alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity

Compare commits

base: alexlebens:main
Branches Tags
alexlebens:main alexlebens:renovate/unified-cilium alexlebens:manifests
..
compare: alexlebens:1aab45aac86e3a7e0f031ca62ca53548be58c3c9
Branches Tags
alexlebens:renovate/unified-cilium alexlebens:main alexlebens:manifests

2 Commits
main ... 1aab45aac8

Author SHA1 Message Date
Alex Lebens
1aab45aac8 feat: add grimmory as separate from booklore
All checks were successful
lint-test-docker / lint-docker-compose (pull_request) Successful in 25s
Details
lint-test-helm / lint-helm (pull_request) Successful in 1m41s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 1m11s
Details
render-manifests / render-manifests (pull_request) Successful in 54s
Details
2026-03-23 20:36:36 -05:00
Alex Lebens
59d37de1a5 feat: change fsGroup context 2026-03-23 19:55:26 -05:00
372 changed files with 5958 additions and 3898 deletions
Expand all files Collapse all files

2
.gitea/workflows/lint-test-docker.yaml
View File

@@ -28,7 +28,7 @@ jobs:
- name: Check Branch Exists - name: Check Branch Exists
id: check-branch-exists id: check-branch-exists
if: github.event_name == 'pull_request' if: github.event_name == 'pull_request'
uses: GuillaumeFalourd/branch-exists@650358876c774d6ccbd581b5553eb636dab79a97 # v1.2 uses: GuillaumeFalourd/branch-exists@009290475dc3d75b5d7ec680c0c5b614b0d9855d # v1.1
with: with:
branch: "${{ github.base_ref }}" branch: "${{ github.base_ref }}"

6
.gitea/workflows/lint-test-helm.yaml
View File

@@ -35,7 +35,7 @@ jobs:
- name: Check Branch Exists - name: Check Branch Exists
id: check-branch-exists id: check-branch-exists
if: github.event_name == 'pull_request' if: github.event_name == 'pull_request'
uses: GuillaumeFalourd/branch-exists@650358876c774d6ccbd581b5553eb636dab79a97 # v1.2 uses: GuillaumeFalourd/branch-exists@009290475dc3d75b5d7ec680c0c5b614b0d9855d # v1.1
with: with:
branch: ${{ github.base_ref }} branch: ${{ github.base_ref }}
@@ -58,7 +58,7 @@ jobs:
- name: Set Up Helm - name: Set Up Helm
if: steps.branch-exists.outputs.exists == 'true' if: steps.branch-exists.outputs.exists == 'true'
uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5 uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4
with: with:
token: ${{ secrets.GITEA_TOKEN }} token: ${{ secrets.GITEA_TOKEN }}
# renovate: datasource=github-releases depName=helm/helm # renovate: datasource=github-releases depName=helm/helm
@@ -257,7 +257,7 @@ jobs:
echo "----" echo "----"
- name: Set Up Helm - name: Set Up Helm
uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5 uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4
with: with:
token: ${{ secrets.GITEA_TOKEN }} token: ${{ secrets.GITEA_TOKEN }}
# renovate: datasource=github-releases depName=helm/helm # renovate: datasource=github-releases depName=helm/helm

10
.gitea/workflows/render-manifests.yaml
View File

@@ -43,14 +43,14 @@ jobs:
path: infrastructure-manifests path: infrastructure-manifests
- name: Set Up Helm - name: Set Up Helm
uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5 uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4
with: with:
token: ${{ secrets.GITEA_TOKEN }} token: ${{ secrets.GITEA_TOKEN }}
version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743 version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
cache: true cache: true
- name: Configure Kubeconfig - name: Configure Kubeconfig
uses: azure/k8s-set-context@89b837d75b40a7bd2ddafde837473c212db8b313 # v5 uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4
with: with:
method: kubeconfig method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }} kubeconfig: ${{ secrets.KUBECONFIG }}
@@ -273,7 +273,7 @@ jobs:
NAMESPACE="argocd" NAMESPACE="argocd"
echo ">> Special Rendering into 'argocd' namespace ..." echo ">> Special Rendering into 'argocd' namespace ..."
;; ;;
"cilium" | "coredns" | "metrics-server") "cilium" | "coredns" | "metrics-server" | "prometheus-operator-crds")
NAMESPACE="kube-system" NAMESPACE="kube-system"
echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..." echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..."
;; ;;
@@ -283,7 +283,7 @@ jobs:
echo ">> Formating rendered template ..." echo ">> Formating rendered template ..."
local TEMPLATE local TEMPLATE
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1") TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
# Format and split rendered template # Format and split rendered template
echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"' echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
@@ -314,7 +314,7 @@ jobs:
for DIR in ${RENDER_DIR}; do for DIR in ${RENDER_DIR}; do
echo "${DIR}" echo "${DIR}"
done | xargs -P 5 -I {} bash -c 'OUT=$(render_chart "$@" 2>&1); printf "%s\n" "$OUT"' _ {} done | xargs -P 4 -I {} bash -c 'OUT=$(render_chart "$@" 2>&1); printf "%s\n" "$OUT"' _ {}
echo "" echo ""
echo "----" echo "----"

2
.gitea/workflows/renovate.yaml
View File

@@ -13,7 +13,7 @@ on:
jobs: jobs:
renovate: renovate:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: ghcr.io/renovatebot/renovate:43.110.4@sha256:7ad99abc53b30d3f6e34df88b3e2b2b75436bba9b290e90d367356526034496f container: ghcr.io/renovatebot/renovate:43.84.2@sha256:92285747b3aac062a4f567762c272a12dce037843a20177a02c95b7c420e20cb
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

2
clusters/cl01tl/helm/actual/Chart.yaml
View File

@@ -24,4 +24,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png
# renovate: datasource=github-releases depName=actualbudget/actual # renovate: datasource=github-releases depName=actualbudget/actual
appVersion: 26.4.0 appVersion: 26.3.0

7
clusters/cl01tl/helm/actual/values.yaml
View File

@@ -8,14 +8,14 @@ actual:
main: main:
image: image:
repository: ghcr.io/actualbudget/actual repository: ghcr.io/actualbudget/actual
tag: 26.4.0@sha256:b0e732e2c41b3dc468a71548e88ef76d3f0c157fc43d15fa05d14ec1c5747e1e tag: 26.3.0@sha256:eb8bc26f53025e07e464594c12d77c52c4b95840c8dadd9b95c4f0c4660f8ad2
env: env:
- name: ACTUAL_PORT - name: ACTUAL_PORT
value: 5006 value: 5006
resources: resources:
requests: requests:
cpu: 10m cpu: 25m
memory: 50Mi memory: 64Mi
probes: probes:
liveness: liveness:
enabled: true enabled: true
@@ -39,6 +39,7 @@ actual:
http: http:
port: 80 port: 80
targetPort: 5006 targetPort: 5006
protocol: HTTP
route: route:
main: main:
kind: HTTPRoute kind: HTTPRoute

12
clusters/cl01tl/helm/argo-workflows/Chart.lock Normal file
View File

@@ -0,0 +1,12 @@
dependencies:
- name: argo-workflows
repository: https://argoproj.github.io/argo-helm
version: 1.0.5
- name: argo-events
repository: https://argoproj.github.io/argo-helm
version: 2.4.21
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0
digest: sha256:d0d7ebf1c0013d001aa2f17d04a6d3f3d7a1fa7d5c62792eef856b87c24eb26e
generated: "2026-03-20T20:48:30.830922259Z"

33
clusters/cl01tl/helm/argo-workflows/Chart.yaml Normal file
View File

@@ -0,0 +1,33 @@
apiVersion: v2
name: argo-workflows
version: 1.0.0
description: Argo Workflows
keywords:
- argo-workflows
- argo-events
- workflows
- events
home: https://docs.alexlebens.dev/applications/argo-workflows/
sources:
- https://github.com/argoproj/argo-workflows
- https://github.com/argoproj/argo-events
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-workflows
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-events
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:
- name: argo-workflows
version: 1.0.5
repository: https://argoproj.github.io/argo-helm
- name: argo-events
version: 2.4.21
repository: https://argoproj.github.io/argo-helm
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-workflows
appVersion: v4.0.3

14
clusters/cl01tl/helm/ntfy/templates/external-secret.yaml → clusters/cl01tl/helm/argo-workflows/templates/external-secret.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: ntfy-config-secret name: argo-workflows-oidc-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: ntfy-config-secret app.kubernetes.io/name: argo-workflows-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -12,7 +12,11 @@ spec:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: vault
data: data:
- secretKey: attachment-cache-dir - secretKey: secret
remoteRef: remoteRef:
key: /garage/home-infra/ntfy-attachments key: /authentik/oidc/argo-workflows
property: attachment-cache-dir property: secret
- secretKey: client
remoteRef:
key: /authentik/oidc/argo-workflows
property: client

109
clusters/cl01tl/helm/argo-workflows/values.yaml Normal file
View File

@@ -0,0 +1,109 @@
argo-workflows:
crds:
install: true
keep: true
full: true
upgradeJob:
image:
repository: registry.k8s.io/kubectl
tag: v1.35.3
controller:
metricsConfig:
enabled: true
persistence:
postgresql:
host: argo-workflows-postgresql-18-cluster-rw
port: 5432
database: app
tableName: app
userNameSecret:
name: argo-workflows-postgresql-18-cluster-app
key: username
passwordSecret:
name: argo-workflows-postgresql-18-cluster-app
key: password
ssl: false
sslMode: disable
workflowWorkers: 2
workflowTTLWorkers: 2
podCleanupWorkers: 2
cronWorkflowWorkers: 2
resources:
requests:
cpu: 10m
memory: 32Mi
serviceMonitor:
enabled: true
workflowNamespaces:
- argo-workflows
server:
authModes:
- sso
httproute:
enabled: true
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- argo-workflows.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
sso:
enabled: true
issuer: https://authentik.alexlebens.net/application/o/argo-workflows/
clientId:
name: argo-workflows-oidc-secret
key: client
clientSecret:
name: argo-workflows-oidc-secret
key: secret
redirectUrl: https://argo-workflows.alexlebens.net/oauth2/callback
rbac:
enabled: false
scopes:
- openid
- email
- profile
argo-events:
crds:
install: true
keep: true
controller:
resources:
requests:
cpu: 10m
memory: 32Mi
metrics:
enabled: true
serviceMonitor:
enabled: true
webhook:
enabled: true
resources:
requests:
cpu: 10m
memory: 32Mi
postgres-18-cluster:
mode: recovery
recovery:
method: objectStore
objectStore:
index: 1
backup:
objectStore:
- name: garage-local
index: 1
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 0 14 * * *"
backupName: garage-local

6
clusters/cl01tl/helm/argocd/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: argo-cd - name: argo-cd
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
version: 9.5.0 version: 9.4.15
digest: sha256:69daada0822f796cd49eeda2d9e39dd5c0c42bb61b6898af68123c8c49f25fa1 digest: sha256:a0eed2e174bb6b13d04653c755a359025b050d479a92180039a1990dd8ee7caa
generated: "2026-04-08T22:05:49.003208408Z" generated: "2026-03-20T01:09:07.547016465Z"

4
clusters/cl01tl/helm/argocd/Chart.yaml
View File

@@ -13,8 +13,8 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: argo-cd - name: argo-cd
version: 9.5.0 version: 9.4.15
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-cd # renovate: datasource=github-releases depName=argoproj/argo-cd
appVersion: v3.3.6 appVersion: v3.3.4

76
clusters/cl01tl/helm/argocd/values.yaml
View File

@@ -34,7 +34,7 @@ argo-cd:
replicas: 1 replicas: 1
resources: resources:
requests: requests:
cpu: 100m cpu: 15m
memory: 1Gi memory: 1Gi
readinessProbe: readinessProbe:
failureThreshold: 3 failureThreshold: 3
@@ -48,36 +48,36 @@ argo-cd:
enabled: true enabled: true
rules: rules:
enabled: true enabled: true
spec: spec:
- alert: ArgoAppMissing - alert: ArgoAppMissing
expr: | expr: |
absent(argocd_app_info) == 1 absent(argocd_app_info) == 1
for: 15m for: 15m
labels: labels:
severity: critical severity: critical
annotations: annotations:
summary: "[Argo CD] No reported applications" summary: "[Argo CD] No reported applications"
description: > description: >
Argo CD has not reported any applications data for the past 15 minutes which Argo CD has not reported any applications data for the past 15 minutes which
means that it must be down or not functioning properly. This needs to be means that it must be down or not functioning properly. This needs to be
resolved for this cloud to continue to maintain state. resolved for this cloud to continue to maintain state.
- alert: ArgoAppNotSynced - alert: ArgoAppNotSynced
expr: | expr: |
argocd_app_info{sync_status!="Synced"} == 1 argocd_app_info{sync_status!="Synced"} == 1
for: 12h for: 12h
labels: labels:
severity: warning severity: warning
annotations: annotations:
summary: "[{{`{{$labels.name}}`}}] Application not synchronized" summary: "[{{`{{$labels.name}}`}}] Application not synchronized"
description: > description: >
The application [{{`{{$labels.name}}`}} has not been synchronized for over The application [{{`{{$labels.name}}`}} has not been synchronized for over
12 hours which means that the state of this cloud has drifted away from the 12 hours which means that the state of this cloud has drifted away from the
state inside Git. state inside Git.
dex: dex:
enabled: true enabled: true
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 64Mi memory: 64Mi
metrics: metrics:
enabled: true enabled: true
@@ -91,14 +91,14 @@ argo-cd:
enabled: true enabled: true
image: image:
repository: redis repository: redis
tag: 8.6.2-alpine@sha256:81b6f81d6a6c5b9019231a2e8eb10085e3a139a34f833dcc965a8a959b040b72 tag: 8.6.1-alpine@sha256:315270d166080f537bbdf1b489b603aaaa213cb55a544acfa51feb7481abb1c0
persistentVolume: persistentVolume:
enabled: true enabled: true
redis: redis:
resources: resources:
requests: requests:
cpu: 1000m cpu: 1000m
memory: 50Mi memory: 64Mi
haproxy: haproxy:
enabled: true enabled: true
image: image:
@@ -106,8 +106,8 @@ argo-cd:
tag: 3.3.6-alpine@sha256:744be2dca649a44d490a4c565d36968d19482dd387f1bdd44c168f4322bc6b1e tag: 3.3.6-alpine@sha256:744be2dca649a44d490a4c565d36968d19482dd387f1bdd44c168f4322bc6b1e
resources: resources:
requests: requests:
cpu: 5m cpu: 10m
memory: 90Mi memory: 128Mi
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
@@ -138,8 +138,8 @@ argo-cd:
replicas: 2 replicas: 2
resources: resources:
requests: requests:
cpu: 20m cpu: 10m
memory: 80Mi memory: 64Mi
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
@@ -157,8 +157,8 @@ argo-cd:
replicas: 2 replicas: 2
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 50Mi memory: 64Mi
readinessProbe: readinessProbe:
enabled: true enabled: true
failureThreshold: 3 failureThreshold: 3
@@ -182,7 +182,7 @@ argo-cd:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 50Mi memory: 64Mi
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
@@ -218,8 +218,8 @@ argo-cd:
value: Bearer $ntfy-token value: Bearer $ntfy-token
resources: resources:
requests: requests:
cpu: 2m cpu: 10m
memory: 50Mi memory: 64Mi
livenessProbe: livenessProbe:
enabled: true enabled: true
readinessProbe: readinessProbe:

6
clusters/cl01tl/helm/audiobookshelf/values.yaml
View File

@@ -18,12 +18,12 @@ audiobookshelf:
value: America/Chicago value: America/Chicago
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 200Mi memory: 200Mi
apprise-api: apprise-api:
image: image:
repository: ghcr.io/caronc/apprise repository: ghcr.io/caronc/apprise
tag: v1.3.3@sha256:4bfeac268ba87b8e08e308c9aa0182fe99e9501ec464027afc333d1634e65977 tag: v1.3.2@sha256:1aafc2118b6eae5d70d17831d9a8a52adee7104fd6f2bb018e6421664699c903
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago
@@ -49,9 +49,11 @@ audiobookshelf:
http: http:
port: 80 port: 80
targetPort: 80 targetPort: 80
protocol: HTTP
apprise: apprise:
port: 8000 port: 8000
targetPort: 8000 targetPort: 8000
protocol: HTTP
serviceMonitor: serviceMonitor:
main: main:
selector: selector:

10
clusters/cl01tl/helm/authentik/Chart.lock
View File

@@ -1,15 +1,15 @@
dependencies: dependencies:
- name: authentik - name: authentik
repository: https://charts.goauthentik.io/ repository: https://charts.goauthentik.io/
version: 2026.2.2 version: 2026.2.1
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.4.0
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2 version: 7.10.0
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0 version: 0.4.0
digest: sha256:86950b83ac8a4da2a89bb826616857fd5eca017c813d8def0eb905025a6e7687 digest: sha256:8c353c5dad4c3d04d518c1445497f0d1cb64261a4201ae17a2c0874454b807a7
generated: "2026-04-08T02:23:25.175388081Z" generated: "2026-03-15T20:04:35.99407071Z"

8
clusters/cl01tl/helm/authentik/Chart.yaml
View File

@@ -10,6 +10,8 @@ keywords:
home: https://docs.alexlebens.dev/applications/authentik/ home: https://docs.alexlebens.dev/applications/authentik/
sources: sources:
- https://github.com/goauthentik/authentik - https://github.com/goauthentik/authentik
- https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/goauthentik/helm - https://github.com/goauthentik/helm
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
@@ -18,18 +20,18 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: authentik - name: authentik
version: 2026.2.2 version: 2026.2.1
repository: https://charts.goauthentik.io/ repository: https://charts.goauthentik.io/
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.4.0
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.11.2 version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey alias: valkey
version: 0.5.0 version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png
# renovate: datasource=github-releases depName=goauthentik/authentik # renovate: datasource=github-releases depName=goauthentik/authentik

10
clusters/cl01tl/helm/authentik/values.yaml
View File

@@ -33,7 +33,7 @@ authentik:
replicas: 2 replicas: 2
resources: resources:
requests: requests:
cpu: 20m cpu: 100m
memory: 700Mi memory: 700Mi
livenessProbe: livenessProbe:
failureThreshold: 3 failureThreshold: 3
@@ -66,8 +66,8 @@ authentik:
replicas: 2 replicas: 2
resources: resources:
requests: requests:
cpu: 80m cpu: 100m
memory: 650Mi memory: 512Mi
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
@@ -77,10 +77,6 @@ authentik:
enabled: true enabled: true
postgres-18-cluster: postgres-18-cluster:
mode: recovery mode: recovery
cluster:
resources:
requests:
memory: 150Mi
recovery: recovery:
method: objectStore method: objectStore
objectStore: objectStore:

19
clusters/cl01tl/helm/backrest/values.yaml
View File

@@ -9,6 +9,7 @@ backrest:
image: image:
repository: ghcr.io/garethgeorge/backrest repository: ghcr.io/garethgeorge/backrest
tag: v1.12.1@sha256:f4d34bd6fa985d13bdb6c01c5d8727e07708899afa9567d800808357d77b9fb0 tag: v1.12.1@sha256:f4d34bd6fa985d13bdb6c01c5d8727e07708899afa9567d800808357d77b9fb0
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago
@@ -22,8 +23,8 @@ backrest:
value: /tmp value: /tmp
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 30Mi memory: 80Mi
service: service:
main: main:
controller: main controller: main
@@ -31,19 +32,7 @@ backrest:
http: http:
port: 80 port: 80
targetPort: 9898 targetPort: 9898
serviceMonitor: protocol: TCP
main:
selector:
matchLabels:
app.kubernetes.io/name: backrest
app.kubernetes.io/instance: backrest
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: http
scheme: http
path: /metrics
interval: 300s
scrapeTimeout: 15s
route: route:
main: main:
kind: HTTPRoute kind: HTTPRoute

9
clusters/cl01tl/helm/bazarr/Chart.yaml
View File

@@ -4,15 +4,14 @@ version: 1.0.0
description: Bazarr description: Bazarr
keywords: keywords:
- bazarr - bazarr
- subtitles
- servarr - servarr
home: https://docs.alexlebens.dev/applications/bazarr/ - subtitles
home: https://wiki.alexlebens.dev/s/
sources: sources:
- https://github.com/morpheus65535/bazarr - https://github.com/morpheus65535/bazarr
- https://github.com/linuxserver/docker-bazarr - https://github.com/linuxserver/docker-bazarr
- https://github.com/linuxserver/docker-bazarr/pkgs/container/bazarr - https://github.com/linuxserver/docker-bazarr/pkgs/container/bazarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -25,5 +24,5 @@ dependencies:
version: 0.8.0 version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/bazarr.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/bazarr.png
# renovate: datasource=github-releases depName=linuxserver/docker-bazarr # renovate: datasource=github-releases depName=morpheus65535/bazarr
appVersion: v1.5.6-ls342 appVersion: 1.5.6

19
clusters/cl01tl/helm/bazarr/values.yaml
View File

@@ -4,6 +4,7 @@ bazarr:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
pod: pod:
securityContext: securityContext:
runAsUser: 1000 runAsUser: 1000
@@ -14,20 +15,19 @@ bazarr:
main: main:
image: image:
repository: ghcr.io/linuxserver/bazarr repository: ghcr.io/linuxserver/bazarr
tag: v1.5.6-ls342@sha256:9a631194c0dee21c85b5bff59e23610e1ae2f54594e922973949d271102e585e tag: 1.5.6@sha256:05f9d5b24884f37120453dc1a008a47be244eebec32099ae1bd29032e75b67aa
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: America/Chicago value: US/Central
- name: PUID - name: PUID
value: 1000 value: 1000
- name: PGID - name: PGID
value: 1000 value: 1000
resources: resources:
limits:
cpu: 100m
requests: requests:
cpu: 1m cpu: 10m
memory: 250Mi memory: 256Mi
service: service:
main: main:
controller: main controller: main
@@ -35,6 +35,7 @@ bazarr:
http: http:
port: 80 port: 80
targetPort: 6767 targetPort: 6767
protocol: HTTP
route: route:
main: main:
kind: HTTPRoute kind: HTTPRoute
@@ -47,8 +48,11 @@ bazarr:
- bazarr.alexlebens.net - bazarr.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: bazarr - group: ''
kind: Service
name: bazarr
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -59,6 +63,7 @@ bazarr:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 5Gi size: 5Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:

6
clusters/cl01tl/helm/blocky/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0 version: 0.4.0
digest: sha256:49b0e666059bad492ebaa4a20119ce5bbd1959a1ee6b22b271a9ca9529122697 digest: sha256:a5b0099261d772b24a302a106d106cfa82ac07fa14564141e00cf107d708e859
generated: "2026-03-31T18:37:20.549898-05:00" generated: "2026-03-09T23:06:16.853255429Z"

7
clusters/cl01tl/helm/blocky/Chart.yaml
View File

@@ -5,12 +5,11 @@ description: Blocky
keywords: keywords:
- blocky - blocky
- dns - dns
home: https://docs.alexlebens.dev/applications/blocky/ home: https://wiki.alexlebens.dev/s/cf70113d-20bc-48ad-afb8-1e22ed3fd62a
sources: sources:
- https://github.com/0xERR0R/blocky - https://github.com/0xERR0R/blocky
- https://github.com/0xERR0R/blocky/pkgs/container/blocky - https://hub.docker.com/r/spx01/blocky
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -20,7 +19,7 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: valkey - name: valkey
alias: valkey alias: valkey
version: 0.5.0 version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/blocky.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/blocky.png
# renovate: datasource=github-releases depName=0xerr0r/blocky # renovate: datasource=github-releases depName=0xerr0r/blocky

16
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -4,18 +4,20 @@ blocky:
type: deployment type: deployment
replicas: 3 replicas: 3
strategy: RollingUpdate strategy: RollingUpdate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: ghcr.io/0xerr0r/blocky repository: ghcr.io/0xerr0r/blocky
tag: v0.29.0@sha256:a6d99f323d3036a99a3767a52ad612f4d8f3f31167492bfc14d4ea57b24cdfd0 tag: v0.29.0@sha256:a6d99f323d3036a99a3767a52ad612f4d8f3f31167492bfc14d4ea57b24cdfd0
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: America/Chicago value: US/Central
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 100Mi memory: 128Mi
configMaps: configMaps:
config: config:
enabled: true enabled: true
@@ -102,12 +104,15 @@ blocky:
;; Application Names ;; Application Names
actual IN CNAME traefik-cl01tl actual IN CNAME traefik-cl01tl
alertmanager IN CNAME traefik-cl01tl alertmanager IN CNAME traefik-cl01tl
argo-workflows IN CNAME traefik-cl01tl
argocd IN CNAME traefik-cl01tl argocd IN CNAME traefik-cl01tl
audiobookshelf IN CNAME traefik-cl01tl audiobookshelf IN CNAME traefik-cl01tl
authentik IN CNAME traefik-cl01tl authentik IN CNAME traefik-cl01tl
backrest IN CNAME traefik-cl01tl backrest IN CNAME traefik-cl01tl
bazarr IN CNAME traefik-cl01tl bazarr IN CNAME traefik-cl01tl
booklore IN CNAME traefik-cl01tl
ceph IN CNAME traefik-cl01tl ceph IN CNAME traefik-cl01tl
code-server IN CNAME traefik-cl01tl
dawarich IN CNAME traefik-cl01tl dawarich IN CNAME traefik-cl01tl
directus IN CNAME traefik-cl01tl directus IN CNAME traefik-cl01tl
excalidraw IN CNAME traefik-cl01tl excalidraw IN CNAME traefik-cl01tl
@@ -131,21 +136,20 @@ blocky:
jellystat IN CNAME traefik-cl01tl jellystat IN CNAME traefik-cl01tl
kiwix IN CNAME traefik-cl01tl kiwix IN CNAME traefik-cl01tl
komodo IN CNAME traefik-cl01tl komodo IN CNAME traefik-cl01tl
kyoo IN CNAME traefik-cl01tl
languagetool IN CNAME traefik-cl01tl languagetool IN CNAME traefik-cl01tl
lidarr IN CNAME traefik-cl01tl lidarr IN CNAME traefik-cl01tl
mail IN CNAME traefik-cl01tl mail IN CNAME traefik-cl01tl
medialyze IN CNAME traefik-cl01tl medialyze IN CNAME traefik-cl01tl
movie-roulette IN CNAME traefik-cl01tl
music-grabber IN CNAME traefik-cl01tl music-grabber IN CNAME traefik-cl01tl
navidrome IN CNAME traefik-cl01tl navidrome IN CNAME traefik-cl01tl
ntfy IN CNAME traefik-cl01tl ntfy IN CNAME traefik-cl01tl
objects IN CNAME traefik-cl01tl objects IN CNAME traefik-cl01tl
ollama IN CNAME traefik-cl01tl ollama IN CNAME traefik-cl01tl
omni-tools IN CNAME traefik-cl01tl omni-tools IN CNAME traefik-cl01tl
paperless-ngx IN CNAME traefik-cl01tl photoview IN CNAME traefik-cl01tl
plex IN CNAME traefik-cl01tl plex IN CNAME traefik-cl01tl
postiz-spotlight IN CNAME traefik-cl01tl postiz IN CNAME traefik-cl01tl
postiz-temporal IN CNAME traefik-cl01tl
prometheus IN CNAME traefik-cl01tl prometheus IN CNAME traefik-cl01tl
prowlarr IN CNAME traefik-cl01tl prowlarr IN CNAME traefik-cl01tl
qbittorrent IN CNAME traefik-cl01tl qbittorrent IN CNAME traefik-cl01tl

15
clusters/cl01tl/helm/booklore/Chart.lock Normal file
View File

@@ -0,0 +1,15 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: mariadb-cluster
repository: https://helm.mariadb.com/mariadb-operator
version: 26.3.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:e65fa008c652092da5431e9780eb2a87c944298a12e58e432efad61c9e826da5
generated: "2026-03-14T23:57:22.721295098Z"

36
clusters/cl01tl/helm/booklore/Chart.yaml Normal file
View File

@@ -0,0 +1,36 @@
apiVersion: v2
name: booklore
version: 1.0.0
description: booklore
keywords:
- booklore
- grimmory
- books
home: https://wiki.alexlebens.dev/
sources:
- https://github.com/booklore-app/BookLore
- https://github.com/grimmory-tools/grimmory
- https://github.com/booklore-app/booklore/pkgs/container/booklore
- https://github.com/grimmory-tools/grimmory/pkgs/container/grimmory
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: booklore
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: mariadb-cluster
version: 26.3.0
repository: https://helm.mariadb.com/mariadb-operator
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/booklore.png
# renovate: datasource=github-releases depName=grimmory-tools/grimmory
appVersion: v2.3.0

104
clusters/cl01tl/helm/booklore/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,104 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: booklore-database-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-database-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/booklore/database
metadataPolicy: None
property: password
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: booklore-data-replication-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-data-replication-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: psk.txt
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/booklore/replication
metadataPolicy: None
property: psk.txt
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: booklore-mariadb-cluster-backup-secret-external
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-mariadb-cluster-backup-secret-external
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: access
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/mariadb-backups
metadataPolicy: None
property: access
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/mariadb-backups
metadataPolicy: None
property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: booklore-mariadb-cluster-backup-secret-garage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-mariadb-cluster-backup-secret-garage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: access
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/mariadb-backups
metadataPolicy: None
property: access
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/mariadb-backups
metadataPolicy: None
property: secret

13
clusters/cl01tl/helm/booklore/templates/namespace.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v1
kind: Namespace
metadata:
name: booklore
annotations:
volsync.backube/privileged-movers: "true"
labels:
app.kubernetes.io/name: booklore
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

36
clusters/cl01tl/helm/booklore/templates/persistent-volume-claim.yaml Normal file
View File

@@ -0,0 +1,36 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: booklore-books-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-books-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: booklore-books-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: booklore-books-import-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-books-import-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: booklore-books-import-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

48
clusters/cl01tl/helm/booklore/templates/persistent-volume.yaml Normal file
View File

@@ -0,0 +1,48 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: booklore-books-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-books-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Books
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: booklore-books-import-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-books-import-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Books Import
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

249
clusters/cl01tl/helm/booklore/values.yaml Normal file
View File

@@ -0,0 +1,249 @@
booklore:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/grimmory-tools/grimmory
tag: v2.3.0
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
- name: USER_ID
value: 1000
- name: GROUP_ID
value: 1000
- name: DATABASE_URL
value: jdbc:mariadb://booklore-mariadb-cluster-primary.booklore:3306/booklore
- name: DATABASE_USERNAME
value: booklore
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: booklore-database-secret
key: password
- name: BOOKLORE_PORT
value: 6060
- name: SWAGGER_ENABLED
value: false
resources:
requests:
cpu: 50m
memory: 128Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 6060
protocol: HTTP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- booklore.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: booklore
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence:
config:
forceRename: booklore-config
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
main:
main:
- path: /app/data
readOnly: false
data:
forceRename: booklore-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: true
advancedMounts:
main:
main:
- path: /data
readOnly: false
books-import:
type: emptyDir
advancedMounts:
main:
main:
- path: /bookdrop
readOnly: false
ingest:
existingClaim: booklore-books-import-nfs-storage
advancedMounts:
main:
main:
- path: /bookdrop/ingest
readOnly: false
mariadb-cluster:
mariadb:
rootPasswordSecretKeyRef:
generate: false
name: booklore-database-secret
key: password
storage:
size: 5Gi
replicas: 3
galera:
enabled: true
bootstrapFrom:
s3:
bucket: mariadb-backups-b230a2f5aecf080a4b372c08
prefix: cl01tl/booklore
endpoint: nyc3.digitaloceanspaces.com
region: us-east-1
accessKeyIdSecretKeyRef:
name: booklore-mariadb-cluster-backup-secret-external
key: access
secretAccessKeySecretKeyRef:
name: booklore-mariadb-cluster-backup-secret-external
key: secret
tls:
enabled: true
backupContentType: Physical
databases:
- name: booklore
characterSet: utf8
collate: utf8_general_ci
cleanupPolicy: Delete
requeueInterval: 10h
users:
- name: booklore
passwordSecretKeyRef:
name: booklore-database-secret
key: password
host: '%'
cleanupPolicy: Delete
requeueInterval: 10h
retryInterval: 30s
grants:
- name: booklore
privileges:
- "ALL PRIVILEGES"
database: "booklore"
table: "*"
username: booklore
grantOption: true
host: '%'
cleanupPolicy: Delete
requeueInterval: 10h
retryInterval: 30s
physicalBackups:
- name: backup-external
schedule:
cron: "0 0 * * 0"
suspend: false
immediate: true
compression: gzip
maxRetention: 2160h
successfulJobsHistoryLimit: 1
storage:
s3:
bucket: mariadb-backups-b230a2f5aecf080a4b372c08
prefix: cl01tl/booklore
endpoint: nyc3.digitaloceanspaces.com
region: us-east-1
accessKeyIdSecretKeyRef:
name: booklore-mariadb-cluster-backup-secret-external
key: access
secretAccessKeySecretKeyRef:
name: booklore-mariadb-cluster-backup-secret-external
key: secret
tls:
enabled: true
- name: backup-remote
schedule:
cron: "0 0 * * 0"
suspend: false
immediate: true
compression: gzip
maxRetention: 2160h
successfulJobsHistoryLimit: 1
storage:
s3:
bucket: mariadb-backups
prefix: cl01tl/booklore
endpoint: garage-ps10rp.boreal-beaufort.ts.net:3900
region: us-east-1
accessKeyIdSecretKeyRef:
name: booklore-mariadb-cluster-backup-secret-garage
key: access
secretAccessKeySecretKeyRef:
name: booklore-mariadb-cluster-backup-secret-garage
key: secret
tls:
enabled: true
- name: backup-garage
schedule:
cron: "0 0 * * *"
suspend: false
immediate: true
compression: gzip
maxRetention: 360h
successfulJobsHistoryLimit: 1
storage:
s3:
bucket: mariadb-backups
prefix: cl01tl/booklore
endpoint: garage-main.garage:3900
region: us-east-1
accessKeyIdSecretKeyRef:
name: booklore-mariadb-cluster-backup-secret-garage
key: access
secretAccessKeySecretKeyRef:
name: booklore-mariadb-cluster-backup-secret-garage
key: secret
volsync-target-config:
pvcTarget: booklore-config
local:
enabled: true
schedule: 12 8 * * *
remote:
enabled: true
schedule: 12 9 * * *
external:
enabled: true
schedule: 12 10 * * *
volsync-target-data:
pvcTarget: booklore-data
local:
enabled: true
schedule: 14 8 * * *
restic:
cacheCapacity: 10Gi
remote:
enabled: true
schedule: 14 9 * * *
restic:
cacheCapacity: 10Gi
external:
enabled: true
schedule: 14 10 * * *
restic:
cacheCapacity: 10Gi

6
clusters/cl01tl/helm/cert-manager/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: cert-manager - name: cert-manager
repository: https://charts.jetstack.io repository: https://charts.jetstack.io
version: v1.20.1 version: v1.20.0
digest: sha256:1bf36eba44cf096b40355a697b8cffb302f07f9135374222aabdf686f017b7a9 digest: sha256:1543bd17649cb32982de3cce017fcbed1b44c41d50b76c6471b266f33e261c29
generated: "2026-03-28T01:35:24.542754563Z" generated: "2026-03-10T16:06:49.332999536Z"

9
clusters/cl01tl/helm/cert-manager/Chart.yaml
View File

@@ -5,7 +5,8 @@ description: Cert Manager
keywords: keywords:
- cert-manager - cert-manager
- certificates - certificates
home: https://docs.alexlebens.dev/applications/cert-manager/ - kubernetes
home: https://wiki.alexlebens.dev/s/368fe718-eedb-40e0-a5a7-fad03cdc6b09
sources: sources:
- https://github.com/cert-manager/cert-manager - https://github.com/cert-manager/cert-manager
- https://github.com/cert-manager/cert-manager/tree/master/deploy/charts/cert-manager - https://github.com/cert-manager/cert-manager/tree/master/deploy/charts/cert-manager
@@ -13,8 +14,8 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: cert-manager - name: cert-manager
version: v1.20.1 version: v1.20.0
repository: https://charts.jetstack.io repository: https://charts.jetstack.io
icon: https://raw.githubusercontent.com/cert-manager/cert-manager/refs/heads/master/logo/logo.png icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/cert-manager.png
# renovate: datasource=github-releases depName=cert-manager/cert-manager # renovate: datasource=github-releases depName=cert-manager/cert-manager
appVersion: v1.20.1 appVersion: v1.20.0

5
clusters/cl01tl/helm/cert-manager/templates/cluster-issuer.yaml
View File

@@ -2,11 +2,6 @@ apiVersion: cert-manager.io/v1
kind: ClusterIssuer kind: ClusterIssuer
metadata: metadata:
name: letsencrypt-issuer name: letsencrypt-issuer
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: letsencrypt-issuer
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
acme: acme:
email: alexanderlebens@gmail.com email: alexanderlebens@gmail.com

3
clusters/cl01tl/helm/cert-manager/templates/external-secret.yaml
View File

@@ -14,5 +14,8 @@ spec:
data: data:
- secretKey: api-token - secretKey: api-token
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/alexlebens.net/clusterissuer key: /cloudflare/alexlebens.net/clusterissuer
metadataPolicy: None
property: token property: token

8
clusters/cl01tl/helm/cert-manager/values.yaml
View File

@@ -3,16 +3,10 @@ cert-manager:
enabled: true enabled: true
keep: true keep: true
replicaCount: 2 replicaCount: 2
podDisruptionBudget:
enabled: true
minAvailable: 1
extraArgs: extraArgs:
- --enable-gateway-api - --enable-gateway-api
resources:
requests:
cpu: 10m
memory: 64Mi
prometheus: prometheus:
enabled: true
servicemonitor: servicemonitor:
enabled: true enabled: true
honorLabels: true honorLabels: true

9
clusters/cl01tl/helm/cilium/Chart.yaml
View File

@@ -4,12 +4,13 @@ version: 1.0.0
description: Cilium description: Cilium
keywords: keywords:
- cilium - cilium
- operator - cni
- network - network
home: https://docs.alexlebens.dev/applications/cilium/ - kubernetes
home: https://wiki.alexlebens.dev/s/9e6f5b17-e186-4af0-81cd-af647b162d3d
sources: sources:
- https://github.com/cilium/cilium - https://github.com/cilium/cilium
- https://github.com/cilium/cilium/tree/main/install/kubernetes/cilium - https://github.com/cilium/charts
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -18,4 +19,4 @@ dependencies:
repository: https://helm.cilium.io/ repository: https://helm.cilium.io/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/cilium.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/cilium.png
# renovate: datasource=github-releases depName=cilium/cilium # renovate: datasource=github-releases depName=cilium/cilium
appVersion: 1.18.6 appVersion: 1.19.1

28
clusters/cl01tl/helm/cilium/values.yaml
View File

@@ -25,24 +25,36 @@ cilium:
- NET_ADMIN - NET_ADMIN
- SYS_ADMIN - SYS_ADMIN
- SYS_RESOURCE - SYS_RESOURCE
l2announcements:
enabled: false
bgpControlPlane: bgpControlPlane:
enabled: false enabled: false
secretsNamespace:
name: kube-system
statusReport:
enabled: true
routerIDAllocation:
mode: "default"
bpf: bpf:
hostLegacyRouting: true hostLegacyRouting: true
devices: end0 enp6s0 devices: end0 enp6s0
ciliumEndpointSlice: ciliumEndpointSlice:
enabled: true enabled: true
ingressController:
enabled: false
gatewayAPI: gatewayAPI:
enabled: true enabled: true
enableAppProtocol: true
enableAlpn: true enableAlpn: true
secretsNamespace: enableAppProtocol: true
create: false gatewayClass:
name: kube-system create: auto
externalIPs:
enabled: true
socketLB: socketLB:
enabled: true enabled: true
hostNamespaceOnly: true hostNamespaceOnly: true
hubble: hubble:
enabled: true
metrics: metrics:
serviceMonitor: serviceMonitor:
enabled: true enabled: true
@@ -56,6 +68,8 @@ cilium:
enabled: true enabled: true
ui: ui:
enabled: true enabled: true
ingress:
enabled: false
ipam: ipam:
mode: "kubernetes" mode: "kubernetes"
ipv4: ipv4:
@@ -63,11 +77,12 @@ cilium:
ipv6: ipv6:
enabled: false enabled: false
kubeProxyReplacement: true kubeProxyReplacement: true
l7Proxy: true
prometheus: prometheus:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
enabled: true
trustCRDsExist: true trustCRDsExist: true
enabled: true
envoy: envoy:
enabled: true enabled: true
securityContext: securityContext:
@@ -79,11 +94,14 @@ cilium:
- PERFMON - PERFMON
- BPF - BPF
prometheus: prometheus:
enabled: true
serviceMonitor: serviceMonitor:
enabled: true enabled: true
operator: operator:
enabled: true
rollOutPods: true rollOutPods: true
prometheus: prometheus:
enabled: true
serviceMonitor: serviceMonitor:
enabled: true enabled: true
cgroup: cgroup:

6
clusters/cl01tl/helm/cloudnative-pg/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies: dependencies:
- name: cloudnative-pg - name: cloudnative-pg
repository: https://cloudnative-pg.io/charts/ repository: https://cloudnative-pg.io/charts/
version: 0.28.0 version: 0.27.1
- name: plugin-barman-cloud - name: plugin-barman-cloud
repository: https://cloudnative-pg.io/charts/ repository: https://cloudnative-pg.io/charts/
version: 0.5.0 version: 0.5.0
digest: sha256:3e9b26d00fdb61af60f003bcb327e05d02799eb6088e30aaabd01c49c6021aac digest: sha256:e7089ffd089cae87529e28f0e71302b9fc4a869b389cbb6628f1c559644a3a10
generated: "2026-04-01T20:05:40.198140255Z" generated: "2026-02-05T19:36:19.473447121Z"

11
clusters/cl01tl/helm/cloudnative-pg/Chart.yaml
View File

@@ -6,22 +6,21 @@ keywords:
- cloudnative-pg - cloudnative-pg
- operator - operator
- postgresql - postgresql
home: https://docs.alexlebens.dev/applications/cloudnative-pg/ - kubernetes
home: https://wiki.alexlebens.dev/s/9fb10833-0278-4e64-a34c-d348d833839f
sources: sources:
- https://github.com/cloudnative-pg/cloudnative-pg - https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/cloudnative-pg/plugin-barman-cloud
- https://github.com/cloudnative-pg/postgres-containers/pkgs/container/postgresql
- https://github.com/cloudnative-pg/charts/tree/main/charts/cloudnative-pg - https://github.com/cloudnative-pg/charts/tree/main/charts/cloudnative-pg
- https://github.com/cloudnative-pg/charts/tree/main/charts/plugin-barman-cloud - https://github.com/cloudnative-pg/charts/tree/main/charts/plugin-barman-cloud
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: cloudnative-pg - name: cloudnative-pg
version: 0.28.0 version: 0.27.1
repository: https://cloudnative-pg.io/charts/ repository: https://cloudnative-pg.io/charts/
- name: plugin-barman-cloud - name: plugin-barman-cloud
version: 0.5.0 version: 0.5.0
repository: https://cloudnative-pg.io/charts/ repository: https://cloudnative-pg.io/charts/
icon: https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg.github.io/refs/heads/main/assets/images/hero_image.png icon: https://avatars.githubusercontent.com/u/100373852?s=200&v=4
# renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg # renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg
appVersion: 1.29.0 appVersion: 1.28.1

16
clusters/cl01tl/helm/cloudnative-pg/values.yaml
View File

@@ -1,16 +1,16 @@
cloudnative-pg: cloudnative-pg:
replicaCount: 2 replicaCount: 2
resources:
requests:
cpu: 10m
memory: 100Mi
monitoring: monitoring:
podMonitorEnabled: true podMonitorEnabled: true
plugin-barman-cloud: plugin-barman-cloud:
replicaCount: 1 replicaCount: 1
image:
registry: ghcr.io
repository: cloudnative-pg/plugin-barman-cloud
tag: v0.11.0
sidecarImage:
registry: ghcr.io
repository: cloudnative-pg/plugin-barman-cloud-sidecar
tag: v0.11.0
crds: crds:
create: true create: true
resources:
requests:
cpu: 1m
memory: 20Mi

12
clusters/cl01tl/helm/code-server/Chart.lock Normal file
View File

@@ -0,0 +1,12 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:dee0f52096efc543f4db3a5dc2732fd37ae9b7950b264e399a6e74c2f3e7cee6
generated: "2026-03-09T22:04:00.58415637Z"

32
clusters/cl01tl/helm/code-server/Chart.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: v2
name: code-server
version: 1.0.0
description: Code Server
keywords:
- code-server
- code
- ide
home: https://wiki.alexlebens.dev/s/233f96bb-db70-47e4-8b22-a8efcbb0f93d
sources:
- https://github.com/coder/code-server
- https://github.com/cloudflare/cloudflared
- https://hub.docker.com/r/linuxserver/code-server
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: code-server
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png
# renovate: datasource=github-releases depName=linuxserver/docker-code-server
appVersion: 4.108.1

28
clusters/cl01tl/helm/code-server/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: codeserver-password-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: codeserver-password-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/code-server/auth
metadataPolicy: None
property: PASSWORD
- secretKey: SUDO_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/code-server/auth
metadataPolicy: None
property: SUDO_PASSWORD

86
clusters/cl01tl/helm/code-server/values.yaml Normal file
View File

@@ -0,0 +1,86 @@
code-server:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/linuxserver/code-server
tag: 4.112.0@sha256:4bb5b8ad22268001687c047f0f04933799fb03df1eb0e1e266ba15ed2d9f4e8b
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
- name: PUID
value: 1000
- name: PGID
value: 1000
- name: DEFAULT_WORKSPACE
value: /config
envFrom:
- secretRef:
name: codeserver-password-secret
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
ports:
http:
port: 8443
targetPort: 8443
protocol: HTTP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- code-server.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: code-server
port: 8443
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence:
config:
forceRename: code-server-config
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 2Gi
retain: true
advancedMounts:
main:
main:
- path: /config
readOnly: false
volsync-target-config:
pvcTarget: code-server-config
moverSecurityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
schedule: 16 8 * * *
remote:
enabled: true
schedule: 16 9 * * *
external:
enabled: true
schedule: 16 10 * * *

6
clusters/cl01tl/helm/coredns/Chart.yaml
View File

@@ -5,7 +5,9 @@ description: CoreDNS
keywords: keywords:
- coredns - coredns
- dns - dns
home: https://docs.alexlebens.dev/applications/coredns/ - network
- kubernetes
home: https://wiki.alexlebens.dev/s/
sources: sources:
- https://github.com/coredns/coredns - https://github.com/coredns/coredns
- https://github.com/coredns/helm - https://github.com/coredns/helm
@@ -15,6 +17,6 @@ dependencies:
- name: coredns - name: coredns
version: 1.45.2 version: 1.45.2
repository: https://coredns.github.io/helm repository: https://coredns.github.io/helm
icon: https://raw.githubusercontent.com/coredns/coredns.io/refs/heads/master/static/images/favicon.png icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/coredns.png
# renovate: datasource=github-releases depName=coredns/coredns # renovate: datasource=github-releases depName=coredns/coredns
appVersion: v1.14.2 appVersion: v1.14.2

34
clusters/cl01tl/helm/coredns/values.yaml
View File

@@ -1,18 +1,23 @@
coredns: coredns:
image: image:
repository: registry.k8s.io/coredns/coredns repository: registry.k8s.io/coredns/coredns
tag: v1.14.2@sha256:e7e6440cfd1e919280958f5b5a6ab2b184d385bba774c12ad2a9e1e4183f90d9 tag: v1.14.2
replicaCount: 3 replicaCount: 3
resources: resources:
limits:
cpu: null
memory: null
requests: requests:
cpu: 30m cpu: 50m
memory: 30Mi memory: 128Mi
rollingUpdate:
maxUnavailable: 1
maxSurge: 25%
terminationGracePeriodSeconds: 30
serviceType: "ClusterIP"
prometheus: prometheus:
service: service:
enabled: true enabled: true
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9153"
monitor: monitor:
enabled: true enabled: true
namespace: kube-system namespace: kube-system
@@ -24,7 +29,18 @@ coredns:
serviceAccount: serviceAccount:
create: true create: true
name: coredns name: coredns
rbac:
create: true
isClusterService: true
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
servers: servers:
- zones: - zones:
- zone: . - zone: .
@@ -61,8 +77,6 @@ coredns:
- name: errors - name: errors
- name: cache - name: cache
parameters: 30 parameters: 30
- name: prometheus
parameters: :9153
- name: forward - name: forward
parameters: . 10.111.232.172 parameters: . 10.111.232.172
- zones: - zones:
@@ -74,8 +88,6 @@ coredns:
- name: errors - name: errors
- name: cache - name: cache
parameters: 30 parameters: 30
- name: prometheus
parameters: :9153
- name: forward - name: forward
parameters: . 10.97.20.219 parameters: . 10.97.20.219
nodeSelector: nodeSelector:
@@ -88,4 +100,6 @@ coredns:
operator: Exists operator: Exists
effect: NoSchedule effect: NoSchedule
deployment: deployment:
skipConfig: false
enabled: true
name: coredns name: coredns

8
clusters/cl01tl/helm/dawarich/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2 version: 7.10.0
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0 version: 0.4.0
digest: sha256:b070640b7006e3ad528193ca784cfbca602994c87afbef4ef4b40a05229cab10 digest: sha256:7584c2a1613454bbd83b66df46170fd0157df5186842844d483e2dd131398574
generated: "2026-04-04T21:01:27.376484-05:00" generated: "2026-03-15T20:04:49.68456485Z"

11
clusters/cl01tl/helm/dawarich/Chart.yaml
View File

@@ -5,13 +5,10 @@ description: Dawarich
keywords: keywords:
- dawarich - dawarich
- location - location
home: https://docs.alexlebens.dev/applications/dawarich/ home: https://wiki.alexlebens.dev/s/
sources: sources:
- https://github.com/Freika/dawarich - https://github.com/Freika/dawarich
- https://hub.docker.com/r/freikin/dawarich
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -21,12 +18,12 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.11.2 version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey alias: valkey
version: 0.5.0 version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png
# renovate: datasource=github-releases depName=Freika/dawarich # renovate: datasource=github-releases depName=Freika/dawarich
appVersion: 1.6.1 appVersion: 1.4.0

9
clusters/cl01tl/helm/dawarich/templates/external-secret.yaml
View File

@@ -14,7 +14,10 @@ spec:
data: data:
- secretKey: key - secretKey: key
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/dawarich/key key: /cl01tl/dawarich/key
metadataPolicy: None
property: key property: key
--- ---
@@ -34,9 +37,15 @@ spec:
data: data:
- secretKey: client - secretKey: client
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/dawarich key: /authentik/oidc/dawarich
metadataPolicy: None
property: client property: client
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/dawarich key: /authentik/oidc/dawarich
metadataPolicy: None
property: secret property: secret

77
clusters/cl01tl/helm/dawarich/values.yaml
View File

@@ -4,20 +4,15 @@ dawarich:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: freikin/dawarich repository: freikin/dawarich
tag: 1.6.1@sha256:a884f69f19ce0f66992f3872d24544d1e587e133b8a003e072711aafc1e02429 tag: 1.4.0
command: pullPolicy: IfNotPresent
- "web-entrypoint.sh" command: ["web-entrypoint.sh"]
args: args: ["bin/rails", "server", "-p", "3000", "-b", "::"]
- "bin/rails"
- "server"
- "-p"
- "3000"
- "-b"
- "::"
env: env:
- name: RAILS_ENV - name: RAILS_ENV
value: production value: production
@@ -91,14 +86,14 @@ dawarich:
value: true value: true
probes: probes:
liveness: liveness:
enabled: true enabled: false
custom: true custom: true
spec: spec:
exec: exec:
command: command:
- /bin/sh - /bin/sh
- -c - -c
- "wget -qO - http://127.0.0.1:3000/api/v1/health | grep -q '\"status\"\\s*:\\s*\"ok\"'" - wget -qO - http://127.0.0.1:3000/api/v1/health | grep -Eq '\"status\"\\s*:\\s*\"ok\"'
failureThreshold: 5 failureThreshold: 5
initialDelaySeconds: 60 initialDelaySeconds: 60
periodSeconds: 10 periodSeconds: 10
@@ -106,16 +101,15 @@ dawarich:
timeoutSeconds: 10 timeoutSeconds: 10
resources: resources:
requests: requests:
cpu: 20m cpu: 10m
memory: 750Mi memory: 128Mi
sidekiq: sidekiq:
image: image:
repository: freikin/dawarich repository: freikin/dawarich
tag: 1.6.1@sha256:a884f69f19ce0f66992f3872d24544d1e587e133b8a003e072711aafc1e02429 tag: 1.4.0
command: pullPolicy: IfNotPresent
- "sidekiq-entrypoint.sh" command: ["sidekiq-entrypoint.sh"]
args: args: ["sidekiq"]
- "sidekiq"
env: env:
- name: RAILS_ENV - name: RAILS_ENV
value: production value: production
@@ -191,19 +185,23 @@ dawarich:
value: true value: true
probes: probes:
liveness: liveness:
enabled: true enabled: false
custom: true custom: true
spec: spec:
exec: exec:
command: command:
- pgrep - /bin/sh
- -f - -c
- sidekiq - pgrep -f sidekiq
failureThreshold: 5 failureThreshold: 5
initialDelaySeconds: 60 initialDelaySeconds: 60
periodSeconds: 10 periodSeconds: 10
successThreshold: 1 successThreshold: 1
timeoutSeconds: 10 timeoutSeconds: 10
resources:
requests:
cpu: 10m
memory: 128Mi
service: service:
main: main:
controller: main controller: main
@@ -211,9 +209,11 @@ dawarich:
http: http:
port: 80 port: 80
targetPort: 3000 targetPort: 3000
protocol: TCP
metrics: metrics:
port: 9394 port: 9394
targetPort: 9394 targetPort: 9394
protocol: TCP
serviceMonitor: serviceMonitor:
main: main:
selector: selector:
@@ -238,8 +238,11 @@ dawarich:
- dawarich.alexlebens.net - dawarich.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: dawarich - group: ""
kind: Service
name: dawarich
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -250,6 +253,7 @@ dawarich:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 5Gi size: 5Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -263,6 +267,7 @@ dawarich:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 5Gi size: 5Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -276,6 +281,7 @@ dawarich:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 1Gi size: 1Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -307,9 +313,32 @@ postgres-18-cluster:
destinationBucket: postgres-backups destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 10 14 * * *" schedule: "0 10 14 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external

3
clusters/cl01tl/helm/democratic-csi-synology-iscsi/Chart.yaml
View File

@@ -5,7 +5,8 @@ description: Democratic CSI
keywords: keywords:
- democratic-csi-synology-iscsi - democratic-csi-synology-iscsi
- iscsi - iscsi
home: https://docs.alexlebens.dev/applications/democratic-csi-synology-iscsi/ - kubernetes
home: https://wiki.alexlebens.dev/s/0cc6ba65-024b-4489-952a-fc0f647fd099
sources: sources:
- https://github.com/democratic-csi/democratic-csi - https://github.com/democratic-csi/democratic-csi
- https://github.com/democratic-csi/charts/tree/master/stable/democratic-csi - https://github.com/democratic-csi/charts/tree/master/stable/democratic-csi

3
clusters/cl01tl/helm/democratic-csi-synology-iscsi/templates/external-secret.yaml
View File

@@ -14,5 +14,8 @@ spec:
data: data:
- secretKey: driver-config-file.yaml - secretKey: driver-config-file.yaml
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/democratic-csi-synology-iscsi/config key: /cl01tl/democratic-csi-synology-iscsi/config
metadataPolicy: None
property: driver-config-file.yaml property: driver-config-file.yaml

32
clusters/cl01tl/helm/democratic-csi-synology-iscsi/values.yaml
View File

@@ -1,35 +1,15 @@
democratic-csi: democratic-csi:
driver: driver:
image:
registry: ghcr.io/democratic-csi/democratic-csi
tag: v1.9.5@@sha256:fc3b7d7ed3a616714139525075312758e23a5d425ffb539ad12c9bd20fb6001f
existingConfigSecret: synology-iscsi-config-secret existingConfigSecret: synology-iscsi-config-secret
config: config:
driver: synology-iscsi driver: synology-iscsi
resources:
requests:
cpu: 1m
memory: 128Mi
csiDriver: csiDriver:
name: "org.democratic-csi.iscsi-synology" name: "org.democratic-csi.iscsi-synology"
controller: controller:
replicaCount: 3 enabled: true
externalAttacher: rbac:
image: enabled: true
registry: registry.k8s.io/sig-storage/csi-attacher replicaCount: 2
tag: v4.11.0@sha256:b74b05b39501565022883fc128002b4cb857a7bb6c858606bcb3fdedba0b0b80
externalProvisioner:
image:
registry: registry.k8s.io/sig-storage/csi-provisioner
tag: v3.6.4@sha256:e7ad666f1d9b0caa077c7f0c157c9f87d1e73858390732496f66dcc716ff10c5
externalResizer:
image:
registry: registry.k8s.io/sig-storage/csi-resizer
tag: v1.9.4@sha256:522911ef68bd2c5c17d90fb2a6d2b2fb72ae790f2c1463a466b4262a07fdbf5a
externalSnapshotter:
image:
registry: registry.k8s.io/sig-storage/csi-snapshotter
tag: v8.5.0@sha256:da081c27e8a6d91f36042c1942362d0515ced8d06e18c11b8f893e58c4d6d797
storageClasses: storageClasses:
- name: synology-iscsi-delete - name: synology-iscsi-delete
defaultClass: false defaultClass: false
@@ -55,7 +35,3 @@ democratic-csi:
value: /usr/local/sbin/iscsiadm value: /usr/local/sbin/iscsiadm
iscsiDirHostPath: /var/iscsi iscsiDirHostPath: /var/iscsi
iscsiDirHostPathType: "" iscsiDirHostPathType: ""
driverRegistrar:
image:
registry: registry.k8s.io/sig-storage/csi-node-driver-registrar
tag: v2.16.0@sha256:ab482308a4921e28a6df09a16ab99a457e9af9641ff44fb1be1a690d07ce8b70

4
clusters/cl01tl/helm/descheduler/Chart.yaml
View File

@@ -5,10 +5,10 @@ description: Descheduler
keywords: keywords:
- descheduler - descheduler
- kube-scheduler - kube-scheduler
home: https://docs.alexlebens.dev/applications/descheduler/ - kubernetes
home: https://wiki.alexlebens.dev/s/0c38b7e4-4573-487c-82b0-4eeeb00e1276
sources: sources:
- https://github.com/kubernetes-sigs/descheduler - https://github.com/kubernetes-sigs/descheduler
- https://explore.ggcr.dev/?repo=registry.k8s.io%2Fdescheduler%2Fdescheduler
- https://github.com/kubernetes-sigs/descheduler/tree/master/charts/descheduler - https://github.com/kubernetes-sigs/descheduler/tree/master/charts/descheduler
maintainers: maintainers:
- name: alexlebens - name: alexlebens

44
clusters/cl01tl/helm/descheduler/values.yaml
View File

@@ -1,25 +1,27 @@
descheduler: descheduler:
image:
repository: registry.k8s.io/descheduler/descheduler
tag: v0.35.1@sha256:871d3b804390b0b8c7cb09d4e9b7856cf30e31f9e9e3d29562b0301a10453bb1
kind: Deployment kind: Deployment
resources: resources:
limits:
cpu: null
memory: null
requests: requests:
cpu: 10m cpu: 10m
memory: 50Mi memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
deschedulingInterval: 5m deschedulingInterval: 5m
replicas: 3 replicas: 1
leaderElection: leaderElection:
enabled: true enabled: false
leaseDuration: 15s command:
renewDeadline: 10s - "/bin/descheduler"
retryPeriod: 2s cmdOptions:
resourceLock: "leases" v: 3
resourceName: "descheduler" deschedulerPolicyAPIVersion: "descheduler/v1alpha2"
resourceNamespace: "descheduler"
deschedulerPolicy: deschedulerPolicy:
profiles: profiles:
- name: default - name: default
@@ -51,13 +53,13 @@ descheduler:
- name: LowNodeUtilization - name: LowNodeUtilization
args: args:
thresholds: thresholds:
cpu: 20 cpu: 30
memory: 20 memory: 30
pods: 20 pods: 50
targetThresholds: targetThresholds:
cpu: 50 cpu: 60
memory: 50 memory: 40
pods: 60 pods: 80
plugins: plugins:
balance: balance:
enabled: enabled:

8
clusters/cl01tl/helm/directus/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2 version: 7.10.0
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0 version: 0.4.0
digest: sha256:5fa84b2d82a160c35e002690e4d299275b8136463da9da789be9ca7c6ff998c4 digest: sha256:dfcb5d35e03ecdc4206227d206d36509319f0dcdaed54363840d71337debb3f7
generated: "2026-04-04T21:01:37.322862-05:00" generated: "2026-03-15T20:05:03.156596646Z"

16
clusters/cl01tl/helm/directus/Chart.yaml
View File

@@ -4,14 +4,16 @@ version: 1.0.0
description: Directus description: Directus
keywords: keywords:
- directus - directus
- content-management-system - cms
home: https://docs.alexlebens.dev/applications/descheduler/ home: https://wiki.alexlebens.dev/s/c2d242de-dcaa-4801-86a2-c4761dc8bf9b
sources: sources:
- https://github.com/directus/directus - https://github.com/directus/directus
- https://github.com/directus/directus/pkgs/container/directus - https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/directus/directus
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -21,12 +23,12 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.11.2 version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey alias: valkey
version: 0.5.0 version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
# renovate: datasource=github-releases depName=directus/directus # renovate: datasource=github-releases depName=directus/directus
appVersion: 11.17.2 appVersion: 11.16.1

39
clusters/cl01tl/helm/directus/templates/external-secret.yaml
View File

@@ -14,19 +14,31 @@ spec:
data: data:
- secretKey: admin-email - secretKey: admin-email
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/config key: /cl01tl/directus/config
metadataPolicy: None
property: admin-email property: admin-email
- secretKey: admin-password - secretKey: admin-password
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/config key: /cl01tl/directus/config
metadataPolicy: None
property: admin-password property: admin-password
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/config key: /cl01tl/directus/config
metadataPolicy: None
property: secret property: secret
- secretKey: key - secretKey: key
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/config key: /cl01tl/directus/config
metadataPolicy: None
property: key property: key
--- ---
@@ -46,11 +58,17 @@ spec:
data: data:
- secretKey: OIDC_CLIENT_ID - secretKey: OIDC_CLIENT_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/directus key: /authentik/oidc/directus
metadataPolicy: None
property: client property: client
- secretKey: OIDC_CLIENT_SECRET - secretKey: OIDC_CLIENT_SECRET
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/directus key: /authentik/oidc/directus
metadataPolicy: None
property: secret property: secret
--- ---
@@ -70,7 +88,10 @@ spec:
data: data:
- secretKey: metric-token - secretKey: metric-token
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/metrics key: /cl01tl/directus/metrics
metadataPolicy: None
property: metric-token property: metric-token
--- ---
@@ -90,15 +111,24 @@ spec:
data: data:
- secretKey: ACCESS_KEY_ID - secretKey: ACCESS_KEY_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_KEY_ID property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY - secretKey: ACCESS_SECRET_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_SECRET_KEY property: ACCESS_SECRET_KEY
- secretKey: ACCESS_REGION - secretKey: ACCESS_REGION
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_REGION property: ACCESS_REGION
--- ---
@@ -118,13 +148,22 @@ spec:
data: data:
- secretKey: default - secretKey: default
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/valkey key: /cl01tl/directus/valkey
metadataPolicy: None
property: password property: password
- secretKey: user - secretKey: user
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/valkey key: /cl01tl/directus/valkey
metadataPolicy: None
property: user property: user
- secretKey: password - secretKey: password
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/valkey key: /cl01tl/directus/valkey
metadataPolicy: None
property: password property: password

39
clusters/cl01tl/helm/directus/values.yaml
View File

@@ -4,11 +4,13 @@ directus:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: ghcr.io/directus/directus repository: directus/directus
tag: 11.17.2@sha256:5e5978377f1cc9820ffc5b92597da1573a1350ea57f8aba42efd999139993874 tag: 11.16.1
pullPolicy: IfNotPresent
env: env:
- name: PUBLIC_URL - name: PUBLIC_URL
value: https://directus.alexlebens.net value: https://directus.alexlebens.net
@@ -142,7 +144,7 @@ directus:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 300Mi memory: 256Mi
service: service:
main: main:
controller: main controller: main
@@ -150,6 +152,7 @@ directus:
http: http:
port: 80 port: 80
targetPort: 8055 targetPort: 8055
protocol: TCP
serviceMonitor: serviceMonitor:
main: main:
selector: selector:
@@ -177,8 +180,11 @@ directus:
- directus.alexlebens.net - directus.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: directus - group: ''
kind: Service
name: directus
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -196,12 +202,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 15 14 * * *" schedule: "0 15 14 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
valkey: valkey:
valkey: valkey:
auth: auth:
@@ -210,7 +239,5 @@ valkey:
aclUsers: aclUsers:
default: default:
permissions: "~* &* +@all" permissions: "~* &* +@all"
# No option to configure metrics when auth is enabled
# https://github.com/valkey-io/valkey-helm/issues/135
metrics: metrics:
enabled: false enabled: false

6
clusters/cl01tl/helm/elastic-operator/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: eck-operator - name: eck-operator
repository: https://helm.elastic.co repository: https://helm.elastic.co
version: 3.3.2 version: 3.3.1
digest: sha256:ac7a849a6d8244ef56c11f18438c4c76133f92d245228c5a1c8369d42562c177 digest: sha256:8585f3ea3e4cafc4ff2969ea7e797017b7cfe4becb3385f0b080725908c02f09
generated: "2026-04-01T21:30:02.975920565Z" generated: "2026-02-25T18:48:55.77034549Z"

9
clusters/cl01tl/helm/elastic-operator/Chart.yaml
View File

@@ -6,7 +6,8 @@ keywords:
- elastic-operator - elastic-operator
- operator - operator
- elastic-search - elastic-search
home: https://docs.alexlebens.dev/applications/elastic-operator/ - kubernetes
home: https://wiki.alexlebens.dev/s/
sources: sources:
- https://github.com/elastic/cloud-on-k8s - https://github.com/elastic/cloud-on-k8s
- https://github.com/elastic/cloud-on-k8s/tree/main/deploy/eck-operator - https://github.com/elastic/cloud-on-k8s/tree/main/deploy/eck-operator
@@ -14,8 +15,8 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: eck-operator - name: eck-operator
version: 3.3.2 version: 3.3.1
repository: https://helm.elastic.co repository: https://helm.elastic.co
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/elastic.png icon: https://helm.elastic.co/icons/eck.png
# renovate: datasource=github-releases depName=elastic/cloud-on-k8s # renovate: datasource=github-releases depName=elastic/cloud-on-k8s
appVersion: v3.3.2 appVersion: v3.3.1

9
clusters/cl01tl/helm/elastic-operator/values.yaml
View File

@@ -1,16 +1,9 @@
eck-operator: eck-operator:
managedNamespaces: managedNamespaces:
- stalwart
- tubearchivist - tubearchivist
- stalwart
installCRDs: true installCRDs: true
replicaCount: 2 replicaCount: 2
resources:
limits:
cpu: null
memory: null
requests:
cpu: 2m
memory: 50Mi
telemetry: telemetry:
disabled: true disabled: true
config: config:

6
clusters/cl01tl/helm/element-web/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies: dependencies:
- name: element-web - name: element-web
repository: https://ananace.gitlab.io/charts repository: https://ananace.gitlab.io/charts
version: 1.4.34 version: 1.4.32
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.4.0
digest: sha256:376f1201085c5c93972d2286755dd8b530a4a88ad9fdaf4bfb50ec1f11c64df0 digest: sha256:49d9dd45eff7cbbc11644e4a8bd3c9d3bf84716ed034a76f097f0ba1fea4c934
generated: "2026-04-08T17:57:31.040649797Z" generated: "2026-03-11T16:04:17.556777286Z"

12
clusters/cl01tl/helm/element-web/Chart.yaml
View File

@@ -4,22 +4,24 @@ version: 1.0.0
description: Element Web description: Element Web
keywords: keywords:
- element-web - element-web
- matrix-chat - chat
home: https://docs.alexlebens.dev/applications/element-web/ - matrix
home: https://wiki.alexlebens.dev/s/e3b03481-1a1d-4b56-8cd9-e75a8dcc0f6c
sources: sources:
- https://github.com/element-hq/element-web - https://github.com/element-hq/element-web
- https://github.com/element-hq/element-web/pkgs/container/element-web - https://github.com/cloudflare/cloudflared
- https://hub.docker.com/r/vectorim/element-web
- https://gitlab.com/ananace/charts/-/tree/master/charts/element-web - https://gitlab.com/ananace/charts/-/tree/master/charts/element-web
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: element-web - name: element-web
version: 1.4.34 version: 1.4.32
repository: https://ananace.gitlab.io/charts repository: https://ananace.gitlab.io/charts
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.4.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png
# renovate: datasource=github-releases depName=element-hq/element-web # renovate: datasource=github-releases depName=element-hq/element-web
appVersion: v1.12.15 appVersion: v1.12.12

11
clusters/cl01tl/helm/element-web/values.yaml
View File

@@ -1,8 +1,9 @@
element-web: element-web:
replicaCount: 1 replicaCount: 1
image: image:
repository: ghcr.io/element-hq/element-web repository: vectorim/element-web
tag: v1.12.15@sha256:c7fa40b5ba3891f8af3ce63da0818f457c1802a9ee4d2f5e46a9df36a2388eed tag: v1.12.12
pullPolicy: IfNotPresent
defaultServer: defaultServer:
url: https://matrix.alexlebens.dev url: https://matrix.alexlebens.dev
name: alexlebens.dev name: alexlebens.dev
@@ -17,7 +18,9 @@ element-web:
immediate: true immediate: true
default_theme: dark default_theme: dark
default_country_code: US default_country_code: US
ingress:
enabled: false
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 10Mi memory: 128Mi

7
clusters/cl01tl/helm/eraser/Chart.lock
View File

@@ -2,8 +2,5 @@ dependencies:
- name: eraser - name: eraser
repository: https://eraser-dev.github.io/eraser/charts repository: https://eraser-dev.github.io/eraser/charts
version: 1.4.1 version: 1.4.1
- name: app-template digest: sha256:da828de684b0cd82e99994586f3db4f55c43c01607c4d8d0e70e204c7bbbbf5b
repository: https://bjw-s-labs.github.io/helm-charts/ generated: "2025-12-03T22:53:20.200917773Z"
version: 4.6.2
digest: sha256:8414813d3d9d195b16ef7ebf814f7095a16413f4b0e579fcb37738000624f68c
generated: "2026-04-08T21:39:05.689756-05:00"

12
clusters/cl01tl/helm/eraser/Chart.yaml
View File

@@ -5,23 +5,17 @@ description: Eraser
keywords: keywords:
- eraser - eraser
- images - images
home: https://docs.alexlebens.dev/applications/eraser/ - kubernetes
home: https://wiki.alexlebens.dev/s/bb53ffae-0eda-4ed6-9fdd-894e672b4377
sources: sources:
- https://github.com/eraser-dev/eraser - https://github.com/eraser-dev/eraser
- https://github.com/eraser-dev/eraser/pkgs/container/eraser-manager
- https://github.com/open-telemetry/opentelemetry-collector-releases/pkgs/container/opentelemetry-collector-releases%2Fopentelemetry-collector
- https://github.com/eraser-dev/eraser/tree/main/charts/eraser - https://github.com/eraser-dev/eraser/tree/main/charts/eraser
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: eraser - name: eraser
version: 1.4.1 version: 1.4.1
repository: https://eraser-dev.github.io/eraser/charts repository: https://eraser-dev.github.io/eraser/charts
- name: app-template icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
alias: eraser-metrics
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
icon: https://raw.githubusercontent.com/eraser-dev/eraser/refs/heads/main/images/eraser-logo-color-1c.png
# renovate: datasource=github-releases depName=eraser-dev/eraser # renovate: datasource=github-releases depName=eraser-dev/eraser
appVersion: v1.4.1 appVersion: v1.4.1

134
clusters/cl01tl/helm/eraser/values.yaml
View File

@@ -1,122 +1,50 @@
eraser: eraser:
runtimeConfig: runtimeConfig:
apiVersion: eraser.sh/v1alpha3
kind: EraserConfig
manager: manager:
runtime:
name: containerd
address: unix:///run/containerd/containerd.sock
logLevel: info
scheduling: scheduling:
repeatInterval: 24h repeatInterval: 24h
beginImmediately: true beginImmediately: true
profile:
enabled: false
port: 6060
imageJob: imageJob:
successRatio: 1.0
cleanup: cleanup:
delayOnSuccess: 0s delayOnSuccess: 0s
delayOnFailure: 24h delayOnFailure: 24h
nodeFilter:
type: exclude
selectors:
- eraser.sh/cleanup.filter
- kubernetes.io/os=windows
components: components:
collector: collector:
image: enabled: true
repo: ghcr.io/eraser-dev/collector
tag: v1.4.1@sha256:827588ff826c3558bf2c50b1fc94f20122b054dfcf3480c3ffe6f0bae25c3dad
request: request:
cpu: 1m cpu: 10m
memory: 20Mi memory: 128Mi
scanner: scanner:
enabled: false enabled: false
remover:
image:
repo: ghcr.io/eraser-dev/remover
tag: v1.4.1@sha256:e57592157d717588f69c011cd0b6ab783a19a53b447a5350b27e7e66aae67525
request: request:
cpu: 1m cpu: 100m
memory: 20Mi memory: 128Mi
config: ""
remover:
request:
cpu: 10m
memory: 128Mi
deploy: deploy:
image: securityContext:
repo: ghcr.io/eraser-dev/eraser-manager allowPrivilegeEscalation: false
tag: v1.4.1@sha256:5f18fb7da4ccad93a8643ece496681f1489b0d7b0ce45e18a94774cf8b6a717d
resources: resources:
limits:
memory: null
requests: requests:
cpu: 1m cpu: 10m
memory: 20Mi memory: 30Mi
eraser-metrics: nodeSelector:
global: kubernetes.io/os: linux
nameOverride: eraser-metrics
fullnameOverride: eraser-metrics
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
containers:
main:
image:
repository: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector
tag: 0.149.0@sha256:dd56aed607fd02f8ac01dddb27a859c0c2cc750539abce927803778fafc736ae
command:
- /otelcol
- --config=/conf/otel-collector-config.yaml
resources:
requests:
cpu: 10m
memory: 20Mi
configMaps:
config:
enabled: true
forceRename: eraser-config
data:
otel-collector-config.yaml: |
receivers:
otlp:
protocols:
http:
exporters:
logging:
loglevel: debug
prometheus:
endpoint: "0.0.0.0:8889"
send_timestamps: true
metric_expiration: 180m
service:
telemetry:
logs:
encoding: json
pipelines:
metrics:
receivers:
- otlp
exporters:
- logging
- prometheus
service:
main:
controller: main
ports:
http:
port: 4318
targetPort: 4318
metrics:
port: 8889
targetPort: 8889
serviceMonitor:
main:
selector:
matchLabels:
app.kubernetes.io/name: eraser-metrics
app.kubernetes.io/instance: eraser-metrics
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: metrics
interval: 30s
scrapeTimeout: 15s
path: /metrics
persistence:
config:
enabled: true
type: configMap
name: eraser-config
advancedMounts:
main:
main:
- path: /conf/otel-collector-config.yaml
readOnly: true
mountPropagation: None
subPath: otel-collector-config.yaml

3
clusters/cl01tl/helm/excalidraw/Chart.yaml
View File

@@ -4,8 +4,7 @@ version: 1.0.0
description: Excalidraw description: Excalidraw
keywords: keywords:
- excalidraw - excalidraw
- drawing home: https://wiki.alexlebens.dev/
home: https://docs.alexlebens.dev/applications/eraser/
sources: sources:
- https://github.com/excalidraw/excalidraw - https://github.com/excalidraw/excalidraw
- https://hub.docker.com/r/excalidraw/excalidraw - https://hub.docker.com/r/excalidraw/excalidraw

12
clusters/cl01tl/helm/excalidraw/values.yaml
View File

@@ -4,11 +4,13 @@ excalidraw:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: excalidraw/excalidraw repository: excalidraw/excalidraw
tag: latest@sha256:3c2513e830bb6e195147c05b34ecf8393d0ba2b1cc86e93b407a5777d6135c6c tag: latest@sha256:3c2513e830bb6e195147c05b34ecf8393d0ba2b1cc86e93b407a5777d6135c6c
pullPolicy: IfNotPresent
env: env:
- name: NODE_ENV - name: NODE_ENV
value: production value: production
@@ -16,8 +18,8 @@ excalidraw:
value: America/Chicago value: America/Chicago
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 10Mi memory: 128Mi
service: service:
main: main:
controller: main controller: main
@@ -25,6 +27,7 @@ excalidraw:
http: http:
port: 80 port: 80
targetPort: 80 targetPort: 80
protocol: HTTP
route: route:
main: main:
kind: HTTPRoute kind: HTTPRoute
@@ -37,8 +40,11 @@ excalidraw:
- excalidraw.alexlebens.net - excalidraw.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: excalidraw - group: ''
kind: Service
name: excalidraw
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix

8
clusters/cl01tl/helm/external-dns/Chart.yaml
View File

@@ -5,11 +5,11 @@ description: External DNS
keywords: keywords:
- external-dns - external-dns
- dns - dns
home: https://docs.alexlebens.dev/applications/eraser/ - unifi
- kubernetes
home: https://wiki.alexlebens.dev/s/7b50e4da-5dc1-4f62-baf9-14b5fed64552
sources: sources:
- https://github.com/kubernetes-sigs/external-dns - https://github.com/kubernetes-sigs/external-dns
- https://explore.ggcr.dev/?repo=registry.k8s.io%2Fexternal-dns%2Fexternal-dns
- https://github.com/kashalls/external-dns-unifi-webhook
- https://github.com/kubernetes-sigs/external-dns/tree/master/charts/external-dns - https://github.com/kubernetes-sigs/external-dns/tree/master/charts/external-dns
maintainers: maintainers:
- name: alexlebens - name: alexlebens
@@ -20,4 +20,4 @@ dependencies:
repository: https://kubernetes-sigs.github.io/external-dns/ repository: https://kubernetes-sigs.github.io/external-dns/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
# renovate: datasource=github-releases depName=kubernetes-sigs/external-dns # renovate: datasource=github-releases depName=kubernetes-sigs/external-dns
appVersion: v0.21.0 appVersion: v0.20.0

3
clusters/cl01tl/helm/external-dns/templates/external-secret.yaml
View File

@@ -14,5 +14,8 @@ spec:
data: data:
- secretKey: api-key - secretKey: api-key
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /unifi/auth/cl01tl key: /unifi/auth/cl01tl
metadataPolicy: None
property: api-key property: api-key

21
clusters/cl01tl/helm/external-dns/values.yaml
View File

@@ -1,30 +1,25 @@
external-dns-unifi: external-dns-unifi:
image:
repository: registry.k8s.io/external-dns/external-dns
tag: v0.21.0@sha256:f53faaf71cb270d1ca9dce6ea0c94bfebf1a18696263487f0fbc74b9bf2bd7ff
fullnameOverride: external-dns-unifi fullnameOverride: external-dns-unifi
resources:
requests:
cpu: 1m
memory: 80Mi
serviceMonitor: serviceMonitor:
enabled: true enabled: true
interval: 360m interval: 1m
sources: sources:
- ingress
- crd - crd
- gateway-httproute - gateway-httproute
- gateway-tlsroute - gateway-tlsroute
policy: sync policy: sync
registry: txt
txtOwnerId: default txtOwnerId: default
txtPrefix: k8s. txtPrefix: k8s.
domainFilters: ["alexlebens.net"] domainFilters: ["alexlebens.net"]
excludeDomains: ["alexlebens.dev"] excludeDomains: []
provider: provider:
name: webhook name: webhook
webhook: webhook:
image: image:
repository: ghcr.io/kashalls/external-dns-unifi-webhook repository: ghcr.io/kashalls/external-dns-unifi-webhook
tag: v0.8.2@sha256:7f0ddbbc83a36a2a9d762e25eef9cafcb3adf0493068a27d72ae71087eafe6f0 tag: v0.8.2
env: env:
- name: UNIFI_HOST - name: UNIFI_HOST
value: https://192.168.1.1 value: https://192.168.1.1
@@ -34,14 +29,18 @@ external-dns-unifi:
name: external-dns-unifi-secret name: external-dns-unifi-secret
key: api-key key: api-key
- name: LOG_LEVEL - name: LOG_LEVEL
value: info value: debug
livenessProbe: livenessProbe:
httpGet: httpGet:
path: /healthz path: /healthz
port: http-webhook port: http-webhook
initialDelaySeconds: 10
timeoutSeconds: 5
readinessProbe: readinessProbe:
httpGet: httpGet:
path: /readyz path: /readyz
port: http-webhook port: http-webhook
initialDelaySeconds: 10
timeoutSeconds: 5
extraArgs: extraArgs:
- --ignore-ingress-tls-spec - --ignore-ingress-tls-spec

4
clusters/cl01tl/helm/external-secrets/Chart.lock
View File

@@ -2,5 +2,5 @@ dependencies:
- name: external-secrets - name: external-secrets
repository: https://charts.external-secrets.io repository: https://charts.external-secrets.io
version: 2.2.0 version: 2.2.0
digest: sha256:3894df20e1f3d56bc9789177181a84d8ae1402ef76ec6328e417ce5a568738ae digest: sha256:832fc3f8d3728bdea2b696a6044e4c18967cd9ab9c5cc74adbf40aaa270a84b4
generated: "2026-03-26T19:19:15.734454-05:00" generated: "2026-03-20T20:53:08.407747649Z"

8
clusters/cl01tl/helm/external-secrets/Chart.yaml
View File

@@ -5,17 +5,15 @@ description: External Secrets
keywords: keywords:
- external-secrets - external-secrets
- secrets - secrets
- operator - vault
home: https://docs.alexlebens.dev/applications/eraser/ home: https://wiki.alexlebens.dev/s/d29044fb-0d63-4500-8853-2971964f356a
sources: sources:
- https://github.com/external-secrets/external-secrets - https://github.com/external-secrets/external-secrets
- https://github.com/external-secrets/external-secrets/pkgs/container/external-secrets
- https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets - https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets
dependencies: dependencies:
- name: external-secrets - name: external-secrets
alias: external-secrets
version: 2.2.0 version: 2.2.0
repository: https://charts.external-secrets.io repository: https://charts.external-secrets.io
icon: https://raw.githubusercontent.com/external-secrets/external-secrets/refs/heads/main/assets/eso-logo-large.png icon: https://avatars.githubusercontent.com/u/68335991?s=48&v=4
# renovate: datasource=github-releases depName=external-secrets/external-secrets # renovate: datasource=github-releases depName=external-secrets/external-secrets
appVersion: v2.2.0 appVersion: v2.2.0

44
clusters/cl01tl/helm/external-secrets/values.yaml
View File

@@ -1,44 +0,0 @@
external-secrets:
replicaCount: 3
image:
repository: ghcr.io/external-secrets/external-secrets
tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
installCRDs: true
crds:
createClusterExternalSecret: true
createClusterSecretStore: true
createSecretStore: true
createClusterGenerator: true
createClusterPushSecret: true
createPushSecret: true
leaderElect: true
extendedMetricLabels: true
resources:
requests:
cpu: 5m
memory: 50Mi
serviceMonitor:
enabled: true
livenessProbe:
enabled: true
readinessProbe:
enabled: true
podDisruptionBudget:
enabled: true
minAvailable: 1
webhook:
image:
repository: ghcr.io/external-secrets/external-secrets
tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
resources:
requests:
cpu: 1m
memory: 30Mi
certController:
image:
repository: ghcr.io/external-secrets/external-secrets
tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
resources:
requests:
cpu: 1m
memory: 60Mi

6
clusters/cl01tl/helm/foldergram/Chart.yaml
View File

@@ -5,12 +5,10 @@ description: Foldergram
keywords: keywords:
- foldergram - foldergram
- pictures - pictures
home: https://docs.alexlebens.dev/applications/foldergram/ home: https://wiki.alexlebens.dev/
sources: sources:
- https://github.com/foldergram/foldergram - https://github.com/foldergram/foldergram
- https://github.com/foldergram/foldergram/pkgs/container/foldergram
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -24,4 +22,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://raw.githubusercontent.com/foldergram/foldergram/refs/heads/main/client/public/icon-512.png icon: https://raw.githubusercontent.com/foldergram/foldergram/refs/heads/main/client/public/icon-512.png
# renovate: datasource=github-releases depName=foldergram/foldergram # renovate: datasource=github-releases depName=foldergram/foldergram
appVersion: v1.1.0 appVersion: v1.0.5

23
clusters/cl01tl/helm/foldergram/values.yaml
View File

@@ -4,20 +4,18 @@ foldergram:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
pod: revisionHistoryLimit: 3
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers: containers:
main: main:
image: image:
repository: ghcr.io/foldergram/foldergram repository: ghcr.io/foldergram/foldergram
tag: 1.1.0@sha256:b08c7f30a15a3d3e4cf0877a5271cb76be6a36ab83751f040c115ccdb76b736a tag: 1.0.5
pullPolicy: IfNotPresent
env: env:
- name: IMAGE_DETAIL_SOURCE - name: IMAGE_DETAIL_SOURCE
value: original value: original
- name: DERIVATIVE_MODE - name: DERIVATIVE_MODE
value: eager value: lazy
- name: DATA_ROOT - name: DATA_ROOT
value: ./data value: ./data
- name: GALLERY_ROOT - name: GALLERY_ROOT
@@ -26,8 +24,8 @@ foldergram:
value: https://foldergram.alexlebens.net value: https://foldergram.alexlebens.net
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 230Mi memory: 128Mi
service: service:
main: main:
controller: main controller: main
@@ -35,6 +33,7 @@ foldergram:
http: http:
port: 80 port: 80
targetPort: 4141 targetPort: 4141
protocol: HTTP
route: route:
main: main:
kind: HTTPRoute kind: HTTPRoute
@@ -47,8 +46,11 @@ foldergram:
- foldergram.alexlebens.net - foldergram.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: foldergram - group: ''
kind: Service
name: foldergram
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -58,7 +60,8 @@ foldergram:
forceRename: foldergram-data forceRename: foldergram-data
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 40Gi size: 10Gi
retain: false
advancedMounts: advancedMounts:
main: main:
main: main:

6
clusters/cl01tl/helm/freshrss/Chart.lock
View File

@@ -7,9 +7,9 @@ dependencies:
version: 2.4.0 version: 2.4.0
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2 version: 7.10.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:f709ef2ce041d934faf75dfa31cc86e536aa62ab31ab82584c9751652561744c digest: sha256:a7bdbecd50433fedd65d3043102fe3c9e366dc98953c37eb0cfe762bce833e8e
generated: "2026-04-04T21:02:01.689182-05:00" generated: "2026-03-15T20:05:14.085780861Z"

7
clusters/cl01tl/helm/freshrss/Chart.yaml
View File

@@ -5,14 +5,15 @@ description: FreshRSS
keywords: keywords:
- freshrss - freshrss
- rss - rss
home: https://docs.alexlebens.dev/applications/freshrss/ home: https://wiki.alexlebens.dev/s/251cb7cb-2797-4bbb-8597-32757aa96391
sources: sources:
- https://github.com/FreshRSS/FreshRSS - https://github.com/FreshRSS/FreshRSS
- https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/freshrss/freshrss - https://hub.docker.com/r/freshrss/freshrss
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -25,7 +26,7 @@ dependencies:
version: 2.4.0 version: 2.4.0
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.11.2 version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target - name: volsync-target
alias: volsync-target-data alias: volsync-target-data

18
clusters/cl01tl/helm/freshrss/templates/external-secret.yaml
View File

@@ -14,15 +14,24 @@ spec:
data: data:
- secretKey: ADMIN_EMAIL - secretKey: ADMIN_EMAIL
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/freshrss/config key: /cl01tl/freshrss/config
metadataPolicy: None
property: ADMIN_EMAIL property: ADMIN_EMAIL
- secretKey: ADMIN_PASSWORD - secretKey: ADMIN_PASSWORD
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/freshrss/config key: /cl01tl/freshrss/config
metadataPolicy: None
property: ADMIN_PASSWORD property: ADMIN_PASSWORD
- secretKey: ADMIN_API_PASSWORD - secretKey: ADMIN_API_PASSWORD
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/freshrss/config key: /cl01tl/freshrss/config
metadataPolicy: None
property: ADMIN_API_PASSWORD property: ADMIN_API_PASSWORD
--- ---
@@ -42,13 +51,22 @@ spec:
data: data:
- secretKey: OIDC_CLIENT_ID - secretKey: OIDC_CLIENT_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/freshrss key: /authentik/oidc/freshrss
metadataPolicy: None
property: client property: client
- secretKey: OIDC_CLIENT_SECRET - secretKey: OIDC_CLIENT_SECRET
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/freshrss key: /authentik/oidc/freshrss
metadataPolicy: None
property: secret property: secret
- secretKey: OIDC_CLIENT_CRYPTO_KEY - secretKey: OIDC_CLIENT_CRYPTO_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/freshrss key: /authentik/oidc/freshrss
metadataPolicy: None
property: crypto-key property: crypto-key

128
clusters/cl01tl/helm/freshrss/values.yaml
View File

@@ -4,11 +4,84 @@ freshrss:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
initContainers:
init-download-extension-1:
securityContext:
runAsUser: 0
image:
repository: alpine
tag: 3.23.3
pullPolicy: IfNotPresent
command:
- /bin/sh
- -ec
- |
apk add --no-cache git;
cd /tmp;
git clone -n --depth=1 --filter=tree:0 https://github.com/cn-tools/cntools_FreshRssExtensions.git;
cd cntools_FreshRssExtensions;
git sparse-checkout set --no-cone /xExtension-YouTubeChannel2RssFeed;
git checkout;
rm -rf /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed
cp -r xExtension-YouTubeChannel2RssFeed /var/www/FreshRSS/extensions
chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed
resources:
requests:
cpu: 10m
memory: 128Mi
init-download-extension-2:
securityContext:
runAsUser: 0
image:
repository: alpine
tag: 3.23.3
pullPolicy: IfNotPresent
command:
- /bin/sh
- -ec
- |
apk add --no-cache git;
cd /tmp;
git clone -n --depth=1 --filter=tree:0 https://github.com/FreshRSS/Extensions.git;
cd Extensions;
git sparse-checkout set --no-cone /xExtension-ImageProxy;
git checkout;
rm -rf /var/www/FreshRSS/extensions/xExtension-ImageProxy
cp -r xExtension-ImageProxy /var/www/FreshRSS/extensions
chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-ImageProxy
resources:
requests:
cpu: 10m
memory: 128Mi
init-download-extension-3:
securityContext:
runAsUser: 0
image:
repository: alpine
tag: 3.23.3
pullPolicy: IfNotPresent
command:
- /bin/sh
- -ec
- |
cd /tmp;
wget https://github.com/zimmra/xExtension-karakeep-button/archive/refs/tags/v1.1.tar.gz;
tar -xvzf *.tar.gz;
rm -rf /var/www/FreshRSS/extensions/xExtension-karakeep-button
mkdir /var/www/FreshRSS/extensions/xExtension-karakeep-button
cp -r /tmp/xExtension-karakeep-button-*/* /var/www/FreshRSS/extensions/xExtension-karakeep-button
chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-karakeep-button
resources:
requests:
cpu: 10m
memory: 128Mi
containers: containers:
main: main:
image: image:
repository: freshrss/freshrss repository: freshrss/freshrss
tag: 1.28.1@sha256:9100f649f5c946f589f54cdb9be7a65996528f48f691ef90eb262a0e06e5a522 tag: 1.28.1
pullPolicy: IfNotPresent
env: env:
- name: PGID - name: PGID
value: "568" value: "568"
@@ -78,8 +151,8 @@ freshrss:
name: freshrss-install-secret name: freshrss-install-secret
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 100Mi memory: 128Mi
service: service:
main: main:
controller: main controller: main
@@ -87,17 +160,38 @@ freshrss:
http: http:
port: 80 port: 80
targetPort: 80 targetPort: 80
protocol: HTTP
persistence: persistence:
data: data:
forceRename: freshrss-data forceRename: freshrss-data
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 5Gi size: 5Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
- path: /var/www/FreshRSS/data - path: /var/www/FreshRSS/data
readOnly: false readOnly: false
extensions:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
init-download-extension-1:
- path: /var/www/FreshRSS/extensions
readOnly: false
init-download-extension-2:
- path: /var/www/FreshRSS/extensions
readOnly: false
init-download-extension-3:
- path: /var/www/FreshRSS/extensions
readOnly: false
main:
- path: /var/www/FreshRSS/extensions
readOnly: false
postgres-18-cluster: postgres-18-cluster:
mode: recovery mode: recovery
recovery: recovery:
@@ -111,12 +205,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 20 14 * * *" schedule: "0 20 14 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-data: volsync-target-data:
pvcTarget: freshrss-data pvcTarget: freshrss-data
moverSecurityContext: moverSecurityContext:
@@ -124,6 +241,11 @@ volsync-target-data:
runAsGroup: 568 runAsGroup: 568
fsGroup: 568 fsGroup: 568
fsGroupChangePolicy: OnRootMismatch fsGroupChangePolicy: OnRootMismatch
supplementalGroups:
- 44
- 100
- 109
- 65539
local: local:
enabled: true enabled: true
schedule: 18 8 * * * schedule: 18 8 * * *

11
clusters/cl01tl/helm/garage/Chart.yaml
View File

@@ -4,13 +4,12 @@ version: 1.0.0
description: Garage description: Garage
keywords: keywords:
- garage - garage
- storage
- s3 - s3
home: https://docs.alexlebens.dev/applications/garage/ home: https://wiki.alexlebens.dev/s/
sources: sources:
- https://git.deuxfleurs.fr/Deuxfleurs/garage - https://git.deuxfleurs.fr/Deuxfleurs/garage
- https://github.com/khairul169/garage-webui
- https://hub.docker.com/r/dxflrs/garage - https://hub.docker.com/r/dxflrs/garage
- https://hub.docker.com/r/khairul169/garage-webui
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers: maintainers:
- name: alexlebens - name: alexlebens
@@ -19,6 +18,6 @@ dependencies:
alias: garage alias: garage
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/garage.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
# renovate: datasource=docker depName=dxflrs/garage # renovate: datasource=github-releases depName=deuxfleurs-org/garage
appVersion: v2.2.0 appVersion: v2.1.0

9
clusters/cl01tl/helm/garage/templates/external-secret.yaml
View File

@@ -14,13 +14,22 @@ spec:
data: data:
- secretKey: GARAGE_RPC_SECRET - secretKey: GARAGE_RPC_SECRET
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/garage/token key: /cl01tl/garage/token
metadataPolicy: None
property: rpc property: rpc
- secretKey: GARAGE_ADMIN_TOKEN - secretKey: GARAGE_ADMIN_TOKEN
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/garage/token key: /cl01tl/garage/token
metadataPolicy: None
property: admin property: admin
- secretKey: GARAGE_METRICS_TOKEN - secretKey: GARAGE_METRICS_TOKEN
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/garage/token key: /cl01tl/garage/token
metadataPolicy: None
property: metric property: metric

76
clusters/cl01tl/helm/garage/values.yaml
View File

@@ -4,6 +4,7 @@ garage:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
pod: pod:
labels: labels:
garage-type: server garage-type: server
@@ -21,18 +22,32 @@ garage:
main: main:
image: image:
repository: dxflrs/garage repository: dxflrs/garage
tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4 tag: v2.2.0
pullPolicy: IfNotPresent
envFrom: envFrom:
- secretRef: - secretRef:
name: garage-token-secret name: garage-token-secret
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 200Mi memory: 128Mi
debug:
image:
repository: ubuntu
tag: resolute-20260312
pullPolicy: IfNotPresent
command:
- "sleep"
- "infinity"
resources:
requests:
cpu: 10m
memory: 32Mi
server-2: server-2:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
pod: pod:
labels: labels:
garage-type: server garage-type: server
@@ -50,18 +65,20 @@ garage:
main: main:
image: image:
repository: dxflrs/garage repository: dxflrs/garage
tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4 tag: v2.2.0
pullPolicy: IfNotPresent
envFrom: envFrom:
- secretRef: - secretRef:
name: garage-token-secret name: garage-token-secret
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 200Mi memory: 128Mi
server-3: server-3:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
pod: pod:
labels: labels:
garage-type: server garage-type: server
@@ -79,23 +96,26 @@ garage:
main: main:
image: image:
repository: dxflrs/garage repository: dxflrs/garage
tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4 tag: v2.2.0
pullPolicy: IfNotPresent
envFrom: envFrom:
- secretRef: - secretRef:
name: garage-token-secret name: garage-token-secret
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 200Mi memory: 128Mi
webui: webui:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: khairul169/garage-webui repository: khairul169/garage-webui
tag: 1.1.0@sha256:17c793551873155065bf9a022dabcde874de808a1f26e648d4b82e168806439c tag: 1.1.0
pullPolicy: IfNotPresent
env: env:
- name: API_BASE_URL - name: API_BASE_URL
value: http://garage-main.garage:3903 value: http://garage-main.garage:3903
@@ -108,8 +128,8 @@ garage:
key: GARAGE_ADMIN_TOKEN key: GARAGE_ADMIN_TOKEN
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 10Mi memory: 128Mi
configMaps: configMaps:
config: config:
enabled: true enabled: true
@@ -212,15 +232,19 @@ garage:
s3: s3:
port: 3900 port: 3900
targetPort: 3900 targetPort: 3900
protocol: HTTP
rpc: rpc:
port: 3901 port: 3901
targetPort: 3901 targetPort: 3901
protocol: HTTP
web: web:
port: 3902 port: 3902
targetPort: 3902 targetPort: 3902
protocol: HTTP
admin: admin:
port: 3903 port: 3903
targetPort: 3903 targetPort: 3903
protocol: HTTP
server-2: server-2:
forceRename: garage-2 forceRename: garage-2
controller: server-2 controller: server-2
@@ -228,15 +252,19 @@ garage:
s3: s3:
port: 3900 port: 3900
targetPort: 3900 targetPort: 3900
protocol: HTTP
rpc: rpc:
port: 3901 port: 3901
targetPort: 3901 targetPort: 3901
protocol: HTTP
web: web:
port: 3902 port: 3902
targetPort: 3902 targetPort: 3902
protocol: HTTP
admin: admin:
port: 3903 port: 3903
targetPort: 3903 targetPort: 3903
protocol: HTTP
server-3: server-3:
forceRename: garage-3 forceRename: garage-3
controller: server-3 controller: server-3
@@ -244,21 +272,26 @@ garage:
s3: s3:
port: 3900 port: 3900
targetPort: 3900 targetPort: 3900
protocol: HTTP
rpc: rpc:
port: 3901 port: 3901
targetPort: 3901 targetPort: 3901
protocol: HTTP
web: web:
port: 3902 port: 3902
targetPort: 3902 targetPort: 3902
protocol: HTTP
admin: admin:
port: 3903 port: 3903
targetPort: 3903 targetPort: 3903
protocol: HTTP
webui: webui:
controller: webui controller: webui
ports: ports:
webui: webui:
port: 3909 port: 3909
targetPort: 3909 targetPort: 3909
protocol: HTTP
serviceMonitor: serviceMonitor:
main: main:
selector: selector:
@@ -287,8 +320,11 @@ garage:
- garage-webui.alexlebens.net - garage-webui.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: garage-webui - group: ''
kind: Service
name: garage-webui
port: 3909 port: 3909
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -304,8 +340,11 @@ garage:
- garage-s3.alexlebens.net - garage-s3.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: garage-main - group: ''
kind: Service
name: garage-main
port: 3900 port: 3900
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -322,6 +361,11 @@ garage:
readOnly: true readOnly: true
mountPropagation: None mountPropagation: None
subPath: garage-1.toml subPath: garage-1.toml
debug:
- path: /etc/garage.toml
readOnly: true
mountPropagation: None
subPath: garage-1.toml
server-2: server-2:
main: main:
- path: /etc/garage.toml - path: /etc/garage.toml
@@ -345,16 +389,21 @@ garage:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 50Gi size: 50Gi
retain: true
advancedMounts: advancedMounts:
server-1: server-1:
main: main:
- path: /var/lib/garage/meta - path: /var/lib/garage/meta
readOnly: false readOnly: false
debug:
- path: /var/lib/garage/meta
readOnly: false
db-2: db-2:
forceRename: garage-db-2 forceRename: garage-db-2
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 50Gi size: 50Gi
retain: true
advancedMounts: advancedMounts:
server-2: server-2:
main: main:
@@ -365,6 +414,7 @@ garage:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 50Gi size: 50Gi
retain: true
advancedMounts: advancedMounts:
server-3: server-3:
main: main:
@@ -375,11 +425,15 @@ garage:
storageClass: synology-iscsi-delete storageClass: synology-iscsi-delete
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 800Gi size: 800Gi
retain: true
advancedMounts: advancedMounts:
server-1: server-1:
main: main:
- path: /var/lib/garage/data - path: /var/lib/garage/data
readOnly: false readOnly: false
debug:
- path: /var/lib/garage/data
readOnly: false
data-2: data-2:
forceRename: garage-data-2 forceRename: garage-data-2
storageClass: synology-iscsi-delete storageClass: synology-iscsi-delete

6
clusters/cl01tl/helm/gatus/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 1.5.0 version: 1.5.0
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2 version: 7.10.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:b2a7ef962a91dff4313f66c1d04356f1b2aeefc752d672a9a27ea227db4b8c7d digest: sha256:83ec84774e0cc708f1cb5d83d657180159bfb75c9928784ebf0280e224b1cbca
generated: "2026-04-04T21:02:09.187828-05:00" generated: "2026-03-15T20:05:27.625292422Z"

10
clusters/cl01tl/helm/gatus/Chart.yaml
View File

@@ -4,14 +4,16 @@ version: 1.0.0
description: Gatus description: Gatus
keywords: keywords:
- gatus - gatus
- uptime-monitor - healthcheck
home: https://docs.alexlebens.dev/applications/gatus/ - uptime
- metrics
home: https://wiki.alexlebens.dev/s/2a2b0c83-81c7-49e3-aafc-daff4ff23ce2
sources: sources:
- https://github.com/TwiN/gatus - https://github.com/TwiN/gatus
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/TwiN/gatus/pkgs/container/gatus - https://github.com/TwiN/gatus/pkgs/container/gatus
- https://github.com/TwiN/helm-charts/tree/master/charts/gatus - https://github.com/TwiN/helm-charts/tree/master/charts/gatus
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -20,7 +22,7 @@ dependencies:
version: 1.5.0 version: 1.5.0
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.11.2 version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target - name: volsync-target
alias: volsync-target-data alias: volsync-target-data

9
clusters/cl01tl/helm/gatus/templates/external-secret.yaml
View File

@@ -14,7 +14,10 @@ spec:
data: data:
- secretKey: NTFY_TOKEN - secretKey: NTFY_TOKEN
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /ntfy/user/cl01tl key: /ntfy/user/cl01tl
metadataPolicy: None
property: token property: token
--- ---
@@ -34,9 +37,15 @@ spec:
data: data:
- secretKey: OIDC_CLIENT_ID - secretKey: OIDC_CLIENT_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/gatus key: /authentik/oidc/gatus
metadataPolicy: None
property: client property: client
- secretKey: OIDC_CLIENT_SECRET - secretKey: OIDC_CLIENT_SECRET
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/gatus key: /authentik/oidc/gatus
metadataPolicy: None
property: secret property: secret

84
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -1,14 +1,27 @@
gatus: gatus:
deployment: deployment:
strategy: Recreate strategy: Recreate
readinessProbe:
enabled: true
livenessProbe:
enabled: true
image: image:
repository: ghcr.io/twin/gatus repository: ghcr.io/twin/gatus
tag: v5.35.0@sha256:21609f31be8c4e680ce3004b24276305666239c99aff58391503f3fb6142f39d tag: v5.35.0
annotations: annotations:
reloader.stakater.com/auto: "true" reloader.stakater.com/auto: "true"
service:
type: ClusterIP
port: 80
targetPort: 8080
portName: http
ingress:
enabled: false
gateway: gateway:
apiVersion: gateway.networking.k8s.io/v1
route: route:
enabled: true enabled: true
path: /
parentRefs: parentRefs:
- group: gateway.networking.k8s.io - group: gateway.networking.k8s.io
kind: Gateway kind: Gateway
@@ -60,13 +73,24 @@ gatus:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 20Mi memory: 128Mi
persistence: persistence:
enabled: true enabled: true
size: 1Gi size: 1Gi
mountPath: /data
accessModes:
- ReadWriteOnce
finalizers:
- kubernetes.io/pvc-protection
storageClassName: ceph-block storageClassName: ceph-block
serviceMonitor: serviceMonitor:
enabled: true enabled: true
interval: 1m
path: /metrics
scheme: http
scrapeTimeout: 30s
networkPolicy:
enabled: false
config: config:
metrics: true metrics: true
connectivity: connectivity:
@@ -113,12 +137,12 @@ gatus:
- name: yamtrack - name: yamtrack
url: https://yamtrack.alexlebens.net url: https://yamtrack.alexlebens.net
<<: *defaults <<: *defaults
- name: movie-roulette
url: https://movie-roulette.alexlebens.net
<<: *defaults
- name: jellyfin - name: jellyfin
url: https://jellyfin.alexlebens.net url: https://jellyfin.alexlebens.net
<<: *defaults <<: *defaults
- name: kyoo
url: https://kyoo.alexlebens.net
<<: *defaults
- name: tubearchivist - name: tubearchivist
url: https://tubearchivist.alexlebens.net url: https://tubearchivist.alexlebens.net
<<: *defaults <<: *defaults
@@ -134,9 +158,15 @@ gatus:
- name: immich - name: immich
url: https://immich.alexlebens.net url: https://immich.alexlebens.net
<<: *defaults <<: *defaults
- name: photoview
url: https://photoview.alexlebens.net
<<: *defaults
- name: foldergram - name: foldergram
url: https://foldergram.alexlebens.net url: https://foldergram.alexlebens.net
<<: *defaults <<: *defaults
- name: booklore
url: https://booklore.alexlebens.net
<<: *defaults
- name: grimmory - name: grimmory
url: https://grimmory.alexlebens.net url: https://grimmory.alexlebens.net
<<: *defaults <<: *defaults
@@ -161,33 +191,30 @@ gatus:
- name: roundcube - name: roundcube
url: https://mail.alexlebens.net url: https://mail.alexlebens.net
<<: *defaults <<: *defaults
- name: paperless-ngx
url: https://paperless-ngx.alexlebens.net
<<: *defaults
- name: kiwix - name: kiwix
url: https://kiwix.alexlebens.net url: https://kiwix.alexlebens.net
<<: *defaults <<: *defaults
- name: excalidraw - name: excalidraw
url: https://excalidraw.alexlebens.net url: https://excalidraw.alexlebens.net
<<: *defaults <<: *defaults
- name: languagetool
url: https://languagetool.alexlebens.net
<<: *defaults
- name: gitea - name: gitea
url: https://gitea.alexlebens.net url: https://gitea.alexlebens.net
<<: *defaults <<: *defaults
- name: home-assistant-code-server - name: home-assistant-code-server
url: https://home-assistant-code-server.alexlebens.net url: https://home-assistant-code-server.alexlebens.net
<<: *defaults <<: *defaults
- name: postiz-spotlight
url: https://postiz-spotlight.alexlebens.net
<<: *defaults
- name: postiz-temporal
url: https://postiz-temporal.alexlebens.net
<<: *defaults
- name: argocd - name: argocd
url: https://argocd.alexlebens.net url: https://argocd.alexlebens.net
<<: *defaults <<: *defaults
- name: komodo - name: komodo
url: https://komodo.alexlebens.net url: https://komodo.alexlebens.net
<<: *defaults <<: *defaults
- name: argo-workflows
url: https://argo-workflows.alexlebens.net
<<: *defaults
- name: omni-tools - name: omni-tools
url: https://omni-tools.alexlebens.net url: https://omni-tools.alexlebens.net
<<: *defaults <<: *defaults
@@ -359,7 +386,7 @@ gatus:
<<: *defaults <<: *defaults
group: external group: external
- name: outline - name: outline
url: https://outline.alexlebens.dev url: https://wiki.alexlebens.dev
<<: *defaults <<: *defaults
group: external group: external
- name: vaultwarden - name: vaultwarden
@@ -380,6 +407,10 @@ gatus:
url: https://gitea.alexlebens.dev url: https://gitea.alexlebens.dev
<<: *defaults <<: *defaults
group: external group: external
- name: codeserver
url: https://codeserver.alexlebens.dev
<<: *defaults
group: external
- name: authentik - name: authentik
url: https://auth.alexlebens.dev url: https://auth.alexlebens.dev
<<: *defaults <<: *defaults
@@ -397,12 +428,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 25 14 * * *" schedule: "0 25 14 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-data: volsync-target-data:
pvcTarget: gatus pvcTarget: gatus
local: local:

6
clusters/cl01tl/helm/generic-device-plugin/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: generic-device-plugin - name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.28 version: 0.20.24
digest: sha256:16e4470b394110a11721fe38a57ad1cfa7c994bca440bfbbc5b3b7a46a79f165 digest: sha256:36bf651c24198d299458046aaf449e9fb50942e1143389092a746357d402b731
generated: "2026-04-05T02:12:22.980217268Z" generated: "2026-03-20T01:18:36.687250976Z"

5
clusters/cl01tl/helm/generic-device-plugin/Chart.yaml
View File

@@ -5,7 +5,8 @@ description: Generic Device Plugin
keywords: keywords:
- generic-device-plugin - generic-device-plugin
- device - device
home: https://docs.alexlebens.dev/applications/generic-device-plugin/ - plugin
home: https://wiki.alexlebens.dev/s/ee9ba1be-119c-4e83-aea9-b087481554f2
sources: sources:
- https://github.com/squat/generic-device-plugin - https://github.com/squat/generic-device-plugin
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/generic-device-plugin - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/generic-device-plugin
@@ -14,6 +15,6 @@ maintainers:
dependencies: dependencies:
- name: generic-device-plugin - name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.28 version: 0.20.24
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: 1.0.0 appVersion: 1.0.0

16
clusters/cl01tl/helm/gitea/Chart.lock
View File

@@ -1,27 +1,27 @@
dependencies: dependencies:
- name: gitea - name: gitea
repository: https://dl.gitea.com/charts/ repository: https://dl.gitea.io/charts/
version: 12.5.0 version: 12.5.0
- name: actions - name: actions
repository: https://dl.gitea.com/charts/ repository: https://dl.gitea.com/charts/
version: 0.0.5 version: 0.0.3
- name: meilisearch - name: meilisearch
repository: https://meilisearch.github.io/meilisearch-kubernetes repository: https://meilisearch.github.io/meilisearch-kubernetes
version: 0.30.0 version: 0.28.0
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.4.0
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2 version: 7.10.0
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0 version: 0.4.0
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0 version: 0.4.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:ae512dab12cc692921a8cf80f8459fa652ae20f393a34c14f25a851410724096 digest: sha256:238b7653c9d12c4886a56350b6d66217dbe7ecbb76078a846c7cc2c8cb450eb3
generated: "2026-04-07T16:50:50.725821375Z" generated: "2026-03-16T15:56:55.197735783Z"

24
clusters/cl01tl/helm/gitea/Chart.yaml
View File

@@ -5,55 +5,55 @@ description: Gitea
keywords: keywords:
- gitea - gitea
- git - git
home: https://docs.alexlebens.dev/applications/gitea/ - code
home: https://wiki.alexlebens.dev/s/94060f71-fd05-4f78-9af2-053f8f221acd
sources: sources:
- https://github.com/go-gitea/gitea - https://github.com/go-gitea/gitea
- https://github.com/renovatebot/renovate - https://github.com/renovatebot/renovate
- https://github.com/Angatar/s3cmd - https://github.com/Angatar/s3cmd
- https://github.com/meilisearch/meilisearch - https://github.com/meilisearch/meilisearch
- https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/gitea/gitea - https://hub.docker.com/r/gitea/gitea
- https://hub.docker.com/r/renovate/renovate - https://hub.docker.com/r/renovate/renovate
- https://hub.docker.com/r/d3fk/s3cmd/ - https://hub.docker.com/r/d3fk/s3cmd/
- https://hub.docker.com/_/busybox
- https://gitea.com/gitea/helm-chart - https://gitea.com/gitea/helm-chart
- https://gitea.com/gitea/helm-actions - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch - https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: gitea - name: gitea
version: 12.5.0 version: 12.5.0
repository: https://dl.gitea.com/charts/ repository: https://dl.gitea.io/charts/
- name: actions - name: actions
alias: gitea-actions alias: gitea-actions
repository: https://dl.gitea.com/charts/ repository: https://dl.gitea.com/charts/
version: 0.0.5 version: 0.0.3
- name: meilisearch - name: meilisearch
version: 0.30.0 version: 0.28.0
repository: https://meilisearch.github.io/meilisearch-kubernetes repository: https://meilisearch.github.io/meilisearch-kubernetes
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.4.0
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.11.2 version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey-gitea alias: valkey-gitea
version: 0.5.0 version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey-renovate alias: valkey-renovate
version: 0.5.0 version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target - name: volsync-target
alias: volsync-target-storage alias: volsync-target-storage
version: 0.8.0 version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/gitea.png icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/gitea.png
# renovate: datasource=github-releases depName=go-gitea/gitea # renovate: datasource=github-releases depName=go-gitea/gitea
appVersion: 1.25.5 appVersion: 1.25.5

42
clusters/cl01tl/helm/gitea/templates/external-secret.yaml
View File

@@ -14,11 +14,17 @@ spec:
data: data:
- secretKey: username - secretKey: username
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/auth/admin key: /cl01tl/gitea/auth/admin
metadataPolicy: None
property: username property: username
- secretKey: password - secretKey: password
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/auth/admin key: /cl01tl/gitea/auth/admin
metadataPolicy: None
property: password property: password
--- ---
@@ -38,11 +44,17 @@ spec:
data: data:
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/gitea key: /authentik/oidc/gitea
metadataPolicy: None
property: secret property: secret
- secretKey: key - secretKey: key
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/gitea key: /authentik/oidc/gitea
metadataPolicy: None
property: client property: client
--- ---
@@ -62,7 +74,10 @@ spec:
data: data:
- secretKey: token - secretKey: token
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/runner key: /cl01tl/gitea/runner
metadataPolicy: None
property: token property: token
--- ---
@@ -82,23 +97,38 @@ spec:
data: data:
- secretKey: RENOVATE_ENDPOINT - secretKey: RENOVATE_ENDPOINT
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate key: /cl01tl/gitea/renovate
metadataPolicy: None
property: RENOVATE_ENDPOINT property: RENOVATE_ENDPOINT
- secretKey: RENOVATE_GIT_AUTHOR - secretKey: RENOVATE_GIT_AUTHOR
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate key: /cl01tl/gitea/renovate
metadataPolicy: None
property: RENOVATE_GIT_AUTHOR property: RENOVATE_GIT_AUTHOR
- secretKey: RENOVATE_TOKEN - secretKey: RENOVATE_TOKEN
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate key: /cl01tl/gitea/renovate
metadataPolicy: None
property: RENOVATE_TOKEN property: RENOVATE_TOKEN
- secretKey: RENOVATE_GIT_PRIVATE_KEY - secretKey: RENOVATE_GIT_PRIVATE_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate key: /cl01tl/gitea/renovate
metadataPolicy: None
property: id_rsa property: id_rsa
- secretKey: RENOVATE_GITHUB_COM_TOKEN - secretKey: RENOVATE_GITHUB_COM_TOKEN
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /github/gitea-cl01tl key: /github/gitea-cl01tl
metadataPolicy: None
property: token property: token
--- ---
@@ -118,15 +148,24 @@ spec:
data: data:
- secretKey: config - secretKey: config
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate key: /cl01tl/gitea/renovate
metadataPolicy: None
property: ssh_config property: ssh_config
- secretKey: id_rsa - secretKey: id_rsa
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate key: /cl01tl/gitea/renovate
metadataPolicy: None
property: id_rsa property: id_rsa
- secretKey: id_rsa.pub - secretKey: id_rsa.pub
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate key: /cl01tl/gitea/renovate
metadataPolicy: None
property: id_rsa.pub property: id_rsa.pub
--- ---
@@ -152,5 +191,8 @@ spec:
data: data:
- secretKey: MEILI_MASTER_KEY - secretKey: MEILI_MASTER_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/meilisearch key: /cl01tl/gitea/meilisearch
metadataPolicy: None
property: MEILI_MASTER_KEY property: MEILI_MASTER_KEY

107
clusters/cl01tl/helm/gitea/values.yaml
View File

@@ -2,11 +2,6 @@ gitea:
global: global:
imageRegistry: registry.hub.docker.com imageRegistry: registry.hub.docker.com
replicaCount: 3 replicaCount: 3
strategy:
type: "RollingUpdate"
rollingUpdate:
maxSurge: "100%"
maxUnavailable: 1
image: image:
repository: gitea/gitea repository: gitea/gitea
tag: 1.25.5 tag: 1.25.5
@@ -19,10 +14,8 @@ gitea:
type: ClusterIP type: ClusterIP
port: 22 port: 22
clusterIP: 10.103.160.140 clusterIP: 10.103.160.140
resources: ingress:
requests: enabled: false
cpu: 1000m
memory: 600Mi
persistence: persistence:
storageClass: ceph-filesystem storageClass: ceph-filesystem
size: 40Gi size: 40Gi
@@ -48,7 +41,7 @@ gitea:
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
enabled: true enabled: false
oauth: oauth:
- name: Authentik - name: Authentik
provider: openidConnect provider: openidConnect
@@ -145,52 +138,10 @@ gitea-actions:
statefulset: statefulset:
replicas: 6 replicas: 6
timezone: America/Chicago timezone: America/Chicago
resources:
limits:
ephemeral-storage: 15Gi
requests:
ephemeral-storage: 2Gi
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- gitea-actions-act-runner
topologyKey: "kubernetes.io/hostname"
extraVolumes:
- name: workspace-vol
ephemeral:
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
storageClassName: ceph-block
resources:
requests:
storage: 20Gi
- name: docker-vol
ephemeral:
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
storageClassName: ceph-block
resources:
requests:
storage: 50Gi
actRunner: actRunner:
registry: docker.io registry: ""
repository: gitea/act_runner repository: gitea/act_runner
# renovate: datasource=docker depName=gitea/act_runner tag: 0.2.13
tag: 0.3.1@sha256:c2a169c5e99864c25e32527cef3d82203225e09558773022bf3dc164a2e6d762
extraVolumeMounts:
- name: workspace-vol
mountPath: /workspace
config: | config: |
log: log:
level: debug level: debug
@@ -203,22 +154,17 @@ gitea-actions:
- "ubuntu-24.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-24.04" - "ubuntu-24.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-24.04"
- "ubuntu-22.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-22.04" - "ubuntu-22.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-22.04"
dind: dind:
registry: docker.io registry: ""
repository: docker repository: docker
# renovate: datasource=docker depName=docker tag: 28.3.3-dind
tag: 29.4.0-dind@sha256:f80c26212befc1c1988b529495532c6b9180d9b1dab1611f4a1efbe9da8ec821
extraVolumeMounts:
- name: docker-vol
mountPath: /var/lib/docker
persistence: persistence:
storageClass: ceph-block storageClass: ceph-block
size: 10Gi size: 5Gi
init: init:
image: image:
registry: docker.io registry: ""
repository: busybox repository: busybox
# renovate: datasource=docker depName=busybox tag: "1.37.0"
tag: 1.37.0@sha256:1487d0af5f52b4ba31c7e465126ee2123fe3f2305d638e7827681e7cf6c83d5e
existingSecret: gitea-runner-secret existingSecret: gitea-runner-secret
existingSecretKey: token existingSecretKey: token
giteaRootURL: http://gitea-http.gitea:3000 giteaRootURL: http://gitea-http.gitea:3000
@@ -229,6 +175,9 @@ meilisearch:
MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true
auth: auth:
existingMasterKeySecret: gitea-meilisearch-master-key-secret existingMasterKeySecret: gitea-meilisearch-master-key-secret
service:
type: ClusterIP
port: 7700
persistence: persistence:
enabled: true enabled: true
storageClass: ceph-block storageClass: ceph-block
@@ -236,7 +185,7 @@ meilisearch:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 150Mi memory: 128Mi
serviceMonitor: serviceMonitor:
enabled: true enabled: true
postgres-18-cluster: postgres-18-cluster:
@@ -244,7 +193,8 @@ postgres-18-cluster:
cluster: cluster:
resources: resources:
requests: requests:
cpu: 100m memory: 1Gi
cpu: 200m
recovery: recovery:
method: objectStore method: objectStore
objectStore: objectStore:
@@ -256,18 +206,41 @@ postgres-18-cluster:
destinationBucket: postgres-backups destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 0 7 * * *" schedule: "0 0 7 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
valkey-gitea: valkey-gitea:
valkey: valkey:
resources: resources:
requests: requests:
cpu: 20m cpu: 20m
memory: 1Gi memory: 256Mi
dataStorage: dataStorage:
requestedSize: 10Gi requestedSize: 10Gi
replica: replica:

10
clusters/cl01tl/helm/grafana-operator/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 5.22.2 version: 5.22.2
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2 version: 7.10.0
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0 version: 0.4.0
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0 version: 0.4.0
digest: sha256:6c096d1ce729469f12e66b2d0d0c677990d06643ff49401ee8fa69f5ed738e9c digest: sha256:a3bf183bcecb4d4b5354fe91a549075997dccb41c193da9daec9ccbe4d659fe2
generated: "2026-04-04T21:02:18.686653-05:00" generated: "2026-03-18T10:04:15.165729555Z"

13
clusters/cl01tl/helm/grafana-operator/Chart.yaml
View File

@@ -5,13 +5,14 @@ description: Grafana Operator
keywords: keywords:
- grafana-operator - grafana-operator
- dashboard - dashboard
home: https://docs.alexlebens.dev/applications/grafana-operator/ - metrics
- logs
home: https://wiki.alexlebens.dev/s/3e5723e1-2ab7-45ab-b496-b8854907fa39
sources: sources:
- https://github.com/grafana/grafana-operator - https://github.com/grafana/grafana-operator
- https://github.com/grafana/grafana/pkgs/container/grafana%2Fgrafana - https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/grafana/grafana-operator/tree/master/deploy/helm/grafana-operator - https://github.com/grafana/grafana-operator/tree/master/deploy/helm/grafana-operator
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -20,15 +21,15 @@ dependencies:
repository: https://grafana.github.io/helm-charts repository: https://grafana.github.io/helm-charts
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.11.2 version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey-unified-alerting alias: valkey-unified-alerting
version: 0.5.0 version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey-remote-cache alias: valkey-remote-cache
version: 0.5.0 version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/grafana.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/grafana.png
# renovate: datasource=github-releases depName=grafana/grafana-operator # renovate: datasource=github-releases depName=grafana/grafana-operator

27
clusters/cl01tl/helm/grafana-operator/templates/external-secret.yaml
View File

@@ -14,11 +14,17 @@ spec:
data: data:
- secretKey: admin-user - secretKey: admin-user
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/grafana/auth key: /cl01tl/grafana/auth
metadataPolicy: None
property: admin-user property: admin-user
- secretKey: admin-password - secretKey: admin-password
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/grafana/auth key: /cl01tl/grafana/auth
metadataPolicy: None
property: admin-password property: admin-password
--- ---
@@ -38,11 +44,17 @@ spec:
data: data:
- secretKey: AUTH_CLIENT_ID - secretKey: AUTH_CLIENT_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/grafana key: /authentik/oidc/grafana
metadataPolicy: None
property: client property: client
- secretKey: AUTH_CLIENT_SECRET - secretKey: AUTH_CLIENT_SECRET
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/grafana key: /authentik/oidc/grafana
metadataPolicy: None
property: secret property: secret
--- ---
@@ -62,11 +74,17 @@ spec:
data: data:
- secretKey: ACCESS_KEY_ID - secretKey: ACCESS_KEY_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: access property: access
- secretKey: ACCESS_SECRET_KEY - secretKey: ACCESS_SECRET_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret property: secret
--- ---
@@ -86,13 +104,22 @@ spec:
data: data:
- secretKey: ACCESS_KEY_ID - secretKey: ACCESS_KEY_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_KEY_ID property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY - secretKey: ACCESS_SECRET_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY property: ACCESS_SECRET_KEY
- secretKey: ACCESS_REGION - secretKey: ACCESS_REGION
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_REGION property: ACCESS_REGION

174
clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml
View File

@@ -11,9 +11,9 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-system folderUID: grafana-folder-system
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/ceph.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/ceph.json
--- ---
@@ -30,9 +30,9 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-system folderUID: grafana-folder-system
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/coredns.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/coredns.json
--- ---
@@ -49,9 +49,9 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-system folderUID: grafana-folder-system
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/etcd.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/etcd.json
--- ---
@@ -68,9 +68,9 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-system folderUID: grafana-folder-system
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/garage.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/garage.json
--- ---
@@ -87,9 +87,9 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-system folderUID: grafana-folder-system
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/loki.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/loki.json
--- ---
@@ -106,9 +106,9 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-system folderUID: grafana-folder-system
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/node-full.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/node-full.json
--- ---
@@ -125,9 +125,9 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-system folderUID: grafana-folder-system
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/node-short.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/node-short.json
--- ---
@@ -144,9 +144,9 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-system folderUID: grafana-folder-system
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/pods.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/pods.json
--- ---
@@ -163,9 +163,9 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-service folderUID: grafana-folder-service
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/argocd.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/argocd.json
--- ---
@@ -182,9 +182,9 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-service folderUID: grafana-folder-service
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/blocky.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/blocky.json
--- ---
@@ -201,9 +201,9 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-service folderUID: grafana-folder-service
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/cert-manager.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/cert-manager.json
--- ---
@@ -220,9 +220,9 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-service folderUID: grafana-folder-service
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/cloudnative-pg.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/cloudnative-pg.json
--- ---
@@ -239,9 +239,9 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-service folderUID: grafana-folder-service
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/descheduler.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/descheduler.json
--- ---
@@ -258,9 +258,9 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-service folderUID: grafana-folder-service
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/gatus.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/gatus.json
--- ---
@@ -277,9 +277,9 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-service folderUID: grafana-folder-service
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/grafana-operator.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/grafana-operator.json
--- ---
@@ -296,9 +296,9 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-service folderUID: grafana-folder-service
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/harbor.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/harbor.json
--- ---
@@ -315,9 +315,9 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-service folderUID: grafana-folder-service
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/speedtest-exporter.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/speedtest-exporter.json
--- ---
@@ -334,9 +334,9 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-service folderUID: grafana-folder-service
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/spegel.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/spegel.json
--- ---
@@ -353,9 +353,9 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-service folderUID: grafana-folder-service
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/traefik.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/traefik.json
--- ---
@@ -372,9 +372,9 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-service folderUID: grafana-folder-service
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/tdarr.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/tdarr.json
--- ---
@@ -391,49 +391,11 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-service folderUID: grafana-folder-service
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/unpoller.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/unpoller.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: grafana-dashboard-version-checker-internal
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-dashboard-version-checker-internal
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
folderUID: grafana-folder-service
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/version-checker-internal.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: grafana-dashboard-version-checker
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-dashboard-version-checker
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
folderUID: grafana-folder-service
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/version-checker.json
--- ---
apiVersion: grafana.integreatly.org/v1beta1 apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard kind: GrafanaDashboard
@@ -448,9 +410,9 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-service folderUID: grafana-folder-service
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/volsync.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/volsync.json
--- ---
@@ -467,9 +429,9 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-platform folderUID: grafana-folder-platform
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/s3.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/s3.json
--- ---
@@ -486,9 +448,9 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-platform folderUID: grafana-folder-platform
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/authentik.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/authentik.json
--- ---
@@ -505,9 +467,9 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-platform folderUID: grafana-folder-platform
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/gitea.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/gitea.json
--- ---
@@ -524,9 +486,9 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-platform folderUID: grafana-folder-platform
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/ntfy.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/ntfy.json
--- ---
@@ -543,9 +505,9 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-platform folderUID: grafana-folder-platform
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/qbittorrent.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/qbittorrent.json
--- ---
@@ -562,9 +524,9 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-platform folderUID: grafana-folder-platform
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/vault.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/vault.json
--- ---
@@ -581,9 +543,9 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-iot folderUID: grafana-folder-iot
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/iot/airgradient.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/iot/airgradient.json
--- ---
@@ -600,9 +562,9 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-iot folderUID: grafana-folder-iot
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/iot/server-power-consumption.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/iot/server-power-consumption.json
--- ---
@@ -619,9 +581,9 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-application folderUID: grafana-folder-application
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/immich.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/immich.json
--- ---
@@ -638,9 +600,9 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-application folderUID: grafana-folder-application
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/jellyfin.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/jellyfin.json
--- ---
@@ -657,9 +619,9 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-application folderUID: grafana-folder-application
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/radarr.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/radarr.json
--- ---
@@ -676,7 +638,7 @@ spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
app: grafana-main app: grafana-main
contentCacheDuration: 6h contentCacheDuration: 1h
folderUID: grafana-folder-application folderUID: grafana-folder-application
resyncPeriod: 6h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/sonarr.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/sonarr.json

16
clusters/cl01tl/helm/grafana-operator/templates/grafana.yaml
View File

@@ -56,12 +56,11 @@ spec:
spec: spec:
containers: containers:
- name: grafana - name: grafana
# renovate: datasource=docker depName=grafana/grafana image: grafana/grafana:12.0.0
image: grafana/grafana:12.4.2@sha256:83749231c3835e390a3144e5e940203e42b9589761f20ef3169c716e734ad505
resources: resources:
requests: requests:
cpu: 20m cpu: 100m
memory: 150Mi memory: 128Mi
env: env:
- name: AUTH_CLIENT_ID - name: AUTH_CLIENT_ID
valueFrom: valueFrom:
@@ -108,12 +107,3 @@ spec:
secretKeyRef: secretKeyRef:
name: grafana-operator-postgresql-18-cluster-app name: grafana-operator-postgresql-18-cluster-app
key: password key: password
httpRoute:
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- grafana.alexlebens.net

Some files were not shown because too many files have changed in this diff Show More