Compare commits
1 Commits
main
...
04ad9cc56c
| Author | SHA1 | Date | |
|---|---|---|---|
04ad9cc56c
|
@@ -13,7 +13,7 @@ on:
|
||||
jobs:
|
||||
renovate:
|
||||
runs-on: ubuntu-latest
|
||||
container: ghcr.io/renovatebot/renovate:43.132.1@sha256:2ccc5b1f0340593c40e1598547aa98feee4e521a0906a423fe0be0431a733dfa
|
||||
container: ghcr.io/renovatebot/renovate:43.113.0@sha256:9dd3f426078a6ce9461c87264e4bcd1853698dc5ebb594fe5fab1f0afd25ef9b
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
||||
|
||||
@@ -2,5 +2,8 @@ dependencies:
|
||||
- name: app-template
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
digest: sha256:1c04c187e6cf768117f7f91f3a3b082937ad5854c1cf6a681ad7c02687cd543d
|
||||
generated: "2026-04-18T20:15:22.778699-05:00"
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:ff81b3d8fc831e4b8048f646fffcf597aa7410e52ecf27690eab8104047dbe6f
|
||||
generated: "2026-03-06T01:04:41.514235218Z"
|
||||
|
||||
@@ -18,10 +18,10 @@ dependencies:
|
||||
alias: actual
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
# - name: volsync-target
|
||||
# alias: volsync-target-data
|
||||
# version: 0.8.0
|
||||
# repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-data
|
||||
version: 0.8.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png
|
||||
# renovate: datasource=github-releases depName=actualbudget/actual
|
||||
appVersion: 26.4.0
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: argo-cd
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
version: 9.5.2
|
||||
digest: sha256:5d9e6405ee944bf94df6af247164ebb9b8899144853b9a7eafabe8606affe84e
|
||||
generated: "2026-04-19T19:53:40.43789-05:00"
|
||||
version: 9.5.0
|
||||
digest: sha256:69daada0822f796cd49eeda2d9e39dd5c0c42bb61b6898af68123c8c49f25fa1
|
||||
generated: "2026-04-08T22:05:49.003208408Z"
|
||||
|
||||
@@ -13,8 +13,8 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: argo-cd
|
||||
version: 9.5.2
|
||||
version: 9.5.0
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
|
||||
# renovate: datasource=github-releases depName=argoproj/argo-cd
|
||||
appVersion: v3.3.7
|
||||
appVersion: v3.3.6
|
||||
|
||||
@@ -1,42 +1,70 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: argocd-oidc-authentik
|
||||
name: argocd-oidc-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: argocd-oidc-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: secret
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/argocd
|
||||
key: /authentik/oidc/argocd
|
||||
property: secret
|
||||
- secretKey: client
|
||||
remoteRef:
|
||||
key: /cl01tk/authentik/oidc/argocd
|
||||
key: /authentik/oidc/argocd
|
||||
property: client
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: argocd-notifications-ntfy
|
||||
name: argocd-notifications-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: argocd-notifications-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ntfy-token
|
||||
remoteRef:
|
||||
key: /cl01tl/ntfy/users/cl01tl
|
||||
key: /ntfy/user/cl01tl
|
||||
property: token
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: argocd-gitea-repo-infrastructure-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: argocd-gitea-repo-infrastructure-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: type
|
||||
remoteRef:
|
||||
key: /cl01tl/argocd/credentials/repo/infrastructure
|
||||
property: type
|
||||
- secretKey: url
|
||||
remoteRef:
|
||||
key: /cl01tl/argocd/credentials/repo/infrastructure
|
||||
property: url
|
||||
- secretKey: sshPrivateKey
|
||||
remoteRef:
|
||||
key: /cl01tl/argocd/credentials/repo/infrastructure
|
||||
property: sshPrivateKey
|
||||
|
||||
@@ -13,8 +13,8 @@ argo-cd:
|
||||
connectors:
|
||||
- config:
|
||||
issuer: https://authentik.alexlebens.net/application/o/argocd/
|
||||
clientID: $argocd-oidc-authentik:client
|
||||
clientSecret: $argocd-oidc-authentik:secret
|
||||
clientID: $argocd-oidc-secret:client
|
||||
clientSecret: $argocd-oidc-secret:secret
|
||||
insecureEnableGroups: true
|
||||
scopes:
|
||||
- openid
|
||||
@@ -205,7 +205,7 @@ argo-cd:
|
||||
argocdUrl: https://argocd.alexlebens.net
|
||||
secret:
|
||||
create: false
|
||||
name: argocd-notifications-ntfy
|
||||
name: argocd-notifications-secret
|
||||
metrics:
|
||||
enabled: true
|
||||
serviceMonitor:
|
||||
|
||||
@@ -32,4 +32,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png
|
||||
# renovate: datasource=github-releases depName=advplyr/audiobookshelf
|
||||
appVersion: 2.33.2
|
||||
appVersion: 2.33.1
|
||||
|
||||
@@ -1,24 +1,18 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: audiobookshelf-config-apprise
|
||||
name: audiobookshelf-apprise-config
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: audiobookshelf-apprise-config
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
name: vault
|
||||
data:
|
||||
ntfy-url: "{{ `{{ .internal-endpoint-credential }}` }}/audiobookshelf"
|
||||
data:
|
||||
- secretKey: internal-endpoint-credential
|
||||
- secretKey: ntfy-url
|
||||
remoteRef:
|
||||
key: /cl01tl/ntfy/users/cl01tl
|
||||
property: internal-endpoint-credential
|
||||
key: /cl01tl/audiobookshelf/apprise
|
||||
property: ntfy-url
|
||||
|
||||
@@ -4,11 +4,11 @@ metadata:
|
||||
name: audiobookshelf-books-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: audiobookshelf-books-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeName: {{ .Template.Name }}
|
||||
volumeName: audiobookshelf-books-nfs-storage
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
@@ -23,11 +23,11 @@ metadata:
|
||||
name: audiobookshelf-audiobooks-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeName: {{ .Template.Name }}
|
||||
volumeName: audiobookshelf-audiobooks-nfs-storage
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
@@ -42,11 +42,11 @@ metadata:
|
||||
name: audiobookshelf-podcasts-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeName: {{ .Template.Name }}
|
||||
volumeName: audiobookshelf-podcasts-nfs-storage
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
|
||||
@@ -4,7 +4,7 @@ metadata:
|
||||
name: audiobookshelf-books-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: audiobookshelf-books-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
@@ -29,7 +29,7 @@ metadata:
|
||||
name: audiobookshelf-audiobooks-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
@@ -54,7 +54,7 @@ metadata:
|
||||
name: audiobookshelf-podcasts-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
|
||||
@@ -12,7 +12,7 @@ audiobookshelf:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/advplyr/audiobookshelf
|
||||
tag: 2.33.2@sha256:a44ed89b3e845faa1f7d353f2cc89b2fcd8011737dd14075fa963cf9468da3a5
|
||||
tag: 2.33.1@sha256:a4a5841bba093d81e5f4ad1eaedb4da3fda6dbb2528c552349da50ad1f7ae708
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
@@ -40,7 +40,7 @@ audiobookshelf:
|
||||
- name: APPRISE_STATELESS_URLS
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: audiobookshelf-config-apprise
|
||||
name: audiobookshelf-apprise-config
|
||||
key: ntfy-url
|
||||
service:
|
||||
main:
|
||||
|
||||
@@ -1,16 +1,16 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: authentik-key
|
||||
name: authentik-key-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: authentik-key-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: key
|
||||
remoteRef:
|
||||
|
||||
@@ -4,7 +4,7 @@ metadata:
|
||||
name: authentik-tailscale
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: authentik-tailscale
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
tailscale.com/proxy-class: no-metrics
|
||||
|
||||
@@ -4,7 +4,7 @@ metadata:
|
||||
name: allow-outpost-cross-namespace-access
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: allow-outpost-cross-namespace-access
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
|
||||
@@ -4,7 +4,7 @@ authentik:
|
||||
- name: AUTHENTIK_SECRET_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: authentik-key
|
||||
name: authentik-key-secret
|
||||
key: key
|
||||
- name: AUTHENTIK_POSTGRESQL__HOST
|
||||
valueFrom:
|
||||
|
||||
@@ -4,11 +4,11 @@ metadata:
|
||||
name: backrest-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: backrest-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeName: {{ .Template.Name }}
|
||||
volumeName: backrest-nfs-storage
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
@@ -23,11 +23,11 @@ metadata:
|
||||
name: backrest-nfs-share
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: backrest-nfs-share
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeName: {{ .Template.Name }}
|
||||
volumeName: backrest-nfs-share
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
|
||||
@@ -4,7 +4,7 @@ metadata:
|
||||
name: backrest-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: backrest-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
@@ -29,7 +29,7 @@ metadata:
|
||||
name: backrest-nfs-share
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: backrest-nfs-share
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
|
||||
@@ -1,16 +1,16 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: bazarr-key
|
||||
name: bazarr-key-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: bazarr-key-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: key
|
||||
remoteRef:
|
||||
|
||||
@@ -4,11 +4,11 @@ metadata:
|
||||
name: bazarr-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: bazarr-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeName: {{ .Template.Name }}
|
||||
volumeName: bazarr-nfs-storage
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
|
||||
@@ -4,7 +4,7 @@ metadata:
|
||||
name: bazarr-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: bazarr-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
|
||||
@@ -39,7 +39,7 @@ bazarr:
|
||||
- name: APIKEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: bazarr-key
|
||||
name: bazarr-key-secret
|
||||
key: key
|
||||
- name: ENABLE_ADDITIONAL_METRICS
|
||||
value: false
|
||||
|
||||
@@ -106,7 +106,6 @@ blocky:
|
||||
audiobookshelf IN CNAME traefik-cl01tl
|
||||
authentik IN CNAME traefik-cl01tl
|
||||
backrest IN CNAME traefik-cl01tl
|
||||
bao IN CNAME traefik-cl01tl
|
||||
bazarr IN CNAME traefik-cl01tl
|
||||
ceph IN CNAME traefik-cl01tl
|
||||
dawarich IN CNAME traefik-cl01tl
|
||||
@@ -161,7 +160,6 @@ blocky:
|
||||
sonarr IN CNAME traefik-cl01tl
|
||||
sonarr-4k IN CNAME traefik-cl01tl
|
||||
sonarr-anime IN CNAME traefik-cl01tl
|
||||
sparkyfitness IN CNAME traefik-cl01tl
|
||||
stalwart IN CNAME traefik-cl01tl
|
||||
tdarr IN CNAME traefik-cl01tl
|
||||
tubearchivist IN CNAME traefik-cl01tl
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: cert-manager
|
||||
repository: https://charts.jetstack.io
|
||||
version: v1.20.2
|
||||
digest: sha256:f218239b4538c64d57e098a56c69dcbc4e076ffcc3d320c5a5fef1e6309e38cf
|
||||
generated: "2026-04-13T23:02:59.380767677Z"
|
||||
version: v1.20.1
|
||||
digest: sha256:1bf36eba44cf096b40355a697b8cffb302f07f9135374222aabdf686f017b7a9
|
||||
generated: "2026-03-28T01:35:24.542754563Z"
|
||||
|
||||
@@ -13,8 +13,8 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: cert-manager
|
||||
version: v1.20.2
|
||||
version: v1.20.1
|
||||
repository: https://charts.jetstack.io
|
||||
icon: https://raw.githubusercontent.com/cert-manager/cert-manager/refs/heads/master/logo/logo.png
|
||||
# renovate: datasource=github-releases depName=cert-manager/cert-manager
|
||||
appVersion: v1.20.2
|
||||
appVersion: v1.20.1
|
||||
|
||||
@@ -4,7 +4,7 @@ metadata:
|
||||
name: letsencrypt-issuer
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: letsencrypt-issuer
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
|
||||
@@ -4,15 +4,15 @@ metadata:
|
||||
name: cloudflare-api-token
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: cloudflare-api-token
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: api-token
|
||||
remoteRef:
|
||||
key: /cloudflare/alexlebens.net/cl01tl-issuer-certificate
|
||||
key: /cloudflare/alexlebens.net/clusterissuer
|
||||
property: token
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
# name: cilium-bgp-advertisements
|
||||
# namespace: {{ .Release.Namespace }}
|
||||
# labels:
|
||||
# app.kubernetes.io/name: {{ .Template.Name }}
|
||||
# app.kubernetes.io/name: cilium-bgp-advertisements
|
||||
# app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
# app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
# spec:
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
# name: cilium-bgp
|
||||
# namespace: {{ .Release.Namespace }}
|
||||
# labels:
|
||||
# app.kubernetes.io/name: {{ .Template.Name }}
|
||||
# app.kubernetes.io/name: cilium-bgp
|
||||
# app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
# app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
# spec:
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
# name: cilium-peer
|
||||
# namespace: {{ .Release.Namespace }}
|
||||
# labels:
|
||||
# app.kubernetes.io/name: {{ .Template.Name }}
|
||||
# app.kubernetes.io/name: cilium-peer
|
||||
# app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
# app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
# spec:
|
||||
|
||||
@@ -4,7 +4,7 @@ metadata:
|
||||
name: default-ip-pool
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: default-ip-pool
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
@@ -19,7 +19,7 @@ metadata:
|
||||
name: bgp-ip-pool
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: bgp-ip-pool
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
# name: cilium-tls-gateway
|
||||
# namespace: {{ .Release.Namespace }}
|
||||
# labels:
|
||||
# app.kubernetes.io/name: {{ .Template.Name }}
|
||||
# app.kubernetes.io/name: cilium-tls-gateway
|
||||
# app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
# app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
# annotations:
|
||||
|
||||
@@ -4,7 +4,7 @@ metadata:
|
||||
name: hubble
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: hubble
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
|
||||
@@ -4,6 +4,6 @@ dependencies:
|
||||
version: 0.28.0
|
||||
- name: plugin-barman-cloud
|
||||
repository: https://cloudnative-pg.io/charts/
|
||||
version: 0.6.0
|
||||
digest: sha256:48241acb753e635a01b306b90cfbce13ed3c0105a33ec7d36f159e3a7fe607f3
|
||||
generated: "2026-04-14T09:03:10.332065288Z"
|
||||
version: 0.5.0
|
||||
digest: sha256:3e9b26d00fdb61af60f003bcb327e05d02799eb6088e30aaabd01c49c6021aac
|
||||
generated: "2026-04-01T20:05:40.198140255Z"
|
||||
|
||||
@@ -20,7 +20,7 @@ dependencies:
|
||||
version: 0.28.0
|
||||
repository: https://cloudnative-pg.io/charts/
|
||||
- name: plugin-barman-cloud
|
||||
version: 0.6.0
|
||||
version: 0.5.0
|
||||
repository: https://cloudnative-pg.io/charts/
|
||||
icon: https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg.github.io/refs/heads/main/assets/images/hero_image.png
|
||||
# renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg
|
||||
|
||||
@@ -1,16 +1,16 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: dawarich-key
|
||||
name: dawarich-key-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: dawarich-key-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: key
|
||||
remoteRef:
|
||||
@@ -21,22 +21,22 @@ spec:
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: dawarich-oidc-authentik
|
||||
name: dawarich-oidc-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: dawarich-oidc-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: client
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/dawarich
|
||||
key: /authentik/oidc/dawarich
|
||||
property: client
|
||||
- secretKey: secret
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/dawarich
|
||||
key: /authentik/oidc/dawarich
|
||||
property: secret
|
||||
|
||||
@@ -61,12 +61,12 @@ dawarich:
|
||||
- name: OIDC_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-oidc-authentik
|
||||
name: dawarich-oidc-secret
|
||||
key: client
|
||||
- name: OIDC_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-oidc-authentik
|
||||
name: dawarich-oidc-secret
|
||||
key: secret
|
||||
- name: OIDC_PROVIDER_NAME
|
||||
value: Authentik
|
||||
@@ -81,7 +81,7 @@ dawarich:
|
||||
- name: SECRET_KEY_BASE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-key
|
||||
name: dawarich-key-secret
|
||||
key: key
|
||||
- name: RAILS_LOG_TO_STDOUT
|
||||
value: true
|
||||
|
||||
@@ -29,4 +29,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
|
||||
# renovate: datasource=github-releases depName=directus/directus
|
||||
appVersion: 11.17.3
|
||||
appVersion: 11.17.2
|
||||
|
||||
@@ -8,7 +8,7 @@ directus:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/directus/directus
|
||||
tag: 11.17.3@sha256:ae6ab737fd04077d295bbefa545cc4aefccc206e3d0120c83812f9b482a8c9a5
|
||||
tag: 11.17.2@sha256:5e5978377f1cc9820ffc5b92597da1573a1350ea57f8aba42efd999139993874
|
||||
env:
|
||||
- name: PUBLIC_URL
|
||||
value: https://directus.alexlebens.net
|
||||
|
||||
@@ -18,4 +18,4 @@ dependencies:
|
||||
repository: https://charts.external-secrets.io
|
||||
icon: https://raw.githubusercontent.com/external-secrets/external-secrets/refs/heads/main/assets/eso-logo-large.png
|
||||
# renovate: datasource=github-releases depName=external-secrets/external-secrets
|
||||
appVersion: v2.3.0
|
||||
appVersion: vv2.3.0
|
||||
|
||||
@@ -1,17 +0,0 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: external-secrets
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: external-secrets
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: system:auth-delegator
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: external-secrets
|
||||
namespace: {{ .Release.Namespace }}
|
||||
@@ -17,29 +17,3 @@ spec:
|
||||
namespace: vault
|
||||
name: vault-token
|
||||
key: token
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ClusterSecretStore
|
||||
metadata:
|
||||
name: openbao
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: openbao
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
provider:
|
||||
vault:
|
||||
server: http://openbao-internal.openbao:8200
|
||||
path: secret
|
||||
version: v2
|
||||
auth:
|
||||
kubernetes:
|
||||
mountPath: kubernetes
|
||||
role: external-secrets
|
||||
serviceAccountRef:
|
||||
name: external-secrets
|
||||
namespace: {{ .Release.Name }}
|
||||
audiences:
|
||||
- openbao
|
||||
|
||||
@@ -70,7 +70,7 @@ foldergram:
|
||||
forceRename: foldergram-data
|
||||
storageClass: synology-iscsi-delete
|
||||
accessMode: ReadWriteOnce
|
||||
size: 250Gi
|
||||
size: 100Gi
|
||||
advancedMounts:
|
||||
main:
|
||||
main:
|
||||
|
||||
@@ -21,4 +21,4 @@ dependencies:
|
||||
version: 4.6.2
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/garage.png
|
||||
# renovate: datasource=docker depName=dxflrs/garage
|
||||
appVersion: v2.3.0
|
||||
appVersion: v2.2.0
|
||||
|
||||
@@ -21,7 +21,7 @@ garage:
|
||||
main:
|
||||
image:
|
||||
repository: dxflrs/garage
|
||||
tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690
|
||||
tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: garage-token-secret
|
||||
@@ -50,7 +50,7 @@ garage:
|
||||
main:
|
||||
image:
|
||||
repository: dxflrs/garage
|
||||
tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690
|
||||
tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: garage-token-secret
|
||||
@@ -79,7 +79,7 @@ garage:
|
||||
main:
|
||||
image:
|
||||
repository: dxflrs/garage
|
||||
tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690
|
||||
tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: garage-token-secret
|
||||
|
||||
@@ -155,8 +155,8 @@ gatus:
|
||||
- name: searxng
|
||||
url: https://searxng.alexlebens.net
|
||||
<<: *defaults
|
||||
- name: sparkyfitness
|
||||
url: https://sparkyfitness.alexlebens.net
|
||||
- name: roundcube
|
||||
url: https://mail.alexlebens.net
|
||||
<<: *defaults
|
||||
- name: paperless-ngx
|
||||
url: https://paperless-ngx.alexlebens.net
|
||||
@@ -212,9 +212,6 @@ gatus:
|
||||
- name: authentik
|
||||
url: https://authentik.alexlebens.net
|
||||
<<: *defaults
|
||||
- name: roundcube
|
||||
url: https://mail.alexlebens.net
|
||||
<<: *defaults
|
||||
- name: stalwart
|
||||
url: https://stalwart.alexlebens.net
|
||||
<<: *defaults
|
||||
@@ -266,9 +263,6 @@ gatus:
|
||||
- name: vault
|
||||
url: https://vault.alexlebens.net
|
||||
<<: *defaults
|
||||
- name: openbao
|
||||
url: https://bao.alexlebens.net
|
||||
<<: *defaults
|
||||
- name: backrest
|
||||
url: https://backrest.alexlebens.net
|
||||
<<: *defaults
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: generic-device-plugin
|
||||
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
|
||||
version: 0.20.31
|
||||
digest: sha256:2e073f735a5ff699844eb67715ab20d403261b3e9c035ebdc4292cee9666b4f4
|
||||
generated: "2026-04-15T01:16:30.361061773Z"
|
||||
version: 0.20.29
|
||||
digest: sha256:927c4aaf7484f3522ecd92d456f184555f4c742adc1c63b32a149cbb847e9eee
|
||||
generated: "2026-04-10T17:19:10.852938614Z"
|
||||
|
||||
@@ -14,6 +14,6 @@ maintainers:
|
||||
dependencies:
|
||||
- name: generic-device-plugin
|
||||
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
|
||||
version: 0.20.31
|
||||
version: 0.20.29
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
|
||||
appVersion: 1.0.0
|
||||
|
||||
@@ -1,13 +1,13 @@
|
||||
dependencies:
|
||||
- name: gitea
|
||||
repository: https://dl.gitea.com/charts/
|
||||
version: 12.5.3
|
||||
version: 12.5.0
|
||||
- name: actions
|
||||
repository: https://dl.gitea.com/charts/
|
||||
version: 0.1.0
|
||||
version: 0.0.5
|
||||
- name: meilisearch
|
||||
repository: https://meilisearch.github.io/meilisearch-kubernetes
|
||||
version: 0.32.0
|
||||
version: 0.30.0
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.5.0
|
||||
@@ -23,5 +23,5 @@ dependencies:
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:2144d55ea34ba25bd81c1e479ee5cd27097fafb5676b96e63aa0e32ad2868925
|
||||
generated: "2026-04-16T20:09:26.031592859Z"
|
||||
digest: sha256:c2d6fcbbaffacda0598d81d7d3745e83040d59525ecaccd35d57dce773cf5309
|
||||
generated: "2026-04-13T20:33:29.673072156Z"
|
||||
|
||||
@@ -26,14 +26,14 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: gitea
|
||||
version: 12.5.3
|
||||
version: 12.5.0
|
||||
repository: https://dl.gitea.com/charts/
|
||||
- name: actions
|
||||
alias: gitea-actions
|
||||
repository: https://dl.gitea.com/charts/
|
||||
version: 0.1.0
|
||||
version: 0.0.5
|
||||
- name: meilisearch
|
||||
version: 0.32.0
|
||||
version: 0.30.0
|
||||
repository: https://meilisearch.github.io/meilisearch-kubernetes
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
@@ -56,4 +56,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/gitea.png
|
||||
# renovate: datasource=github-releases depName=go-gitea/gitea
|
||||
appVersion: 1.26.0
|
||||
appVersion: 1.25.5
|
||||
|
||||
@@ -194,7 +194,7 @@ gitea-actions:
|
||||
registry: docker.io
|
||||
repository: gitea/act_runner
|
||||
# renovate: datasource=docker depName=gitea/act_runner
|
||||
tag: 0.4.1@sha256:696a59b51ad3d149521e3beb0229d5fb88f87295e1616f940199793274415b56
|
||||
tag: 0.3.1@sha256:c2a169c5e99864c25e32527cef3d82203225e09558773022bf3dc164a2e6d762
|
||||
extraVolumeMounts:
|
||||
- name: workspace-vol
|
||||
mountPath: /workspace
|
||||
|
||||
@@ -567,25 +567,6 @@ spec:
|
||||
resyncPeriod: 6h
|
||||
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/ntfy.json
|
||||
|
||||
---
|
||||
apiVersion: grafana.integreatly.org/v1beta1
|
||||
kind: GrafanaDashboard
|
||||
metadata:
|
||||
name: grafana-dashboard-openbao
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-openbao
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
app: grafana-main
|
||||
contentCacheDuration: 6h
|
||||
folderUID: grafana-folder-platform
|
||||
resyncPeriod: 6h
|
||||
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/openbao.json
|
||||
|
||||
---
|
||||
apiVersion: grafana.integreatly.org/v1beta1
|
||||
kind: GrafanaDashboard
|
||||
|
||||
@@ -12,6 +12,8 @@ headlamp:
|
||||
enabled: true
|
||||
name: headlamp-oidc-secret
|
||||
watchPlugins: true
|
||||
# Bypasses: https://github.com/kubernetes-sigs/headlamp/issues/4883
|
||||
sessionTTL: null
|
||||
httpRoute:
|
||||
enabled: true
|
||||
parentRefs:
|
||||
|
||||
@@ -24,4 +24,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/home-assistant.png
|
||||
# renovate: datasource=github-releases depName=home-assistant/core
|
||||
appVersion: 2026.4.3
|
||||
appVersion: 2026.4.2
|
||||
|
||||
@@ -12,7 +12,7 @@ home-assistant:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/home-assistant/home-assistant
|
||||
tag: 2026.4.3@sha256:ae0800c81fea16bc1241ce03bddb9c6260566e90f58b09d3e5a629e4f68bdc0b
|
||||
tag: 2026.4.2@sha256:4c940155cfd5b0187a6faee2db5d52b98bb573edc1aeee95d0818bb17b6534d7
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
@@ -23,7 +23,7 @@ home-assistant:
|
||||
code-server:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/code-server
|
||||
tag: 4.116.0-ls333@sha256:4620adace18935dd6ca79d77e3bc1c379e21875392192f970cf5d6b0fb4aefcd
|
||||
tag: 4.115.0-ls331@sha256:308f49acac8734542560f797d79b15e4c872c4d3f97d1b22862633fcce2af62a
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -285,11 +285,11 @@ homepage:
|
||||
href: https://searxng.alexlebens.net/
|
||||
siteMonitor: http://searxng-browser.searxng:80
|
||||
statusStyle: dot
|
||||
- Fitness Tracker:
|
||||
icon: sh-sparkyfitness.webp
|
||||
description: Sparky Fitness
|
||||
href: https://sparkyfitness.alexlebens.net
|
||||
siteMonitor: http://sparkyfitness-frontend.sparkyfitness:80
|
||||
- Email:
|
||||
icon: sh-roundcube.webp
|
||||
description: Roundcube
|
||||
href: https://mail.alexlebens.net
|
||||
siteMonitor: http://roundcube.roundcube:80
|
||||
statusStyle: dot
|
||||
- Documents:
|
||||
icon: sh-paperless-ngx.webp
|
||||
@@ -487,13 +487,7 @@ homepage:
|
||||
href: https://authentik.alexlebens.net
|
||||
siteMonitor: http://authentik-server.authentik:80
|
||||
statusStyle: dot
|
||||
- Email Client:
|
||||
icon: sh-roundcube.webp
|
||||
description: Roundcube
|
||||
href: https://mail.alexlebens.net
|
||||
siteMonitor: http://roundcube.roundcube:80
|
||||
statusStyle: dot
|
||||
- Email Server:
|
||||
- Email:
|
||||
icon: sh-stalwart.webp
|
||||
description: Stalwart
|
||||
href: https://stalwart.alexlebens.net
|
||||
@@ -637,18 +631,6 @@ homepage:
|
||||
app.kubernetes.io/instance in (
|
||||
vault
|
||||
)
|
||||
- Secrets:
|
||||
icon: sh-openbao.webp
|
||||
description: OpenBao
|
||||
href: https://bao.alexlebens.net
|
||||
siteMonitor: http://openbao.openbao:8200
|
||||
statusStyle: dot
|
||||
namespace: openbao
|
||||
app: openbao
|
||||
podSelector: >-
|
||||
app.kubernetes.io/instance in (
|
||||
openbao
|
||||
)
|
||||
- Backups:
|
||||
icon: sh-backrest-light.webp
|
||||
description: Backrest
|
||||
|
||||
@@ -25,4 +25,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/houndarr.png
|
||||
# renovate: datasource=github-releases depName=av1155/houndarr
|
||||
appVersion: v1.9.0
|
||||
appVersion: v1.7.0
|
||||
|
||||
@@ -8,7 +8,7 @@ houndarr:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/av1155/houndarr
|
||||
tag: v1.9.0@sha256:2a9c9e0de43412f683f00cce6f5d0f3e059b27e50350434ae4029ade720e85a0
|
||||
tag: v1.7.0@sha256:8ae2a8b86497cbc54d11591c12220f3be3319039c2bdd0c8b041b2b7c2fd7943
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -4,9 +4,9 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: meilisearch
|
||||
repository: https://meilisearch.github.io/meilisearch-kubernetes
|
||||
version: 0.32.0
|
||||
version: 0.30.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:09e0de3cf33b4b463b07237d547172ad72fcc77c0fcb8e5ed7542f9ee3b1df3a
|
||||
generated: "2026-04-16T14:10:45.330521031Z"
|
||||
digest: sha256:32b9a206e77eabcdf1bbbc4d7e93067c40d6a621e4a07c1827e4d23961e2d82b
|
||||
generated: "2026-03-30T16:13:40.879082765Z"
|
||||
|
||||
@@ -22,7 +22,7 @@ dependencies:
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
- name: meilisearch
|
||||
version: 0.32.0
|
||||
version: 0.30.0
|
||||
repository: https://meilisearch.github.io/meilisearch-kubernetes
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
|
||||
@@ -29,4 +29,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/jellystat.png
|
||||
# renovate: datasource=github-releases depName=CyferShepard/Jellystat
|
||||
appVersion: 1.1.10
|
||||
appVersion: 1.1.9
|
||||
|
||||
@@ -8,7 +8,7 @@ jellystat:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/cyfershepard/jellystat
|
||||
tag: 1.1.10@sha256:bb7ebe42424dedeff52d8da4130232d67e3fdd6dc2dd4a66091e32ddd835ea42
|
||||
tag: 1.1.9@sha256:f7f56aabad139faa996b8bb21a36dd3e65f7c87e10408921815b95a28a4efbaf
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -4,12 +4,12 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: meilisearch
|
||||
repository: https://meilisearch.github.io/meilisearch-kubernetes
|
||||
version: 0.32.0
|
||||
version: 0.30.0
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:a5074b9aa3d0ad4e8e3f0d5d10e92e7112bf1fd263d6bade8ae47e36d544cb6d
|
||||
generated: "2026-04-16T14:11:10.620563905Z"
|
||||
digest: sha256:9939407bba4f0ac9d5ed47250490d0a80dc48881cfeb7bc924ece655fa0b5b05
|
||||
generated: "2026-04-10T01:17:47.911315172Z"
|
||||
|
||||
@@ -23,7 +23,7 @@ dependencies:
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
- name: meilisearch
|
||||
version: 0.32.0
|
||||
version: 0.30.0
|
||||
repository: https://meilisearch.github.io/meilisearch-kubernetes
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
dependencies:
|
||||
- name: kube-prometheus-stack
|
||||
repository: oci://ghcr.io/prometheus-community/charts
|
||||
version: 83.6.0
|
||||
version: 83.4.1
|
||||
- name: prometheus-operator-crds
|
||||
repository: oci://ghcr.io/prometheus-community/charts
|
||||
version: 28.0.1
|
||||
@@ -11,5 +11,5 @@ dependencies:
|
||||
- name: valkey
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.1
|
||||
digest: sha256:f80cb9a91bb13c3538ffdf4bc95b0750202a76167b05a3958f5aff2220484b0c
|
||||
generated: "2026-04-17T16:10:54.211656328Z"
|
||||
digest: sha256:cdc5f72d9531ec26bfa06a71819a17ba9944ceb6ec8fbf67d3ac8f22431535a5
|
||||
generated: "2026-04-13T22:34:25.816994271Z"
|
||||
|
||||
@@ -20,7 +20,7 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: kube-prometheus-stack
|
||||
version: 83.6.0
|
||||
version: 83.4.1
|
||||
repository: oci://ghcr.io/prometheus-community/charts
|
||||
- name: prometheus-operator-crds
|
||||
version: 28.0.1
|
||||
|
||||
@@ -26,4 +26,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/libation.png
|
||||
# renovate: datasource=github-releases depName=rmcrackan/Libation
|
||||
appVersion: 13.3.4
|
||||
appVersion: 13.3.3
|
||||
|
||||
@@ -12,7 +12,7 @@ libation:
|
||||
main:
|
||||
image:
|
||||
repository: rmcrackan/libation
|
||||
tag: 13.3.4@sha256:eb0357e8a880ed0049dffd2a99a9d2eda322ed33b3b9e16f4fb93eb15275f396
|
||||
tag: 13.3.3@sha256:fbeb84916c81b654412801367b7e96796ffdba83d987a1ed5fed9896cf7cabee
|
||||
env:
|
||||
- name: SLEEP_TIME
|
||||
value: "-1"
|
||||
@@ -30,7 +30,7 @@ libation:
|
||||
main:
|
||||
image:
|
||||
repository: ubuntu
|
||||
tag: resolute-20260413@sha256:5e275723f82c67e387ba9e3c24baa0abdcb268917f276a0561c97bef9450d0b4
|
||||
tag: resolute-20260404@sha256:cc925e589b7543b910fea57a240468940003fbfc0515245a495dd0ad8fe7cef1
|
||||
command:
|
||||
- "sleep"
|
||||
- "infinity"
|
||||
|
||||
@@ -14,7 +14,7 @@ lidarr:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/lidarr
|
||||
tag: 3.1.2-nightly@sha256:9ec74111343f3648f2ab9a80931e05f1695622ff5a2587f1f2006e0415322a65
|
||||
tag: 3.1.2-nightly@sha256:2b602738585d64c62e119073c631e50872f07595d2d90936a9186f2989cb2eda
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -133,7 +133,7 @@ matrix-synapse:
|
||||
gid: 666
|
||||
image:
|
||||
repository: alpine
|
||||
tag: 3.23.4@sha256:c7989ac7a27b473e1795973c98d714f62b4dd0b134594d36880505ce0bfd716b
|
||||
tag: 3.23.3@sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659
|
||||
ingress:
|
||||
enabled: false
|
||||
gateway:
|
||||
@@ -332,7 +332,7 @@ mautrix-whatsapp:
|
||||
main:
|
||||
image:
|
||||
repository: dock.mau.dev/mautrix/whatsapp
|
||||
tag: v0.2604.0@sha256:9f28c04c746af9fe8e93163489dae0f4191626e2ca02a9302df62afbeefc9eba
|
||||
tag: v0.2603.0@sha256:b49009312361d9ea0d7090716fd09f2323f477b32bd119648c6ca2d558a3e236
|
||||
resources:
|
||||
requests:
|
||||
cpu: 1m
|
||||
|
||||
@@ -24,4 +24,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://raw.githubusercontent.com/frederikemmer/MediaLyze/d8f69c0628bac7c047b90f91a66341648029c273/frontend/public/favicon.svg
|
||||
# renovate: datasource=github-releases depName=frederikemmer/MediaLyze
|
||||
appVersion: 0.8.0
|
||||
appVersion: 0.6.0
|
||||
|
||||
@@ -12,7 +12,7 @@ medialyze:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/frederikemmer/medialyze
|
||||
tag: 0.8.0@sha256:80aa5ce70d8644ce8321f97856a1c0ede5dfeaaba305c514ceefebf89c8985ef
|
||||
tag: 0.6.0@sha256:7bf772454c7baeaf5c86ad59eee7fe59ef47b5366248e253647cfc79642a72bf
|
||||
env:
|
||||
- name: HOST_PORT
|
||||
value: 8080
|
||||
|
||||
@@ -24,4 +24,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/music-grabber.png
|
||||
# renovate: datasource=docker depName=g33kphr33k/musicgrabber
|
||||
appVersion: 2.6.5
|
||||
appVersion: 2.6.1
|
||||
|
||||
@@ -12,7 +12,7 @@ music-grabber:
|
||||
main:
|
||||
image:
|
||||
repository: g33kphr33k/musicgrabber
|
||||
tag: 2.6.5@sha256:5d276415a764a56955207ae41fe2df3341a152812fdf8a87e7c0b7e4e1fb681d
|
||||
tag: 2.6.1@sha256:52b81df8e69062b4023a416fa4168d4bc0e6d8fba48901a5a5a3080bdd748696
|
||||
env:
|
||||
- name: MUSIC_DIR
|
||||
value: /mnt/store/Music Grabber/
|
||||
|
||||
@@ -12,7 +12,7 @@ navidrome:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/navidrome/navidrome
|
||||
tag: 0.61.2@sha256:9fa40b3d8dec43ceb2213d1fa551da3dcfef6ac6d19c2e534efb92527c2bafd2
|
||||
tag: 0.61.1@sha256:1e1660054a856cc09f227d6929252e45a519fdb16004b464dd637f7294ca3ec1
|
||||
env:
|
||||
- name: ND_MUSICFOLDER
|
||||
value: /music
|
||||
|
||||
@@ -31,4 +31,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png
|
||||
# renovate: datasource=github-releases depName=ollama/ollama
|
||||
appVersion: 0.21.0
|
||||
appVersion: 0.20.6
|
||||
|
||||
@@ -21,7 +21,7 @@ ollama:
|
||||
main:
|
||||
image:
|
||||
repository: ollama/ollama
|
||||
tag: 0.21.0@sha256:d3d553bdfbcc7f55dd5ddf42c4cbe3a927aa9bb1802710d35e94656ca5aea02b
|
||||
tag: 0.20.6@sha256:d5034f60974be528e0a5523ba5e89156e4a9ffd12d0b2b18475fb148237f3d4c
|
||||
env:
|
||||
- name: OLLAMA_KEEP_ALIVE
|
||||
value: 24h
|
||||
@@ -55,7 +55,7 @@ ollama:
|
||||
main:
|
||||
image:
|
||||
repository: ollama/ollama
|
||||
tag: 0.21.0@sha256:d3d553bdfbcc7f55dd5ddf42c4cbe3a927aa9bb1802710d35e94656ca5aea02b
|
||||
tag: 0.20.6@sha256:d5034f60974be528e0a5523ba5e89156e4a9ffd12d0b2b18475fb148237f3d4c
|
||||
env:
|
||||
- name: OLLAMA_KEEP_ALIVE
|
||||
value: 24h
|
||||
@@ -89,7 +89,7 @@ ollama:
|
||||
main:
|
||||
image:
|
||||
repository: ollama/ollama
|
||||
tag: 0.21.0@sha256:d3d553bdfbcc7f55dd5ddf42c4cbe3a927aa9bb1802710d35e94656ca5aea02b
|
||||
tag: 0.20.6@sha256:d5034f60974be528e0a5523ba5e89156e4a9ffd12d0b2b18475fb148237f3d4c
|
||||
env:
|
||||
- name: OLLAMA_KEEP_ALIVE
|
||||
value: 24h
|
||||
|
||||
@@ -1,9 +0,0 @@
|
||||
dependencies:
|
||||
- name: openbao
|
||||
repository: https://openbao.github.io/openbao-helm
|
||||
version: 0.27.1
|
||||
- name: app-template
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
digest: sha256:2a48dda8dad91d967fceeec4c50d3358f58b0255ba823e04bea726bf187f8f40
|
||||
generated: "2026-04-15T19:55:47.720376-05:00"
|
||||
@@ -1,30 +0,0 @@
|
||||
apiVersion: v2
|
||||
name: openbao
|
||||
version: 1.0.0
|
||||
description: OpenBao
|
||||
keywords:
|
||||
- openbao
|
||||
- secrets
|
||||
home: https://docs.alexlebens.dev/applications/openbao/
|
||||
sources:
|
||||
- https://github.com/openbao/openbao
|
||||
- https://github.com/lrstanley/vault-unseal
|
||||
- https://quay.io/repository/openbao/openbao?tab=tags
|
||||
- https://quay.io/repository/openbao/openbao-csi-provider?tab=tags
|
||||
- https://github.com/openbao/openbao-snapshot-agent/pkgs/container/openbao-snapshot-agent
|
||||
- https://github.com/lrstanley/vault-unseal/pkgs/container/vault-unseal
|
||||
- https://github.com/openbao/openbao-helm/tree/main/charts/openbao
|
||||
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
|
||||
maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: openbao
|
||||
version: 0.27.1
|
||||
repository: https://openbao.github.io/openbao-helm
|
||||
- name: app-template
|
||||
alias: unseal
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/openbao.png
|
||||
# renovate: datasource=github-releases depName=openbao/openbao
|
||||
appVersion: v2.5.2
|
||||
@@ -1,166 +0,0 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: openbao-snapshot-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: openbao-snapshot-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
key: /garage/home-infra/openbao-backups
|
||||
property: ACCESS_KEY_ID
|
||||
- secretKey: ACCESS_REGION
|
||||
remoteRef:
|
||||
key: /garage/home-infra/openbao-backups
|
||||
property: ACCESS_REGION
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
key: /garage/home-infra/openbao-backups
|
||||
property: ACCESS_SECRET_KEY
|
||||
- secretKey: BUCKET
|
||||
remoteRef:
|
||||
key: /garage/home-infra/openbao-backups
|
||||
property: BUCKET
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: openbao-unseal-config-1
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: openbao-unseal-config-1
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ENVIRONMENT
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: ENVIRONMENT
|
||||
- secretKey: NODES
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: NODES
|
||||
- secretKey: TOKENS
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: TOKENS_1
|
||||
- secretKey: NOTIFY_QUEUE_URLS
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: NOTIFY_QUEUE_URLS
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: openbao-unseal-config-2
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: openbao-unseal-config-2
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ENVIRONMENT
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: ENVIRONMENT
|
||||
- secretKey: NODES
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: NODES
|
||||
- secretKey: TOKENS
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: TOKENS_2
|
||||
- secretKey: NOTIFY_QUEUE_URLS
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: NOTIFY_QUEUE_URLS
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: openbao-unseal-config-3
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: openbao-unseal-config-3
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ENVIRONMENT
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: ENVIRONMENT
|
||||
- secretKey: NODES
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: NODES
|
||||
- secretKey: TOKENS
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: TOKENS_3
|
||||
- secretKey: NOTIFY_QUEUE_URLS
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: NOTIFY_QUEUE_URLS
|
||||
|
||||
# ---
|
||||
# apiVersion: external-secrets.io/v1
|
||||
# kind: ExternalSecret
|
||||
# metadata:
|
||||
# name: openbao-token
|
||||
# namespace: {{ .Release.Namespace }}
|
||||
# labels:
|
||||
# app.kubernetes.io/name: openbao-token
|
||||
# app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
# app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
# spec:
|
||||
# secretStoreRef:
|
||||
# kind: ClusterSecretStore
|
||||
# name: openbao
|
||||
# data:
|
||||
# - secretKey: token
|
||||
# remoteRef:
|
||||
# key: /cl01tl/openbao/token
|
||||
# property: token
|
||||
# - secretKey: unseal_key_1
|
||||
# remoteRef:
|
||||
# key: /cl01tl/openbao/token
|
||||
# property: unseal_key_1
|
||||
# - secretKey: unseal_key_2
|
||||
# remoteRef:
|
||||
# key: /cl01tl/openbao/token
|
||||
# property: unseal_key_2
|
||||
# - secretKey: unseal_key_3
|
||||
# remoteRef:
|
||||
# key: /cl01tl/openbao/token
|
||||
# property: unseal_key_3
|
||||
# - secretKey: unseal_key_4
|
||||
# remoteRef:
|
||||
# key: /cl01tl/openbao/token
|
||||
# property: unseal_key_4
|
||||
# - secretKey: unseal_key_5
|
||||
# remoteRef:
|
||||
# key: /cl01tl/openbao/token
|
||||
# property: unseal_key_5
|
||||
@@ -1,29 +0,0 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: openbao-tailscale
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: openbao-tailscale
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
tailscale.com/proxy-class: no-metrics
|
||||
annotations:
|
||||
tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
|
||||
spec:
|
||||
ingressClassName: tailscale
|
||||
tls:
|
||||
- hosts:
|
||||
- openbao-cl01tl
|
||||
secretName: openbao-cl01tl
|
||||
rules:
|
||||
- host: openbao-cl01tl
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: openbao-active
|
||||
port:
|
||||
number: 8200
|
||||
@@ -1,11 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: openbao
|
||||
labels:
|
||||
app.kubernetes.io/name: openbao
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
pod-security.kubernetes.io/audit: privileged
|
||||
pod-security.kubernetes.io/enforce: privileged
|
||||
pod-security.kubernetes.io/warn: privileged
|
||||
@@ -1,198 +0,0 @@
|
||||
openbao:
|
||||
global:
|
||||
serverTelemetry:
|
||||
prometheusOperator: true
|
||||
injector:
|
||||
enabled: false
|
||||
server:
|
||||
updateStrategyType: RollingUpdate
|
||||
image:
|
||||
registry: quay.io
|
||||
repository: openbao/openbao
|
||||
tag: 2.5.2@sha256:6c75c97223873807260352f269640935a07db0c26b3dbf12a98a36ec43ad9878
|
||||
resources:
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 500Mi
|
||||
gateway:
|
||||
tlsRoute:
|
||||
enabled: true
|
||||
hosts:
|
||||
- bao.alexlebens.net
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: traefik-gateway
|
||||
namespace: traefik
|
||||
httpRoute:
|
||||
enabled: true
|
||||
hosts:
|
||||
- bao.alexlebens.net
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: traefik-gateway
|
||||
namespace: traefik
|
||||
authDelegator:
|
||||
enabled: true
|
||||
livenessProbe:
|
||||
enabled: true
|
||||
dataStorage:
|
||||
size: 1Gi
|
||||
storageClass: ceph-block
|
||||
auditStorage:
|
||||
enabled: true
|
||||
size: 10Gi
|
||||
storageClass: ceph-block
|
||||
standalone:
|
||||
enabled: false
|
||||
ha:
|
||||
enabled: true
|
||||
replicas: 3
|
||||
raft:
|
||||
enabled: true
|
||||
config: |
|
||||
ui = true
|
||||
|
||||
listener "tcp" {
|
||||
tls_disable = 1
|
||||
address = "[::]:8200"
|
||||
cluster_address = "[::]:8201"
|
||||
telemetry {
|
||||
unauthenticated_metrics_access = "true"
|
||||
}
|
||||
}
|
||||
|
||||
storage "raft" {
|
||||
path = "/openbao/data"
|
||||
retry_join {
|
||||
leader_api_addr = "http://openbao-0.openbao-internal:8200"
|
||||
}
|
||||
retry_join {
|
||||
leader_api_addr = "http://openbao-1.openbao-internal:8200"
|
||||
}
|
||||
retry_join {
|
||||
leader_api_addr = "http://openbao-2.openbao-internal:8200"
|
||||
}
|
||||
}
|
||||
|
||||
audit "file" "to-stdout" {
|
||||
options {
|
||||
file_path = "/openbao/audit/openbao_audit.log"
|
||||
log_raw = "true"
|
||||
}
|
||||
}
|
||||
|
||||
service_registration "kubernetes" {}
|
||||
|
||||
telemetry {
|
||||
prometheus_retention_time = "30s"
|
||||
disable_hostname = true
|
||||
}
|
||||
csi:
|
||||
enabled: true
|
||||
image:
|
||||
registry: quay.io
|
||||
repository: openbao/openbao-csi-provider
|
||||
tag: 2.0.2@sha256:3cb312e88c62c926caec03bf69497a16805a29daabb5ad2c7a236ab43bb241db
|
||||
resources:
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 100Mi
|
||||
agent:
|
||||
image:
|
||||
registry: quay.io
|
||||
repository: openbao/openbao
|
||||
tag: 2.5.2@sha256:6c75c97223873807260352f269640935a07db0c26b3dbf12a98a36ec43ad9878
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 100Mi
|
||||
serverTelemetry:
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
prometheusRules:
|
||||
enabled: true
|
||||
rules:
|
||||
- alert: vault-HighResponseTime
|
||||
annotations:
|
||||
message: The response time of Vault is over 500ms on average over the last 5 minutes.
|
||||
expr: vault_core_handle_request{quantile="0.5", namespace="mynamespace"} > 500
|
||||
for: 5m
|
||||
labels:
|
||||
severity: warning
|
||||
- alert: vault-HighResponseTime
|
||||
annotations:
|
||||
message: The response time of Vault is over 1s on average over the last 5 minutes.
|
||||
expr: vault_core_handle_request{quantile="0.5", namespace="mynamespace"} > 1000
|
||||
for: 5m
|
||||
labels:
|
||||
severity: critical
|
||||
snapshotAgent:
|
||||
enabled: true
|
||||
schedule: 0 4 * * *
|
||||
image:
|
||||
repository: ghcr.io/openbao/openbao-snapshot-agent
|
||||
tag: 0.3.0@sha256:d7a8ca9d26b12cf226ce093b9051f243c53aefbb8a419b3dc0b554e7575c931c
|
||||
s3CredentialsSecret: openbao-snapshot-secret
|
||||
config:
|
||||
s3Host: garage-main.garage:3900
|
||||
s3Bucket: openbao-backups
|
||||
s3Uri: s3://openbao-backups
|
||||
s3ExpireDays: "30"
|
||||
s3cmdExtraFlag: "-v --no-ssl"
|
||||
baoAuthPath: kubernetes
|
||||
baoRole: bao-snapshot
|
||||
unseal:
|
||||
global:
|
||||
fullnameOverride: openbao-unseal
|
||||
controllers:
|
||||
unseal-1:
|
||||
type: deployment
|
||||
replicas: 1
|
||||
strategy: Recreate
|
||||
containers:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/lrstanley/vault-unseal
|
||||
tag: 1.0.0@sha256:24ca9bceccdb0a22ae57574346dee4bec107c9b849f836811972b8f7f1baa4ef
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: openbao-unseal-config-1
|
||||
resources:
|
||||
requests:
|
||||
cpu: 1m
|
||||
memory: 10Mi
|
||||
unseal-2:
|
||||
type: deployment
|
||||
replicas: 1
|
||||
strategy: Recreate
|
||||
containers:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/lrstanley/vault-unseal
|
||||
tag: 1.0.0@sha256:24ca9bceccdb0a22ae57574346dee4bec107c9b849f836811972b8f7f1baa4ef
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: openbao-unseal-config-2
|
||||
resources:
|
||||
requests:
|
||||
cpu: 1m
|
||||
memory: 10Mi
|
||||
unseal-3:
|
||||
type: deployment
|
||||
replicas: 1
|
||||
strategy: Recreate
|
||||
containers:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/lrstanley/vault-unseal
|
||||
tag: 1.0.0@sha256:24ca9bceccdb0a22ae57574346dee4bec107c9b849f836811972b8f7f1baa4ef
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: openbao-unseal-config-3
|
||||
resources:
|
||||
requests:
|
||||
cpu: 1m
|
||||
memory: 10Mi
|
||||
@@ -48,4 +48,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/paperless-ngx.png
|
||||
# renovate: datasource=github-releases depName=paperless-ngx/paperless-ngx
|
||||
appVersion: 2.20.14
|
||||
appVersion: 2.20.13
|
||||
|
||||
@@ -8,7 +8,7 @@ paperless-ngx:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/paperless-ngx/paperless-ngx
|
||||
tag: 2.20.14@sha256:b89f83345532cfba72690185257eb6c4f92fc2a782332a42abe19c07b7a6595f
|
||||
tag: 2.20.13@sha256:4b05bcd28e6923768000b5d247cbf2c66fd49bdc3f3b05955bd4f6790a638b01
|
||||
env:
|
||||
- name: PAPERLESS_REDIS
|
||||
value: redis://paperless-ngx-valkey.paperless-ngx:6379
|
||||
@@ -86,7 +86,7 @@ paperless-ngx:
|
||||
gotenberg:
|
||||
image:
|
||||
repository: gotenberg/gotenberg
|
||||
tag: 8.31.0@sha256:f0d86e8a1dbc7b33a5a65cb251d02bb271a48ffa989da3feb5ed7d954fe4d4b3
|
||||
tag: 8.30.1@sha256:206a6c708fc6d05257367d9ac902d6c56c50d2e3284d0596ea000814ef97f22c
|
||||
service:
|
||||
main:
|
||||
controller: main
|
||||
|
||||
@@ -22,7 +22,7 @@ plex:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/plex
|
||||
tag: 1.43.1.10611-1e34174b1-ls301@sha256:1dd281365d61fb76fd4474ba67e36ec94d2e8dbc67a8032ba10731c01701c97e
|
||||
tag: 1.43.1.10576-06378bdcd-ls300@sha256:09fe33e5efd991681ea3cbd3e3cb262cd1ae26d4a0145a4141ead284d8f21de6
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -4,7 +4,7 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: temporal
|
||||
repository: https://go.temporal.io/helm-charts
|
||||
version: 1.1.1
|
||||
version: 1.0.0
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.5.0
|
||||
@@ -20,5 +20,5 @@ dependencies:
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:c2f97973de65b7ab76b42a5b9131e084de2333ba82c85b75d9e186ec88335ef4
|
||||
generated: "2026-04-15T18:59:31.36700149Z"
|
||||
digest: sha256:5534bfc9e9086db50f191d6369d92dcee2aef4736f40b1a905dfa7b967d3e0b9
|
||||
generated: "2026-04-13T20:36:42.977624488Z"
|
||||
|
||||
@@ -29,7 +29,7 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: temporal
|
||||
repository: https://go.temporal.io/helm-charts
|
||||
version: 1.1.1
|
||||
version: 1.0.0
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.5.0
|
||||
|
||||
@@ -232,7 +232,7 @@ temporal:
|
||||
web:
|
||||
image:
|
||||
repository: temporalio/ui
|
||||
tag: 2.48.3@sha256:e5523746f54a8b908b0be69f6274ca1abf2aa0a51714a85b6a4641310ff60286
|
||||
tag: 2.48.2@sha256:8625626deb0b2447eff6fc81a1fba1d782c9e41e72d527016f1297a62e715241
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
|
||||
@@ -28,4 +28,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prowlarr.png
|
||||
# renovate: datasource=github-releases depName=linuxserver/docker-prowlarr
|
||||
appVersion: 2.3.5.5327-ls142
|
||||
appVersion: 2.3.5.5327-ls141
|
||||
|
||||
@@ -12,7 +12,7 @@ prowlarr:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/prowlarr
|
||||
tag: 2.3.5.5327-ls142@sha256:6df73ab9e99d0dbaad27c39d8a47c600333eebea80fcb56253a0bb8b630c8115
|
||||
tag: 2.3.5.5327-ls141@sha256:35f48abb3e976fcf077fae756866c582e4a90f8b24810ae4067b3558f7cdbbdf
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -208,7 +208,7 @@ qbittorrent:
|
||||
qui:
|
||||
image:
|
||||
repository: ghcr.io/autobrr/qui
|
||||
tag: v1.17.0@sha256:fb3832e68f66b056e1b049d16c40732661e7b73999bc642d4b11469a3ebbabd3
|
||||
tag: v1.16.1@sha256:07b6ea9572e52e8b5f70f8fb15a7c688d8d754a7616242d3ad0b21dbd5c05836
|
||||
env:
|
||||
- name: QUI__METRICS_ENABLED
|
||||
value: true
|
||||
|
||||
@@ -33,4 +33,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-4k.png
|
||||
# renovate: datasource=github-releases depName=linuxserver/docker-radarr
|
||||
appVersion: 6.1.1.10360-ls300
|
||||
appVersion: 6.1.1.10360-ls299
|
||||
|
||||
@@ -14,7 +14,7 @@ radarr-4k:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/radarr
|
||||
tag: 6.1.1.10360-ls300@sha256:b01097ad2d948c9f5eca39eb60bb529e2e55b0738c4bf7db09383bef0abab59d
|
||||
tag: 6.1.1.10360-ls299@sha256:6f1dda18354ea7f28cead8f6d099fc8222498c3ae165f567d504ed04d70980d7
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -33,4 +33,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-anime.png
|
||||
# renovate: datasource=github-releases depName=linuxserver/docker-radarr
|
||||
appVersion: 6.1.1.10360-ls300
|
||||
appVersion: 6.1.1.10360-ls299
|
||||
|
||||
@@ -14,7 +14,7 @@ radarr-anime:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/radarr
|
||||
tag: 6.1.1.10360-ls300@sha256:b01097ad2d948c9f5eca39eb60bb529e2e55b0738c4bf7db09383bef0abab59d
|
||||
tag: 6.1.1.10360-ls299@sha256:6f1dda18354ea7f28cead8f6d099fc8222498c3ae165f567d504ed04d70980d7
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -33,4 +33,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png
|
||||
# renovate: datasource=github-releases depName=linuxserver/docker-radarr
|
||||
appVersion: 6.1.1.10360-ls300
|
||||
appVersion: 6.1.1.10360-ls299
|
||||
|
||||
@@ -14,7 +14,7 @@ radarr-standup:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/radarr
|
||||
tag: 6.1.1.10360-ls300@sha256:b01097ad2d948c9f5eca39eb60bb529e2e55b0738c4bf7db09383bef0abab59d
|
||||
tag: 6.1.1.10360-ls299@sha256:6f1dda18354ea7f28cead8f6d099fc8222498c3ae165f567d504ed04d70980d7
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -33,4 +33,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png
|
||||
# renovate: datasource=github-releases depName=linuxserver/docker-radarr
|
||||
appVersion: 6.1.1.10360-ls300
|
||||
appVersion: 6.1.1.10360-ls299
|
||||
|
||||
@@ -14,7 +14,7 @@ radarr:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/radarr
|
||||
tag: 6.1.1.10360-ls300@sha256:b01097ad2d948c9f5eca39eb60bb529e2e55b0738c4bf7db09383bef0abab59d
|
||||
tag: 6.1.1.10360-ls299@sha256:6f1dda18354ea7f28cead8f6d099fc8222498c3ae165f567d504ed04d70980d7
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user