alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 4 Actions 1 Activity

Compare commits

base: alexlebens:main
Branches Tags
alexlebens:main alexlebens:renovate/kube-prometheus-stack-82.x alexlebens:renovate/cilium-1.x alexlebens:renovate/unified-dock.mau.devmautrixwhatsapp alexlebens:renovate/unified-searxngsearxng alexlebens:manifests
..
compare: alexlebens:136490eaf9e32e879354104552ed1f741304e5c7
Branches Tags
alexlebens:renovate/kube-prometheus-stack-82.x alexlebens:renovate/cilium-1.x alexlebens:renovate/unified-dock.mau.devmautrixwhatsapp alexlebens:renovate/unified-searxngsearxng alexlebens:main alexlebens:manifests

1 Commits
main ... 136490eaf9

Author SHA1 Message Date
Renovate Bot
136490eaf9 chore(deps): update dependency immich-app/immich to v2.6.1
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 47s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 48s
Details
2026-03-20 00:14:40 +00:00
140 changed files with 865 additions and 1305 deletions
Expand all files Collapse all files

8
.gitea/workflows/lint-test-docker.yaml
View File

@@ -21,14 +21,14 @@ jobs:
runs-on: ubuntu-js runs-on: ubuntu-js
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@v6
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Check Branch Exists - name: Check Branch Exists
id: check-branch-exists id: check-branch-exists
if: github.event_name == 'pull_request' if: github.event_name == 'pull_request'
uses: GuillaumeFalourd/branch-exists@650358876c774d6ccbd581b5553eb636dab79a97 # v1.2 uses: GuillaumeFalourd/branch-exists@v1.1
with: with:
branch: "${{ github.base_ref }}" branch: "${{ github.base_ref }}"
@@ -51,7 +51,7 @@ jobs:
- name: Set Up Node.js - name: Set Up Node.js
if: steps.branch-exists.outputs.exists == 'true' if: steps.branch-exists.outputs.exists == 'true'
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 uses: actions/setup-node@v6
with: with:
node-version: '24' node-version: '24'
@@ -120,7 +120,7 @@ jobs:
echo "----" echo "----"
- name: ntfy Failed - name: ntfy Failed
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master uses: niniyas/ntfy-action@master
if: failure() if: failure()
with: with:
url: '${{ secrets.NTFY_URL }}' url: '${{ secrets.NTFY_URL }}'

18
.gitea/workflows/lint-test-helm.yaml
View File

@@ -28,14 +28,14 @@ jobs:
changes-detected: ${{ steps.check-dir-changes.outputs.changes-detected }} changes-detected: ${{ steps.check-dir-changes.outputs.changes-detected }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@v6
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Check Branch Exists - name: Check Branch Exists
id: check-branch-exists id: check-branch-exists
if: github.event_name == 'pull_request' if: github.event_name == 'pull_request'
uses: GuillaumeFalourd/branch-exists@650358876c774d6ccbd581b5553eb636dab79a97 # v1.2 uses: GuillaumeFalourd/branch-exists@v1.1
with: with:
branch: ${{ github.base_ref }} branch: ${{ github.base_ref }}
@@ -58,7 +58,7 @@ jobs:
- name: Set Up Helm - name: Set Up Helm
if: steps.branch-exists.outputs.exists == 'true' if: steps.branch-exists.outputs.exists == 'true'
uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5 uses: azure/setup-helm@v4
with: with:
token: ${{ secrets.GITEA_TOKEN }} token: ${{ secrets.GITEA_TOKEN }}
# renovate: datasource=github-releases depName=helm/helm # renovate: datasource=github-releases depName=helm/helm
@@ -67,7 +67,7 @@ jobs:
- name: Cache Helm Dependencies - name: Cache Helm Dependencies
if: steps.branch-exists.outputs.exists == 'true' if: steps.branch-exists.outputs.exists == 'true'
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 uses: actions/cache@v5
with: with:
path: | path: |
~/.cache/helm ~/.cache/helm
@@ -209,7 +209,7 @@ jobs:
exit $EXIT_CODE exit $EXIT_CODE
- name: ntfy Failed - name: ntfy Failed
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master uses: niniyas/ntfy-action@master
if: failure() if: failure()
with: with:
url: '${{ secrets.NTFY_URL }}' url: '${{ secrets.NTFY_URL }}'
@@ -232,7 +232,7 @@ jobs:
github.event_name == 'pull_request' github.event_name == 'pull_request'
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@v6
with: with:
fetch-depth: 0 fetch-depth: 0
@@ -257,7 +257,7 @@ jobs:
echo "----" echo "----"
- name: Set Up Helm - name: Set Up Helm
uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5 uses: azure/setup-helm@v4
with: with:
token: ${{ secrets.GITEA_TOKEN }} token: ${{ secrets.GITEA_TOKEN }}
# renovate: datasource=github-releases depName=helm/helm # renovate: datasource=github-releases depName=helm/helm
@@ -265,7 +265,7 @@ jobs:
cache: true cache: true
- name: Cache Helm Dependencies - name: Cache Helm Dependencies
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 uses: actions/cache@v5
with: with:
path: | path: |
~/.cache/helm ~/.cache/helm
@@ -352,7 +352,7 @@ jobs:
exit $EXIT_CODE exit $EXIT_CODE
- name: ntfy Failed - name: ntfy Failed
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master uses: niniyas/ntfy-action@master
if: failure() if: failure()
with: with:
url: '${{ secrets.NTFY_URL }}' url: '${{ secrets.NTFY_URL }}'

18
.gitea/workflows/render-manifests.yaml
View File

@@ -31,32 +31,32 @@ jobs:
(github.event_name == 'pull_request' && github.event.pull_request.merged == true) (github.event_name == 'pull_request' && github.event.pull_request.merged == true)
steps: steps:
- name: Checkout Main - name: Checkout Main
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@v6
with: with:
path: infrastructure path: infrastructure
fetch-depth: 0 fetch-depth: 0
- name: Checkout Manifests - name: Checkout Manifests
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@v6
with: with:
ref: manifests ref: manifests
path: infrastructure-manifests path: infrastructure-manifests
- name: Set Up Helm - name: Set Up Helm
uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5 uses: azure/setup-helm@v4
with: with:
token: ${{ secrets.GITEA_TOKEN }} token: ${{ secrets.GITEA_TOKEN }}
version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743 version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
cache: true cache: true
- name: Configure Kubeconfig - name: Configure Kubeconfig
uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4 uses: azure/k8s-set-context@v4
with: with:
method: kubeconfig method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }} kubeconfig: ${{ secrets.KUBECONFIG }}
- name: Cache Helm Dependencies - name: Cache Helm Dependencies
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 uses: actions/cache@v5
with: with:
path: | path: |
~/.cache/helm ~/.cache/helm
@@ -568,7 +568,7 @@ jobs:
echo "----" echo "----"
- name: ntfy Created - name: ntfy Created
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master uses: niniyas/ntfy-action@master
if: steps.create-pull-request.outputs.pull-request-operation == 'created' && steps.mode.outputs.is-automerge == 'false' if: steps.create-pull-request.outputs.pull-request-operation == 'created' && steps.mode.outputs.is-automerge == 'false'
with: with:
url: "${{ secrets.NTFY_URL }}" url: "${{ secrets.NTFY_URL }}"
@@ -582,7 +582,7 @@ jobs:
actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]' actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]'
- name: ntfy Updated - name: ntfy Updated
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master uses: niniyas/ntfy-action@master
if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-request.outputs.pull-request-exists != 'false' && steps.mode.outputs.is-automerge == 'false' if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-request.outputs.pull-request-exists != 'false' && steps.mode.outputs.is-automerge == 'false'
with: with:
url: "${{ secrets.NTFY_URL }}" url: "${{ secrets.NTFY_URL }}"
@@ -596,7 +596,7 @@ jobs:
actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]' actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]'
- name: ntfy Merged - name: ntfy Merged
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master uses: niniyas/ntfy-action@master
if: steps.merge-changes.outputs.pull-request-operation == 'merged' if: steps.merge-changes.outputs.pull-request-operation == 'merged'
with: with:
url: "${{ secrets.NTFY_URL }}" url: "${{ secrets.NTFY_URL }}"
@@ -610,7 +610,7 @@ jobs:
actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]' actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]'
- name: ntfy Failed - name: ntfy Failed
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master uses: niniyas/ntfy-action@master
if: failure() if: failure()
with: with:
url: "${{ secrets.NTFY_URL }}" url: "${{ secrets.NTFY_URL }}"

6
.gitea/workflows/renovate.yaml
View File

@@ -13,10 +13,10 @@ on:
jobs: jobs:
renovate: renovate:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: ghcr.io/renovatebot/renovate:43.89.2@sha256:a823bf9ff1f04c31d46267b78330e06f802dbf6e1af899e21c6a8e3197d45354 container: ghcr.io/renovatebot/renovate:43
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@v6
- name: Renovate - name: Renovate
run: renovate run: renovate
@@ -25,7 +25,7 @@ jobs:
RENOVATE_ENDPOINT: ${{ vars.INSTANCE_URL }} RENOVATE_ENDPOINT: ${{ vars.INSTANCE_URL }}
RENOVATE_REPOSITORIES: alexlebens/infrastructure RENOVATE_REPOSITORIES: alexlebens/infrastructure
RENOVATE_GIT_AUTHOR: Renovate Bot <renovate-bot@alexlebens.net> RENOVATE_GIT_AUTHOR: Renovate Bot <renovate-bot@alexlebens.net>
LOG_LEVEL: debug LOG_LEVEL: info
RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }} RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
RENOVATE_GIT_PRIVATE_KEY: ${{ secrets.RENOVATE_GIT_PRIVATE_KEY }} RENOVATE_GIT_PRIVATE_KEY: ${{ secrets.RENOVATE_GIT_PRIVATE_KEY }}
RENOVATE_GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_COM_TOKEN }} RENOVATE_GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_COM_TOKEN }}

3
clusters/cl01tl/helm/actual/Chart.yaml
View File

@@ -5,12 +5,11 @@ description: Actual
keywords: keywords:
- actual - actual
- budget - budget
home: https://docs.alexlebens.dev/applications/actual/ home: https://wiki.alexlebens.dev/s/86192f45-94b7-45de-872c-6ef3fec7df5e
sources: sources:
- https://github.com/actualbudget/actual - https://github.com/actualbudget/actual
- https://github.com/actualbudget/actual/pkgs/container/actual - https://github.com/actualbudget/actual/pkgs/container/actual
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:

18
clusters/cl01tl/helm/actual/values.yaml
View File

@@ -4,18 +4,20 @@ actual:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: ghcr.io/actualbudget/actual repository: ghcr.io/actualbudget/actual
tag: 26.3.0@sha256:eb8bc26f53025e07e464594c12d77c52c4b95840c8dadd9b95c4f0c4660f8ad2 tag: 26.3.0
pullPolicy: IfNotPresent
env: env:
- name: ACTUAL_PORT - name: TZ
value: 5006 value: US/Central
resources: resources:
requests: requests:
cpu: 25m cpu: 10m
memory: 64Mi memory: 128Mi
probes: probes:
liveness: liveness:
enabled: true enabled: true
@@ -52,8 +54,11 @@ actual:
- actual.alexlebens.net - actual.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: actual - group: ''
kind: Service
name: actual
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -64,6 +69,7 @@ actual:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 2Gi size: 2Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:

6
clusters/cl01tl/helm/argo-workflows/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies: dependencies:
- name: argo-workflows - name: argo-workflows
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
version: 1.0.6 version: 1.0.3
- name: argo-events - name: argo-events
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
version: 2.4.21 version: 2.4.21
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0 version: 7.10.0
digest: sha256:5635bfe609d8a901df257ef3e6cb469396a21bdd4c6f96e7e33f84036019c52b digest: sha256:4c857612f12f288dcbf6903df58ac708dcbc051e5f17e94ecd0cadc41b9c32bd
generated: "2026-03-24T16:59:01.228848139Z" generated: "2026-03-19T04:33:30.206516151Z"

10
clusters/cl01tl/helm/argo-workflows/Chart.yaml
View File

@@ -7,18 +7,18 @@ keywords:
- argo-events - argo-events
- workflows - workflows
- events - events
home: https://docs.alexlebens.dev/applications/argo-workflows/ home: https://wiki.alexlebens.dev/s/a268508f-d81d-4b4b-8bd5-9058edaea635
sources: sources:
- https://github.com/argoproj/argo-workflows - https://github.com/argoproj/argo-workflows
- https://github.com/argoproj/argo-events - https://github.com/argoproj/argo-events
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-workflows - https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-events - https://github.com/argoproj/argo-helm/tree/main/charts
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: argo-workflows - name: argo-workflows
version: 1.0.6 version: 1.0.3
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
- name: argo-events - name: argo-events
version: 2.4.21 version: 2.4.21
@@ -29,4 +29,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-workflows # renovate: datasource=github-releases depName=argoproj/argo-workflows
appVersion: v4.0.3 appVersion: v4.0.2

6
clusters/cl01tl/helm/argo-workflows/templates/external-secret.yaml
View File

@@ -14,9 +14,15 @@ spec:
data: data:
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/argo-workflows key: /authentik/oidc/argo-workflows
metadataPolicy: None
property: secret property: secret
- secretKey: client - secretKey: client
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/argo-workflows key: /authentik/oidc/argo-workflows
metadataPolicy: None
property: client property: client

28
clusters/cl01tl/helm/argo-workflows/templates/http-route.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: argo-workflows
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: argo-workflows
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- argo-workflows.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: argo-workflows-server
port: 2746
weight: 100

66
clusters/cl01tl/helm/argo-workflows/values.yaml
View File

@@ -2,6 +2,8 @@ argo-workflows:
crds: crds:
install: true install: true
keep: true keep: true
# -- Use full CRDs with complete OpenAPI schemas. When false, uses minified CRDs with x-kubernetes-preserve-unknown-fields.
# Full CRDs are very large and are installed via a pre-install/pre-upgrade hook Job that uses server-side apply.
full: true full: true
upgradeJob: upgradeJob:
image: image:
@@ -11,6 +13,11 @@ argo-workflows:
metricsConfig: metricsConfig:
enabled: true enabled: true
persistence: persistence:
connectionPool:
maxIdleConns: 100
maxOpenConns: 0
nodeStatusOffLoad: true
archive: true
postgresql: postgresql:
host: argo-workflows-postgresql-18-cluster-rw host: argo-workflows-postgresql-18-cluster-rw
port: 5432 port: 5432
@@ -25,34 +32,24 @@ argo-workflows:
ssl: false ssl: false
sslMode: disable sslMode: disable
workflowWorkers: 2 workflowWorkers: 2
workflowTTLWorkers: 2 workflowTTLWorkers: 1
podCleanupWorkers: 2 podCleanupWorkers: 1
cronWorkflowWorkers: 2 cronWorkflowWorkers: 1
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 32Mi memory: 128Mi
serviceMonitor: serviceMonitor:
enabled: true enabled: true
name: workflow-controller
workflowNamespaces: workflowNamespaces:
- argocd
- argo-workflows - argo-workflows
server: server:
authModes: authModes:
- sso - sso
httproute: ingress:
enabled: true enabled: false
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- argo-workflows.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
sso: sso:
enabled: true enabled: true
issuer: https://authentik.alexlebens.net/application/o/argo-workflows/ issuer: https://authentik.alexlebens.net/application/o/argo-workflows/
@@ -69,15 +66,15 @@ argo-workflows:
- openid - openid
- email - email
- profile - profile
useStaticCredentials: true
artifactRepository:
archiveLogs: false
argo-events: argo-events:
crds:
install: true
keep: true
controller: controller:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 32Mi memory: 128Mi
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
@@ -87,7 +84,7 @@ argo-events:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 32Mi memory: 128Mi
postgres-18-cluster: postgres-18-cluster:
mode: recovery mode: recovery
recovery: recovery:
@@ -101,9 +98,32 @@ postgres-18-cluster:
destinationBucket: postgres-backups destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 0 14 * * *" schedule: "0 0 14 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external

6
clusters/cl01tl/helm/argocd/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: argo-cd - name: argo-cd
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
version: 9.4.15 version: 9.4.14
digest: sha256:a0eed2e174bb6b13d04653c755a359025b050d479a92180039a1990dd8ee7caa digest: sha256:0d80c03a05176d53cc8ec94da32ef2cb5fccafc76b1648c0e4e1288515ba0824
generated: "2026-03-20T01:09:07.547016465Z" generated: "2026-03-19T04:27:11.289046913Z"

6
clusters/cl01tl/helm/argocd/Chart.yaml
View File

@@ -4,8 +4,10 @@ version: 1.0.0
description: Argo CD description: Argo CD
keywords: keywords:
- argo-cd - argo-cd
- delivery
- deployment - deployment
home: https://docs.alexlebens.dev/applications/argo-cd/ - gitops
home: https://wiki.alexlebens.dev/s/8a75cf26-b9df-437e-9cc5-2ef47e871a5f
sources: sources:
- https://github.com/argoproj/argo-cd - https://github.com/argoproj/argo-cd
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
@@ -13,7 +15,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: argo-cd - name: argo-cd
version: 9.4.15 version: 9.4.14
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-cd # renovate: datasource=github-releases depName=argoproj/argo-cd

18
clusters/cl01tl/helm/argocd/templates/external-secret.yaml
View File

@@ -14,11 +14,17 @@ spec:
data: data:
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/argocd key: /authentik/oidc/argocd
metadataPolicy: None
property: secret property: secret
- secretKey: client - secretKey: client
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/argocd key: /authentik/oidc/argocd
metadataPolicy: None
property: client property: client
--- ---
@@ -38,7 +44,10 @@ spec:
data: data:
- secretKey: ntfy-token - secretKey: ntfy-token
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /ntfy/user/cl01tl key: /ntfy/user/cl01tl
metadataPolicy: None
property: token property: token
--- ---
@@ -58,13 +67,22 @@ spec:
data: data:
- secretKey: type - secretKey: type
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/argocd/credentials/repo/infrastructure key: /cl01tl/argocd/credentials/repo/infrastructure
metadataPolicy: None
property: type property: type
- secretKey: url - secretKey: url
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/argocd/credentials/repo/infrastructure key: /cl01tl/argocd/credentials/repo/infrastructure
metadataPolicy: None
property: url property: url
- secretKey: sshPrivateKey - secretKey: sshPrivateKey
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/argocd/credentials/repo/infrastructure key: /cl01tl/argocd/credentials/repo/infrastructure
metadataPolicy: None
property: sshPrivateKey property: sshPrivateKey

148
clusters/cl01tl/helm/argocd/values.yaml
View File

@@ -1,11 +1,12 @@
argo-cd: argo-cd:
crds: crds:
install: true install: true
keep: true
configs: configs:
cm: cm:
admin.enabled: true admin.enabled: true
accounts.homepage: apiKey accounts.homepage: apiKey
timeout.reconciliation: 100s
timeout.reconciliation.jitter: 60s
url: https://argocd.alexlebens.net url: https://argocd.alexlebens.net
statusbadge.url: https://argocd.alexlebens.net/ statusbadge.url: https://argocd.alexlebens.net/
statusbadge.enabled: true statusbadge.enabled: true
@@ -32,53 +33,12 @@ argo-cd:
g, homepage, role:readonly g, homepage, role:readonly
controller: controller:
replicas: 1 replicas: 1
resources:
requests:
cpu: 15m
memory: 1Gi
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 60
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
enabled: true enabled: true
rules:
enabled: true
spec:
- alert: ArgoAppMissing
expr: |
absent(argocd_app_info) == 1
for: 15m
labels:
severity: critical
annotations:
summary: "[Argo CD] No reported applications"
description: >
Argo CD has not reported any applications data for the past 15 minutes which
means that it must be down or not functioning properly. This needs to be
resolved for this cloud to continue to maintain state.
- alert: ArgoAppNotSynced
expr: |
argocd_app_info{sync_status!="Synced"} == 1
for: 12h
labels:
severity: warning
annotations:
summary: "[{{`{{$labels.name}}`}}] Application not synchronized"
description: >
The application [{{`{{$labels.name}}`}} has not been synchronized for over
12 hours which means that the state of this cloud has drifted away from the
state inside Git.
dex: dex:
enabled: true enabled: true
resources:
requests:
cpu: 10m
memory: 64Mi
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
@@ -89,57 +49,20 @@ argo-cd:
enabled: true enabled: true
redis-ha: redis-ha:
enabled: true enabled: true
image:
repository: redis
tag: 8.6.1-alpine@sha256:315270d166080f537bbdf1b489b603aaaa213cb55a544acfa51feb7481abb1c0
persistentVolume:
enabled: true
redis:
resources:
requests:
cpu: 1000m
memory: 64Mi
haproxy:
enabled: true
image:
repository: haproxy
tag: 3.3.6-alpine@sha256:744be2dca649a44d490a4c565d36968d19482dd387f1bdd44c168f4322bc6b1e
resources:
requests:
cpu: 10m
memory: 128Mi
metrics:
enabled: true
serviceMonitor:
enabled: true
exporter:
enabled: true
image: ghcr.io/oliver006/redis_exporter
tag: v1.82.0@sha256:6a97d4dd743b533e1f950c677b87d880e44df363c61af3f406fc9e53ed65ee03
serviceMonitor:
enabled: true
prometheusRule:
enabled: true
interval: 30s
rules:
- alert: RedisPodDown
expr: |
redis_up{job="{{ include "redis-ha.fullname" . }}"} == 0
for: 5m
labels:
severity: critical
annotations:
description: Redis pod {{ "{{ $labels.pod }}" }} is down
summary: Redis pod {{ "{{ $labels.pod }}" }} is down
auth: false auth: false
redisSecretInit: redisSecretInit:
enabled: false enabled: false
server: server:
replicas: 2 replicas: 2
resources: extensions:
requests: enabled: true
cpu: 10m extensionList:
memory: 64Mi - name: extension-trivy
env:
- name: EXTENSION_URL
value: https://github.com/mziyabo/argocd-trivy-extension/releases/download/v0.2.0/extension-trivy.tar
- name: EXTENSION_CHECKSUM_URL
value: https://github.com/mziyabo/argocd-trivy-extension/releases/download/v0.2.0/extension-trivy_checksums.txt
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
@@ -153,56 +76,31 @@ argo-cd:
namespace: traefik namespace: traefik
hostnames: hostnames:
- argocd.alexlebens.net - argocd.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
repoServer: repoServer:
replicas: 2 replicas: 2
resources:
requests:
cpu: 10m
memory: 64Mi
readinessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 60
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
livenessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 60
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
enabled: true enabled: true
applicationSet: applicationSet:
replicas: 2 replicas: 2
resources:
requests:
cpu: 10m
memory: 64Mi
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
enabled: true enabled: true
readinessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 60
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
livenessProbe: livenessProbe:
enabled: true enabled: true
failureThreshold: 3 readinessProbe:
initialDelaySeconds: 60 enabled: true
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
notifications: notifications:
argocdUrl: https://argocd.alexlebens.net enabled: true
context:
argocdUrl: https://argocd.alexlebens.net
secret: secret:
create: false create: false
name: argocd-notifications-secret name: argocd-notifications-secret
@@ -216,10 +114,6 @@ argo-cd:
headers: headers:
- name: Authorization - name: Authorization
value: Bearer $ntfy-token value: Bearer $ntfy-token
resources:
requests:
cpu: 10m
memory: 64Mi
livenessProbe: livenessProbe:
enabled: true enabled: true
readinessProbe: readinessProbe:

5
clusters/cl01tl/helm/audiobookshelf/Chart.yaml
View File

@@ -7,14 +7,11 @@ keywords:
- books - books
- podcasts - podcasts
- audiobooks - audiobooks
home: https://docs.alexlebens.dev/applications/audiobookshelf/ home: https://wiki.alexlebens.dev/s/d4d6719f-cd1c-4b6e-b78e-2d2d7a5097d7
sources: sources:
- https://github.com/advplyr/audiobookshelf - https://github.com/advplyr/audiobookshelf
- https://github.com/caronc/apprise
- https://github.com/advplyr/audiobookshelf/pkgs/container/audiobookshelf - https://github.com/advplyr/audiobookshelf/pkgs/container/audiobookshelf
- https://github.com/caronc/apprise-api/pkgs/container/apprise
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:

3
clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml
View File

@@ -14,5 +14,8 @@ spec:
data: data:
- secretKey: ntfy-url - secretKey: ntfy-url
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/audiobookshelf/apprise key: /cl01tl/audiobookshelf/apprise
metadataPolicy: None
property: ntfy-url property: ntfy-url

30
clusters/cl01tl/helm/audiobookshelf/values.yaml
View File

@@ -4,29 +4,28 @@ audiobookshelf:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
pod: revisionHistoryLimit: 3
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers: containers:
main: main:
image: image:
repository: ghcr.io/advplyr/audiobookshelf repository: ghcr.io/advplyr/audiobookshelf
tag: 2.33.1@sha256:a4a5841bba093d81e5f4ad1eaedb4da3fda6dbb2528c552349da50ad1f7ae708 tag: 2.33.1
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: America/Chicago value: US/Central
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 200Mi memory: 128Mi
apprise-api: apprise-api:
image: image:
repository: ghcr.io/caronc/apprise repository: caronc/apprise
tag: v1.3.3@sha256:4bfeac268ba87b8e08e308c9aa0182fe99e9501ec464027afc333d1634e65977 tag: v1.3.2
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: America/Chicago value: US/Central
- name: PGID - name: PGID
value: "1000" value: "1000"
- name: PUID - name: PUID
@@ -42,6 +41,10 @@ audiobookshelf:
secretKeyRef: secretKeyRef:
name: audiobookshelf-apprise-config name: audiobookshelf-apprise-config
key: ntfy-url key: ntfy-url
resources:
requests:
cpu: 10m
memory: 128Mi
service: service:
main: main:
controller: main controller: main
@@ -79,8 +82,11 @@ audiobookshelf:
- audiobookshelf.alexlebens.net - audiobookshelf.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: audiobookshelf - group: ''
kind: Service
name: audiobookshelf
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -91,6 +97,7 @@ audiobookshelf:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 2Gi size: 2Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -101,6 +108,7 @@ audiobookshelf:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 10Gi size: 10Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:

7
clusters/cl01tl/helm/authentik/Chart.yaml
View File

@@ -6,14 +6,17 @@ keywords:
- authentik - authentik
- sso - sso
- oidc - oidc
- ldap
- idp
- authentication - authentication
home: https://docs.alexlebens.dev/applications/authentik/ home: https://wiki.alexlebens.dev/s/45ca5171-581f-41d2-b6fb-2b0915029a2d
sources: sources:
- https://github.com/goauthentik/authentik - https://github.com/goauthentik/authentik
- https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/goauthentik/helm - https://github.com/goauthentik/helm
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:

3
clusters/cl01tl/helm/authentik/templates/external-secret.yaml
View File

@@ -14,5 +14,8 @@ spec:
data: data:
- secretKey: key - secretKey: key
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/authentik/key key: /cl01tl/authentik/key
metadataPolicy: None
property: key property: key

63
clusters/cl01tl/helm/authentik/values.yaml
View File

@@ -30,23 +30,8 @@ authentik:
redis: redis:
host: authentik-valkey host: authentik-valkey
server: server:
replicas: 2 name: server
resources: replicas: 1
requests:
cpu: 100m
memory: 700Mi
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 15
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 15
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
@@ -54,6 +39,8 @@ authentik:
route: route:
main: main:
enabled: true enabled: true
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
hostnames: hostnames:
- authentik.alexlebens.net - authentik.alexlebens.net
parentRefs: parentRefs:
@@ -61,20 +48,21 @@ authentik:
kind: Gateway kind: Gateway
name: traefik-gateway name: traefik-gateway
namespace: traefik namespace: traefik
httpsRedirect: false
matches:
- path:
type: PathPrefix
value: /
worker: worker:
name: worker name: worker
replicas: 2 replicas: 1
resources:
requests:
cpu: 100m
memory: 512Mi
metrics:
enabled: true
serviceMonitor:
enabled: true
prometheus: prometheus:
rules: rules:
enabled: true enabled: true
postgresql:
enabled: false
redis:
enabled: false
postgres-18-cluster: postgres-18-cluster:
mode: recovery mode: recovery
recovery: recovery:
@@ -88,9 +76,32 @@ postgres-18-cluster:
destinationBucket: postgres-backups destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 5 14 * * *" schedule: "0 5 14 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external

5
clusters/cl01tl/helm/backrest/Chart.yaml
View File

@@ -5,12 +5,11 @@ description: backrest
keywords: keywords:
- backrest - backrest
- backup - backup
home: https://docs.alexlebens.dev/applications/backrest/ home: https://wiki.alexlebens.dev/
sources: sources:
- https://github.com/garethgeorge/backrest - https://github.com/garethgeorge/backrest
- https://github.com/garethgeorge/backrest/pkgs/container/backrest - https://hub.docker.com/r/garethgeorge/backrest
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:

27
clusters/cl01tl/helm/backrest/values.yaml
View File

@@ -7,8 +7,9 @@ backrest:
containers: containers:
main: main:
image: image:
repository: ghcr.io/garethgeorge/backrest repository: garethgeorge/backrest
tag: v1.12.1@sha256:f4d34bd6fa985d13bdb6c01c5d8727e07708899afa9567d800808357d77b9fb0 tag: v1.12.1
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago
@@ -23,7 +24,7 @@ backrest:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 80Mi memory: 256Mi
service: service:
main: main:
controller: main controller: main
@@ -32,19 +33,6 @@ backrest:
port: 80 port: 80
targetPort: 9898 targetPort: 9898
protocol: TCP protocol: TCP
serviceMonitor:
main:
selector:
matchLabels:
app.kubernetes.io/name: backrest
app.kubernetes.io/instance: backrest
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: http
scheme: http
path: /metrics
interval: 300s
scrapeTimeout: 15s
route: route:
main: main:
kind: HTTPRoute kind: HTTPRoute
@@ -57,8 +45,11 @@ backrest:
- backrest.alexlebens.net - backrest.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: backrest - group: ''
kind: Service
name: backrest
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -69,6 +60,7 @@ backrest:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 10Gi size: 10Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -79,6 +71,7 @@ backrest:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 1Gi size: 1Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:

4
clusters/cl01tl/helm/bazarr/Chart.yaml
View File

@@ -4,14 +4,14 @@ version: 1.0.0
description: Bazarr description: Bazarr
keywords: keywords:
- bazarr - bazarr
- servarr
- subtitles - subtitles
home: https://docs.alexlebens.dev/applications/bazarr/ home: https://wiki.alexlebens.dev/s/
sources: sources:
- https://github.com/morpheus65535/bazarr - https://github.com/morpheus65535/bazarr
- https://github.com/linuxserver/docker-bazarr - https://github.com/linuxserver/docker-bazarr
- https://github.com/linuxserver/docker-bazarr/pkgs/container/bazarr - https://github.com/linuxserver/docker-bazarr/pkgs/container/bazarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:

10
clusters/cl01tl/helm/bazarr/values.yaml
View File

@@ -4,6 +4,7 @@ bazarr:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
pod: pod:
securityContext: securityContext:
runAsUser: 1000 runAsUser: 1000
@@ -15,9 +16,10 @@ bazarr:
image: image:
repository: ghcr.io/linuxserver/bazarr repository: ghcr.io/linuxserver/bazarr
tag: 1.5.6@sha256:05f9d5b24884f37120453dc1a008a47be244eebec32099ae1bd29032e75b67aa tag: 1.5.6@sha256:05f9d5b24884f37120453dc1a008a47be244eebec32099ae1bd29032e75b67aa
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: America/Chicago value: US/Central
- name: PUID - name: PUID
value: 1000 value: 1000
- name: PGID - name: PGID
@@ -46,8 +48,11 @@ bazarr:
- bazarr.alexlebens.net - bazarr.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: bazarr - group: ''
kind: Service
name: bazarr
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -58,6 +63,7 @@ bazarr:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 5Gi size: 5Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:

5
clusters/cl01tl/helm/blocky/Chart.yaml
View File

@@ -5,12 +5,11 @@ description: Blocky
keywords: keywords:
- blocky - blocky
- dns - dns
home: https://docs.alexlebens.dev/applications/blocky/ home: https://wiki.alexlebens.dev/s/cf70113d-20bc-48ad-afb8-1e22ed3fd62a
sources: sources:
- https://github.com/0xERR0R/blocky - https://github.com/0xERR0R/blocky
- https://github.com/0xERR0R/blocky/pkgs/container/blocky - https://hub.docker.com/r/spx01/blocky
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:

13
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -4,18 +4,20 @@ blocky:
type: deployment type: deployment
replicas: 3 replicas: 3
strategy: RollingUpdate strategy: RollingUpdate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: ghcr.io/0xerr0r/blocky repository: ghcr.io/0xerr0r/blocky
tag: v0.29.0@sha256:a6d99f323d3036a99a3767a52ad612f4d8f3f31167492bfc14d4ea57b24cdfd0 tag: v0.29.0@sha256:a6d99f323d3036a99a3767a52ad612f4d8f3f31167492bfc14d4ea57b24cdfd0
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: America/Chicago value: US/Central
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 90Mi memory: 128Mi
configMaps: configMaps:
config: config:
enabled: true enabled: true
@@ -96,7 +98,7 @@ blocky:
traefik-cl01tl IN A 10.232.1.21 traefik-cl01tl IN A 10.232.1.21
blocky IN A 10.232.1.22 blocky IN A 10.232.1.22
plex-lb IN A 10.232.1.23 cilium-cl01tl IN A 10.232.1.23
;; Application Names ;; Application Names
@@ -108,32 +110,29 @@ blocky:
authentik IN CNAME traefik-cl01tl authentik IN CNAME traefik-cl01tl
backrest IN CNAME traefik-cl01tl backrest IN CNAME traefik-cl01tl
bazarr IN CNAME traefik-cl01tl bazarr IN CNAME traefik-cl01tl
booklore IN CNAME traefik-cl01tl
ceph IN CNAME traefik-cl01tl ceph IN CNAME traefik-cl01tl
code-server IN CNAME traefik-cl01tl code-server IN CNAME traefik-cl01tl
dawarich IN CNAME traefik-cl01tl dawarich IN CNAME traefik-cl01tl
directus IN CNAME traefik-cl01tl directus IN CNAME traefik-cl01tl
excalidraw IN CNAME traefik-cl01tl excalidraw IN CNAME traefik-cl01tl
feishin IN CNAME traefik-cl01tl feishin IN CNAME traefik-cl01tl
foldergram IN CNAME traefik-cl01tl
garage-s3 IN CNAME traefik-cl01tl garage-s3 IN CNAME traefik-cl01tl
garage-webui IN CNAME traefik-cl01tl garage-webui IN CNAME traefik-cl01tl
gatus IN CNAME traefik-cl01tl gatus IN CNAME traefik-cl01tl
gitea IN CNAME traefik-cl01tl gitea IN CNAME traefik-cl01tl
grafana IN CNAME traefik-cl01tl grafana IN CNAME traefik-cl01tl
grimmory IN CNAME traefik-cl01tl
harbor IN CNAME traefik-cl01tl harbor IN CNAME traefik-cl01tl
headlamp IN CNAME traefik-cl01tl headlamp IN CNAME traefik-cl01tl
home IN CNAME traefik-cl01tl home IN CNAME traefik-cl01tl
home-assistant IN CNAME traefik-cl01tl home-assistant IN CNAME traefik-cl01tl
home-assistant-code-server IN CNAME traefik-cl01tl home-assistant-code-server IN CNAME traefik-cl01tl
houndarr IN CNAME traefik-cl01tl
hubble IN CNAME traefik-cl01tl hubble IN CNAME traefik-cl01tl
immich IN CNAME traefik-cl01tl immich IN CNAME traefik-cl01tl
jellyfin IN CNAME traefik-cl01tl jellyfin IN CNAME traefik-cl01tl
jellystat IN CNAME traefik-cl01tl jellystat IN CNAME traefik-cl01tl
kiwix IN CNAME traefik-cl01tl kiwix IN CNAME traefik-cl01tl
komodo IN CNAME traefik-cl01tl komodo IN CNAME traefik-cl01tl
languagetool IN CNAME traefik-cl01tl
lidarr IN CNAME traefik-cl01tl lidarr IN CNAME traefik-cl01tl
mail IN CNAME traefik-cl01tl mail IN CNAME traefik-cl01tl
medialyze IN CNAME traefik-cl01tl medialyze IN CNAME traefik-cl01tl

7
clusters/cl01tl/helm/grimmory/Chart.lock → clusters/cl01tl/helm/booklore/Chart.lock
View File

@@ -8,5 +8,8 @@ dependencies:
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:6ee403da03c1bcc0289a9abdef0508344072d51173da996eda69b8305d5feefa - name: volsync-target
generated: "2026-03-23T20:35:19.743257-05:00" repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:e65fa008c652092da5431e9780eb2a87c944298a12e58e432efad61c9e826da5
generated: "2026-03-14T23:57:22.721295098Z"

33
clusters/cl01tl/helm/booklore/Chart.yaml Normal file
View File

@@ -0,0 +1,33 @@
apiVersion: v2
name: booklore
version: 1.0.0
description: booklore
keywords:
- booklore
- books
home: https://wiki.alexlebens.dev/
sources:
- https://github.com/booklore-app/BookLore
- https://github.com/booklore-app/booklore/pkgs/container/booklore
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: booklore
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: mariadb-cluster
version: 26.3.0
repository: https://helm.mariadb.com/mariadb-operator
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/booklore.png
# renovate: datasource=github-releases depName=booklore-app/BookLore
appVersion: v2.2.1

38
clusters/cl01tl/helm/grimmory/templates/external-secret.yaml → clusters/cl01tl/helm/booklore/templates/external-secret.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: grimmory-database-secret name: booklore-database-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grimmory-database-secret app.kubernetes.io/name: booklore-database-secret
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -14,17 +14,20 @@ spec:
data: data:
- secretKey: password - secretKey: password
remoteRef: remoteRef:
key: /cl01tl/grimmory/database conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/booklore/database
metadataPolicy: None
property: password property: password
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: grimmory-data-replication-secret name: booklore-data-replication-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grimmory-data-replication-secret app.kubernetes.io/name: booklore-data-replication-secret
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -34,17 +37,20 @@ spec:
data: data:
- secretKey: psk.txt - secretKey: psk.txt
remoteRef: remoteRef:
key: /cl01tl/grimmory/replication conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/booklore/replication
metadataPolicy: None
property: psk.txt property: psk.txt
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: grimmory-mariadb-cluster-backup-secret-external name: booklore-mariadb-cluster-backup-secret-external
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grimmory-mariadb-cluster-backup-secret-external app.kubernetes.io/name: booklore-mariadb-cluster-backup-secret-external
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -54,21 +60,27 @@ spec:
data: data:
- secretKey: access - secretKey: access
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/mariadb-backups key: /digital-ocean/home-infra/mariadb-backups
metadataPolicy: None
property: access property: access
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/mariadb-backups key: /digital-ocean/home-infra/mariadb-backups
metadataPolicy: None
property: secret property: secret
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: grimmory-mariadb-cluster-backup-secret-garage name: booklore-mariadb-cluster-backup-secret-garage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grimmory-mariadb-cluster-backup-secret-garage app.kubernetes.io/name: booklore-mariadb-cluster-backup-secret-garage
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -78,9 +90,15 @@ spec:
data: data:
- secretKey: access - secretKey: access
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/mariadb-backups key: /garage/home-infra/mariadb-backups
metadataPolicy: None
property: access property: access
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/mariadb-backups key: /garage/home-infra/mariadb-backups
metadataPolicy: None
property: secret property: secret

4
clusters/cl01tl/helm/grimmory/templates/namespace.yaml → clusters/cl01tl/helm/booklore/templates/namespace.yaml
View File

@@ -1,11 +1,11 @@
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: grimmory name: booklore
annotations: annotations:
volsync.backube/privileged-movers: "true" volsync.backube/privileged-movers: "true"
labels: labels:
app.kubernetes.io/name: grimmory app.kubernetes.io/name: booklore
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/audit: privileged

12
clusters/cl01tl/helm/grimmory/templates/persistent-volume-claim.yaml → clusters/cl01tl/helm/booklore/templates/persistent-volume-claim.yaml
View File

@@ -1,14 +1,14 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: grimmory-books-nfs-storage name: booklore-books-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grimmory-books-nfs-storage app.kubernetes.io/name: booklore-books-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: grimmory-books-nfs-storage volumeName: booklore-books-nfs-storage
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany
@@ -20,14 +20,14 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: grimmory-books-import-nfs-storage name: booklore-books-import-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grimmory-books-import-nfs-storage app.kubernetes.io/name: booklore-books-import-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: grimmory-books-import-nfs-storage volumeName: booklore-books-import-nfs-storage
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany

8
clusters/cl01tl/helm/grimmory/templates/persistent-volume.yaml → clusters/cl01tl/helm/booklore/templates/persistent-volume.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: grimmory-books-nfs-storage name: booklore-books-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grimmory-books-nfs-storage app.kubernetes.io/name: booklore-books-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -26,10 +26,10 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: grimmory-books-import-nfs-storage name: booklore-books-import-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grimmory-books-import-nfs-storage app.kubernetes.io/name: booklore-books-import-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:

111
clusters/cl01tl/helm/grimmory/values.yaml → clusters/cl01tl/helm/booklore/values.yaml
View File

@@ -1,18 +1,16 @@
grimmory: booklore:
controllers: controllers:
main: main:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
pod: revisionHistoryLimit: 3
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers: containers:
main: main:
image: image:
repository: ghcr.io/grimmory-tools/grimmory repository: ghcr.io/booklore-app/booklore
tag: v2.3.0@sha256:9014247f591074529894f81115ca40f899db697e89f72c2fe91ec530e3f19597 tag: v2.2.1
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago
@@ -21,22 +19,22 @@ grimmory:
- name: GROUP_ID - name: GROUP_ID
value: 1000 value: 1000
- name: DATABASE_URL - name: DATABASE_URL
value: jdbc:mariadb://grimmory-mariadb-cluster-primary.grimmory:3306/booklore value: jdbc:mariadb://booklore-mariadb-cluster-primary.booklore:3306/booklore
- name: DATABASE_USERNAME - name: DATABASE_USERNAME
value: grimmory value: booklore
- name: DATABASE_PASSWORD - name: DATABASE_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: grimmory-database-secret name: booklore-database-secret
key: password key: password
- name: GRIMMORY_PORT - name: BOOKLORE_PORT
value: 6060 value: 6060
- name: SWAGGER_ENABLED - name: SWAGGER_ENABLED
value: false value: false
resources: resources:
requests: requests:
cpu: 10m cpu: 50m
memory: 1Gi memory: 128Mi
service: service:
main: main:
controller: main controller: main
@@ -54,26 +52,41 @@ grimmory:
name: traefik-gateway name: traefik-gateway
namespace: traefik namespace: traefik
hostnames: hostnames:
- grimmory.alexlebens.net - booklore.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: grimmory - group: ''
kind: Service
name: booklore
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
value: / value: /
persistence: persistence:
config: config:
forceRename: grimmory-config forceRename: booklore-config
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 5Gi size: 5Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
- path: /app/data - path: /app/data
readOnly: false readOnly: false
data:
forceRename: booklore-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: true
advancedMounts:
main:
main:
- path: /data
readOnly: false
books-import: books-import:
type: emptyDir type: emptyDir
advancedMounts: advancedMounts:
@@ -81,15 +94,8 @@ grimmory:
main: main:
- path: /bookdrop - path: /bookdrop
readOnly: false readOnly: false
data:
existingClaim: grimmory-books-nfs-storage
advancedMounts:
main:
main:
- path: /data
readOnly: false
ingest: ingest:
existingClaim: grimmory-books-import-nfs-storage existingClaim: booklore-books-import-nfs-storage
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -99,7 +105,7 @@ mariadb-cluster:
mariadb: mariadb:
rootPasswordSecretKeyRef: rootPasswordSecretKeyRef:
generate: false generate: false
name: grimmory-database-secret name: booklore-database-secret
key: password key: password
storage: storage:
size: 5Gi size: 5Gi
@@ -109,14 +115,14 @@ mariadb-cluster:
bootstrapFrom: bootstrapFrom:
s3: s3:
bucket: mariadb-backups-b230a2f5aecf080a4b372c08 bucket: mariadb-backups-b230a2f5aecf080a4b372c08
prefix: cl01tl/grimmory prefix: cl01tl/booklore
endpoint: nyc3.digitaloceanspaces.com endpoint: nyc3.digitaloceanspaces.com
region: us-east-1 region: us-east-1
accessKeyIdSecretKeyRef: accessKeyIdSecretKeyRef:
name: grimmory-mariadb-cluster-backup-secret-external name: booklore-mariadb-cluster-backup-secret-external
key: access key: access
secretAccessKeySecretKeyRef: secretAccessKeySecretKeyRef:
name: grimmory-mariadb-cluster-backup-secret-external name: booklore-mariadb-cluster-backup-secret-external
key: secret key: secret
tls: tls:
enabled: true enabled: true
@@ -128,22 +134,21 @@ mariadb-cluster:
cleanupPolicy: Delete cleanupPolicy: Delete
requeueInterval: 10h requeueInterval: 10h
users: users:
- name: grimmory - name: booklore
passwordSecretKeyRef: passwordSecretKeyRef:
name: grimmory-database-secret name: booklore-database-secret
key: password key: password
host: '%' host: '%'
maxUserConnections: 100
cleanupPolicy: Delete cleanupPolicy: Delete
requeueInterval: 10h requeueInterval: 10h
retryInterval: 30s retryInterval: 30s
grants: grants:
- name: grimmory - name: booklore
privileges: privileges:
- "ALL PRIVILEGES" - "ALL PRIVILEGES"
database: "booklore" database: "booklore"
table: "*" table: "*"
username: grimmory username: booklore
grantOption: true grantOption: true
host: '%' host: '%'
cleanupPolicy: Delete cleanupPolicy: Delete
@@ -161,14 +166,14 @@ mariadb-cluster:
storage: storage:
s3: s3:
bucket: mariadb-backups-b230a2f5aecf080a4b372c08 bucket: mariadb-backups-b230a2f5aecf080a4b372c08
prefix: cl01tl/grimmory prefix: cl01tl/booklore
endpoint: nyc3.digitaloceanspaces.com endpoint: nyc3.digitaloceanspaces.com
region: us-east-1 region: us-east-1
accessKeyIdSecretKeyRef: accessKeyIdSecretKeyRef:
name: grimmory-mariadb-cluster-backup-secret-external name: booklore-mariadb-cluster-backup-secret-external
key: access key: access
secretAccessKeySecretKeyRef: secretAccessKeySecretKeyRef:
name: grimmory-mariadb-cluster-backup-secret-external name: booklore-mariadb-cluster-backup-secret-external
key: secret key: secret
tls: tls:
enabled: true enabled: true
@@ -183,14 +188,14 @@ mariadb-cluster:
storage: storage:
s3: s3:
bucket: mariadb-backups bucket: mariadb-backups
prefix: cl01tl/grimmory prefix: cl01tl/booklore
endpoint: garage-ps10rp.boreal-beaufort.ts.net:3900 endpoint: garage-ps10rp.boreal-beaufort.ts.net:3900
region: us-east-1 region: us-east-1
accessKeyIdSecretKeyRef: accessKeyIdSecretKeyRef:
name: grimmory-mariadb-cluster-backup-secret-garage name: booklore-mariadb-cluster-backup-secret-garage
key: access key: access
secretAccessKeySecretKeyRef: secretAccessKeySecretKeyRef:
name: grimmory-mariadb-cluster-backup-secret-garage name: booklore-mariadb-cluster-backup-secret-garage
key: secret key: secret
tls: tls:
enabled: true enabled: true
@@ -205,20 +210,17 @@ mariadb-cluster:
storage: storage:
s3: s3:
bucket: mariadb-backups bucket: mariadb-backups
prefix: cl01tl/grimmory prefix: cl01tl/booklore
endpoint: garage-main.garage:3900 endpoint: garage-main.garage:3900
region: us-east-1 region: us-east-1
accessKeyIdSecretKeyRef: accessKeyIdSecretKeyRef:
name: grimmory-mariadb-cluster-backup-secret-garage name: booklore-mariadb-cluster-backup-secret-garage
key: access key: access
secretAccessKeySecretKeyRef: secretAccessKeySecretKeyRef:
name: grimmory-mariadb-cluster-backup-secret-garage name: booklore-mariadb-cluster-backup-secret-garage
key: secret key: secret
volsync-target-config: volsync-target-config:
pvcTarget: grimmory-config pvcTarget: booklore-config
moverSecurityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
local: local:
enabled: true enabled: true
schedule: 12 8 * * * schedule: 12 8 * * *
@@ -228,3 +230,20 @@ volsync-target-config:
external: external:
enabled: true enabled: true
schedule: 12 10 * * * schedule: 12 10 * * *
volsync-target-data:
pvcTarget: booklore-data
local:
enabled: true
schedule: 14 8 * * *
restic:
cacheCapacity: 10Gi
remote:
enabled: true
schedule: 14 9 * * *
restic:
cacheCapacity: 10Gi
external:
enabled: true
schedule: 14 10 * * *
restic:
cacheCapacity: 10Gi

2
clusters/cl01tl/helm/cilium/Chart.yaml
View File

@@ -19,4 +19,4 @@ dependencies:
repository: https://helm.cilium.io/ repository: https://helm.cilium.io/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/cilium.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/cilium.png
# renovate: datasource=github-releases depName=cilium/cilium # renovate: datasource=github-releases depName=cilium/cilium
appVersion: 1.19.2 appVersion: 1.19.1

2
clusters/cl01tl/helm/code-server/values.yaml
View File

@@ -9,7 +9,7 @@ code-server:
main: main:
image: image:
repository: ghcr.io/linuxserver/code-server repository: ghcr.io/linuxserver/code-server
tag: 4.112.0@sha256:4bb5b8ad22268001687c047f0f04933799fb03df1eb0e1e266ba15ed2d9f4e8b tag: 4.111.0@sha256:12c04b41f601604795562ece2ac64cade7cfca632415f4bfb1742477e3226272
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ

2
clusters/cl01tl/helm/dawarich/Chart.yaml
View File

@@ -26,4 +26,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png
# renovate: datasource=github-releases depName=Freika/dawarich # renovate: datasource=github-releases depName=Freika/dawarich
appVersion: 1.4.0 appVersion: 1.3.4

4
clusters/cl01tl/helm/dawarich/values.yaml
View File

@@ -9,7 +9,7 @@ dawarich:
main: main:
image: image:
repository: freikin/dawarich repository: freikin/dawarich
tag: 1.4.0 tag: 1.3.4
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
command: ["web-entrypoint.sh"] command: ["web-entrypoint.sh"]
args: ["bin/rails", "server", "-p", "3000", "-b", "::"] args: ["bin/rails", "server", "-p", "3000", "-b", "::"]
@@ -106,7 +106,7 @@ dawarich:
sidekiq: sidekiq:
image: image:
repository: freikin/dawarich repository: freikin/dawarich
tag: 1.4.0 tag: 1.3.4
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
command: ["sidekiq-entrypoint.sh"] command: ["sidekiq-entrypoint.sh"]
args: ["sidekiq"] args: ["sidekiq"]

6
clusters/cl01tl/helm/decluttarr/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
digest: sha256:548ae1f8699100a2f6bac11a4a3137402b3eea340c7a3db4d9f1813ad6a11dca
generated: "2026-02-23T22:08:42.516245-06:00"

20
clusters/cl01tl/helm/decluttarr/Chart.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: v2
name: decluttarr
version: 1.0.0
description: decluttarr
keywords:
- decluttarr
- servarr
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/ManiMatter/decluttarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: decluttarr
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
# renovate: datasource=github-releases depName=ManiMatter/decluttarr
appVersion: v2.0.0

21
clusters/cl01tl/helm/decluttarr/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: decluttarr-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: decluttarr-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: config.yaml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/decluttarr/config
metadataPolicy: None
property: config.yaml

32
clusters/cl01tl/helm/decluttarr/values.yaml Normal file
View File

@@ -0,0 +1,32 @@
decluttarr:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/manimatter/decluttarr
tag: v2.0.0
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
resources:
requests:
cpu: 10m
memory: 128Mi
persistence:
config:
enabled: true
type: secret
name: decluttarr-config-secret
advancedMounts:
main:
main:
- path: /app/config/config.yaml
readOnly: true
mountPropagation: None
subPath: config.yaml

6
clusters/cl01tl/helm/element-web/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies: dependencies:
- name: element-web - name: element-web
repository: https://ananace.gitlab.io/charts repository: https://ananace.gitlab.io/charts
version: 1.4.33 version: 1.4.32
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.4.0
digest: sha256:63b0e582d42fb42bcf4d96ba4b299e42c434c42f284208596808288543192fe0 digest: sha256:49d9dd45eff7cbbc11644e4a8bd3c9d3bf84716ed034a76f097f0ba1fea4c934
generated: "2026-03-24T16:11:50.424321433Z" generated: "2026-03-11T16:04:17.556777286Z"

4
clusters/cl01tl/helm/element-web/Chart.yaml
View File

@@ -17,11 +17,11 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: element-web - name: element-web
version: 1.4.33 version: 1.4.32
repository: https://ananace.gitlab.io/charts repository: https://ananace.gitlab.io/charts
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.4.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png
# renovate: datasource=github-releases depName=element-hq/element-web # renovate: datasource=github-releases depName=element-hq/element-web
appVersion: v1.12.13 appVersion: v1.12.12

2
clusters/cl01tl/helm/element-web/values.yaml
View File

@@ -2,7 +2,7 @@ element-web:
replicaCount: 1 replicaCount: 1
image: image:
repository: vectorim/element-web repository: vectorim/element-web
tag: v1.12.13 tag: v1.12.12
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
defaultServer: defaultServer:
url: https://matrix.alexlebens.dev url: https://matrix.alexlebens.dev

22
clusters/cl01tl/helm/eraser/values.yaml
View File

@@ -34,7 +34,27 @@ eraser:
request: request:
cpu: 100m cpu: 100m
memory: 128Mi memory: 128Mi
config: "" config: "" # |
# cacheDir: /var/lib/trivy
# dbRepo: ghcr.io/aquasecurity/trivy-db
# deleteFailedImages: true
# deleteEOLImages: true
# vulnerabilities:
# ignoreUnfixed: true
# types:
# - os
# - library
# securityChecks:
# - vuln
# severities:
# - CRITICAL
# - HIGH
# - MEDIUM
# - LOW
# ignoredStatuses:
# timeout:
# total: 23h
# perImage: 1h
remover: remover:
request: request:
cpu: 10m cpu: 10m

6
clusters/cl01tl/helm/external-secrets/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: external-secrets - name: external-secrets
repository: https://charts.external-secrets.io repository: https://charts.external-secrets.io
version: 2.2.0 version: 2.1.0
digest: sha256:832fc3f8d3728bdea2b696a6044e4c18967cd9ab9c5cc74adbf40aaa270a84b4 digest: sha256:b19563d51f1922403185979c6c442531a7bb13d302e8438b5a18d450259b7245
generated: "2026-03-20T20:53:08.407747649Z" generated: "2026-03-07T18:02:23.908145348Z"

4
clusters/cl01tl/helm/external-secrets/Chart.yaml
View File

@@ -12,8 +12,8 @@ sources:
- https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets - https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets
dependencies: dependencies:
- name: external-secrets - name: external-secrets
version: 2.2.0 version: 2.1.0
repository: https://charts.external-secrets.io repository: https://charts.external-secrets.io
icon: https://avatars.githubusercontent.com/u/68335991?s=48&v=4 icon: https://avatars.githubusercontent.com/u/68335991?s=48&v=4
# renovate: datasource=github-releases depName=external-secrets/external-secrets # renovate: datasource=github-releases depName=external-secrets/external-secrets
appVersion: v2.2.0 appVersion: v2.1.0

9
clusters/cl01tl/helm/foldergram/Chart.lock
View File

@@ -1,9 +0,0 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:59100c6fbfb829f9d703b9ee1cf869c4fd77b6ff53c63b0c644a757223027e58
generated: "2026-03-22T12:42:43.150705-05:00"

25
clusters/cl01tl/helm/foldergram/Chart.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: v2
name: foldergram
version: 1.0.0
description: Foldergram
keywords:
- foldergram
- pictures
home: https://wiki.alexlebens.dev/
sources:
- https://github.com/foldergram/foldergram
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: foldergram
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: volsync-target
alias: volsync-target-data
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://raw.githubusercontent.com/foldergram/foldergram/refs/heads/main/client/public/icon-512.png
# renovate: datasource=github-releases depName=foldergram/foldergram
appVersion: v1.0.6

17
clusters/cl01tl/helm/foldergram/templates/persistent-volume-claim.yaml
View File

@@ -1,17 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: foldergram-pictures-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: foldergram-pictures-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: foldergram-pictures-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

23
clusters/cl01tl/helm/foldergram/templates/persistent-volume.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: foldergram-pictures-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: foldergram-pictures-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Pictures
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

87
clusters/cl01tl/helm/foldergram/values.yaml
View File

@@ -1,87 +0,0 @@
foldergram:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/foldergram/foldergram
tag: 1.0.6
pullPolicy: IfNotPresent
env:
- name: IMAGE_DETAIL_SOURCE
value: original
- name: DERIVATIVE_MODE
value: lazy
- name: DATA_ROOT
value: ./data
- name: GALLERY_ROOT
value: /gallery
- name: CSRF_TRUSTED_ORIGINS
value: https://foldergram.alexlebens.net
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 4141
protocol: HTTP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- foldergram.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: foldergram
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence:
cache:
forceRename: foldergram-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: false
advancedMounts:
main:
main:
- path: /app/data
readOnly: false
pictures:
existingClaim: foldergram-pictures-nfs-storage
advancedMounts:
main:
main:
- path: /gallery/pictures
readOnly: true
volsync-target-data:
pvcTarget: foldergram-data
local:
enabled: true
schedule: 46 11 * * *
remote:
enabled: true
schedule: 46 12 * * *
external:
enabled: true
schedule: 46 13 * * *

13
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -161,11 +161,8 @@ gatus:
- name: photoview - name: photoview
url: https://photoview.alexlebens.net url: https://photoview.alexlebens.net
<<: *defaults <<: *defaults
- name: foldergram - name: booklore
url: https://foldergram.alexlebens.net url: https://booklore.alexlebens.net
<<: *defaults
- name: grimmory
url: https://grimmory.alexlebens.net
<<: *defaults <<: *defaults
- name: directus - name: directus
url: https://directus.alexlebens.net url: https://directus.alexlebens.net
@@ -194,9 +191,6 @@ gatus:
- name: excalidraw - name: excalidraw
url: https://excalidraw.alexlebens.net url: https://excalidraw.alexlebens.net
<<: *defaults <<: *defaults
- name: languagetool
url: https://languagetool.alexlebens.net
<<: *defaults
- name: gitea - name: gitea
url: https://gitea.alexlebens.net url: https://gitea.alexlebens.net
<<: *defaults <<: *defaults
@@ -310,9 +304,6 @@ gatus:
- name: tdarr - name: tdarr
url: https://tdarr.alexlebens.net url: https://tdarr.alexlebens.net
<<: *defaults <<: *defaults
- name: houndarr
url: https://houndarr.alexlebens.net
<<: *defaults
- name: sonarr - name: sonarr
url: http://sonarr.sonarr:80 url: http://sonarr.sonarr:80
<<: *defaults <<: *defaults

6
clusters/cl01tl/helm/generic-device-plugin/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: generic-device-plugin - name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.26 version: 0.20.23
digest: sha256:47d12b7555d345dea0438d13ac538896994dbd44b142b9a546dbfe5c0939a92b digest: sha256:1565d6e94921e2543bf4c302ddebb7504fbfd9113c976e4d297de18e9a0c06c6
generated: "2026-03-24T16:59:26.537547513Z" generated: "2026-03-19T01:04:01.714112981Z"

2
clusters/cl01tl/helm/generic-device-plugin/Chart.yaml
View File

@@ -15,6 +15,6 @@ maintainers:
dependencies: dependencies:
- name: generic-device-plugin - name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.26 version: 0.20.23
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: 1.0.0 appVersion: 1.0.0

19
clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml
View File

@@ -377,6 +377,25 @@ spec:
resyncPeriod: 1h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/tdarr.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/tdarr.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: grafana-dashboard-trivy
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-dashboard-trivy
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 1h
folderUID: grafana-folder-service
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/trivy.json
--- ---
apiVersion: grafana.integreatly.org/v1beta1 apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard kind: GrafanaDashboard

31
clusters/cl01tl/helm/grimmory/Chart.yaml
View File

@@ -1,31 +0,0 @@
apiVersion: v2
name: grimmory
version: 1.0.0
description: Grimmory
keywords:
- grimmory
- books
home: https://docs.alexlebens.dev/applications/grimmory/
sources:
- https://github.com/grimmory-tools/grimmory
- https://github.com/grimmory-tools/grimmory/pkgs/container/grimmory
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://github.com/mariadb-operator/mariadb-operator/tree/main/deploy/charts/mariadb-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: grimmory
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: mariadb-cluster
version: 26.3.0
repository: https://helm.mariadb.com/mariadb-operator
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/grimmory.png
# renovate: datasource=github-releases depName=grimmory-tools/grimmory
appVersion: v2.3.0

2
clusters/cl01tl/helm/harbor/Chart.yaml
View File

@@ -29,4 +29,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/harbor.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/harbor.png
# renovate: datasource=github-releases depName=goharbor/harbor # renovate: datasource=github-releases depName=goharbor/harbor
appVersion: v2.15.0 appVersion: v2.14.3

2
clusters/cl01tl/helm/headlamp/Chart.yaml
View File

@@ -18,4 +18,4 @@ dependencies:
repository: https://kubernetes-sigs.github.io/headlamp/ repository: https://kubernetes-sigs.github.io/headlamp/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/headlamp.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/headlamp.png
# renovate: datasource=github-releases depName=headlamp-k8s/headlamp # renovate: datasource=github-releases depName=headlamp-k8s/headlamp
appVersion: v0.41.0 appVersion: v0.40.1

3
clusters/cl01tl/helm/headlamp/values.yaml
View File

@@ -25,6 +25,9 @@ headlamp:
- name: cert-manager - name: cert-manager
source: https://artifacthub.io/packages/headlamp/headlamp-plugins/headlamp_cert-manager source: https://artifacthub.io/packages/headlamp/headlamp-plugins/headlamp_cert-manager
version: 0.1.0 version: 0.1.0
- name: trivy
source: https://artifacthub.io/packages/headlamp/headlamp-trivy/headlamp_trivy
version: 0.3.1
- name: external-secrets-operator - name: external-secrets-operator
source: https://artifacthub.io/packages/headlamp/external-secrets-operator-headlamp-plugin/external-secrets-operator source: https://artifacthub.io/packages/headlamp/external-secrets-operator-headlamp-plugin/external-secrets-operator
version: 0.1.0-beta7 version: 0.1.0-beta7

2
clusters/cl01tl/helm/home-assistant/Chart.yaml
View File

@@ -25,4 +25,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/home-assistant.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/home-assistant.png
# renovate: datasource=github-releases depName=home-assistant/core # renovate: datasource=github-releases depName=home-assistant/core
appVersion: 2026.3.4 appVersion: 2026.3.2

4
clusters/cl01tl/helm/home-assistant/values.yaml
View File

@@ -9,7 +9,7 @@ home-assistant:
main: main:
image: image:
repository: ghcr.io/home-assistant/home-assistant repository: ghcr.io/home-assistant/home-assistant
tag: 2026.3.4 tag: 2026.3.2
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
@@ -21,7 +21,7 @@ home-assistant:
code-server: code-server:
image: image:
repository: ghcr.io/linuxserver/code-server repository: ghcr.io/linuxserver/code-server
tag: 4.112.0@sha256:4bb5b8ad22268001687c047f0f04933799fb03df1eb0e1e266ba15ed2d9f4e8b tag: 4.111.0@sha256:12c04b41f601604795562ece2ac64cade7cfca632415f4bfb1742477e3226272
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ

27
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -202,17 +202,11 @@ homepage:
href: https://photoview.alexlebens.net href: https://photoview.alexlebens.net
siteMonitor: http://photoview.photoview:80 siteMonitor: http://photoview.photoview:80
statusStyle: dot statusStyle: dot
- Pictures:
icon: https://raw.githubusercontent.com/foldergram/foldergram/refs/heads/main/client/public/icon-512.png
description: Foldergram
href: https://foldergram.alexlebens.net
siteMonitor: http://foldergram.foldergram:80
statusStyle: dot
- Books: - Books:
icon: sh-booklore.webp icon: sh-booklore.webp
description: Grimmory description: Booklore
href: https://grimmory.alexlebens.net href: https://booklore.alexlebens.net
siteMonitor: http://grimmory.grimmory:80 siteMonitor: http://booklore.booklore:80
statusStyle: dot statusStyle: dot
- Public: - Public:
- Site: - Site:
@@ -639,12 +633,6 @@ homepage:
href: https://bazarr.alexlebens.net href: https://bazarr.alexlebens.net
siteMonitor: http://bazarr.bazarr:80 siteMonitor: http://bazarr.bazarr:80
statusStyle: dot statusStyle: dot
- Houndarr:
icon: https://raw.githubusercontent.com/av1155/houndarr/main/src/houndarr/static/img/houndarr-logo-dark.png
description: Media Searches
href: https://houndarr.alexlebens.net
siteMonitor: http://houndarr.houndarr:80
statusStyle: dot
- Tdarr: - Tdarr:
icon: sh-tdarr.webp icon: sh-tdarr.webp
description: Media transcoding and health checks description: Media transcoding and health checks
@@ -792,6 +780,9 @@ homepage:
- Digital Ocean: - Digital Ocean:
- abbr: DO - abbr: DO
href: https://www.digitalocean.com/ href: https://www.digitalocean.com/
- AWS:
- abbr: AW
href: https://aws.amazon.com/console/
- Cloudflare: - Cloudflare:
- abbr: CF - abbr: CF
href: https://dash.cloudflare.com/b76e303258b84076ee01fd0f515c0768 href: https://dash.cloudflare.com/b76e303258b84076ee01fd0f515c0768
@@ -801,12 +792,12 @@ homepage:
- ProtonVPN: - ProtonVPN:
- abbr: PV - abbr: PV
href: https://account.protonvpn.com/ href: https://account.protonvpn.com/
- AirVPN:
- abbr: AV
href: https://airvpn.org/
- Unifi: - Unifi:
- abbr: UF - abbr: UF
href: https://unifi.ui.com/ href: https://unifi.ui.com/
- Pushover:
- abbr: PO
href: https://pushover.net
- ReCaptcha: - ReCaptcha:
- abbr: RC - abbr: RC
href: https://www.google.com/recaptcha/admin/site/698983587 href: https://www.google.com/recaptcha/admin/site/698983587

9
clusters/cl01tl/helm/houndarr/Chart.lock
View File

@@ -1,9 +0,0 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:375d6c2eb2f097717c44c5a28cb162da24f4ff154a971e5a68ccd0e0b77e936f
generated: "2026-03-21T22:31:01.142752-05:00"

25
clusters/cl01tl/helm/houndarr/Chart.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: v2
name: houndarr
version: 1.0.0
description: Houndarr
keywords:
- houndarr
- servarr
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/av1155/houndarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: houndarr
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: volsync-target
alias: volsync-target-data
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://raw.githubusercontent.com/av1155/houndarr/main/src/houndarr/static/img/houndarr-logo-dark.png
# renovate: datasource=github-releases depName=av1155/houndarr
appVersion: v1.6.2

84
clusters/cl01tl/helm/houndarr/values.yaml
View File

@@ -1,84 +0,0 @@
houndarr:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/av1155/houndarr
tag: v1.6.2
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
- name: PUID
value: 1000
- name: PGID
value: 1000
- name: HOUNDARR_SECURE_COOKIES
value: true
- name: HOUNDARR_TRUSTED_PROXIES
value: 10.96.0.0/12
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 8877
protocol: HTTP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- houndarr.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: houndarr
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence:
data:
forceRename: houndarr-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
advancedMounts:
main:
main:
- path: /data
readOnly: false
volsync-target-data:
pvcTarget: houndarr-data
moverSecurityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
schedule: 40 11 * * *
remote:
enabled: true
schedule: 40 12 * * *
external:
enabled: true
schedule: 40 14 * * *

2
clusters/cl01tl/helm/immich/Chart.yaml
View File

@@ -32,4 +32,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/immich.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/immich.png
# renovate: datasource=github-releases depName=immich-app/immich # renovate: datasource=github-releases depName=immich-app/immich
appVersion: v2.6.2 appVersion: v2.6.1

2
clusters/cl01tl/helm/immich/values.yaml
View File

@@ -9,7 +9,7 @@ immich:
main: main:
image: image:
repository: ghcr.io/immich-app/immich-server repository: ghcr.io/immich-app/immich-server
tag: v2.6.2 tag: v2.5.6
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ

7
clusters/cl01tl/helm/komodo/Chart.lock
View File

@@ -5,8 +5,5 @@ dependencies:
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0 version: 7.10.0
- name: volsync-target digest: sha256:a6f33512d929c5a1b70bde6c3294902f5d707855aabbaa815f32e23aa54b266f
repository: oci://harbor.alexlebens.net/helm-charts generated: "2026-03-15T20:06:49.233053802Z"
version: 0.8.0
digest: sha256:c1bbed66c94b64ba44ef1caadf74d46d9bce551e37b62b1cd0a3af9b81046251
generated: "2026-03-24T14:00:56.813765-05:00"

6
clusters/cl01tl/helm/komodo/Chart.yaml
View File

@@ -25,10 +25,6 @@ dependencies:
alias: postgresql-17-fdb-cluster alias: postgresql-17-fdb-cluster
version: 7.10.0 version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-keys
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/komodo.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/komodo.png
# renovate: datasource=github-releases depName=moghtech/komodo # renovate: datasource=github-releases depName=moghtech/komodo
appVersion: v2.0.0 appVersion: v1.19.5

24
clusters/cl01tl/helm/komodo/values.yaml
View File

@@ -9,7 +9,7 @@ komodo:
main: main:
image: image:
repository: ghcr.io/moghtech/komodo-core repository: ghcr.io/moghtech/komodo-core
tag: 2.0.0@sha256:3cc134272b39313ae1fb34ea8a3c8a0c2f629a3c2eeaf71258702159f154f9e9 tag: 1.19.5
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: COMPOSE_LOGGING_DRIVER - name: COMPOSE_LOGGING_DRIVER
@@ -145,17 +145,6 @@ komodo:
type: PathPrefix type: PathPrefix
value: / value: /
persistence: persistence:
keys:
forceRename: komodo-keys
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
main:
- path: /config/keys
readOnly: false
cache: cache:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
@@ -253,14 +242,3 @@ postgresql-17-fdb-cluster:
# immediate: true # immediate: true
# schedule: "0 0 0 * * *" # schedule: "0 0 0 * * *"
# backupName: external # backupName: external
volsync-target-keys:
pvcTarget: komodo-keys
local:
enabled: true
schedule: 54 11 * * *
remote:
enabled: true
schedule: 54 12 * * *
external:
enabled: true
schedule: 54 13 * * *

6
clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies: dependencies:
- name: kube-prometheus-stack - name: kube-prometheus-stack
repository: oci://ghcr.io/prometheus-community/charts repository: oci://ghcr.io/prometheus-community/charts
version: 82.13.6 version: 82.12.0
- name: app-template - name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0 version: 0.4.0
digest: sha256:6c29e37c4a0b08244b3ab0c60b2e07a2574f382f18183d98017d2d0dbcab7f21 digest: sha256:05c8453c68596a58884eb65cc0e2f86f5aaa764a63fe4b8c53d40b5f9b40670e
generated: "2026-03-24T17:20:56.086048387Z" generated: "2026-03-19T09:02:27.865169773Z"

4
clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
View File

@@ -20,7 +20,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: kube-prometheus-stack - name: kube-prometheus-stack
version: 82.13.6 version: 82.12.0
repository: oci://ghcr.io/prometheus-community/charts repository: oci://ghcr.io/prometheus-community/charts
- name: app-template - name: app-template
alias: ntfy-alertmanager alias: ntfy-alertmanager
@@ -32,4 +32,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png
# renovate: datasource=github-releases depName=prometheus-operator/prometheus-operator # renovate: datasource=github-releases depName=prometheus-operator/prometheus-operator
appVersion: v0.90.0 appVersion: v0.89.0

9
clusters/cl01tl/helm/languagetool/Chart.lock
View File

@@ -1,9 +0,0 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:cb14506ada77add5ffcb93d38763e2a5c962312e5754618265d15c4361fea783
generated: "2026-03-20T17:49:46.393059-05:00"

27
clusters/cl01tl/helm/languagetool/Chart.yaml
View File

@@ -1,27 +0,0 @@
apiVersion: v2
name: languagetool
version: 1.0.0
description: LanguageTool
keywords:
- languagetool
- spellchecking
home: https://wiki.alexlebens.dev/
sources:
- https://github.com/languagetool-org/languagetool
- https://github.com/Erikvl87/docker-languagetool
- https://hub.docker.com/r/erikvl87/languagetool
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: languagetool
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: volsync-target
alias: volsync-target-data
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/languagetool.webp
# renovate: datasource=github-releases depName=Erikvl87/docker-languagetool
appVersion: "6.7"

76
clusters/cl01tl/helm/languagetool/values.yaml
View File

@@ -1,76 +0,0 @@
languagetool:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: erikvl87/languagetool
tag: 6.7
pullPolicy: IfNotPresent
env:
- name: langtool_languageModel
value: /ngrams
- name: Java_Xms
value: 512m
- name: Java_Xmx
value: 1g
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 8010
protocol: HTTP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- languagetool.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: languagetool
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence:
data:
forceRename: languagetool-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
main:
- path: /ngrams
readOnly: false
volsync-target-data:
pvcTarget: languagetool-data
local:
enabled: true
schedule: 38 11 * * *
remote:
enabled: true
schedule: 38 12 * * *
external:
enabled: true
schedule: 38 14 * * *

6
clusters/cl01tl/helm/matrix-synapse/Chart.lock
View File

@@ -1,7 +1,7 @@
dependencies: dependencies:
- name: matrix-synapse - name: matrix-synapse
repository: https://ananace.gitlab.io/charts repository: https://ananace.gitlab.io/charts
version: 3.12.24 version: 3.12.23
- name: app-template - name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
@@ -38,5 +38,5 @@ dependencies:
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:8fb2d00605ade15db97e778f47ecc1ffae3705ce3408a17e0a21f7def65de884 digest: sha256:1578e2c48447f217e72bffb3afcb6f1f15c427a4acce5dbca830cdd7045b1348
generated: "2026-03-24T16:59:56.540825394Z" generated: "2026-03-15T20:07:12.751000922Z"

4
clusters/cl01tl/helm/matrix-synapse/Chart.yaml
View File

@@ -29,7 +29,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: matrix-synapse - name: matrix-synapse
version: 3.12.24 version: 3.12.23
repository: https://ananace.gitlab.io/charts repository: https://ananace.gitlab.io/charts
- name: app-template - name: app-template
alias: matrix-hookshot alias: matrix-hookshot
@@ -81,4 +81,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/matrix.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/matrix.png
# renovate: datasource=github-releases depName=element-hq/synapse # renovate: datasource=github-releases depName=element-hq/synapse
appVersion: v1.150.0 appVersion: v1.149.1

2
clusters/cl01tl/helm/medialyze/Chart.yaml
View File

@@ -19,4 +19,4 @@ dependencies:
version: 4.6.2 version: 4.6.2
icon: https://raw.githubusercontent.com/frederikemmer/MediaLyze/d8f69c0628bac7c047b90f91a66341648029c273/frontend/public/favicon.svg icon: https://raw.githubusercontent.com/frederikemmer/MediaLyze/d8f69c0628bac7c047b90f91a66341648029c273/frontend/public/favicon.svg
# renovate: datasource=github-releases depName=frederikemmer/MediaLyze # renovate: datasource=github-releases depName=frederikemmer/MediaLyze
appVersion: 0.2.5 appVersion: 0.2.2

2
clusters/cl01tl/helm/medialyze/values.yaml
View File

@@ -9,7 +9,7 @@ medialyze:
main: main:
image: image:
repository: ghcr.io/frederikemmer/medialyze repository: ghcr.io/frederikemmer/medialyze
tag: 0.2.5 tag: 0.2.2
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: HOST_PORT - name: HOST_PORT

2
clusters/cl01tl/helm/movie-roulette/Chart.yaml
View File

@@ -19,4 +19,4 @@ dependencies:
version: 4.6.2 version: 4.6.2
icon: https://raw.githubusercontent.com/sahara101/Movie-Roulette/refs/heads/main/static/icons/icon.png icon: https://raw.githubusercontent.com/sahara101/Movie-Roulette/refs/heads/main/static/icons/icon.png
# renovate: datasource=github-releases depName=sahara101/Movie-Roulette # renovate: datasource=github-releases depName=sahara101/Movie-Roulette
appVersion: v5.3.0 appVersion: v5.2.1

2
clusters/cl01tl/helm/movie-roulette/values.yaml
View File

@@ -9,7 +9,7 @@ movie-roulette:
main: main:
image: image:
repository: ghcr.io/sahara101/movie-roulette repository: ghcr.io/sahara101/movie-roulette
tag: v5.3.0 tag: v5.2.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: FLASK_SECRET_KEY - name: FLASK_SECRET_KEY

21
clusters/cl01tl/helm/music-grabber/templates/external-secret.yaml
View File

@@ -60,27 +60,20 @@ spec:
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /airvpn/conf/cl01tl key: /protonvpn/conf/cl01tl
metadataPolicy: None metadataPolicy: None
property: private-key property: private-key
- secretKey: preshared-key - secretKey: proton-email
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /airvpn/conf/cl01tl key: /protonvpn/conf/cl01tl
metadataPolicy: None metadataPolicy: None
property: preshared-key property: email
- secretKey: addresses - secretKey: proton-password
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /airvpn/conf/cl01tl key: /protonvpn/conf/cl01tl
metadataPolicy: None metadataPolicy: None
property: addresses property: password
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports

134
clusters/cl01tl/helm/music-grabber/values.yaml
View File

@@ -9,7 +9,7 @@ music-grabber:
main: main:
image: image:
repository: g33kphr33k/musicgrabber repository: g33kphr33k/musicgrabber
tag: 2.5.1 tag: 2.4.6
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: MUSIC_DIR - name: MUSIC_DIR
@@ -50,72 +50,72 @@ music-grabber:
requests: requests:
cpu: 10m cpu: 10m
memory: 512Mi memory: 512Mi
# gluetun: gluetun:
# image: image:
# repository: ghcr.io/qdm12/gluetun repository: ghcr.io/qdm12/gluetun
# tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
# pullPolicy: IfNotPresent pullPolicy: IfNotPresent
# lifecycle: lifecycle:
# postStart: postStart:
# exec: exec:
# command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"] command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
# env: env:
# - name: VPN_SERVICE_PROVIDER - name: VPN_SERVICE_PROVIDER
# value: airvpn value: protonvpn
# - name: VPN_TYPE - name: VPN_TYPE
# value: wireguard value: wireguard
# - name: WIREGUARD_PRIVATE_KEY - name: WIREGUARD_PRIVATE_KEY
# valueFrom: valueFrom:
# secretKeyRef: secretKeyRef:
# name: music-grabber-wireguard-conf name: music-grabber-wireguard-conf
# key: private-key key: private-key
# - name: WIREGUARD_PRESHARED_KEY - name: UPDATER_PROTONVPN_EMAIL
# valueFrom: valueFrom:
# secretKeyRef: secretKeyRef:
# name: music-grabber-wireguard-conf name: music-grabber-wireguard-conf
# key: preshared-key key: proton-email
# - name: WIREGUARD_ADDRESSES - name: UPDATER_PROTONVPN_PASSWORD
# valueFrom: valueFrom:
# secretKeyRef: secretKeyRef:
# name: music-grabber-wireguard-conf name: music-grabber-wireguard-conf
# key: addresses key: proton-password
# - name: FIREWALL_OUTBOUND_SUBNETS - name: FIREWALL_OUTBOUND_SUBNETS
# value: 10.0.0.0/8 value: 10.0.0.0/8
# - name: FIREWALL_INPUT_PORTS - name: FIREWALL_INPUT_PORTS
# value: 8080 value: 8080
# - name: DNS_UPSTREAM_RESOLVER_TYPE - name: DNS_UPSTREAM_RESOLVER_TYPE
# value: dot value: dot
# - name: HTTPPROXY - name: HTTPPROXY
# value: "off" value: "off"
# - name: SHADOWSOCKS - name: SHADOWSOCKS
# value: "off" value: "off"
# securityContext: securityContext:
# privileged: True privileged: True
# capabilities: capabilities:
# add: add:
# - NET_ADMIN - NET_ADMIN
# - SYS_MODULE - SYS_MODULE
# probes: probes:
# liveness: liveness:
# enabled: true enabled: true
# custom: true custom: true
# spec: spec:
# exec: exec:
# command: command:
# - /gluetun-entrypoint - /gluetun-entrypoint
# - healthcheck - healthcheck
# failureThreshold: 5 failureThreshold: 5
# initialDelaySeconds: 30 initialDelaySeconds: 30
# periodSeconds: 30 periodSeconds: 30
# successThreshold: 1 successThreshold: 1
# timeoutSeconds: 15 timeoutSeconds: 15
# resources: resources:
# limits: limits:
# devic.es/tun: "1" devic.es/tun: "1"
# requests: requests:
# devic.es/tun: "1" devic.es/tun: "1"
# cpu: 10m cpu: 10m
# memory: 128Mi memory: 128Mi
service: service:
main: main:
controller: main controller: main

3
clusters/cl01tl/helm/plex/values.yaml
View File

@@ -9,7 +9,7 @@ plex:
main: main:
image: image:
repository: ghcr.io/linuxserver/plex repository: ghcr.io/linuxserver/plex
tag: 1.43.0@sha256:a27f1ce1e1d14cd3627ed217f042bf8de0f796ed274fb27b2dc971ae22a64b95 tag: 1.43.0@sha256:84f8646e799f6636876ab4f283d9fc8f6c51d56098ea74cba82bfb85074b68df
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
@@ -26,7 +26,6 @@ plex:
service: service:
main: main:
controller: main controller: main
type: LoadBalancer
ports: ports:
http: http:
port: 32400 port: 32400

2
clusters/cl01tl/helm/postiz/Chart.yaml
View File

@@ -42,4 +42,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/postiz.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/postiz.png
# renovate: datasource=github-releases depName=gitroomhq/postiz-app # renovate: datasource=github-releases depName=gitroomhq/postiz-app
appVersion: v2.21.0 appVersion: v2.20.2

2
clusters/cl01tl/helm/postiz/values.yaml
View File

@@ -9,7 +9,7 @@ postiz:
main: main:
image: image:
repository: ghcr.io/gitroomhq/postiz-app repository: ghcr.io/gitroomhq/postiz-app
tag: v2.21.0 tag: v2.20.2
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: MAIN_URL - name: MAIN_URL

2
clusters/cl01tl/helm/prometheus-operator-crds/Chart.yaml
View File

@@ -19,4 +19,4 @@ dependencies:
repository: oci://ghcr.io/prometheus-community/charts repository: oci://ghcr.io/prometheus-community/charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png
# renovate: datasource=github-releases depName=prometheus-operator/prometheus-operator # renovate: datasource=github-releases depName=prometheus-operator/prometheus-operator
appVersion: v0.90.0 appVersion: v0.89.0

21
clusters/cl01tl/helm/qbittorrent/templates/external-secret.yaml
View File

@@ -16,30 +16,23 @@ spec:
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /airvpn/conf/cl01tl key: /protonvpn/conf/cl01tl
metadataPolicy: None metadataPolicy: None
property: private-key property: private-key
- secretKey: preshared-key - secretKey: proton-email
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /airvpn/conf/cl01tl key: /protonvpn/conf/cl01tl
metadataPolicy: None metadataPolicy: None
property: preshared-key property: email
- secretKey: addresses - secretKey: proton-password
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /airvpn/conf/cl01tl key: /protonvpn/conf/cl01tl
metadataPolicy: None metadataPolicy: None
property: addresses property: password
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1

27
clusters/cl01tl/helm/qbittorrent/values.yaml
View File

@@ -56,7 +56,7 @@ qbittorrent:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"] command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env: env:
- name: VPN_SERVICE_PROVIDER - name: VPN_SERVICE_PROVIDER
value: airvpn value: protonvpn
- name: VPN_TYPE - name: VPN_TYPE
value: wireguard value: wireguard
- name: WIREGUARD_PRIVATE_KEY - name: WIREGUARD_PRIVATE_KEY
@@ -64,29 +64,28 @@ qbittorrent:
secretKeyRef: secretKeyRef:
name: qbittorrent-wireguard-conf name: qbittorrent-wireguard-conf
key: private-key key: private-key
- name: WIREGUARD_PRESHARED_KEY - name: UPDATER_PROTONVPN_EMAIL
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: qbittorrent-wireguard-conf name: qbittorrent-wireguard-conf
key: preshared-key key: proton-email
- name: WIREGUARD_ADDRESSES - name: UPDATER_PROTONVPN_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: qbittorrent-wireguard-conf name: qbittorrent-wireguard-conf
key: addresses key: proton-password
- name: FIREWALL_VPN_INPUT_PORTS - name: VPN_PORT_FORWARDING
valueFrom: value: "on"
secretKeyRef: - name: VPN_PORT_FORWARDING_UP_COMMAND
name: qbittorrent-wireguard-conf value: '/bin/sh -c "/gluetun/update.sh {{ printf "{{PORTS}}" }}"'
key: input-ports - name: PORT_FORWARD_ONLY
value: "on"
- name: FIREWALL_OUTBOUND_SUBNETS - name: FIREWALL_OUTBOUND_SUBNETS
value: 192.168.1.0/24,10.244.0.0/16 value: 192.168.1.0/24,10.244.0.0/16
- name: FIREWALL_INPUT_PORTS - name: FIREWALL_INPUT_PORTS
value: 8080,9022 value: 8080,9022
- name: DNS_UPSTREAM_RESOLVER_TYPE - name: DNS_UPSTREAM_RESOLVER_TYPE
value: dot value: dot
- name: BLOCK_MALICIOUS
value: "off"
- name: HTTPPROXY - name: HTTPPROXY
value: "off" value: "off"
- name: SHADOWSOCKS - name: SHADOWSOCKS
@@ -162,7 +161,7 @@ qbittorrent:
qbit-manage: qbit-manage:
image: image:
repository: ghcr.io/stuffanthings/qbit_manage repository: ghcr.io/stuffanthings/qbit_manage
tag: v4.6.6 tag: v4.6.5
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
@@ -184,7 +183,7 @@ qbittorrent:
apprise-api: apprise-api:
image: image:
repository: caronc/apprise repository: caronc/apprise
tag: v1.3.3 tag: v1.3.2
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ

2
clusters/cl01tl/helm/rclone/Chart.yaml
View File

@@ -20,4 +20,4 @@ dependencies:
version: 4.6.2 version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/rclone.webp icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/rclone.webp
# renovate: datasource=github-releases depName=rclone/rclone # renovate: datasource=github-releases depName=rclone/rclone
appVersion: v1.73.3 appVersion: v1.73.2

14
clusters/cl01tl/helm/rclone/values.yaml
View File

@@ -16,7 +16,7 @@ rclone:
sync: sync:
image: image:
repository: rclone/rclone repository: rclone/rclone
tag: 1.73.3 tag: 1.73.2
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
args: args:
- sync - sync
@@ -99,7 +99,7 @@ rclone:
sync: sync:
image: image:
repository: rclone/rclone repository: rclone/rclone
tag: 1.73.3 tag: 1.73.2
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
args: args:
- sync - sync
@@ -182,7 +182,7 @@ rclone:
sync: sync:
image: image:
repository: rclone/rclone repository: rclone/rclone
tag: 1.73.3 tag: 1.73.2
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
args: args:
- sync - sync
@@ -254,7 +254,7 @@ rclone:
prune: prune:
image: image:
repository: rclone/rclone repository: rclone/rclone
tag: 1.73.3 tag: 1.73.2
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
args: args:
- delete - delete
@@ -307,7 +307,7 @@ rclone:
sync: sync:
image: image:
repository: rclone/rclone repository: rclone/rclone
tag: 1.73.3 tag: 1.73.2
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
args: args:
- sync - sync
@@ -390,7 +390,7 @@ rclone:
sync: sync:
image: image:
repository: rclone/rclone repository: rclone/rclone
tag: 1.73.3 tag: 1.73.2
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
args: args:
- sync - sync
@@ -466,7 +466,7 @@ rclone:
prune: prune:
image: image:
repository: rclone/rclone repository: rclone/rclone
tag: 1.73.3 tag: 1.73.2
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
args: args:
- delete - delete

4
clusters/cl01tl/helm/roundcube/values.yaml
View File

@@ -9,7 +9,7 @@ roundcube:
main: main:
image: image:
repository: roundcube/roundcubemail repository: roundcube/roundcubemail
tag: 1.6.14-fpm-alpine tag: 1.6.13-fpm-alpine
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: ROUNDCUBEMAIL_DB_TYPE - name: ROUNDCUBEMAIL_DB_TYPE
@@ -85,7 +85,7 @@ roundcube:
backup: backup:
image: image:
repository: roundcube/roundcubemail repository: roundcube/roundcubemail
tag: 1.6.14-fpm-alpine tag: 1.6.13-fpm-alpine
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: ROUNDCUBEMAIL_DB_TYPE - name: ROUNDCUBEMAIL_DB_TYPE

4
clusters/cl01tl/helm/rybbit/values.yaml
View File

@@ -122,7 +122,7 @@ rybbit:
main: main:
image: image:
repository: clickhouse/clickhouse-server repository: clickhouse/clickhouse-server
tag: 26.2.5 tag: 26.2.4
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: CLICKHOUSE_DB - name: CLICKHOUSE_DB
@@ -139,7 +139,7 @@ rybbit:
key: clickhouse-password key: clickhouse-password
probes: probes:
liveness: liveness:
enabled: false enabled: true
custom: true custom: true
spec: spec:
exec: exec:

4
clusters/cl01tl/helm/searxng/values.yaml
View File

@@ -9,7 +9,7 @@ searxng:
main: main:
image: image:
repository: searxng/searxng repository: searxng/searxng
tag: latest@sha256:5cb5844fcb0f6e739cca03352a9d48e6e936323cb90f717cd07cee872b6d081a tag: latest@sha256:67a3e2e339eb33e60d16df2b328961583c908c4b6f3a176b23ecb9ddd6f137fd
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: SEARXNG_BASE_URL - name: SEARXNG_BASE_URL
@@ -39,7 +39,7 @@ searxng:
main: main:
image: image:
repository: searxng/searxng repository: searxng/searxng
tag: latest@sha256:5cb5844fcb0f6e739cca03352a9d48e6e936323cb90f717cd07cee872b6d081a tag: latest@sha256:67a3e2e339eb33e60d16df2b328961583c908c4b6f3a176b23ecb9ddd6f137fd
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: SEARXNG_BASE_URL - name: SEARXNG_BASE_URL

2
clusters/cl01tl/helm/shelfmark/Chart.yaml
View File

@@ -23,4 +23,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/shelfmark.webp icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/shelfmark.webp
# renovate: datasource=github-releases depName=calibrain/shelfmark # renovate: datasource=github-releases depName=calibrain/shelfmark
appVersion: v1.2.1 appVersion: v1.2.0

4
clusters/cl01tl/helm/shelfmark/templates/external-secret.yaml
View File

@@ -12,14 +12,14 @@ spec:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: vault
data: data:
- secretKey: grimmory-user - secretKey: booklore-user
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /cl01tl/shelfmark/booklore key: /cl01tl/shelfmark/booklore
metadataPolicy: None metadataPolicy: None
property: user property: user
- secretKey: grimmory-password - secretKey: booklore-password
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None

10
clusters/cl01tl/helm/shelfmark/values.yaml
View File

@@ -9,7 +9,7 @@ shelfmark:
main: main:
image: image:
repository: ghcr.io/calibrain/shelfmark repository: ghcr.io/calibrain/shelfmark
tag: v1.2.1 tag: v1.2.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: FLASK_PORT - name: FLASK_PORT
@@ -17,7 +17,7 @@ shelfmark:
- name: DOCKERMODE - name: DOCKERMODE
value: true value: true
- name: CALIBRE_WEB_URL - name: CALIBRE_WEB_URL
value: https://grimmory.alexlebens.net value: https://booklore.alexlebens.net
- name: AUDIOBOOK_LIBRARY_URL - name: AUDIOBOOK_LIBRARY_URL
value: https://audiobookshelf.alexlebens.net value: https://audiobookshelf.alexlebens.net
- name: SEARCH_MODE - name: SEARCH_MODE
@@ -29,17 +29,17 @@ shelfmark:
- name: BOOKS_OUTPUT_MODE - name: BOOKS_OUTPUT_MODE
value: booklore value: booklore
- name: BOOKLORE_HOST - name: BOOKLORE_HOST
value: http://grimmory.grimmory:80 value: http://booklore.booklore:80
- name: BOOKLORE_USERNAME - name: BOOKLORE_USERNAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: shelfmark-config-secret name: shelfmark-config-secret
key: grimmory-user key: booklore-user
- name: BOOKLORE_PASSWORD - name: BOOKLORE_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: shelfmark-config-secret name: shelfmark-config-secret
key: grimmory-password key: booklore-password
- name: BOOKLORE_DESTINATION - name: BOOKLORE_DESTINATION
value: library value: library
- name: BOOKLORE_LIBRARY_ID - name: BOOKLORE_LIBRARY_ID

2
clusters/cl01tl/helm/site-documentation/values.yaml
View File

@@ -11,7 +11,7 @@ site-documentation:
main: main:
image: image:
repository: harbor.alexlebens.net/images/site-documentation repository: harbor.alexlebens.net/images/site-documentation
tag: 0.6.0 tag: 0.3.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
resources: resources:
requests: requests:

Some files were not shown because too many files have changed in this diff Show More