (instance {{ `{{ $labels.instance }}` }})
description: "The indexing rate on Elasticsearch cluster is higher than the threshold.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
# Threshold of 100 queries/s is very low for most production clusters. Adjust based on your expected query volume.
- alert: ElasticsearchHighQueryRate
expr: sum(rate(elasticsearch_indices_search_query_total[1m])) > 100
for: 5m
labels:
severity: warning
annotations:
summary: Elasticsearch High Query Rate (instance {{ `{{ $labels.instance }}` }})
description: "The query rate on Elasticsearch cluster is higher than the threshold.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchHighQueryLatency
expr: rate(elasticsearch_indices_search_query_time_seconds[1m]) / rate(elasticsearch_indices_search_query_total[1m]) > 1 and rate(elasticsearch_indices_search_query_total[1m]) > 0
for: 5m
labels:
severity: warning
annotations:
summary: Elasticsearch High Query Latency (instance {{ `{{ $labels.instance }}` }})
description: "The query latency on Elasticsearch cluster is higher than the threshold (current value: {{ `{{ $value }}` }}s).\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"

129
clusters/cl01tl/helm/stalwart/values.yaml
View File

@@ -1,129 +0,0 @@
stalwart:
controllers:
main:
forceRename: stalwart
type: deployment
replicas: 1
strategy: Recreate
containers:
main:
image:
repository: ghcr.io/stalwartlabs/stalwart
tag: v0.15.5@sha256:dcf575db2d53d9ef86d6ced8abe4ba491984659a0f8862cc6079ee7b41c3c568
resources:
requests:
cpu: 10m
memory: 100Mi
metrics:
type: deployment
replicas: 1
strategy: Recreate
containers:
main:
image:
repository: quay.io/prometheuscommunity/elasticsearch-exporter
tag: v1.10.0@sha256:a6a4d4403f670faf6a94b8c7f9adbca3ead91f26dd64e5ccf95fa69025dc6e58
args:
- '--es.uri=https://elasticsearch-stalwart-es-http.tubearchivist:9200'
- '--es.ssl-skip-verify'
resources:
requests:
cpu: 1m
memory: 10Mi
service:
main:
controller: main
forceRename: stalwart
ports:
http:
port: 80
targetPort: 8080
smtp:
port: 25
targetPort: 25
smtps:
port: 465
targetPort: 465
imap:
port: 143
targetPort: 143
imaps:
port: 993
targetPort: 993
metrics:
controller: metrics
ports:
metrics:
port: 9114
targetPort: 9114
serviceMonitor:
main:
selector:
matchLabels:
app.kubernetes.io/name: stalwart-metrics
app.kubernetes.io/instance: stalwart-metrics
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: metrics
interval: 30s
scrapeTimeout: 10s
path: /metrics
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- stalwart.alexlebens.net
rules:
- backendRefs:
- name: stalwart
port: 80
matches:
- path:
type: PathPrefix
value: /
persistence:
config:
forceRename: stalwart-config
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
advancedMounts:
main:
main:
- path: /opt/stalwart
readOnly: false
postgres-18-cluster:
mode: recovery
recovery:
method: objectStore
objectStore:
index: 1
backup:
objectStore:
- name: garage-local
index: 1
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 5 16 * * *"
backupName: garage-local
volsync-target-config:
pvcTarget: stalwart-config
local:
enabled: true
schedule: 28 11 * * *
remote:
enabled: true
schedule: 28 12 * * *
external:
enabled: true
schedule: 28 13 * * *

4
clusters/cl01tl/helm/tdarr/values.yaml
View File

@@ -12,7 +12,7 @@ tdarr:
main: main:
image: image:
repository: ghcr.io/haveagitgat/tdarr repository: ghcr.io/haveagitgat/tdarr
tag: 2.70.01@sha256:4d48a46fb984b29e07cf4fd66cf7d3c8bd7c2c8dd662d09b4e20e11ae93e52fc tag: 2.71.01@sha256:e66fd4083cd6024bc3e2d66cc1f07f84eeb1a66f57e75ca9354015a4b776413a
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago
@@ -68,7 +68,7 @@ tdarr:
main: main:
image: image:
repository: ghcr.io/haveagitgat/tdarr_node repository: ghcr.io/haveagitgat/tdarr_node
tag: 2.70.01@sha256:60176a6ffc7584edde5420b7e1816f60227aa166f159b58a721d34564075c6e4 tag: 2.71.01@sha256:fab0c179faac72727f5ca98ff33104596099feaef1faf72410159a51077b520b
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago

2
clusters/cl01tl/helm/tubearchivist/templates/elasticsearch.yaml
View File

@@ -8,7 +8,7 @@ metadata:
{{- include "custom.labels" . | nindent 4 }} {{- include "custom.labels" . | nindent 4 }}
spec: spec:
# renovate: datasource=docker depName=elasticsearch # renovate: datasource=docker depName=elasticsearch
version: 9.3.3 version: 9.3.4
auth: auth:
fileRealm: fileRealm:
- secretName: tubearchivist-elasticsearch-config - secretName: tubearchivist-elasticsearch-config

2
clusters/cl01tl/helm/vaultwarden/Chart.yaml
View File

@@ -33,4 +33,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/vaultwarden.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/vaultwarden.png
# renovate: datasource=github-releases depName=dani-garcia/vaultwarden # renovate: datasource=github-releases depName=dani-garcia/vaultwarden
appVersion: 1.35.8 appVersion: 1.36.0

2
clusters/cl01tl/helm/vaultwarden/values.yaml
View File

@@ -8,7 +8,7 @@ vaultwarden:
main: main:
image: image:
repository: ghcr.io/dani-garcia/vaultwarden repository: ghcr.io/dani-garcia/vaultwarden
tag: 1.35.8@sha256:c4f6056fe0c288a052a223cecd263a90d1dda1a0177bb5b054a363a6c7b211d9 tag: 1.36.0@sha256:d626d04934cd1192ad8ced1adb975099fca78cec33ab467d2d3c923cde7f3b0c
env: env:
- name: DOMAIN - name: DOMAIN
value: https://passwords.alexlebens.dev value: https://passwords.alexlebens.dev

3
hosts/ps08rp/blocky/config.yml
View File

@@ -111,7 +111,7 @@ customDNS:
komodo IN CNAME traefik-cl01tl komodo IN CNAME traefik-cl01tl
languagetool IN CNAME traefik-cl01tl languagetool IN CNAME traefik-cl01tl
lidarr IN CNAME traefik-cl01tl lidarr IN CNAME traefik-cl01tl
mail IN CNAME traefik-cl01tl loki IN CNAME traefik-cl01tl
medialyze IN CNAME traefik-cl01tl medialyze IN CNAME traefik-cl01tl
music-grabber IN CNAME traefik-cl01tl music-grabber IN CNAME traefik-cl01tl
navidrome IN CNAME traefik-cl01tl navidrome IN CNAME traefik-cl01tl
@@ -140,7 +140,6 @@ customDNS:
sonarr-4k IN CNAME traefik-cl01tl sonarr-4k IN CNAME traefik-cl01tl
sonarr-anime IN CNAME traefik-cl01tl sonarr-anime IN CNAME traefik-cl01tl
sparkyfitness IN CNAME traefik-cl01tl sparkyfitness IN CNAME traefik-cl01tl
stalwart IN CNAME traefik-cl01tl
tdarr IN CNAME traefik-cl01tl tdarr IN CNAME traefik-cl01tl
tubearchivist IN CNAME traefik-cl01tl tubearchivist IN CNAME traefik-cl01tl
vault IN CNAME traefik-cl01tl vault IN CNAME traefik-cl01tl

3
hosts/ps09rp/blocky/config.yml
View File

@@ -132,7 +132,7 @@ customDNS:
komodo IN CNAME traefik-cl01tl komodo IN CNAME traefik-cl01tl
languagetool IN CNAME traefik-cl01tl languagetool IN CNAME traefik-cl01tl
lidarr IN CNAME traefik-cl01tl lidarr IN CNAME traefik-cl01tl
mail IN CNAME traefik-cl01tl loki IN CNAME traefik-cl01tl
medialyze IN CNAME traefik-cl01tl medialyze IN CNAME traefik-cl01tl
music-grabber IN CNAME traefik-cl01tl music-grabber IN CNAME traefik-cl01tl
navidrome IN CNAME traefik-cl01tl navidrome IN CNAME traefik-cl01tl
@@ -161,7 +161,6 @@ customDNS:
sonarr-4k IN CNAME traefik-cl01tl sonarr-4k IN CNAME traefik-cl01tl
sonarr-anime IN CNAME traefik-cl01tl sonarr-anime IN CNAME traefik-cl01tl
sparkyfitness IN CNAME traefik-cl01tl sparkyfitness IN CNAME traefik-cl01tl
stalwart IN CNAME traefik-cl01tl
tdarr IN CNAME traefik-cl01tl tdarr IN CNAME traefik-cl01tl
tubearchivist IN CNAME traefik-cl01tl tubearchivist IN CNAME traefik-cl01tl
vault IN CNAME traefik-cl01tl vault IN CNAME traefik-cl01tl

40
renovate.json
View File

@@ -90,10 +90,10 @@
{ {
"description": "Specific app grouping overrides", "description": "Specific app grouping overrides",
"matchPackageNames": [ "matchPackageNames": [
"/(^|/|-)(argo-cd|bazarr|cilium|dawarich|element-web|home-assistant|immich|komodo|plex|postiz|prowlarr|radarr|rook-ceph|roundcube|rybbit|sonarr|sparkyfitness|stalwartlabs|tdarr|traefik)/", "/(^|/|-)(argo-cd|bazarr|cilium|dawarich|element-web|home-assistant|immich|komodo|plex|postiz|prowlarr|radarr|rook-ceph|rybbit|sonarr|sparkyfitness|tdarr|traefik)/",
"/^rook(-ceph|/rook|/ceph)/" "/^rook(-ceph|/rook|/ceph)/"
], ],
"groupName": "{{#if packageName}}{{{replace '^.*(argo-cd|bazarr|cilium|dawarich|element-web|home-assistant|immich|komodo|plex|postiz|prowlarr|radarr|rook-ceph|roundcube|rybbit|sonarr|sparkyfitness|stalwartlabs|tdarr|traefik).*$' '$1' packageName}}}{{else}}{{{replace '^.*(argo-cd|bazarr|cilium|dawarich|element-web|home-assistant|immich|komodo|plex|postiz|prowlarr|radarr|rook-ceph|roundcube|rybbit|sonarr|sparkyfitness|stalwartlabs|tdarr|traefik).*$' '$1' depName}}}{{/if}}", "groupName": "{{#if packageName}}{{{replace '^.*(argo-cd|bazarr|cilium|dawarich|element-web|home-assistant|immich|komodo|plex|postiz|prowlarr|radarr|rook-ceph|rybbit|sonarr|sparkyfitness|tdarr|traefik).*$' '$1' packageName}}}{{else}}{{{replace '^.*(argo-cd|bazarr|cilium|dawarich|element-web|home-assistant|immich|komodo|plex|postiz|prowlarr|radarr|rook-ceph|rybbit|sonarr|sparkyfitness|tdarr|traefik).*$' '$1' depName}}}{{/if}}",
"groupSlug": "unified-{{{groupName}}}" "groupSlug": "unified-{{{groupName}}}"
}, },
{ {
@@ -159,29 +159,39 @@
"minimumReleaseAge": "3 days" "minimumReleaseAge": "3 days"
}, },
{ {
"description": "Disable automerge for ghcr docker dependencies, unsupported release age", "description": "Automerge minor, specific packages, without release age",
"matchDatasources": [
"docker"
],
"matchPackageNames": [
"/^ghcr\\.io//"
],
"automerge": false
},
{
"description": "Automerge images, specific packages, without release age",
"matchUpdateTypes": [ "matchUpdateTypes": [
"patch",
"minor" "minor"
], ],
"matchPackageNames": [ "matchPackageNames": [
"ghcr.io/renovatebot/renovate", "/(^|/|-)(actual)/",
"ghcr.io/prometheus-community/charts/kube-prometheus-stack" "/(^|/|-)(kube-prometheus-stack)/",
"/(^|/|-)(lidarr)/",
"/(^|/|-)(medialyze|MediaLyze)/",
"/(^|/|-)(ollama)/",
"/(^|/|-)(radarr)/",
"/(^|/|-)(renovate)/",
"/(^|/|-)(sonarr)/",
"/(^|/|-)(tdarr)/"
], ],
"addLabels": [ "addLabels": [
"{{{datasource}}}", "{{{datasource}}}",
"automerge" "automerge"
], ],
"automerge": true "automerge": true
},
{
"description": "Disable minimum release age for ghcr and quay docker dependencies",
"matchDatasources": [
"docker"
],
"matchPackageNames": [
"/^ghcr\\.io//",
"/^quay\\.io//",
"/^harbor\\.alexlebens\\.net//"
],
"minimumReleaseAge": ""
} }
] ]
} }