alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 3 Actions 2 Activity

Compare commits

base: alexlebens:main
Branches Tags
alexlebens:main alexlebens:auto/update-manifests alexlebens:renovate/ghcr.io-karakeep-app-karakeep-0.x alexlebens:renovate/ghcr.io-qdm12-gluetun-3.x alexlebens:manifests
..
compare: alexlebens:2d97810bb4fe237d8aeb4f856a6097f5aece5800
Branches Tags
alexlebens:auto/update-manifests alexlebens:main alexlebens:renovate/ghcr.io-karakeep-app-karakeep-0.x alexlebens:renovate/ghcr.io-qdm12-gluetun-3.x alexlebens:manifests

1 Commits
main ... 2d97810bb4

Author SHA1 Message Date
Renovate Bot
2d97810bb4 Update Helm release meilisearch to v0.19.0
All checks were successful
renovate/stability-days Updates have met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 25s
Details
2025-12-17 05:09:45 +00:00
451 changed files with 8948 additions and 5906 deletions
Expand all files Collapse all files

1
.gitea/workflows/lint-test-helm.yaml
View File

@@ -55,7 +55,6 @@ jobs:
with: with:
token: ${{ secrets.GITEA_TOKEN }} token: ${{ secrets.GITEA_TOKEN }}
version: v3.19.2 version: v3.19.2
cache: true
- name: Check Directories for Changes - name: Check Directories for Changes
id: check-dir-changes id: check-dir-changes

13
.gitea/workflows/render-manifests-automerge.yaml
View File

@@ -38,13 +38,6 @@ jobs:
with: with:
token: ${{ secrets.GITEA_TOKEN }} token: ${{ secrets.GITEA_TOKEN }}
version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743 version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
cache: true
- name: Configure Kubeconfig
uses: azure/k8s-set-context@v4
with:
method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }}
- name: Prepare Manifest Branch - name: Prepare Manifest Branch
id: prepare-manifest-branch id: prepare-manifest-branch
@@ -192,17 +185,17 @@ jobs:
"stack") "stack")
echo "" echo ""
echo ">> Special Rendering for stack into argocd namespace ..." echo ">> Special Rendering for stack into argocd namespace ..."
TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute") TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run)
;; ;;
"cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds") "cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
echo "" echo ""
echo ">> Special Rendering for $chart_name into kube-system namespace ..." echo ">> Special Rendering for $chart_name into kube-system namespace ..."
TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute") TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run)
;; ;;
*) *)
echo "" echo ""
echo ">> Standard Rendering for $chart_name ..." echo ">> Standard Rendering for $chart_name ..."
TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute") TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run)
;; ;;
esac esac

34
.gitea/workflows/render-manifests-dispatch.yaml
View File

@@ -1,9 +1,6 @@
name: render-manifests-dispatch name: render-manifests-dispatch
on: on:
schedule:
- cron: '0 3 * * *'
workflow_dispatch: workflow_dispatch:
env: env:
@@ -35,13 +32,6 @@ jobs:
with: with:
token: ${{ secrets.GITEA_TOKEN }} token: ${{ secrets.GITEA_TOKEN }}
version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743 version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
cache: true
- name: Configure Kubeconfig
uses: azure/k8s-set-context@v4
with:
method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }}
- name: Prepare Manifest Branch - name: Prepare Manifest Branch
run: | run: |
@@ -117,6 +107,24 @@ jobs:
echo "----" echo "----"
- name: Remove Changed Manifest Files
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: |
cd ${MANIFEST_DIR}
echo ">> Remove manfiest files and rebuild from source ..."
for dir in ${RENDER_DIR}; do
chart_path=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$dir
echo "$chart_path"
rm -rf $chart_path/*
done
echo "----"
- name: Render Helm Manifests - name: Render Helm Manifests
id: render-manifests id: render-manifests
if: steps.check-dir-changes.outputs.changes-detected == 'true' if: steps.check-dir-changes.outputs.changes-detected == 'true'
@@ -162,17 +170,17 @@ jobs:
"stack") "stack")
echo "" echo ""
echo ">> Special Rendering for stack into argocd namespace ..." echo ">> Special Rendering for stack into argocd namespace ..."
TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute") TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run)
;; ;;
"cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds") "cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
echo "" echo ""
echo ">> Special Rendering for $chart_name into kube-system namespace ..." echo ">> Special Rendering for $chart_name into kube-system namespace ..."
TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute") TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run)
;; ;;
*) *)
echo "" echo ""
echo ">> Standard Rendering for $chart_name ..." echo ">> Standard Rendering for $chart_name ..."
TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute") TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run)
;; ;;
esac esac

13
.gitea/workflows/render-manifests-merge.yaml
View File

@@ -39,13 +39,6 @@ jobs:
with: with:
token: ${{ secrets.GITEA_TOKEN }} token: ${{ secrets.GITEA_TOKEN }}
version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743 version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
cache: true
- name: Configure Kubeconfig
uses: azure/k8s-set-context@v4
with:
method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }}
- name: Prepare Manifest Branch - name: Prepare Manifest Branch
run: | run: |
@@ -197,17 +190,17 @@ jobs:
"stack") "stack")
echo "" echo ""
echo ">> Special Rendering for stack into argocd namespace ..." echo ">> Special Rendering for stack into argocd namespace ..."
TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute") TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run)
;; ;;
"cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds") "cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
echo "" echo ""
echo ">> Special Rendering for $chart_name into kube-system namespace ..." echo ">> Special Rendering for $chart_name into kube-system namespace ..."
TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute") TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run)
;; ;;
*) *)
echo "" echo ""
echo ">> Standard Rendering for $chart_name ..." echo ">> Standard Rendering for $chart_name ..."
TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute") TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run)
;; ;;
esac esac

13
.gitea/workflows/render-manifests-push.yaml
View File

@@ -37,13 +37,6 @@ jobs:
with: with:
token: ${{ secrets.GITEA_TOKEN }} token: ${{ secrets.GITEA_TOKEN }}
version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743 version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
cache: true
- name: Configure Kubeconfig
uses: azure/k8s-set-context@v4
with:
method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }}
- name: Prepare Manifest Branch - name: Prepare Manifest Branch
run: | run: |
@@ -195,17 +188,17 @@ jobs:
"stack") "stack")
echo "" echo ""
echo ">> Special Rendering for stack into argocd namespace ..." echo ">> Special Rendering for stack into argocd namespace ..."
TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute") TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run)
;; ;;
"cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds") "cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
echo "" echo ""
echo ">> Special Rendering for $chart_name into kube-system namespace ..." echo ">> Special Rendering for $chart_name into kube-system namespace ..."
TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute") TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run)
;; ;;
*) *)
echo "" echo ""
echo ">> Standard Rendering for $chart_name ..." echo ">> Standard Rendering for $chart_name ..."
TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute") TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run)
;; ;;
esac esac

1
.gitignore vendored
View File

@@ -1,4 +1,3 @@
/**/archive/ /**/archive/
/**/charts/ /**/charts/
/**/manifests/ /**/manifests/
/**/tmpcharts*/

6
README.md
View File

@@ -2,12 +2,6 @@
GitOps definied infrastrucutre for the alexlebens.net domain. GitOps definied infrastrucutre for the alexlebens.net domain.
## Stack-cl01tl
https://argocd.alexlebens.net/api/badge?name=stack-cl01tl&revision=true&showAppName=true
App-of-Apps Application for cl01tl
## License ## License
This project is licensed under the terms of the Apache 2.0 License license. This project is licensed under the terms of the Apache 2.0 License license.

6
clusters/cl01tl/helm/actual/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 4.5.0 version: 4.5.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.7.0 version: 0.3.0
digest: sha256:4840c828f8fbb695fa06fb959aad415acd12ff0d4930d136783488f16b9f875c digest: sha256:3763d6c5c0b45219235229aa1d72bfa426abd29aa8d92c1b1ca958b6afb3bfc8
generated: "2025-12-27T13:29:28.243328-06:00" generated: "2025-12-15T17:43:51.908308-06:00"

3
clusters/cl01tl/helm/actual/Chart.yaml
View File

@@ -19,8 +19,7 @@ dependencies:
version: 4.5.0 version: 4.5.0
- name: volsync-target - name: volsync-target
alias: volsync-target-data alias: volsync-target-data
version: 0.7.0 version: 0.3.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png
# renovate: github=actualbudget/actual
appVersion: 25.12.0 appVersion: 25.12.0

28
clusters/cl01tl/helm/actual/templates/http-route.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-actual
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-actual
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- actual.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: actual
port: 80
weight: 100

29
clusters/cl01tl/helm/actual/values.yaml
View File

@@ -42,27 +42,6 @@ actual:
port: 80 port: 80
targetPort: 5006 targetPort: 5006
protocol: HTTP protocol: HTTP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- actual.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: actual
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence: persistence:
data: data:
forceRename: actual-data forceRename: actual-data
@@ -77,11 +56,3 @@ actual:
readOnly: false readOnly: false
volsync-target-data: volsync-target-data:
pvcTarget: actual-data pvcTarget: actual-data
local:
enabled: false
schedule: 0 8 * * *
remote:
enabled: false
external:
enabled: true
schedule: 0 9 * * *

6
clusters/cl01tl/helm/argo-workflows/Chart.lock
View File

@@ -7,6 +7,6 @@ dependencies:
version: 2.4.19 version: 2.4.19
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.4.5 version: 7.1.1
digest: sha256:2cbfdaeceeba1a5bdaa6fb2e9c4d51ea1310878d8c1c122dcfb0614fc2c52fb7 digest: sha256:796a0f9ae054268c9a4e2752f29004b6547e5ee41e623b8506b531f6836b7313
generated: "2025-12-27T19:44:54.020935317Z" generated: "2025-12-15T14:27:02.068848-06:00"

3
clusters/cl01tl/helm/argo-workflows/Chart.yaml
View File

@@ -25,8 +25,7 @@ dependencies:
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.4.5 version: 7.1.1
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: github=argoproj/argo-workflows
appVersion: v3.7.6 appVersion: v3.7.6

67
clusters/cl01tl/helm/argo-workflows/templates/external-secret.yaml
View File

@@ -26,3 +26,70 @@ spec:
key: /authentik/oidc/argo-workflows key: /authentik/oidc/argo-workflows
metadataPolicy: None metadataPolicy: None
property: client property: client
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: argo-workflows-postgresql-18-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: argo-workflows-postgresql-18-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: access
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: argo-workflows-postgresql-18-cluster-backup-secret-garage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: argo-workflows-postgresql-18-cluster-backup-secret-garage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY
- secretKey: ACCESS_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_REGION

4
clusters/cl01tl/helm/argo-workflows/templates/http-route.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: gateway.networking.k8s.io/v1 apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute kind: HTTPRoute
metadata: metadata:
name: argo-workflows name: http-route-argo-workflows
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: argo-workflows app.kubernetes.io/name: http-route-argo-workflows
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:

46
clusters/cl01tl/helm/argo-workflows/values.yaml
View File

@@ -77,43 +77,55 @@ argo-events:
memory: 128Mi memory: 128Mi
postgres-18-cluster: postgres-18-cluster:
mode: recovery mode: recovery
cluster:
storage:
storageClass: local-path
walStorage:
storageClass: local-path
recovery: recovery:
method: objectStore method: objectStore
objectStore: objectStore:
destinationPath: s3://postgres-backups/cl01tl/argo-workflows/argo-workflows-postgresql-18-cluster
endpointURL: http://garage-main.garage:3900
index: 1 index: 1
endpointCredentials: argo-workflows-postgresql-18-cluster-backup-secret-garage
backup: backup:
objectStore: objectStore:
- name: garage-local - name: garage-local
destinationPath: s3://postgres-backups/cl01tl/argo-workflows/argo-workflows-postgresql-18-cluster
index: 1 index: 1
destinationBucket: postgres-backups endpointURL: http://garage-main.garage:3900
externalSecretCredentialPath: /garage/home-infra/postgres-backups endpointCredentials: argo-workflows-postgresql-18-cluster-backup-secret-garage
endpointCredentialsIncludeRegion: true
retentionPolicy: "3d"
isWALArchiver: true isWALArchiver: true
# - name: garage-remote # - name: external
# destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/argo-workflows/argo-workflows-postgresql-18-cluster
# index: 1 # index: 1
# destinationBucket: postgres-backups # retentionPolicy: "30d"
# externalSecretCredentialPath: /garage/home-infra/postgres-backups # isWALArchiver: false
# retentionPolicy: "90d" # - name: garage-remote
# destinationPath: s3://postgres-backups/cl01tl/argo-workflows/argo-workflows-postgresql-18-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: argo-workflows-postgresql-18-cluster-backup-secret-garage
# endpointCredentialsIncludeRegion: true
# retentionPolicy: "30d"
# data: # data:
# compression: bzip2 # compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 0 0 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local
# - name: daily-backup
# suspend: false
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
# - name: weekly-backup # - name: weekly-backup
# suspend: true # suspend: true
# immediate: true # immediate: true
# schedule: "0 0 4 * * SAT" # schedule: "0 0 4 * * SAT"
# backupName: garage-remote # backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external

6
clusters/cl01tl/helm/argocd/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: argo-cd - name: argo-cd
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
version: 9.2.3 version: 9.1.8
digest: sha256:b23d6a5b7b9fee9d1807259bfa2dd53d1f4dfbbeba7ec747c41a6ba991dadbba digest: sha256:4d2089dba47c25af1126a5397f001bb114f6c464b20493c382c4c7b315e42c24
generated: "2025-12-28T21:53:37.447568505Z" generated: "2025-12-17T01:21:10.460753309Z"

3
clusters/cl01tl/helm/argocd/Chart.yaml
View File

@@ -15,8 +15,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: argo-cd - name: argo-cd
version: 9.2.3 version: 9.1.8
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: github=argoproj/argo-cd
appVersion: v3.2.1 appVersion: v3.2.1

72
clusters/cl01tl/helm/argocd/templates/external-secret.yaml
View File

@@ -50,39 +50,39 @@ spec:
metadataPolicy: None metadataPolicy: None
property: token property: token
--- # ---
apiVersion: external-secrets.io/v1 # apiVersion: external-secrets.io/v1
kind: ExternalSecret # kind: ExternalSecret
metadata: # metadata:
name: argocd-gitea-repo-infrastructure-secret # name: argocd-gitea-repo-infrastructure-secret
namespace: {{ .Release.Namespace }} # namespace: {{ .Release.Namespace }}
labels: # labels:
app.kubernetes.io/name: argocd-gitea-repo-infrastructure-secret # app.kubernetes.io/name: argocd-gitea-repo-infrastructure-secret
app.kubernetes.io/instance: {{ .Release.Name }} # app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} # app.kubernetes.io/part-of: {{ .Release.Name }}
spec: # spec:
secretStoreRef: # secretStoreRef:
kind: ClusterSecretStore # kind: ClusterSecretStore
name: vault # name: vault
data: # data:
- secretKey: type # - secretKey: type
remoteRef: # remoteRef:
conversionStrategy: Default # conversionStrategy: Default
decodingStrategy: None # decodingStrategy: None
key: /cl01tl/argocd/credentials/repo/infrastructure # key: /cl01tl/argocd/credentials/repo/infrastructure
metadataPolicy: None # metadataPolicy: None
property: type # property: type
- secretKey: url # - secretKey: url
remoteRef: # remoteRef:
conversionStrategy: Default # conversionStrategy: Default
decodingStrategy: None # decodingStrategy: None
key: /cl01tl/argocd/credentials/repo/infrastructure # key: /cl01tl/argocd/credentials/repo/infrastructure
metadataPolicy: None # metadataPolicy: None
property: url # property: url
- secretKey: sshPrivateKey # - secretKey: sshPrivateKey
remoteRef: # remoteRef:
conversionStrategy: Default # conversionStrategy: Default
decodingStrategy: None # decodingStrategy: None
key: /cl01tl/argocd/credentials/repo/infrastructure # key: /cl01tl/argocd/credentials/repo/infrastructure
metadataPolicy: None # metadataPolicy: None
property: sshPrivateKey # property: sshPrivateKey

28
clusters/cl01tl/helm/argocd/templates/http-route.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-argocd
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-argocd
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- argocd.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: argocd-server
port: 80
weight: 100

52
clusters/cl01tl/helm/argocd/values.yaml
View File

@@ -29,6 +29,18 @@ argo-cd:
rbac: rbac:
policy.csv: | policy.csv: |
g, ArgoCD Admins, role:admin g, ArgoCD Admins, role:admin
cmp:
create: true
plugins:
cdk8s:
init:
command: [cdk8s]
args: [import]
generate:
command: [cdk8s, synth]
args: [--stdout]
discover:
fileName: "*.go"
controller: controller:
replicas: 1 replicas: 1
metrics: metrics:
@@ -65,22 +77,34 @@ argo-cd:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
enabled: true enabled: true
httproute: ingress:
enabled: true enabled: false
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- argocd.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
repoServer: repoServer:
replicas: 2 replicas: 2
extraContainers:
- name: cmp-cdk8s
command:
- /var/run/argocd/argocd-cmp-server
image: ghcr.io/akuity/cdk8s-cmp-typescript:1.0
securityContext:
runAsNonRoot: true
runAsUser: 999
volumeMounts:
- mountPath: /var/run/argocd
name: var-files
- mountPath: /home/argocd/cmp-server/plugins
name: plugins
- mountPath: /home/argocd/cmp-server/config/plugin.yaml
subPath: cdk8s.yaml
name: argocd-cmp-cm
- mountPath: /tmp
name: cmp-tmp
volumes:
- name: argocd-cmp-cm
configMap:
name: argocd-cmp-cm
- name: cmp-tmp
emptyDir: {}
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:

8
clusters/cl01tl/helm/audiobookshelf/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.5.0 version: 4.5.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.7.0 version: 0.3.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.7.0 version: 0.3.0
digest: sha256:75ef1406c49929e118569581946d1baaf9e082a45e3482cb10b9b9ae464eadfb digest: sha256:88e0d8008795451a64f3a2e4fa4fc120d48cef4badb4305e8e60afbb494352c5
generated: "2025-12-27T13:29:36.350679-06:00" generated: "2025-12-15T18:19:02.989735-06:00"

5
clusters/cl01tl/helm/audiobookshelf/Chart.yaml
View File

@@ -21,12 +21,11 @@ dependencies:
version: 4.5.0 version: 4.5.0
- name: volsync-target - name: volsync-target
alias: volsync-target-config alias: volsync-target-config
version: 0.7.0 version: 0.3.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target - name: volsync-target
alias: volsync-target-metadata alias: volsync-target-metadata
version: 0.7.0 version: 0.3.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png
# renovate: github=advplyr/audiobookshelf
appVersion: 2.31.0 appVersion: 2.31.0

28
clusters/cl01tl/helm/audiobookshelf/templates/http-route.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-audiobookshelf
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-audiobookshelf
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- audiobookshelf.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: audiobookshelf
port: 80
weight: 100

19
clusters/cl01tl/helm/audiobookshelf/templates/service-monitor.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: audiobookshelf-apprise
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-apprise
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
endpoints:
- port: apprise
interval: 30s
scrapeTimeout: 15s
path: /metrics
selector:
matchLabels:
app.kubernetes.io/name: audiobookshelf
app.kubernetes.io/instance: {{ .Release.Name }}

52
clusters/cl01tl/helm/audiobookshelf/values.yaml
View File

@@ -9,7 +9,7 @@ audiobookshelf:
main: main:
image: image:
repository: ghcr.io/advplyr/audiobookshelf repository: ghcr.io/advplyr/audiobookshelf
tag: 2.32.1 tag: 2.31.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
@@ -57,40 +57,6 @@ audiobookshelf:
port: 8000 port: 8000
targetPort: 8000 targetPort: 8000
protocol: HTTP protocol: HTTP
serviceMonitor:
main:
selector:
matchLabels:
app.kubernetes.io/name: audiobookshelf
app.kubernetes.io/instance: audiobookshelf
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: apprise
scheme: http
path: /metrics
interval: 30s
scrapeTimeout: 15s
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- audiobookshelf.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: audiobookshelf
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence: persistence:
config: config:
forceRename: audiobookshelf-config forceRename: audiobookshelf-config
@@ -123,21 +89,5 @@ audiobookshelf:
readOnly: false readOnly: false
volsync-target-config: volsync-target-config:
pvcTarget: audiobookshelf-config pvcTarget: audiobookshelf-config
local:
enabled: false
schedule: 2 8 * * *
remote:
enabled: false
external:
enabled: true
schedule: 2 9 * * *
volsync-target-metadata: volsync-target-metadata:
pvcTarget: audiobookshelf-metadata pvcTarget: audiobookshelf-metadata
local:
enabled: false
schedule: 4 8 * * *
remote:
enabled: false
external:
enabled: true
schedule: 4 9 * * *

10
clusters/cl01tl/helm/authentik/Chart.lock
View File

@@ -1,15 +1,15 @@
dependencies: dependencies:
- name: authentik - name: authentik
repository: https://charts.goauthentik.io/ repository: https://charts.goauthentik.io/
version: 2025.10.3 version: 2025.10.2
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.1.4 version: 1.23.2
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.4.5 version: 7.1.1
- name: redis-replication - name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0 version: 0.5.0
digest: sha256:d357b0a8f4351068d9ce7223ffd01a0921202cb2b41669421b8429bc3f7778eb digest: sha256:e593d25ebf07b1274768045f028e1ceeccbcdc1c8e35414d6bbd9a8d09086991
generated: "2025-12-27T19:45:06.478084011Z" generated: "2025-12-15T14:36:33.783343-06:00"

8
clusters/cl01tl/helm/authentik/Chart.yaml
View File

@@ -21,18 +21,18 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: authentik - name: authentik
version: 2025.10.3 version: 2025.10.2
repository: https://charts.goauthentik.io/ repository: https://charts.goauthentik.io/
- name: cloudflared - name: cloudflared
alias: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.1.4 version: 1.23.2
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.4.5 version: 7.1.1
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: redis-replication - name: redis-replication
version: 0.5.0 version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png
# renovate: github=goauthentik/authentik
appVersion: 2025.10.2 appVersion: 2025.10.2

90
clusters/cl01tl/helm/authentik/templates/external-secret.yaml
View File

@@ -19,3 +19,93 @@ spec:
key: /cl01tl/authentik/key key: /cl01tl/authentik/key
metadataPolicy: None metadataPolicy: None
property: key property: key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: authentik-cloudflared-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: authentik-cloudflared-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: cf-tunnel-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/tunnels/authentik
metadataPolicy: None
property: token
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: authentik-postgresql-18-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: authentik-postgresql-18-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: access
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: authentik-postgresql-18-cluster-backup-secret-garage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: authentik-postgresql-18-cluster-backup-secret-garage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY
- secretKey: ACCESS_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_REGION

28
clusters/cl01tl/helm/authentik/templates/http-route.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-authentik
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-authentik
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- authentik.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: authentik-server
port: 80
weight: 100

75
clusters/cl01tl/helm/authentik/values.yaml
View File

@@ -36,23 +36,8 @@ authentik:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
enabled: true enabled: true
route: ingress:
main: enabled: false
enabled: true
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
hostnames:
- authentik.alexlebens.net
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
httpsRedirect: false
matches:
- path:
type: PathPrefix
value: /
worker: worker:
name: worker name: worker
replicas: 1 replicas: 1
@@ -63,53 +48,67 @@ authentik:
enabled: false enabled: false
redis: redis:
enabled: false enabled: false
cloudflared:
existingSecretName: authentik-cloudflared-secret
postgres-18-cluster: postgres-18-cluster:
mode: recovery mode: recovery
cluster:
storage:
storageClass: local-path
walStorage:
storageClass: local-path
recovery: recovery:
method: objectStore method: objectStore
objectStore: objectStore:
destinationPath: s3://postgres-backups/cl01tl/authentik/authentik-postgresql-18-cluster
endpointURL: http://garage-main.garage:3900
index: 1 index: 1
endpointCredentials: authentik-postgresql-18-cluster-backup-secret-garage
backup: backup:
objectStore: objectStore:
- name: garage-local - name: garage-local
destinationPath: s3://postgres-backups/cl01tl/authentik/authentik-postgresql-18-cluster
index: 1 index: 1
destinationBucket: postgres-backups endpointURL: http://garage-main.garage:3900
externalSecretCredentialPath: /garage/home-infra/postgres-backups endpointCredentials: authentik-postgresql-18-cluster-backup-secret-garage
endpointCredentialsIncludeRegion: true
retentionPolicy: "3d"
isWALArchiver: true isWALArchiver: true
# - name: garage-remote # - name: external
# destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/authentik/authentik-postgresql-18-cluster
# index: 1 # index: 1
# destinationBucket: postgres-backups # retentionPolicy: "30d"
# externalSecretCredentialPath: /garage/home-infra/postgres-backups # isWALArchiver: false
# retentionPolicy: "90d" # - name: garage-remote
# destinationPath: s3://postgres-backups/cl01tl/authentik/authentik-postgresql-18-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: authentik-postgresql-18-cluster-backup-secret-garage
# retentionPolicy: "30d"
# data: # data:
# compression: bzip2 # compression: bzip2
# - name: external # jobs: 2
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 0 0 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup # - name: daily-backup
# suspend: true # suspend: false
# immediate: true # immediate: true
# schedule: "0 0 0 * * *" # schedule: "0 0 0 * * *"
# backupName: external # backupName: external
# - name: weekly-backup
# suspend: false
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
redis-replication: redis-replication:
existingSecret: existingSecret:
enabled: false enabled: false
redisReplication: redisReplication:
clusterSize: 1 clusterSize: 3
redisSentinel: redisSentinel:
enabled: false enabled: true
clusterSize: 3 clusterSize: 3

8
clusters/cl01tl/helm/backrest/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.5.0 version: 4.5.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.7.0 version: 0.3.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.7.0 version: 0.3.0
digest: sha256:26680d49c76f150932d55fac070325d5ed89e635e713f37e1796f0d55775af9e digest: sha256:13c950ad5cd6accd192e6768557c0df74af2cd767d2372dc38c1cdb7e1563399
generated: "2025-12-27T13:29:41.313658-06:00" generated: "2025-12-15T18:33:59.961957-06:00"

5
clusters/cl01tl/helm/backrest/Chart.yaml
View File

@@ -19,12 +19,11 @@ dependencies:
version: 4.5.0 version: 4.5.0
- name: volsync-target - name: volsync-target
alias: volsync-target-config alias: volsync-target-config
version: 0.7.0 version: 0.3.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target - name: volsync-target
alias: volsync-target-data alias: volsync-target-data
version: 0.7.0 version: 0.3.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/backrest.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/backrest.png
# renovate: github=garethgeorge/backrest
appVersion: v1.10.1 appVersion: v1.10.1

28
clusters/cl01tl/helm/backrest/templates/http-route.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-backrest
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-backrest
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- backrest.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: backrest
port: 80
weight: 100

14
clusters/cl01tl/helm/backrest/templates/service.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
name: garage-ps10rp
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: garage-ps10rp
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
annotations:
tailscale.com/tailnet-fqdn: garage-ps10rp.boreal-beaufort.ts.net
spec:
externalName: placeholder
type: ExternalName

37
clusters/cl01tl/helm/backrest/values.yaml
View File

@@ -33,27 +33,6 @@ backrest:
port: 80 port: 80
targetPort: 9898 targetPort: 9898
protocol: TCP protocol: TCP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- backrest.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: backrest
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence: persistence:
data: data:
forceRename: backrest-data forceRename: backrest-data
@@ -107,21 +86,5 @@ backrest:
readOnly: true readOnly: true
volsync-target-data: volsync-target-data:
pvcTarget: backrest-data pvcTarget: backrest-data
local:
enabled: false
schedule: 6 8 * * *
remote:
enabled: false
external:
enabled: true
schedule: 6 9 * * *
volsync-target-config: volsync-target-config:
pvcTarget: backrest-config pvcTarget: backrest-config
local:
enabled: false
schedule: 8 8 * * *
remote:
enabled: false
external:
enabled: true
schedule: 8 9 * * *

6
clusters/cl01tl/helm/bazarr/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 4.5.0 version: 4.5.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.7.0 version: 0.5.0
digest: sha256:9d9d5e30903d7967baaf5c274e9adc8403cce32d91bdd3d1780acffb249f312d digest: sha256:cb702f316026bdb487ace1abec56cc3c505376cf14a45528e3e593e4cc7effab
generated: "2025-12-27T13:29:43.329783-06:00" generated: "2025-12-15T19:04:05.574701-06:00"

3
clusters/cl01tl/helm/bazarr/Chart.yaml
View File

@@ -21,8 +21,7 @@ dependencies:
version: 4.5.0 version: 4.5.0
- name: volsync-target - name: volsync-target
alias: volsync-target-config alias: volsync-target-config
version: 0.7.0 version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/bazarr.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/bazarr.png
# renovate: github=linuxserver/bazarr
appVersion: 1.5.3 appVersion: 1.5.3

28
clusters/cl01tl/helm/bazarr/templates/http-route.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-bazarr
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-bazarr
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- bazarr.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: bazarr
port: 80
weight: 100

31
clusters/cl01tl/helm/bazarr/values.yaml
View File

@@ -15,7 +15,7 @@ bazarr:
main: main:
image: image:
repository: ghcr.io/linuxserver/bazarr repository: ghcr.io/linuxserver/bazarr
tag: 1.5.3@sha256:001875e61839c8a50743f0bc0fa4da2a55ed8a038b9b5ed0dd2c663dd3d0bfc7 tag: 1.5.3@sha256:648f694532a3a53d8cf78bc888919ef538659bad41af4c680b0427ad1047d171
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
@@ -36,27 +36,6 @@ bazarr:
port: 80 port: 80
targetPort: 6767 targetPort: 6767
protocol: HTTP protocol: HTTP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- bazarr.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: bazarr
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence: persistence:
config: config:
forceRename: bazarr-config forceRename: bazarr-config
@@ -83,11 +62,3 @@ volsync-target-config:
runAsGroup: 1000 runAsGroup: 1000
fsGroup: 1000 fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch fsGroupChangePolicy: OnRootMismatch
local:
enabled: false
schedule: 10 8 * * *
remote:
enabled: false
external:
enabled: true
schedule: 10 9 * * *

1
clusters/cl01tl/helm/blocky/Chart.yaml
View File

@@ -21,5 +21,4 @@ dependencies:
version: 0.5.0 version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/blocky.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/blocky.png
# renovate: github=0xerr0r/blocky
appVersion: v0.28.2 appVersion: v0.28.2

19
clusters/cl01tl/helm/blocky/templates/service-monitor.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: blocky
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: blocky
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: blocky
app.kubernetes.io/instance: {{ .Release.Name }}
endpoints:
- port: metrics
interval: 30s
scrapeTimeout: 10s
path: /metrics

26
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -96,9 +96,11 @@ blocky:
cl01tl-endpoint IN A 10.232.1.22 cl01tl-endpoint IN A 10.232.1.22
cl01tl-endpoint IN A 10.232.1.23 cl01tl-endpoint IN A 10.232.1.23
cl01tl-gateway IN A 10.232.1.200
traefik-cl01tl IN A 10.232.1.21 traefik-cl01tl IN A 10.232.1.21
blocky IN A 10.232.1.22 blocky IN A 10.232.1.22
cilium-cl01tl IN A 10.232.1.23 plex-lb IN A 10.232.1.23
;; Application Names ;; Application Names
actual IN CNAME traefik-cl01tl actual IN CNAME traefik-cl01tl
@@ -113,7 +115,6 @@ blocky:
ceph IN CNAME traefik-cl01tl ceph IN CNAME traefik-cl01tl
code-server IN CNAME traefik-cl01tl code-server IN CNAME traefik-cl01tl
ephemera IN CNAME traefik-cl01tl ephemera IN CNAME traefik-cl01tl
feishin IN CNAME traefik-cl01tl
garage-s3 IN CNAME traefik-cl01tl garage-s3 IN CNAME traefik-cl01tl
garage-webui IN CNAME traefik-cl01tl garage-webui IN CNAME traefik-cl01tl
gatus IN CNAME traefik-cl01tl gatus IN CNAME traefik-cl01tl
@@ -124,10 +125,11 @@ blocky:
home IN CNAME traefik-cl01tl home IN CNAME traefik-cl01tl
home-assistant IN CNAME traefik-cl01tl home-assistant IN CNAME traefik-cl01tl
home-assistant-code-server IN CNAME traefik-cl01tl home-assistant-code-server IN CNAME traefik-cl01tl
hubble IN CNAME traefik-cl01tl hubble IN CNAME cl01tl-gateway
huntarr IN CNAME traefik-cl01tl huntarr IN CNAME traefik-cl01tl
immich IN CNAME traefik-cl01tl immich IN CNAME traefik-cl01tl
jellyfin IN CNAME traefik-cl01tl jellyfin IN CNAME traefik-cl01tl
jellyfin-vue IN CNAME traefik-cl01tl
jellystat IN CNAME traefik-cl01tl jellystat IN CNAME traefik-cl01tl
kiwix IN CNAME traefik-cl01tl kiwix IN CNAME traefik-cl01tl
komodo IN CNAME traefik-cl01tl komodo IN CNAME traefik-cl01tl
@@ -135,7 +137,7 @@ blocky:
lidatube IN CNAME traefik-cl01tl lidatube IN CNAME traefik-cl01tl
listenarr IN CNAME traefik-cl01tl listenarr IN CNAME traefik-cl01tl
mail IN CNAME traefik-cl01tl mail IN CNAME traefik-cl01tl
navidrome IN CNAME traefik-cl01tl n8n IN CNAME traefik-cl01tl
ntfy IN CNAME traefik-cl01tl ntfy IN CNAME traefik-cl01tl
objects IN CNAME traefik-cl01tl objects IN CNAME traefik-cl01tl
ollama IN CNAME traefik-cl01tl ollama IN CNAME traefik-cl01tl
@@ -152,7 +154,6 @@ blocky:
radarr-4k IN CNAME traefik-cl01tl radarr-4k IN CNAME traefik-cl01tl
radarr-anime IN CNAME traefik-cl01tl radarr-anime IN CNAME traefik-cl01tl
radarr-standup IN CNAME traefik-cl01tl radarr-standup IN CNAME traefik-cl01tl
rayflume IN CNAME traefik-cl01tl
searxng IN CNAME traefik-cl01tl searxng IN CNAME traefik-cl01tl
seerr IN CNAME traefik-cl01tl seerr IN CNAME traefik-cl01tl
slskd IN CNAME traefik-cl01tl slskd IN CNAME traefik-cl01tl
@@ -288,19 +289,6 @@ blocky:
port: 4000 port: 4000
targetPort: 4000 targetPort: 4000
protocol: TCP protocol: TCP
serviceMonitor:
main:
selector:
matchLabels:
app.kubernetes.io/name: blocky
app.kubernetes.io/instance: blocky
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: metrics
scheme: http
path: /metrics
interval: 30s
scrapeTimeout: 10s
persistence: persistence:
config: config:
enabled: true enabled: true
@@ -317,6 +305,6 @@ redis-replication:
existingSecret: existingSecret:
enabled: false enabled: false
redisReplication: redisReplication:
clusterSize: 1 clusterSize: 3
redisSentinel: redisSentinel:
enabled: false enabled: false

10
clusters/cl01tl/helm/booklore/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 4.5.0 version: 4.5.0
- name: mariadb-cluster - name: mariadb-cluster
repository: https://helm.mariadb.com/mariadb-operator repository: https://helm.mariadb.com/mariadb-operator
version: 25.10.3 version: 25.10.2
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.7.0 version: 0.5.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.7.0 version: 0.5.0
digest: sha256:805832fd8df9e1e4435dd2b10c877e0248ca5b3855d4c2faba4ff09c23afb898 digest: sha256:6981b2c060c19bac6517578bd9b5b11a300a4deb431110bf90da317237a4a252
generated: "2025-12-27T13:29:47.00956-06:00" generated: "2025-12-15T19:15:49.886575-06:00"

7
clusters/cl01tl/helm/booklore/Chart.yaml
View File

@@ -18,16 +18,15 @@ dependencies:
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0 version: 4.5.0
- name: mariadb-cluster - name: mariadb-cluster
version: 25.10.3 version: 25.10.2
repository: https://helm.mariadb.com/mariadb-operator repository: https://helm.mariadb.com/mariadb-operator
- name: volsync-target - name: volsync-target
alias: volsync-target-config alias: volsync-target-config
version: 0.7.0 version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target - name: volsync-target
alias: volsync-target-data alias: volsync-target-data
version: 0.7.0 version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/booklore.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/booklore.png
# renovate: github=booklore-app/BookLore
appVersion: v1.13.2 appVersion: v1.13.2

28
clusters/cl01tl/helm/booklore/templates/http-route.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-booklore
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-booklore
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- booklore.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: booklore
port: 80
weight: 100

14
clusters/cl01tl/helm/booklore/templates/service.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
name: garage-ps10rp
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: garage-ps10rp
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
annotations:
tailscale.com/tailnet-fqdn: garage-ps10rp.boreal-beaufort.ts.net
spec:
externalName: placeholder
type: ExternalName

52
clusters/cl01tl/helm/booklore/values.yaml
View File

@@ -9,7 +9,7 @@ booklore:
main: main:
image: image:
repository: ghcr.io/booklore-app/booklore repository: ghcr.io/booklore-app/booklore
tag: v1.16.2 tag: v1.13.2
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
@@ -39,27 +39,6 @@ booklore:
port: 80 port: 80
targetPort: 6060 targetPort: 6060
protocol: HTTP protocol: HTTP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- booklore.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: booklore
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence: persistence:
config: config:
forceRename: booklore-config forceRename: booklore-config
@@ -108,21 +87,6 @@ mariadb-cluster:
replicas: 3 replicas: 3
galera: galera:
enabled: true enabled: true
bootstrapFrom:
s3:
bucket: mariadb-backups-b230a2f5aecf080a4b372c08
prefix: cl01tl/booklore
endpoint: nyc3.digitaloceanspaces.com
region: us-east-1
accessKeyIdSecretKeyRef:
name: booklore-mariadb-cluster-backup-secret-external
key: access
secretAccessKeySecretKeyRef:
name: booklore-mariadb-cluster-backup-secret-external
key: secret
tls:
enabled: true
backupContentType: Physical
databases: databases:
- name: booklore - name: booklore
characterSet: utf8 characterSet: utf8
@@ -217,28 +181,14 @@ mariadb-cluster:
key: secret key: secret
volsync-target-config: volsync-target-config:
pvcTarget: booklore-config pvcTarget: booklore-config
local:
enabled: false
schedule: 12 8 * * *
remote:
enabled: false
external:
enabled: true
schedule: 12 9 * * *
volsync-target-data: volsync-target-data:
pvcTarget: booklore-data pvcTarget: booklore-data
local: local:
enabled: true
schedule: 14 8 * * *
restic: restic:
cacheCapacity: 10Gi cacheCapacity: 10Gi
remote: remote:
enabled: true
schedule: 14 10 * * *
restic: restic:
cacheCapacity: 10Gi cacheCapacity: 10Gi
external: external:
enabled: true
schedule: 14 9 * * *
restic: restic:
cacheCapacity: 10Gi cacheCapacity: 10Gi

1
clusters/cl01tl/helm/cert-manager/Chart.yaml
View File

@@ -17,5 +17,4 @@ dependencies:
version: v1.19.2 version: v1.19.2
repository: https://charts.jetstack.io repository: https://charts.jetstack.io
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/cert-manager.png icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/cert-manager.png
# renovate: github=cert-manager/cert-manager
appVersion: v1.19.2 appVersion: v1.19.2

6
clusters/cl01tl/helm/cilium/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: cilium - name: cilium
repository: https://helm.cilium.io/ repository: https://helm.cilium.io/
version: 1.18.5 version: 1.18.4
digest: sha256:b997853961dca1ed43d32b58b17e6e592581eb555db0b1457b168251cf3aaa45 digest: sha256:e38eb92ee87c9a52b0f45a2451142ade02bac7d484b246d32379eacce3800bc8
generated: "2025-12-17T16:05:05.870297681Z" generated: "2025-12-02T17:17:49.043599-06:00"

3
clusters/cl01tl/helm/cilium/Chart.yaml
View File

@@ -15,8 +15,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: cilium - name: cilium
version: 1.18.5 version: 1.18.4
repository: https://helm.cilium.io/ repository: https://helm.cilium.io/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/cilium.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/cilium.png
# renovate: github=cilium/cilium
appVersion: 1.18.4 appVersion: 1.18.4

19
clusters/cl01tl/helm/cilium/templates/cilium-l2-announcement-policy.yaml
View File

@@ -1,19 +0,0 @@
# apiVersion: "cilium.io/v2alpha1"
# kind: CiliumL2AnnouncementPolicy
# metadata:
# name: general-l2-policy
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: general-l2-policy
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# nodeSelector:
# matchExpressions:
# - key: kubernetes.io/hostname
# operator: Exists
# interfaces:
# - end0
# - enp6s0
# externalIPs: true
# loadBalancerIPs: true

2
clusters/cl01tl/helm/cilium/templates/gateway.yaml
View File

@@ -1,7 +1,7 @@
# apiVersion: gateway.networking.k8s.io/v1 # apiVersion: gateway.networking.k8s.io/v1
# kind: Gateway # kind: Gateway
# metadata: # metadata:
# name: cilium-tls-gateway # name: tls-gateway
# namespace: {{ .Release.Namespace }} # namespace: {{ .Release.Namespace }}
# labels: # labels:
# app.kubernetes.io/name: tls-gateway # app.kubernetes.io/name: tls-gateway

4
clusters/cl01tl/helm/cilium/templates/http-route.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: gateway.networking.k8s.io/v1 apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute kind: HTTPRoute
metadata: metadata:
name: hubble name: http-route-hubble
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: hubble app.kubernetes.io/name: http-route-hubble
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:

2
clusters/cl01tl/helm/cilium/values.yaml
View File

@@ -60,7 +60,7 @@ cilium:
method: cronJob method: cronJob
relay: relay:
enabled: true enabled: true
prometheus: metrics:
serviceMonitor: serviceMonitor:
enabled: true enabled: true
ui: ui:

6
clusters/cl01tl/helm/cloudnative-pg/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 0.27.0 version: 0.27.0
- name: plugin-barman-cloud - name: plugin-barman-cloud
repository: https://cloudnative-pg.io/charts/ repository: https://cloudnative-pg.io/charts/
version: 0.4.0 version: 0.3.1
digest: sha256:5e2a32fa5ed8b180ae5e556d65c67eeb3dcf38e2974b0d668eff4ee3c83258ce digest: sha256:14aa30b7bf75571b03bda19af68cd50c1e7908b883351b196a260609a5b85551
generated: "2025-12-30T21:01:48.755246408Z" generated: "2025-12-10T19:25:17.952954019Z"

3
clusters/cl01tl/helm/cloudnative-pg/Chart.yaml
View File

@@ -19,8 +19,7 @@ dependencies:
version: 0.27.0 version: 0.27.0
repository: https://cloudnative-pg.io/charts/ repository: https://cloudnative-pg.io/charts/
- name: plugin-barman-cloud - name: plugin-barman-cloud
version: 0.4.0 version: 0.3.1
repository: https://cloudnative-pg.io/charts/ repository: https://cloudnative-pg.io/charts/
icon: https://avatars.githubusercontent.com/u/100373852?s=200&v=4 icon: https://avatars.githubusercontent.com/u/100373852?s=200&v=4
# renovate: github=cloudnative-pg/cloudnative-pg
appVersion: 1.28.0 appVersion: 1.28.0

4
clusters/cl01tl/helm/cloudnative-pg/values.yaml
View File

@@ -7,10 +7,10 @@ plugin-barman-cloud:
image: image:
registry: ghcr.io registry: ghcr.io
repository: cloudnative-pg/plugin-barman-cloud repository: cloudnative-pg/plugin-barman-cloud
tag: v0.10.0 tag: v0.9.0
sidecarImage: sidecarImage:
registry: ghcr.io registry: ghcr.io
repository: cloudnative-pg/plugin-barman-cloud-sidecar repository: cloudnative-pg/plugin-barman-cloud-sidecar
tag: v0.10.0 tag: v0.9.0
crds: crds:
create: true create: true

8
clusters/cl01tl/helm/code-server/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.5.0 version: 4.5.0
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.1.4 version: 1.23.2
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.7.0 version: 0.5.0
digest: sha256:1deedc65dece8540fd850648bf533da244f9ac8ba48f2133f1f6cac083f5953d digest: sha256:bd1cbd66ccb360978a342ee218bfb01006a486fb85c5714acd593b9e1389b151
generated: "2025-12-27T13:29:58.860038-06:00" generated: "2025-12-15T21:50:58.968382-06:00"

6
clusters/cl01tl/helm/code-server/Chart.yaml
View File

@@ -21,12 +21,12 @@ dependencies:
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0 version: 4.5.0
- name: cloudflared - name: cloudflared
alias: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.1.4 version: 1.23.2
- name: volsync-target - name: volsync-target
alias: volsync-target-config alias: volsync-target-config
version: 0.7.0 version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png
# renovate: github=coder/code-server
appVersion: 4.106.3 appVersion: 4.106.3

23
clusters/cl01tl/helm/code-server/templates/external-secret.yaml
View File

@@ -26,3 +26,26 @@ spec:
key: /cl01tl/code-server/auth key: /cl01tl/code-server/auth
metadataPolicy: None metadataPolicy: None
property: SUDO_PASSWORD property: SUDO_PASSWORD
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: code-server-cloudflared-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: code-server-cloudflared-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: cf-tunnel-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/tunnels/codeserver
metadataPolicy: None
property: token

28
clusters/cl01tl/helm/code-server/templates/http-route.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-code-server
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-code-server
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- code-server.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: code-server
port: 8443
weight: 100

33
clusters/cl01tl/helm/code-server/values.yaml
View File

@@ -9,7 +9,7 @@ code-server:
main: main:
image: image:
repository: ghcr.io/linuxserver/code-server repository: ghcr.io/linuxserver/code-server
tag: 4.107.0@sha256:e2ebedc28ab9e2ebe08093cf7e78515f97822956ff7cbac3d86fb0bd9e4b6bca tag: 4.106.3@sha256:83793e4460090d6c46f4842ff6ab8aa26ad8a567885112bbe754b45c61935055
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
@@ -35,27 +35,6 @@ code-server:
port: 8443 port: 8443
targetPort: 8443 targetPort: 8443
protocol: HTTP protocol: HTTP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- code-server.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: code-server
port: 8443
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence: persistence:
config: config:
forceRename: code-server-config forceRename: code-server-config
@@ -68,6 +47,8 @@ code-server:
main: main:
- path: /config - path: /config
readOnly: false readOnly: false
cloudflared:
existingSecretName: code-server-cloudflared-secret
volsync-target-config: volsync-target-config:
pvcTarget: code-server-config pvcTarget: code-server-config
moverSecurityContext: moverSecurityContext:
@@ -75,11 +56,3 @@ volsync-target-config:
runAsGroup: 1000 runAsGroup: 1000
fsGroup: 1000 fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch fsGroupChangePolicy: OnRootMismatch
local:
enabled: false
schedule: 16 8 * * *
remote:
enabled: false
external:
enabled: true
schedule: 16 9 * * *

1
clusters/cl01tl/helm/coredns/Chart.yaml
View File

@@ -18,5 +18,4 @@ dependencies:
version: 1.45.0 version: 1.45.0
repository: https://coredns.github.io/helm repository: https://coredns.github.io/helm
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/coredns.png icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/coredns.png
# renovate: github=coredns/coredns
appVersion: v1.13.2 appVersion: v1.13.2

2
clusters/cl01tl/helm/coredns/values.yaml
View File

@@ -1,7 +1,7 @@
coredns: coredns:
image: image:
repository: registry.k8s.io/coredns/coredns repository: registry.k8s.io/coredns/coredns
tag: v1.13.2 tag: v1.13.1
replicaCount: 3 replicaCount: 3
resources: resources:
requests: requests:

1
clusters/cl01tl/helm/democratic-csi-synology-iscsi/Chart.yaml
View File

@@ -17,5 +17,4 @@ dependencies:
repository: https://democratic-csi.github.io/charts/ repository: https://democratic-csi.github.io/charts/
version: 0.15.0 version: 0.15.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
# renovate: github=democratic-csi/democratic-csi
appVersion: v1.9.4 appVersion: v1.9.4

1
clusters/cl01tl/helm/descheduler/Chart.yaml
View File

@@ -17,5 +17,4 @@ dependencies:
version: 0.34.0 version: 0.34.0
repository: https://kubernetes-sigs.github.io/descheduler/ repository: https://kubernetes-sigs.github.io/descheduler/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
# renovate: github=kubernetes-sigs/descheduler
appVersion: 0.34.0 appVersion: 0.34.0

8
clusters/cl01tl/helm/directus/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 4.5.0 version: 4.5.0
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.1.4 version: 1.23.2
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.4.5 version: 7.1.1
- name: redis-replication - name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0 version: 0.5.0
digest: sha256:dcfd66bcdcc888dee6ee427265ac1ca32dd542571e84fbd5adc65a76ec5a6955 digest: sha256:1035fe225f5439c73fdc8b498c2164bad362e0198bc2ad40eab6b5d0bae9f86d
generated: "2025-12-27T19:45:16.762640684Z" generated: "2025-12-15T14:37:45.474556-06:00"

6
clusters/cl01tl/helm/directus/Chart.yaml
View File

@@ -22,15 +22,15 @@ dependencies:
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0 version: 4.5.0
- name: cloudflared - name: cloudflared
alias: cloudflared-directus
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.1.4 version: 1.23.2
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.4.5 version: 7.1.1
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: redis-replication - name: redis-replication
version: 0.5.0 version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
# renovate: github=directus/directus
appVersion: 11.14.0 appVersion: 11.14.0

150
clusters/cl01tl/helm/directus/templates/external-secret.yaml
View File

@@ -41,36 +41,6 @@ spec:
metadataPolicy: None metadataPolicy: None
property: key property: key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: OIDC_CLIENT_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/directus
metadataPolicy: None
property: client
- secretKey: OIDC_CLIENT_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/directus
metadataPolicy: None
property: secret
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
@@ -123,3 +93,123 @@ spec:
key: /cl01tl/directus/redis key: /cl01tl/directus/redis
metadataPolicy: None metadataPolicy: None
property: password property: password
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: OIDC_CLIENT_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/directus
metadataPolicy: None
property: client
- secretKey: OIDC_CLIENT_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/directus
metadataPolicy: None
property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-cloudflared-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-cloudflared-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: cf-tunnel-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/tunnels/directus
metadataPolicy: None
property: token
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-postgresql-18-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-postgresql-18-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: access
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-postgresql-18-cluster-backup-secret-garage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-postgresql-18-cluster-backup-secret-garage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY
- secretKey: ACCESS_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_REGION

22
clusters/cl01tl/helm/directus/templates/service-monitor.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: directus
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: directus
app.kubernetes.io/instance: {{ .Release.Name }}
endpoints:
- port: http
interval: 30s
scrapeTimeout: 15s
path: /metrics
bearerTokenSecret:
name: directus-metric-token
key: metric-token

72
clusters/cl01tl/helm/directus/values.yaml
View File

@@ -153,70 +153,70 @@ directus:
port: 80 port: 80
targetPort: 8055 targetPort: 8055
protocol: TCP protocol: TCP
serviceMonitor: cloudflared-directus:
main: name: cloudflared-directus
selector: existingSecretName: directus-cloudflared-secret
matchLabels:
app.kubernetes.io/name: directus
app.kubernetes.io/instance: directus
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: http
interval: 30s
scrapeTimeout: 15s
path: /metrics
bearerTokenSecret:
name: directus-metric-token
key: metric-token
postgres-18-cluster: postgres-18-cluster:
mode: recovery mode: recovery
cluster:
storage:
storageClass: local-path
walStorage:
storageClass: local-path
recovery: recovery:
method: objectStore method: objectStore
objectStore: objectStore:
destinationPath: s3://postgres-backups/cl01tl/directus/directus-postgresql-18-cluster
endpointURL: http://garage-main.garage:3900
index: 1 index: 1
endpointCredentials: directus-postgresql-18-cluster-backup-secret-garage
backup: backup:
objectStore: objectStore:
- name: garage-local - name: garage-local
destinationPath: s3://postgres-backups/cl01tl/directus/directus-postgresql-18-cluster
index: 1 index: 1
destinationBucket: postgres-backups endpointURL: http://garage-main.garage:3900
externalSecretCredentialPath: /garage/home-infra/postgres-backups endpointCredentials: directus-postgresql-18-cluster-backup-secret-garage
endpointCredentialsIncludeRegion: true
retentionPolicy: "3d"
isWALArchiver: true isWALArchiver: true
# - name: garage-remote # - name: external
# destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/directus/directus-postgresql-18-cluster
# index: 1 # index: 1
# destinationBucket: postgres-backups # retentionPolicy: "30d"
# externalSecretCredentialPath: /garage/home-infra/postgres-backups # isWALArchiver: false
# retentionPolicy: "90d" # - name: garage-remote
# destinationPath: s3://postgres-backups/cl01tl/directus/directus-postgresql-18-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: directus-postgresql-18-cluster-backup-secret-garage
# retentionPolicy: "30d"
# data: # data:
# compression: bzip2 # compression: bzip2
# - name: external # jobs: 2
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 0 0 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup # - name: daily-backup
# suspend: true # suspend: false
# immediate: true # immediate: true
# schedule: "0 0 0 * * *" # schedule: "0 0 0 * * *"
# backupName: external # backupName: external
# - name: weekly-backup
# suspend: false
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
redis-replication: redis-replication:
existingSecret: existingSecret:
enabled: true enabled: true
name: directus-redis-config name: directus-redis-config
key: password key: password
redisReplication: redisReplication:
clusterSize: 1 clusterSize: 3
redisSentinel: redisSentinel:
enabled: false enabled: true
clusterSize: 3 clusterSize: 3

1
clusters/cl01tl/helm/elastic-operator/Chart.yaml
View File

@@ -18,5 +18,4 @@ dependencies:
version: 3.2.0 version: 3.2.0
repository: https://helm.elastic.co repository: https://helm.elastic.co
icon: https://helm.elastic.co/icons/eck.png icon: https://helm.elastic.co/icons/eck.png
# renovate: github=elastic/cloud-on-k8s
appVersion: v3.2.0 appVersion: v3.2.0

6
clusters/cl01tl/helm/element-web/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 1.4.26 version: 1.4.26
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.1.4 version: 1.23.2
digest: sha256:640ff55a95ff9fd12716bc76106d13189867832f905eaa393b5f67553bd8c961 digest: sha256:f9196cbede894c6da6ecedd9ae05d3f1fd0e20304eca8ca38c18334a923b2235
generated: "2025-12-17T19:05:53.062353-06:00" generated: "2025-12-07T02:54:29.895481505Z"

4
clusters/cl01tl/helm/element-web/Chart.yaml
View File

@@ -20,8 +20,8 @@ dependencies:
version: 1.4.26 version: 1.4.26
repository: https://ananace.gitlab.io/charts repository: https://ananace.gitlab.io/charts
- name: cloudflared - name: cloudflared
alias: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.1.4 version: 1.23.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png
# renovate: github=element-hq/element-web
appVersion: v1.12.6 appVersion: v1.12.6

21
clusters/cl01tl/helm/element-web/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: element-web-cloudflared-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: element-web-cloudflared-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: cf-tunnel-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/tunnels/element
metadataPolicy: None
property: token

4
clusters/cl01tl/helm/element-web/values.yaml
View File

@@ -2,7 +2,7 @@ element-web:
replicaCount: 1 replicaCount: 1
image: image:
repository: vectorim/element-web repository: vectorim/element-web
tag: v1.12.7 tag: v1.12.6
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
defaultServer: defaultServer:
url: https://matrix.alexlebens.dev url: https://matrix.alexlebens.dev
@@ -24,3 +24,5 @@ element-web:
requests: requests:
cpu: 10m cpu: 10m
memory: 128Mi memory: 128Mi
cloudflared:
existingSecretName: element-web-cloudflared-secret

6
clusters/cl01tl/helm/ephemera/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 4.5.0 version: 4.5.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.7.0 version: 0.3.0
digest: sha256:3b32ded75846bcee3e9fb892663173485da0dcd351ccc3a0337432f5d2da2e66 digest: sha256:476021b852fbbd829570bcb88309eea92bd096cb4ec79efe2d895ee0c46f1c49
generated: "2025-12-27T13:30:15.119299-06:00" generated: "2025-12-15T21:43:24.262051-06:00"

3
clusters/cl01tl/helm/ephemera/Chart.yaml
View File

@@ -21,8 +21,7 @@ dependencies:
version: 4.5.0 version: 4.5.0
- name: volsync-target - name: volsync-target
alias: volsync-target-config alias: volsync-target-config
version: 0.7.0 version: 0.3.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ephemera.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ephemera.png
# renovate: github=OrwellianEpilogue/ephemera
appVersion: 1.3.1 appVersion: 1.3.1

28
clusters/cl01tl/helm/ephemera/templates/http-route.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-ephemera
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-ephemera
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- ephemera.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: ephemera
port: 80
weight: 100

31
clusters/cl01tl/helm/ephemera/values.yaml
View File

@@ -9,7 +9,7 @@ ephemera:
main: main:
image: image:
repository: ghcr.io/orwellianepilogue/ephemera repository: ghcr.io/orwellianepilogue/ephemera
tag: 1.4.2 tag: 1.3.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: AA_BASE_URL - name: AA_BASE_URL
@@ -80,27 +80,6 @@ ephemera:
port: 80 port: 80
targetPort: 8286 targetPort: 8286
protocol: HTTP protocol: HTTP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- ephemera.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: ephemera
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence: persistence:
config: config:
forceRename: ephemera forceRename: ephemera
@@ -129,11 +108,3 @@ ephemera:
readOnly: false readOnly: false
volsync-target-config: volsync-target-config:
pvcTarget: ephemera pvcTarget: ephemera
local:
enabled: false
schedule: 16 8 * * *
remote:
enabled: false
external:
enabled: true
schedule: 16 9 * * *

1
clusters/cl01tl/helm/eraser/Chart.yaml
View File

@@ -17,5 +17,4 @@ dependencies:
version: 1.4.1 version: 1.4.1
repository: https://eraser-dev.github.io/eraser/charts repository: https://eraser-dev.github.io/eraser/charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
# renovate: github=eraser-dev/eraser
appVersion: v1.4.1 appVersion: v1.4.1

1
clusters/cl01tl/helm/external-dns/Chart.yaml
View File

@@ -19,5 +19,4 @@ dependencies:
version: 1.19.0 version: 1.19.0
repository: https://kubernetes-sigs.github.io/external-dns/ repository: https://kubernetes-sigs.github.io/external-dns/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
# renovate: github=kubernetes-sigs/external-dns
appVersion: v0.20.0 appVersion: v0.20.0

8
clusters/cl01tl/helm/external-dns/templates/dns-endpoint.yaml
View File

@@ -76,12 +76,6 @@ spec:
recordType: A recordType: A
targets: targets:
- 10.232.1.82 - 10.232.1.82
# Shelly Plug
- dnsName: it05sp.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 10.230.0.100
--- ---
apiVersion: externaldns.k8s.io/v1alpha1 apiVersion: externaldns.k8s.io/v1alpha1
@@ -151,7 +145,7 @@ spec:
targets: targets:
- 10.232.1.22 - 10.232.1.22
# Treafik Proxy # Treafik Proxy
- dnsName: plex-lb.alexlebens.net - dnsName: plex.alexlebens.net
recordTTL: 180 recordTTL: 180
recordType: A recordType: A
targets: targets:

2
clusters/cl01tl/helm/external-dns/values.yaml
View File

@@ -19,7 +19,7 @@ external-dns-unifi:
webhook: webhook:
image: image:
repository: ghcr.io/kashalls/external-dns-unifi-webhook repository: ghcr.io/kashalls/external-dns-unifi-webhook
tag: v0.8.0 tag: v0.7.0
env: env:
- name: UNIFI_HOST - name: UNIFI_HOST
value: https://192.168.1.1 value: https://192.168.1.1

6
clusters/cl01tl/helm/external-secrets/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: external-secrets - name: external-secrets
repository: https://charts.external-secrets.io repository: https://charts.external-secrets.io
version: 1.2.0 version: 1.1.1
digest: sha256:6e713c4b50c14d9daf1758d9f169d10a8c7274d2c42490846817b6fb1a3ce558 digest: sha256:d346563864c95c4ca3fe5f04f6b292e417069d171f5866b5af0fe84277481493
generated: "2025-12-20T01:04:35.136580598Z" generated: "2025-12-06T18:01:23.564488208Z"

3
clusters/cl01tl/helm/external-secrets/Chart.yaml
View File

@@ -12,8 +12,7 @@ sources:
- https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets - https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets
dependencies: dependencies:
- name: external-secrets - name: external-secrets
version: 1.2.0 version: 1.1.1
repository: https://charts.external-secrets.io repository: https://charts.external-secrets.io
icon: https://avatars.githubusercontent.com/u/68335991?s=48&v=4 icon: https://avatars.githubusercontent.com/u/68335991?s=48&v=4
# renovate: github=external-secrets/external-secrets
appVersion: v1.1.1 appVersion: v1.1.1

10
clusters/cl01tl/helm/freshrss/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 4.5.0 version: 4.5.0
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.1.4 version: 1.23.2
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.4.5 version: 7.1.1
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.7.0 version: 0.5.0
digest: sha256:401ccbb7aa034938a79cbe3a4401b24b55a7f072d3a8a2542f079baf29ca3081 digest: sha256:80a27ffb18fd1a635f16e70b90c2395f2de300ed50d072a8b87353f1ec3304cb
generated: "2025-12-27T19:45:27.260991801Z" generated: "2025-12-15T21:47:10.578165-06:00"

8
clusters/cl01tl/helm/freshrss/Chart.yaml
View File

@@ -22,16 +22,16 @@ dependencies:
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0 version: 4.5.0
- name: cloudflared - name: cloudflared
alias: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.1.4 version: 1.23.2
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.4.5 version: 7.1.1
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target - name: volsync-target
alias: volsync-target-data alias: volsync-target-data
version: 0.7.0 version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/freshrss.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/freshrss.png
# renovate: github=FreshRSS/FreshRSS
appVersion: 1.27.1 appVersion: 1.27.1

90
clusters/cl01tl/helm/freshrss/templates/external-secret.yaml
View File

@@ -70,3 +70,93 @@ spec:
key: /authentik/oidc/freshrss key: /authentik/oidc/freshrss
metadataPolicy: None metadataPolicy: None
property: crypto-key property: crypto-key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: freshrss-cloudflared-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: freshrss-cloudflared-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: cf-tunnel-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/tunnels/freshrss
metadataPolicy: None
property: token
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: freshrss-postgresql-18-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: freshrss-postgresql-18-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: access
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: freshrss-postgresql-18-cluster-backup-secret-garage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: freshrss-postgresql-18-cluster-backup-secret-garage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY
- secretKey: ACCESS_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_REGION

64
clusters/cl01tl/helm/freshrss/values.yaml
View File

@@ -11,7 +11,7 @@ freshrss:
runAsUser: 0 runAsUser: 0
image: image:
repository: alpine repository: alpine
tag: 3.23.2 tag: 3.23.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
command: command:
- /bin/sh - /bin/sh
@@ -35,7 +35,7 @@ freshrss:
runAsUser: 0 runAsUser: 0
image: image:
repository: alpine repository: alpine
tag: 3.23.2 tag: 3.23.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
command: command:
- /bin/sh - /bin/sh
@@ -59,7 +59,7 @@ freshrss:
runAsUser: 0 runAsUser: 0
image: image:
repository: alpine repository: alpine
tag: 3.23.2 tag: 3.23.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
command: command:
- /bin/sh - /bin/sh
@@ -80,7 +80,7 @@ freshrss:
main: main:
image: image:
repository: freshrss/freshrss repository: freshrss/freshrss
tag: 1.28.0 tag: 1.27.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: PGID - name: PGID
@@ -192,48 +192,62 @@ freshrss:
main: main:
- path: /var/www/FreshRSS/extensions - path: /var/www/FreshRSS/extensions
readOnly: false readOnly: false
cloudflared:
existingSecretName: freshrss-cloudflared-secret
postgres-18-cluster: postgres-18-cluster:
mode: recovery mode: recovery
cluster:
storage:
storageClass: local-path
walStorage:
storageClass: local-path
recovery: recovery:
method: objectStore method: objectStore
objectStore: objectStore:
destinationPath: s3://postgres-backups/cl01tl/freshrss/freshrss-postgresql-18-cluster
endpointURL: http://garage-main.garage:3900
index: 1 index: 1
endpointCredentials: freshrss-postgresql-18-cluster-backup-secret-garage
backup: backup:
objectStore: objectStore:
- name: garage-local - name: garage-local
destinationPath: s3://postgres-backups/cl01tl/freshrss/freshrss-postgresql-18-cluster
index: 1 index: 1
destinationBucket: postgres-backups endpointURL: http://garage-main.garage:3900
externalSecretCredentialPath: /garage/home-infra/postgres-backups endpointCredentials: freshrss-postgresql-18-cluster-backup-secret-garage
endpointCredentialsIncludeRegion: true
retentionPolicy: "3d"
isWALArchiver: true isWALArchiver: true
# - name: garage-remote # - name: external
# destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/freshrss/freshrss-postgresql-18-cluster
# index: 1 # index: 1
# destinationBucket: postgres-backups # retentionPolicy: "30d"
# externalSecretCredentialPath: /garage/home-infra/postgres-backups # isWALArchiver: false
# retentionPolicy: "90d" # - name: garage-remote
# destinationPath: s3://postgres-backups/cl01tl/freshrss/freshrss-postgresql-18-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: freshrss-postgresql-18-cluster-backup-secret-garage
# retentionPolicy: "30d"
# data: # data:
# compression: bzip2 # compression: bzip2
# - name: external # jobs: 2
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 0 0 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local
# - name: daily-backup
# suspend: false
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
# - name: weekly-backup # - name: weekly-backup
# suspend: true # suspend: true
# immediate: true # immediate: true
# schedule: "0 0 4 * * SAT" # schedule: "0 0 4 * * SAT"
# backupName: garage-remote # backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-data: volsync-target-data:
pvcTarget: freshrss-data pvcTarget: freshrss-data
moverSecurityContext: moverSecurityContext:
@@ -246,11 +260,3 @@ volsync-target-data:
- 100 - 100
- 109 - 109
- 65539 - 65539
local:
enabled: false
schedule: 18 8 * * *
remote:
enabled: false
external:
enabled: true
schedule: 18 9 * * *

7
clusters/cl01tl/helm/garage/Chart.lock
View File

@@ -2,5 +2,8 @@ dependencies:
- name: app-template - name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0 version: 4.5.0
digest: sha256:36e920ce6efee3b33b40641652f814c888ae3c50272895ef286fb8236a010924 - name: volsync-target
generated: "2025-12-27T16:57:42.31991-06:00" repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:3d3469c5177b9501cbb34a5faf376fbe4d9b98bd033ad51ee51487a1c2f28d4e
generated: "2025-12-15T22:10:00.495878-06:00"

5
clusters/cl01tl/helm/garage/Chart.yaml
View File

@@ -18,6 +18,9 @@ dependencies:
alias: garage alias: garage
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0 version: 4.5.0
- name: volsync-target
alias: volsync-target-db
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
# renovate: github=deuxfleurs-org/garage
appVersion: v2.1.0 appVersion: v2.1.0

58
clusters/cl01tl/helm/garage/templates/http-route.yaml Normal file
View File

@@ -0,0 +1,58 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-garage-webui
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-garage-webui
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- garage-webui.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: garage-webui
port: 3909
weight: 100
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-garage-s3
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-garage-s3
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- garage-s3.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: garage-main
port: 3900
weight: 100

22
clusters/cl01tl/helm/garage/templates/service-monitor.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: garage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: garage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: garage
app.kubernetes.io/instance: {{ .Release.Name }}
endpoints:
- port: admin
interval: 1m
scrapeTimeout: 30s
path: /metrics
bearerTokenSecret:
name: garage-token-secret
key: GARAGE_METRICS_TOKEN

372
clusters/cl01tl/helm/garage/values.yaml
View File

@@ -1,97 +1,10 @@
garage: garage:
controllers: controllers:
server-1: main:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3 revisionHistoryLimit: 3
pod:
labels:
garage-type: server
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: garage-type
operator: In
values:
- server
topologyKey: kubernetes.io/hostname
containers:
main:
image:
repository: dxflrs/garage
tag: v2.1.0
pullPolicy: IfNotPresent
envFrom:
- secretRef:
name: garage-token-secret
resources:
requests:
cpu: 10m
memory: 128Mi
debug:
image:
repository: ubuntu
tag: resolute-20251208
pullPolicy: IfNotPresent
command:
- "sleep"
- "infinity"
resources:
requests:
cpu: 10m
memory: 32Mi
server-2:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
labels:
garage-type: server
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: garage-type
operator: In
values:
- server
topologyKey: kubernetes.io/hostname
containers:
main:
image:
repository: dxflrs/garage
tag: v2.1.0
pullPolicy: IfNotPresent
envFrom:
- secretRef:
name: garage-token-secret
resources:
requests:
cpu: 10m
memory: 128Mi
server-3:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
labels:
garage-type: server
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: garage-type
operator: In
values:
- server
topologyKey: kubernetes.io/hostname
containers: containers:
main: main:
image: image:
@@ -134,8 +47,8 @@ garage:
config: config:
enabled: true enabled: true
data: data:
garage-1.toml: | garage.toml: |
replication_factor = 3 replication_factor = 1
metadata_dir = "/var/lib/garage/meta" metadata_dir = "/var/lib/garage/meta"
data_dir = "/var/lib/garage/data" data_dir = "/var/lib/garage/data"
@@ -148,67 +61,7 @@ garage:
compression_level = 3 compression_level = 3
rpc_bind_addr = "[::]:3901" rpc_bind_addr = "[::]:3901"
rpc_public_addr = "garage-1:3901" rpc_public_addr = "127.0.0.1:3901"
allow_world_readable_secrets = false
[s3_api]
s3_region = "us-east-1"
api_bind_addr = "[::]:3900"
root_domain = ".garage-s3.alexlebens.net"
[s3_web]
bind_addr = "[::]:3902"
root_domain = ".garage-s3.alexlebens.net"
[admin]
api_bind_addr = "[::]:3903"
metrics_require_token = true
garage-2.toml: |
replication_factor = 3
metadata_dir = "/var/lib/garage/meta"
data_dir = "/var/lib/garage/data"
metadata_snapshots_dir = "/var/lib/garage/snapshots"
db_engine = "lmdb"
metadata_auto_snapshot_interval = "6h"
compression_level = 3
rpc_bind_addr = "[::]:3901"
rpc_public_addr = "garage-2:3901"
allow_world_readable_secrets = false
[s3_api]
s3_region = "us-east-1"
api_bind_addr = "[::]:3900"
root_domain = ".garage-s3.alexlebens.net"
[s3_web]
bind_addr = "[::]:3902"
root_domain = ".garage-s3.alexlebens.net"
[admin]
api_bind_addr = "[::]:3903"
metrics_require_token = true
garage-3.toml: |
replication_factor = 3
metadata_dir = "/var/lib/garage/meta"
data_dir = "/var/lib/garage/data"
metadata_snapshots_dir = "/var/lib/garage/snapshots"
db_engine = "lmdb"
metadata_auto_snapshot_interval = "6h"
compression_level = 3
rpc_bind_addr = "[::]:3901"
rpc_public_addr = "garage-3:3901"
allow_world_readable_secrets = false allow_world_readable_secrets = false
@@ -225,69 +78,8 @@ garage:
api_bind_addr = "[::]:3903" api_bind_addr = "[::]:3903"
metrics_require_token = true metrics_require_token = true
service: service:
garage-main: main:
forceRename: garage-main controller: main
controller: server-2
ports:
s3:
port: 3900
targetPort: 3900
protocol: HTTP
rpc:
port: 3901
targetPort: 3901
protocol: HTTP
web:
port: 3902
targetPort: 3902
protocol : HTTP
admin:
port: 3903
targetPort: 3903
protocol: HTTP
server-1:
forceRename: garage-1
controller: server-1
ports:
s3:
port: 3900
targetPort: 3900
protocol: HTTP
rpc:
port: 3901
targetPort: 3901
protocol: HTTP
web:
port: 3902
targetPort: 3902
protocol: HTTP
admin:
port: 3903
targetPort: 3903
protocol: HTTP
server-2:
forceRename: garage-2
controller: server-2
ports:
s3:
port: 3900
targetPort: 3900
protocol: HTTP
rpc:
port: 3901
targetPort: 3901
protocol: HTTP
web:
port: 3902
targetPort: 3902
protocol: HTTP
admin:
port: 3903
targetPort: 3903
protocol: HTTP
server-3:
forceRename: garage-3
controller: server-3
ports: ports:
s3: s3:
port: 3900 port: 3900
@@ -312,177 +104,61 @@ garage:
port: 3909 port: 3909
targetPort: 3909 targetPort: 3909
protocol: HTTP protocol: HTTP
serviceMonitor:
main:
selector:
matchLabels:
app.kubernetes.io/name: garage
app.kubernetes.io/instance: garage
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: admin
interval: 1m
scrapeTimeout: 30s
path: /metrics
bearerTokenSecret:
name: garage-token-secret
key: GARAGE_METRICS_TOKEN
route:
webui:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- garage-webui.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: garage-webui
port: 3909
weight: 100
matches:
- path:
type: PathPrefix
value: /
s3:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- garage-s3.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: garage-main
port: 3900
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence: persistence:
config: config:
enabled: true enabled: true
type: configMap type: configMap
name: garage name: garage
advancedMounts: advancedMounts:
server-1: main:
main: main:
- path: /etc/garage.toml - path: /etc/garage.toml
readOnly: true readOnly: true
mountPropagation: None mountPropagation: None
subPath: garage-1.toml subPath: garage.toml
debug:
- path: /etc/garage.toml
readOnly: true
mountPropagation: None
subPath: garage-1.toml
server-2:
main:
- path: /etc/garage.toml
readOnly: true
mountPropagation: None
subPath: garage-2.toml
server-3:
main:
- path: /etc/garage.toml
readOnly: true
mountPropagation: None
subPath: garage-3.toml
webui: webui:
main: main:
- path: /etc/garage.toml - path: /etc/garage.toml
readOnly: true readOnly: true
mountPropagation: None mountPropagation: None
subPath: garage-1.toml subPath: garage.toml
# db-1: db:
# forceRename: garage-db-1 forceRename: garage-db
# storageClass: ceph-block
# accessMode: ReadWriteOnce
# size: 50Gi
# retain: true
# advancedMounts:
# server-1:
# main:
# - path: /var/lib/garage/meta
# readOnly: false
# debug:
# - path: /var/lib/garage/meta
# readOnly: false
db-2:
forceRename: garage-db-2
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 50Gi size: 50Gi
retain: true retain: true
advancedMounts: advancedMounts:
server-2: main:
main: main:
- path: /var/lib/garage/meta - path: /var/lib/garage/meta
readOnly: false readOnly: false
db-3: data:
forceRename: garage-db-3
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 50Gi
retain: true
advancedMounts:
server-3:
main:
- path: /var/lib/garage/meta
readOnly: false
data-1:
forceRename: garage-data
storageClass: synology-iscsi-delete storageClass: synology-iscsi-delete
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 800Gi size: 800Gi
retain: true retain: true
advancedMounts: advancedMounts:
server-1: main:
main:
- path: /var/lib/garage/data
readOnly: false
debug:
- path: /var/lib/garage/data
readOnly: false
data-2:
forceRename: garage-data-2
storageClass: synology-iscsi-delete
accessMode: ReadWriteOnce
size: 800Gi
retain: true
advancedMounts:
server-2:
main:
- path: /var/lib/garage/data
readOnly: false
data-3:
forceRename: garage-data-3
storageClass: synology-iscsi-delete
accessMode: ReadWriteOnce
size: 800Gi
retain: true
advancedMounts:
server-3:
main: main:
- path: /var/lib/garage/data - path: /var/lib/garage/data
readOnly: false readOnly: false
snapshots: snapshots:
forceRename: garage-snapshots
storageClass: synology-iscsi-delete storageClass: synology-iscsi-delete
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 50Gi size: 50Gi
retain: true retain: true
advancedMounts: advancedMounts:
server-1: main:
main: main:
- path: /var/lib/garage/snapshots - path: /var/lib/garage/snapshots
readOnly: false readOnly: false
volsync-target-db:
pvcTarget: garage-db
local:
enabled: false
remote:
restic:
cacheCapacity: 10Gi
external:
enabled: false

8
clusters/cl01tl/helm/gatus/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 1.4.4 version: 1.4.4
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.4.5 version: 7.1.1
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.7.0 version: 0.5.0
digest: sha256:ee32795b47519463ec6d1219bf4ec16784b1c42d98ae8a330e9650200d11c033 digest: sha256:367bfee3e6811bfd4591cf76f09a419f312007d797b83311e76c8d01318e73fe
generated: "2025-12-27T19:45:37.106953505Z" generated: "2025-12-15T22:11:48.014486-06:00"

5
clusters/cl01tl/helm/gatus/Chart.yaml
View File

@@ -22,12 +22,11 @@ dependencies:
version: 1.4.4 version: 1.4.4
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.4.5 version: 7.1.1
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target - name: volsync-target
alias: volsync-target-data alias: volsync-target-data
version: 0.7.0 version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/gatus.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/gatus.png
# renovate: github=TwiN/gatus
appVersion: v5.33.0 appVersion: v5.33.0

67
clusters/cl01tl/helm/gatus/templates/external-secret.yaml
View File

@@ -49,3 +49,70 @@ spec:
key: /authentik/oidc/gatus key: /authentik/oidc/gatus
metadataPolicy: None metadataPolicy: None
property: secret property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: gatus-postgresql-18-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: gatus-postgresql-18-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: access
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: gatus-postgresql-18-cluster-backup-secret-garage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: gatus-postgresql-18-cluster-backup-secret-garage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY
- secretKey: ACCESS_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_REGION

4
clusters/cl01tl/helm/gatus/templates/http-route.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: gateway.networking.k8s.io/v1 apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute kind: HTTPRoute
metadata: metadata:
name: gatus name: http-route-gatus
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: gatus app.kubernetes.io/name: http-route-gatus
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:

Some files were not shown because too many files have changed in this diff Show More