alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Activity

Compare commits

base: alexlebens:main
Branches Tags
alexlebens:main alexlebens:renovate/unified-dock.mau.devmautrixwhatsapp alexlebens:renovate/unified-cilium alexlebens:manifests
..
compare: alexlebens:136490eaf9e32e879354104552ed1f741304e5c7
Branches Tags
alexlebens:renovate/unified-dock.mau.devmautrixwhatsapp alexlebens:renovate/unified-cilium alexlebens:main alexlebens:manifests

1 Commits
main ... 136490eaf9

Author SHA1 Message Date
Renovate Bot
136490eaf9 chore(deps): update dependency immich-app/immich to v2.6.1
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 47s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 48s
Details
2026-03-20 00:14:40 +00:00
193 changed files with 1545 additions and 1552 deletions
Expand all files Collapse all files

8
.gitea/workflows/lint-test-docker.yaml
View File

@@ -21,14 +21,14 @@ jobs:
runs-on: ubuntu-js runs-on: ubuntu-js
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@v6
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Check Branch Exists - name: Check Branch Exists
id: check-branch-exists id: check-branch-exists
if: github.event_name == 'pull_request' if: github.event_name == 'pull_request'
uses: GuillaumeFalourd/branch-exists@650358876c774d6ccbd581b5553eb636dab79a97 # v1.2 uses: GuillaumeFalourd/branch-exists@v1.1
with: with:
branch: "${{ github.base_ref }}" branch: "${{ github.base_ref }}"
@@ -51,7 +51,7 @@ jobs:
- name: Set Up Node.js - name: Set Up Node.js
if: steps.branch-exists.outputs.exists == 'true' if: steps.branch-exists.outputs.exists == 'true'
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 uses: actions/setup-node@v6
with: with:
node-version: '24' node-version: '24'
@@ -120,7 +120,7 @@ jobs:
echo "----" echo "----"
- name: ntfy Failed - name: ntfy Failed
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master uses: niniyas/ntfy-action@master
if: failure() if: failure()
with: with:
url: '${{ secrets.NTFY_URL }}' url: '${{ secrets.NTFY_URL }}'

18
.gitea/workflows/lint-test-helm.yaml
View File

@@ -28,14 +28,14 @@ jobs:
changes-detected: ${{ steps.check-dir-changes.outputs.changes-detected }} changes-detected: ${{ steps.check-dir-changes.outputs.changes-detected }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@v6
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Check Branch Exists - name: Check Branch Exists
id: check-branch-exists id: check-branch-exists
if: github.event_name == 'pull_request' if: github.event_name == 'pull_request'
uses: GuillaumeFalourd/branch-exists@650358876c774d6ccbd581b5553eb636dab79a97 # v1.2 uses: GuillaumeFalourd/branch-exists@v1.1
with: with:
branch: ${{ github.base_ref }} branch: ${{ github.base_ref }}
@@ -58,7 +58,7 @@ jobs:
- name: Set Up Helm - name: Set Up Helm
if: steps.branch-exists.outputs.exists == 'true' if: steps.branch-exists.outputs.exists == 'true'
uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5 uses: azure/setup-helm@v4
with: with:
token: ${{ secrets.GITEA_TOKEN }} token: ${{ secrets.GITEA_TOKEN }}
# renovate: datasource=github-releases depName=helm/helm # renovate: datasource=github-releases depName=helm/helm
@@ -67,7 +67,7 @@ jobs:
- name: Cache Helm Dependencies - name: Cache Helm Dependencies
if: steps.branch-exists.outputs.exists == 'true' if: steps.branch-exists.outputs.exists == 'true'
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 uses: actions/cache@v5
with: with:
path: | path: |
~/.cache/helm ~/.cache/helm
@@ -209,7 +209,7 @@ jobs:
exit $EXIT_CODE exit $EXIT_CODE
- name: ntfy Failed - name: ntfy Failed
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master uses: niniyas/ntfy-action@master
if: failure() if: failure()
with: with:
url: '${{ secrets.NTFY_URL }}' url: '${{ secrets.NTFY_URL }}'
@@ -232,7 +232,7 @@ jobs:
github.event_name == 'pull_request' github.event_name == 'pull_request'
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@v6
with: with:
fetch-depth: 0 fetch-depth: 0
@@ -257,7 +257,7 @@ jobs:
echo "----" echo "----"
- name: Set Up Helm - name: Set Up Helm
uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5 uses: azure/setup-helm@v4
with: with:
token: ${{ secrets.GITEA_TOKEN }} token: ${{ secrets.GITEA_TOKEN }}
# renovate: datasource=github-releases depName=helm/helm # renovate: datasource=github-releases depName=helm/helm
@@ -265,7 +265,7 @@ jobs:
cache: true cache: true
- name: Cache Helm Dependencies - name: Cache Helm Dependencies
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 uses: actions/cache@v5
with: with:
path: | path: |
~/.cache/helm ~/.cache/helm
@@ -352,7 +352,7 @@ jobs:
exit $EXIT_CODE exit $EXIT_CODE
- name: ntfy Failed - name: ntfy Failed
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master uses: niniyas/ntfy-action@master
if: failure() if: failure()
with: with:
url: '${{ secrets.NTFY_URL }}' url: '${{ secrets.NTFY_URL }}'

18
.gitea/workflows/render-manifests.yaml
View File

@@ -31,32 +31,32 @@ jobs:
(github.event_name == 'pull_request' && github.event.pull_request.merged == true) (github.event_name == 'pull_request' && github.event.pull_request.merged == true)
steps: steps:
- name: Checkout Main - name: Checkout Main
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@v6
with: with:
path: infrastructure path: infrastructure
fetch-depth: 0 fetch-depth: 0
- name: Checkout Manifests - name: Checkout Manifests
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@v6
with: with:
ref: manifests ref: manifests
path: infrastructure-manifests path: infrastructure-manifests
- name: Set Up Helm - name: Set Up Helm
uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5 uses: azure/setup-helm@v4
with: with:
token: ${{ secrets.GITEA_TOKEN }} token: ${{ secrets.GITEA_TOKEN }}
version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743 version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
cache: true cache: true
- name: Configure Kubeconfig - name: Configure Kubeconfig
uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4 uses: azure/k8s-set-context@v4
with: with:
method: kubeconfig method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }} kubeconfig: ${{ secrets.KUBECONFIG }}
- name: Cache Helm Dependencies - name: Cache Helm Dependencies
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 uses: actions/cache@v5
with: with:
path: | path: |
~/.cache/helm ~/.cache/helm
@@ -568,7 +568,7 @@ jobs:
echo "----" echo "----"
- name: ntfy Created - name: ntfy Created
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master uses: niniyas/ntfy-action@master
if: steps.create-pull-request.outputs.pull-request-operation == 'created' && steps.mode.outputs.is-automerge == 'false' if: steps.create-pull-request.outputs.pull-request-operation == 'created' && steps.mode.outputs.is-automerge == 'false'
with: with:
url: "${{ secrets.NTFY_URL }}" url: "${{ secrets.NTFY_URL }}"
@@ -582,7 +582,7 @@ jobs:
actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]' actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]'
- name: ntfy Updated - name: ntfy Updated
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master uses: niniyas/ntfy-action@master
if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-request.outputs.pull-request-exists != 'false' && steps.mode.outputs.is-automerge == 'false' if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-request.outputs.pull-request-exists != 'false' && steps.mode.outputs.is-automerge == 'false'
with: with:
url: "${{ secrets.NTFY_URL }}" url: "${{ secrets.NTFY_URL }}"
@@ -596,7 +596,7 @@ jobs:
actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]' actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]'
- name: ntfy Merged - name: ntfy Merged
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master uses: niniyas/ntfy-action@master
if: steps.merge-changes.outputs.pull-request-operation == 'merged' if: steps.merge-changes.outputs.pull-request-operation == 'merged'
with: with:
url: "${{ secrets.NTFY_URL }}" url: "${{ secrets.NTFY_URL }}"
@@ -610,7 +610,7 @@ jobs:
actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]' actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]'
- name: ntfy Failed - name: ntfy Failed
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master uses: niniyas/ntfy-action@master
if: failure() if: failure()
with: with:
url: "${{ secrets.NTFY_URL }}" url: "${{ secrets.NTFY_URL }}"

6
.gitea/workflows/renovate.yaml
View File

@@ -13,10 +13,10 @@ on:
jobs: jobs:
renovate: renovate:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: ghcr.io/renovatebot/renovate:43.92.0@sha256:fc36479074628689b956475db381a71e4c7f85904e83009fe5e29ec3f1eee1d0 container: ghcr.io/renovatebot/renovate:43
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@v6
- name: Renovate - name: Renovate
run: renovate run: renovate
@@ -25,7 +25,7 @@ jobs:
RENOVATE_ENDPOINT: ${{ vars.INSTANCE_URL }} RENOVATE_ENDPOINT: ${{ vars.INSTANCE_URL }}
RENOVATE_REPOSITORIES: alexlebens/infrastructure RENOVATE_REPOSITORIES: alexlebens/infrastructure
RENOVATE_GIT_AUTHOR: Renovate Bot <renovate-bot@alexlebens.net> RENOVATE_GIT_AUTHOR: Renovate Bot <renovate-bot@alexlebens.net>
LOG_LEVEL: debug LOG_LEVEL: info
RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }} RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
RENOVATE_GIT_PRIVATE_KEY: ${{ secrets.RENOVATE_GIT_PRIVATE_KEY }} RENOVATE_GIT_PRIVATE_KEY: ${{ secrets.RENOVATE_GIT_PRIVATE_KEY }}
RENOVATE_GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_COM_TOKEN }} RENOVATE_GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_COM_TOKEN }}

3
clusters/cl01tl/helm/actual/Chart.yaml
View File

@@ -5,12 +5,11 @@ description: Actual
keywords: keywords:
- actual - actual
- budget - budget
home: https://docs.alexlebens.dev/applications/actual/ home: https://wiki.alexlebens.dev/s/86192f45-94b7-45de-872c-6ef3fec7df5e
sources: sources:
- https://github.com/actualbudget/actual - https://github.com/actualbudget/actual
- https://github.com/actualbudget/actual/pkgs/container/actual - https://github.com/actualbudget/actual/pkgs/container/actual
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:

16
clusters/cl01tl/helm/actual/values.yaml
View File

@@ -4,18 +4,20 @@ actual:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: ghcr.io/actualbudget/actual repository: ghcr.io/actualbudget/actual
tag: 26.3.0@sha256:eb8bc26f53025e07e464594c12d77c52c4b95840c8dadd9b95c4f0c4660f8ad2 tag: 26.3.0
pullPolicy: IfNotPresent
env: env:
- name: ACTUAL_PORT - name: TZ
value: 5006 value: US/Central
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 50Mi memory: 128Mi
probes: probes:
liveness: liveness:
enabled: true enabled: true
@@ -52,8 +54,11 @@ actual:
- actual.alexlebens.net - actual.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: actual - group: ''
kind: Service
name: actual
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -64,6 +69,7 @@ actual:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 2Gi size: 2Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:

6
clusters/cl01tl/helm/argo-workflows/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies: dependencies:
- name: argo-workflows - name: argo-workflows
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
version: 1.0.6 version: 1.0.3
- name: argo-events - name: argo-events
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
version: 2.4.21 version: 2.4.21
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0 version: 7.10.0
digest: sha256:5635bfe609d8a901df257ef3e6cb469396a21bdd4c6f96e7e33f84036019c52b digest: sha256:4c857612f12f288dcbf6903df58ac708dcbc051e5f17e94ecd0cadc41b9c32bd
generated: "2026-03-24T16:59:01.228848139Z" generated: "2026-03-19T04:33:30.206516151Z"

10
clusters/cl01tl/helm/argo-workflows/Chart.yaml
View File

@@ -7,18 +7,18 @@ keywords:
- argo-events - argo-events
- workflows - workflows
- events - events
home: https://docs.alexlebens.dev/applications/argo-workflows/ home: https://wiki.alexlebens.dev/s/a268508f-d81d-4b4b-8bd5-9058edaea635
sources: sources:
- https://github.com/argoproj/argo-workflows - https://github.com/argoproj/argo-workflows
- https://github.com/argoproj/argo-events - https://github.com/argoproj/argo-events
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-workflows - https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-events - https://github.com/argoproj/argo-helm/tree/main/charts
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: argo-workflows - name: argo-workflows
version: 1.0.6 version: 1.0.3
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
- name: argo-events - name: argo-events
version: 2.4.21 version: 2.4.21
@@ -29,4 +29,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-workflows # renovate: datasource=github-releases depName=argoproj/argo-workflows
appVersion: v4.0.3 appVersion: v4.0.2

6
clusters/cl01tl/helm/argo-workflows/templates/external-secret.yaml
View File

@@ -14,9 +14,15 @@ spec:
data: data:
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/argo-workflows key: /authentik/oidc/argo-workflows
metadataPolicy: None
property: secret property: secret
- secretKey: client - secretKey: client
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/argo-workflows key: /authentik/oidc/argo-workflows
metadataPolicy: None
property: client property: client

28
clusters/cl01tl/helm/argo-workflows/templates/http-route.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: argo-workflows
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: argo-workflows
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- argo-workflows.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: argo-workflows-server
port: 2746
weight: 100

72
clusters/cl01tl/helm/argo-workflows/values.yaml
View File

@@ -2,6 +2,8 @@ argo-workflows:
crds: crds:
install: true install: true
keep: true keep: true
# -- Use full CRDs with complete OpenAPI schemas. When false, uses minified CRDs with x-kubernetes-preserve-unknown-fields.
# Full CRDs are very large and are installed via a pre-install/pre-upgrade hook Job that uses server-side apply.
full: true full: true
upgradeJob: upgradeJob:
image: image:
@@ -11,6 +13,11 @@ argo-workflows:
metricsConfig: metricsConfig:
enabled: true enabled: true
persistence: persistence:
connectionPool:
maxIdleConns: 100
maxOpenConns: 0
nodeStatusOffLoad: true
archive: true
postgresql: postgresql:
host: argo-workflows-postgresql-18-cluster-rw host: argo-workflows-postgresql-18-cluster-rw
port: 5432 port: 5432
@@ -25,34 +32,24 @@ argo-workflows:
ssl: false ssl: false
sslMode: disable sslMode: disable
workflowWorkers: 2 workflowWorkers: 2
workflowTTLWorkers: 2 workflowTTLWorkers: 1
podCleanupWorkers: 2 podCleanupWorkers: 1
cronWorkflowWorkers: 2 cronWorkflowWorkers: 1
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 20Mi memory: 128Mi
serviceMonitor: serviceMonitor:
enabled: true enabled: true
name: workflow-controller
workflowNamespaces: workflowNamespaces:
- argocd
- argo-workflows - argo-workflows
server: server:
authModes: authModes:
- sso - sso
httproute: ingress:
enabled: true enabled: false
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- argo-workflows.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
sso: sso:
enabled: true enabled: true
issuer: https://authentik.alexlebens.net/application/o/argo-workflows/ issuer: https://authentik.alexlebens.net/application/o/argo-workflows/
@@ -69,15 +66,15 @@ argo-workflows:
- openid - openid
- email - email
- profile - profile
useStaticCredentials: true
artifactRepository:
archiveLogs: false
argo-events: argo-events:
crds:
install: true
keep: true
controller: controller:
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 32Mi memory: 128Mi
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
@@ -86,8 +83,8 @@ argo-events:
enabled: true enabled: true
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 20Mi memory: 128Mi
postgres-18-cluster: postgres-18-cluster:
mode: recovery mode: recovery
recovery: recovery:
@@ -101,9 +98,32 @@ postgres-18-cluster:
destinationBucket: postgres-backups destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 0 14 * * *" schedule: "0 0 14 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external

6
clusters/cl01tl/helm/argocd/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: argo-cd - name: argo-cd
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
version: 9.4.16 version: 9.4.14
digest: sha256:f9ecc47369d4401df61c17f55cc59c9b2d4543f57cf122653abb1a27a4f7bf35 digest: sha256:0d80c03a05176d53cc8ec94da32ef2cb5fccafc76b1648c0e4e1288515ba0824
generated: "2026-03-26T21:01:52.678525211Z" generated: "2026-03-19T04:27:11.289046913Z"

8
clusters/cl01tl/helm/argocd/Chart.yaml
View File

@@ -4,8 +4,10 @@ version: 1.0.0
description: Argo CD description: Argo CD
keywords: keywords:
- argo-cd - argo-cd
- delivery
- deployment - deployment
home: https://docs.alexlebens.dev/applications/argo-cd/ - gitops
home: https://wiki.alexlebens.dev/s/8a75cf26-b9df-437e-9cc5-2ef47e871a5f
sources: sources:
- https://github.com/argoproj/argo-cd - https://github.com/argoproj/argo-cd
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
@@ -13,8 +15,8 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: argo-cd - name: argo-cd
version: 9.4.16 version: 9.4.14
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-cd # renovate: datasource=github-releases depName=argoproj/argo-cd
appVersion: v3.3.5 appVersion: v3.3.4

18
clusters/cl01tl/helm/argocd/templates/external-secret.yaml
View File

@@ -14,11 +14,17 @@ spec:
data: data:
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/argocd key: /authentik/oidc/argocd
metadataPolicy: None
property: secret property: secret
- secretKey: client - secretKey: client
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/argocd key: /authentik/oidc/argocd
metadataPolicy: None
property: client property: client
--- ---
@@ -38,7 +44,10 @@ spec:
data: data:
- secretKey: ntfy-token - secretKey: ntfy-token
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /ntfy/user/cl01tl key: /ntfy/user/cl01tl
metadataPolicy: None
property: token property: token
--- ---
@@ -58,13 +67,22 @@ spec:
data: data:
- secretKey: type - secretKey: type
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/argocd/credentials/repo/infrastructure key: /cl01tl/argocd/credentials/repo/infrastructure
metadataPolicy: None
property: type property: type
- secretKey: url - secretKey: url
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/argocd/credentials/repo/infrastructure key: /cl01tl/argocd/credentials/repo/infrastructure
metadataPolicy: None
property: url property: url
- secretKey: sshPrivateKey - secretKey: sshPrivateKey
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/argocd/credentials/repo/infrastructure key: /cl01tl/argocd/credentials/repo/infrastructure
metadataPolicy: None
property: sshPrivateKey property: sshPrivateKey

146
clusters/cl01tl/helm/argocd/values.yaml
View File

@@ -1,11 +1,12 @@
argo-cd: argo-cd:
crds: crds:
install: true install: true
keep: true
configs: configs:
cm: cm:
admin.enabled: true admin.enabled: true
accounts.homepage: apiKey accounts.homepage: apiKey
timeout.reconciliation: 100s
timeout.reconciliation.jitter: 60s
url: https://argocd.alexlebens.net url: https://argocd.alexlebens.net
statusbadge.url: https://argocd.alexlebens.net/ statusbadge.url: https://argocd.alexlebens.net/
statusbadge.enabled: true statusbadge.enabled: true
@@ -32,53 +33,12 @@ argo-cd:
g, homepage, role:readonly g, homepage, role:readonly
controller: controller:
replicas: 1 replicas: 1
resources:
requests:
cpu: 100m
memory: 1Gi
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 60
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
enabled: true enabled: true
rules:
enabled: true
spec:
- alert: ArgoAppMissing
expr: |
absent(argocd_app_info) == 1
for: 15m
labels:
severity: critical
annotations:
summary: "[Argo CD] No reported applications"
description: >
Argo CD has not reported any applications data for the past 15 minutes which
means that it must be down or not functioning properly. This needs to be
resolved for this cloud to continue to maintain state.
- alert: ArgoAppNotSynced
expr: |
argocd_app_info{sync_status!="Synced"} == 1
for: 12h
labels:
severity: warning
annotations:
summary: "[{{`{{$labels.name}}`}}] Application not synchronized"
description: >
The application [{{`{{$labels.name}}`}} has not been synchronized for over
12 hours which means that the state of this cloud has drifted away from the
state inside Git.
dex: dex:
enabled: true enabled: true
resources:
requests:
cpu: 1m
memory: 64Mi
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
@@ -89,57 +49,20 @@ argo-cd:
enabled: true enabled: true
redis-ha: redis-ha:
enabled: true enabled: true
image:
repository: redis
tag: 8.6.2-alpine@sha256:81b6f81d6a6c5b9019231a2e8eb10085e3a139a34f833dcc965a8a959b040b72
persistentVolume:
enabled: true
redis:
resources:
requests:
cpu: 1000m
memory: 50Mi
haproxy:
enabled: true
image:
repository: haproxy
tag: 3.3.6-alpine@sha256:744be2dca649a44d490a4c565d36968d19482dd387f1bdd44c168f4322bc6b1e
resources:
requests:
cpu: 5m
memory: 90Mi
metrics:
enabled: true
serviceMonitor:
enabled: true
exporter:
enabled: true
image: ghcr.io/oliver006/redis_exporter
tag: v1.82.0@sha256:6a97d4dd743b533e1f950c677b87d880e44df363c61af3f406fc9e53ed65ee03
serviceMonitor:
enabled: true
prometheusRule:
enabled: true
interval: 30s
rules:
- alert: RedisPodDown
expr: |
redis_up{job="{{ include "redis-ha.fullname" . }}"} == 0
for: 5m
labels:
severity: critical
annotations:
description: Redis pod {{ "{{ $labels.pod }}" }} is down
summary: Redis pod {{ "{{ $labels.pod }}" }} is down
auth: false auth: false
redisSecretInit: redisSecretInit:
enabled: false enabled: false
server: server:
replicas: 2 replicas: 2
resources: extensions:
requests: enabled: true
cpu: 20m extensionList:
memory: 80Mi - name: extension-trivy
env:
- name: EXTENSION_URL
value: https://github.com/mziyabo/argocd-trivy-extension/releases/download/v0.2.0/extension-trivy.tar
- name: EXTENSION_CHECKSUM_URL
value: https://github.com/mziyabo/argocd-trivy-extension/releases/download/v0.2.0/extension-trivy_checksums.txt
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
@@ -153,55 +76,30 @@ argo-cd:
namespace: traefik namespace: traefik
hostnames: hostnames:
- argocd.alexlebens.net - argocd.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
repoServer: repoServer:
replicas: 2 replicas: 2
resources:
requests:
cpu: 1m
memory: 50Mi
readinessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 60
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
livenessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 60
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
enabled: true enabled: true
applicationSet: applicationSet:
replicas: 2 replicas: 2
resources:
requests:
cpu: 10m
memory: 50Mi
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
enabled: true enabled: true
readinessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 60
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
livenessProbe: livenessProbe:
enabled: true enabled: true
failureThreshold: 3 readinessProbe:
initialDelaySeconds: 60 enabled: true
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
notifications: notifications:
enabled: true
context:
argocdUrl: https://argocd.alexlebens.net argocdUrl: https://argocd.alexlebens.net
secret: secret:
create: false create: false
@@ -216,10 +114,6 @@ argo-cd:
headers: headers:
- name: Authorization - name: Authorization
value: Bearer $ntfy-token value: Bearer $ntfy-token
resources:
requests:
cpu: 2m
memory: 50Mi
livenessProbe: livenessProbe:
enabled: true enabled: true
readinessProbe: readinessProbe:

5
clusters/cl01tl/helm/audiobookshelf/Chart.yaml
View File

@@ -7,14 +7,11 @@ keywords:
- books - books
- podcasts - podcasts
- audiobooks - audiobooks
home: https://docs.alexlebens.dev/applications/audiobookshelf/ home: https://wiki.alexlebens.dev/s/d4d6719f-cd1c-4b6e-b78e-2d2d7a5097d7
sources: sources:
- https://github.com/advplyr/audiobookshelf - https://github.com/advplyr/audiobookshelf
- https://github.com/caronc/apprise
- https://github.com/advplyr/audiobookshelf/pkgs/container/audiobookshelf - https://github.com/advplyr/audiobookshelf/pkgs/container/audiobookshelf
- https://github.com/caronc/apprise-api/pkgs/container/apprise
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:

3
clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml
View File

@@ -14,5 +14,8 @@ spec:
data: data:
- secretKey: ntfy-url - secretKey: ntfy-url
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/audiobookshelf/apprise key: /cl01tl/audiobookshelf/apprise
metadataPolicy: None
property: ntfy-url property: ntfy-url

32
clusters/cl01tl/helm/audiobookshelf/values.yaml
View File

@@ -4,29 +4,28 @@ audiobookshelf:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
pod: revisionHistoryLimit: 3
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers: containers:
main: main:
image: image:
repository: ghcr.io/advplyr/audiobookshelf repository: ghcr.io/advplyr/audiobookshelf
tag: 2.33.1@sha256:a4a5841bba093d81e5f4ad1eaedb4da3fda6dbb2528c552349da50ad1f7ae708 tag: 2.33.1
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: America/Chicago value: US/Central
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 200Mi memory: 128Mi
apprise-api: apprise-api:
image: image:
repository: ghcr.io/caronc/apprise repository: caronc/apprise
tag: v1.3.3@sha256:4bfeac268ba87b8e08e308c9aa0182fe99e9501ec464027afc333d1634e65977 tag: v1.3.2
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: America/Chicago value: US/Central
- name: PGID - name: PGID
value: "1000" value: "1000"
- name: PUID - name: PUID
@@ -42,6 +41,10 @@ audiobookshelf:
secretKeyRef: secretKeyRef:
name: audiobookshelf-apprise-config name: audiobookshelf-apprise-config
key: ntfy-url key: ntfy-url
resources:
requests:
cpu: 10m
memory: 128Mi
service: service:
main: main:
controller: main controller: main
@@ -79,8 +82,11 @@ audiobookshelf:
- audiobookshelf.alexlebens.net - audiobookshelf.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: audiobookshelf - group: ''
kind: Service
name: audiobookshelf
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -91,6 +97,7 @@ audiobookshelf:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 2Gi size: 2Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -101,6 +108,7 @@ audiobookshelf:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 10Gi size: 10Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:

7
clusters/cl01tl/helm/authentik/Chart.yaml
View File

@@ -6,14 +6,17 @@ keywords:
- authentik - authentik
- sso - sso
- oidc - oidc
- ldap
- idp
- authentication - authentication
home: https://docs.alexlebens.dev/applications/authentik/ home: https://wiki.alexlebens.dev/s/45ca5171-581f-41d2-b6fb-2b0915029a2d
sources: sources:
- https://github.com/goauthentik/authentik - https://github.com/goauthentik/authentik
- https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/goauthentik/helm - https://github.com/goauthentik/helm
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:

3
clusters/cl01tl/helm/authentik/templates/external-secret.yaml
View File

@@ -14,5 +14,8 @@ spec:
data: data:
- secretKey: key - secretKey: key
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/authentik/key key: /cl01tl/authentik/key
metadataPolicy: None
property: key property: key

63
clusters/cl01tl/helm/authentik/values.yaml
View File

@@ -30,23 +30,8 @@ authentik:
redis: redis:
host: authentik-valkey host: authentik-valkey
server: server:
replicas: 2 name: server
resources: replicas: 1
requests:
cpu: 20m
memory: 700Mi
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 15
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 15
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
@@ -54,6 +39,8 @@ authentik:
route: route:
main: main:
enabled: true enabled: true
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
hostnames: hostnames:
- authentik.alexlebens.net - authentik.alexlebens.net
parentRefs: parentRefs:
@@ -61,20 +48,21 @@ authentik:
kind: Gateway kind: Gateway
name: traefik-gateway name: traefik-gateway
namespace: traefik namespace: traefik
httpsRedirect: false
matches:
- path:
type: PathPrefix
value: /
worker: worker:
name: worker name: worker
replicas: 2 replicas: 1
resources:
requests:
cpu: 80m
memory: 650Mi
metrics:
enabled: true
serviceMonitor:
enabled: true
prometheus: prometheus:
rules: rules:
enabled: true enabled: true
postgresql:
enabled: false
redis:
enabled: false
postgres-18-cluster: postgres-18-cluster:
mode: recovery mode: recovery
recovery: recovery:
@@ -88,9 +76,32 @@ postgres-18-cluster:
destinationBucket: postgres-backups destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 5 14 * * *" schedule: "0 5 14 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external

5
clusters/cl01tl/helm/backrest/Chart.yaml
View File

@@ -5,12 +5,11 @@ description: backrest
keywords: keywords:
- backrest - backrest
- backup - backup
home: https://docs.alexlebens.dev/applications/backrest/ home: https://wiki.alexlebens.dev/
sources: sources:
- https://github.com/garethgeorge/backrest - https://github.com/garethgeorge/backrest
- https://github.com/garethgeorge/backrest/pkgs/container/backrest - https://hub.docker.com/r/garethgeorge/backrest
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:

29
clusters/cl01tl/helm/backrest/values.yaml
View File

@@ -7,8 +7,9 @@ backrest:
containers: containers:
main: main:
image: image:
repository: ghcr.io/garethgeorge/backrest repository: garethgeorge/backrest
tag: v1.12.1@sha256:f4d34bd6fa985d13bdb6c01c5d8727e07708899afa9567d800808357d77b9fb0 tag: v1.12.1
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago
@@ -22,8 +23,8 @@ backrest:
value: /tmp value: /tmp
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 30Mi memory: 256Mi
service: service:
main: main:
controller: main controller: main
@@ -32,19 +33,6 @@ backrest:
port: 80 port: 80
targetPort: 9898 targetPort: 9898
protocol: TCP protocol: TCP
serviceMonitor:
main:
selector:
matchLabels:
app.kubernetes.io/name: backrest
app.kubernetes.io/instance: backrest
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: http
scheme: http
path: /metrics
interval: 300s
scrapeTimeout: 15s
route: route:
main: main:
kind: HTTPRoute kind: HTTPRoute
@@ -57,8 +45,11 @@ backrest:
- backrest.alexlebens.net - backrest.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: backrest - group: ''
kind: Service
name: backrest
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -69,6 +60,7 @@ backrest:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 10Gi size: 10Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -79,6 +71,7 @@ backrest:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 1Gi size: 1Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:

4
clusters/cl01tl/helm/bazarr/Chart.yaml
View File

@@ -4,14 +4,14 @@ version: 1.0.0
description: Bazarr description: Bazarr
keywords: keywords:
- bazarr - bazarr
- servarr
- subtitles - subtitles
home: https://docs.alexlebens.dev/applications/bazarr/ home: https://wiki.alexlebens.dev/s/
sources: sources:
- https://github.com/morpheus65535/bazarr - https://github.com/morpheus65535/bazarr
- https://github.com/linuxserver/docker-bazarr - https://github.com/linuxserver/docker-bazarr
- https://github.com/linuxserver/docker-bazarr/pkgs/container/bazarr - https://github.com/linuxserver/docker-bazarr/pkgs/container/bazarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:

18
clusters/cl01tl/helm/bazarr/values.yaml
View File

@@ -4,6 +4,7 @@ bazarr:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
pod: pod:
securityContext: securityContext:
runAsUser: 1000 runAsUser: 1000
@@ -14,20 +15,19 @@ bazarr:
main: main:
image: image:
repository: ghcr.io/linuxserver/bazarr repository: ghcr.io/linuxserver/bazarr
tag: v1.5.6-ls342@sha256:9a631194c0dee21c85b5bff59e23610e1ae2f54594e922973949d271102e585e tag: 1.5.6@sha256:05f9d5b24884f37120453dc1a008a47be244eebec32099ae1bd29032e75b67aa
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: America/Chicago value: US/Central
- name: PUID - name: PUID
value: 1000 value: 1000
- name: PGID - name: PGID
value: 1000 value: 1000
resources: resources:
limits:
cpu: 100m
requests: requests:
cpu: 1m cpu: 10m
memory: 250Mi memory: 256Mi
service: service:
main: main:
controller: main controller: main
@@ -48,8 +48,11 @@ bazarr:
- bazarr.alexlebens.net - bazarr.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: bazarr - group: ''
kind: Service
name: bazarr
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -60,6 +63,7 @@ bazarr:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 5Gi size: 5Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:

5
clusters/cl01tl/helm/blocky/Chart.yaml
View File

@@ -5,12 +5,11 @@ description: Blocky
keywords: keywords:
- blocky - blocky
- dns - dns
home: https://docs.alexlebens.dev/applications/blocky/ home: https://wiki.alexlebens.dev/s/cf70113d-20bc-48ad-afb8-1e22ed3fd62a
sources: sources:
- https://github.com/0xERR0R/blocky - https://github.com/0xERR0R/blocky
- https://github.com/0xERR0R/blocky/pkgs/container/blocky - https://hub.docker.com/r/spx01/blocky
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:

13
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -4,18 +4,20 @@ blocky:
type: deployment type: deployment
replicas: 3 replicas: 3
strategy: RollingUpdate strategy: RollingUpdate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: ghcr.io/0xerr0r/blocky repository: ghcr.io/0xerr0r/blocky
tag: v0.29.0@sha256:a6d99f323d3036a99a3767a52ad612f4d8f3f31167492bfc14d4ea57b24cdfd0 tag: v0.29.0@sha256:a6d99f323d3036a99a3767a52ad612f4d8f3f31167492bfc14d4ea57b24cdfd0
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: America/Chicago value: US/Central
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 100Mi memory: 128Mi
configMaps: configMaps:
config: config:
enabled: true enabled: true
@@ -96,7 +98,7 @@ blocky:
traefik-cl01tl IN A 10.232.1.21 traefik-cl01tl IN A 10.232.1.21
blocky IN A 10.232.1.22 blocky IN A 10.232.1.22
plex-lb IN A 10.232.1.23 cilium-cl01tl IN A 10.232.1.23
;; Application Names ;; Application Names
@@ -108,32 +110,29 @@ blocky:
authentik IN CNAME traefik-cl01tl authentik IN CNAME traefik-cl01tl
backrest IN CNAME traefik-cl01tl backrest IN CNAME traefik-cl01tl
bazarr IN CNAME traefik-cl01tl bazarr IN CNAME traefik-cl01tl
booklore IN CNAME traefik-cl01tl
ceph IN CNAME traefik-cl01tl ceph IN CNAME traefik-cl01tl
code-server IN CNAME traefik-cl01tl code-server IN CNAME traefik-cl01tl
dawarich IN CNAME traefik-cl01tl dawarich IN CNAME traefik-cl01tl
directus IN CNAME traefik-cl01tl directus IN CNAME traefik-cl01tl
excalidraw IN CNAME traefik-cl01tl excalidraw IN CNAME traefik-cl01tl
feishin IN CNAME traefik-cl01tl feishin IN CNAME traefik-cl01tl
foldergram IN CNAME traefik-cl01tl
garage-s3 IN CNAME traefik-cl01tl garage-s3 IN CNAME traefik-cl01tl
garage-webui IN CNAME traefik-cl01tl garage-webui IN CNAME traefik-cl01tl
gatus IN CNAME traefik-cl01tl gatus IN CNAME traefik-cl01tl
gitea IN CNAME traefik-cl01tl gitea IN CNAME traefik-cl01tl
grafana IN CNAME traefik-cl01tl grafana IN CNAME traefik-cl01tl
grimmory IN CNAME traefik-cl01tl
harbor IN CNAME traefik-cl01tl harbor IN CNAME traefik-cl01tl
headlamp IN CNAME traefik-cl01tl headlamp IN CNAME traefik-cl01tl
home IN CNAME traefik-cl01tl home IN CNAME traefik-cl01tl
home-assistant IN CNAME traefik-cl01tl home-assistant IN CNAME traefik-cl01tl
home-assistant-code-server IN CNAME traefik-cl01tl home-assistant-code-server IN CNAME traefik-cl01tl
houndarr IN CNAME traefik-cl01tl
hubble IN CNAME traefik-cl01tl hubble IN CNAME traefik-cl01tl
immich IN CNAME traefik-cl01tl immich IN CNAME traefik-cl01tl
jellyfin IN CNAME traefik-cl01tl jellyfin IN CNAME traefik-cl01tl
jellystat IN CNAME traefik-cl01tl jellystat IN CNAME traefik-cl01tl
kiwix IN CNAME traefik-cl01tl kiwix IN CNAME traefik-cl01tl
komodo IN CNAME traefik-cl01tl komodo IN CNAME traefik-cl01tl
languagetool IN CNAME traefik-cl01tl
lidarr IN CNAME traefik-cl01tl lidarr IN CNAME traefik-cl01tl
mail IN CNAME traefik-cl01tl mail IN CNAME traefik-cl01tl
medialyze IN CNAME traefik-cl01tl medialyze IN CNAME traefik-cl01tl

7
clusters/cl01tl/helm/grimmory/Chart.lock → clusters/cl01tl/helm/booklore/Chart.lock
View File

@@ -8,5 +8,8 @@ dependencies:
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:6ee403da03c1bcc0289a9abdef0508344072d51173da996eda69b8305d5feefa - name: volsync-target
generated: "2026-03-23T20:35:19.743257-05:00" repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:e65fa008c652092da5431e9780eb2a87c944298a12e58e432efad61c9e826da5
generated: "2026-03-14T23:57:22.721295098Z"

33
clusters/cl01tl/helm/booklore/Chart.yaml Normal file
View File

@@ -0,0 +1,33 @@
apiVersion: v2
name: booklore
version: 1.0.0
description: booklore
keywords:
- booklore
- books
home: https://wiki.alexlebens.dev/
sources:
- https://github.com/booklore-app/BookLore
- https://github.com/booklore-app/booklore/pkgs/container/booklore
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: booklore
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: mariadb-cluster
version: 26.3.0
repository: https://helm.mariadb.com/mariadb-operator
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/booklore.png
# renovate: datasource=github-releases depName=booklore-app/BookLore
appVersion: v2.2.1

38
clusters/cl01tl/helm/grimmory/templates/external-secret.yaml → clusters/cl01tl/helm/booklore/templates/external-secret.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: grimmory-database-secret name: booklore-database-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grimmory-database-secret app.kubernetes.io/name: booklore-database-secret
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -14,17 +14,20 @@ spec:
data: data:
- secretKey: password - secretKey: password
remoteRef: remoteRef:
key: /cl01tl/grimmory/database conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/booklore/database
metadataPolicy: None
property: password property: password
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: grimmory-data-replication-secret name: booklore-data-replication-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grimmory-data-replication-secret app.kubernetes.io/name: booklore-data-replication-secret
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -34,17 +37,20 @@ spec:
data: data:
- secretKey: psk.txt - secretKey: psk.txt
remoteRef: remoteRef:
key: /cl01tl/grimmory/replication conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/booklore/replication
metadataPolicy: None
property: psk.txt property: psk.txt
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: grimmory-mariadb-cluster-backup-secret-external name: booklore-mariadb-cluster-backup-secret-external
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grimmory-mariadb-cluster-backup-secret-external app.kubernetes.io/name: booklore-mariadb-cluster-backup-secret-external
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -54,21 +60,27 @@ spec:
data: data:
- secretKey: access - secretKey: access
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/mariadb-backups key: /digital-ocean/home-infra/mariadb-backups
metadataPolicy: None
property: access property: access
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/mariadb-backups key: /digital-ocean/home-infra/mariadb-backups
metadataPolicy: None
property: secret property: secret
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: grimmory-mariadb-cluster-backup-secret-garage name: booklore-mariadb-cluster-backup-secret-garage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grimmory-mariadb-cluster-backup-secret-garage app.kubernetes.io/name: booklore-mariadb-cluster-backup-secret-garage
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -78,9 +90,15 @@ spec:
data: data:
- secretKey: access - secretKey: access
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/mariadb-backups key: /garage/home-infra/mariadb-backups
metadataPolicy: None
property: access property: access
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/mariadb-backups key: /garage/home-infra/mariadb-backups
metadataPolicy: None
property: secret property: secret

4
clusters/cl01tl/helm/grimmory/templates/namespace.yaml → clusters/cl01tl/helm/booklore/templates/namespace.yaml
View File

@@ -1,11 +1,11 @@
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: grimmory name: booklore
annotations: annotations:
volsync.backube/privileged-movers: "true" volsync.backube/privileged-movers: "true"
labels: labels:
app.kubernetes.io/name: grimmory app.kubernetes.io/name: booklore
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/audit: privileged

12
clusters/cl01tl/helm/grimmory/templates/persistent-volume-claim.yaml → clusters/cl01tl/helm/booklore/templates/persistent-volume-claim.yaml
View File

@@ -1,14 +1,14 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: grimmory-books-nfs-storage name: booklore-books-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grimmory-books-nfs-storage app.kubernetes.io/name: booklore-books-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: grimmory-books-nfs-storage volumeName: booklore-books-nfs-storage
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany
@@ -20,14 +20,14 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: grimmory-books-import-nfs-storage name: booklore-books-import-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grimmory-books-import-nfs-storage app.kubernetes.io/name: booklore-books-import-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: grimmory-books-import-nfs-storage volumeName: booklore-books-import-nfs-storage
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany

8
clusters/cl01tl/helm/grimmory/templates/persistent-volume.yaml → clusters/cl01tl/helm/booklore/templates/persistent-volume.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: grimmory-books-nfs-storage name: booklore-books-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grimmory-books-nfs-storage app.kubernetes.io/name: booklore-books-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -26,10 +26,10 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: grimmory-books-import-nfs-storage name: booklore-books-import-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grimmory-books-import-nfs-storage app.kubernetes.io/name: booklore-books-import-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:

111
clusters/cl01tl/helm/grimmory/values.yaml → clusters/cl01tl/helm/booklore/values.yaml
View File

@@ -1,18 +1,16 @@
grimmory: booklore:
controllers: controllers:
main: main:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
pod: revisionHistoryLimit: 3
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers: containers:
main: main:
image: image:
repository: ghcr.io/grimmory-tools/grimmory repository: ghcr.io/booklore-app/booklore
tag: v2.3.0@sha256:9014247f591074529894f81115ca40f899db697e89f72c2fe91ec530e3f19597 tag: v2.2.1
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago
@@ -21,22 +19,22 @@ grimmory:
- name: GROUP_ID - name: GROUP_ID
value: 1000 value: 1000
- name: DATABASE_URL - name: DATABASE_URL
value: jdbc:mariadb://grimmory-mariadb-cluster-primary.grimmory:3306/booklore value: jdbc:mariadb://booklore-mariadb-cluster-primary.booklore:3306/booklore
- name: DATABASE_USERNAME - name: DATABASE_USERNAME
value: grimmory value: booklore
- name: DATABASE_PASSWORD - name: DATABASE_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: grimmory-database-secret name: booklore-database-secret
key: password key: password
- name: GRIMMORY_PORT - name: BOOKLORE_PORT
value: 6060 value: 6060
- name: SWAGGER_ENABLED - name: SWAGGER_ENABLED
value: false value: false
resources: resources:
requests: requests:
cpu: 10m cpu: 50m
memory: 1Gi memory: 128Mi
service: service:
main: main:
controller: main controller: main
@@ -54,26 +52,41 @@ grimmory:
name: traefik-gateway name: traefik-gateway
namespace: traefik namespace: traefik
hostnames: hostnames:
- grimmory.alexlebens.net - booklore.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: grimmory - group: ''
kind: Service
name: booklore
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
value: / value: /
persistence: persistence:
config: config:
forceRename: grimmory-config forceRename: booklore-config
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 5Gi size: 5Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
- path: /app/data - path: /app/data
readOnly: false readOnly: false
data:
forceRename: booklore-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: true
advancedMounts:
main:
main:
- path: /data
readOnly: false
books-import: books-import:
type: emptyDir type: emptyDir
advancedMounts: advancedMounts:
@@ -81,15 +94,8 @@ grimmory:
main: main:
- path: /bookdrop - path: /bookdrop
readOnly: false readOnly: false
data:
existingClaim: grimmory-books-nfs-storage
advancedMounts:
main:
main:
- path: /data
readOnly: false
ingest: ingest:
existingClaim: grimmory-books-import-nfs-storage existingClaim: booklore-books-import-nfs-storage
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -99,7 +105,7 @@ mariadb-cluster:
mariadb: mariadb:
rootPasswordSecretKeyRef: rootPasswordSecretKeyRef:
generate: false generate: false
name: grimmory-database-secret name: booklore-database-secret
key: password key: password
storage: storage:
size: 5Gi size: 5Gi
@@ -109,14 +115,14 @@ mariadb-cluster:
bootstrapFrom: bootstrapFrom:
s3: s3:
bucket: mariadb-backups-b230a2f5aecf080a4b372c08 bucket: mariadb-backups-b230a2f5aecf080a4b372c08
prefix: cl01tl/grimmory prefix: cl01tl/booklore
endpoint: nyc3.digitaloceanspaces.com endpoint: nyc3.digitaloceanspaces.com
region: us-east-1 region: us-east-1
accessKeyIdSecretKeyRef: accessKeyIdSecretKeyRef:
name: grimmory-mariadb-cluster-backup-secret-external name: booklore-mariadb-cluster-backup-secret-external
key: access key: access
secretAccessKeySecretKeyRef: secretAccessKeySecretKeyRef:
name: grimmory-mariadb-cluster-backup-secret-external name: booklore-mariadb-cluster-backup-secret-external
key: secret key: secret
tls: tls:
enabled: true enabled: true
@@ -128,22 +134,21 @@ mariadb-cluster:
cleanupPolicy: Delete cleanupPolicy: Delete
requeueInterval: 10h requeueInterval: 10h
users: users:
- name: grimmory - name: booklore
passwordSecretKeyRef: passwordSecretKeyRef:
name: grimmory-database-secret name: booklore-database-secret
key: password key: password
host: '%' host: '%'
maxUserConnections: 100
cleanupPolicy: Delete cleanupPolicy: Delete
requeueInterval: 10h requeueInterval: 10h
retryInterval: 30s retryInterval: 30s
grants: grants:
- name: grimmory - name: booklore
privileges: privileges:
- "ALL PRIVILEGES" - "ALL PRIVILEGES"
database: "booklore" database: "booklore"
table: "*" table: "*"
username: grimmory username: booklore
grantOption: true grantOption: true
host: '%' host: '%'
cleanupPolicy: Delete cleanupPolicy: Delete
@@ -161,14 +166,14 @@ mariadb-cluster:
storage: storage:
s3: s3:
bucket: mariadb-backups-b230a2f5aecf080a4b372c08 bucket: mariadb-backups-b230a2f5aecf080a4b372c08
prefix: cl01tl/grimmory prefix: cl01tl/booklore
endpoint: nyc3.digitaloceanspaces.com endpoint: nyc3.digitaloceanspaces.com
region: us-east-1 region: us-east-1
accessKeyIdSecretKeyRef: accessKeyIdSecretKeyRef:
name: grimmory-mariadb-cluster-backup-secret-external name: booklore-mariadb-cluster-backup-secret-external
key: access key: access
secretAccessKeySecretKeyRef: secretAccessKeySecretKeyRef:
name: grimmory-mariadb-cluster-backup-secret-external name: booklore-mariadb-cluster-backup-secret-external
key: secret key: secret
tls: tls:
enabled: true enabled: true
@@ -183,14 +188,14 @@ mariadb-cluster:
storage: storage:
s3: s3:
bucket: mariadb-backups bucket: mariadb-backups
prefix: cl01tl/grimmory prefix: cl01tl/booklore
endpoint: garage-ps10rp.boreal-beaufort.ts.net:3900 endpoint: garage-ps10rp.boreal-beaufort.ts.net:3900
region: us-east-1 region: us-east-1
accessKeyIdSecretKeyRef: accessKeyIdSecretKeyRef:
name: grimmory-mariadb-cluster-backup-secret-garage name: booklore-mariadb-cluster-backup-secret-garage
key: access key: access
secretAccessKeySecretKeyRef: secretAccessKeySecretKeyRef:
name: grimmory-mariadb-cluster-backup-secret-garage name: booklore-mariadb-cluster-backup-secret-garage
key: secret key: secret
tls: tls:
enabled: true enabled: true
@@ -205,20 +210,17 @@ mariadb-cluster:
storage: storage:
s3: s3:
bucket: mariadb-backups bucket: mariadb-backups
prefix: cl01tl/grimmory prefix: cl01tl/booklore
endpoint: garage-main.garage:3900 endpoint: garage-main.garage:3900
region: us-east-1 region: us-east-1
accessKeyIdSecretKeyRef: accessKeyIdSecretKeyRef:
name: grimmory-mariadb-cluster-backup-secret-garage name: booklore-mariadb-cluster-backup-secret-garage
key: access key: access
secretAccessKeySecretKeyRef: secretAccessKeySecretKeyRef:
name: grimmory-mariadb-cluster-backup-secret-garage name: booklore-mariadb-cluster-backup-secret-garage
key: secret key: secret
volsync-target-config: volsync-target-config:
pvcTarget: grimmory-config pvcTarget: booklore-config
moverSecurityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
local: local:
enabled: true enabled: true
schedule: 12 8 * * * schedule: 12 8 * * *
@@ -228,3 +230,20 @@ volsync-target-config:
external: external:
enabled: true enabled: true
schedule: 12 10 * * * schedule: 12 10 * * *
volsync-target-data:
pvcTarget: booklore-data
local:
enabled: true
schedule: 14 8 * * *
restic:
cacheCapacity: 10Gi
remote:
enabled: true
schedule: 14 9 * * *
restic:
cacheCapacity: 10Gi
external:
enabled: true
schedule: 14 10 * * *
restic:
cacheCapacity: 10Gi

5
clusters/cl01tl/helm/cert-manager/Chart.yaml
View File

@@ -5,7 +5,8 @@ description: Cert Manager
keywords: keywords:
- cert-manager - cert-manager
- certificates - certificates
home: https://docs.alexlebens.dev/applications/cert-manager/ - kubernetes
home: https://wiki.alexlebens.dev/s/368fe718-eedb-40e0-a5a7-fad03cdc6b09
sources: sources:
- https://github.com/cert-manager/cert-manager - https://github.com/cert-manager/cert-manager
- https://github.com/cert-manager/cert-manager/tree/master/deploy/charts/cert-manager - https://github.com/cert-manager/cert-manager/tree/master/deploy/charts/cert-manager
@@ -15,6 +16,6 @@ dependencies:
- name: cert-manager - name: cert-manager
version: v1.20.0 version: v1.20.0
repository: https://charts.jetstack.io repository: https://charts.jetstack.io
icon: https://raw.githubusercontent.com/cert-manager/cert-manager/refs/heads/master/logo/logo.png icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/cert-manager.png
# renovate: datasource=github-releases depName=cert-manager/cert-manager # renovate: datasource=github-releases depName=cert-manager/cert-manager
appVersion: v1.20.0 appVersion: v1.20.0

5
clusters/cl01tl/helm/cert-manager/templates/cluster-issuer.yaml
View File

@@ -2,11 +2,6 @@ apiVersion: cert-manager.io/v1
kind: ClusterIssuer kind: ClusterIssuer
metadata: metadata:
name: letsencrypt-issuer name: letsencrypt-issuer
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: letsencrypt-issuer
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
acme: acme:
email: alexanderlebens@gmail.com email: alexanderlebens@gmail.com

3
clusters/cl01tl/helm/cert-manager/templates/external-secret.yaml
View File

@@ -14,5 +14,8 @@ spec:
data: data:
- secretKey: api-token - secretKey: api-token
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/alexlebens.net/clusterissuer key: /cloudflare/alexlebens.net/clusterissuer
metadataPolicy: None
property: token property: token

8
clusters/cl01tl/helm/cert-manager/values.yaml
View File

@@ -3,16 +3,10 @@ cert-manager:
enabled: true enabled: true
keep: true keep: true
replicaCount: 2 replicaCount: 2
podDisruptionBudget:
enabled: true
minAvailable: 1
extraArgs: extraArgs:
- --enable-gateway-api - --enable-gateway-api
resources:
requests:
cpu: 10m
memory: 64Mi
prometheus: prometheus:
enabled: true
servicemonitor: servicemonitor:
enabled: true enabled: true
honorLabels: true honorLabels: true

9
clusters/cl01tl/helm/cilium/Chart.yaml
View File

@@ -4,12 +4,13 @@ version: 1.0.0
description: Cilium description: Cilium
keywords: keywords:
- cilium - cilium
- operator - cni
- network - network
home: https://docs.alexlebens.dev/applications/cilium/ - kubernetes
home: https://wiki.alexlebens.dev/s/9e6f5b17-e186-4af0-81cd-af647b162d3d
sources: sources:
- https://github.com/cilium/cilium - https://github.com/cilium/cilium
- https://github.com/cilium/cilium/tree/main/install/kubernetes/cilium - https://github.com/cilium/charts
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -18,4 +19,4 @@ dependencies:
repository: https://helm.cilium.io/ repository: https://helm.cilium.io/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/cilium.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/cilium.png
# renovate: datasource=github-releases depName=cilium/cilium # renovate: datasource=github-releases depName=cilium/cilium
appVersion: 1.18.6 appVersion: 1.19.1

28
clusters/cl01tl/helm/cilium/values.yaml
View File

@@ -25,24 +25,36 @@ cilium:
- NET_ADMIN - NET_ADMIN
- SYS_ADMIN - SYS_ADMIN
- SYS_RESOURCE - SYS_RESOURCE
l2announcements:
enabled: false
bgpControlPlane: bgpControlPlane:
enabled: false enabled: false
secretsNamespace:
name: kube-system
statusReport:
enabled: true
routerIDAllocation:
mode: "default"
bpf: bpf:
hostLegacyRouting: true hostLegacyRouting: true
devices: end0 enp6s0 devices: end0 enp6s0
ciliumEndpointSlice: ciliumEndpointSlice:
enabled: true enabled: true
ingressController:
enabled: false
gatewayAPI: gatewayAPI:
enabled: true enabled: true
enableAppProtocol: true
enableAlpn: true enableAlpn: true
secretsNamespace: enableAppProtocol: true
create: false gatewayClass:
name: kube-system create: auto
externalIPs:
enabled: true
socketLB: socketLB:
enabled: true enabled: true
hostNamespaceOnly: true hostNamespaceOnly: true
hubble: hubble:
enabled: true
metrics: metrics:
serviceMonitor: serviceMonitor:
enabled: true enabled: true
@@ -56,6 +68,8 @@ cilium:
enabled: true enabled: true
ui: ui:
enabled: true enabled: true
ingress:
enabled: false
ipam: ipam:
mode: "kubernetes" mode: "kubernetes"
ipv4: ipv4:
@@ -63,11 +77,12 @@ cilium:
ipv6: ipv6:
enabled: false enabled: false
kubeProxyReplacement: true kubeProxyReplacement: true
l7Proxy: true
prometheus: prometheus:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
enabled: true
trustCRDsExist: true trustCRDsExist: true
enabled: true
envoy: envoy:
enabled: true enabled: true
securityContext: securityContext:
@@ -79,11 +94,14 @@ cilium:
- PERFMON - PERFMON
- BPF - BPF
prometheus: prometheus:
enabled: true
serviceMonitor: serviceMonitor:
enabled: true enabled: true
operator: operator:
enabled: true
rollOutPods: true rollOutPods: true
prometheus: prometheus:
enabled: true
serviceMonitor: serviceMonitor:
enabled: true enabled: true
cgroup: cgroup:

7
clusters/cl01tl/helm/cloudnative-pg/Chart.yaml
View File

@@ -6,11 +6,10 @@ keywords:
- cloudnative-pg - cloudnative-pg
- operator - operator
- postgresql - postgresql
home: https://docs.alexlebens.dev/applications/cloudnative-pg/ - kubernetes
home: https://wiki.alexlebens.dev/s/9fb10833-0278-4e64-a34c-d348d833839f
sources: sources:
- https://github.com/cloudnative-pg/cloudnative-pg - https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/cloudnative-pg/plugin-barman-cloud
- https://github.com/cloudnative-pg/postgres-containers/pkgs/container/postgresql
- https://github.com/cloudnative-pg/charts/tree/main/charts/cloudnative-pg - https://github.com/cloudnative-pg/charts/tree/main/charts/cloudnative-pg
- https://github.com/cloudnative-pg/charts/tree/main/charts/plugin-barman-cloud - https://github.com/cloudnative-pg/charts/tree/main/charts/plugin-barman-cloud
maintainers: maintainers:
@@ -22,6 +21,6 @@ dependencies:
- name: plugin-barman-cloud - name: plugin-barman-cloud
version: 0.5.0 version: 0.5.0
repository: https://cloudnative-pg.io/charts/ repository: https://cloudnative-pg.io/charts/
icon: https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg.github.io/refs/heads/main/assets/images/hero_image.png icon: https://avatars.githubusercontent.com/u/100373852?s=200&v=4
# renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg # renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg
appVersion: 1.28.1 appVersion: 1.28.1

16
clusters/cl01tl/helm/cloudnative-pg/values.yaml
View File

@@ -1,16 +1,16 @@
cloudnative-pg: cloudnative-pg:
replicaCount: 2 replicaCount: 2
resources:
requests:
cpu: 10m
memory: 100Mi
monitoring: monitoring:
podMonitorEnabled: true podMonitorEnabled: true
plugin-barman-cloud: plugin-barman-cloud:
replicaCount: 1 replicaCount: 1
image:
registry: ghcr.io
repository: cloudnative-pg/plugin-barman-cloud
tag: v0.11.0
sidecarImage:
registry: ghcr.io
repository: cloudnative-pg/plugin-barman-cloud-sidecar
tag: v0.11.0
crds: crds:
create: true create: true
resources:
requests:
cpu: 1m
memory: 20Mi

12
clusters/cl01tl/helm/code-server/Chart.yaml
View File

@@ -5,14 +5,14 @@ description: Code Server
keywords: keywords:
- code-server - code-server
- code - code
home: https://docs.alexlebens.dev/applications/code-server/ - ide
home: https://wiki.alexlebens.dev/s/233f96bb-db70-47e4-8b22-a8efcbb0f93d
sources: sources:
- https://github.com/coder/code-server - https://github.com/coder/code-server
- https://github.com/linuxserver/docker-code-server - https://github.com/cloudflare/cloudflared
- https://github.com/linuxserver/docker-code-server/pkgs/container/code-server - https://hub.docker.com/r/linuxserver/code-server
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -28,5 +28,5 @@ dependencies:
version: 0.8.0 version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png
# renovate: datasource=github-releases depName=coder/code-server # renovate: datasource=github-releases depName=linuxserver/docker-code-server
appVersion: 4.112.0 appVersion: 4.108.1

6
clusters/cl01tl/helm/code-server/templates/external-secret.yaml
View File

@@ -14,9 +14,15 @@ spec:
data: data:
- secretKey: PASSWORD - secretKey: PASSWORD
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/code-server/auth key: /cl01tl/code-server/auth
metadataPolicy: None
property: PASSWORD property: PASSWORD
- secretKey: SUDO_PASSWORD - secretKey: SUDO_PASSWORD
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/code-server/auth key: /cl01tl/code-server/auth
metadataPolicy: None
property: SUDO_PASSWORD property: SUDO_PASSWORD

20
clusters/cl01tl/helm/code-server/values.yaml
View File

@@ -4,18 +4,16 @@ code-server:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
pod: revisionHistoryLimit: 3
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers: containers:
main: main:
image: image:
repository: ghcr.io/linuxserver/code-server repository: ghcr.io/linuxserver/code-server
tag: 4.112.0@sha256:4bb5b8ad22268001687c047f0f04933799fb03df1eb0e1e266ba15ed2d9f4e8b tag: 4.111.0@sha256:12c04b41f601604795562ece2ac64cade7cfca632415f4bfb1742477e3226272
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: America/Chicago value: US/Central
- name: PUID - name: PUID
value: 1000 value: 1000
- name: PGID - name: PGID
@@ -27,8 +25,8 @@ code-server:
name: codeserver-password-secret name: codeserver-password-secret
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 50Mi memory: 128Mi
service: service:
main: main:
controller: main controller: main
@@ -49,8 +47,11 @@ code-server:
- code-server.alexlebens.net - code-server.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: code-server - group: ''
kind: Service
name: code-server
port: 8443 port: 8443
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -61,6 +62,7 @@ code-server:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 2Gi size: 2Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:

6
clusters/cl01tl/helm/coredns/Chart.yaml
View File

@@ -5,7 +5,9 @@ description: CoreDNS
keywords: keywords:
- coredns - coredns
- dns - dns
home: https://docs.alexlebens.dev/applications/coredns/ - network
- kubernetes
home: https://wiki.alexlebens.dev/s/
sources: sources:
- https://github.com/coredns/coredns - https://github.com/coredns/coredns
- https://github.com/coredns/helm - https://github.com/coredns/helm
@@ -15,6 +17,6 @@ dependencies:
- name: coredns - name: coredns
version: 1.45.2 version: 1.45.2
repository: https://coredns.github.io/helm repository: https://coredns.github.io/helm
icon: https://raw.githubusercontent.com/coredns/coredns.io/refs/heads/master/static/images/favicon.png icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/coredns.png
# renovate: datasource=github-releases depName=coredns/coredns # renovate: datasource=github-releases depName=coredns/coredns
appVersion: v1.14.2 appVersion: v1.14.2

34
clusters/cl01tl/helm/coredns/values.yaml
View File

@@ -1,18 +1,23 @@
coredns: coredns:
image: image:
repository: registry.k8s.io/coredns/coredns repository: registry.k8s.io/coredns/coredns
tag: v1.14.2@sha256:e7e6440cfd1e919280958f5b5a6ab2b184d385bba774c12ad2a9e1e4183f90d9 tag: v1.14.2
replicaCount: 3 replicaCount: 3
resources: resources:
limits:
cpu: null
memory: null
requests: requests:
cpu: 30m cpu: 50m
memory: 30Mi memory: 128Mi
rollingUpdate:
maxUnavailable: 1
maxSurge: 25%
terminationGracePeriodSeconds: 30
serviceType: "ClusterIP"
prometheus: prometheus:
service: service:
enabled: true enabled: true
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9153"
monitor: monitor:
enabled: true enabled: true
namespace: kube-system namespace: kube-system
@@ -24,7 +29,18 @@ coredns:
serviceAccount: serviceAccount:
create: true create: true
name: coredns name: coredns
rbac:
create: true
isClusterService: true
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
servers: servers:
- zones: - zones:
- zone: . - zone: .
@@ -61,8 +77,6 @@ coredns:
- name: errors - name: errors
- name: cache - name: cache
parameters: 30 parameters: 30
- name: prometheus
parameters: :9153
- name: forward - name: forward
parameters: . 10.111.232.172 parameters: . 10.111.232.172
- zones: - zones:
@@ -74,8 +88,6 @@ coredns:
- name: errors - name: errors
- name: cache - name: cache
parameters: 30 parameters: 30
- name: prometheus
parameters: :9153
- name: forward - name: forward
parameters: . 10.97.20.219 parameters: . 10.97.20.219
nodeSelector: nodeSelector:
@@ -88,4 +100,6 @@ coredns:
operator: Exists operator: Exists
effect: NoSchedule effect: NoSchedule
deployment: deployment:
skipConfig: false
enabled: true
name: coredns name: coredns

7
clusters/cl01tl/helm/dawarich/Chart.yaml
View File

@@ -5,13 +5,10 @@ description: Dawarich
keywords: keywords:
- dawarich - dawarich
- location - location
home: https://docs.alexlebens.dev/applications/dawarich/ home: https://wiki.alexlebens.dev/s/
sources: sources:
- https://github.com/Freika/dawarich - https://github.com/Freika/dawarich
- https://hub.docker.com/r/freikin/dawarich
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -29,4 +26,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png
# renovate: datasource=github-releases depName=Freika/dawarich # renovate: datasource=github-releases depName=Freika/dawarich
appVersion: 1.4.0 appVersion: 1.3.4

9
clusters/cl01tl/helm/dawarich/templates/external-secret.yaml
View File

@@ -14,7 +14,10 @@ spec:
data: data:
- secretKey: key - secretKey: key
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/dawarich/key key: /cl01tl/dawarich/key
metadataPolicy: None
property: key property: key
--- ---
@@ -34,9 +37,15 @@ spec:
data: data:
- secretKey: client - secretKey: client
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/dawarich key: /authentik/oidc/dawarich
metadataPolicy: None
property: client property: client
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/dawarich key: /authentik/oidc/dawarich
metadataPolicy: None
property: secret property: secret

75
clusters/cl01tl/helm/dawarich/values.yaml
View File

@@ -4,20 +4,15 @@ dawarich:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: freikin/dawarich repository: freikin/dawarich
tag: 1.4.0@sha256:07adb7643b00d1d8f606c675931d3604317fa3851b91b74ec503df8d50734cb8 tag: 1.3.4
command: pullPolicy: IfNotPresent
- "web-entrypoint.sh" command: ["web-entrypoint.sh"]
args: args: ["bin/rails", "server", "-p", "3000", "-b", "::"]
- "bin/rails"
- "server"
- "-p"
- "3000"
- "-b"
- "::"
env: env:
- name: RAILS_ENV - name: RAILS_ENV
value: production value: production
@@ -91,14 +86,14 @@ dawarich:
value: true value: true
probes: probes:
liveness: liveness:
enabled: true enabled: false
custom: true custom: true
spec: spec:
exec: exec:
command: command:
- /bin/sh - /bin/sh
- -c - -c
- "wget -qO - http://127.0.0.1:3000/api/v1/health | grep -q '\"status\"\\s*:\\s*\"ok\"'" - wget -qO - http://127.0.0.1:3000/api/v1/health | grep -Eq '\"status\"\\s*:\\s*\"ok\"'
failureThreshold: 5 failureThreshold: 5
initialDelaySeconds: 60 initialDelaySeconds: 60
periodSeconds: 10 periodSeconds: 10
@@ -106,16 +101,15 @@ dawarich:
timeoutSeconds: 10 timeoutSeconds: 10
resources: resources:
requests: requests:
cpu: 20m cpu: 10m
memory: 750Mi memory: 128Mi
sidekiq: sidekiq:
image: image:
repository: freikin/dawarich repository: freikin/dawarich
tag: 1.4.0@sha256:07adb7643b00d1d8f606c675931d3604317fa3851b91b74ec503df8d50734cb8 tag: 1.3.4
command: pullPolicy: IfNotPresent
- "sidekiq-entrypoint.sh" command: ["sidekiq-entrypoint.sh"]
args: args: ["sidekiq"]
- "sidekiq"
env: env:
- name: RAILS_ENV - name: RAILS_ENV
value: production value: production
@@ -191,19 +185,23 @@ dawarich:
value: true value: true
probes: probes:
liveness: liveness:
enabled: true enabled: false
custom: true custom: true
spec: spec:
exec: exec:
command: command:
- pgrep - /bin/sh
- -f - -c
- sidekiq - pgrep -f sidekiq
failureThreshold: 5 failureThreshold: 5
initialDelaySeconds: 60 initialDelaySeconds: 60
periodSeconds: 10 periodSeconds: 10
successThreshold: 1 successThreshold: 1
timeoutSeconds: 10 timeoutSeconds: 10
resources:
requests:
cpu: 10m
memory: 128Mi
service: service:
main: main:
controller: main controller: main
@@ -240,8 +238,11 @@ dawarich:
- dawarich.alexlebens.net - dawarich.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: dawarich - group: ""
kind: Service
name: dawarich
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -252,6 +253,7 @@ dawarich:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 5Gi size: 5Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -265,6 +267,7 @@ dawarich:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 5Gi size: 5Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -278,6 +281,7 @@ dawarich:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 1Gi size: 1Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -309,9 +313,32 @@ postgres-18-cluster:
destinationBucket: postgres-backups destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 10 14 * * *" schedule: "0 10 14 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external

6
clusters/cl01tl/helm/decluttarr/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
digest: sha256:548ae1f8699100a2f6bac11a4a3137402b3eea340c7a3db4d9f1813ad6a11dca
generated: "2026-02-23T22:08:42.516245-06:00"

20
clusters/cl01tl/helm/decluttarr/Chart.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: v2
name: decluttarr
version: 1.0.0
description: decluttarr
keywords:
- decluttarr
- servarr
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/ManiMatter/decluttarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: decluttarr
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
# renovate: datasource=github-releases depName=ManiMatter/decluttarr
appVersion: v2.0.0

21
clusters/cl01tl/helm/decluttarr/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: decluttarr-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: decluttarr-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: config.yaml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/decluttarr/config
metadataPolicy: None
property: config.yaml

32
clusters/cl01tl/helm/decluttarr/values.yaml Normal file
View File

@@ -0,0 +1,32 @@
decluttarr:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/manimatter/decluttarr
tag: v2.0.0
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
resources:
requests:
cpu: 10m
memory: 128Mi
persistence:
config:
enabled: true
type: secret
name: decluttarr-config-secret
advancedMounts:
main:
main:
- path: /app/config/config.yaml
readOnly: true
mountPropagation: None
subPath: config.yaml

3
clusters/cl01tl/helm/democratic-csi-synology-iscsi/Chart.yaml
View File

@@ -5,7 +5,8 @@ description: Democratic CSI
keywords: keywords:
- democratic-csi-synology-iscsi - democratic-csi-synology-iscsi
- iscsi - iscsi
home: https://docs.alexlebens.dev/applications/democratic-csi-synology-iscsi/ - kubernetes
home: https://wiki.alexlebens.dev/s/0cc6ba65-024b-4489-952a-fc0f647fd099
sources: sources:
- https://github.com/democratic-csi/democratic-csi - https://github.com/democratic-csi/democratic-csi
- https://github.com/democratic-csi/charts/tree/master/stable/democratic-csi - https://github.com/democratic-csi/charts/tree/master/stable/democratic-csi

3
clusters/cl01tl/helm/democratic-csi-synology-iscsi/templates/external-secret.yaml
View File

@@ -14,5 +14,8 @@ spec:
data: data:
- secretKey: driver-config-file.yaml - secretKey: driver-config-file.yaml
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/democratic-csi-synology-iscsi/config key: /cl01tl/democratic-csi-synology-iscsi/config
metadataPolicy: None
property: driver-config-file.yaml property: driver-config-file.yaml

7
clusters/cl01tl/helm/democratic-csi-synology-iscsi/values.yaml
View File

@@ -3,13 +3,12 @@ democratic-csi:
existingConfigSecret: synology-iscsi-config-secret existingConfigSecret: synology-iscsi-config-secret
config: config:
driver: synology-iscsi driver: synology-iscsi
resources:
requests:
cpu: 1m
memory: 128Mi
csiDriver: csiDriver:
name: "org.democratic-csi.iscsi-synology" name: "org.democratic-csi.iscsi-synology"
controller: controller:
enabled: true
rbac:
enabled: true
replicaCount: 2 replicaCount: 2
storageClasses: storageClasses:
- name: synology-iscsi-delete - name: synology-iscsi-delete

3
clusters/cl01tl/helm/descheduler/Chart.yaml
View File

@@ -5,7 +5,8 @@ description: Descheduler
keywords: keywords:
- descheduler - descheduler
- kube-scheduler - kube-scheduler
home: https://docs.alexlebens.dev/applications/descheduler/ - kubernetes
home: https://wiki.alexlebens.dev/s/0c38b7e4-4573-487c-82b0-4eeeb00e1276
sources: sources:
- https://github.com/kubernetes-sigs/descheduler - https://github.com/kubernetes-sigs/descheduler
- https://github.com/kubernetes-sigs/descheduler/tree/master/charts/descheduler - https://github.com/kubernetes-sigs/descheduler/tree/master/charts/descheduler

41
clusters/cl01tl/helm/descheduler/values.yaml
View File

@@ -1,22 +1,27 @@
descheduler: descheduler:
kind: Deployment kind: Deployment
resources: resources:
limits:
cpu: null
memory: null
requests: requests:
cpu: 10m cpu: 10m
memory: 50Mi memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
deschedulingInterval: 5m deschedulingInterval: 5m
replicas: 3 replicas: 1
leaderElection: leaderElection:
enabled: true enabled: false
leaseDuration: 15s command:
renewDeadline: 10s - "/bin/descheduler"
retryPeriod: 2s cmdOptions:
resourceLock: "leases" v: 3
resourceName: "descheduler" deschedulerPolicyAPIVersion: "descheduler/v1alpha2"
resourceNamespace: "descheduler"
deschedulerPolicy: deschedulerPolicy:
profiles: profiles:
- name: default - name: default
@@ -48,13 +53,13 @@ descheduler:
- name: LowNodeUtilization - name: LowNodeUtilization
args: args:
thresholds: thresholds:
cpu: 20 cpu: 30
memory: 20 memory: 30
pods: 20 pods: 50
targetThresholds: targetThresholds:
cpu: 50 cpu: 60
memory: 50 memory: 40
pods: 60 pods: 80
plugins: plugins:
balance: balance:
enabled: enabled:

12
clusters/cl01tl/helm/directus/Chart.yaml
View File

@@ -4,14 +4,16 @@ version: 1.0.0
description: Directus description: Directus
keywords: keywords:
- directus - directus
- content-management-system - cms
home: https://docs.alexlebens.dev/applications/descheduler/ home: https://wiki.alexlebens.dev/s/c2d242de-dcaa-4801-86a2-c4761dc8bf9b
sources: sources:
- https://github.com/directus/directus - https://github.com/directus/directus
- https://github.com/directus/directus/pkgs/container/directus - https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/directus/directus
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -29,4 +31,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
# renovate: datasource=github-releases depName=directus/directus # renovate: datasource=github-releases depName=directus/directus
appVersion: 11.17.0 appVersion: 11.16.1

39
clusters/cl01tl/helm/directus/templates/external-secret.yaml
View File

@@ -14,19 +14,31 @@ spec:
data: data:
- secretKey: admin-email - secretKey: admin-email
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/config key: /cl01tl/directus/config
metadataPolicy: None
property: admin-email property: admin-email
- secretKey: admin-password - secretKey: admin-password
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/config key: /cl01tl/directus/config
metadataPolicy: None
property: admin-password property: admin-password
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/config key: /cl01tl/directus/config
metadataPolicy: None
property: secret property: secret
- secretKey: key - secretKey: key
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/config key: /cl01tl/directus/config
metadataPolicy: None
property: key property: key
--- ---
@@ -46,11 +58,17 @@ spec:
data: data:
- secretKey: OIDC_CLIENT_ID - secretKey: OIDC_CLIENT_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/directus key: /authentik/oidc/directus
metadataPolicy: None
property: client property: client
- secretKey: OIDC_CLIENT_SECRET - secretKey: OIDC_CLIENT_SECRET
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/directus key: /authentik/oidc/directus
metadataPolicy: None
property: secret property: secret
--- ---
@@ -70,7 +88,10 @@ spec:
data: data:
- secretKey: metric-token - secretKey: metric-token
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/metrics key: /cl01tl/directus/metrics
metadataPolicy: None
property: metric-token property: metric-token
--- ---
@@ -90,15 +111,24 @@ spec:
data: data:
- secretKey: ACCESS_KEY_ID - secretKey: ACCESS_KEY_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_KEY_ID property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY - secretKey: ACCESS_SECRET_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_SECRET_KEY property: ACCESS_SECRET_KEY
- secretKey: ACCESS_REGION - secretKey: ACCESS_REGION
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_REGION property: ACCESS_REGION
--- ---
@@ -118,13 +148,22 @@ spec:
data: data:
- secretKey: default - secretKey: default
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/valkey key: /cl01tl/directus/valkey
metadataPolicy: None
property: password property: password
- secretKey: user - secretKey: user
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/valkey key: /cl01tl/directus/valkey
metadataPolicy: None
property: user property: user
- secretKey: password - secretKey: password
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/valkey key: /cl01tl/directus/valkey
metadataPolicy: None
property: password property: password

37
clusters/cl01tl/helm/directus/values.yaml
View File

@@ -4,11 +4,12 @@ directus:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: ghcr.io/directus/directus repository: directus/directus
tag: 11.17.0@sha256:076269ccbe7d4a0c44ce5f5b7f11e2ea5f7b3e4c4f704c0f88a52805e069c1c6 tag: 11.16.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: PUBLIC_URL - name: PUBLIC_URL
@@ -143,7 +144,7 @@ directus:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 1Gi memory: 256Mi
service: service:
main: main:
controller: main controller: main
@@ -179,8 +180,11 @@ directus:
- directus.alexlebens.net - directus.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: directus - group: ''
kind: Service
name: directus
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -198,12 +202,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 15 14 * * *" schedule: "0 15 14 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
valkey: valkey:
valkey: valkey:
auth: auth:
@@ -212,3 +239,5 @@ valkey:
aclUsers: aclUsers:
default: default:
permissions: "~* &* +@all" permissions: "~* &* +@all"
metrics:
enabled: false

5
clusters/cl01tl/helm/elastic-operator/Chart.yaml
View File

@@ -6,7 +6,8 @@ keywords:
- elastic-operator - elastic-operator
- operator - operator
- elastic-search - elastic-search
home: https://docs.alexlebens.dev/applications/elastic-operator/ - kubernetes
home: https://wiki.alexlebens.dev/s/
sources: sources:
- https://github.com/elastic/cloud-on-k8s - https://github.com/elastic/cloud-on-k8s
- https://github.com/elastic/cloud-on-k8s/tree/main/deploy/eck-operator - https://github.com/elastic/cloud-on-k8s/tree/main/deploy/eck-operator
@@ -16,6 +17,6 @@ dependencies:
- name: eck-operator - name: eck-operator
version: 3.3.1 version: 3.3.1
repository: https://helm.elastic.co repository: https://helm.elastic.co
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/elastic.png icon: https://helm.elastic.co/icons/eck.png
# renovate: datasource=github-releases depName=elastic/cloud-on-k8s # renovate: datasource=github-releases depName=elastic/cloud-on-k8s
appVersion: v3.3.1 appVersion: v3.3.1

7
clusters/cl01tl/helm/elastic-operator/values.yaml
View File

@@ -4,13 +4,6 @@ eck-operator:
- stalwart - stalwart
installCRDs: true installCRDs: true
replicaCount: 2 replicaCount: 2
resources:
limits:
cpu: null
memory: null
requests:
cpu: 2m
memory: 50Mi
telemetry: telemetry:
disabled: true disabled: true
config: config:

6
clusters/cl01tl/helm/element-web/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies: dependencies:
- name: element-web - name: element-web
repository: https://ananace.gitlab.io/charts repository: https://ananace.gitlab.io/charts
version: 1.4.33 version: 1.4.32
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.4.0
digest: sha256:63b0e582d42fb42bcf4d96ba4b299e42c434c42f284208596808288543192fe0 digest: sha256:49d9dd45eff7cbbc11644e4a8bd3c9d3bf84716ed034a76f097f0ba1fea4c934
generated: "2026-03-24T16:11:50.424321433Z" generated: "2026-03-11T16:04:17.556777286Z"

12
clusters/cl01tl/helm/element-web/Chart.yaml
View File

@@ -4,22 +4,24 @@ version: 1.0.0
description: Element Web description: Element Web
keywords: keywords:
- element-web - element-web
- matrix-chat - chat
home: https://docs.alexlebens.dev/applications/element-web/ - matrix
home: https://wiki.alexlebens.dev/s/e3b03481-1a1d-4b56-8cd9-e75a8dcc0f6c
sources: sources:
- https://github.com/element-hq/element-web - https://github.com/element-hq/element-web
- https://github.com/element-hq/element-web/pkgs/container/element-web - https://github.com/cloudflare/cloudflared
- https://hub.docker.com/r/vectorim/element-web
- https://gitlab.com/ananace/charts/-/tree/master/charts/element-web - https://gitlab.com/ananace/charts/-/tree/master/charts/element-web
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: element-web - name: element-web
version: 1.4.33 version: 1.4.32
repository: https://ananace.gitlab.io/charts repository: https://ananace.gitlab.io/charts
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.4.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png
# renovate: datasource=github-releases depName=element-hq/element-web # renovate: datasource=github-releases depName=element-hq/element-web
appVersion: v1.12.13 appVersion: v1.12.12

11
clusters/cl01tl/helm/element-web/values.yaml
View File

@@ -1,8 +1,9 @@
element-web: element-web:
replicaCount: 1 replicaCount: 1
image: image:
repository: ghcr.io/element-hq/element-web repository: vectorim/element-web
tag: v1.12.13@sha256:5107e63026c13ed014f743e485821b7d4b56d275a41e76303859bb14f5f94eb6 tag: v1.12.12
pullPolicy: IfNotPresent
defaultServer: defaultServer:
url: https://matrix.alexlebens.dev url: https://matrix.alexlebens.dev
name: alexlebens.dev name: alexlebens.dev
@@ -17,7 +18,9 @@ element-web:
immediate: true immediate: true
default_theme: dark default_theme: dark
default_country_code: US default_country_code: US
ingress:
enabled: false
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 10Mi memory: 128Mi

6
clusters/cl01tl/helm/eraser/Chart.yaml
View File

@@ -5,10 +5,10 @@ description: Eraser
keywords: keywords:
- eraser - eraser
- images - images
home: https://docs.alexlebens.dev/applications/eraser/ - kubernetes
home: https://wiki.alexlebens.dev/s/bb53ffae-0eda-4ed6-9fdd-894e672b4377
sources: sources:
- https://github.com/eraser-dev/eraser - https://github.com/eraser-dev/eraser
- https://github.com/eraser-dev/eraser/pkgs/container/eraser-manager
- https://github.com/eraser-dev/eraser/tree/main/charts/eraser - https://github.com/eraser-dev/eraser/tree/main/charts/eraser
maintainers: maintainers:
- name: alexlebens - name: alexlebens
@@ -16,6 +16,6 @@ dependencies:
- name: eraser - name: eraser
version: 1.4.1 version: 1.4.1
repository: https://eraser-dev.github.io/eraser/charts repository: https://eraser-dev.github.io/eraser/charts
icon: https://raw.githubusercontent.com/eraser-dev/eraser/refs/heads/main/images/eraser-logo-color-1c.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
# renovate: datasource=github-releases depName=eraser-dev/eraser # renovate: datasource=github-releases depName=eraser-dev/eraser
appVersion: v1.4.1 appVersion: v1.4.1

69
clusters/cl01tl/helm/eraser/values.yaml
View File

@@ -1,37 +1,70 @@
eraser: eraser:
runtimeConfig: runtimeConfig:
apiVersion: eraser.sh/v1alpha3
kind: EraserConfig
manager: manager:
runtime:
name: containerd
address: unix:///run/containerd/containerd.sock
logLevel: info
scheduling: scheduling:
repeatInterval: 24h repeatInterval: 24h
beginImmediately: true beginImmediately: true
profile:
enabled: false
port: 6060
imageJob: imageJob:
successRatio: 1.0
cleanup: cleanup:
delayOnSuccess: 0s delayOnSuccess: 0s
delayOnFailure: 24h delayOnFailure: 24h
nodeFilter:
type: exclude
selectors:
- eraser.sh/cleanup.filter
- kubernetes.io/os=windows
components: components:
collector: collector:
image: enabled: true
repo: ghcr.io/eraser-dev/collector
tag: v1.4.1@sha256:827588ff826c3558bf2c50b1fc94f20122b054dfcf3480c3ffe6f0bae25c3dad
request: request:
cpu: 1m cpu: 10m
memory: 20Mi memory: 128Mi
scanner: scanner:
enabled: false enabled: false
remover:
image:
repo: ghcr.io/eraser-dev/remover
tag: v1.4.1@sha256:e57592157d717588f69c011cd0b6ab783a19a53b447a5350b27e7e66aae67525
request: request:
cpu: 1m cpu: 100m
memory: 20Mi memory: 128Mi
config: "" # |
# cacheDir: /var/lib/trivy
# dbRepo: ghcr.io/aquasecurity/trivy-db
# deleteFailedImages: true
# deleteEOLImages: true
# vulnerabilities:
# ignoreUnfixed: true
# types:
# - os
# - library
# securityChecks:
# - vuln
# severities:
# - CRITICAL
# - HIGH
# - MEDIUM
# - LOW
# ignoredStatuses:
# timeout:
# total: 23h
# perImage: 1h
remover:
request:
cpu: 10m
memory: 128Mi
deploy: deploy:
image: securityContext:
repo: ghcr.io/eraser-dev/eraser-manager allowPrivilegeEscalation: false
tag: v1.4.1@sha256:5f18fb7da4ccad93a8643ece496681f1489b0d7b0ce45e18a94774cf8b6a717d
resources: resources:
limits:
memory: null
requests: requests:
cpu: 1m cpu: 10m
memory: 20Mi memory: 30Mi
nodeSelector:
kubernetes.io/os: linux

3
clusters/cl01tl/helm/excalidraw/Chart.yaml
View File

@@ -4,8 +4,7 @@ version: 1.0.0
description: Excalidraw description: Excalidraw
keywords: keywords:
- excalidraw - excalidraw
- drawing home: https://wiki.alexlebens.dev/
home: https://docs.alexlebens.dev/applications/eraser/
sources: sources:
- https://github.com/excalidraw/excalidraw - https://github.com/excalidraw/excalidraw
- https://hub.docker.com/r/excalidraw/excalidraw - https://hub.docker.com/r/excalidraw/excalidraw

11
clusters/cl01tl/helm/excalidraw/values.yaml
View File

@@ -4,11 +4,13 @@ excalidraw:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: excalidraw/excalidraw repository: excalidraw/excalidraw
tag: latest@sha256:3c2513e830bb6e195147c05b34ecf8393d0ba2b1cc86e93b407a5777d6135c6c tag: latest@sha256:3c2513e830bb6e195147c05b34ecf8393d0ba2b1cc86e93b407a5777d6135c6c
pullPolicy: IfNotPresent
env: env:
- name: NODE_ENV - name: NODE_ENV
value: production value: production
@@ -16,8 +18,8 @@ excalidraw:
value: America/Chicago value: America/Chicago
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 10Mi memory: 128Mi
service: service:
main: main:
controller: main controller: main
@@ -38,8 +40,11 @@ excalidraw:
- excalidraw.alexlebens.net - excalidraw.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: excalidraw - group: ''
kind: Service
name: excalidraw
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix

5
clusters/cl01tl/helm/external-dns/Chart.yaml
View File

@@ -5,10 +5,11 @@ description: External DNS
keywords: keywords:
- external-dns - external-dns
- dns - dns
home: https://docs.alexlebens.dev/applications/eraser/ - unifi
- kubernetes
home: https://wiki.alexlebens.dev/s/7b50e4da-5dc1-4f62-baf9-14b5fed64552
sources: sources:
- https://github.com/kubernetes-sigs/external-dns - https://github.com/kubernetes-sigs/external-dns
- https://github.com/kashalls/external-dns-unifi-webhook
- https://github.com/kubernetes-sigs/external-dns/tree/master/charts/external-dns - https://github.com/kubernetes-sigs/external-dns/tree/master/charts/external-dns
maintainers: maintainers:
- name: alexlebens - name: alexlebens

3
clusters/cl01tl/helm/external-dns/templates/external-secret.yaml
View File

@@ -14,5 +14,8 @@ spec:
data: data:
- secretKey: api-key - secretKey: api-key
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /unifi/auth/cl01tl key: /unifi/auth/cl01tl
metadataPolicy: None
property: api-key property: api-key

18
clusters/cl01tl/helm/external-dns/values.yaml
View File

@@ -1,27 +1,25 @@
external-dns-unifi: external-dns-unifi:
fullnameOverride: external-dns-unifi fullnameOverride: external-dns-unifi
resources:
requests:
cpu: 1m
memory: 80Mi
serviceMonitor: serviceMonitor:
enabled: true enabled: true
interval: 360m interval: 1m
sources: sources:
- ingress
- crd - crd
- gateway-httproute - gateway-httproute
- gateway-tlsroute - gateway-tlsroute
policy: sync policy: sync
registry: txt
txtOwnerId: default txtOwnerId: default
txtPrefix: k8s. txtPrefix: k8s.
domainFilters: ["alexlebens.net"] domainFilters: ["alexlebens.net"]
excludeDomains: ["alexlebens.dev"] excludeDomains: []
provider: provider:
name: webhook name: webhook
webhook: webhook:
image: image:
repository: ghcr.io/kashalls/external-dns-unifi-webhook repository: ghcr.io/kashalls/external-dns-unifi-webhook
tag: v0.8.2@sha256:7f0ddbbc83a36a2a9d762e25eef9cafcb3adf0493068a27d72ae71087eafe6f0 tag: v0.8.2
env: env:
- name: UNIFI_HOST - name: UNIFI_HOST
value: https://192.168.1.1 value: https://192.168.1.1
@@ -31,14 +29,18 @@ external-dns-unifi:
name: external-dns-unifi-secret name: external-dns-unifi-secret
key: api-key key: api-key
- name: LOG_LEVEL - name: LOG_LEVEL
value: info value: debug
livenessProbe: livenessProbe:
httpGet: httpGet:
path: /healthz path: /healthz
port: http-webhook port: http-webhook
initialDelaySeconds: 10
timeoutSeconds: 5
readinessProbe: readinessProbe:
httpGet: httpGet:
path: /readyz path: /readyz
port: http-webhook port: http-webhook
initialDelaySeconds: 10
timeoutSeconds: 5
extraArgs: extraArgs:
- --ignore-ingress-tls-spec - --ignore-ingress-tls-spec

6
clusters/cl01tl/helm/external-secrets/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: external-secrets - name: external-secrets
repository: https://charts.external-secrets.io repository: https://charts.external-secrets.io
version: 2.2.0 version: 2.1.0
digest: sha256:3894df20e1f3d56bc9789177181a84d8ae1402ef76ec6328e417ce5a568738ae digest: sha256:b19563d51f1922403185979c6c442531a7bb13d302e8438b5a18d450259b7245
generated: "2026-03-26T19:19:15.734454-05:00" generated: "2026-03-07T18:02:23.908145348Z"

12
clusters/cl01tl/helm/external-secrets/Chart.yaml
View File

@@ -5,17 +5,15 @@ description: External Secrets
keywords: keywords:
- external-secrets - external-secrets
- secrets - secrets
- operator - vault
home: https://docs.alexlebens.dev/applications/eraser/ home: https://wiki.alexlebens.dev/s/d29044fb-0d63-4500-8853-2971964f356a
sources: sources:
- https://github.com/external-secrets/external-secrets - https://github.com/external-secrets/external-secrets
- https://github.com/external-secrets/external-secrets/pkgs/container/external-secrets
- https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets - https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets
dependencies: dependencies:
- name: external-secrets - name: external-secrets
alias: external-secrets version: 2.1.0
version: 2.2.0
repository: https://charts.external-secrets.io repository: https://charts.external-secrets.io
icon: https://raw.githubusercontent.com/external-secrets/external-secrets/refs/heads/main/assets/eso-logo-large.png icon: https://avatars.githubusercontent.com/u/68335991?s=48&v=4
# renovate: datasource=github-releases depName=external-secrets/external-secrets # renovate: datasource=github-releases depName=external-secrets/external-secrets
appVersion: v2.2.0 appVersion: v2.1.0

44
clusters/cl01tl/helm/external-secrets/values.yaml
View File

@@ -1,44 +0,0 @@
external-secrets:
replicaCount: 3
image:
repository: ghcr.io/external-secrets/external-secrets
tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
installCRDs: true
crds:
createClusterExternalSecret: true
createClusterSecretStore: true
createSecretStore: true
createClusterGenerator: true
createClusterPushSecret: true
createPushSecret: true
leaderElect: true
extendedMetricLabels: true
resources:
requests:
cpu: 5m
memory: 50Mi
serviceMonitor:
enabled: true
livenessProbe:
enabled: true
readinessProbe:
enabled: true
podDisruptionBudget:
enabled: true
minAvailable: 1
webhook:
image:
repository: ghcr.io/external-secrets/external-secrets
tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
resources:
requests:
cpu: 1m
memory: 30Mi
certController:
image:
repository: ghcr.io/external-secrets/external-secrets
tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
resources:
requests:
cpu: 1m
memory: 60Mi

9
clusters/cl01tl/helm/foldergram/Chart.lock
View File

@@ -1,9 +0,0 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:59100c6fbfb829f9d703b9ee1cf869c4fd77b6ff53c63b0c644a757223027e58
generated: "2026-03-22T12:42:43.150705-05:00"

27
clusters/cl01tl/helm/foldergram/Chart.yaml
View File

@@ -1,27 +0,0 @@
apiVersion: v2
name: foldergram
version: 1.0.0
description: Foldergram
keywords:
- foldergram
- pictures
home: https://docs.alexlebens.dev/applications/foldergram/
sources:
- https://github.com/foldergram/foldergram
- https://github.com/foldergram/foldergram/pkgs/container/foldergram
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: foldergram
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: volsync-target
alias: volsync-target-data
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://raw.githubusercontent.com/foldergram/foldergram/refs/heads/main/client/public/icon-512.png
# renovate: datasource=github-releases depName=foldergram/foldergram
appVersion: v1.0.6

17
clusters/cl01tl/helm/foldergram/templates/persistent-volume-claim.yaml
View File

@@ -1,17 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: foldergram-pictures-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: foldergram-pictures-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: foldergram-pictures-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

23
clusters/cl01tl/helm/foldergram/templates/persistent-volume.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: foldergram-pictures-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: foldergram-pictures-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Pictures
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

82
clusters/cl01tl/helm/foldergram/values.yaml
View File

@@ -1,82 +0,0 @@
foldergram:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
containers:
main:
image:
repository: ghcr.io/foldergram/foldergram
tag: 1.0.8@sha256:3546dc1da4ec12cb27aaecbf77896d708ac7601eb0225e0f6e181d7ef35273f9
pullPolicy: IfNotPresent
env:
- name: IMAGE_DETAIL_SOURCE
value: original
- name: DERIVATIVE_MODE
value: lazy
- name: DATA_ROOT
value: ./data
- name: GALLERY_ROOT
value: /gallery
- name: CSRF_TRUSTED_ORIGINS
value: https://foldergram.alexlebens.net
resources:
requests:
cpu: 1m
memory: 230Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 4141
protocol: HTTP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- foldergram.alexlebens.net
rules:
- backendRefs:
- name: foldergram
port: 80
matches:
- path:
type: PathPrefix
value: /
persistence:
cache:
forceRename: foldergram-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
advancedMounts:
main:
main:
- path: /app/data
readOnly: false
pictures:
existingClaim: foldergram-pictures-nfs-storage
advancedMounts:
main:
main:
- path: /gallery/pictures
readOnly: true
volsync-target-data:
pvcTarget: foldergram-data
local:
enabled: true
schedule: 46 11 * * *
remote:
enabled: true
schedule: 46 12 * * *
external:
enabled: true
schedule: 46 13 * * *

5
clusters/cl01tl/helm/freshrss/Chart.yaml
View File

@@ -5,14 +5,15 @@ description: FreshRSS
keywords: keywords:
- freshrss - freshrss
- rss - rss
home: https://docs.alexlebens.dev/applications/freshrss/ home: https://wiki.alexlebens.dev/s/251cb7cb-2797-4bbb-8597-32757aa96391
sources: sources:
- https://github.com/FreshRSS/FreshRSS - https://github.com/FreshRSS/FreshRSS
- https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/freshrss/freshrss - https://hub.docker.com/r/freshrss/freshrss
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:

18
clusters/cl01tl/helm/freshrss/templates/external-secret.yaml
View File

@@ -14,15 +14,24 @@ spec:
data: data:
- secretKey: ADMIN_EMAIL - secretKey: ADMIN_EMAIL
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/freshrss/config key: /cl01tl/freshrss/config
metadataPolicy: None
property: ADMIN_EMAIL property: ADMIN_EMAIL
- secretKey: ADMIN_PASSWORD - secretKey: ADMIN_PASSWORD
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/freshrss/config key: /cl01tl/freshrss/config
metadataPolicy: None
property: ADMIN_PASSWORD property: ADMIN_PASSWORD
- secretKey: ADMIN_API_PASSWORD - secretKey: ADMIN_API_PASSWORD
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/freshrss/config key: /cl01tl/freshrss/config
metadataPolicy: None
property: ADMIN_API_PASSWORD property: ADMIN_API_PASSWORD
--- ---
@@ -42,13 +51,22 @@ spec:
data: data:
- secretKey: OIDC_CLIENT_ID - secretKey: OIDC_CLIENT_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/freshrss key: /authentik/oidc/freshrss
metadataPolicy: None
property: client property: client
- secretKey: OIDC_CLIENT_SECRET - secretKey: OIDC_CLIENT_SECRET
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/freshrss key: /authentik/oidc/freshrss
metadataPolicy: None
property: secret property: secret
- secretKey: OIDC_CLIENT_CRYPTO_KEY - secretKey: OIDC_CLIENT_CRYPTO_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/freshrss key: /authentik/oidc/freshrss
metadataPolicy: None
property: crypto-key property: crypto-key

125
clusters/cl01tl/helm/freshrss/values.yaml
View File

@@ -4,11 +4,84 @@ freshrss:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
initContainers:
init-download-extension-1:
securityContext:
runAsUser: 0
image:
repository: alpine
tag: 3.23.3
pullPolicy: IfNotPresent
command:
- /bin/sh
- -ec
- |
apk add --no-cache git;
cd /tmp;
git clone -n --depth=1 --filter=tree:0 https://github.com/cn-tools/cntools_FreshRssExtensions.git;
cd cntools_FreshRssExtensions;
git sparse-checkout set --no-cone /xExtension-YouTubeChannel2RssFeed;
git checkout;
rm -rf /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed
cp -r xExtension-YouTubeChannel2RssFeed /var/www/FreshRSS/extensions
chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed
resources:
requests:
cpu: 10m
memory: 128Mi
init-download-extension-2:
securityContext:
runAsUser: 0
image:
repository: alpine
tag: 3.23.3
pullPolicy: IfNotPresent
command:
- /bin/sh
- -ec
- |
apk add --no-cache git;
cd /tmp;
git clone -n --depth=1 --filter=tree:0 https://github.com/FreshRSS/Extensions.git;
cd Extensions;
git sparse-checkout set --no-cone /xExtension-ImageProxy;
git checkout;
rm -rf /var/www/FreshRSS/extensions/xExtension-ImageProxy
cp -r xExtension-ImageProxy /var/www/FreshRSS/extensions
chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-ImageProxy
resources:
requests:
cpu: 10m
memory: 128Mi
init-download-extension-3:
securityContext:
runAsUser: 0
image:
repository: alpine
tag: 3.23.3
pullPolicy: IfNotPresent
command:
- /bin/sh
- -ec
- |
cd /tmp;
wget https://github.com/zimmra/xExtension-karakeep-button/archive/refs/tags/v1.1.tar.gz;
tar -xvzf *.tar.gz;
rm -rf /var/www/FreshRSS/extensions/xExtension-karakeep-button
mkdir /var/www/FreshRSS/extensions/xExtension-karakeep-button
cp -r /tmp/xExtension-karakeep-button-*/* /var/www/FreshRSS/extensions/xExtension-karakeep-button
chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-karakeep-button
resources:
requests:
cpu: 10m
memory: 128Mi
containers: containers:
main: main:
image: image:
repository: freshrss/freshrss repository: freshrss/freshrss
tag: 1.28.1@sha256:9100f649f5c946f589f54cdb9be7a65996528f48f691ef90eb262a0e06e5a522 tag: 1.28.1
pullPolicy: IfNotPresent
env: env:
- name: PGID - name: PGID
value: "568" value: "568"
@@ -78,7 +151,7 @@ freshrss:
name: freshrss-install-secret name: freshrss-install-secret
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 128Mi memory: 128Mi
service: service:
main: main:
@@ -94,11 +167,31 @@ freshrss:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 5Gi size: 5Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
- path: /var/www/FreshRSS/data - path: /var/www/FreshRSS/data
readOnly: false readOnly: false
extensions:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
init-download-extension-1:
- path: /var/www/FreshRSS/extensions
readOnly: false
init-download-extension-2:
- path: /var/www/FreshRSS/extensions
readOnly: false
init-download-extension-3:
- path: /var/www/FreshRSS/extensions
readOnly: false
main:
- path: /var/www/FreshRSS/extensions
readOnly: false
postgres-18-cluster: postgres-18-cluster:
mode: recovery mode: recovery
recovery: recovery:
@@ -112,12 +205,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 20 14 * * *" schedule: "0 20 14 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-data: volsync-target-data:
pvcTarget: freshrss-data pvcTarget: freshrss-data
moverSecurityContext: moverSecurityContext:
@@ -125,6 +241,11 @@ volsync-target-data:
runAsGroup: 568 runAsGroup: 568
fsGroup: 568 fsGroup: 568
fsGroupChangePolicy: OnRootMismatch fsGroupChangePolicy: OnRootMismatch
supplementalGroups:
- 44
- 100
- 109
- 65539
local: local:
enabled: true enabled: true
schedule: 18 8 * * * schedule: 18 8 * * *

11
clusters/cl01tl/helm/garage/Chart.yaml
View File

@@ -4,13 +4,12 @@ version: 1.0.0
description: Garage description: Garage
keywords: keywords:
- garage - garage
- storage
- s3 - s3
home: https://docs.alexlebens.dev/applications/garage/ home: https://wiki.alexlebens.dev/s/
sources: sources:
- https://git.deuxfleurs.fr/Deuxfleurs/garage - https://git.deuxfleurs.fr/Deuxfleurs/garage
- https://github.com/khairul169/garage-webui
- https://hub.docker.com/r/dxflrs/garage - https://hub.docker.com/r/dxflrs/garage
- https://hub.docker.com/r/khairul169/garage-webui
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers: maintainers:
- name: alexlebens - name: alexlebens
@@ -19,6 +18,6 @@ dependencies:
alias: garage alias: garage
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/garage.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
# renovate: datasource=docker depName=dxflrs/garage # renovate: datasource=github-releases depName=deuxfleurs-org/garage
appVersion: v2.2.0 appVersion: v2.1.0

9
clusters/cl01tl/helm/garage/templates/external-secret.yaml
View File

@@ -14,13 +14,22 @@ spec:
data: data:
- secretKey: GARAGE_RPC_SECRET - secretKey: GARAGE_RPC_SECRET
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/garage/token key: /cl01tl/garage/token
metadataPolicy: None
property: rpc property: rpc
- secretKey: GARAGE_ADMIN_TOKEN - secretKey: GARAGE_ADMIN_TOKEN
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/garage/token key: /cl01tl/garage/token
metadataPolicy: None
property: admin property: admin
- secretKey: GARAGE_METRICS_TOKEN - secretKey: GARAGE_METRICS_TOKEN
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/garage/token key: /cl01tl/garage/token
metadataPolicy: None
property: metric property: metric

63
clusters/cl01tl/helm/garage/values.yaml
View File

@@ -4,6 +4,7 @@ garage:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
pod: pod:
labels: labels:
garage-type: server garage-type: server
@@ -21,18 +22,32 @@ garage:
main: main:
image: image:
repository: dxflrs/garage repository: dxflrs/garage
tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4 tag: v2.2.0
pullPolicy: IfNotPresent
envFrom: envFrom:
- secretRef: - secretRef:
name: garage-token-secret name: garage-token-secret
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 400Mi memory: 128Mi
debug:
image:
repository: ubuntu
tag: resolute-20260312
pullPolicy: IfNotPresent
command:
- "sleep"
- "infinity"
resources:
requests:
cpu: 10m
memory: 32Mi
server-2: server-2:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
pod: pod:
labels: labels:
garage-type: server garage-type: server
@@ -50,18 +65,20 @@ garage:
main: main:
image: image:
repository: dxflrs/garage repository: dxflrs/garage
tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4 tag: v2.2.0
pullPolicy: IfNotPresent
envFrom: envFrom:
- secretRef: - secretRef:
name: garage-token-secret name: garage-token-secret
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 400Mi memory: 128Mi
server-3: server-3:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
pod: pod:
labels: labels:
garage-type: server garage-type: server
@@ -79,23 +96,26 @@ garage:
main: main:
image: image:
repository: dxflrs/garage repository: dxflrs/garage
tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4 tag: v2.2.0
pullPolicy: IfNotPresent
envFrom: envFrom:
- secretRef: - secretRef:
name: garage-token-secret name: garage-token-secret
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 400Mi memory: 128Mi
webui: webui:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: khairul169/garage-webui repository: khairul169/garage-webui
tag: 1.1.0@sha256:17c793551873155065bf9a022dabcde874de808a1f26e648d4b82e168806439c tag: 1.1.0
pullPolicy: IfNotPresent
env: env:
- name: API_BASE_URL - name: API_BASE_URL
value: http://garage-main.garage:3903 value: http://garage-main.garage:3903
@@ -108,8 +128,8 @@ garage:
key: GARAGE_ADMIN_TOKEN key: GARAGE_ADMIN_TOKEN
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 10Mi memory: 128Mi
configMaps: configMaps:
config: config:
enabled: true enabled: true
@@ -300,8 +320,11 @@ garage:
- garage-webui.alexlebens.net - garage-webui.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: garage-webui - group: ''
kind: Service
name: garage-webui
port: 3909 port: 3909
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -317,8 +340,11 @@ garage:
- garage-s3.alexlebens.net - garage-s3.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: garage-main - group: ''
kind: Service
name: garage-main
port: 3900 port: 3900
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -335,6 +361,11 @@ garage:
readOnly: true readOnly: true
mountPropagation: None mountPropagation: None
subPath: garage-1.toml subPath: garage-1.toml
debug:
- path: /etc/garage.toml
readOnly: true
mountPropagation: None
subPath: garage-1.toml
server-2: server-2:
main: main:
- path: /etc/garage.toml - path: /etc/garage.toml
@@ -358,16 +389,21 @@ garage:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 50Gi size: 50Gi
retain: true
advancedMounts: advancedMounts:
server-1: server-1:
main: main:
- path: /var/lib/garage/meta - path: /var/lib/garage/meta
readOnly: false readOnly: false
debug:
- path: /var/lib/garage/meta
readOnly: false
db-2: db-2:
forceRename: garage-db-2 forceRename: garage-db-2
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 50Gi size: 50Gi
retain: true
advancedMounts: advancedMounts:
server-2: server-2:
main: main:
@@ -378,6 +414,7 @@ garage:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 50Gi size: 50Gi
retain: true
advancedMounts: advancedMounts:
server-3: server-3:
main: main:
@@ -388,11 +425,15 @@ garage:
storageClass: synology-iscsi-delete storageClass: synology-iscsi-delete
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 800Gi size: 800Gi
retain: true
advancedMounts: advancedMounts:
server-1: server-1:
main: main:
- path: /var/lib/garage/data - path: /var/lib/garage/data
readOnly: false readOnly: false
debug:
- path: /var/lib/garage/data
readOnly: false
data-2: data-2:
forceRename: garage-data-2 forceRename: garage-data-2
storageClass: synology-iscsi-delete storageClass: synology-iscsi-delete

13
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -161,11 +161,8 @@ gatus:
- name: photoview - name: photoview
url: https://photoview.alexlebens.net url: https://photoview.alexlebens.net
<<: *defaults <<: *defaults
- name: foldergram - name: booklore
url: https://foldergram.alexlebens.net url: https://booklore.alexlebens.net
<<: *defaults
- name: grimmory
url: https://grimmory.alexlebens.net
<<: *defaults <<: *defaults
- name: directus - name: directus
url: https://directus.alexlebens.net url: https://directus.alexlebens.net
@@ -194,9 +191,6 @@ gatus:
- name: excalidraw - name: excalidraw
url: https://excalidraw.alexlebens.net url: https://excalidraw.alexlebens.net
<<: *defaults <<: *defaults
- name: languagetool
url: https://languagetool.alexlebens.net
<<: *defaults
- name: gitea - name: gitea
url: https://gitea.alexlebens.net url: https://gitea.alexlebens.net
<<: *defaults <<: *defaults
@@ -310,9 +304,6 @@ gatus:
- name: tdarr - name: tdarr
url: https://tdarr.alexlebens.net url: https://tdarr.alexlebens.net
<<: *defaults <<: *defaults
- name: houndarr
url: https://houndarr.alexlebens.net
<<: *defaults
- name: sonarr - name: sonarr
url: http://sonarr.sonarr:80 url: http://sonarr.sonarr:80
<<: *defaults <<: *defaults

6
clusters/cl01tl/helm/generic-device-plugin/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: generic-device-plugin - name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.26 version: 0.20.23
digest: sha256:47d12b7555d345dea0438d13ac538896994dbd44b142b9a546dbfe5c0939a92b digest: sha256:1565d6e94921e2543bf4c302ddebb7504fbfd9113c976e4d297de18e9a0c06c6
generated: "2026-03-24T16:59:26.537547513Z" generated: "2026-03-19T01:04:01.714112981Z"

2
clusters/cl01tl/helm/generic-device-plugin/Chart.yaml
View File

@@ -15,6 +15,6 @@ maintainers:
dependencies: dependencies:
- name: generic-device-plugin - name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.26 version: 0.20.23
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: 1.0.0 appVersion: 1.0.0

6
clusters/cl01tl/helm/gitea/Chart.lock
View File

@@ -7,7 +7,7 @@ dependencies:
version: 0.0.3 version: 0.0.3
- name: meilisearch - name: meilisearch
repository: https://meilisearch.github.io/meilisearch-kubernetes repository: https://meilisearch.github.io/meilisearch-kubernetes
version: 0.29.0 version: 0.28.0
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.4.0
@@ -23,5 +23,5 @@ dependencies:
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:65910bce24fc36bd8e3e4ab0d79c2a18ae076b34aff28bfea8a60598707fe617 digest: sha256:238b7653c9d12c4886a56350b6d66217dbe7ecbb76078a846c7cc2c8cb450eb3
generated: "2026-03-26T16:02:55.325421053Z" generated: "2026-03-16T15:56:55.197735783Z"

2
clusters/cl01tl/helm/gitea/Chart.yaml
View File

@@ -33,7 +33,7 @@ dependencies:
repository: https://dl.gitea.com/charts/ repository: https://dl.gitea.com/charts/
version: 0.0.3 version: 0.0.3
- name: meilisearch - name: meilisearch
version: 0.29.0 version: 0.28.0
repository: https://meilisearch.github.io/meilisearch-kubernetes repository: https://meilisearch.github.io/meilisearch-kubernetes
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts

19
clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml
View File

@@ -377,6 +377,25 @@ spec:
resyncPeriod: 1h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/tdarr.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/tdarr.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: grafana-dashboard-trivy
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-dashboard-trivy
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 1h
folderUID: grafana-folder-service
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/trivy.json
--- ---
apiVersion: grafana.integreatly.org/v1beta1 apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard kind: GrafanaDashboard

31
clusters/cl01tl/helm/grimmory/Chart.yaml
View File

@@ -1,31 +0,0 @@
apiVersion: v2
name: grimmory
version: 1.0.0
description: Grimmory
keywords:
- grimmory
- books
home: https://docs.alexlebens.dev/applications/grimmory/
sources:
- https://github.com/grimmory-tools/grimmory
- https://github.com/grimmory-tools/grimmory/pkgs/container/grimmory
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://github.com/mariadb-operator/mariadb-operator/tree/main/deploy/charts/mariadb-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: grimmory
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: mariadb-cluster
version: 26.3.0
repository: https://helm.mariadb.com/mariadb-operator
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/grimmory.png
# renovate: datasource=github-releases depName=grimmory-tools/grimmory
appVersion: v2.3.0

2
clusters/cl01tl/helm/harbor/Chart.yaml
View File

@@ -29,4 +29,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/harbor.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/harbor.png
# renovate: datasource=github-releases depName=goharbor/harbor # renovate: datasource=github-releases depName=goharbor/harbor
appVersion: v2.15.0 appVersion: v2.14.3

22
clusters/cl01tl/helm/harbor/values.yaml
View File

@@ -40,21 +40,21 @@ harbor:
enabled: true enabled: true
portal: portal:
image: image:
repository: ghcr.io/goharbor/harbor-portal repository: goharbor/harbor-portal
tag: v2.15.0@sha256:541d5fa95bf77240d46a438f86245cdfd6afa6dd7fdd0cf4dd4c905af6a980b1 tag: v2.15.0
replicas: 2 replicas: 2
core: core:
image: image:
repository: ghcr.io/goharbor/harbor-core repository: goharbor/harbor-core
tag: v2.15.0@sha256:32a13f6693a278261e9c9cb7eb606c5e2aa021308ae44fdc73225755048500a8 tag: v2.15.0
replicas: 2 replicas: 2
existingSecret: harbor-secret existingSecret: harbor-secret
secretName: harbor-secret secretName: harbor-secret
existingXsrfSecret: harbor-secret existingXsrfSecret: harbor-secret
jobservice: jobservice:
image: image:
repository: ghcr.io/goharbor/harbor-jobservice repository: goharbor/harbor-jobservice
tag: v2.15.0@sha256:a22c7cccba4673b26ffb96f5c37971d85d879dd837bc82448e01c0170b68cf28 tag: v2.15.0
replicas: 2 replicas: 2
jobLoggers: jobLoggers:
- stdout - stdout
@@ -63,11 +63,11 @@ harbor:
registry: registry:
image: image:
repository: goharbor/registry-photon repository: goharbor/registry-photon
tag: v2.15.0@sha256:beb49fd16cf0906c04a2bf51a22f7210289e7cc2ae43a733e2a0364380aceae6 tag: v2.15.0
controller: controller:
image: image:
repository: ghcr.io/goharbor/harbor-registryctl repository: goharbor/harbor-registryctl
tag: v2.15.0@sha256:463172f71d3a1e8d4f9e3b4e687a447f41fbc3126316d8c150dba04a903bbc47 tag: v2.15.0
existingSecret: harbor-secret existingSecret: harbor-secret
relativeurls: true relativeurls: true
credentials: credentials:
@@ -93,8 +93,8 @@ harbor:
addr: harbor-valkey.harbor:6379 addr: harbor-valkey.harbor:6379
exporter: exporter:
image: image:
repository: ghcr.io/goharbor/harbor-exporter repository: goharbor/harbor-exporter
tag: v2.15.0@sha256:ad065e4e1a0ee900a0bb1a03d57028ed4b51dc04933f5c1cb5c4aee301a72ddb tag: v2.15.0
replicas: 2 replicas: 2
postgres-18-cluster: postgres-18-cluster:
mode: recovery mode: recovery

6
clusters/cl01tl/helm/headlamp/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: headlamp - name: headlamp
repository: https://kubernetes-sigs.github.io/headlamp/ repository: https://kubernetes-sigs.github.io/headlamp/
version: 0.41.0 version: 0.40.1
digest: sha256:b1cbc64b393c6c9e1c460510adab528cee8336735659040b9c517976e5c6f15d digest: sha256:723a57d6fe86a124b8bae7dfc1dde0c2abd60021837826b486054df00551dc03
generated: "2026-03-26T15:07:50.703213905Z" generated: "2026-03-14T15:02:53.184950913Z"

4
clusters/cl01tl/helm/headlamp/Chart.yaml
View File

@@ -14,8 +14,8 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: headlamp - name: headlamp
version: 0.41.0 version: 0.40.1
repository: https://kubernetes-sigs.github.io/headlamp/ repository: https://kubernetes-sigs.github.io/headlamp/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/headlamp.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/headlamp.png
# renovate: datasource=github-releases depName=headlamp-k8s/headlamp # renovate: datasource=github-releases depName=headlamp-k8s/headlamp
appVersion: v0.41.0 appVersion: v0.40.1

3
clusters/cl01tl/helm/headlamp/values.yaml
View File

@@ -25,6 +25,9 @@ headlamp:
- name: cert-manager - name: cert-manager
source: https://artifacthub.io/packages/headlamp/headlamp-plugins/headlamp_cert-manager source: https://artifacthub.io/packages/headlamp/headlamp-plugins/headlamp_cert-manager
version: 0.1.0 version: 0.1.0
- name: trivy
source: https://artifacthub.io/packages/headlamp/headlamp-trivy/headlamp_trivy
version: 0.3.1
- name: external-secrets-operator - name: external-secrets-operator
source: https://artifacthub.io/packages/headlamp/external-secrets-operator-headlamp-plugin/external-secrets-operator source: https://artifacthub.io/packages/headlamp/external-secrets-operator-headlamp-plugin/external-secrets-operator
version: 0.1.0-beta7 version: 0.1.0-beta7

Some files were not shown because too many files have changed in this diff Show More