alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity

Compare commits

base: alexlebens:main
Branches Tags
alexlebens:main alexlebens:renovate/unified-cilium alexlebens:manifests
..
compare: alexlebens:0a8c8e84f35be8f9326bea9d4dfdc887d9fd9377
Branches Tags
alexlebens:renovate/unified-cilium alexlebens:manifests alexlebens:main

1 Commits
main ... 0a8c8e84f3

Author SHA1 Message Date
Renovate Bot
0a8c8e84f3 chore(deps): update tailscale/k8s-nameserver docker tag to v1.96.5
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 33s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 32s
Details
render-manifests / render-manifests (pull_request) Successful in 1m44s
Details
2026-04-07 22:48:11 +00:00
107 changed files with 828 additions and 968 deletions
Expand all files Collapse all files

4
.gitea/workflows/render-manifests.yaml
View File

@@ -283,7 +283,7 @@ jobs:
echo ">> Formating rendered template ..." echo ">> Formating rendered template ..."
local TEMPLATE local TEMPLATE
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1,monitoring.coreos.com/v1") TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
# Format and split rendered template # Format and split rendered template
echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"' echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
@@ -314,7 +314,7 @@ jobs:
for DIR in ${RENDER_DIR}; do for DIR in ${RENDER_DIR}; do
echo "${DIR}" echo "${DIR}"
done | xargs -P 5 -I {} bash -c 'OUT=$(render_chart "$@" 2>&1); printf "%s\n" "$OUT"' _ {} done | xargs -P 4 -I {} bash -c 'OUT=$(render_chart "$@" 2>&1); printf "%s\n" "$OUT"' _ {}
echo "" echo ""
echo "----" echo "----"

2
.gitea/workflows/renovate.yaml
View File

@@ -13,7 +13,7 @@ on:
jobs: jobs:
renovate: renovate:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: ghcr.io/renovatebot/renovate:43.110.4@sha256:7ad99abc53b30d3f6e34df88b3e2b2b75436bba9b290e90d367356526034496f container: ghcr.io/renovatebot/renovate:43.109.0@sha256:262d3c2d7e61da7a7eef61fdbdcf26d80cb0d13f65baaa99ace4163a4d56c0fa
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

6
clusters/cl01tl/helm/argocd/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: argo-cd - name: argo-cd
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
version: 9.5.0 version: 9.4.17
digest: sha256:69daada0822f796cd49eeda2d9e39dd5c0c42bb61b6898af68123c8c49f25fa1 digest: sha256:17752dbf03861cf70ee31c9a17373a5175656a2edd00ba5fcd3988a195147da8
generated: "2026-04-08T22:05:49.003208408Z" generated: "2026-03-28T01:51:34.832601868Z"

2
clusters/cl01tl/helm/argocd/Chart.yaml
View File

@@ -13,7 +13,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: argo-cd - name: argo-cd
version: 9.5.0 version: 9.4.17
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-cd # renovate: datasource=github-releases depName=argoproj/argo-cd

50
clusters/cl01tl/helm/argocd/values.yaml
View File

@@ -48,31 +48,31 @@ argo-cd:
enabled: true enabled: true
rules: rules:
enabled: true enabled: true
spec: spec:
- alert: ArgoAppMissing - alert: ArgoAppMissing
expr: | expr: |
absent(argocd_app_info) == 1 absent(argocd_app_info) == 1
for: 15m for: 15m
labels: labels:
severity: critical severity: critical
annotations: annotations:
summary: "[Argo CD] No reported applications" summary: "[Argo CD] No reported applications"
description: > description: >
Argo CD has not reported any applications data for the past 15 minutes which Argo CD has not reported any applications data for the past 15 minutes which
means that it must be down or not functioning properly. This needs to be means that it must be down or not functioning properly. This needs to be
resolved for this cloud to continue to maintain state. resolved for this cloud to continue to maintain state.
- alert: ArgoAppNotSynced - alert: ArgoAppNotSynced
expr: | expr: |
argocd_app_info{sync_status!="Synced"} == 1 argocd_app_info{sync_status!="Synced"} == 1
for: 12h for: 12h
labels: labels:
severity: warning severity: warning
annotations: annotations:
summary: "[{{`{{$labels.name}}`}}] Application not synchronized" summary: "[{{`{{$labels.name}}`}}] Application not synchronized"
description: > description: >
The application [{{`{{$labels.name}}`}} has not been synchronized for over The application [{{`{{$labels.name}}`}} has not been synchronized for over
12 hours which means that the state of this cloud has drifted away from the 12 hours which means that the state of this cloud has drifted away from the
state inside Git. state inside Git.
dex: dex:
enabled: true enabled: true
resources: resources:

6
clusters/cl01tl/helm/authentik/Chart.lock
View File

@@ -1,7 +1,7 @@
dependencies: dependencies:
- name: authentik - name: authentik
repository: https://charts.goauthentik.io/ repository: https://charts.goauthentik.io/
version: 2026.2.2 version: 2026.2.1
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.4.0
@@ -11,5 +11,5 @@ dependencies:
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0 version: 0.5.0
digest: sha256:86950b83ac8a4da2a89bb826616857fd5eca017c813d8def0eb905025a6e7687 digest: sha256:7302a85008aee7950aa345aa7d64563c1b0da8f07e348ec9709f9438503a41ff
generated: "2026-04-08T02:23:25.175388081Z" generated: "2026-04-04T21:00:59.689114-05:00"

2
clusters/cl01tl/helm/authentik/Chart.yaml
View File

@@ -18,7 +18,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: authentik - name: authentik
version: 2026.2.2 version: 2026.2.1
repository: https://charts.goauthentik.io/ repository: https://charts.goauthentik.io/
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts

2
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -109,6 +109,7 @@ blocky:
bazarr IN CNAME traefik-cl01tl bazarr IN CNAME traefik-cl01tl
ceph IN CNAME traefik-cl01tl ceph IN CNAME traefik-cl01tl
dawarich IN CNAME traefik-cl01tl dawarich IN CNAME traefik-cl01tl
dependency-track IN CNAME traefik-cl01tl
directus IN CNAME traefik-cl01tl directus IN CNAME traefik-cl01tl
excalidraw IN CNAME traefik-cl01tl excalidraw IN CNAME traefik-cl01tl
feishin IN CNAME traefik-cl01tl feishin IN CNAME traefik-cl01tl
@@ -131,7 +132,6 @@ blocky:
jellystat IN CNAME traefik-cl01tl jellystat IN CNAME traefik-cl01tl
kiwix IN CNAME traefik-cl01tl kiwix IN CNAME traefik-cl01tl
komodo IN CNAME traefik-cl01tl komodo IN CNAME traefik-cl01tl
kyoo IN CNAME traefik-cl01tl
languagetool IN CNAME traefik-cl01tl languagetool IN CNAME traefik-cl01tl
lidarr IN CNAME traefik-cl01tl lidarr IN CNAME traefik-cl01tl
mail IN CNAME traefik-cl01tl mail IN CNAME traefik-cl01tl

9
clusters/cl01tl/helm/dependency-track/Chart.lock Normal file
View File

@@ -0,0 +1,9 @@
dependencies:
- name: dependency-track
repository: https://dependencytrack.github.io/helm-charts
version: 0.44.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
digest: sha256:6ea7e8066cce675a02ce76393ee2b0e23300d2f5c72ae64946ae667fc12fde1f
generated: "2026-04-05T17:32:11.221935-05:00"

27
clusters/cl01tl/helm/dependency-track/Chart.yaml Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: v2
name: dependency-track
version: 1.0.0
description: Dependency Track
keywords:
- dependency-track
- vulnerability-scanner
home: https://docs.alexlebens.dev/applications/dependency-track/
sources:
- https://github.com/DependencyTrack/dependency-track
- https://hub.docker.com/r/dependencytrack/apiserver
- https://hub.docker.com/r/dependencytrack/frontend
- https://github.com/DependencyTrack/helm-charts/tree/main/charts/dependency-track
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:
- name: dependency-track
version: 0.44.0
repository: https://dependencytrack.github.io/helm-charts
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://avatars.githubusercontent.com/u/40258585
# renovate: datasource=github-releases depName=DependencyTrack/dependency-track
appVersion: 4.14.1

34
clusters/cl01tl/helm/kyoo/templates/external-secret.yaml → clusters/cl01tl/helm/dependency-track/templates/external-secret.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: kyoo-key-secret name: dependency-track-key-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: kyoo-key-secret app.kubernetes.io/name: dependency-track-key-secret
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -12,31 +12,19 @@ spec:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: vault
data: data:
- secretKey: rsa-private - secretKey: secret.key
remoteRef: remoteRef:
key: /cl01tl/kyoo/key key: /cl01tl/dependency-track/key
property: rsa-private property: key
- secretKey: scanner-apikey
remoteRef:
key: /cl01tl/kyoo/key
property: scanner
- secretKey: tmdb-apikey
remoteRef:
key: /tmdb/alexlebens
property: api-key
- secretKey: tvdb-apikey
remoteRef:
key: /tvdb/alexlebens
property: api-key
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: kyoo-oidc-secret name: dependency-track-oidc-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: kyoo-oidc-secret app.kubernetes.io/name: dependency-track-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -44,11 +32,11 @@ spec:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: vault
data: data:
- secretKey: rsa-private - secretKey: client
remoteRef: remoteRef:
key: /authentik/oidc/kyoo key: /authentik/oidc/dependency-track
property: client property: client
- secretKey: scanner-apikey - secretKey: secret
remoteRef: remoteRef:
key: /authentik/oidc/kyoo key: /authentik/oidc/dependency-track
property: secret property: secret

114
clusters/cl01tl/helm/dependency-track/values.yaml Normal file
View File

@@ -0,0 +1,114 @@
dependency-track:
common:
secretKey:
createSecret: false
existingSecretName: dependency-track-key-secret
apiServer:
image:
repository: dependencytrack/apiserver
tag: 4.14.1@sha256:2d8813e1ba4ada4aa23087d908c1b5a3ffce39261ead5555c397a1d67c7cbe9d
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
memory: null
persistentVolume:
enabled: true
className: ceph-block
size: 5Gi
extraEnv:
- name: ALPINE_DATABASE_MODE
value: external
- name: ALPINE_DATABASE_DRIVER
value: org.postgresql.Driver
- name: ALPINE_DATABASE_URL
valueFrom:
secretKeyRef:
name: dependency-track-postgresql-18-cluster-app
key: jdbc-uri
- name: ALPINE_DATABASE_USERNAME
valueFrom:
secretKeyRef:
name: dependency-track-postgresql-18-cluster-app
key: user
- name: ALPINE_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: dependency-track-postgresql-18-cluster-app
key: password
- name: ALPINE_OIDC_ENABLED
value: "true"
- name: ALPINE_OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: dependency-track-oidc-secret
key: client
- name: ALPINE_OIDC_ISSUER
value: https://authentik.alexlebens.net/application/o/dependency-track/
- name: ALPINE_OIDC_USERNAME_CLAIM
value: preferred_username
- name: ALPINE_OIDC_TEAMS_CLAIM
value: groups
- name: ALPINE_OIDC_USER_PROVISIONING
value: "true"
- name: ALPINE_OIDC_TEAM_SYNCHRONIZATION
value: "true"
- name: ALPINE_CORS_ENABLED
value: "false"
- name: ALPINE_CORS_ALLOW_ORIGIN
value: dependency-track.alexlebens.net dependency-track.dependency-track
serviceMonitor:
enabled: true
namespace: dependency-track
frontend:
image:
repository: dependencytrack/frontend
tag: 4.14.1@sha256:8217737050b26ea69a6ddd6fe2cb419531a0bae0b903a87a04077a2415fc9f35
resources:
requests:
cpu: 10m
memory: 60Mi
limits:
memory: null
extraEnv:
- name: OIDC_ISSUER
value: https://authentik.alexlebens.net/application/o/dependency-track/
- name: OIDC_FLOW
value: explicit
- name: OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: dependency-track-oidc-secret
key: client
- name: OIDC_LOGIN_BUTTON_TEXT
value: Authentik
apiBaseUrl: dependency-track-api-server.dependency-track
httpRoute:
enabled: true
hostnames:
- dependency-track.alexlebens.net
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
postgres-18-cluster:
mode: standalone
recovery:
method: objectStore
objectStore:
index: 1
backup:
objectStore:
- name: garage-local
index: 1
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 10 14 * * *"
backupName: garage-local

6
clusters/cl01tl/helm/element-web/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies: dependencies:
- name: element-web - name: element-web
repository: https://ananace.gitlab.io/charts repository: https://ananace.gitlab.io/charts
version: 1.4.34 version: 1.4.33
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.4.0
digest: sha256:376f1201085c5c93972d2286755dd8b530a4a88ad9fdaf4bfb50ec1f11c64df0 digest: sha256:63b0e582d42fb42bcf4d96ba4b299e42c434c42f284208596808288543192fe0
generated: "2026-04-08T17:57:31.040649797Z" generated: "2026-03-24T16:11:50.424321433Z"

4
clusters/cl01tl/helm/element-web/Chart.yaml
View File

@@ -15,11 +15,11 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: element-web - name: element-web
version: 1.4.34 version: 1.4.33
repository: https://ananace.gitlab.io/charts repository: https://ananace.gitlab.io/charts
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.4.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png
# renovate: datasource=github-releases depName=element-hq/element-web # renovate: datasource=github-releases depName=element-hq/element-web
appVersion: v1.12.15 appVersion: v1.12.14

2
clusters/cl01tl/helm/element-web/values.yaml
View File

@@ -2,7 +2,7 @@ element-web:
replicaCount: 1 replicaCount: 1
image: image:
repository: ghcr.io/element-hq/element-web repository: ghcr.io/element-hq/element-web
tag: v1.12.15@sha256:c7fa40b5ba3891f8af3ce63da0818f457c1802a9ee4d2f5e46a9df36a2388eed tag: v1.12.14@sha256:13052614150733892ff06189f0f9baf098bc16092bffc0e0e18ccf2f257abe34
defaultServer: defaultServer:
url: https://matrix.alexlebens.dev url: https://matrix.alexlebens.dev
name: alexlebens.dev name: alexlebens.dev

6
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -116,9 +116,6 @@ gatus:
- name: jellyfin - name: jellyfin
url: https://jellyfin.alexlebens.net url: https://jellyfin.alexlebens.net
<<: *defaults <<: *defaults
- name: kyoo
url: https://kyoo.alexlebens.net
<<: *defaults
- name: tubearchivist - name: tubearchivist
url: https://tubearchivist.alexlebens.net url: https://tubearchivist.alexlebens.net
<<: *defaults <<: *defaults
@@ -188,6 +185,9 @@ gatus:
- name: komodo - name: komodo
url: https://komodo.alexlebens.net url: https://komodo.alexlebens.net
<<: *defaults <<: *defaults
- name: dependency-track
url: https://dependency-track.alexlebens.net
<<: *defaults
- name: omni-tools - name: omni-tools
url: https://omni-tools.alexlebens.net url: https://omni-tools.alexlebens.net
<<: *defaults <<: *defaults

6
clusters/cl01tl/helm/harbor/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 1.18.3 version: 1.18.3
- name: postgres-cluster - name: postgres-cluster
repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
version: 7.11.2 version: 7.11.1
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0 version: 0.5.0
digest: sha256:2ef60d6315a21e0d92970570630cc74720643e7e51e0574107249684ddc2fab5 digest: sha256:fb17e2bad9c3a303da2b9d65ee5bd082a58ca6a5cee17d337e2536747982aa2c
generated: "2026-04-07T20:36:47.509644-05:00" generated: "2026-03-31T18:38:15.510833-05:00"

2
clusters/cl01tl/helm/harbor/Chart.yaml
View File

@@ -20,7 +20,7 @@ dependencies:
repository: https://helm.goharbor.io repository: https://helm.goharbor.io
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.11.2 version: 7.11.1
repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
- name: valkey - name: valkey
alias: valkey alias: valkey

2
clusters/cl01tl/helm/home-assistant/values.yaml
View File

@@ -23,7 +23,7 @@ home-assistant:
code-server: code-server:
image: image:
repository: ghcr.io/linuxserver/code-server repository: ghcr.io/linuxserver/code-server
tag: 4.115.0-ls331@sha256:308f49acac8734542560f797d79b15e4c872c4d3f97d1b22862633fcce2af62a tag: 4.114.1-ls330@sha256:4dabed7dc766d3034778aa648ff6b89f0b04755a069fc1071ac0f22484b7c587
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago

12
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -151,12 +151,6 @@ homepage:
href: https://jellyfin.alexlebens.net href: https://jellyfin.alexlebens.net
siteMonitor: http://jellyfin.jellyfin:80 siteMonitor: http://jellyfin.jellyfin:80
statusStyle: dot statusStyle: dot
- Movies and TV:
icon: sh-kyoo.webp
description: Kyoo
href: https://kyoo.alexlebens.net
siteMonitor: http://front.kyoo:8901
statusStyle: dot
- Youtube Archive: - Youtube Archive:
icon: sh-tube-archivist-light.webp icon: sh-tube-archivist-light.webp
description: TubeArchivist description: TubeArchivist
@@ -393,6 +387,12 @@ homepage:
secret: {{ "{{HOMEPAGE_VAR_KOMODO_API_SECRET}}" }} secret: {{ "{{HOMEPAGE_VAR_KOMODO_API_SECRET}}" }}
showStacks: true showStacks: true
fields: ["running", "down", "unhealthy", "unknown"] fields: ["running", "down", "unhealthy", "unknown"]
- Vulnerability Scanning:
icon: https://raw.githubusercontent.com/DependencyTrack/branding/f77a4ad3b469ff656856ea225f26b1610b89a584/dt-logo-symbol.svg
description: Dependency Track
href: https://dependency-track.alexlebens.net
siteMonitor: http://dependency-track-frontend.dependency-track:8080
statusStyle: dot
- Uptime: - Uptime:
icon: sh-gatus.webp icon: sh-gatus.webp
description: Gatus description: Gatus

6
clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock
View File

@@ -1,7 +1,7 @@
dependencies: dependencies:
- name: kube-prometheus-stack - name: kube-prometheus-stack
repository: oci://ghcr.io/prometheus-community/charts repository: oci://ghcr.io/prometheus-community/charts
version: 83.2.0 version: 83.0.2
- name: prometheus-operator-crds - name: prometheus-operator-crds
repository: oci://ghcr.io/prometheus-community/charts repository: oci://ghcr.io/prometheus-community/charts
version: 28.0.1 version: 28.0.1
@@ -11,5 +11,5 @@ dependencies:
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0 version: 0.5.0
digest: sha256:d0942cff6346335abc91f9ceb919c5a819543b9b8baed11f83de89486f4e874d digest: sha256:0675ee4a9de34b23c744f521be309f7ad6860af74f8e7faeaa44bf26fda72d08
generated: "2026-04-08T19:03:59.676069331Z" generated: "2026-04-07T22:42:15.723825441Z"

3
clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
View File

@@ -5,7 +5,6 @@ description: Kube Prometheus Stack
keywords: keywords:
- kube-prometheus-stack - kube-prometheus-stack
- prometheus - prometheus
- metrics
home: https://docs.alexlebens.dev/applications/kube-prometheus-stack/ home: https://docs.alexlebens.dev/applications/kube-prometheus-stack/
sources: sources:
- https://github.com/prometheus/prometheus - https://github.com/prometheus/prometheus
@@ -20,7 +19,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: kube-prometheus-stack - name: kube-prometheus-stack
version: 83.2.0 version: 83.0.2
repository: oci://ghcr.io/prometheus-community/charts repository: oci://ghcr.io/prometheus-community/charts
- name: prometheus-operator-crds - name: prometheus-operator-crds
version: 28.0.1 version: 28.0.1

9
clusters/cl01tl/helm/kyoo/Chart.lock
View File

@@ -1,9 +0,0 @@
dependencies:
- name: kyoo
repository: oci://ghcr.io/zoriya/helm-charts
version: 5.0.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
digest: sha256:ecb2f86b40fa42951928b84b8e4774ff83710bc8c5b1953b4f9de1c25b6e9679
generated: "2026-04-08T19:41:34.55285-05:00"

35
clusters/cl01tl/helm/kyoo/Chart.yaml
View File

@@ -1,35 +0,0 @@
apiVersion: v2
name: kyoo
version: 1.0.0
description: Kyoo
keywords:
- kyoo
- media
home: https://docs.alexlebens.dev/applications/kyoo/
sources:
- https://github.com/zoriya/Kyoo
- https://github.com/zoriya/Kyoo/pkgs/container/kyoo_api
- https://github.com/zoriya/Kyoo/pkgs/container/kyoo_auth
- https://github.com/zoriya/Kyoo/pkgs/container/kyoo_front
- https://github.com/zoriya/Kyoo/pkgs/container/kyoo_scanner
- https://github.com/zoriya/Kyoo/pkgs/container/kyoo_transcoder
- https://github.com/zoriya/Kyoo/tree/master/chart
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
- name: kyoo
repository: oci://ghcr.io/zoriya/helm-charts
version: 5.0.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
repository: oci://harbor.alexlebens.net/helm-charts
# - name: volsync-target
# alias: volsync-target-config
# version: 0.8.0
# repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kyoo.png
# renovate: datasource=github-releases depName=zoriya/Kyoo
appVersion: v5.0.0

88
clusters/cl01tl/helm/kyoo/templates/http-route.yaml
View File

@@ -1,88 +0,0 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: kyoo
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- kyoo.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: front
port: 8901
weight: 100
- matches:
- path:
type: PathPrefix
value: /video
backendRefs:
- group: ''
kind: Service
name: transcoder
port: 7666
weight: 100
- matches:
- path:
type: PathPrefix
value: /auth/
backendRefs:
- group: ''
kind: Service
name: auth
port: 4568
weight: 100
- matches:
- path:
type: PathPrefix
value: /.well-known/
backendRefs:
- group: ''
kind: Service
name: auth
port: 4568
weight: 100
- matches:
- path:
type: PathPrefix
value: /api/
backendRefs:
- group: ''
kind: Service
name: api
port: 3567
weight: 100
- matches:
- path:
type: PathPrefix
value: /swagger
backendRefs:
- group: ''
kind: Service
name: api
port: 3567
weight: 100
- matches:
- path:
type: PathPrefix
value: /scanner/
backendRefs:
- group: ''
kind: Service
name: scanner
port: 4389
weight: 100

131
clusters/cl01tl/helm/kyoo/templates/persistent-volume-claim.yaml
View File

@@ -1,131 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kyoo-media-anime-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-anime-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: kyoo-media-anime-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kyoo-media-anime-movies-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-anime-movies-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: kyoo-media-anime-movies-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kyoo-media-movies-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-movies-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: kyoo-media-movies-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kyoo-media-movies-4k-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-movies-4k-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: kyoo-media-movies-4k-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kyoo-media-standup-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-standup-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: kyoo-media-standup-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kyoo-media-tvshows-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-tvshows-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: kyoo-media-tvshows-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kyoo-media-tvshows-4k-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-tvshows-4k-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: kyoo-media-tvshows-4k-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

173
clusters/cl01tl/helm/kyoo/templates/persistent-volume.yaml
View File

@@ -1,173 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: kyoo-media-anime-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-anime-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Anime
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: kyoo-media-anime-movies-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-anime-movies-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Anime Movies
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: kyoo-media-movies-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-movies-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Movies
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: kyoo-media-movies-4k-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-movies-4k-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Movies 4K
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: kyoo-media-standup-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-standup-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Stand Up
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: kyoo-media-tvshows-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-tvshows-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/TV Shows
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: kyoo-media-tvshows-4k-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-tvshows-4k-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/TV Shows
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

217
clusters/cl01tl/helm/kyoo/values.yaml
View File

@@ -1,217 +0,0 @@
kyoo:
global:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
postgres:
shared:
host: kyoo-postgresql-18-cluster-rw
port: 5432
existingSecret: kyoo-postgresql-18-cluster-app
userKey: user
passwordKey: password
kyoo_api:
database: kyoo_api
sslmode: disable
kyoo_auth:
database: kyoo_auth
sslmode: disable
kyoo_scanner:
database: kyoo_scanner
sslmode: disable
kyoo_transcoder:
database: kyoo_transcoder
sslmode: disable
kyoo:
address: https://kyoo.alexlebens.net
auth:
privatekey:
existingSecret: kyoo-key-secret
privatekeyKey: rsa-private
apikeys:
scanner:
existingSecret: kyoo-key-secret
apikeyKey: scanner-apikey
transcoderAcceleration: qsv
transcoderPreset: fast
oidc_providers:
- name: Authentik
existingSecret: kyoo-oidc-secret
clientIdKey: client
clientSecretKey: secret
logo: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/authentik.webp
authorizationAddress: https://authentik.alexlebens.net/application/o/authorize/
tokenAddress: https://authentik.alexlebens.net/application/o/token/
profileAddress: https://authentik.alexlebens.net/application/o/userinfo/
scope: "email openid profile"
authMethod: ClientSecretBasic
media:
volumes:
- name: kyoo-media-anime-nfs-storage
persistentVolumeClaim:
claimName: kyoo-media-anime-nfs-storage
- name: kyoo-media-anime-movies-nfs-storage
persistentVolumeClaim:
claimName: kyoo-media-anime-movies-nfs-storage
- name: kyoo-media-movies-nfs-storage
persistentVolumeClaim:
claimName: kyoo-media-movies-nfs-storage
- name: kyoo-media-movies-4k-nfs-storage
persistentVolumeClaim:
claimName: kyoo-media-movies-4k-nfs-storage
- name: kyoo-media-standup-nfs-storage
persistentVolumeClaim:
claimName: kyoo-media-standup-nfs-storage
- name: kyoo-media-tvshows-nfs-storage
persistentVolumeClaim:
claimName: kyoo-media-tvshows-nfs-storage
- name: kyoo-media-tvshows-4k-nfs-storage
persistentVolumeClaim:
claimName: kyoo-media-tvshows-4k-nfs-storage
volumeMounts:
- mountPath: /media/anime
name: kyoo-media-anime-nfs-storage
readOnly: true
- mountPath: /media/anime-movies
name: kyoo-media-anime-movies-nfs-storage
readOnly: true
- mountPath: /media/movies
name: kyoo-media-movies-nfs-storage
readOnly: true
- mountPath: /media/movies-4k
name: kyoo-media-movies-4k-nfs-storage
readOnly: true
- mountPath: /media/standup
name: kyoo-media-standup-nfs-storage
readOnly: true
- mountPath: /media/tvshows
name: kyoo-media-tvshows-nfs-storage
readOnly: true
- mountPath: /media/tvshows-4k
name: kyoo-media-tvshows-4k-nfs-storage
readOnly: true
baseMountPath: /media
contentdatabase:
tmdb:
apikeyKey: tmdb-apikey
existingSecret: kyoo-key-secret
tvdb:
apikeyKey: tvdb-apikey
pinKey: tvdb-apikey
existingSecret: kyoo-key-secret
api:
kyoo_api:
resources:
requests:
cpu: 10m
memory: 100Mi
image:
repository: ghcr.io/zoriya/kyoo_api
tag: 5.0.0@sha256:dc0210f235e23ae616b0f5952af7867dcbc52e0354c2683ec3c4190fdcd17744
persistence:
enabled: true
size: 1Gi
storageClass: ceph-block
accessModes:
- ReadWriteOnce
auth:
kyoo_auth:
resources:
requests:
cpu: 10m
memory: 100Mi
image:
repository: ghcr.io/zoriya/kyoo_auth
tag: 5.0.0
persistence:
enabled: true
size: 500Mi
storageClass: ceph-block
accessModes:
- ReadWriteOnce
front:
kyoo_front:
resources:
requests:
cpu: 10m
memory: 100Mi
image:
repository: ghcr.io/zoriya/kyoo_front
tag: 5.0.0@sha256:985f892470b304f13ef1950fb5f7e9ef33ee39b71705c627cb045773e6dfb7b4
scanner:
kyoo_scanner:
resources:
requests:
cpu: 10m
memory: 100Mi
image:
repository: ghcr.io/zoriya/kyoo_scanner
tag: 5.0.0@sha256:fa972f3f1e534264f4de153e30fe9481839754a3e724cc2663524a2b30e82b46
transcoder:
kyoo_transcoder:
resources:
limits:
gpu.intel.com/i915: 1
requests:
gpu.intel.com/i915: 1
cpu: 1
memory: 1Gi
image:
repository: ghcr.io/zoriya/kyoo_transcoder
tag: 5.0.0@sha256:59974794f8a638175408fa20f023ba9598108b54ad8ed9a22ec87a1a211dfc43
replicaCount: 1
persistence:
enabled: true
size: 1Gi
storageClass: ceph-block
accessModes:
- ReadWriteOnce
ingress:
enabled: false
traefikproxy:
enabled: false
postgres:
enabled: false
postgres-18-cluster:
mode: standalone
recovery:
method: objectStore
objectStore:
index: 1
backup:
objectStore:
- name: garage-local
index: 1
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 5 14 * * *"
backupName: garage-local
databases:
- name: kyoo_api
ensure: present
owner: app
- name: kyoo_auth
ensure: present
owner: app
- name: kyoo_scanner
ensure: present
owner: app
- name: kyoo_transcoder
ensure: present
owner: app
volsync-target-config:
pvcTarget: kyoo-config
local:
enabled: true
schedule: 26 8 * * *
remote:
enabled: true
schedule: 26 9 * * *
external:
enabled: true
schedule: 26 10 * * *

2
clusters/cl01tl/helm/lidarr/values.yaml
View File

@@ -14,7 +14,7 @@ lidarr:
main: main:
image: image:
repository: ghcr.io/linuxserver/lidarr repository: ghcr.io/linuxserver/lidarr
tag: 3.1.2-nightly@sha256:2b602738585d64c62e119073c631e50872f07595d2d90936a9186f2989cb2eda tag: 3.1.2-nightly@sha256:0fc8d169a0740a77e03ec0e5eaee1ce2db0d882fc0bb8d0a26fd77a8beaad8e9
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago

6
clusters/cl01tl/helm/matrix-synapse/Chart.lock
View File

@@ -1,7 +1,7 @@
dependencies: dependencies:
- name: matrix-synapse - name: matrix-synapse
repository: https://ananace.gitlab.io/charts repository: https://ananace.gitlab.io/charts
version: 3.12.25 version: 3.12.24
- name: app-template - name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
@@ -38,5 +38,5 @@ dependencies:
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:937fe4fd8cd564a5f55a0f251a9b412eeeebe797f52d6769b18f6f6a28f6dd64 digest: sha256:0e8b1b79a98952ed49c87c6da83dcc2eed2aabbd755d9ebf1bdd3090f3ccc44c
generated: "2026-04-08T19:02:45.651984056Z" generated: "2026-04-04T21:03:48.737144-05:00"

2
clusters/cl01tl/helm/matrix-synapse/Chart.yaml
View File

@@ -26,7 +26,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: matrix-synapse - name: matrix-synapse
version: 3.12.25 version: 3.12.24
repository: https://ananace.gitlab.io/charts repository: https://ananace.gitlab.io/charts
- name: app-template - name: app-template
alias: matrix-hookshot alias: matrix-hookshot

2
clusters/cl01tl/helm/matrix-synapse/values.yaml
View File

@@ -1,7 +1,7 @@
matrix-synapse: matrix-synapse:
image: image:
repository: ghcr.io/element-hq/synapse repository: ghcr.io/element-hq/synapse
tag: v1.151.0@sha256:184dc8757daef019b511e7f96fc6e5edfb880fd074d8cf702c7e3aa899d188c8 tag: v1.150.0@sha256:cba0969087ca70a3ec72ebcd1491a6c8391a7da2c0b92738231dd9c7ad55df4d
serverName: alexlebens.dev serverName: alexlebens.dev
publicServerName: matrix.alexlebens.dev publicServerName: matrix.alexlebens.dev
argoCD: true argoCD: true

2
clusters/cl01tl/helm/ollama/Chart.yaml
View File

@@ -31,4 +31,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png
# renovate: datasource=github-releases depName=ollama/ollama # renovate: datasource=github-releases depName=ollama/ollama
appVersion: 0.20.4 appVersion: 0.20.3

6
clusters/cl01tl/helm/paperless-ngx/Chart.lock
View File

@@ -4,7 +4,7 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2 version: 7.11.0
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0 version: 0.5.0
@@ -20,5 +20,5 @@ dependencies:
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:ae3aa7bd167e216d79bfbb60770c9bc209a8a689685f6dff6be41d8952ac0f25 digest: sha256:08acc0818deaede4bb7515be7cbb1253f30036b70af6038caa69e4bd3cc02412
generated: "2026-04-08T17:24:02.420482074Z" generated: "2026-03-30T20:25:47.995874-05:00"

2
clusters/cl01tl/helm/paperless-ngx/Chart.yaml
View File

@@ -24,7 +24,7 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.11.2 version: 7.11.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey alias: valkey

2
clusters/cl01tl/helm/plex/Chart.yaml
View File

@@ -20,4 +20,4 @@ dependencies:
version: 4.6.2 version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/plex.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/plex.png
# renovate: datasource=github-releases depName=linuxserver/docker-plex # renovate: datasource=github-releases depName=linuxserver/docker-plex
appVersion: 1.43.1.10576-06378bdcd-ls300 appVersion: 1.43.0.10492-121068a07-ls299

2
clusters/cl01tl/helm/plex/values.yaml
View File

@@ -22,7 +22,7 @@ plex:
main: main:
image: image:
repository: ghcr.io/linuxserver/plex repository: ghcr.io/linuxserver/plex
tag: 1.43.1.10576-06378bdcd-ls300@sha256:09fe33e5efd991681ea3cbd3e3cb262cd1ae26d4a0145a4141ead284d8f21de6 tag: 1.43.0.10492-121068a07-ls299@sha256:a21302c5297943e204e9b262f8c2eca3e0c7ddb52490bfb3f1db47f6103721ab
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago

6
clusters/cl01tl/helm/postiz/Chart.lock
View File

@@ -4,7 +4,7 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: temporal - name: temporal
repository: https://go.temporal.io/helm-charts repository: https://go.temporal.io/helm-charts
version: 1.0.0 version: 1.0.0-rc.3
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.4.0
@@ -20,5 +20,5 @@ dependencies:
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:dbb86231dcf341e73570b57a10aad6278989e0c50c6f5959a43439a8a9146bb9 digest: sha256:a5d285d997702cefaac9808ac6556a566d7974773c7fb2c7a0defb8f64226443
generated: "2026-04-08T19:03:28.347782848Z" generated: "2026-04-05T20:33:43.946895-05:00"

2
clusters/cl01tl/helm/postiz/Chart.yaml
View File

@@ -29,7 +29,7 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: temporal - name: temporal
repository: https://go.temporal.io/helm-charts repository: https://go.temporal.io/helm-charts
version: 1.0.0 version: 1.0.0-rc.3
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.4.0

2
clusters/cl01tl/helm/qbittorrent/values.yaml
View File

@@ -208,7 +208,7 @@ qbittorrent:
qui: qui:
image: image:
repository: ghcr.io/autobrr/qui repository: ghcr.io/autobrr/qui
tag: v1.16.1@sha256:07b6ea9572e52e8b5f70f8fb15a7c688d8d754a7616242d3ad0b21dbd5c05836 tag: v1.16.0@sha256:fcdced7cb8395ce039f2c5f920d890d4ad8bd849faec4c4df31701a8f13423cb
env: env:
- name: QUI__METRICS_ENABLED - name: QUI__METRICS_ENABLED
value: true value: true

2
clusters/cl01tl/helm/rclone/Chart.yaml
View File

@@ -20,4 +20,4 @@ dependencies:
version: 4.6.2 version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/rclone.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/rclone.png
# renovate: datasource=github-releases depName=rclone/rclone # renovate: datasource=github-releases depName=rclone/rclone
appVersion: v1.73.4 appVersion: v1.73.3

16
clusters/cl01tl/helm/rclone/values.yaml
View File

@@ -12,7 +12,7 @@ rclone:
sync: sync:
image: image:
repository: rclone/rclone repository: rclone/rclone
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef tag: 1.73.3@sha256:66af24d7c8809af336dc16068149257cf447c80f8c60aa9f5679153f42017b85
args: args:
- sync - sync
- src:directus-assets - src:directus-assets
@@ -90,7 +90,7 @@ rclone:
sync: sync:
image: image:
repository: rclone/rclone repository: rclone/rclone
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef tag: 1.73.3@sha256:66af24d7c8809af336dc16068149257cf447c80f8c60aa9f5679153f42017b85
args: args:
- sync - sync
- src:karakeep-assets - src:karakeep-assets
@@ -168,7 +168,7 @@ rclone:
sync: sync:
image: image:
repository: rclone/rclone repository: rclone/rclone
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef tag: 1.73.3@sha256:66af24d7c8809af336dc16068149257cf447c80f8c60aa9f5679153f42017b85
args: args:
- sync - sync
- src:talos-backups - src:talos-backups
@@ -239,7 +239,7 @@ rclone:
prune: prune:
image: image:
repository: rclone/rclone repository: rclone/rclone
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef tag: 1.73.3@sha256:66af24d7c8809af336dc16068149257cf447c80f8c60aa9f5679153f42017b85
args: args:
- delete - delete
- dest:talos-backups - dest:talos-backups
@@ -287,7 +287,7 @@ rclone:
sync: sync:
image: image:
repository: rclone/rclone repository: rclone/rclone
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef tag: 1.73.3@sha256:66af24d7c8809af336dc16068149257cf447c80f8c60aa9f5679153f42017b85
args: args:
- sync - sync
- src:web-assets - src:web-assets
@@ -365,7 +365,7 @@ rclone:
sync: sync:
image: image:
repository: rclone/rclone repository: rclone/rclone
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef tag: 1.73.3@sha256:66af24d7c8809af336dc16068149257cf447c80f8c60aa9f5679153f42017b85
args: args:
- sync - sync
- src:postgres-backups - src:postgres-backups
@@ -440,7 +440,7 @@ rclone:
prune: prune:
image: image:
repository: rclone/rclone repository: rclone/rclone
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef tag: 1.73.3@sha256:66af24d7c8809af336dc16068149257cf447c80f8c60aa9f5679153f42017b85
args: args:
- delete - delete
- dest:postgres-backups - dest:postgres-backups
@@ -488,7 +488,7 @@ rclone:
sync: sync:
image: image:
repository: rclone/rclone repository: rclone/rclone
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef tag: 1.73.3@sha256:66af24d7c8809af336dc16068149257cf447c80f8c60aa9f5679153f42017b85
args: args:
- sync - sync
- src:ntfy-attachments - src:ntfy-attachments

2
clusters/cl01tl/helm/roundcube/values.yaml
View File

@@ -56,7 +56,7 @@ roundcube:
nginx: nginx:
image: image:
repository: nginx repository: nginx
tag: 1.29.8-alpine-slim@sha256:34311a2592ef8b857ca342b0d458d2978e4d05ae620ba2da5030f3d7c9b4774c tag: 1.29.7-alpine-slim@sha256:0848ca84c476868cbeb6a5c2c009a98821b8540f96c44b1ba06820db50262e35
env: env:
- name: NGINX_HOST - name: NGINX_HOST
value: mail.alexlebens.net value: mail.alexlebens.net

1
clusters/cl01tl/helm/s3-exporter/Chart.yaml
View File

@@ -5,7 +5,6 @@ description: S3 Exporter
keywords: keywords:
- s3-exporter - s3-exporter
- storage - storage
- metrics
home: https://docs.alexlebens.dev/applications/s3-exporter/ home: https://docs.alexlebens.dev/applications/s3-exporter/
sources: sources:
- https://github.com/molu8bits/s3bucket_exporter - https://github.com/molu8bits/s3bucket_exporter

2
clusters/cl01tl/helm/searxng/values.yaml
View File

@@ -57,7 +57,7 @@ searxng:
valkey: valkey:
image: image:
repository: valkey/valkey repository: valkey/valkey
tag: 9.0.3-alpine@sha256:e1095c6c76ee982cb2d1e07edbb7fb2a53606630a1d810d5a47c9f646b708bf5 tag: 9.0.0-alpine@sha256:bef37d06d4856710973ee31dd1eac1482e4c8e6e7b847f999ad25433e646587b
service: service:
api: api:
controller: api controller: api

6
clusters/cl01tl/helm/seerr/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies: dependencies:
- name: seerr-chart - name: seerr-chart
repository: oci://ghcr.io/seerr-team/seerr repository: oci://ghcr.io/seerr-team/seerr
version: 3.4.1 version: 3.4.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:821fc73d7411c89f0eba2c35a7a455523dadaa4f9d5149b17b2c96cf594f5e1a digest: sha256:0ae90021bff10a9790f29f40f57607c9212e4e793078d62c9aeab833066b2d4e
generated: "2026-04-08T17:24:50.724009386Z" generated: "2026-04-07T22:03:12.12671791Z"

2
clusters/cl01tl/helm/seerr/Chart.yaml
View File

@@ -17,7 +17,7 @@ maintainers:
dependencies: dependencies:
- name: seerr-chart - name: seerr-chart
repository: oci://ghcr.io/seerr-team/seerr repository: oci://ghcr.io/seerr-team/seerr
version: 3.4.1 version: 3.4.0
- name: volsync-target - name: volsync-target
alias: volsync-target-config alias: volsync-target-config
version: 0.8.0 version: 0.8.0

2
clusters/cl01tl/helm/site-documentation/values.yaml
View File

@@ -10,7 +10,7 @@ site-documentation:
main: main:
image: image:
repository: harbor.alexlebens.net/images/site-documentation repository: harbor.alexlebens.net/images/site-documentation
tag: 0.22.0@sha256:3310620f9bad0184d6ba6c786a3826ce53038c03cca345660a7e422276dbd478 tag: 0.21.0@sha256:556d92724306b0949c38185ffbaa7e3f05b9ba0d9b8dcfee0fc7a21985d10199
resources: resources:
requests: requests:
cpu: 10m cpu: 10m

1
clusters/cl01tl/helm/speedtest-exporter/Chart.yaml
View File

@@ -5,7 +5,6 @@ description: Speedtest Exporter
keywords: keywords:
- speedtest-exporter - speedtest-exporter
- internet-speed - internet-speed
- metrics
home: https://docs.alexlebens.dev/applications/speedtest-exporter/ home: https://docs.alexlebens.dev/applications/speedtest-exporter/
sources: sources:
- https://github.com/MiguelNdeCarvalho/speedtest-exporter - https://github.com/MiguelNdeCarvalho/speedtest-exporter

2
clusters/cl01tl/helm/stalwart/templates/elasticsearch.yaml
View File

@@ -9,7 +9,7 @@ metadata:
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
# renovate: datasource=docker depName=elasticsearch # renovate: datasource=docker depName=elasticsearch
version: 9.3.3 version: 8.19.13
auth: auth:
fileRealm: fileRealm:
- secretName: stalwart-elasticsearch-secret - secretName: stalwart-elasticsearch-secret

6
clusters/cl01tl/helm/tailscale-operator/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: tailscale-operator - name: tailscale-operator
repository: https://pkgs.tailscale.com/helmcharts repository: https://pkgs.tailscale.com/helmcharts
version: 1.96.5 version: 1.94.2
digest: sha256:d7352b6781e248f6fc6bbb06e994c76eed77f06b3beaac6a5707e77df72ccc7d digest: sha256:cf509332b17c0dc32d3a89f0661e500d7dc5c29814dc982c9f5607e424669002
generated: "2026-04-07T22:47:27.933877961Z" generated: "2026-02-14T00:21:25.854980371Z"

4
clusters/cl01tl/helm/tailscale-operator/Chart.yaml
View File

@@ -17,8 +17,8 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: tailscale-operator - name: tailscale-operator
version: 1.96.5 version: 1.94.2
repository: https://pkgs.tailscale.com/helmcharts repository: https://pkgs.tailscale.com/helmcharts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tailscale-light.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tailscale-light.png
# renovate: datasource=docker depName=tailscale/tailscale # renovate: datasource=docker depName=tailscale/tailscale
appVersion: v1.96.5 appVersion: v1.94.2

4
clusters/cl01tl/helm/tailscale-operator/values.yaml
View File

@@ -5,7 +5,7 @@ tailscale-operator:
- "tag:k8s-operator" - "tag:k8s-operator"
image: image:
repository: tailscale/k8s-operator repository: tailscale/k8s-operator
tag: v1.96.5 tag: v1.94.2
digest: sha256:7956bd50dca9dc804b98720df94d112b54af85449ed0bf8cc7fad0346b225067 digest: sha256:7956bd50dca9dc804b98720df94d112b54af85449ed0bf8cc7fad0346b225067
hostname: tailscale-operator-cl01tl hostname: tailscale-operator-cl01tl
ingressClass: ingressClass:
@@ -13,6 +13,6 @@ tailscale-operator:
proxyConfig: proxyConfig:
image: image:
repository: tailscale/tailscale repository: tailscale/tailscale
tag: v1.96.5 tag: v1.94.2
digest: sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1 digest: sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
defaultProxyClass: no-metrics defaultProxyClass: no-metrics

6
clusters/cl01tl/helm/talos/values.yaml
View File

@@ -376,7 +376,7 @@ etcd-defrag:
cronjob: cronjob:
suspend: false suspend: false
timeZone: America/Chicago timeZone: America/Chicago
schedule: 0 0 * * 0 schedule: "0 0 * * 0"
backoffLimit: 3 backoffLimit: 3
parallelism: 1 parallelism: 1
containers: containers:
@@ -404,7 +404,7 @@ etcd-defrag:
cronjob: cronjob:
suspend: false suspend: false
timeZone: America/Chicago timeZone: America/Chicago
schedule: 10 0 * * 0 schedule: "10 0 * * 0"
backoffLimit: 3 backoffLimit: 3
parallelism: 1 parallelism: 1
containers: containers:
@@ -432,7 +432,7 @@ etcd-defrag:
cronjob: cronjob:
suspend: false suspend: false
timeZone: America/Chicago timeZone: America/Chicago
schedule: 20 0 * * 0 schedule: "20 0 * * 0"
backoffLimit: 3 backoffLimit: 3
parallelism: 1 parallelism: 1
containers: containers:

8
clusters/cl01tl/helm/tdarr/Chart.yaml
View File

@@ -5,16 +5,16 @@ description: Tdarr
keywords: keywords:
- tdarr - tdarr
- video - video
home: https://docs.alexlebens.dev/applications/tdarr/ - transcode
- healthchecks
home: https://wiki.alexlebens.dev/s/0a8c0a10-7847-4081-8a4b-5e6ac4cb1d62
sources: sources:
- https://github.com/HaveAGitGat/Tdarr - https://github.com/HaveAGitGat/Tdarr
- https://github.com/homeylab/tdarr-exporter - https://github.com/homeylab/tdarr-exporter
- https://github.com/haveagitgat/Tdarr/pkgs/container/tdarr - https://github.com/haveagitgat/Tdarr/pkgs/container/tdarr
- https://github.com/users/haveagitgat/packages/container/package/tdarr_node
- https://hub.docker.com/r/homeylab/tdarr-exporter - https://hub.docker.com/r/homeylab/tdarr-exporter
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://github.com/homeylab/helm-charts/tree/main/charts/tdarr-exporter - https://github.com/homeylab/helm-charts/tree/main/charts/tdarr-exporter
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -34,5 +34,5 @@ dependencies:
version: 0.8.0 version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tdarr.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tdarr.png
# renovate: datasource=docker depName=ghcr.io/haveagitgat/tdarr # renovate: datasource=github-releases depName=HaveAGitGat/Tdarr
appVersion: 2.58.02 appVersion: 2.58.02

38
clusters/cl01tl/helm/tdarr/values.yaml
View File

@@ -4,18 +4,16 @@ tdarr:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
pod: revisionHistoryLimit: 3
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers: containers:
main: main:
image: image:
repository: ghcr.io/haveagitgat/tdarr repository: ghcr.io/haveagitgat/tdarr
tag: 2.68.01@sha256:db9520315f83974cb5b8f2a8ed89a8a2be3d97d29575f54cbe4b5cc5e6daf5a5 tag: 2.67.01
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: America/Chicago value: US/Central
- name: PUID - name: PUID
value: "1001" value: "1001"
- name: PGID - name: PGID
@@ -38,11 +36,12 @@ tdarr:
value: "8265" value: "8265"
resources: resources:
requests: requests:
cpu: 500m cpu: 200m
memory: 2Gi memory: 1Gi
node: node:
type: statefulset type: statefulset
replicas: 3 replicas: 3
revisionHistoryLimit: 3
statefulset: statefulset:
volumeClaimTemplates: volumeClaimTemplates:
- name: transcode-cache - name: transcode-cache
@@ -68,10 +67,11 @@ tdarr:
main: main:
image: image:
repository: ghcr.io/haveagitgat/tdarr_node repository: ghcr.io/haveagitgat/tdarr_node
tag: 2.68.01@sha256:6359991d297ec23e2a5fe3a6b5b19c65d9eabdc63172d2cbe6aa576bbe5356c2 tag: 2.67.01
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: America/Chicago value: US/Central
- name: PUID - name: PUID
value: "1001" value: "1001"
- name: PGID - name: PGID
@@ -96,7 +96,7 @@ tdarr:
requests: requests:
gpu.intel.com/i915: 1 gpu.intel.com/i915: 1
cpu: 10m cpu: 10m
memory: 100Mi memory: 512Mi
service: service:
api: api:
controller: server controller: server
@@ -104,12 +104,14 @@ tdarr:
http: http:
port: 8266 port: 8266
targetPort: 8266 targetPort: 8266
protocol: HTTP
web: web:
controller: server controller: server
ports: ports:
http: http:
port: 8265 port: 8265
targetPort: 8265 targetPort: 8265
protocol: HTTP
route: route:
main: main:
kind: HTTPRoute kind: HTTPRoute
@@ -122,8 +124,11 @@ tdarr:
- tdarr.alexlebens.net - tdarr.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: tdarr-web - group: ''
kind: Service
name: tdarr-web
port: 8265 port: 8265
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -134,6 +139,7 @@ tdarr:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 50Gi size: 50Gi
retain: true
advancedMounts: advancedMounts:
server: server:
main: main:
@@ -144,6 +150,7 @@ tdarr:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 50Gi size: 50Gi
retain: true
advancedMounts: advancedMounts:
server: server:
main: main:
@@ -170,7 +177,8 @@ tdarr:
tdarr-exporter: tdarr-exporter:
image: image:
name: homeylab/tdarr-exporter name: homeylab/tdarr-exporter
tag: 1.4.3@sha256:88254cb505bfff20e86e04fa23a71789a411e7939e3bcbccbd5ef397ff91d052 # renovate: datasource=docker depName=homeylab/tdarr-exporter
tag: 1.4.3
metrics: metrics:
serviceMonitor: serviceMonitor:
enabled: true enabled: true
@@ -180,8 +188,8 @@ tdarr-exporter:
verify_ssl: false verify_ssl: false
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 10Mi memory: 256Mi
volsync-target-config: volsync-target-config:
pvcTarget: tdarr-config pvcTarget: tdarr-config
local: local:

7
clusters/cl01tl/helm/traefik/Chart.yaml
View File

@@ -5,11 +5,12 @@ description: Traefik
keywords: keywords:
- traefik - traefik
- reverse-proxy - reverse-proxy
home: https://docs.alexlebens.dev/applications/traefik/ - tls
- kubernetes
home: https://wiki.alexlebens.dev/s/541ec45c-6cf7-4be6-bb08-63cab175e7cb
sources: sources:
- https://github.com/traefik/traefik - https://github.com/traefik/traefik
- https://github.com/traefik/traefik-helm-chart/tree/master/traefik - https://github.com/traefik/traefik-helm-chart
- https://github.com/traefik/traefik-helm-chart/tree/master/traefik-crds
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:

38
clusters/cl01tl/helm/traefik/values.yaml
View File

@@ -1,8 +1,4 @@
traefik: traefik:
image:
registry: docker.io
repository: traefik
tag: v3.6.13@sha256:abb4f51887319c9b9d9cfe1d3cdf9379a771138003bf683f10e97697e148f95f
deployment: deployment:
kind: DaemonSet kind: DaemonSet
ingressClass: ingressClass:
@@ -43,11 +39,6 @@ traefik:
enabled: true enabled: true
matchRule: (Host(`traefik-cl01tl.alexlebens.net`) && (PathPrefix(`/api/`) || PathPrefix(`/dashboard/`))) matchRule: (Host(`traefik-cl01tl.alexlebens.net`) && (PathPrefix(`/api/`) || PathPrefix(`/dashboard/`)))
entryPoints: ["websecure"] entryPoints: ["websecure"]
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
providers: providers:
kubernetesCRD: kubernetesCRD:
allowCrossNamespace: true allowCrossNamespace: true
@@ -67,23 +58,8 @@ traefik:
serviceMonitor: serviceMonitor:
enabled: true enabled: true
prometheusRule: prometheusRule:
enabled: true enabled: false
rules:
- alert: TraefikDown
expr: up{job="traefik"} == 0
for: 5m
labels:
context: traefik
severity: warning
annotations:
summary: "Traefik Down"
description: "{{ $labels.pod }} on {{ $labels.nodename }} is down"
global:
checkNewVersion: false
ports: ports:
traefik:
expose:
default: false
web: web:
port: 8000 port: 8000
expose: expose:
@@ -101,12 +77,14 @@ traefik:
- 172.16.0.0/16 - 172.16.0.0/16
- 192.168.0.0/16 - 192.168.0.0/16
- fc00::/7 - fc00::/7
insecure: false
proxyProtocol: proxyProtocol:
trustedIPs: trustedIPs:
- 10.0.0.0/8 - 10.0.0.0/8
- 172.16.0.0/16 - 172.16.0.0/16
- 192.168.0.0/16 - 192.168.0.0/16
- fc00::/7 - fc00::/7
insecure: false
websecure: websecure:
port: 8443 port: 8443
expose: expose:
@@ -124,18 +102,22 @@ traefik:
allowEncodedPercent: true allowEncodedPercent: true
allowEncodedQuestionMark: true allowEncodedQuestionMark: true
allowEncodedHash: true allowEncodedHash: true
tls:
enabled: true
forwardedHeaders: forwardedHeaders:
trustedIPs: trustedIPs:
- 10.0.0.0/8 - 10.0.0.0/8
- 172.16.0.0/16 - 172.16.0.0/16
- 192.168.0.0/16 - 192.168.0.0/16
- fc00::/7 - fc00::/7
insecure: false
proxyProtocol: proxyProtocol:
trustedIPs: trustedIPs:
- 10.0.0.0/8 - 10.0.0.0/8
- 172.16.0.0/16 - 172.16.0.0/16
- 192.168.0.0/16 - 192.168.0.0/16
- fc00::/7 - fc00::/7
insecure: false
ssh: ssh:
port: 22 port: 22
expose: expose:
@@ -147,12 +129,14 @@ traefik:
- 172.16.0.0/16 - 172.16.0.0/16
- 192.168.0.0/16 - 192.168.0.0/16
- fc00::/7 - fc00::/7
insecure: false
proxyProtocol: proxyProtocol:
trustedIPs: trustedIPs:
- 10.0.0.0/8 - 10.0.0.0/8
- 172.16.0.0/16 - 172.16.0.0/16
- 192.168.0.0/16 - 192.168.0.0/16
- fc00::/7 - fc00::/7
insecure: false
metrics: metrics:
expose: expose:
default: false default: false
@@ -161,10 +145,6 @@ traefik:
type: LoadBalancer type: LoadBalancer
externalIPs: externalIPs:
- 10.232.1.21 - 10.232.1.21
resources:
requests:
cpu: 10m
memory: 100Mi
traefik-crds: traefik-crds:
enabled: true enabled: true
traefik: true traefik: true

6
clusters/cl01tl/helm/tubearchivist/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0 version: 0.4.0
digest: sha256:bbceeb6ebc7a358798e706280aa2eaba8b47b018ea0fb736b30ece5419979c4e digest: sha256:39a57c1505ed39180cffe9153ce69233c2376ba62c9287bc411071cf986f44de
generated: "2026-04-07T19:36:53.116343-05:00" generated: "2026-03-09T23:08:53.501770729Z"

12
clusters/cl01tl/helm/tubearchivist/Chart.yaml
View File

@@ -4,17 +4,15 @@ version: 1.0.0
description: Tube Archivist description: Tube Archivist
keywords: keywords:
- tubearchivist - tubearchivist
- download
- video - video
home: https://docs.alexlebens.dev/applications/tubearchivist/ - youtube
home: https://wiki.alexlebens.dev/s/9a5f89bb-3cae-43ab-b651-d39f69a05e93
sources: sources:
- https://github.com/tubearchivist/tubearchivist - https://github.com/tubearchivist/tubearchivist
- https://github.com/Brainicism/bgutil-ytdlp-pot-provider - https://github.com/elastic/elasticsearch
- https://github.com/qdm12/gluetun
- https://hub.docker.com/r/bbilly1/tubearchivist - https://hub.docker.com/r/bbilly1/tubearchivist
- https://hub.docker.com/r/brainicism/bgutil-ytdlp-pot-provider
- https://github.com/qdm12/gluetun/pkgs/container/gluetun
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -24,7 +22,7 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: valkey - name: valkey
alias: valkey alias: valkey
version: 0.5.0 version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tube-archivist.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tube-archivist.png
# renovate: datasource=github-releases depName=tubearchivist/tubearchivist # renovate: datasource=github-releases depName=tubearchivist/tubearchivist

2
clusters/cl01tl/helm/tubearchivist/templates/elasticsearch.yaml
View File

@@ -9,7 +9,7 @@ metadata:
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
# renovate: datasource=docker depName=elasticsearch # renovate: datasource=docker depName=elasticsearch
version: 9.3.3 version: 8.19.13
auth: auth:
fileRealm: fileRealm:
- secretName: tubearchivist-elasticsearch-secret - secretName: tubearchivist-elasticsearch-secret

27
clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml
View File

@@ -14,11 +14,17 @@ spec:
data: data:
- secretKey: ELASTIC_PASSWORD - secretKey: ELASTIC_PASSWORD
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/tubearchivist/env key: /cl01tl/tubearchivist/env
metadataPolicy: None
property: ELASTIC_PASSWORD property: ELASTIC_PASSWORD
- secretKey: TA_PASSWORD - secretKey: TA_PASSWORD
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/tubearchivist/env key: /cl01tl/tubearchivist/env
metadataPolicy: None
property: TA_PASSWORD property: TA_PASSWORD
--- ---
@@ -38,15 +44,24 @@ spec:
data: data:
- secretKey: username - secretKey: username
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/tubearchivist/elasticsearch key: /cl01tl/tubearchivist/elasticsearch
metadataPolicy: None
property: username property: username
- secretKey: password - secretKey: password
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/tubearchivist/elasticsearch key: /cl01tl/tubearchivist/elasticsearch
metadataPolicy: None
property: password property: password
- secretKey: roles - secretKey: roles
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/tubearchivist/elasticsearch key: /cl01tl/tubearchivist/elasticsearch
metadataPolicy: None
property: roles property: roles
--- ---
@@ -66,17 +81,29 @@ spec:
data: data:
- secretKey: private-key - secretKey: private-key
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl key: /airvpn/conf/cl01tl
metadataPolicy: None
property: private-key property: private-key
- secretKey: preshared-key - secretKey: preshared-key
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl key: /airvpn/conf/cl01tl
metadataPolicy: None
property: preshared-key property: preshared-key
- secretKey: addresses - secretKey: addresses
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl key: /airvpn/conf/cl01tl
metadataPolicy: None
property: addresses property: addresses
- secretKey: input-ports - secretKey: input-ports
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports property: input-ports

25
clusters/cl01tl/helm/tubearchivist/values.yaml
View File

@@ -4,15 +4,13 @@ tubearchivist:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
pod: revisionHistoryLimit: 3
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers: containers:
main: main:
image: image:
repository: bbilly1/tubearchivist repository: bbilly1/tubearchivist
tag: v0.5.10@sha256:dfe723cf008520e1758ecc3e59e6ea8761dd10d5bb099cd87289e80f5bd66567 tag: v0.5.10
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago
@@ -42,11 +40,13 @@ tubearchivist:
bgutil: bgutil:
image: image:
repository: brainicism/bgutil-ytdlp-pot-provider repository: brainicism/bgutil-ytdlp-pot-provider
tag: 1.3.1@sha256:1aaa43a0ca72dfca6a6d2129a0fb4a23465c25adb1b043f8aff829a20825646b tag: 1.3.1
pullPolicy: IfNotPresent
gluetun: gluetun:
image: image:
repository: ghcr.io/qdm12/gluetun repository: ghcr.io/qdm12/gluetun
tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
pullPolicy: IfNotPresent
lifecycle: lifecycle:
postStart: postStart:
exec: exec:
@@ -106,6 +106,8 @@ tubearchivist:
devic.es/tun: "1" devic.es/tun: "1"
requests: requests:
devic.es/tun: "1" devic.es/tun: "1"
cpu: 10m
memory: 128Mi
service: service:
main: main:
controller: main controller: main
@@ -113,6 +115,7 @@ tubearchivist:
http: http:
port: 80 port: 80
targetPort: 24000 targetPort: 24000
protocol: HTTP
route: route:
main: main:
kind: HTTPRoute kind: HTTPRoute
@@ -125,8 +128,11 @@ tubearchivist:
- tubearchivist.alexlebens.net - tubearchivist.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: tubearchivist - group: ''
kind: Service
name: tubearchivist
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -136,6 +142,7 @@ tubearchivist:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 40Gi size: 40Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -150,6 +157,10 @@ tubearchivist:
readOnly: false readOnly: false
valkey: valkey:
valkey: valkey:
resources:
requests:
cpu: 100m
memory: 1Gi
dataStorage: dataStorage:
requestedSize: 10Gi requestedSize: 10Gi
replica: replica:

2
clusters/cl01tl/helm/unpackerr/Chart.yaml
View File

@@ -6,7 +6,7 @@ keywords:
- unpackerr - unpackerr
- archive - archive
- servarr - servarr
home: https://docs.alexlebens.dev/applications/unpackerr/ home: https://wiki.alexlebens.dev/s/7d3193ee-4ca3-4477-bdb0-44f2258bc088
sources: sources:
- https://github.com/Unpackerr/unpackerr - https://github.com/Unpackerr/unpackerr
- https://hub.docker.com/r/golift/unpackerr - https://hub.docker.com/r/golift/unpackerr

24
clusters/cl01tl/helm/unpackerr/templates/external-secret.yaml
View File

@@ -14,33 +14,57 @@ spec:
data: data:
- secretKey: UN_SONARR_0_API_KEY - secretKey: UN_SONARR_0_API_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/sonarr4/key key: /cl01tl/sonarr4/key
metadataPolicy: None
property: key property: key
- secretKey: UN_SONARR_1_API_KEY - secretKey: UN_SONARR_1_API_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/sonarr4-4k/key key: /cl01tl/sonarr4-4k/key
metadataPolicy: None
property: key property: key
- secretKey: UN_SONARR_2_API_KEY - secretKey: UN_SONARR_2_API_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/sonarr4-anime/key key: /cl01tl/sonarr4-anime/key
metadataPolicy: None
property: key property: key
- secretKey: UN_RADARR_0_API_KEY - secretKey: UN_RADARR_0_API_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/radarr5/key key: /cl01tl/radarr5/key
metadataPolicy: None
property: key property: key
- secretKey: UN_RADARR_1_API_KEY - secretKey: UN_RADARR_1_API_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/radarr5-4k/key key: /cl01tl/radarr5-4k/key
metadataPolicy: None
property: key property: key
- secretKey: UN_RADARR_2_API_KEY - secretKey: UN_RADARR_2_API_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/radarr5-anime/key key: /cl01tl/radarr5-anime/key
metadataPolicy: None
property: key property: key
- secretKey: UN_RADARR_3_API_KEY - secretKey: UN_RADARR_3_API_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/radarr5-standup/key key: /cl01tl/radarr5-standup/key
metadataPolicy: None
property: key property: key
- secretKey: UN_LIDARR_0_API_KEY - secretKey: UN_LIDARR_0_API_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/lidarr2/key key: /cl01tl/lidarr2/key
metadataPolicy: None
property: key property: key

12
clusters/cl01tl/helm/unpackerr/values.yaml
View File

@@ -4,18 +4,16 @@ unpackerr:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
pod: revisionHistoryLimit: 3
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers: containers:
main: main:
image: image:
repository: golift/unpackerr repository: golift/unpackerr
tag: 0.15.2@sha256:057e34740d26c34d81ec8e2faf8ec11f8dbfc77489b7a42826f52b37e5ee1b6c tag: 0.15.2
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: America/Chicago value: US/Central
- name: UN_WEBSERVER_METRICS - name: UN_WEBSERVER_METRICS
value: true value: true
- name: UN_SONARR_0_URL - name: UN_SONARR_0_URL
@@ -56,7 +54,7 @@ unpackerr:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 10Mi memory: 128Mi
persistence: persistence:
storage: storage:
existingClaim: unpackerr-nfs-storage existingClaim: unpackerr-nfs-storage

5
clusters/cl01tl/helm/unpoller/Chart.yaml
View File

@@ -5,8 +5,9 @@ description: Unpoller
keywords: keywords:
- unpoller - unpoller
- ubiquiti - ubiquiti
- unifi
- metrics - metrics
home: https://docs.alexlebens.dev/applications/unpoller/ home: https://wiki.alexlebens.dev/s/cac4e7b1-3d8e-4a32-993c-c6b3f1d2c344
sources: sources:
- https://github.com/unpoller/unpoller - https://github.com/unpoller/unpoller
- https://github.com/unpoller/unpoller/pkgs/container/unpoller - https://github.com/unpoller/unpoller/pkgs/container/unpoller
@@ -18,6 +19,6 @@ dependencies:
alias: unpoller alias: unpoller
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/ubiquiti-unifi.png icon: https://camo.githubusercontent.com/c5d07a5b3acfeac8e1c25bf56f440ffe032b86e4e7f15de82357f022a43fc927/68747470733a2f2f756e706f6c6c65722e636f6d2f696d672f6c6f676f2e706e67
# renovate: datasource=github-releases depName=unpoller/unpoller # renovate: datasource=github-releases depName=unpoller/unpoller
appVersion: v2.39.0 appVersion: v2.39.0

6
clusters/cl01tl/helm/unpoller/templates/external-secret.yaml
View File

@@ -14,9 +14,15 @@ spec:
data: data:
- secretKey: UP_UNIFI_CONTROLLER_0_USER - secretKey: UP_UNIFI_CONTROLLER_0_USER
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /unifi/auth/cl01tl key: /unifi/auth/cl01tl
metadataPolicy: None
property: user property: user
- secretKey: UP_UNIFI_CONTROLLER_0_PASS - secretKey: UP_UNIFI_CONTROLLER_0_PASS
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /unifi/auth/cl01tl key: /unifi/auth/cl01tl
metadataPolicy: None
property: password property: password

11
clusters/cl01tl/helm/unpoller/values.yaml
View File

@@ -4,14 +4,16 @@ unpoller:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: ghcr.io/unpoller/unpoller repository: ghcr.io/unpoller/unpoller
tag: v2.39.0@sha256:1cf63ad43121acc6995da1bd636063de9023b4bfc16599a4297951a6fb6b7fd2 tag: v2.39.0
pullPolicy: IfNotPresent
env: env:
- name: UP_UNIFI_CONTROLLER_0_SAVE_ALARMS - name: UP_UNIFI_CONTROLLER_0_SAVE_ALARMS
value: 'true' value: 'false'
- name: UP_UNIFI_CONTROLLER_0_SAVE_ANOMALIES - name: UP_UNIFI_CONTROLLER_0_SAVE_ANOMALIES
value: 'false' value: 'false'
- name: UP_UNIFI_CONTROLLER_0_SAVE_DPI - name: UP_UNIFI_CONTROLLER_0_SAVE_DPI
@@ -19,7 +21,7 @@ unpoller:
- name: UP_UNIFI_CONTROLLER_0_SAVE_EVENTS - name: UP_UNIFI_CONTROLLER_0_SAVE_EVENTS
value: 'false' value: 'false'
- name: UP_UNIFI_CONTROLLER_0_SAVE_IDS - name: UP_UNIFI_CONTROLLER_0_SAVE_IDS
value: 'true' value: 'false'
- name: UP_UNIFI_CONTROLLER_0_SAVE_SITES - name: UP_UNIFI_CONTROLLER_0_SAVE_SITES
value: 'true' value: 'true'
- name: UP_UNIFI_CONTROLLER_0_URL - name: UP_UNIFI_CONTROLLER_0_URL
@@ -42,7 +44,7 @@ unpoller:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 20Mi memory: 64Mi
service: service:
main: main:
controller: main controller: main
@@ -50,6 +52,7 @@ unpoller:
metrics: metrics:
port: 9130 port: 9130
targetPort: 9130 targetPort: 9130
protocol: TCP
serviceMonitor: serviceMonitor:
main: main:
selector: selector:

4
clusters/cl01tl/helm/vault/Chart.yaml
View File

@@ -5,7 +5,7 @@ description: Vault
keywords: keywords:
- vault - vault
- secrets - secrets
home: https://docs.alexlebens.dev/applications/vault/ home: https://wiki.alexlebens.dev/s/5e40fae1-53a5-4bd0-9953-6fcbe88f1987
sources: sources:
- https://github.com/hashicorp/vault - https://github.com/hashicorp/vault
- https://github.com/Angatar/s3cmd - https://github.com/Angatar/s3cmd
@@ -29,6 +29,6 @@ dependencies:
alias: unseal alias: unseal
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/hashicorp-vault.png icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/vault.png
# renovate: datasource=github-releases depName=hashicorp/vault # renovate: datasource=github-releases depName=hashicorp/vault
appVersion: 1.21.4 appVersion: 1.21.4

132
clusters/cl01tl/helm/vault/templates/external-secret.yaml
View File

@@ -14,11 +14,17 @@ spec:
data: data:
- secretKey: VAULT_APPROLE_ROLE_ID - secretKey: VAULT_APPROLE_ROLE_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/snapshot key: /cl01tl/vault/snapshot
metadataPolicy: None
property: VAULT_APPROLE_ROLE_ID property: VAULT_APPROLE_ROLE_ID
- secretKey: VAULT_APPROLE_SECRET_ID - secretKey: VAULT_APPROLE_SECRET_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/snapshot key: /cl01tl/vault/snapshot
metadataPolicy: None
property: VAULT_APPROLE_SECRET_ID property: VAULT_APPROLE_SECRET_ID
--- ---
@@ -38,11 +44,17 @@ spec:
data: data:
- secretKey: .s3cfg - secretKey: .s3cfg
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/vault-backups key: /garage/home-infra/vault-backups
metadataPolicy: None
property: s3cfg-local property: s3cfg-local
- secretKey: BUCKET - secretKey: BUCKET
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/vault-backups key: /garage/home-infra/vault-backups
metadataPolicy: None
property: BUCKET property: BUCKET
--- ---
@@ -62,11 +74,17 @@ spec:
data: data:
- secretKey: .s3cfg - secretKey: .s3cfg
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/vault-backups key: /garage/home-infra/vault-backups
metadataPolicy: None
property: s3cfg-remote property: s3cfg-remote
- secretKey: BUCKET - secretKey: BUCKET
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/vault-backups key: /garage/home-infra/vault-backups
metadataPolicy: None
property: BUCKET property: BUCKET
--- ---
@@ -86,11 +104,17 @@ spec:
data: data:
- secretKey: .s3cfg - secretKey: .s3cfg
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/vault-backup key: /digital-ocean/home-infra/vault-backup
metadataPolicy: None
property: s3cfg property: s3cfg
- secretKey: BUCKET - secretKey: BUCKET
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/vault-backup key: /digital-ocean/home-infra/vault-backup
metadataPolicy: None
property: BUCKET property: BUCKET
--- ---
@@ -110,15 +134,24 @@ spec:
data: data:
- secretKey: NTFY_TOKEN - secretKey: NTFY_TOKEN
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /ntfy/user/cl01tl key: /ntfy/user/cl01tl
metadataPolicy: None
property: token property: token
- secretKey: NTFY_ENDPOINT - secretKey: NTFY_ENDPOINT
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /ntfy/user/cl01tl key: /ntfy/user/cl01tl
metadataPolicy: None
property: endpoint property: endpoint
- secretKey: NTFY_TOPIC - secretKey: NTFY_TOPIC
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/snapshot key: /cl01tl/vault/snapshot
metadataPolicy: None
property: NTFY_TOPIC property: NTFY_TOPIC
--- ---
@@ -138,39 +171,66 @@ spec:
data: data:
- secretKey: ENVIRONMENT - secretKey: ENVIRONMENT
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: ENVIRONMENT property: ENVIRONMENT
- secretKey: CHECK_INTERVAL - secretKey: CHECK_INTERVAL
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: CHECK_INTERVAL property: CHECK_INTERVAL
- secretKey: MAX_CHECK_INTERVAL - secretKey: MAX_CHECK_INTERVAL
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: MAX_CHECK_INTERVAL property: MAX_CHECK_INTERVAL
- secretKey: NODES - secretKey: NODES
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: NODES property: NODES
- secretKey: TLS_SKIP_VERIFY - secretKey: TLS_SKIP_VERIFY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: TLS_SKIP_VERIFY property: TLS_SKIP_VERIFY
- secretKey: TOKENS - secretKey: TOKENS
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: TOKENS property: TOKENS
- secretKey: EMAIL_ENABLED - secretKey: EMAIL_ENABLED
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: EMAIL_ENABLED property: EMAIL_ENABLED
- secretKey: NOTIFY_MAX_ELAPSED - secretKey: NOTIFY_MAX_ELAPSED
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: NOTIFY_MAX_ELAPSED property: NOTIFY_MAX_ELAPSED
- secretKey: NOTIFY_QUEUE_DELAY - secretKey: NOTIFY_QUEUE_DELAY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: NOTIFY_QUEUE_DELAY property: NOTIFY_QUEUE_DELAY
--- ---
@@ -190,39 +250,66 @@ spec:
data: data:
- secretKey: ENVIRONMENT - secretKey: ENVIRONMENT
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: ENVIRONMENT property: ENVIRONMENT
- secretKey: CHECK_INTERVAL - secretKey: CHECK_INTERVAL
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: CHECK_INTERVAL property: CHECK_INTERVAL
- secretKey: MAX_CHECK_INTERVAL - secretKey: MAX_CHECK_INTERVAL
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: MAX_CHECK_INTERVAL property: MAX_CHECK_INTERVAL
- secretKey: NODES - secretKey: NODES
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: NODES property: NODES
- secretKey: TLS_SKIP_VERIFY - secretKey: TLS_SKIP_VERIFY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: TLS_SKIP_VERIFY property: TLS_SKIP_VERIFY
- secretKey: TOKENS - secretKey: TOKENS
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: TOKENS property: TOKENS
- secretKey: EMAIL_ENABLED - secretKey: EMAIL_ENABLED
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: EMAIL_ENABLED property: EMAIL_ENABLED
- secretKey: NOTIFY_MAX_ELAPSED - secretKey: NOTIFY_MAX_ELAPSED
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: NOTIFY_MAX_ELAPSED property: NOTIFY_MAX_ELAPSED
- secretKey: NOTIFY_QUEUE_DELAY - secretKey: NOTIFY_QUEUE_DELAY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: NOTIFY_QUEUE_DELAY property: NOTIFY_QUEUE_DELAY
--- ---
@@ -242,39 +329,66 @@ spec:
data: data:
- secretKey: ENVIRONMENT - secretKey: ENVIRONMENT
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: ENVIRONMENT property: ENVIRONMENT
- secretKey: CHECK_INTERVAL - secretKey: CHECK_INTERVAL
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: CHECK_INTERVAL property: CHECK_INTERVAL
- secretKey: MAX_CHECK_INTERVAL - secretKey: MAX_CHECK_INTERVAL
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: MAX_CHECK_INTERVAL property: MAX_CHECK_INTERVAL
- secretKey: NODES - secretKey: NODES
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: NODES property: NODES
- secretKey: TLS_SKIP_VERIFY - secretKey: TLS_SKIP_VERIFY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: TLS_SKIP_VERIFY property: TLS_SKIP_VERIFY
- secretKey: TOKENS - secretKey: TOKENS
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: TOKENS property: TOKENS
- secretKey: EMAIL_ENABLED - secretKey: EMAIL_ENABLED
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: EMAIL_ENABLED property: EMAIL_ENABLED
- secretKey: NOTIFY_MAX_ELAPSED - secretKey: NOTIFY_MAX_ELAPSED
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: NOTIFY_MAX_ELAPSED property: NOTIFY_MAX_ELAPSED
- secretKey: NOTIFY_QUEUE_DELAY - secretKey: NOTIFY_QUEUE_DELAY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: NOTIFY_QUEUE_DELAY property: NOTIFY_QUEUE_DELAY
--- ---
@@ -294,25 +408,43 @@ spec:
data: data:
- secretKey: token - secretKey: token
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/token key: /cl01tl/vault/token
metadataPolicy: None
property: token property: token
- secretKey: unseal_key_1 - secretKey: unseal_key_1
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/token key: /cl01tl/vault/token
metadataPolicy: None
property: unseal_key_1 property: unseal_key_1
- secretKey: unseal_key_2 - secretKey: unseal_key_2
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/token key: /cl01tl/vault/token
metadataPolicy: None
property: unseal_key_2 property: unseal_key_2
- secretKey: unseal_key_3 - secretKey: unseal_key_3
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/token key: /cl01tl/vault/token
metadataPolicy: None
property: unseal_key_3 property: unseal_key_3
- secretKey: unseal_key_4 - secretKey: unseal_key_4
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/token key: /cl01tl/vault/token
metadataPolicy: None
property: unseal_key_4 property: unseal_key_4
- secretKey: unseal_key_5 - secretKey: unseal_key_5
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/token key: /cl01tl/vault/token
metadataPolicy: None
property: unseal_key_5 property: unseal_key_5

1
clusters/cl01tl/helm/vault/templates/http-route.yaml
View File

@@ -25,3 +25,4 @@ spec:
kind: Service kind: Service
name: vault-active name: vault-active
port: 8200 port: 8200
weight: 100

98
clusters/cl01tl/helm/vault/values.yaml
View File

@@ -1,5 +1,9 @@
vault: vault:
global: global:
enabled: true
tlsDisable: true
psp:
enable: false
serverTelemetry: serverTelemetry:
prometheusOperator: true prometheusOperator: true
injector: injector:
@@ -8,16 +12,23 @@ vault:
enabled: true enabled: true
image: image:
repository: hashicorp/vault repository: hashicorp/vault
tag: 1.21.4@sha256:4e33b126a59c0c333b76fb4e894722462659a6bec7c48c9ee8cea56fccfd2569 tag: 1.21.4
updateStrategyType: RollingUpdate updateStrategyType: "RollingUpdate"
logLevel: debug logLevel: debug
logFormat: standard logFormat: standard
resources: resources:
requests: requests:
cpu: 50m cpu: 50m
memory: 512Mi memory: 512Mi
ingress:
enabled: false
route:
enabled: false
authDelegator: authDelegator:
enabled: false enabled: false
readinessProbe:
enabled: true
port: 8200
livenessProbe: livenessProbe:
enabled: false enabled: false
volumes: volumes:
@@ -28,17 +39,43 @@ vault:
- mountPath: /opt/backups/ - mountPath: /opt/backups/
name: vault-storage-backup name: vault-storage-backup
readOnly: false readOnly: false
affinity: |
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/name: {{ template "vault.name" . }}
app.kubernetes.io/instance: "{{ .Release.Name }}"
component: server
topologyKey: kubernetes.io/hostname
networkPolicy:
enabled: false
service:
enabled: true
active:
enabled: true
standby:
enabled: false
type: ClusterIP
port: 8200
targetPort: 8200
dataStorage: dataStorage:
enabled: true
size: 1Gi size: 1Gi
storageClass: ceph-block mountPath: "/vault/data"
accessMode: ReadWriteOnce
auditStorage: auditStorage:
enabled: false enabled: false
size: 5Gi size: 5Gi
storageClass: ceph-block mountPath: "/vault/audit"
accessMode: ReadWriteOnce
dev:
enabled: false
standalone: standalone:
enabled: false enabled: false
ha: ha:
enabled: true enabled: true
replicas: 3
raft: raft:
enabled: true enabled: true
config: | config: |
@@ -72,12 +109,30 @@ vault:
prometheus_retention_time = "30s" prometheus_retention_time = "30s"
disable_hostname = true disable_hostname = true
} }
disruptionBudget: disruptionBudget:
enabled: true enabled: true
maxUnavailable: 1 maxUnavailable: null
serviceAccount:
create: true
serviceDiscovery:
enabled: true
hostNetwork: false
ui:
enabled: true
publishNotReadyAddresses: true
activeVaultPodOnly: false
serviceType: "ClusterIP"
serviceNodePort: null
externalPort: 8200
targetPort: 8200
csi:
enabled: false
serverTelemetry: serverTelemetry:
serviceMonitor: serviceMonitor:
enabled: true enabled: true
interval: 30s
scrapeTimeout: 10s
prometheusRules: prometheusRules:
enabled: true enabled: true
rules: rules:
@@ -103,15 +158,20 @@ snapshot:
type: cronjob type: cronjob
cronjob: cronjob:
suspend: false suspend: false
timeZone: America/Chicago concurrencyPolicy: Forbid
timeZone: US/Central
schedule: 0 4 * * * schedule: 0 4 * * *
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 3
backoffLimit: 3 backoffLimit: 3
parallelism: 1 parallelism: 1
initContainers: initContainers:
snapshot: snapshot:
image: image:
repository: hashicorp/vault repository: hashicorp/vault
tag: 1.21.4@sha256:4e33b126a59c0c333b76fb4e894722462659a6bec7c48c9ee8cea56fccfd2569 tag: 1.21.4
pullPolicy: IfNotPresent
command: command:
- /bin/ash - /bin/ash
args: args:
@@ -268,47 +328,53 @@ unseal:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: ghcr.io/lrstanley/vault-unseal repository: ghcr.io/lrstanley/vault-unseal
tag: 0.7.2@sha256:b25d0c2f6a73d1b9a3907befa473f08fe9fac828d248d7e9702517c5b967733c tag: 0.7.2
pullPolicy: IfNotPresent
envFrom: envFrom:
- secretRef: - secretRef:
name: vault-unseal-config-1 name: vault-unseal-config-1
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 10Mi memory: 24Mi
unseal-2: unseal-2:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: ghcr.io/lrstanley/vault-unseal repository: ghcr.io/lrstanley/vault-unseal
tag: 0.7.2@sha256:b25d0c2f6a73d1b9a3907befa473f08fe9fac828d248d7e9702517c5b967733c tag: 0.7.2
pullPolicy: IfNotPresent
envFrom: envFrom:
- secretRef: - secretRef:
name: vault-unseal-config-2 name: vault-unseal-config-2
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 10Mi memory: 24Mi
unseal-3: unseal-3:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: ghcr.io/lrstanley/vault-unseal repository: ghcr.io/lrstanley/vault-unseal
tag: 0.7.2@sha256:b25d0c2f6a73d1b9a3907befa473f08fe9fac828d248d7e9702517c5b967733c tag: 0.7.2
pullPolicy: IfNotPresent
envFrom: envFrom:
- secretRef: - secretRef:
name: vault-unseal-config-3 name: vault-unseal-config-3
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 10Mi memory: 24Mi

6
clusters/cl01tl/helm/vaultwarden/Chart.lock
View File

@@ -7,9 +7,9 @@ dependencies:
version: 2.4.0 version: 2.4.0
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2 version: 7.10.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:1b1949361ed77479733f8634a2ac6d74d4d8ba3144339446f5508643a0b57a31 digest: sha256:6f78b41937412c1db5e0f612287d29ea81c1d9169b8a0efd98a0dd4be3e532d1
generated: "2026-04-07T20:19:48.079671-05:00" generated: "2026-03-15T20:10:47.852109985Z"

12
clusters/cl01tl/helm/vaultwarden/Chart.yaml
View File

@@ -4,15 +4,17 @@ version: 1.0.0
description: Vaultwarden description: Vaultwarden
keywords: keywords:
- vaultwarden - vaultwarden
- password-manager - bitwarden
home: https://docs.alexlebens.dev/applications/vault/ - password
home: https://wiki.alexlebens.dev/s/fecd00f9-ebce-43eb-b066-3721b15432e3
sources: sources:
- https://github.com/dani-garcia/vaultwarden - https://github.com/dani-garcia/vaultwarden
- https://github.com/dani-garcia/vaultwarden/pkgs/container/vaultwarden - https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/vaultwarden/server
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -25,7 +27,7 @@ dependencies:
version: 2.4.0 version: 2.4.0
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.11.2 version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target - name: volsync-target
alias: volsync-target-data alias: volsync-target-data

6
clusters/cl01tl/helm/vaultwarden/templates/external-secret.yaml
View File

@@ -14,9 +14,15 @@ spec:
data: data:
- secretKey: client - secretKey: client
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/vaultwarden key: /authentik/oidc/vaultwarden
metadataPolicy: None
property: client property: client
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/vaultwarden key: /authentik/oidc/vaultwarden
metadataPolicy: None
property: secret property: secret

33
clusters/cl01tl/helm/vaultwarden/values.yaml
View File

@@ -4,11 +4,13 @@ vaultwarden:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: ghcr.io/dani-garcia/vaultwarden repository: vaultwarden/server
tag: 1.35.4@sha256:43498a94b22f9563f2a94b53760ab3e710eefc0d0cac2efda4b12b9eb8690664 tag: 1.35.4
pullPolicy: IfNotPresent
env: env:
- name: DOMAIN - name: DOMAIN
value: https://passwords.alexlebens.dev value: https://passwords.alexlebens.dev
@@ -42,7 +44,7 @@ vaultwarden:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 30Mi memory: 128Mi
service: service:
main: main:
controller: main controller: main
@@ -50,12 +52,14 @@ vaultwarden:
http: http:
port: 80 port: 80
targetPort: 80 targetPort: 80
protocol: HTTP
persistence: persistence:
config: config:
forceRename: vaultwarden-data forceRename: vaultwarden-data
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 5Gi size: 5Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -74,12 +78,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 0 0 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-data: volsync-target-data:
pvcTarget: vaultwarden-data pvcTarget: vaultwarden-data
local: local:

1
clusters/cl01tl/helm/version-checker/Chart.yaml
View File

@@ -5,7 +5,6 @@ description: Version Checker
keywords: keywords:
- version-checker - version-checker
- update-tracker - update-tracker
- metrics
home: https://docs.alexlebens.dev/applications/version-checker/ home: https://docs.alexlebens.dev/applications/version-checker/
sources: sources:
- https://github.com/jetstack/version-checker - https://github.com/jetstack/version-checker

16
clusters/cl01tl/helm/version-checker/templates/service-monitor.yaml
View File

@@ -1,16 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: version-checker
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: version-checker
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
selector:
matchLabels:
app: version-checker
endpoints:
- port: web
path: /metrics

3
clusters/cl01tl/helm/version-checker/values.yaml
View File

@@ -10,7 +10,8 @@ version-checker:
resources: resources:
requests: requests:
cpu: 1m cpu: 1m
memory: 400Mi memory: 40Mi
prometheus: prometheus:
enabled: true enabled: true
replicas: 1
serviceAccountName: version-checker-prometheus serviceAccountName: version-checker-prometheus

6
clusters/cl01tl/helm/volsync/Chart.yaml
View File

@@ -5,10 +5,12 @@ description: Volsync
keywords: keywords:
- volsync - volsync
- backup - backup
home: https://docs.alexlebens.dev/applications/volsync/ - storage
- s3
- kubernetes
home: https://wiki.alexlebens.dev/s/6858726b-5219-46ee-b9b7-6e1f6c125f6b
sources: sources:
- https://github.com/backube/volsync - https://github.com/backube/volsync
- https://quay.io/repository/backube/volsync?tab=tags
- https://github.com/backube/volsync/tree/main/helm/volsync - https://github.com/backube/volsync/tree/main/helm/volsync
maintainers: maintainers:
- name: alexlebens - name: alexlebens

16
clusters/cl01tl/helm/volsync/values.yaml
View File

@@ -1,15 +1,15 @@
volsync: volsync:
replicaCount: 2 replicaCount: 2
image:
repository: quay.io/backube/volsync
tag: 0.15.0@sha256:4fedd41b3101dde090542009c4177f703d241bf4760d1767bd9df08fd8fd93a4
manageCRDs: true manageCRDs: true
metrics: metrics:
disableAuth: true disableAuth: true
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
resources: resources:
limits:
cpu: null
memory: null
requests: requests:
cpu: 1m cpu: 10m
memory: 80Mi memory: 128Mi

5
clusters/cl01tl/helm/whodb/Chart.yaml
View File

@@ -4,8 +4,9 @@ version: 1.0.0
description: WhoDB description: WhoDB
keywords: keywords:
- whodb - whodb
- database-dashboard - postgresql
home: https://docs.alexlebens.dev/applications/whodb/ - database
home: https://wiki.alexlebens.dev/s/f329e026-7ade-4a3c-a5f1-1ac1492b9786
sources: sources:
- https://github.com/clidey/whodb - https://github.com/clidey/whodb
- https://hub.docker.com/r/clidey/whodb - https://hub.docker.com/r/clidey/whodb

14
clusters/cl01tl/helm/whodb/values.yaml
View File

@@ -3,11 +3,13 @@ whodb:
main: main:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate
containers: containers:
main: main:
image: image:
repository: clidey/whodb repository: clidey/whodb
tag: 0.104.0@sha256:ab485c021b862aac50bb88658f3342ca01d3eba33e933353692bc9989b2912c4 tag: 0.104.0
pullPolicy: IfNotPresent
env: env:
- name: WHODB_OLLAMA_HOST - name: WHODB_OLLAMA_HOST
value: ollama-server-2.ollama value: ollama-server-2.ollama
@@ -15,8 +17,8 @@ whodb:
value: 11434 value: 11434
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 20Mi memory: 256Mi
service: service:
main: main:
controller: main controller: main
@@ -24,6 +26,7 @@ whodb:
http: http:
port: 80 port: 80
targetPort: 8080 targetPort: 8080
protocol: TCP
route: route:
main: main:
kind: HTTPRoute kind: HTTPRoute
@@ -36,8 +39,11 @@ whodb:
- whodb.alexlebens.net - whodb.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: whodb - group: ''
kind: Service
name: whodb
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix

8
clusters/cl01tl/helm/yamtrack/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2 version: 7.10.0
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0 version: 0.4.0
digest: sha256:473de03f0404ca8c53e85ea2a22797a8ba040102c6dca977face60f81f3130e4 digest: sha256:71da007e1cef75e45b1678caa51b0d2317cb8f4dfdf7df675d534194f03650aa
generated: "2026-04-07T20:57:56.63402-05:00" generated: "2026-03-15T20:11:03.591727143Z"

11
clusters/cl01tl/helm/yamtrack/Chart.yaml
View File

@@ -4,14 +4,15 @@ version: 1.0.0
description: Yamtrack description: Yamtrack
keywords: keywords:
- yamtrack - yamtrack
- media-tracking - media
home: https://docs.alexlebens.dev/applications/yamtrack/ - jellyfin
home: https://wiki.alexlebens.dev/s/74f31779-734e-42d0-852e-efd57ebdc797
sources: sources:
- https://github.com/FuzzyGrim/Yamtrack - https://github.com/FuzzyGrim/Yamtrack
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/FuzzyGrim/Yamtrack/pkgs/container/yamtrack - https://github.com/FuzzyGrim/Yamtrack/pkgs/container/yamtrack
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -21,11 +22,11 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.11.2 version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey alias: valkey
version: 0.5.0 version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/yamtrack.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/yamtrack.png
# renovate: datasource=github-releases depName=FuzzyGrim/Yamtrack # renovate: datasource=github-releases depName=FuzzyGrim/Yamtrack

6
clusters/cl01tl/helm/yamtrack/templates/external-secret.yaml
View File

@@ -14,7 +14,10 @@ spec:
data: data:
- secretKey: SECRET - secretKey: SECRET
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/yamtrack/config key: /cl01tl/yamtrack/config
metadataPolicy: None
property: SECRET property: SECRET
--- ---
@@ -34,5 +37,8 @@ spec:
data: data:
- secretKey: SOCIALACCOUNT_PROVIDERS - secretKey: SOCIALACCOUNT_PROVIDERS
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/yamtrack key: /authentik/oidc/yamtrack
metadataPolicy: None
property: SOCIALACCOUNT_PROVIDERS property: SOCIALACCOUNT_PROVIDERS

37
clusters/cl01tl/helm/yamtrack/values.yaml
View File

@@ -4,14 +4,16 @@ yamtrack:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: ghcr.io/fuzzygrim/yamtrack repository: ghcr.io/fuzzygrim/yamtrack
tag: 0.25.0@sha256:df76008258452a6cda73d971dc4ffbcbca96c5220154a02c9b70bf0bb0e24931 tag: 0.25.0
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: America/Chicago value: US/Central
- name: URLS - name: URLS
value: https://yamtrack.alexlebens.net value: https://yamtrack.alexlebens.net
- name: REGISTRATION - name: REGISTRATION
@@ -58,7 +60,7 @@ yamtrack:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 380Mi memory: 256Mi
service: service:
main: main:
controller: main controller: main
@@ -66,6 +68,7 @@ yamtrack:
http: http:
port: 80 port: 80
targetPort: 8000 targetPort: 8000
protocol: HTTP
route: route:
main: main:
kind: HTTPRoute kind: HTTPRoute
@@ -78,8 +81,11 @@ yamtrack:
- yamtrack.alexlebens.net - yamtrack.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: yamtrack - group: ''
kind: Service
name: yamtrack
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -97,9 +103,32 @@ postgres-18-cluster:
destinationBucket: postgres-backups destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 10 16 * * *" schedule: "0 10 16 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external

5
clusters/cl01tl/helm/yubal/Chart.yaml
View File

@@ -5,11 +5,11 @@ description: yubal
keywords: keywords:
- yubal - yubal
- music - music
home: https://docs.alexlebens.dev/applications/yamtrack/ - youtube
home: https://wiki.alexlebens.dev/s/
sources: sources:
- https://github.com/guillevc/yubal - https://github.com/guillevc/yubal
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -21,6 +21,5 @@ dependencies:
alias: volsync-target-config alias: volsync-target-config
version: 0.8.0 version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/yubal.png
# renovate: datasource=github-releases depName=guillevc/yubal # renovate: datasource=github-releases depName=guillevc/yubal
appVersion: v0.7.2 appVersion: v0.7.2

42
clusters/cl01tl/helm/yubal/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,42 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: yubal-wireguard-conf
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: yubal-wireguard-conf
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: private-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: preshared-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: preshared-key
- secretKey: addresses
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports

11
clusters/cl01tl/helm/yubal/templates/namespace.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: Namespace
metadata:
name: yubal
labels:
app.kubernetes.io/name: yubal
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

12
clusters/cl01tl/helm/yubal/values.yaml
View File

@@ -4,17 +4,18 @@ yubal:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
pod: pod:
securityContext: securityContext:
runAsUser: 1000 runAsUser: 1000
runAsGroup: 1000 runAsGroup: 1000
fsGroup: 1000 fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers: containers:
main: main:
image: image:
repository: ghcr.io/guillevc/yubal repository: ghcr.io/guillevc/yubal
tag: 0.7.2@sha256:906b7c90b738e77ad140178f6a5145f98c12af36e8321d427148c092836c37be tag: 0.7.2@sha256:906b7c90b738e77ad140178f6a5145f98c12af36e8321d427148c092836c37be
pullPolicy: IfNotPresent
env: env:
- name: YUBAL_TZ - name: YUBAL_TZ
value: America/Chicago value: America/Chicago
@@ -27,7 +28,7 @@ yubal:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 200Mi memory: 128Mi
service: service:
main: main:
controller: main controller: main
@@ -35,6 +36,7 @@ yubal:
http: http:
port: 80 port: 80
targetPort: 8000 targetPort: 8000
protocol: HTTP
route: route:
main: main:
kind: HTTPRoute kind: HTTPRoute
@@ -47,8 +49,11 @@ yubal:
- yubal.alexlebens.net - yubal.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: yubal - group: ''
kind: Service
name: yubal
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -59,6 +64,7 @@ yubal:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 1Gi size: 1Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:

2
hosts/ps08rp/blocky/compose.yaml
View File

@@ -1,7 +1,7 @@
--- ---
services: services:
tailscale-blocky: tailscale-blocky:
image: ghcr.io/tailscale/tailscale:v1.96.5@sha256:dbeff02d2337344b351afac203427218c4d0a06c43fc10a865184063498472a6 image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
container_name: tailscale-blocky container_name: tailscale-blocky
cap_add: cap_add:
- net_admin - net_admin

2
hosts/ps08rp/blocky/config.yml
View File

@@ -86,6 +86,7 @@ customDNS:
bazarr IN CNAME traefik-cl01tl bazarr IN CNAME traefik-cl01tl
ceph IN CNAME traefik-cl01tl ceph IN CNAME traefik-cl01tl
dawarich IN CNAME traefik-cl01tl dawarich IN CNAME traefik-cl01tl
dependency-track IN CNAME traefik-cl01tl
directus IN CNAME traefik-cl01tl directus IN CNAME traefik-cl01tl
excalidraw IN CNAME traefik-cl01tl excalidraw IN CNAME traefik-cl01tl
feishin IN CNAME traefik-cl01tl feishin IN CNAME traefik-cl01tl
@@ -108,7 +109,6 @@ customDNS:
jellystat IN CNAME traefik-cl01tl jellystat IN CNAME traefik-cl01tl
kiwix IN CNAME traefik-cl01tl kiwix IN CNAME traefik-cl01tl
komodo IN CNAME traefik-cl01tl komodo IN CNAME traefik-cl01tl
kyoo IN CNAME traefik-cl01tl
languagetool IN CNAME traefik-cl01tl languagetool IN CNAME traefik-cl01tl
lidarr IN CNAME traefik-cl01tl lidarr IN CNAME traefik-cl01tl
mail IN CNAME traefik-cl01tl mail IN CNAME traefik-cl01tl

2
hosts/ps08rp/traefik/compose.yaml
View File

@@ -1,7 +1,7 @@
--- ---
services: services:
traefik: traefik:
image: ghcr.io/traefik/traefik:v3.6.13@sha256:abb4f51887319c9b9d9cfe1d3cdf9379a771138003bf683f10e97697e148f95f image: ghcr.io/traefik/traefik:v3.6.12@sha256:171c9c3565b29f6c133f1c1b43c5d4e5853415198e9e1078c001f8702ff66aec
container_name: traefik container_name: traefik
command: command:
- "--global.checkNewVersion=false" - "--global.checkNewVersion=false"

2
hosts/ps09rp/blocky/compose.yaml
View File

@@ -1,7 +1,7 @@
--- ---
services: services:
tailscale-blocky: tailscale-blocky:
image: ghcr.io/tailscale/tailscale:v1.96.5@sha256:dbeff02d2337344b351afac203427218c4d0a06c43fc10a865184063498472a6 image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
container_name: tailscale-blocky container_name: tailscale-blocky
cap_add: cap_add:
- net_admin - net_admin

2
hosts/ps09rp/blocky/config.yml
View File

@@ -107,6 +107,7 @@ customDNS:
bazarr IN CNAME traefik-cl01tl bazarr IN CNAME traefik-cl01tl
ceph IN CNAME traefik-cl01tl ceph IN CNAME traefik-cl01tl
dawarich IN CNAME traefik-cl01tl dawarich IN CNAME traefik-cl01tl
dependency-track IN CNAME traefik-cl01tl
directus IN CNAME traefik-cl01tl directus IN CNAME traefik-cl01tl
excalidraw IN CNAME traefik-cl01tl excalidraw IN CNAME traefik-cl01tl
feishin IN CNAME traefik-cl01tl feishin IN CNAME traefik-cl01tl
@@ -129,7 +130,6 @@ customDNS:
jellystat IN CNAME traefik-cl01tl jellystat IN CNAME traefik-cl01tl
kiwix IN CNAME traefik-cl01tl kiwix IN CNAME traefik-cl01tl
komodo IN CNAME traefik-cl01tl komodo IN CNAME traefik-cl01tl
kyoo IN CNAME traefik-cl01tl
languagetool IN CNAME traefik-cl01tl languagetool IN CNAME traefik-cl01tl
lidarr IN CNAME traefik-cl01tl lidarr IN CNAME traefik-cl01tl
mail IN CNAME traefik-cl01tl mail IN CNAME traefik-cl01tl

2
hosts/ps09rp/traefik/compose.yaml
View File

@@ -1,7 +1,7 @@
--- ---
services: services:
traefik: traefik:
image: ghcr.io/traefik/traefik:v3.6.13@sha256:abb4f51887319c9b9d9cfe1d3cdf9379a771138003bf683f10e97697e148f95f image: ghcr.io/traefik/traefik:v3.6.12@sha256:171c9c3565b29f6c133f1c1b43c5d4e5853415198e9e1078c001f8702ff66aec
container_name: traefik container_name: traefik
command: command:
- "--global.checkNewVersion=false" - "--global.checkNewVersion=false"

2
hosts/ps10rp/blocky/compose.yaml
View File

@@ -1,7 +1,7 @@
--- ---
services: services:
tailscale-blocky: tailscale-blocky:
image: ghcr.io/tailscale/tailscale:v1.96.5@sha256:dbeff02d2337344b351afac203427218c4d0a06c43fc10a865184063498472a6 image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
container_name: tailscale-blocky container_name: tailscale-blocky
cap_add: cap_add:
- net_admin - net_admin

4
hosts/ps10rp/garage/compose.yaml
View File

@@ -1,6 +1,6 @@
services: services:
tailscale-garage: tailscale-garage:
image: ghcr.io/tailscale/tailscale:v1.96.5@sha256:dbeff02d2337344b351afac203427218c4d0a06c43fc10a865184063498472a6 image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
container_name: tailscale-garage container_name: tailscale-garage
cap_add: cap_add:
- net_admin - net_admin
@@ -20,7 +20,7 @@ services:
- /dev/net/tun:/dev/net/tun - /dev/net/tun:/dev/net/tun
tailscale-garage-ui: tailscale-garage-ui:
image: ghcr.io/tailscale/tailscale:v1.96.5@sha256:dbeff02d2337344b351afac203427218c4d0a06c43fc10a865184063498472a6 image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
container_name: tailscale-garage-ui container_name: tailscale-garage-ui
cap_add: cap_add:
- net_admin - net_admin

Some files were not shown because too many files have changed in this diff Show More