alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Activity

Compare commits

base: alexlebens:main
Branches Tags
alexlebens:main alexlebens:renovate/unified-cilium alexlebens:auto/update-manifests alexlebens:manifests alexlebens:tmp/eraser
..
compare: alexlebens:072a372ad510b322fce7e731754075a27c54548e
Branches Tags
alexlebens:renovate/unified-cilium alexlebens:auto/update-manifests alexlebens:main alexlebens:manifests alexlebens:tmp/eraser

1 Commits
main ... 072a372ad5

Author SHA1 Message Date
Renovate Bot
072a372ad5 chore(deps): update dock.mau.dev/mautrix/whatsapp docker tag to v0.2603.0
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 31s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 23s
Details
render-manifests / render-manifests (pull_request) Has been skipped
Details
2026-03-29 00:35:38 +00:00
339 changed files with 4320 additions and 3096 deletions
Expand all files Collapse all files

BIN
.DS_Store vendored
View File

Binary file not shown.

8
.gitea/workflows/render-manifests.yaml
View File

@@ -50,7 +50,7 @@ jobs:
cache: true
- name: Configure Kubeconfig
uses: azure/k8s-set-context@89b837d75b40a7bd2ddafde837473c212db8b313 # v5
uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4
with:
method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }}
@@ -273,7 +273,7 @@ jobs:
NAMESPACE="argocd"
echo ">> Special Rendering into 'argocd' namespace ..."
;;
"cilium" | "coredns" | "metrics-server")
"cilium" | "coredns" | "metrics-server" | "prometheus-operator-crds")
NAMESPACE="kube-system"
echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..."
;;
@@ -283,7 +283,7 @@ jobs:
echo ">> Formating rendered template ..."
local TEMPLATE
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor")
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
# Format and split rendered template
echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
@@ -314,7 +314,7 @@ jobs:
for DIR in ${RENDER_DIR}; do
echo "${DIR}"
done | xargs -P 5 -I {} bash -c 'OUT=$(render_chart "$@" 2>&1); printf "%s\n" "$OUT"' _ {}
done | xargs -P 4 -I {} bash -c 'OUT=$(render_chart "$@" 2>&1); printf "%s\n" "$OUT"' _ {}
echo ""
echo "----"

2
.gitea/workflows/renovate.yaml
View File

@@ -13,7 +13,7 @@ on:
jobs:
renovate:
runs-on: ubuntu-latest
container: ghcr.io/renovatebot/renovate:43.110.14@sha256:f3ba59186f17171bf2eaacc35014192d4862bf1b2af3116fb694ba9c17f04f70
container: ghcr.io/renovatebot/renovate:43.99.0@sha256:aae697086b93427dcde46eb92e08e334b018946ce19339bf044ce971ca1626e2
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

2
clusters/cl01tl/helm/actual/Chart.yaml
View File

@@ -24,4 +24,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png
# renovate: datasource=github-releases depName=actualbudget/actual
appVersion: 26.4.0
appVersion: 26.3.0

3
clusters/cl01tl/helm/actual/values.yaml
View File

@@ -8,7 +8,7 @@ actual:
main:
image:
repository: ghcr.io/actualbudget/actual
tag: 26.4.0@sha256:b0e732e2c41b3dc468a71548e88ef76d3f0c157fc43d15fa05d14ec1c5747e1e
tag: 26.3.0@sha256:eb8bc26f53025e07e464594c12d77c52c4b95840c8dadd9b95c4f0c4660f8ad2
env:
- name: ACTUAL_PORT
value: 5006
@@ -39,6 +39,7 @@ actual:
http:
port: 80
targetPort: 5006
protocol: HTTP
route:
main:
kind: HTTPRoute

12
clusters/cl01tl/helm/argo-workflows/Chart.lock Normal file
View File

@@ -0,0 +1,12 @@
dependencies:
- name: argo-workflows
repository: https://argoproj.github.io/argo-helm
version: 1.0.6
- name: argo-events
repository: https://argoproj.github.io/argo-helm
version: 2.4.21
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0
digest: sha256:5635bfe609d8a901df257ef3e6cb469396a21bdd4c6f96e7e33f84036019c52b
generated: "2026-03-24T16:59:01.228848139Z"

32
clusters/cl01tl/helm/argo-workflows/Chart.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: v2
name: argo-workflows
version: 1.0.0
description: Argo Workflows
keywords:
- argo-workflows
- argo-events
- workflows
- events
home: https://docs.alexlebens.dev/applications/argo-workflows/
sources:
- https://github.com/argoproj/argo-workflows
- https://github.com/argoproj/argo-events
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-workflows
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-events
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:
- name: argo-workflows
version: 1.0.6
repository: https://argoproj.github.io/argo-helm
- name: argo-events
version: 2.4.21
repository: https://argoproj.github.io/argo-helm
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-workflows
appVersion: v4.0.3

14
clusters/cl01tl/helm/bazarr/templates/external-secret.yaml → clusters/cl01tl/helm/argo-workflows/templates/external-secret.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: bazarr-key-secret
name: argo-workflows-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: bazarr-key-secret
app.kubernetes.io/name: argo-workflows-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -12,7 +12,11 @@ spec:
kind: ClusterSecretStore
name: vault
data:
- secretKey: key
- secretKey: secret
remoteRef:
key: /cl01tl/bazarr/key
property: key
key: /authentik/oidc/argo-workflows
property: secret
- secretKey: client
remoteRef:
key: /authentik/oidc/argo-workflows
property: client

109
clusters/cl01tl/helm/argo-workflows/values.yaml Normal file
View File

@@ -0,0 +1,109 @@
argo-workflows:
crds:
install: true
keep: true
full: true
upgradeJob:
image:
repository: registry.k8s.io/kubectl
tag: v1.35.3
controller:
metricsConfig:
enabled: true
persistence:
postgresql:
host: argo-workflows-postgresql-18-cluster-rw
port: 5432
database: app
tableName: app
userNameSecret:
name: argo-workflows-postgresql-18-cluster-app
key: username
passwordSecret:
name: argo-workflows-postgresql-18-cluster-app
key: password
ssl: false
sslMode: disable
workflowWorkers: 2
workflowTTLWorkers: 2
podCleanupWorkers: 2
cronWorkflowWorkers: 2
resources:
requests:
cpu: 1m
memory: 20Mi
serviceMonitor:
enabled: true
workflowNamespaces:
- argo-workflows
server:
authModes:
- sso
httproute:
enabled: true
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- argo-workflows.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
sso:
enabled: true
issuer: https://authentik.alexlebens.net/application/o/argo-workflows/
clientId:
name: argo-workflows-oidc-secret
key: client
clientSecret:
name: argo-workflows-oidc-secret
key: secret
redirectUrl: https://argo-workflows.alexlebens.net/oauth2/callback
rbac:
enabled: false
scopes:
- openid
- email
- profile
argo-events:
crds:
install: true
keep: true
controller:
resources:
requests:
cpu: 1m
memory: 32Mi
metrics:
enabled: true
serviceMonitor:
enabled: true
webhook:
enabled: true
resources:
requests:
cpu: 1m
memory: 20Mi
postgres-18-cluster:
mode: recovery
recovery:
method: objectStore
objectStore:
index: 1
backup:
objectStore:
- name: garage-local
index: 1
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 0 14 * * *"
backupName: garage-local

6
clusters/cl01tl/helm/argocd/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: argo-cd
repository: https://argoproj.github.io/argo-helm
version: 9.5.0
digest: sha256:69daada0822f796cd49eeda2d9e39dd5c0c42bb61b6898af68123c8c49f25fa1
generated: "2026-04-08T22:05:49.003208408Z"
version: 9.4.17
digest: sha256:17752dbf03861cf70ee31c9a17373a5175656a2edd00ba5fcd3988a195147da8
generated: "2026-03-28T01:51:34.832601868Z"

2
clusters/cl01tl/helm/argocd/Chart.yaml
View File

@@ -13,7 +13,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: argo-cd
version: 9.5.0
version: 9.4.17
repository: https://argoproj.github.io/argo-helm
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-cd

50
clusters/cl01tl/helm/argocd/values.yaml
View File

@@ -48,31 +48,31 @@ argo-cd:
enabled: true
rules:
enabled: true
spec:
- alert: ArgoAppMissing
expr: |
absent(argocd_app_info) == 1
for: 15m
labels:
severity: critical
annotations:
summary: "[Argo CD] No reported applications"
description: >
Argo CD has not reported any applications data for the past 15 minutes which
means that it must be down or not functioning properly. This needs to be
resolved for this cloud to continue to maintain state.
- alert: ArgoAppNotSynced
expr: |
argocd_app_info{sync_status!="Synced"} == 1
for: 12h
labels:
severity: warning
annotations:
summary: "[{{`{{$labels.name}}`}}] Application not synchronized"
description: >
The application [{{`{{$labels.name}}`}} has not been synchronized for over
12 hours which means that the state of this cloud has drifted away from the
state inside Git.
spec:
- alert: ArgoAppMissing
expr: |
absent(argocd_app_info) == 1
for: 15m
labels:
severity: critical
annotations:
summary: "[Argo CD] No reported applications"
description: >
Argo CD has not reported any applications data for the past 15 minutes which
means that it must be down or not functioning properly. This needs to be
resolved for this cloud to continue to maintain state.
- alert: ArgoAppNotSynced
expr: |
argocd_app_info{sync_status!="Synced"} == 1
for: 12h
labels:
severity: warning
annotations:
summary: "[{{`{{$labels.name}}`}}] Application not synchronized"
description: >
The application [{{`{{$labels.name}}`}} has not been synchronized for over
12 hours which means that the state of this cloud has drifted away from the
state inside Git.
dex:
enabled: true
resources:

2
clusters/cl01tl/helm/audiobookshelf/values.yaml
View File

@@ -49,9 +49,11 @@ audiobookshelf:
http:
port: 80
targetPort: 80
protocol: HTTP
apprise:
port: 8000
targetPort: 8000
protocol: HTTP
serviceMonitor:
main:
selector:

12
clusters/cl01tl/helm/authentik/Chart.lock
View File

@@ -1,15 +1,15 @@
dependencies:
- name: authentik
repository: https://charts.goauthentik.io/
version: 2026.2.2
version: 2026.2.1
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
version: 2.4.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.0
digest: sha256:6c697902b9c4e997c961b474b55aed3c254d2ef4565f921a1caf023347878718
generated: "2026-04-10T01:33:14.668094273Z"
version: 0.4.0
digest: sha256:8c353c5dad4c3d04d518c1445497f0d1cb64261a4201ae17a2c0874454b807a7
generated: "2026-03-15T20:04:35.99407071Z"

8
clusters/cl01tl/helm/authentik/Chart.yaml
View File

@@ -18,18 +18,18 @@ maintainers:
- name: alexlebens
dependencies:
- name: authentik
version: 2026.2.2
version: 2026.2.1
repository: https://charts.goauthentik.io/
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
version: 2.4.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey
version: 0.6.0
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png
# renovate: datasource=github-releases depName=goauthentik/authentik

4
clusters/cl01tl/helm/authentik/values.yaml
View File

@@ -77,10 +77,6 @@ authentik:
enabled: true
postgres-18-cluster:
mode: recovery
cluster:
resources:
requests:
memory: 150Mi
recovery:
method: objectStore
objectStore:

1
clusters/cl01tl/helm/backrest/values.yaml
View File

@@ -31,6 +31,7 @@ backrest:
http:
port: 80
targetPort: 9898
protocol: TCP
serviceMonitor:
main:
selector:

7
clusters/cl01tl/helm/bazarr/Chart.yaml
View File

@@ -5,14 +5,11 @@ description: Bazarr
keywords:
- bazarr
- subtitles
- servarr
home: https://docs.alexlebens.dev/applications/bazarr/
sources:
- https://github.com/morpheus65535/bazarr
- https://github.com/linuxserver/docker-bazarr
- https://github.com/onedr0p/exportarr
- https://github.com/linuxserver/docker-bazarr/pkgs/container/bazarr
- https://github.com/onedr0p/exportarr/pkgs/container/exportarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
@@ -27,5 +24,5 @@ dependencies:
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/bazarr.png
# renovate: datasource=github-releases depName=linuxserver/docker-bazarr
appVersion: v1.5.6-ls342
# renovate: datasource=github-releases depName=morpheus65535/bazarr
appVersion: 1.5.6

35
clusters/cl01tl/helm/bazarr/values.yaml
View File

@@ -28,25 +28,6 @@ bazarr:
requests:
cpu: 1m
memory: 250Mi
metrics:
image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.3.0@sha256:af535d94061cf97a52e1661945ffba78c03f9443eae7c0da1a80a5a4be56b520
args: ["bazarr"]
env:
- name: URL
value: http://localhost:6767
- name: PORT
value: 9792
- name: APIKEY
valueFrom:
secretKeyRef:
name: bazarr-key-secret
key: key
- name: ENABLE_ADDITIONAL_METRICS
value: false
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: false
service:
main:
controller: main
@@ -54,21 +35,7 @@ bazarr:
http:
port: 80
targetPort: 6767
metrics:
port: 9792
targetPort: 9792
serviceMonitor:
main:
selector:
matchLabels:
app.kubernetes.io/name: bazarr
app.kubernetes.io/instance: bazarr
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: metrics
interval: 3m
scrapeTimeout: 1m
path: /metrics
protocol: HTTP
route:
main:
kind: HTTPRoute

6
clusters/cl01tl/helm/blocky/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 4.6.2
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.0
digest: sha256:58bcab9a78afad1037cb9d5047becb7a836fbfb3543883f24764a1bbb8db7290
generated: "2026-04-10T01:33:35.406965206Z"
version: 0.4.0
digest: sha256:a5b0099261d772b24a302a106d106cfa82ac07fa14564141e00cf107d708e859
generated: "2026-03-09T23:06:16.853255429Z"

2
clusters/cl01tl/helm/blocky/Chart.yaml
View File

@@ -20,7 +20,7 @@ dependencies:
version: 4.6.2
- name: valkey
alias: valkey
version: 0.6.0
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/blocky.png
# renovate: datasource=github-releases depName=0xerr0r/blocky

8
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -102,12 +102,14 @@ blocky:
;; Application Names
actual IN CNAME traefik-cl01tl
alertmanager IN CNAME traefik-cl01tl
argo-workflows IN CNAME traefik-cl01tl
argocd IN CNAME traefik-cl01tl
audiobookshelf IN CNAME traefik-cl01tl
authentik IN CNAME traefik-cl01tl
backrest IN CNAME traefik-cl01tl
bazarr IN CNAME traefik-cl01tl
ceph IN CNAME traefik-cl01tl
code-server IN CNAME traefik-cl01tl
dawarich IN CNAME traefik-cl01tl
directus IN CNAME traefik-cl01tl
excalidraw IN CNAME traefik-cl01tl
@@ -135,16 +137,16 @@ blocky:
lidarr IN CNAME traefik-cl01tl
mail IN CNAME traefik-cl01tl
medialyze IN CNAME traefik-cl01tl
movie-roulette IN CNAME traefik-cl01tl
music-grabber IN CNAME traefik-cl01tl
navidrome IN CNAME traefik-cl01tl
ntfy IN CNAME traefik-cl01tl
objects IN CNAME traefik-cl01tl
ollama IN CNAME traefik-cl01tl
omni-tools IN CNAME traefik-cl01tl
paperless-ngx IN CNAME traefik-cl01tl
photoview IN CNAME traefik-cl01tl
plex IN CNAME traefik-cl01tl
postiz-spotlight IN CNAME traefik-cl01tl
postiz-temporal IN CNAME traefik-cl01tl
postiz IN CNAME traefik-cl01tl
prometheus IN CNAME traefik-cl01tl
prowlarr IN CNAME traefik-cl01tl
qbittorrent IN CNAME traefik-cl01tl

6
clusters/cl01tl/helm/cloudnative-pg/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies:
- name: cloudnative-pg
repository: https://cloudnative-pg.io/charts/
version: 0.28.0
version: 0.27.1
- name: plugin-barman-cloud
repository: https://cloudnative-pg.io/charts/
version: 0.5.0
digest: sha256:3e9b26d00fdb61af60f003bcb327e05d02799eb6088e30aaabd01c49c6021aac
generated: "2026-04-01T20:05:40.198140255Z"
digest: sha256:e7089ffd089cae87529e28f0e71302b9fc4a869b389cbb6628f1c559644a3a10
generated: "2026-02-05T19:36:19.473447121Z"

4
clusters/cl01tl/helm/cloudnative-pg/Chart.yaml
View File

@@ -17,11 +17,11 @@ maintainers:
- name: alexlebens
dependencies:
- name: cloudnative-pg
version: 0.28.0
version: 0.27.1
repository: https://cloudnative-pg.io/charts/
- name: plugin-barman-cloud
version: 0.5.0
repository: https://cloudnative-pg.io/charts/
icon: https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg.github.io/refs/heads/main/assets/images/hero_image.png
# renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg
appVersion: 1.29.0
appVersion: 1.28.1

12
clusters/cl01tl/helm/code-server/Chart.lock Normal file
View File

@@ -0,0 +1,12 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:dee0f52096efc543f4db3a5dc2732fd37ae9b7950b264e399a6e74c2f3e7cee6
generated: "2026-03-09T22:04:00.58415637Z"

32
clusters/cl01tl/helm/code-server/Chart.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: v2
name: code-server
version: 1.0.0
description: Code Server
keywords:
- code-server
- code
home: https://docs.alexlebens.dev/applications/code-server/
sources:
- https://github.com/coder/code-server
- https://github.com/linuxserver/docker-code-server
- https://github.com/linuxserver/docker-code-server/pkgs/container/code-server
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: code-server
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png
# renovate: datasource=github-releases depName=coder/code-server
appVersion: 4.112.0

14
clusters/cl01tl/helm/ntfy/templates/external-secret.yaml → clusters/cl01tl/helm/code-server/templates/external-secret.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: ntfy-config-secret
name: codeserver-password-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: ntfy-config-secret
app.kubernetes.io/name: codeserver-password-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -12,7 +12,11 @@ spec:
kind: ClusterSecretStore
name: vault
data:
- secretKey: attachment-cache-dir
- secretKey: PASSWORD
remoteRef:
key: /garage/home-infra/ntfy-attachments
property: attachment-cache-dir
key: /cl01tl/code-server/auth
property: PASSWORD
- secretKey: SUDO_PASSWORD
remoteRef:
key: /cl01tl/code-server/auth
property: SUDO_PASSWORD

84
clusters/cl01tl/helm/code-server/values.yaml Normal file
View File

@@ -0,0 +1,84 @@
code-server:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers:
main:
image:
repository: ghcr.io/linuxserver/code-server
tag: 4.112.0@sha256:4bb5b8ad22268001687c047f0f04933799fb03df1eb0e1e266ba15ed2d9f4e8b
env:
- name: TZ
value: America/Chicago
- name: PUID
value: 1000
- name: PGID
value: 1000
- name: DEFAULT_WORKSPACE
value: /config
envFrom:
- secretRef:
name: codeserver-password-secret
resources:
requests:
cpu: 1m
memory: 50Mi
service:
main:
controller: main
ports:
http:
port: 8443
targetPort: 8443
protocol: HTTP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- code-server.alexlebens.net
rules:
- backendRefs:
- name: code-server
port: 8443
matches:
- path:
type: PathPrefix
value: /
persistence:
config:
forceRename: code-server-config
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 2Gi
advancedMounts:
main:
main:
- path: /config
readOnly: false
volsync-target-config:
pvcTarget: code-server-config
moverSecurityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
schedule: 16 8 * * *
remote:
enabled: true
schedule: 16 9 * * *
external:
enabled: true
schedule: 16 10 * * *

17
clusters/cl01tl/helm/dawarich/Chart.lock
View File

@@ -4,18 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:46a4d88528ac64e1f228a8516c0fd00e45c2403bdd713140b82e7ab28506ec74
generated: "2026-04-10T01:34:00.034582668Z"
version: 0.4.0
digest: sha256:7584c2a1613454bbd83b66df46170fd0157df5186842844d483e2dd131398574
generated: "2026-03-15T20:04:49.68456485Z"

19
clusters/cl01tl/helm/dawarich/Chart.yaml
View File

@@ -12,7 +12,6 @@ sources:
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -22,24 +21,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey
version: 0.6.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-storage
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-public
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-watched
version: 0.8.0
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png
# renovate: datasource=github-releases depName=Freika/dawarich
appVersion: 1.6.1
appVersion: 1.4.0

39
clusters/cl01tl/helm/dawarich/values.yaml
View File

@@ -8,7 +8,7 @@ dawarich:
main:
image:
repository: freikin/dawarich
tag: 1.6.1@sha256:a884f69f19ce0f66992f3872d24544d1e587e133b8a003e072711aafc1e02429
tag: 1.4.0@sha256:07adb7643b00d1d8f606c675931d3604317fa3851b91b74ec503df8d50734cb8
command:
- "web-entrypoint.sh"
args:
@@ -111,7 +111,7 @@ dawarich:
sidekiq:
image:
repository: freikin/dawarich
tag: 1.6.1@sha256:a884f69f19ce0f66992f3872d24544d1e587e133b8a003e072711aafc1e02429
tag: 1.4.0@sha256:07adb7643b00d1d8f606c675931d3604317fa3851b91b74ec503df8d50734cb8
command:
- "sidekiq-entrypoint.sh"
args:
@@ -211,9 +211,11 @@ dawarich:
http:
port: 80
targetPort: 3000
protocol: TCP
metrics:
port: 9394
targetPort: 9394
protocol: TCP
serviceMonitor:
main:
selector:
@@ -313,36 +315,3 @@ postgres-18-cluster:
immediate: true
schedule: "0 10 14 * * *"
backupName: garage-local
volsync-target-storage:
pvcTarget: dawarich-storage
local:
enabled: true
schedule: 6 8 * * *
remote:
enabled: true
schedule: 6 9 * * *
external:
enabled: true
schedule: 6 10 * * *
volsync-target-public:
pvcTarget: dawarich-public
local:
enabled: true
schedule: 8 8 * * *
remote:
enabled: true
schedule: 8 9 * * *
external:
enabled: true
schedule: 8 10 * * *
volsync-target-watched:
pvcTarget: dawarich-watched
local:
enabled: true
schedule: 8 8 * * *
remote:
enabled: true
schedule: 8 9 * * *
external:
enabled: true
schedule: 8 10 * * *

25
clusters/cl01tl/helm/democratic-csi-synology-iscsi/values.yaml
View File

@@ -1,8 +1,5 @@
democratic-csi:
driver:
image:
registry: ghcr.io/democratic-csi/democratic-csi
tag: v1.9.5@@sha256:fc3b7d7ed3a616714139525075312758e23a5d425ffb539ad12c9bd20fb6001f
existingConfigSecret: synology-iscsi-config-secret
config:
driver: synology-iscsi
@@ -13,23 +10,7 @@ democratic-csi:
csiDriver:
name: "org.democratic-csi.iscsi-synology"
controller:
replicaCount: 3
externalAttacher:
image:
registry: registry.k8s.io/sig-storage/csi-attacher
tag: v4.11.0@sha256:b74b05b39501565022883fc128002b4cb857a7bb6c858606bcb3fdedba0b0b80
externalProvisioner:
image:
registry: registry.k8s.io/sig-storage/csi-provisioner
tag: v3.6.4@sha256:e7ad666f1d9b0caa077c7f0c157c9f87d1e73858390732496f66dcc716ff10c5
externalResizer:
image:
registry: registry.k8s.io/sig-storage/csi-resizer
tag: v1.9.4@sha256:522911ef68bd2c5c17d90fb2a6d2b2fb72ae790f2c1463a466b4262a07fdbf5a
externalSnapshotter:
image:
registry: registry.k8s.io/sig-storage/csi-snapshotter
tag: v8.5.0@sha256:da081c27e8a6d91f36042c1942362d0515ced8d06e18c11b8f893e58c4d6d797
replicaCount: 2
storageClasses:
- name: synology-iscsi-delete
defaultClass: false
@@ -55,7 +36,3 @@ democratic-csi:
value: /usr/local/sbin/iscsiadm
iscsiDirHostPath: /var/iscsi
iscsiDirHostPathType: ""
driverRegistrar:
image:
registry: registry.k8s.io/sig-storage/csi-node-driver-registrar
tag: v2.16.0@sha256:ab482308a4921e28a6df09a16ab99a457e9af9641ff44fb1be1a690d07ce8b70

1
clusters/cl01tl/helm/descheduler/Chart.yaml
View File

@@ -8,7 +8,6 @@ keywords:
home: https://docs.alexlebens.dev/applications/descheduler/
sources:
- https://github.com/kubernetes-sigs/descheduler
- https://explore.ggcr.dev/?repo=registry.k8s.io%2Fdescheduler%2Fdescheduler
- https://github.com/kubernetes-sigs/descheduler/tree/master/charts/descheduler
maintainers:
- name: alexlebens

3
clusters/cl01tl/helm/descheduler/values.yaml
View File

@@ -1,7 +1,4 @@
descheduler:
image:
repository: registry.k8s.io/descheduler/descheduler
tag: v0.35.1@sha256:871d3b804390b0b8c7cb09d4e9b7856cf30e31f9e9e3d29562b0301a10453bb1
kind: Deployment
resources:
limits:

8
clusters/cl01tl/helm/directus/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.0
digest: sha256:1ef062c01049dc3150f24b4bf1502a1026beda856ecca88df70b61701eaf659e
generated: "2026-04-10T01:34:22.131775797Z"
version: 0.4.0
digest: sha256:dfcb5d35e03ecdc4206227d206d36509319f0dcdaed54363840d71337debb3f7
generated: "2026-03-15T20:05:03.156596646Z"

6
clusters/cl01tl/helm/directus/Chart.yaml
View File

@@ -21,12 +21,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey
version: 0.6.0
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
# renovate: datasource=github-releases depName=directus/directus
appVersion: 11.17.2
appVersion: 11.17.0

10
clusters/cl01tl/helm/directus/values.yaml
View File

@@ -8,7 +8,8 @@ directus:
main:
image:
repository: ghcr.io/directus/directus
tag: 11.17.2@sha256:5e5978377f1cc9820ffc5b92597da1573a1350ea57f8aba42efd999139993874
tag: 11.17.0@sha256:076269ccbe7d4a0c44ce5f5b7f11e2ea5f7b3e4c4f704c0f88a52805e069c1c6
pullPolicy: IfNotPresent
env:
- name: PUBLIC_URL
value: https://directus.alexlebens.net
@@ -142,7 +143,7 @@ directus:
resources:
requests:
cpu: 10m
memory: 300Mi
memory: 1Gi
service:
main:
controller: main
@@ -150,6 +151,7 @@ directus:
http:
port: 80
targetPort: 8055
protocol: TCP
serviceMonitor:
main:
selector:
@@ -210,7 +212,3 @@ valkey:
aclUsers:
default:
permissions: "~* &* +@all"
# No option to configure metrics when auth is enabled
# https://github.com/valkey-io/valkey-helm/issues/135
metrics:
enabled: false

6
clusters/cl01tl/helm/elastic-operator/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: eck-operator
repository: https://helm.elastic.co
version: 3.3.2
digest: sha256:ac7a849a6d8244ef56c11f18438c4c76133f92d245228c5a1c8369d42562c177
generated: "2026-04-01T21:30:02.975920565Z"
version: 3.3.1
digest: sha256:8585f3ea3e4cafc4ff2969ea7e797017b7cfe4becb3385f0b080725908c02f09
generated: "2026-02-25T18:48:55.77034549Z"

4
clusters/cl01tl/helm/elastic-operator/Chart.yaml
View File

@@ -14,8 +14,8 @@ maintainers:
- name: alexlebens
dependencies:
- name: eck-operator
version: 3.3.2
version: 3.3.1
repository: https://helm.elastic.co
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/elastic.png
# renovate: datasource=github-releases depName=elastic/cloud-on-k8s
appVersion: v3.3.2
appVersion: v3.3.1

2
clusters/cl01tl/helm/elastic-operator/values.yaml
View File

@@ -1,7 +1,7 @@
eck-operator:
managedNamespaces:
- stalwart
- tubearchivist
- stalwart
installCRDs: true
replicaCount: 2
resources:

8
clusters/cl01tl/helm/element-web/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies:
- name: element-web
repository: https://ananace.gitlab.io/charts
version: 1.4.34
version: 1.4.33
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
digest: sha256:8640b8a250bdcd9e7561e3d28538ccf4644a7159a035ee0a5fdbcf71dc5b2bbe
generated: "2026-04-10T01:17:19.932208699Z"
version: 2.4.0
digest: sha256:63b0e582d42fb42bcf4d96ba4b299e42c434c42f284208596808288543192fe0
generated: "2026-03-24T16:11:50.424321433Z"

6
clusters/cl01tl/helm/element-web/Chart.yaml
View File

@@ -15,11 +15,11 @@ maintainers:
- name: alexlebens
dependencies:
- name: element-web
version: 1.4.34
version: 1.4.33
repository: https://ananace.gitlab.io/charts
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
version: 2.4.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png
# renovate: datasource=github-releases depName=element-hq/element-web
appVersion: v1.12.15
appVersion: v1.12.13

2
clusters/cl01tl/helm/element-web/values.yaml
View File

@@ -2,7 +2,7 @@ element-web:
replicaCount: 1
image:
repository: ghcr.io/element-hq/element-web
tag: v1.12.15@sha256:c7fa40b5ba3891f8af3ce63da0818f457c1802a9ee4d2f5e46a9df36a2388eed
tag: v1.12.13@sha256:5107e63026c13ed014f743e485821b7d4b56d275a41e76303859bb14f5f94eb6
defaultServer:
url: https://matrix.alexlebens.dev
name: alexlebens.dev

7
clusters/cl01tl/helm/eraser/Chart.lock
View File

@@ -2,8 +2,5 @@ dependencies:
- name: eraser
repository: https://eraser-dev.github.io/eraser/charts
version: 1.4.1
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
digest: sha256:8414813d3d9d195b16ef7ebf814f7095a16413f4b0e579fcb37738000624f68c
generated: "2026-04-08T21:39:05.689756-05:00"
digest: sha256:da828de684b0cd82e99994586f3db4f55c43c01607c4d8d0e70e204c7bbbbf5b
generated: "2025-12-03T22:53:20.200917773Z"

6
clusters/cl01tl/helm/eraser/Chart.yaml
View File

@@ -9,19 +9,13 @@ home: https://docs.alexlebens.dev/applications/eraser/
sources:
- https://github.com/eraser-dev/eraser
- https://github.com/eraser-dev/eraser/pkgs/container/eraser-manager
- https://github.com/open-telemetry/opentelemetry-collector-releases/pkgs/container/opentelemetry-collector-releases%2Fopentelemetry-collector
- https://github.com/eraser-dev/eraser/tree/main/charts/eraser
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: eraser
version: 1.4.1
repository: https://eraser-dev.github.io/eraser/charts
- name: app-template
alias: eraser-metrics
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
icon: https://raw.githubusercontent.com/eraser-dev/eraser/refs/heads/main/images/eraser-logo-color-1c.png
# renovate: datasource=github-releases depName=eraser-dev/eraser
appVersion: v1.4.1

82
clusters/cl01tl/helm/eraser/values.yaml
View File

@@ -35,85 +35,3 @@ eraser:
requests:
cpu: 1m
memory: 20Mi
eraser-metrics:
global:
nameOverride: eraser-metrics
fullnameOverride: eraser-metrics
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
containers:
main:
image:
repository: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector
tag: 0.149.0@sha256:dd56aed607fd02f8ac01dddb27a859c0c2cc750539abce927803778fafc736ae
command:
- /otelcol
- --config=/conf/otel-collector-config.yaml
resources:
requests:
cpu: 10m
memory: 20Mi
configMaps:
config:
enabled: true
forceRename: eraser-config
data:
otel-collector-config.yaml: |
receivers:
otlp:
protocols:
http:
exporters:
prometheus:
endpoint: "0.0.0.0:8889"
send_timestamps: true
metric_expiration: 180m
service:
telemetry:
logs:
encoding: json
pipelines:
metrics:
receivers:
- otlp
exporters:
- prometheus
service:
main:
controller: main
ports:
http:
port: 4318
targetPort: 4318
metrics:
port: 8889
targetPort: 8889
serviceMonitor:
main:
selector:
matchLabels:
app.kubernetes.io/name: eraser-metrics
app.kubernetes.io/instance: eraser-metrics
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: metrics
interval: 30s
scrapeTimeout: 15s
path: /metrics
persistence:
config:
enabled: true
type: configMap
name: eraser-config
advancedMounts:
main:
main:
- path: /conf/otel-collector-config.yaml
readOnly: true
mountPropagation: None
subPath: otel-collector-config.yaml

1
clusters/cl01tl/helm/excalidraw/values.yaml
View File

@@ -25,6 +25,7 @@ excalidraw:
http:
port: 80
targetPort: 80
protocol: HTTP
route:
main:
kind: HTTPRoute

3
clusters/cl01tl/helm/external-dns/Chart.yaml
View File

@@ -8,7 +8,6 @@ keywords:
home: https://docs.alexlebens.dev/applications/eraser/
sources:
- https://github.com/kubernetes-sigs/external-dns
- https://explore.ggcr.dev/?repo=registry.k8s.io%2Fexternal-dns%2Fexternal-dns
- https://github.com/kashalls/external-dns-unifi-webhook
- https://github.com/kubernetes-sigs/external-dns/tree/master/charts/external-dns
maintainers:
@@ -20,4 +19,4 @@ dependencies:
repository: https://kubernetes-sigs.github.io/external-dns/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
# renovate: datasource=github-releases depName=kubernetes-sigs/external-dns
appVersion: v0.21.0
appVersion: v0.20.0

3
clusters/cl01tl/helm/external-dns/values.yaml
View File

@@ -1,7 +1,4 @@
external-dns-unifi:
image:
repository: registry.k8s.io/external-dns/external-dns
tag: v0.21.0@sha256:f53faaf71cb270d1ca9dce6ea0c94bfebf1a18696263487f0fbc74b9bf2bd7ff
fullnameOverride: external-dns-unifi
resources:
requests:

6
clusters/cl01tl/helm/external-secrets/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: external-secrets
repository: https://charts.external-secrets.io
version: 2.3.0
digest: sha256:fedb79c937be24d4bb72f665122b468b445de95f3f02de419903e3136186e42f
generated: "2026-04-10T15:10:52.488487421Z"
version: 2.2.0
digest: sha256:3894df20e1f3d56bc9789177181a84d8ae1402ef76ec6328e417ce5a568738ae
generated: "2026-03-26T19:19:15.734454-05:00"

4
clusters/cl01tl/helm/external-secrets/Chart.yaml
View File

@@ -14,8 +14,8 @@ sources:
dependencies:
- name: external-secrets
alias: external-secrets
version: 2.3.0
version: 2.2.0
repository: https://charts.external-secrets.io
icon: https://raw.githubusercontent.com/external-secrets/external-secrets/refs/heads/main/assets/eso-logo-large.png
# renovate: datasource=github-releases depName=external-secrets/external-secrets
appVersion: vv2.3.0
appVersion: v2.2.0

6
clusters/cl01tl/helm/external-secrets/values.yaml
View File

@@ -2,7 +2,7 @@ external-secrets:
replicaCount: 3
image:
repository: ghcr.io/external-secrets/external-secrets
tag: v2.3.0@sha256:c425f51f422506c380550ad32fbf155412c7be84dd1c4b196130dcf04497be80
tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
installCRDs: true
crds:
createClusterExternalSecret: true
@@ -29,7 +29,7 @@ external-secrets:
webhook:
image:
repository: ghcr.io/external-secrets/external-secrets
tag: v2.3.0@sha256:c425f51f422506c380550ad32fbf155412c7be84dd1c4b196130dcf04497be80
tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
resources:
requests:
cpu: 1m
@@ -37,7 +37,7 @@ external-secrets:
certController:
image:
repository: ghcr.io/external-secrets/external-secrets
tag: v2.3.0@sha256:c425f51f422506c380550ad32fbf155412c7be84dd1c4b196130dcf04497be80
tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
resources:
requests:
cpu: 1m

2
clusters/cl01tl/helm/foldergram/Chart.yaml
View File

@@ -24,4 +24,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://raw.githubusercontent.com/foldergram/foldergram/refs/heads/main/client/public/icon-512.png
# renovate: datasource=github-releases depName=foldergram/foldergram
appVersion: v1.1.0
appVersion: v1.0.8

6
clusters/cl01tl/helm/foldergram/templates/persistent-volume-claim.yaml
View File

@@ -1,14 +1,14 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: foldergram-pictures-collections-nfs-storage
name: foldergram-pictures-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: foldergram-pictures-collections-nfs-storage
app.kubernetes.io/name: foldergram-pictures-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: foldergram-pictures-collections-nfs-storage
volumeName: foldergram-pictures-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany

6
clusters/cl01tl/helm/foldergram/templates/persistent-volume.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: foldergram-pictures-collections-nfs-storage
name: foldergram-pictures-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: foldergram-pictures-collections-nfs-storage
app.kubernetes.io/name: foldergram-pictures-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -15,7 +15,7 @@ spec:
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Pictures/Collections
path: /volume2/Storage/Pictures
server: synologybond.alexlebens.net
mountOptions:
- vers=4

12
clusters/cl01tl/helm/foldergram/values.yaml
View File

@@ -12,12 +12,13 @@ foldergram:
main:
image:
repository: ghcr.io/foldergram/foldergram
tag: 1.1.0@sha256:b08c7f30a15a3d3e4cf0877a5271cb76be6a36ab83751f040c115ccdb76b736a
tag: 1.0.9@sha256:aa6707e7456386f2d74b8f2769d0281f4127d1276349583b8531dbaa8f844883
pullPolicy: IfNotPresent
env:
- name: IMAGE_DETAIL_SOURCE
value: original
- name: DERIVATIVE_MODE
value: eager
value: lazy
- name: DATA_ROOT
value: ./data
- name: GALLERY_ROOT
@@ -35,6 +36,7 @@ foldergram:
http:
port: 80
targetPort: 4141
protocol: HTTP
route:
main:
kind: HTTPRoute
@@ -58,18 +60,18 @@ foldergram:
forceRename: foldergram-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 40Gi
size: 10Gi
advancedMounts:
main:
main:
- path: /app/data
readOnly: false
pictures:
existingClaim: foldergram-pictures-collections-nfs-storage
existingClaim: foldergram-pictures-nfs-storage
advancedMounts:
main:
main:
- path: /gallery/pictures/collections
- path: /gallery/pictures
readOnly: true
volsync-target-data:
pvcTarget: foldergram-data

8
clusters/cl01tl/helm/freshrss/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 4.6.2
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
version: 2.4.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:2a13aac2d207555bf33ee01db493d210e860e660433cd6f5b9b67fadf91f8f74
generated: "2026-04-10T01:17:32.585138713Z"
digest: sha256:a7bdbecd50433fedd65d3043102fe3c9e366dc98953c37eb0cfe762bce833e8e
generated: "2026-03-15T20:05:14.085780861Z"

4
clusters/cl01tl/helm/freshrss/Chart.yaml
View File

@@ -22,10 +22,10 @@ dependencies:
version: 4.6.2
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
version: 2.4.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data

3
clusters/cl01tl/helm/freshrss/values.yaml
View File

@@ -79,7 +79,7 @@ freshrss:
resources:
requests:
cpu: 1m
memory: 100Mi
memory: 128Mi
service:
main:
controller: main
@@ -87,6 +87,7 @@ freshrss:
http:
port: 80
targetPort: 80
protocol: HTTP
persistence:
data:
forceRename: freshrss-data

19
clusters/cl01tl/helm/garage/values.yaml
View File

@@ -28,7 +28,7 @@ garage:
resources:
requests:
cpu: 10m
memory: 200Mi
memory: 400Mi
server-2:
type: deployment
replicas: 1
@@ -57,7 +57,7 @@ garage:
resources:
requests:
cpu: 10m
memory: 200Mi
memory: 400Mi
server-3:
type: deployment
replicas: 1
@@ -86,7 +86,7 @@ garage:
resources:
requests:
cpu: 10m
memory: 200Mi
memory: 400Mi
webui:
type: deployment
replicas: 1
@@ -212,15 +212,19 @@ garage:
s3:
port: 3900
targetPort: 3900
protocol: HTTP
rpc:
port: 3901
targetPort: 3901
protocol: HTTP
web:
port: 3902
targetPort: 3902
protocol: HTTP
admin:
port: 3903
targetPort: 3903
protocol: HTTP
server-2:
forceRename: garage-2
controller: server-2
@@ -228,15 +232,19 @@ garage:
s3:
port: 3900
targetPort: 3900
protocol: HTTP
rpc:
port: 3901
targetPort: 3901
protocol: HTTP
web:
port: 3902
targetPort: 3902
protocol: HTTP
admin:
port: 3903
targetPort: 3903
protocol: HTTP
server-3:
forceRename: garage-3
controller: server-3
@@ -244,21 +252,26 @@ garage:
s3:
port: 3900
targetPort: 3900
protocol: HTTP
rpc:
port: 3901
targetPort: 3901
protocol: HTTP
web:
port: 3902
targetPort: 3902
protocol: HTTP
admin:
port: 3903
targetPort: 3903
protocol: HTTP
webui:
controller: webui
ports:
webui:
port: 3909
targetPort: 3909
protocol: HTTP
serviceMonitor:
main:
selector:

6
clusters/cl01tl/helm/gatus/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 1.5.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:b2a7ef962a91dff4313f66c1d04356f1b2aeefc752d672a9a27ea227db4b8c7d
generated: "2026-04-04T21:02:09.187828-05:00"
digest: sha256:83ec84774e0cc708f1cb5d83d657180159bfb75c9928784ebf0280e224b1cbca
generated: "2026-03-15T20:05:27.625292422Z"

2
clusters/cl01tl/helm/gatus/Chart.yaml
View File

@@ -20,7 +20,7 @@ dependencies:
version: 1.5.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data

35
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -113,6 +113,9 @@ gatus:
- name: yamtrack
url: https://yamtrack.alexlebens.net
<<: *defaults
- name: movie-roulette
url: https://movie-roulette.alexlebens.net
<<: *defaults
- name: jellyfin
url: https://jellyfin.alexlebens.net
<<: *defaults
@@ -131,6 +134,9 @@ gatus:
- name: immich
url: https://immich.alexlebens.net
<<: *defaults
- name: photoview
url: https://photoview.alexlebens.net
<<: *defaults
- name: foldergram
url: https://foldergram.alexlebens.net
<<: *defaults
@@ -158,33 +164,30 @@ gatus:
- name: roundcube
url: https://mail.alexlebens.net
<<: *defaults
- name: paperless-ngx
url: https://paperless-ngx.alexlebens.net
<<: *defaults
- name: kiwix
url: https://kiwix.alexlebens.net
<<: *defaults
- name: excalidraw
url: https://excalidraw.alexlebens.net
<<: *defaults
- name: languagetool
url: https://languagetool.alexlebens.net
<<: *defaults
- name: gitea
url: https://gitea.alexlebens.net
<<: *defaults
- name: home-assistant-code-server
url: https://home-assistant-code-server.alexlebens.net
<<: *defaults
- name: postiz-spotlight
url: https://postiz-spotlight.alexlebens.net
<<: *defaults
- name: postiz-temporal
url: https://postiz-temporal.alexlebens.net
<<: *defaults
- name: argocd
url: https://argocd.alexlebens.net
<<: *defaults
- name: komodo
url: https://komodo.alexlebens.net
<<: *defaults
- name: argo-workflows
url: https://argo-workflows.alexlebens.net
<<: *defaults
- name: omni-tools
url: https://omni-tools.alexlebens.net
<<: *defaults
@@ -342,14 +345,6 @@ gatus:
url: https://www.alexlebens.dev
<<: *defaults
group: external
- name: docs
url: https://docs.alexlebens.dev
<<: *defaults
group: external
- name: saralebens
url: https://www.saralebens.com
<<: *defaults
group: external
- name: rybbit
url: https://rybbit.alexlebens.dev
<<: *defaults
@@ -364,7 +359,7 @@ gatus:
<<: *defaults
group: external
- name: outline
url: https://outline.alexlebens.dev
url: https://wiki.alexlebens.dev
<<: *defaults
group: external
- name: vaultwarden
@@ -385,6 +380,10 @@ gatus:
url: https://gitea.alexlebens.dev
<<: *defaults
group: external
- name: codeserver
url: https://codeserver.alexlebens.dev
<<: *defaults
group: external
- name: authentik
url: https://auth.alexlebens.dev
<<: *defaults

6
clusters/cl01tl/helm/generic-device-plugin/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.29
digest: sha256:927c4aaf7484f3522ecd92d456f184555f4c742adc1c63b32a149cbb847e9eee
generated: "2026-04-10T17:19:10.852938614Z"
version: 0.20.26
digest: sha256:47d12b7555d345dea0438d13ac538896994dbd44b142b9a546dbfe5c0939a92b
generated: "2026-03-24T16:59:26.537547513Z"

2
clusters/cl01tl/helm/generic-device-plugin/Chart.yaml
View File

@@ -14,6 +14,6 @@ maintainers:
dependencies:
- name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.29
version: 0.20.26
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: 1.0.0

16
clusters/cl01tl/helm/gitea/Chart.lock
View File

@@ -4,24 +4,24 @@ dependencies:
version: 12.5.0
- name: actions
repository: https://dl.gitea.com/charts/
version: 0.0.5
version: 0.0.3
- name: meilisearch
repository: https://meilisearch.github.io/meilisearch-kubernetes
version: 0.30.0
version: 0.29.0
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
version: 2.4.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.0
version: 0.4.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.0
version: 0.4.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:1834a2f731f3dfd1f2c1997ef827c941f63436e3d4766b7713771f6ab147a285
generated: "2026-04-10T01:34:45.637993565Z"
digest: sha256:49862b06fe4884f504d0a892cb899f577262b584053b64a3504bacaf96d70f39
generated: "2026-03-26T20:59:30.690577-05:00"

13
clusters/cl01tl/helm/gitea/Chart.yaml
View File

@@ -14,7 +14,6 @@ sources:
- https://hub.docker.com/r/gitea/gitea
- https://hub.docker.com/r/renovate/renovate
- https://hub.docker.com/r/d3fk/s3cmd/
- https://hub.docker.com/_/busybox
- https://gitea.com/gitea/helm-chart
- https://gitea.com/gitea/helm-actions
- https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch
@@ -31,24 +30,24 @@ dependencies:
- name: actions
alias: gitea-actions
repository: https://dl.gitea.com/charts/
version: 0.0.5
version: 0.0.3
- name: meilisearch
version: 0.30.0
version: 0.29.0
repository: https://meilisearch.github.io/meilisearch-kubernetes
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
version: 2.4.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey-gitea
version: 0.6.0
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey-renovate
version: 0.6.0
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-storage

58
clusters/cl01tl/helm/gitea/values.yaml
View File

@@ -145,52 +145,11 @@ gitea-actions:
statefulset:
replicas: 6
timezone: America/Chicago
resources:
limits:
ephemeral-storage: 15Gi
requests:
ephemeral-storage: 2Gi
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- gitea-actions-act-runner
topologyKey: "kubernetes.io/hostname"
extraVolumes:
- name: workspace-vol
ephemeral:
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
storageClassName: ceph-block
resources:
requests:
storage: 20Gi
- name: docker-vol
ephemeral:
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
storageClassName: ceph-block
resources:
requests:
storage: 50Gi
actRunner:
registry: docker.io
repository: gitea/act_runner
# renovate: datasource=docker depName=gitea/act_runner
tag: 0.3.1@sha256:c2a169c5e99864c25e32527cef3d82203225e09558773022bf3dc164a2e6d762
extraVolumeMounts:
- name: workspace-vol
mountPath: /workspace
config: |
log:
level: debug
@@ -206,10 +165,7 @@ gitea-actions:
registry: docker.io
repository: docker
# renovate: datasource=docker depName=docker
tag: 29.4.0-dind@sha256:f80c26212befc1c1988b529495532c6b9180d9b1dab1611f4a1efbe9da8ec821
extraVolumeMounts:
- name: docker-vol
mountPath: /var/lib/docker
tag: 29.3.1-dind@sha256:4d90f1f6c400315c2dba96d3ec93c01e64198395cbba04f79d12adce4f737029
persistence:
storageClass: ceph-block
size: 10Gi
@@ -235,21 +191,17 @@ meilisearch:
size: 5Gi
resources:
requests:
cpu: 10m
memory: 150Mi
cpu: 1m
memory: 160Mi
serviceMonitor:
enabled: true
cloudflared:
resources:
requests:
cpu: 100m
memory: 30Mi
postgres-18-cluster:
mode: recovery
cluster:
resources:
requests:
cpu: 100m
memory: 100Mi
recovery:
method: objectStore
objectStore:
@@ -272,7 +224,7 @@ valkey-gitea:
resources:
requests:
cpu: 20m
memory: 1Gi
memory: 2Gi
dataStorage:
requestedSize: 10Gi
replica:

10
clusters/cl01tl/helm/grafana-operator/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 5.22.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.0
version: 0.4.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.0
digest: sha256:92931c4ed7e060931fd1aa0e4c3021cc548c1375bdd8a150ed61c858496af72c
generated: "2026-04-10T01:35:19.405893161Z"
version: 0.4.0
digest: sha256:a3bf183bcecb4d4b5354fe91a549075997dccb41c193da9daec9ccbe4d659fe2
generated: "2026-03-18T10:04:15.165729555Z"

6
clusters/cl01tl/helm/grafana-operator/Chart.yaml
View File

@@ -20,15 +20,15 @@ dependencies:
repository: https://grafana.github.io/helm-charts
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey-unified-alerting
version: 0.6.0
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey-remote-cache
version: 0.6.0
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/grafana.png
# renovate: datasource=github-releases depName=grafana/grafana-operator

133
clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml
View File

@@ -244,44 +244,6 @@ spec:
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/descheduler.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: grafana-dashboard-external-dns
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-dashboard-external-dns
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
folderUID: grafana-folder-service
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/external-dns.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: grafana-dashboard-external-secrets
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-dashboard-external-secrets
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
folderUID: grafana-folder-service
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/external-secrets.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
@@ -434,44 +396,6 @@ spec:
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/unpoller.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: grafana-dashboard-version-checker-internal
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-dashboard-version-checker-internal
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
folderUID: grafana-folder-service
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/version-checker-internal.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: grafana-dashboard-version-checker
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-dashboard-version-checker
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
folderUID: grafana-folder-service
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/version-checker.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
@@ -605,25 +529,6 @@ spec:
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/vault.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: grafana-dashboard-unpackerr
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-dashboard-unpackerr
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
folderUID: grafana-folder-platform
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/unpackerr.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
@@ -700,25 +605,6 @@ spec:
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/jellyfin.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: grafana-dashboard-navidrome
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-dashboard-navidrome
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
folderUID: grafana-folder-application
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/navidrome.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
@@ -738,25 +624,6 @@ spec:
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/radarr.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: grafana-dashboard-servarr
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-dashboard-servarr
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
folderUID: grafana-folder-application
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/servarr.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard

2
clusters/cl01tl/helm/grafana-operator/templates/grafana.yaml
View File

@@ -61,7 +61,7 @@ spec:
resources:
requests:
cpu: 20m
memory: 150Mi
memory: 120Mi
env:
- name: AUTH_CLIENT_ID
valueFrom:

5
clusters/cl01tl/helm/grafana-operator/values.yaml
View File

@@ -1,9 +1,4 @@
grafana-operator:
image:
registry: ghcr.io
repository: grafana/grafana-operator
# renovate: datasource=docker depName=ghcr.io/grafana/grafana-operator
tag: v5.22.2@sha256:d45fc24e8f43d83286d81625ee8d919d0fc88255a6500b63f68d7966a4f9e9af
replicas: 2
resources:
requests:

1
clusters/cl01tl/helm/grimmory/values.yaml
View File

@@ -44,6 +44,7 @@ grimmory:
http:
port: 80
targetPort: 6060
protocol: HTTP
route:
main:
kind: HTTPRoute

8
clusters/cl01tl/helm/harbor/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 1.18.3
- name: postgres-cluster
repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
version: 7.11.2
version: 7.10.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.0
digest: sha256:b153dff647b1657cca3e2efc2ad188214496374eed1137f9ecb887184f8a4470
generated: "2026-04-10T01:35:42.967388076Z"
version: 0.4.0
digest: sha256:e7a5cee56dddb4abc07ff18677cb6ddf55571b38da2eeb7e654e8ad8f7709bfa
generated: "2026-03-19T04:16:54.362332682Z"

13
clusters/cl01tl/helm/harbor/Chart.yaml
View File

@@ -4,14 +4,15 @@ version: 1.0.0
description: Harbor
keywords:
- harbor
- image-registry
home: https://docs.alexlebens.dev/applications/harbor/
- images
- cache
- kubernetes
home: https://wiki.alexlebens.dev/s/7e132c13-afee-48ec-b3dd-efd656d240c9
sources:
- https://github.com/goharbor
- https://github.com/orgs/goharbor/packages
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/goharbor/harbor-helm
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers:
- name: alexlebens
dependencies:
@@ -20,11 +21,11 @@ dependencies:
repository: https://helm.goharbor.io
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
- name: valkey
alias: valkey
version: 0.6.0
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/harbor.png
# renovate: datasource=github-releases depName=goharbor/harbor

36
clusters/cl01tl/helm/harbor/templates/external-secret.yaml
View File

@@ -14,49 +14,85 @@ spec:
data:
- secretKey: HARBOR_ADMIN_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: admin-password
- secretKey: secretKey
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: secretKey
- secretKey: CSRF_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/core
metadataPolicy: None
property: CSRF_KEY
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/core
metadataPolicy: None
property: secret
- secretKey: tls.crt
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/core
metadataPolicy: None
property: tls.crt
- secretKey: tls.key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/core
metadataPolicy: None
property: tls.key
- secretKey: JOBSERVICE_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/jobservice
metadataPolicy: None
property: JOBSERVICE_SECRET
- secretKey: REGISTRY_HTTP_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/registry
metadataPolicy: None
property: REGISTRY_HTTP_SECRET
- secretKey: REGISTRY_REDIS_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/registry
metadataPolicy: None
property: REGISTRY_REDIS_PASSWORD
- secretKey: REGISTRY_HTPASSWD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/registry
metadataPolicy: None
property: REGISTRY_HTPASSWD
- secretKey: REGISTRY_CREDENTIAL_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/registry
metadataPolicy: None
property: REGISTRY_CREDENTIAL_PASSWORD
- secretKey: REGISTRY_PASSWD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/registry
metadataPolicy: None
property: REGISTRY_CREDENTIAL_PASSWORD

38
clusters/cl01tl/helm/harbor/values.yaml
View File

@@ -21,9 +21,13 @@ harbor:
size: 100Gi
existingSecretAdminPassword: harbor-secret
existingSecretAdminPasswordKey: HARBOR_ADMIN_PASSWORD
internalTLS:
enabled: false
ipFamily:
ipv6:
enabled: false
ipv4:
enabled: true
updateStrategy:
type: Recreate
existingSecretSecretKey: harbor-secret
@@ -69,12 +73,12 @@ harbor:
credentials:
existingSecret: harbor-secret
upload_purging:
enabled: true
age: 72h
interval: 24h
dryrun: false
trivy:
enabled: true
image:
repository: ghcr.io/goharbor/trivy-adapter-photon
tag: v2.15.0@sha256:6fd6de9cfbbb04cb1d94722cfa01cf71b8994d3f9e7891d3b03a89a7536480ba
database:
type: external
external:
@@ -105,14 +109,32 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 35 14 * * *"
backupName: garage-local
valkey:
valkey:
resources:
requests:
memory: 30Mi
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external

3
clusters/cl01tl/helm/headlamp/Chart.yaml
View File

@@ -5,7 +5,8 @@ description: Headlamp
keywords:
- headlamp
- dashboard
home: https://docs.alexlebens.dev/applications/headlamp/
- kubernetes
home: https://wiki.alexlebens.dev/s/6cc43960-78df-459d-aab6-433844249243
sources:
- https://github.com/headlamp-k8s/headlamp
- https://github.com/headlamp-k8s/headlamp/tree/main/charts/headlamp

18
clusters/cl01tl/helm/headlamp/templates/external-secret.yaml
View File

@@ -14,25 +14,43 @@ spec:
data:
- secretKey: OIDC_CLIENT_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/headlamp
metadataPolicy: None
property: client
- secretKey: OIDC_CLIENT_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/headlamp
metadataPolicy: None
property: secret
- secretKey: OIDC_ISSUER_URL
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/headlamp
metadataPolicy: None
property: issuer
- secretKey: OIDC_SCOPES
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/headlamp
metadataPolicy: None
property: scopes
- secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_IDP_ISSUER_URL
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/headlamp
metadataPolicy: None
property: validator-issuer-url
- secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_CLIENT_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/headlamp
metadataPolicy: None
property: validator-client-id

28
clusters/cl01tl/helm/headlamp/templates/http-route.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: headlamp
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: headlamp
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- headlamp.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: headlamp
port: 80
weight: 100

28
clusters/cl01tl/helm/headlamp/values.yaml
View File

@@ -1,9 +1,5 @@
headlamp:
replicaCount: 2
image:
registry: ghcr.io
repository: headlamp-k8s/headlamp
tag: v0.41.0@sha256:89c6c65810bfde61796483c93c70d659104355593792bf55cab680d685da8eeb
config:
oidc:
secret:
@@ -14,30 +10,10 @@ headlamp:
watchPlugins: true
# Bypasses: https://github.com/kubernetes-sigs/headlamp/issues/4883
sessionTTL: null
httpRoute:
enabled: true
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- headlamp.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: headlamp
port: 80
weight: 100
resources:
requests:
cpu: 1m
memory: 80Mi
cpu: 10m
memory: 128Mi
pluginsManager:
enabled: true
securityContext:

9
clusters/cl01tl/helm/home-assistant/Chart.yaml
View File

@@ -4,13 +4,14 @@ version: 1.0.0
description: Home Assistant
keywords:
- home-assistant
- home-automation
home: https://docs.alexlebens.dev/applications/home-assistant/
- home
- automation
home: https://wiki.alexlebens.dev/s/5462c17e-cd39-4082-ad01-94545a2fa3ca
sources:
- https://www.home-assistant.io/
- https://github.com/home-assistant/core
- https://github.com/home-assistant/core/pkgs/container/home-assistant
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -24,4 +25,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/home-assistant.png
# renovate: datasource=github-releases depName=home-assistant/core
appVersion: 2026.4.1
appVersion: 2026.3.4

9
clusters/cl01tl/helm/home-assistant/templates/external-secret.yaml
View File

@@ -14,11 +14,17 @@ spec:
data:
- secretKey: PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/home-assistant/code-server/auth
metadataPolicy: None
property: PASSWORD
- secretKey: SUDO_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/home-assistant/code-server/auth
metadataPolicy: None
property: SUDO_PASSWORD
---
@@ -38,5 +44,8 @@ spec:
data:
- secretKey: bearer-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/home-assistant/auth
metadataPolicy: None
property: bearer-token

37
clusters/cl01tl/helm/home-assistant/values.yaml
View File

@@ -4,29 +4,28 @@ home-assistant:
type: deployment
replicas: 1
strategy: Recreate
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/home-assistant/home-assistant
tag: 2026.4.1@sha256:8848691147f01a6eee7753de2ade21b04d6168fcd2e2a7089f6f84e3b7b86960
tag: 2026.3.4
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
resources:
requests:
cpu: 1m
memory: 400Mi
cpu: 50m
memory: 512Mi
code-server:
image:
repository: ghcr.io/linuxserver/code-server
tag: 4.115.0-ls331@sha256:308f49acac8734542560f797d79b15e4c872c4d3f97d1b22862633fcce2af62a
tag: 4.112.0@sha256:4bb5b8ad22268001687c047f0f04933799fb03df1eb0e1e266ba15ed2d9f4e8b
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
- name: PUID
value: 1000
- name: PGID
@@ -36,6 +35,10 @@ home-assistant:
envFrom:
- secretRef:
name: home-assistant-code-server-password-secret
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -43,12 +46,14 @@ home-assistant:
http:
port: 80
targetPort: 8123
protocol: TCP
code-server:
controller: main
ports:
http:
port: 8443
targetPort: 8443
protocol: HTTP
serviceMonitor:
main:
selector:
@@ -77,8 +82,11 @@ home-assistant:
- home-assistant.alexlebens.net
rules:
- backendRefs:
- name: home-assistant-main
- group: ''
kind: Service
name: home-assistant-main
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -94,8 +102,11 @@ home-assistant:
- home-assistant-code-server.alexlebens.net
rules:
- backendRefs:
- name: home-assistant-code-server
- group: ''
kind: Service
name: home-assistant-code-server
port: 8443
weight: 100
matches:
- path:
type: PathPrefix
@@ -117,6 +128,8 @@ home-assistant:
volsync-target-config:
pvcTarget: home-assistant-config
moverSecurityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
local:

4
clusters/cl01tl/helm/homepage/Chart.yaml
View File

@@ -5,7 +5,7 @@ description: Homepage
keywords:
- homepage
- dashboard
home: https://docs.alexlebens.dev/applications/homepage/
home: https://wiki.alexlebens.dev/s/a5fabd91-3d89-4e2b-9417-06111aedaeaa
sources:
- https://github.com/gethomepage/homepage
- https://github.com/gethomepage/homepage/pkgs/container/homepage
@@ -19,4 +19,4 @@ dependencies:
version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/homepage.png
# renovate: datasource=github-releases depName=gethomepage/homepage
appVersion: v1.12.3
appVersion: v1.12.0

51
clusters/cl01tl/helm/homepage/templates/external-secret.yaml
View File

@@ -14,69 +14,120 @@ spec:
data:
- secretKey: HOMEPAGE_VAR_GITEA_API_TOKEN
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/auth/homepage
metadataPolicy: None
property: token
- secretKey: HOMEPAGE_VAR_ARGOCD_API_TOKEN
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/argocd/credentials/homepage
metadataPolicy: None
property: token
- secretKey: HOMEPAGE_VAR_KOMODO_API_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/komodo/homepage
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_KOMODO_API_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/komodo/homepage
metadataPolicy: None
property: secret
- secretKey: HOMEPAGE_VAR_JELLYSTAT_API_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/jellystat/homepage
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_SYNOLOGY_USER
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /synology/auth/cl01tl
metadataPolicy: None
property: user
- secretKey: HOMEPAGE_VAR_SYNOLOGY_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /synology/auth/cl01tl
metadataPolicy: None
property: password
- secretKey: HOMEPAGE_VAR_UNIFI_API_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /unifi/auth/cl01tl
metadataPolicy: None
property: api-key
- secretKey: HOMEPAGE_VAR_SONARR_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/sonarr4/key
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_SONARR4K_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/sonarr4-4k/key
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_SONARRANIME_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/sonarr4-anime/key
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_RADARR_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/radarr5/key
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_RADARR4K_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/radarr5-4k/key
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_RADARRANIME_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/radarr5-anime/key
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_RADARRSTANDUP_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/radarr5-standup/key
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_LIDARR_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/lidarr2/key
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_PROWLARR_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/prowlarr/key
metadataPolicy: None
property: key

212
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -5,7 +5,7 @@ homepage:
main:
type: deployment
replicas: 1
strategy: Recreate
strategy: RollingUpdate
annotations:
reloader.stakater.com/auto: "true"
serviceAccount:
@@ -16,7 +16,8 @@ homepage:
main:
image:
repository: ghcr.io/gethomepage/homepage
tag: v1.12.3@sha256:cc84f2f5eb3c7734353701ccbaa24ed02dacb0d119114e50e4251e2005f3990a
tag: v1.12.0
pullPolicy: IfNotPresent
env:
- name: HOMEPAGE_ALLOWED_HOSTS
value: home.alexlebens.net
@@ -25,8 +26,8 @@ homepage:
name: homepage-keys-secret
resources:
requests:
cpu: 1m
memory: 128Mi
cpu: 10m
memory: 256Mi
serviceAccount:
homepage:
enabled: true
@@ -56,7 +57,7 @@ homepage:
- Media:
tab: Applications
icon: mdi-multimedia-#ffffff
- External:
- Public:
tab: Applications
icon: mdi-earth-#ffffff
- Internal:
@@ -145,6 +146,12 @@ homepage:
href: https://yamtrack.alexlebens.net
siteMonitor: http://yamtrack.yamtrack:80
statusStyle: dot
- Movie Roulette:
icon: https://raw.githubusercontent.com/sahara101/Movie-Roulette/refs/heads/main/static/icons/icon.png
description: Movie Roulette
href: https://movie-roulette.alexlebens.net
siteMonitor: http://movie-roulette.movie-roulette:80
statusStyle: dot
- Movies and TV:
icon: sh-jellyfin.webp
description: Jellyfin
@@ -176,7 +183,13 @@ homepage:
siteMonitor: http://immich.immich:2283
statusStyle: dot
- Pictures:
icon: sh-foldergram.webp
icon: sh-photoview.webp
description: Photoview
href: https://photoview.alexlebens.net
siteMonitor: http://photoview.photoview:80
statusStyle: dot
- Pictures:
icon: https://raw.githubusercontent.com/foldergram/foldergram/refs/heads/main/client/public/icon-512.png
description: Foldergram
href: https://foldergram.alexlebens.net
siteMonitor: http://foldergram.foldergram:80
@@ -187,7 +200,7 @@ homepage:
href: https://grimmory.alexlebens.net
siteMonitor: http://grimmory.grimmory:80
statusStyle: dot
- External:
- Public:
- Site:
icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.png
description: Profile Website
@@ -196,7 +209,7 @@ homepage:
statusStyle: dot
- Documentation:
icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.png
description: Homelab Docs
description: Documentation Wiki
href: https://docs.alexlebens.dev
siteMonitor: https://docs.alexlebens.dev
statusStyle: dot
@@ -224,11 +237,11 @@ homepage:
href: https://chat.alexlebens.dev
siteMonitor: https://chat.alexlebens.dev
statusStyle: dot
- Knowledge Base:
- Wiki:
icon: sh-outline.webp
description: Outline
href: https://outline.alexlebens.dev
siteMonitor: https://outline.alexlebens.dev
href: https://wiki.alexlebens.dev
siteMonitor: https://wiki.alexlebens.dev
statusStyle: dot
- Passwords:
icon: sh-vaultwarden-light.webp
@@ -291,13 +304,7 @@ homepage:
href: https://mail.alexlebens.net
siteMonitor: http://roundcube.roundcube:80
statusStyle: dot
- Documents:
icon: sh-paperless-ngx.webp
description: Paperless-ngx
href: https://paperless-ngx.alexlebens.net
siteMonitor: http://paperless-ngx.paperless-ngx:80
statusStyle: dot
- Wikipedia:
- Wiki:
icon: sh-kiwix-light.webp
description: Kiwix
href: https://kiwix.alexlebens.net
@@ -310,7 +317,7 @@ homepage:
siteMonitor: http://excalidraw.excalidraw:80
statusStyle: dot
- Code:
- Code (External):
- Code (Public):
icon: sh-gitea.webp
description: Gitea
href: https://gitea.alexlebens.dev
@@ -332,30 +339,24 @@ homepage:
href: https://gitea.alexlebens.net
siteMonitor: https://gitea.alexlebens.net
statusStyle: dot
- Code (Remote):
- Code (ps10rp):
icon: sh-gitea.webp
description: Gitea
href: https://gitea-ps10rp.boreal-beaufort.ts.net
siteMonitor: https://gitea-ps10rp.boreal-beaufort.ts.net
statusStyle: dot
- IDE (Public):
icon: sh-visual-studio-code.webp
description: VS Code
href: https://codeserver.alexlebens.dev
siteMonitor: https://codeserver.alexlebens.dev
statusStyle: dot
- IDE (Home Assistant):
icon: sh-visual-studio-code.webp
description: Edit config for Home Assistant
href: https://home-assistant-code-server.alexlebens.net
siteMonitor: http://home-assistant-code-server.home-assistant:8443
statusStyle: dot
- Spotlight (Postiz):
icon: https://raw.githubusercontent.com/getsentry/spotlight/c528fc752edde40f008282dc7c8ff1568e58c40b/packages/website/public/favicon.svg
description: Sentry monitoring for Postiz
href: https://postiz-spotlight.alexlebens.net
siteMonitor: http://postiz-spotlight.postiz:8969
statusStyle: dot
- Temporal (Postiz):
icon: https://raw.githubusercontent.com/temporalio/documentation/47b489b69d7c7ee4c3a0880cc0faf11b5f4cdb2a/static/img/favicon.svg
description: Temporal monitoring for Postiz
href: https://postiz-temporal.alexlebens.net
siteMonitor: http://postiz-temporal-web.postiz:8080
statusStyle: dot
- Automation:
- Continuous Deployment:
icon: sh-argo-cd.webp
@@ -387,6 +388,12 @@ homepage:
secret: {{ "{{HOMEPAGE_VAR_KOMODO_API_SECRET}}" }}
showStacks: true
fields: ["running", "down", "unhealthy", "unknown"]
- Deployment Workflows:
icon: sh-argo-cd.webp
description: Argo Workflows
href: https://argo-workflows.alexlebens.net
siteMonitor: http://argo-workflows-server.argo-workflows:2746
statusStyle: dot
- Uptime:
icon: sh-gatus.webp
description: Gatus
@@ -456,31 +463,25 @@ homepage:
query: prometheus_tsdb_storage_blocks_bytes
format:
type: bytes
- Jellyfin Monitor:
- Jellystat:
icon: sh-jellystat.webp
description: Jellystat
description: Jellyfin Monitoring
href: https://jellystat.alexlebens.net
siteMonitor: http://jellystat.jellystat:80
statusStyle: dot
- Media Library Statistics:
- MediaLyze:
icon: https://raw.githubusercontent.com/frederikemmer/MediaLyze/d8f69c0628bac7c047b90f91a66341648029c273/frontend/public/favicon.svg
description: MediaLyze
description: Jellyfin Media Monitoring
href: https://medialyze.alexlebens.net
siteMonitor: http://medialyze.medialyze:80
statusStyle: dot
- Services:
- Auth (External):
- Auth (Public):
icon: sh-authentik.webp
description: Authentik
href: https://auth.alexlebens.dev
siteMonitor: https://auth.alexlebens.dev
statusStyle: dot
namespace: authentik
app: authentik
podSelector: >-
app.kubernetes.io/instance in (
authentik
)
- Auth (Local):
icon: sh-authentik.webp
description: Authentik
@@ -493,36 +494,18 @@ homepage:
href: https://stalwart.alexlebens.net
siteMonitor: http://stalwart.stalwart:80
statusStyle: dot
namespace: stalwart
app: stalwart
podSelector: >-
app.kubernetes.io/instance in (
stalwart
)
- Notifications:
icon: sh-ntfy.webp
description: ntfy
href: https://ntfy.alexlebens.net
siteMonitor: http://ntfy.ntfy:80
statusStyle: dot
namespace: ntfy
app: ntfy
podSelector: >-
app.kubernetes.io/instance in (
ntfy
)
- Reverse Proxy:
icon: sh-traefik.webp
description: Traefik
href: https://traefik-cl01tl.alexlebens.net/dashboard/#/
siteMonitor: https://traefik-cl01tl.alexlebens.net/dashboard/#/
statusStyle: dot
namespace: traefik
app: traefik
podSelector: >-
app.kubernetes.io/name in (
traefik
)
widget:
type: traefik
url: https://traefik-cl01tl.alexlebens.net
@@ -532,14 +515,8 @@ homepage:
href: https://harbor.alexlebens.net
siteMonitor: http://harbor-portal.harbor:80
statusStyle: dot
namespace: harbor
app: harbor
podSelector: >-
app.kubernetes.io/instance in (
harbor
)
- Hardware:
- Network Management (Local):
- Network Management (alexlebens.net):
icon: sh-ubiquiti-unifi.webp
description: Unifi
href: https://unifi.alexlebens.net
@@ -592,22 +569,13 @@ homepage:
href: https://ceph.alexlebens.net
siteMonitor: http://rook-ceph-mgr-dashboard.rook-ceph:7000
statusStyle: dot
namespace: rook-ceph
app: rook-ceph
podSelector: ""
- Object Storage (Local):
- Object Storage (NAS):
icon: sh-garage.webp
description: Garage
href: https://garage-webui.alexlebens.net
siteMonitor: http://garage-webui.garage:3909
statusStyle: dot
namespace: garage
app: garage
podSelector: >-
app.kubernetes.io/instance in (
garage
)
- Object Storage (Remote):
- Object Storage (ps10rp):
icon: sh-garage.webp
description: Garage
href: https://garage-ui-ps10rp.boreal-beaufort.ts.net
@@ -625,24 +593,12 @@ homepage:
href: https://vault.alexlebens.net
siteMonitor: http://vault.vault:8200
statusStyle: dot
namespace: vault
app: vault
podSelector: >-
app.kubernetes.io/instance in (
vault
)
- Backups:
icon: sh-backrest-light.webp
description: Backrest
href: https://backrest.alexlebens.net
siteMonitor: http://backrest.backrest:80
statusStyle: dot
namespace: backrest
app: backrest
podSelector: >-
app.kubernetes.io/instance in (
backrest
)
widget:
type: backrest
url: http://backrest.backrest:80
@@ -653,12 +609,6 @@ homepage:
href: https://qui.alexlebens.net
siteMonitor: http://qbittorrent-qui.qbittorrent:80
statusStyle: dot
namespace: qbittorrent
app: qbittorrent
podSelector: >-
app.kubernetes.io/instance in (
qbittorrent
)
widget:
type: qbittorrent
url: http://qbittorrent.qbittorrent:8080
@@ -687,12 +637,6 @@ homepage:
href: https://tdarr.alexlebens.net
siteMonitor: http://tdarr-web.tdarr:8265
statusStyle: dot
namespace: tdarr
app: tdarr
podSelector: >-
app.kubernetes.io/instance in (
tdarr
)
widget:
type: tdarr
url: http://tdarr-web.tdarr:8265
@@ -703,12 +647,6 @@ homepage:
href: https://sonarr.alexlebens.net
siteMonitor: http://sonarr.sonarr:80
statusStyle: dot
namespace: sonarr
app: sonarr
podSelector: >-
app.kubernetes.io/instance in (
sonarr
)
widget:
type: sonarr
url: http://sonarr.sonarr:80
@@ -721,12 +659,6 @@ homepage:
href: https://sonarr-4k.alexlebens.net
siteMonitor: http://sonarr-4k.sonarr-4k:80
statusStyle: dot
namespace: sonarr-4k
app: sonarr-4k
podSelector: >-
app.kubernetes.io/instance in (
sonarr-4k
)
widget:
type: sonarr
url: http://sonarr-4k.sonarr-4k:80
@@ -739,12 +671,6 @@ homepage:
href: https://sonarr-anime.alexlebens.net
siteMonitor: http://sonarr-anime.sonarr-anime:80
statusStyle: dot
namespace: sonarr-anime
app: sonarr-anime
podSelector: >-
app.kubernetes.io/instance in (
sonarr-anime
)
widget:
type: sonarr
url: http://sonarr-anime.sonarr-anime:80
@@ -758,12 +684,6 @@ homepage:
href: https://radarr.alexlebens.net
siteMonitor: http://radarr.radarr:80
statusStyle: dot
namespace: radarr
app: radarr
podSelector: >-
app.kubernetes.io/instance in (
radarr
)
widget:
type: radarr
url: http://radarr.radarr:80
@@ -776,12 +696,6 @@ homepage:
href: https://radarr-4k.alexlebens.net
siteMonitor: http://radarr-4k.radarr-4k:80
statusStyle: dot
namespace: radarr-4k
app: radarr-4k
podSelector: >-
app.kubernetes.io/instance in (
radarr-4k
)
widget:
type: radarr
url: http://radarr-4k.radarr-4k:80
@@ -794,12 +708,6 @@ homepage:
href: https://radarr-anime.alexlebens.net
siteMonitor: http://radarr-anime.radarr-anime:80
statusStyle: dot
namespace: radarr-anime
app: radarr-anime
podSelector: >-
app.kubernetes.io/instance in (
radarr-anime
)
widget:
type: radarr
url: http://radarr-anime.radarr-anime:80
@@ -812,12 +720,6 @@ homepage:
href: https://radarr-standup.alexlebens.net
siteMonitor: http://radarr-standup.radarr-standup:80
statusStyle: dot
namespace: radarr-standup
app: radarr-standup
podSelector: >-
app.kubernetes.io/instance in (
radarr-standup
)
widget:
type: radarr
url: http://radarr-standup.radarr-standup:80
@@ -831,12 +733,6 @@ homepage:
href: https://lidarr.alexlebens.net
siteMonitor: http://lidarr.lidarr:80
statusStyle: dot
namespace: lidarr
app: lidarr
podSelector: >-
app.kubernetes.io/instance in (
lidarr
)
widget:
type: lidarr
url: http://lidarr.lidarr:80
@@ -849,7 +745,7 @@ homepage:
siteMonitor: http://yubal.yubal:80
statusStyle: dot
- Music Grabber:
icon: sh-music-grabber.webp
icon: sh-music-service.webp
description: Replicate Music playlists
href: https://music-grabber.alexlebens.net
siteMonitor: http://music-grabber.music-grabber:80
@@ -860,12 +756,6 @@ homepage:
href: https://slskd.alexlebens.net
siteMonitor: http://slskd.slskd:5030
statusStyle: dot
namespace: slskd
app: slskd
podSelector: >-
app.kubernetes.io/instance in (
slskd
)
- Books:
- Shelfmark:
icon: sh-shelfmark.webp
@@ -932,6 +822,7 @@ homepage:
http:
port: 80
targetPort: 3000
protocol: HTTP
route:
main:
kind: HTTPRoute
@@ -944,8 +835,11 @@ homepage:
- home.alexlebens.net
rules:
- backendRefs:
- name: homepage
- group: ''
kind: Service
name: homepage
port: 80
weight: 100
matches:
- path:
type: PathPrefix

9
clusters/cl01tl/helm/houndarr/Chart.yaml
View File

@@ -4,14 +4,11 @@ version: 1.0.0
description: Houndarr
keywords:
- houndarr
- rescan
- servarr
home: https://docs.alexlebens.dev/applications/houndarr/
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/av1155/houndarr
- https://github.com/av1155/houndarr/pkgs/container/houndarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -23,6 +20,6 @@ dependencies:
alias: volsync-target-data
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/houndarr.png
icon: https://raw.githubusercontent.com/av1155/houndarr/main/src/houndarr/static/img/houndarr-logo-dark.png
# renovate: datasource=github-releases depName=av1155/houndarr
appVersion: v1.7.0
appVersion: v1.6.3

14
clusters/cl01tl/helm/houndarr/values.yaml
View File

@@ -4,11 +4,13 @@ houndarr:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/av1155/houndarr
tag: v1.7.0@sha256:8ae2a8b86497cbc54d11591c12220f3be3319039c2bdd0c8b041b2b7c2fd7943
tag: v1.6.3
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
@@ -22,8 +24,8 @@ houndarr:
value: 10.96.0.0/12
resources:
requests:
cpu: 1m
memory: 60Mi
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -31,6 +33,7 @@ houndarr:
http:
port: 80
targetPort: 8877
protocol: HTTP
route:
main:
kind: HTTPRoute
@@ -43,8 +46,11 @@ houndarr:
- houndarr.alexlebens.net
rules:
- backendRefs:
- name: houndarr
- group: ''
kind: Service
name: houndarr
port: 80
weight: 100
matches:
- path:
type: PathPrefix

8
clusters/cl01tl/helm/immich/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.0
version: 0.4.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:cc71770c9558038b988a2d7a893fffe6ba64a77e8b0d8c403b1183e48d168cd9
generated: "2026-04-10T01:36:07.229979615Z"
digest: sha256:b79ea8c506f0172deed820247a33c79329f34426435c8b5eb27b206ac8831b13
generated: "2026-03-15T20:06:27.091094433Z"

11
clusters/cl01tl/helm/immich/Chart.yaml
View File

@@ -5,13 +5,12 @@ description: Immich
keywords:
- immich
- photos
home: https://docs.alexlebens.dev/applications/immich/
home: https://wiki.alexlebens.dev/s/9377ae08-2041-4b6d-bc2b-61a4f5e8faae
sources:
- https://github.com/immich-app/immich
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -21,11 +20,11 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey
version: 0.6.0
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data
@@ -33,4 +32,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/immich.png
# renovate: datasource=github-releases depName=immich-app/immich
appVersion: v2.7.2
appVersion: v2.6.3

3
clusters/cl01tl/helm/immich/templates/external-secrets.yaml
View File

@@ -14,5 +14,8 @@ spec:
data:
- secretKey: immich.json
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/immich/config
metadataPolicy: None
property: immich.json

39
clusters/cl01tl/helm/immich/values.yaml
View File

@@ -4,14 +4,16 @@ immich:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/immich-app/immich-server
tag: v2.7.2@sha256:6a2952539e2a9c8adcf6fb74850bb1ba7e1db2804050acea21baafdc9154c430
tag: v2.6.3
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
- name: IMMICH_TELEMETRY_INCLUDE
value: all
- name: IMMICH_CONFIG_FILE
@@ -85,7 +87,7 @@ immich:
requests:
gpu.intel.com/i915: 1
cpu: 10m
memory: 500Mi
memory: 512Mi
service:
main:
controller: main
@@ -93,12 +95,15 @@ immich:
http:
port: 2283
targetPort: 2283
protocol: TCP
metrics-api:
port: 8081
targetPort: 8081
protocol: TCP
metrics-ms:
port: 8082
targetPort: 8082
protocol: TCP
serviceMonitor:
main:
selector:
@@ -127,8 +132,11 @@ immich:
- immich.alexlebens.net
rules:
- backendRefs:
- name: immich
- group: ''
kind: Service
name: immich
port: 2283
weight: 100
matches:
- path:
type: PathPrefix
@@ -184,12 +192,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 40 14 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-data:
pvcTarget: immich
local:

5
clusters/cl01tl/helm/intel-device-plugin/Chart.yaml
View File

@@ -4,9 +4,10 @@ version: 1.0.0
description: Intel Device Plugin
keywords:
- intel-device-plugin
- gpu
- operator
home: https://docs.alexlebens.dev/applications/intel-device-plugin/
- gpu
- kubernetes
home: https://wiki.alexlebens.dev/s/340746b2-b0ab-4b6b-95eb-323038ecdd35
sources:
- https://github.com/intel/intel-device-plugins-for-kubernetes
- https://github.com/intel/helm-charts/tree/main/charts/device-plugin-operator

20
clusters/cl01tl/helm/intel-device-plugin/values.yaml
View File

@@ -1,20 +1,6 @@
intel-device-plugins-operator:
manager:
image:
hub: intel
# renovate: datasource=docker depName=intel/intel-deviceplugin-operator
tag: 0.35.0@sha256:d7eeac081bd17e58d8d4d542f3cb33d67cc1bdab314b09ad591e8eacb51dd5ec
resources:
limits:
cpu: null
memory: null
requests:
cpu: 10m
memory: 50Mi
intel-device-plugins-gpu:
name: gpudeviceplugin
image:
hub: intel
# renovate: datasource=docker depName=intel/intel-gpu-plugin
tag: 0.35.0
sharedDevNum: 5
nodeSelector:
intel.feature.node.kubernetes.io/gpu: 'true'
nodeFeatureRule: false

6
clusters/cl01tl/helm/jellyfin/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: meilisearch
repository: https://meilisearch.github.io/meilisearch-kubernetes
version: 0.30.0
version: 0.29.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:32b9a206e77eabcdf1bbbc4d7e93067c40d6a621e4a07c1827e4d23961e2d82b
generated: "2026-03-30T16:13:40.879082765Z"
digest: sha256:0dcc864984130902acce6d81fa2cf708c3ac748246f94b11d2db90c0b488cce2
generated: "2026-03-26T16:03:11.654482999Z"

13
clusters/cl01tl/helm/jellyfin/Chart.yaml
View File

@@ -5,15 +5,18 @@ description: Jellyfin
keywords:
- jellyfin
- media
home: https://docs.alexlebens.dev/applications/jellyfin/
- movies
- tv shows
- books
- music
home: https://wiki.alexlebens.dev/s/a58be5b0-7935-458a-b990-b45223e39d68
sources:
- https://github.com/jellyfin/jellyfin
- https://github.com/rebelcore/jellyfin_exporter
- https://github.com/meilisearch/meilisearch
- https://hub.docker.com/r/jellyfin/jellyfin
- https://hub.docker.com/r/rebelcore/jellyfin-exporter
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -22,7 +25,7 @@ dependencies:
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: meilisearch
version: 0.30.0
version: 0.29.0
repository: https://meilisearch.github.io/meilisearch-kubernetes
- name: volsync-target
alias: volsync-target-config
@@ -30,4 +33,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/jellyfin.png
# renovate: datasource=github-releases depName=jellyfin/jellyfin
appVersion: 10.11.8
appVersion: 10.11.6

6
clusters/cl01tl/helm/jellyfin/templates/external-secret.yaml
View File

@@ -14,7 +14,10 @@ spec:
data:
- secretKey: token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/jellyfin/exporter
metadataPolicy: None
property: token
---
@@ -34,5 +37,8 @@ spec:
data:
- secretKey: MEILI_MASTER_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/jellyfin/meilisearch
metadataPolicy: None
property: MEILI_MASTER_KEY

45
clusters/cl01tl/helm/jellyfin/values.yaml
View File

@@ -4,28 +4,16 @@ jellyfin:
type: deployment
replicas: 1
strategy: Recreate
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- plex
topologyKey: kubernetes.io/hostname
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/jellyfin/jellyfin
tag: 10.11.8@sha256:93227545077893cc9516f28b3adb733b67bc4691f41b6167428a2a0e3220b81c
tag: 10.11.6
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
- name: JELLYFIN_hostwebclient
value: true
- name: JELLYFIN_PublishedServerUrl
@@ -36,11 +24,12 @@ jellyfin:
requests:
gpu.intel.com/i915: 1
cpu: 1
memory: 1Gi
memory: 2Gi
exporter:
image:
repository: rebelcore/jellyfin-exporter
tag: v1.5.0@sha256:37e6d389654180ad9e1661210a48fee71a6dc355a160670235a00329da0dbf80
tag: v1.4.0
pullPolicy: IfNotPresent
args:
- '--jellyfin.address=http://127.0.0.1:8096'
- '--jellyfin.token=$(TOKEN)'
@@ -58,9 +47,11 @@ jellyfin:
http:
port: 80
targetPort: 8096
protocol: HTTP
metrics:
port: 9594
targetPort: 9594
protocol: HTTP
serviceMonitor:
main:
selector:
@@ -86,8 +77,11 @@ jellyfin:
- jellyfin.alexlebens.net
rules:
- backendRefs:
- name: jellyfin
- group: ''
kind: Service
name: jellyfin
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -98,16 +92,14 @@ jellyfin:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 100Gi
retain: true
advancedMounts:
main:
main:
- path: /config
readOnly: false
cache:
forceRename: jellyfin-cache
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 20Gi
type: emptyDir
advancedMounts:
main:
main:
@@ -134,14 +126,17 @@ meilisearch:
MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true
auth:
existingMasterKeySecret: jellyfin-meilisearch-master-key-secret
service:
type: ClusterIP
port: 7700
persistence:
enabled: true
storageClass: ceph-block
storageClass: local-path
size: 5Gi
resources:
requests:
cpu: 10m
memory: 1Gi
memory: 128Mi
serviceMonitor:
enabled: true
volsync-target-config:

Some files were not shown because too many files have changed in this diff Show More