alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Activity

Compare commits

base: alexlebens:main
Branches Tags
alexlebens:main alexlebens:renovate/cilium-1.x alexlebens:manifests alexlebens:renovate/unified-grafanaloki alexlebens:renovate/headlamp-0.x
..
compare: alexlebens:416e2595b7f965e07a93aa3df1ea5838530c6091
Branches Tags
alexlebens:renovate/cilium-1.x alexlebens:manifests alexlebens:main alexlebens:renovate/unified-grafanaloki alexlebens:renovate/headlamp-0.x

1 Commits
main ... 416e2595b7

Author SHA1 Message Date
Renovate Bot
416e2595b7 chore(deps): update dependency cilium/cilium to v1.19.0
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 17s
Details
render-manifests-automerge / render-manifests-automerge (pull_request) Has been skipped
Details
render-manifests-merge / render-manifests-merge (pull_request) Successful in 29s
Details
2026-02-05 03:57:35 +00:00
59 changed files with 140 additions and 550 deletions
Expand all files Collapse all files

6
clusters/cl01tl/helm/argocd/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: argo-cd
repository: https://argoproj.github.io/argo-helm
version: 9.4.1
digest: sha256:6686031538b67a4b79a89b90de06199758c4718a9b7e0a0e6863a5be8964ed9d
generated: "2026-02-05T20:06:46.998124019Z"
version: 9.4.0
digest: sha256:9313d45f1c8c22f25b445b10c3befde61bc7d6e3d9c7f49d857c0abf641b1636
generated: "2026-02-02T23:52:13.741194572Z"

2
clusters/cl01tl/helm/argocd/Chart.yaml
View File

@@ -15,7 +15,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: argo-cd
version: 9.4.1
version: 9.4.0
repository: https://argoproj.github.io/argo-helm
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-cd

3
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -124,7 +124,7 @@ blocky:
home IN CNAME traefik-cl01tl
home-assistant IN CNAME traefik-cl01tl
home-assistant-code-server IN CNAME traefik-cl01tl
hubble IN CNAME traefik-cl01tl
hubble IN CNAME cilium-cl01tl
huntarr IN CNAME traefik-cl01tl
immich IN CNAME traefik-cl01tl
jellyfin IN CNAME traefik-cl01tl
@@ -157,7 +157,6 @@ blocky:
sonarr IN CNAME traefik-cl01tl
sonarr-4k IN CNAME traefik-cl01tl
sonarr-anime IN CNAME traefik-cl01tl
spotisub IN CNAME traefik-cl01tl
stalwart IN CNAME traefik-cl01tl
tdarr IN CNAME traefik-cl01tl
tubearchivist IN CNAME traefik-cl01tl

2
clusters/cl01tl/helm/cilium/Chart.lock
View File

@@ -3,4 +3,4 @@ dependencies:
repository: https://helm.cilium.io/
version: 1.18.6
digest: sha256:8ea328ac238524b5b423e6289f5e25d05ef64e6aa19cfd5de238f1d5dd533e9b
generated: "2026-02-05T12:00:20.15778-06:00"
generated: "2026-01-14T11:02:31.272963463Z"

9
clusters/cl01tl/helm/cilium/templates/cilium-l2-announcement-policy.yaml
View File

@@ -1,16 +1,17 @@
# apiVersion: "cilium.io/v2alpha1"
# kind: CiliumL2AnnouncementPolicy
# metadata:
# name: node-gateway-l2-policy
# name: general-l2-policy
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: node-gateway-l2-policy
# app.kubernetes.io/name: general-l2-policy
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# nodeSelector:
# matchLabels:
# kubernetes.io/hostname: talos-ix7-xku
# matchExpressions:
# - key: kubernetes.io/hostname
# operator: Exists
# interfaces:
# - end0
# - enp6s0

91
clusters/cl01tl/helm/cilium/templates/gateway.yaml
View File

@@ -1,46 +1,45 @@
# apiVersion: gateway.networking.k8s.io/v1
# kind: Gateway
# metadata:
# name: cilium-tls-gateway
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: cilium-tls-gateway
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }}
# annotations:
# cert-manager.io/cluster-issuer: letsencrypt-issuer
# io.cilium/lb-ipam-ips: "10.232.1.23"
# spec:
# addresses:
# - type: IPAddress
# value: 10.232.1.23
# gatewayClassName: cilium
# listeners:
# - allowedRoutes:
# namespaces:
# from: All
# hostname: '*.alexlebens.net'
# name: https
# port: 443
# protocol: HTTPS
# tls:
# certificateRefs:
# - group: ''
# kind: Secret
# name: https-gateway-cert
# namespace: kube-system
# mode: Terminate
# - allowedRoutes:
# namespaces:
# from: All
# hostname: 'alexlebens.net'
# name: https-domain
# port: 443
# protocol: HTTPS
# tls:
# certificateRefs:
# - group: ''
# kind: Secret
# name: https-gateway-cert
# namespace: kube-system
# mode: Terminate
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: cilium-tls-gateway
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: cilium-tls-gateway
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
annotations:
cert-manager.io/cluster-issuer: letsencrypt-issuer
spec:
addresses:
- type: IPAddress
value: 10.232.1.23
gatewayClassName: cilium
listeners:
- allowedRoutes:
namespaces:
from: All
hostname: '*.alexlebens.net'
name: https
port: 443
protocol: HTTPS
tls:
certificateRefs:
- group: ''
kind: Secret
name: https-gateway-cert
namespace: kube-system
mode: Terminate
- allowedRoutes:
namespaces:
from: All
hostname: 'alexlebens.net'
name: https-domain
port: 443
protocol: HTTPS
tls:
certificateRefs:
- group: ''
kind: Secret
name: https-gateway-cert
namespace: kube-system
mode: Terminate

4
clusters/cl01tl/helm/cilium/templates/http-route.yaml
View File

@@ -11,8 +11,8 @@ spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
name: cilium-tls-gateway
namespace: kube-system
hostnames:
- hubble.alexlebens.net
rules:

2
clusters/cl01tl/helm/cilium/values.yaml
View File

@@ -35,8 +35,6 @@ cilium:
enabled: true
routerIDAllocation:
mode: "default"
bpf:
hostLegacyRouting: true
devices: end0 enp6s0
enableK8sEndpointSlice: true
ciliumEndpointSlice:

6
clusters/cl01tl/helm/cloudnative-pg/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies:
- name: cloudnative-pg
repository: https://cloudnative-pg.io/charts/
version: 0.27.1
version: 0.27.0
- name: plugin-barman-cloud
repository: https://cloudnative-pg.io/charts/
version: 0.5.0
digest: sha256:e7089ffd089cae87529e28f0e71302b9fc4a869b389cbb6628f1c559644a3a10
generated: "2026-02-05T19:36:19.473447121Z"
digest: sha256:960d00c93523c5669d0f200d440ffa1009eb1c37629485bf7de320ee3a41fd8f
generated: "2026-02-04T19:02:19.528616588Z"

4
clusters/cl01tl/helm/cloudnative-pg/Chart.yaml
View File

@@ -16,11 +16,11 @@ maintainers:
- name: alexlebens
dependencies:
- name: cloudnative-pg
version: 0.27.1
version: 0.27.0
repository: https://cloudnative-pg.io/charts/
- name: plugin-barman-cloud
version: 0.5.0
repository: https://cloudnative-pg.io/charts/
icon: https://avatars.githubusercontent.com/u/100373852?s=200&v=4
# renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg
appVersion: 1.28.1
appVersion: 1.28.0

2
clusters/cl01tl/helm/directus/Chart.yaml
View File

@@ -33,4 +33,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
# renovate: datasource=github-releases depName=directus/directus
appVersion: 11.15.0
appVersion: 11.14.1

2
clusters/cl01tl/helm/directus/values.yaml
View File

@@ -9,7 +9,7 @@ directus:
main:
image:
repository: directus/directus
tag: 11.15.0
tag: 11.14.1
pullPolicy: IfNotPresent
env:
- name: PUBLIC_URL

6
clusters/cl01tl/helm/external-secrets/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: external-secrets
repository: https://charts.external-secrets.io
version: 2.0.0
digest: sha256:3833a9f099d80f50e8a7c9874138b9eba42c18fe5f5f5dc605031f7c44bd3971
generated: "2026-02-06T15:40:39.917039721Z"
version: 1.3.2
digest: sha256:7b7c6dee59f2ea630f0e7a1124aeeda52cdff23769136300384b28210e03945a
generated: "2026-02-03T21:41:32.061135319Z"

4
clusters/cl01tl/helm/external-secrets/Chart.yaml
View File

@@ -12,8 +12,8 @@ sources:
- https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets
dependencies:
- name: external-secrets
version: 2.0.0
version: 1.3.2
repository: https://charts.external-secrets.io
icon: https://avatars.githubusercontent.com/u/68335991?s=48&v=4
# renovate: datasource=github-releases depName=external-secrets/external-secrets
appVersion: v2.0.0
appVersion: v1.3.2

4
clusters/cl01tl/helm/freshrss/values.yaml
View File

@@ -88,7 +88,7 @@ freshrss:
- name: PUID
value: "568"
- name: TZ
value: America/Chicago
value: US/Central
- name: FRESHRSS_ENV
value: production
- name: CRON_MIN
@@ -201,7 +201,7 @@ postgres-18-cluster:
backup:
objectStore:
- name: garage-local
index: 2
index: 1
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true

3
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -310,9 +310,6 @@ gatus:
- name: lidarr
url: https://lidarr.alexlebens.net
<<: *defaults
- name: spotisub
url: https://spotisub.alexlebens.net
<<: *defaults
- name: yubal-playlist
url: https://yubal-playlist.alexlebens.net
<<: *defaults

2
clusters/cl01tl/helm/harbor/values.yaml
View File

@@ -105,7 +105,7 @@ postgres-18-cluster:
backup:
objectStore:
- name: garage-local
index: 2
index: 1
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true

6
clusters/cl01tl/helm/headlamp/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: headlamp
repository: https://kubernetes-sigs.github.io/headlamp/
version: 0.40.0
digest: sha256:b7f8f176f8c4902130e87660adb39211fd5ca454f89f5a7e9ed577cd4c3a2255
generated: "2026-02-05T18:23:45.100522813Z"
version: 0.39.0
digest: sha256:870e456773199684c150585c12c2e18b3f0895ee8cc73481a53b23c8e94560b1
generated: "2025-12-20T00:03:40.10414707Z"

4
clusters/cl01tl/helm/headlamp/Chart.yaml
View File

@@ -14,8 +14,8 @@ maintainers:
- name: alexlebens
dependencies:
- name: headlamp
version: 0.40.0
version: 0.39.0
repository: https://kubernetes-sigs.github.io/headlamp/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/headlamp.png
# renovate: datasource=github-releases depName=headlamp-k8s/headlamp
appVersion: v0.40.0
appVersion: v0.39.0

2
clusters/cl01tl/helm/homepage-dev/Chart.yaml
View File

@@ -24,4 +24,4 @@ dependencies:
version: 2.2.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/homepage.png
# renovate: datasource=github-releases depName=gethomepage/homepage
appVersion: v1.10.1
appVersion: v1.9.0

2
clusters/cl01tl/helm/homepage-dev/values.yaml
View File

@@ -11,7 +11,7 @@ homepage:
main:
image:
repository: ghcr.io/gethomepage/homepage
tag: v1.10.1
tag: v1.9.0
pullPolicy: IfNotPresent
env:
- name: HOMEPAGE_ALLOWED_HOSTS

2
clusters/cl01tl/helm/homepage/Chart.yaml
View File

@@ -19,4 +19,4 @@ dependencies:
version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/homepage.png
# renovate: datasource=github-releases depName=gethomepage/homepage
appVersion: v1.10.1
appVersion: v1.9.0

8
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -15,7 +15,7 @@ homepage:
main:
image:
repository: ghcr.io/gethomepage/homepage
tag: v1.10.1
tag: v1.9.0
pullPolicy: IfNotPresent
env:
- name: HOMEPAGE_ALLOWED_HOSTS
@@ -661,12 +661,6 @@ homepage:
href: https://yubal-playlist.alexlebens.net
siteMonitor: http://yubal-playlist.yubal-playlist:80
statusStyle: dot
- Spotisub:
icon: sh-spotify.webp
description: Replicate Spotify playlist
href: https://spotisub.alexlebens.net
siteMonitor: http://spotisub.spotisub:80
statusStyle: dot
- slskd:
icon: sh-slskd.webp
description: slskd

2
clusters/cl01tl/helm/huntarr/Chart.yaml
View File

@@ -23,4 +23,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/huntarr.png
# renovate: datasource=github-releases depName=plexguide/huntarr
appVersion: 9.2.1
appVersion: 9.1.12

2
clusters/cl01tl/helm/huntarr/values.yaml
View File

@@ -9,7 +9,7 @@ huntarr:
main:
image:
repository: ghcr.io/plexguide/huntarr
tag: 9.2.1
tag: 9.1.12
pullPolicy: IfNotPresent
env:
- name: TZ

30
clusters/cl01tl/helm/komodo/templates/external-secret.yaml
View File

@@ -47,33 +47,3 @@ spec:
key: /authentik/oidc/komodo
metadataPolicy: None
property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: komodo-postgresql-17-fdb-cluster-ferret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: komodo-postgresql-17-fdb-cluster-ferret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: uri
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/komodo/ferret
metadataPolicy: None
property: uri
- secretKey: password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/komodo/ferret
metadataPolicy: None
property: password

25
clusters/cl01tl/helm/komodo/values.yaml
View File

@@ -53,11 +53,14 @@ komodo:
- name: PERIPHERY_SSL_ENABLED
value: false
- name: DB_USERNAME
value: ferret
valueFrom:
secretKeyRef:
name: komodo-postgresql-17-fdb-cluster-app
key: user
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: komodo-postgresql-17-fdb-cluster-ferret
name: komodo-postgresql-17-fdb-cluster-app
key: password
- name: KOMODO_DATABASE_URI
value: mongodb://$(DB_USERNAME):$(DB_PASSWORD)@komodo-ferretdb-2.komodo:27017/komodo
@@ -95,15 +98,11 @@ komodo:
tag: 2.7.0
pullPolicy: IfNotPresent
env:
- name: DB_USERNAME
value: ferret
- name: DB_PASSWORD
- name: FERRETDB_POSTGRESQL_URL
valueFrom:
secretKeyRef:
name: komodo-postgresql-17-fdb-cluster-ferret
key: password
- name: FERRETDB_POSTGRESQL_URL
value: postgresql://$(DB_USERNAME):$(DB_PASSWORD)@komodo-postgresql-17-fdb-cluster-rw.komodo.svc.cluster.local:5432/ferretDB
name: komodo-postgresql-17-fdb-cluster-app
key: uri
resources:
requests:
cpu: 10m
@@ -199,9 +198,9 @@ postgresql-17-fdb-cluster:
database: ferretDB
owner: ferret
postInitApplicationSQL:
- CREATE EXTENSION IF NOT EXISTS pg_cron;
- CREATE EXTENSION IF NOT EXISTS documentdb CASCADE;
- GRANT documentdb_admin_role TO ferret;
- create extension if not exists pg_cron;
- create extension if not exists documentdb cascade;
- grant documentdb_admin_role to ferret;
recovery:
method: objectStore
objectStore:
@@ -209,7 +208,7 @@ postgresql-17-fdb-cluster:
backup:
objectStore:
- name: garage-local
index: 2
index: 1
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true

2
clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
View File

@@ -31,4 +31,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png
# renovate: datasource=github-releases depName=prometheus-operator/prometheus-operator
appVersion: v0.89.0
appVersion: v0.88.1

8
clusters/cl01tl/helm/loki/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies:
- name: loki
repository: https://grafana.github.io/helm-charts
version: 6.52.0
version: 6.51.0
- name: alloy
repository: https://grafana.github.io/helm-charts
version: 1.6.0
digest: sha256:097f893b362b3ba6a1498d6df00dc57030c4d1321cf3301268adb9e30d5043ed
generated: "2026-02-05T22:01:50.699662067Z"
version: 1.5.3
digest: sha256:88c8067aa21d8dd0e994e9ab7ff39eed17bdd993eea853721fd42aedb4bec400
generated: "2026-02-02T17:28:04.623156-06:00"

4
clusters/cl01tl/helm/loki/Chart.yaml
View File

@@ -16,10 +16,10 @@ maintainers:
- name: alexlebens
dependencies:
- name: loki
version: 6.52.0
version: 6.51.0
repository: https://grafana.github.io/helm-charts
- name: alloy
version: 1.6.0
version: 1.5.3
repository: https://grafana.github.io/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/loki.png
# renovate: datasource=github-releases depName=grafana/loki

2
clusters/cl01tl/helm/ollama/Chart.yaml
View File

@@ -31,4 +31,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png
# renovate: datasource=github-releases depName=ollama/ollama
appVersion: 0.15.5
appVersion: 0.15.4

6
clusters/cl01tl/helm/ollama/values.yaml
View File

@@ -22,7 +22,7 @@ ollama:
main:
image:
repository: ollama/ollama
tag: 0.15.5
tag: 0.15.4
pullPolicy: IfNotPresent
env:
- name: OLLAMA_KEEP_ALIVE
@@ -58,7 +58,7 @@ ollama:
main:
image:
repository: ollama/ollama
tag: 0.15.5
tag: 0.15.4
pullPolicy: IfNotPresent
env:
- name: OLLAMA_KEEP_ALIVE
@@ -94,7 +94,7 @@ ollama:
main:
image:
repository: ollama/ollama
tag: 0.15.5
tag: 0.15.4
pullPolicy: IfNotPresent
env:
- name: OLLAMA_KEEP_ALIVE

6
clusters/cl01tl/helm/prometheus-operator-crds/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: prometheus-operator-crds
repository: oci://ghcr.io/prometheus-community/charts
version: 27.0.0
digest: sha256:ab76a45fb53268d4afdad507277c244af11c50344e50a24799182bbd9757258d
generated: "2026-02-06T14:05:22.069162277Z"
version: 26.0.0
digest: sha256:fb73bc68bbf8ab128ff7fc641413ce3f004677d351038517ed68f5b39eeafb08
generated: "2026-01-09T20:11:58.398634666Z"

4
clusters/cl01tl/helm/prometheus-operator-crds/Chart.yaml
View File

@@ -15,8 +15,8 @@ maintainers:
- name: alexlebens
dependencies:
- name: prometheus-operator-crds
version: 27.0.0
version: 26.0.0
repository: oci://ghcr.io/prometheus-community/charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png
# renovate: datasource=github-releases depName=prometheus-operator/prometheus-operator
appVersion: v0.89.0
appVersion: v0.88.1

8
clusters/cl01tl/helm/rook-ceph/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies:
- name: rook-ceph
repository: https://charts.rook.io/release
version: v1.19.1
version: v1.19.0
- name: rook-ceph-cluster
repository: https://charts.rook.io/release
version: v1.19.1
version: v1.19.0
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.2.2
digest: sha256:fbb82644c29122639312301d76b2f2300f2a86eeb17159e9f368b2d46e4e6a7c
generated: "2026-02-06T03:39:57.898917443Z"
digest: sha256:edc2a4064d509365e371418609b4068674429526c0198ca1793867124bb5dcdb
generated: "2026-02-03T03:44:06.685680039Z"

6
clusters/cl01tl/helm/rook-ceph/Chart.yaml
View File

@@ -16,10 +16,10 @@ maintainers:
- name: alexlebens
dependencies:
- name: rook-ceph
version: v1.19.1
version: v1.19.0
repository: https://charts.rook.io/release
- name: rook-ceph-cluster
version: v1.19.1
version: v1.19.0
repository: https://charts.rook.io/release
- name: cloudflared
alias: cloudflared-rgw
@@ -27,4 +27,4 @@ dependencies:
version: 2.2.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ceph.png
# renovate: datasource=github-releases depName=rook/rook
appVersion: v1.19.1
appVersion: v1.19.0

4
clusters/cl01tl/helm/searxng/values.yaml
View File

@@ -9,7 +9,7 @@ searxng:
main:
image:
repository: searxng/searxng
tag: latest@sha256:670bd1076097640fc25221bf92a8af7d344503ce17ba3305abedf28e3634e807
tag: latest@sha256:8d77102a0d2c615e88c5184868dc2c32cd361413dbc104abc301f54079fd40a2
pullPolicy: IfNotPresent
env:
- name: SEARXNG_BASE_URL
@@ -39,7 +39,7 @@ searxng:
main:
image:
repository: searxng/searxng
tag: latest@sha256:670bd1076097640fc25221bf92a8af7d344503ce17ba3305abedf28e3634e807
tag: latest@sha256:8d77102a0d2c615e88c5184868dc2c32cd361413dbc104abc301f54079fd40a2
pullPolicy: IfNotPresent
env:
- name: SEARXNG_BASE_URL

2
clusters/cl01tl/helm/shelfmark/Chart.yaml
View File

@@ -23,4 +23,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/shelfmark.webp
# renovate: datasource=github-releases depName=calibrain/shelfmark
appVersion: v1.0.4
appVersion: v1.0.3

2
clusters/cl01tl/helm/shelfmark/values.yaml
View File

@@ -9,7 +9,7 @@ shelfmark:
main:
image:
repository: ghcr.io/calibrain/shelfmark
tag: v1.0.4
tag: v1.0.3
pullPolicy: IfNotPresent
env:
- name: FLASK_PORT

6
clusters/cl01tl/helm/spotisub/Chart.lock
View File

@@ -1,6 +0,0 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
digest: sha256:3b63381e4968f95ce2d99fae620f3d1ae6af295b1bacc4ed0fbe9f1ccb0e9405
generated: "2026-02-06T11:04:57.311195-06:00"

21
clusters/cl01tl/helm/spotisub/Chart.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: v2
name: spotisub
version: 1.0.0
description: Spotisub
keywords:
- spotisub
- music
- spotify
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/blastbeng/spotisub
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: spotisub
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
# renovate: datasource=github-releases depName=blastbeng/spotisub
appVersion: v0.3.6

93
clusters/cl01tl/helm/spotisub/templates/external-secret.yaml
View File

@@ -1,93 +0,0 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: spotisub-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: spotisub-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: spotify-client-id
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /spotify/andrew
metadataPolicy: None
property: client-id
- secretKey: spotify-client-secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /spotify/andrew
metadataPolicy: None
property: client-secret
- secretKey: spotify-redirect-uri
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /spotify/andrew
metadataPolicy: None
property: redirect-uri
- secretKey: subsonic-user
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/navidrome/andrew
metadataPolicy: None
property: user
- secretKey: subsonic-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/navidrome/andrew
metadataPolicy: None
property: password
- secretKey: lidarr-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/lidarr2/key
metadataPolicy: None
property: key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: spotisub-wireguard-conf
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: spotisub-wireguard-conf
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: private-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: proton-email
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: email
- secretKey: proton-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: password

11
clusters/cl01tl/helm/spotisub/templates/namespace.yaml
View File

@@ -1,11 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: spotisub
labels:
app.kubernetes.io/name: spotisub
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

17
clusters/cl01tl/helm/spotisub/templates/persistent-volume-claim.yaml
View File

@@ -1,17 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: spotisub-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: spotisub-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: spotisub-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

23
clusters/cl01tl/helm/spotisub/templates/persistent-volume.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: spotisub-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: spotisub-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Music Youtube/
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

194
clusters/cl01tl/helm/spotisub/values.yaml
View File

@@ -1,194 +0,0 @@
spotisub:
controllers:
main:
type: deployment
replicas: 0
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: blastbeng/spotisub
tag: v0.3.7
pullPolicy: IfNotPresent
env:
- name: SPOTIPY_CLIENT_ID
valueFrom:
secretKeyRef:
name: spotisub-config-secret
key: spotify-client-id
- name: SPOTIPY_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: spotisub-config-secret
key: spotify-client-secret
- name: SPOTIPY_REDIRECT_URI
valueFrom:
secretKeyRef:
name: spotisub-config-secret
key: spotify-redirect-uri
- name: SUBSONIC_API_HOST
value: http://navidrome-main.navidrome
- name: SUBSONIC_API_PORT
value: 80
- name: SUBSONIC_API_USER
valueFrom:
secretKeyRef:
name: spotisub-config-secret
key: subsonic-user
- name: SUBSONIC_API_PASS
valueFrom:
secretKeyRef:
name: spotisub-config-secret
key: subsonic-password
- name: PLAYLIST_PREFIX
value: "Spotify - "
- name: NUM_USER_PLAYLISTS
value: 0
- name: ARTIST_GEN_SCHED
value: 0
- name: RECOMEND_GEN_SCHED
value: 0
- name: SPOTDL_ENABLED
value: 1
- name: SPOTDL_OUT_FORMAT
value: "/mnt/store/Music Youtube/Andrew Lebens/{artist}/{album} ({year})/{artists} - {album} - {track-number} - {title}.{output-ext}"
- name: LIDARR_ENABLED
value: 1
- name: LIDARR_IP
value: http://lidarr.lidarr
- name: LIDARR_PORT
value: 80
- name: LIDARR_TOKEN
valueFrom:
secretKeyRef:
name: spotisub-config-secret
key: lidarr-key
probes:
liveness:
enabled: true
custom: true
spec:
exec:
command:
- /bin/sh
- -c
- "curl -s http://127.0.0.1:5183/api/v1/utils/healthcheck | grep -q 'Ok!'"
failureThreshold: 5
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 15
resources:
requests:
cpu: 10m
memory: 128Mi
gluetun:
image:
repository: ghcr.io/qdm12/gluetun
tag: v3.41.0@sha256:6b54856716d0de56e5bb00a77029b0adea57284cf5a466f23aad5979257d3045
pullPolicy: IfNotPresent
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env:
- name: VPN_SERVICE_PROVIDER
value: protonvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: spotisub-wireguard-conf
key: private-key
- name: UPDATER_PROTONVPN_EMAIL
valueFrom:
secretKeyRef:
name: spotisub-wireguard-conf
key: proton-email
- name: UPDATER_PROTONVPN_PASSWORD
valueFrom:
secretKeyRef:
name: spotisub-wireguard-conf
key: proton-password
- name: FIREWALL_OUTBOUND_SUBNETS
value: 10.0.0.0/8
- name: FIREWALL_INPUT_PORTS
value: 5183
- name: DNS_UPSTREAM_RESOLVER_TYPE
value: dot
securityContext:
privileged: True
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
probes:
liveness:
enabled: true
custom: true
spec:
exec:
command:
- /gluetun-entrypoint
- healthcheck
failureThreshold: 5
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 15
resources:
limits:
devic.es/tun: "1"
requests:
devic.es/tun: "1"
cpu: 10m
memory: 128Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 5183
protocol: HTTP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- spotisub.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: spotisub
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence:
cache:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
main:
- path: /home/user/spotisub/cache
readOnly: false
music:
existingClaim: spotisub-nfs-storage
advancedMounts:
main:
main:
- path: /mnt/store/Music Youtube/
readOnly: false

6
clusters/cl01tl/helm/tailscale-operator/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: tailscale-operator
repository: https://pkgs.tailscale.com/helmcharts
version: 1.94.1
digest: sha256:194c4f0a24b460064db0e2cda00226de0d85a764d9eaab26b1cbb337e7e9a750
generated: "2026-02-05T19:56:58.797357494Z"
version: 1.92.5
digest: sha256:75f2ca2d5932228c484b5f6b535d61786a0246c8c4d6947466d03a0c0a614ce0
generated: "2026-01-07T01:54:43.539104104Z"

2
clusters/cl01tl/helm/tailscale-operator/Chart.yaml
View File

@@ -17,7 +17,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: tailscale-operator
version: 1.94.1
version: 1.92.5
repository: https://pkgs.tailscale.com/helmcharts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tailscale-light.png
# renovate: datasource=github-releases depName=tailscale/tailscale

2
hosts/ps08rp/blocky/compose.yaml
View File

@@ -1,7 +1,7 @@
---
services:
tailscale-blocky:
image: ghcr.io/tailscale/tailscale:v1.94.1
image: ghcr.io/tailscale/tailscale:v1.92.5
container_name: tailscale-blocky
cap_add:
- net_admin

3
hosts/ps08rp/blocky/config.yml
View File

@@ -99,7 +99,7 @@ customDNS:
home IN CNAME traefik-cl01tl
home-assistant IN CNAME traefik-cl01tl
home-assistant-code-server IN CNAME traefik-cl01tl
hubble IN CNAME traefik-cl01tl
hubble IN CNAME cilium-cl01tl
huntarr IN CNAME traefik-cl01tl
immich IN CNAME traefik-cl01tl
jellyfin IN CNAME traefik-cl01tl
@@ -132,7 +132,6 @@ customDNS:
sonarr IN CNAME traefik-cl01tl
sonarr-4k IN CNAME traefik-cl01tl
sonarr-anime IN CNAME traefik-cl01tl
spotisub IN CNAME traefik-cl01tl
stalwart IN CNAME traefik-cl01tl
tdarr IN CNAME traefik-cl01tl
tubearchivist IN CNAME traefik-cl01tl

2
hosts/ps09rp/blocky/compose.yaml
View File

@@ -1,7 +1,7 @@
---
services:
tailscale-blocky:
image: ghcr.io/tailscale/tailscale:v1.94.1
image: ghcr.io/tailscale/tailscale:v1.92.5
container_name: tailscale-blocky
cap_add:
- net_admin

3
hosts/ps09rp/blocky/config.yml
View File

@@ -120,7 +120,7 @@ customDNS:
home IN CNAME traefik-cl01tl
home-assistant IN CNAME traefik-cl01tl
home-assistant-code-server IN CNAME traefik-cl01tl
hubble IN CNAME traefik-cl01tl
hubble IN CNAME cilium-cl01tl
huntarr IN CNAME traefik-cl01tl
immich IN CNAME traefik-cl01tl
jellyfin IN CNAME traefik-cl01tl
@@ -153,7 +153,6 @@ customDNS:
sonarr IN CNAME traefik-cl01tl
sonarr-4k IN CNAME traefik-cl01tl
sonarr-anime IN CNAME traefik-cl01tl
spotisub IN CNAME traefik-cl01tl
stalwart IN CNAME traefik-cl01tl
tdarr IN CNAME traefik-cl01tl
tubearchivist IN CNAME traefik-cl01tl

2
hosts/ps10rp/blocky/compose.yaml
View File

@@ -1,7 +1,7 @@
---
services:
tailscale-blocky:
image: ghcr.io/tailscale/tailscale:v1.94.1
image: ghcr.io/tailscale/tailscale:v1.92.5
container_name: tailscale-blocky
cap_add:
- net_admin

4
hosts/ps10rp/garage/compose.yaml
View File

@@ -1,6 +1,6 @@
services:
tailscale-garage:
image: ghcr.io/tailscale/tailscale:v1.94.1
image: ghcr.io/tailscale/tailscale:v1.92.5
container_name: tailscale-garage
cap_add:
- net_admin
@@ -20,7 +20,7 @@ services:
- /dev/net/tun:/dev/net/tun
tailscale-garage-ui:
image: ghcr.io/tailscale/tailscale:v1.94.1
image: ghcr.io/tailscale/tailscale:v1.92.5
container_name: tailscale-garage-ui
cap_add:
- net_admin

2
hosts/ps10rp/gitea/compose.yaml
View File

@@ -1,6 +1,6 @@
services:
tailscale-gitea:
image: ghcr.io/tailscale/tailscale:v1.94.1
image: ghcr.io/tailscale/tailscale:v1.92.5
container_name: tailscale-gitea
cap_add:
- net_admin

4
hosts/ps10rp/homepage/compose.yaml
View File

@@ -1,7 +1,7 @@
---
services:
tailscale-homepage:
image: ghcr.io/tailscale/tailscale:v1.94.1
image: ghcr.io/tailscale/tailscale:v1.92.5
container_name: tailscale-homepage
cap_add:
- net_admin
@@ -32,7 +32,7 @@ services:
- /var/run/docker.sock:/var/run/docker.sock:ro
homepage:
image: ghcr.io/gethomepage/homepage:v1.10.1
image: ghcr.io/gethomepage/homepage:v1.9.0
container_name: homepage
labels:
traefik.enable: true

2
hosts/ps10rp/node-exporter/compose.yaml
View File

@@ -1,7 +1,7 @@
---
services:
tailscale-node-exporter:
image: ghcr.io/tailscale/tailscale:v1.94.1
image: ghcr.io/tailscale/tailscale:v1.92.5
container_name: tailscale-node-exporter
cap_add:
- net_admin

2
hosts/ps10rp/tailscale-subnet/compose.yaml
View File

@@ -1,7 +1,7 @@
---
services:
tailscale:
image: ghcr.io/tailscale/tailscale:v1.94.1
image: ghcr.io/tailscale/tailscale:v1.92.5
container_name: tailscale-subnet
cap_add:
- net_admin

2
hosts/ps10rp/traefik/compose.yaml
View File

@@ -1,7 +1,7 @@
---
services:
tailscale-traefik:
image: ghcr.io/tailscale/tailscale:v1.94.1
image: ghcr.io/tailscale/tailscale:v1.92.5
container_name: tailscale-traefik
cap_add:
- net_admin