feat: add template to detect authentik versioning

clusters/cl01tl/helm/audiobookshelf/Chart.yaml

@@ -7,11 +7,14 @@ keywords:
   - books
   - podcasts
   - audiobooks
-home: https://wiki.alexlebens.dev/s/d4d6719f-cd1c-4b6e-b78e-2d2d7a5097d7
+home: https://docs.alexlebens.dev/applications/audiobookshelf/
 sources:
   - https://github.com/advplyr/audiobookshelf
+  - https://github.com/caronc/apprise
   - https://github.com/advplyr/audiobookshelf/pkgs/container/audiobookshelf
+  - https://github.com/caronc/apprise-api/pkgs/container/apprise
   - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
+  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
 maintainers:
   - name: alexlebens
 dependencies:

clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml

@@ -14,8 +14,5 @@ spec:
   data:
     - secretKey: ntfy-url
       remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
         key: /cl01tl/audiobookshelf/apprise
-        metadataPolicy: None
         property: ntfy-url

clusters/cl01tl/helm/audiobookshelf/values.yaml

@@ -4,28 +4,25 @@ audiobookshelf:
       type: deployment
       replicas: 1
       strategy: Recreate
-      revisionHistoryLimit: 3
       containers:
         main:
           image:
             repository: ghcr.io/advplyr/audiobookshelf
-            tag: 2.33.1
-            pullPolicy: IfNotPresent
+            tag: 2.33.1@sha256:a4a5841bba093d81e5f4ad1eaedb4da3fda6dbb2528c552349da50ad1f7ae708
           env:
             - name: TZ
-              value: US/Central
+              value: America/Chicago
           resources:
             requests:
               cpu: 10m
-              memory: 128Mi
+              memory: 200Mi
         apprise-api:
           image:
-            repository: caronc/apprise
-            tag: v1.3.2
-            pullPolicy: IfNotPresent
+            repository: ghcr.io/caronc/apprise
+            tag: v1.3.2@sha256:1aafc2118b6eae5d70d17831d9a8a52adee7104fd6f2bb018e6421664699c903
           env:
             - name: TZ
-              value: US/Central
+              value: America/Chicago
             - name: PGID
               value: "1000"
             - name: PUID
@@ -41,10 +38,6 @@ audiobookshelf:
                 secretKeyRef:
                   name: audiobookshelf-apprise-config
                   key: ntfy-url
-          resources:
-            requests:
-              cpu: 10m
-              memory: 128Mi
   service:
     main:
       controller: main
@@ -82,11 +75,8 @@ audiobookshelf:
         - audiobookshelf.alexlebens.net
       rules:
         - backendRefs:
-            - group: ''
-              kind: Service
-              name: audiobookshelf
+            - name: audiobookshelf
               port: 80
-              weight: 100
           matches:
             - path:
                 type: PathPrefix
@@ -97,7 +87,6 @@ audiobookshelf:
       storageClass: ceph-block
       accessMode: ReadWriteOnce
       size: 2Gi
-      retain: true
       advancedMounts:
         main:
           main:
@@ -108,7 +97,6 @@ audiobookshelf:
       storageClass: ceph-block
       accessMode: ReadWriteOnce
       size: 10Gi
-      retain: true
       advancedMounts:
         main:
           main:

clusters/cl01tl/helm/authentik/Chart.yaml

@@ -6,10 +6,8 @@ keywords:
   - authentik
   - sso
   - oidc
-  - ldap
-  - idp
   - authentication
-home: https://wiki.alexlebens.dev/s/45ca5171-581f-41d2-b6fb-2b0915029a2d
+home: https://docs.alexlebens.dev/applications/authentik/
 sources:
   - https://github.com/goauthentik/authentik
   - https://github.com/cloudflare/cloudflared
@@ -17,6 +15,7 @@ sources:
   - https://github.com/goauthentik/helm
   - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
   - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
+  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
 maintainers:
   - name: alexlebens
 dependencies:

clusters/cl01tl/helm/authentik/templates/external-secret.yaml

@@ -14,8 +14,5 @@ spec:
   data:
     - secretKey: key
       remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
         key: /cl01tl/authentik/key
-        metadataPolicy: None
         property: key

clusters/cl01tl/helm/authentik/values.yaml

@@ -30,8 +30,23 @@ authentik:
     redis:
       host: authentik-valkey
   server:
-    name: server
-    replicas: 1
+    replicas: 2
+    resources:
+      requests:
+        cpu: 100m
+        memory: 700Mi
+    livenessProbe:
+      failureThreshold: 3
+      initialDelaySeconds: 15
+      periodSeconds: 10
+      successThreshold: 1
+      timeoutSeconds: 5
+    readinessProbe:
+      failureThreshold: 3
+      initialDelaySeconds: 15
+      periodSeconds: 10
+      successThreshold: 1
+      timeoutSeconds: 5
     metrics:
       enabled: true
       serviceMonitor:
@@ -39,8 +54,6 @@ authentik:
     route:
       main:
         enabled: true
-        apiVersion: gateway.networking.k8s.io/v1
-        kind: HTTPRoute
         hostnames:
           - authentik.alexlebens.net
         parentRefs:
@@ -48,21 +61,20 @@ authentik:
             kind: Gateway
             name: traefik-gateway
             namespace: traefik
-        httpsRedirect: false
-        matches:
-          - path:
-              type: PathPrefix
-              value: /
   worker:
     name: worker
-    replicas: 1
+    replicas: 2
+    resources:
+      requests:
+        cpu: 100m
+        memory: 512Mi
+    metrics:
+      enabled: true
+      serviceMonitor:
+        enabled: true
   prometheus:
     rules:
       enabled: true
-  postgresql:
-    enabled: false
-  redis:
-    enabled: false
 postgres-18-cluster:
   mode: recovery
   recovery:
@@ -76,32 +88,9 @@ postgres-18-cluster:
         destinationBucket: postgres-backups
         externalSecretCredentialPath: /garage/home-infra/postgres-backups
         isWALArchiver: true
-      # - name: garage-remote
-      #   index: 1
-      #   destinationBucket: postgres-backups
-      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
-      #   retentionPolicy: "90d"
-      #   data:
-      #     compression: bzip2
-      # - name: external
-      #   index: 1
-      #   endpointURL: https://nyc3.digitaloceanspaces.com
-      #   destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
-      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
-      #   isWALArchiver: false
     scheduledBackups:
       - name: live-backup
         suspend: false
         immediate: true
         schedule: "0 5 14 * * *"
         backupName: garage-local
-      # - name: weekly-backup
-      #   suspend: true
-      #   immediate: true
-      #   schedule: "0 0 4 * * SAT"
-      #   backupName: garage-remote
-      # - name: daily-backup
-      #   suspend: true
-      #   immediate: true
-      #   schedule: "0 0 0 * * *"
-      #   backupName: external

renovate.json

@@ -22,7 +22,8 @@
       ],
       "matchStrings": [
         "#\\s*renovate:\\s*datasource=(?<datasource>.*?) depName=(?<depName>.*?)\\s+appVersion:\\s*[\"']?(?<currentValue>[^\"'\\s]+)[\"']?"
-      ]
+      ],
+      "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver-coerced{{/if}}"
     },
     {
       "description": "Update images in templates",